diff options
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/blocks.php | 4 | ||||
| -rw-r--r-- | mod/bookmarks.php | 11 | ||||
| -rwxr-xr-x | mod/cal.php | 5 | ||||
| -rw-r--r-- | mod/channel.php | 17 | ||||
| -rw-r--r-- | mod/chat.php | 6 | ||||
| -rw-r--r-- | mod/display.php | 5 | ||||
| -rw-r--r-- | mod/editblock.php | 4 | ||||
| -rw-r--r-- | mod/editlayout.php | 3 | ||||
| -rw-r--r-- | mod/editpost.php | 4 | ||||
| -rw-r--r-- | mod/editwebpage.php | 5 | ||||
| -rw-r--r-- | mod/getfile.php | 97 | ||||
| -rw-r--r-- | mod/help.php | 14 | ||||
| -rw-r--r-- | mod/import.php | 9 | ||||
| -rw-r--r-- | mod/layouts.php | 3 | ||||
| -rw-r--r-- | mod/network.php | 5 | ||||
| -rw-r--r-- | mod/notes.php | 12 | ||||
| -rw-r--r-- | mod/photos.php | 71 | ||||
| -rw-r--r-- | mod/wall_attach.php | 17 | ||||
| -rw-r--r-- | mod/webpages.php | 4 |
19 files changed, 230 insertions, 66 deletions
diff --git a/mod/blocks.php b/mod/blocks.php index 96005e9a3..3c9274991 100644 --- a/mod/blocks.php +++ b/mod/blocks.php @@ -95,7 +95,9 @@ function blocks_content(&$a) { 'ptlabel' => t('Block Name'), 'profile_uid' => intval($owner), 'expanded' => true, - 'novoting' => true + 'novoting' => true, + 'bbco_autocomplete' => 'bbcode', + 'bbcode' => true ); if($_REQUEST['title']) diff --git a/mod/bookmarks.php b/mod/bookmarks.php index 02fe2f2e1..5c48ce5a9 100644 --- a/mod/bookmarks.php +++ b/mod/bookmarks.php @@ -4,6 +4,8 @@ function bookmarks_init(&$a) { if(! local_channel()) return; $item_id = intval($_REQUEST['item']); + $burl = trim($_REQUEST['burl']); + if(! $item_id) return; @@ -36,7 +38,14 @@ function bookmarks_init(&$a) { killme(); } foreach($terms as $t) { - bookmark_add($u,$s[0],$t,$item['item_private']); + if($burl) { + if($burl == $t['url']) { + bookmark_add($u,$s[0],$t,$item['item_private']); + } + } + else + bookmark_add($u,$s[0],$t,$item['item_private']); + info( t('Bookmark added') . EOL); } } diff --git a/mod/cal.php b/mod/cal.php index b58f3a1f1..56d65d3f2 100755 --- a/mod/cal.php +++ b/mod/cal.php @@ -45,6 +45,11 @@ function cal_init(&$a) { function cal_content(&$a) { + if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) { + return; + } + + $channel = null; if(argc() > 1) { diff --git a/mod/channel.php b/mod/channel.php index 88c420366..2ef911bbb 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -124,15 +124,18 @@ function channel_content(&$a, $update = 0, $load = false) { $x = array( 'is_owner' => $is_owner, - 'allow_location' => ((($is_owner || $observer) && (intval(get_pconfig(App::$profile['profile_uid'],'system','use_browser_location')))) ? true : false), - 'default_location' => (($is_owner) ? App::$profile['channel_location'] : ''), - 'nickname' => App::$profile['channel_address'], - 'lockstate' => (((strlen(App::$profile['channel_allow_cid'])) || (strlen(App::$profile['channel_allow_gid'])) || (strlen(App::$profile['channel_deny_cid'])) || (strlen(App::$profile['channel_deny_gid']))) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel_acl,true,((App::$profile['channel_r_stream'] & PERMS_PUBLIC) ? t('Public') : '')) : ''), + 'allow_location' => ((($is_owner || $observer) && (intval(get_pconfig(App::$profile['profile_uid'],'system','use_browser_location')))) ? true : false), + 'default_location' => (($is_owner) ? App::$profile['channel_location'] : ''), + 'nickname' => App::$profile['channel_address'], + 'lockstate' => (((strlen(App::$profile['channel_allow_cid'])) || (strlen(App::$profile['channel_allow_gid'])) || (strlen(App::$profile['channel_deny_cid'])) || (strlen(App::$profile['channel_deny_gid']))) ? 'lock' : 'unlock'), + 'acl' => (($is_owner) ? populate_acl($channel_acl,true,((App::$profile['channel_r_stream'] & PERMS_PUBLIC) ? t('Public') : '')) : ''), 'showacl' => (($is_owner) ? 'yes' : ''), - 'bang' => '', + 'bang' => '', 'visitor' => (($is_owner || $observer) ? true : false), - 'profile_uid' => App::$profile['profile_uid'] + 'profile_uid' => App::$profile['profile_uid'], + 'editor_autocomplete' => true, + 'bbco_autocomplete' => 'bbcode', + 'bbcode' => true ); $o .= status_editor($a,$x); diff --git a/mod/chat.php b/mod/chat.php index 75c364008..375d069be 100644 --- a/mod/chat.php +++ b/mod/chat.php @@ -208,6 +208,12 @@ function chat_content(&$a) { $o = profile_tabs($a,((local_channel() && local_channel() == App::$profile['profile_uid']) ? true : false),App::$profile['channel_address']); + if(! feature_enabled(App::$profile['profile_uid'],'ajaxchat')) { + notice( t('Feature disabled.') . EOL); + return $o; + } + + $acl = new Zotlabs\Access\AccessList($channel); $channel_acl = $acl->get(); diff --git a/mod/display.php b/mod/display.php index e4a6a0e66..ef140d454 100644 --- a/mod/display.php +++ b/mod/display.php @@ -65,7 +65,10 @@ function display_content(&$a, $update = 0, $load = false) { 'visitor' => true, 'profile_uid' => local_channel(), 'return_path' => 'channel/' . $channel['channel_address'], - 'expanded' => true + 'expanded' => true, + 'editor_autocomplete' => true, + 'bbco_autocomplete' => 'bbcode', + 'bbcode' => true ); $o = '<div id="jot-popup">'; diff --git a/mod/editblock.php b/mod/editblock.php index 35922e483..214c495dd 100644 --- a/mod/editblock.php +++ b/mod/editblock.php @@ -115,7 +115,8 @@ function editblock_content(&$a) { '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), '$geotag' => '', '$nickname' => $channel['channel_address'], - '$confirmdelete' => t('Delete block?') + '$confirmdelete' => t('Delete block?'), + '$bbco_autocomplete'=> (($mimetype == 'text/bbcode') ? 'bbcode' : 'comanche-block') )); $tpl = get_markup_template("jot.tpl"); @@ -174,6 +175,7 @@ function editblock_content(&$a) { '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date'), + '$bbcode' => (($mimetype == 'text/bbcode') ? true : false) )); $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( diff --git a/mod/editlayout.php b/mod/editlayout.php index 9c27afa30..0b58fe5fe 100644 --- a/mod/editlayout.php +++ b/mod/editlayout.php @@ -109,7 +109,8 @@ function editlayout_content(&$a) { '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), '$geotag' => $geotag, '$nickname' => $channel['channel_address'], - '$confirmdelete' => t('Delete layout?') + '$confirmdelete' => t('Delete layout?'), + '$bbco_autocomplete'=> 'comanche' )); diff --git a/mod/editpost.php b/mod/editpost.php index a433d91f4..397254a48 100644 --- a/mod/editpost.php +++ b/mod/editpost.php @@ -54,7 +54,9 @@ function editpost_content(&$a) { '$geotag' => $geotag, '$nickname' => $channel['channel_address'], '$expireswhen' => t('Expires YYYY-MM-DD HH:MM'), - '$confirmdelete' => t('Delete item?'), + '$confirmdelete' => t('Delete item?'), + '$editor_autocomplete'=> true, + '$bbco_autocomplete'=> 'bbcode' )); if(intval($itm[0]['item_obscured'])) { diff --git a/mod/editwebpage.php b/mod/editwebpage.php index 445c31ad4..9f6df9536 100644 --- a/mod/editwebpage.php +++ b/mod/editwebpage.php @@ -150,7 +150,8 @@ function editwebpage_content(&$a) { '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), '$geotag' => $geotag, '$nickname' => $channel['channel_address'], - '$confirmdelete' => t('Delete webpage?') + '$confirmdelete' => t('Delete webpage?'), + '$bbco_autocomplete'=> 'bbcode', )); $tpl = get_markup_template("jot.tpl"); @@ -215,7 +216,7 @@ function editwebpage_content(&$a) { '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date'), - + '$bbco_autocomplete'=> 'bbcode' )); $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( diff --git a/mod/getfile.php b/mod/getfile.php new file mode 100644 index 000000000..c0916de79 --- /dev/null +++ b/mod/getfile.php @@ -0,0 +1,97 @@ +<?php + +/** + * module: getfile + * + * used for synchronising files and photos across clones + * + * The site initiating the file operation will send a sync packet to known clones. + * They will respond by building the DB structures they require, then will provide a + * post request to this site to grab the file data. This is sent as a stream direct to + * disk at the other end, avoiding memory issues. + * + * Since magic-auth cannot easily be used by the CURL process at the other end, + * we will require a signed request which includes a timestamp. This should not be + * used without SSL and is potentially vulnerable to replay if an attacker decrypts + * the SSL traffic fast enough. The amount of time slop is configurable but defaults + * to 3 minutes. + * + */ + + + +require_once('include/Contact.php'); +require_once('include/attach.php'); + +function getfile_post(&$a) { + + $hash = $_POST['hash']; + $time = $_POST['time']; + $sig = $_POST['signature']; + $resource = $_POST['resource']; + $revision = intval($_POST['revision']); + + if(! $hash) + killme(); + + $channel = channelx_by_hash($hash); + + if((! $channel) || (! $time) || (! $sig)) + killme(); + + $slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop')); + if($slop < 1) + $slop = 3; + + $d1 = datetime_convert('UTC','UTC',"now + $slop minutes"); + $d2 = datetime_convert('UTC','UTC',"now - $slop minutes"); + + if(($time > $d1) || ($time < $d2)) { + logger('time outside allowable range'); + killme(); + } + + if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) { + logger('verify failed.'); + killme(); + } + + + $r = attach_by_hash($resource,$revision); + + if(! $r['success']) { + notice( $r['message'] . EOL); + return; + } + + + $unsafe_types = array('text/html','text/css','application/javascript'); + + if(in_array($r['data']['filetype'],$unsafe_types)) { + header('Content-type: text/plain'); + } + else { + header('Content-type: ' . $r['data']['filetype']); + } + + header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"'); + if(intval($r['data']['os_storage'])) { + $fname = dbunescbin($r['data']['data']); + if(strpos($fname,'store') !== false) + $istream = fopen($fname,'rb'); + else + $istream = fopen('store/' . $channel['channel_address'] . '/' . $fname,'rb'); + $ostream = fopen('php://output','wb'); + if($istream && $ostream) { + pipe_streams($istream,$ostream); + fclose($istream); + fclose($ostream); + } + } + else + echo dbunescbin($r['data']['data']); + killme(); + + + +}
\ No newline at end of file diff --git a/mod/help.php b/mod/help.php index a266dbf7f..fb0339cd9 100644 --- a/mod/help.php +++ b/mod/help.php @@ -84,7 +84,21 @@ function doc_rank_sort($s1,$s2) { } +function load_context_help() { + + $path = App::$cmd; + $args = App::$argv; + + while($path) { + $context_help = load_doc_file('doc/context/' . $path . '/help.html'); + if($context_help) + break; + array_pop($args); + $path = implode($args,'/'); + } + return $context_help; +} function store_doc_file($s) { diff --git a/mod/import.php b/mod/import.php index e0c2ffa82..b14b97777 100644 --- a/mod/import.php +++ b/mod/import.php @@ -165,7 +165,6 @@ function import_account(&$a, $account_id) { logger('import step 2'); $_SESSION['import_step'] = 2; - ref_session_write(session_id(), serialize($_SESSION)); } @@ -181,7 +180,6 @@ function import_account(&$a, $account_id) { logger('import step 3'); $_SESSION['import_step'] = 3; - ref_session_write(session_id(), serialize($_SESSION)); } @@ -193,7 +191,6 @@ function import_account(&$a, $account_id) { } logger('import step 4'); $_SESSION['import_step'] = 4; - ref_session_write(session_id(), serialize($_SESSION)); } if($completed < 5) { @@ -225,7 +222,6 @@ function import_account(&$a, $account_id) { } logger('import step 5'); $_SESSION['import_step'] = 5; - ref_session_write(session_id(), serialize($_SESSION)); } @@ -262,7 +258,6 @@ function import_account(&$a, $account_id) { } logger('import step 6'); $_SESSION['import_step'] = 6; - ref_session_write(session_id(), serialize($_SESSION)); } if($completed < 7) { @@ -323,7 +318,7 @@ function import_account(&$a, $account_id) { } logger('import step 7'); $_SESSION['import_step'] = 7; - ref_session_write(session_id(), serialize($_SESSION)); + } @@ -399,7 +394,6 @@ function import_account(&$a, $account_id) { } logger('import step 8'); $_SESSION['import_step'] = 8; - ref_session_write(session_id(), serialize($_SESSION)); } @@ -449,7 +443,6 @@ function import_account(&$a, $account_id) { } logger('import step 9'); $_SESSION['import_step'] = 9; - ref_session_write(session_id(), serialize($_SESSION)); } if(is_array($data['obj'])) diff --git a/mod/layouts.php b/mod/layouts.php index dbb005e08..e28c9a066 100644 --- a/mod/layouts.php +++ b/mod/layouts.php @@ -122,7 +122,8 @@ function layouts_content(&$a) { 'profile_uid' => intval($owner), 'expanded' => true, 'placeholdertitle' => t('Layout Description (Optional)'), - 'novoting' => true + 'novoting' => true, + 'bbco_autocomplete' => 'comanche' ); if($_REQUEST['title']) diff --git a/mod/network.php b/mod/network.php index e195ac496..5465cd064 100644 --- a/mod/network.php +++ b/mod/network.php @@ -169,7 +169,10 @@ function network_content(&$a, $update = 0, $load = false) { 'acl' => populate_acl((($private_editing) ? $def_acl : $channel_acl), true, (($channel['channel_r_stream'] & PERMS_PUBLIC) ? t('Public') : '')), 'bang' => (($private_editing) ? '!' : ''), 'visitor' => true, - 'profile_uid' => local_channel() + 'profile_uid' => local_channel(), + 'editor_autocomplete' => true, + 'bbco_autocomplete' => 'bbcode', + 'bbcode' => true ); if($deftag) $x['pretext'] = $deftag; diff --git a/mod/notes.php b/mod/notes.php index 4bb97fc9e..9bf37d0f9 100644 --- a/mod/notes.php +++ b/mod/notes.php @@ -6,8 +6,18 @@ function notes_init(&$a) { return; $ret = array('success' => true); - if($_REQUEST['note_text'] || $_REQUEST['note_text'] == '') { + if(array_key_exists('note_text',$_REQUEST)) { $body = escape_tags($_REQUEST['note_text']); + + // I've had my notes vanish into thin air twice in four years. + // Provide a backup copy if there were contents previously + // and there are none being saved now. + + if(! $body) { + $old_text = get_pconfig(local_channel(),'notes','text'); + if($old_text) + set_pconfig(local_channel(),'notes','text.bak',$old_text); + } set_pconfig(local_channel(),'notes','text',$body); } diff --git a/mod/photos.php b/mod/photos.php index 0adbf752a..bf904db22 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -126,6 +126,34 @@ function photos_post(&$a) { if($_REQUEST['dropalbum'] == t('Delete Album')) { + + // This is dangerous because we combined file storage and photos into one interface + // This function will remove all photos from any directory with the same name since + // we have not passed the path value. + + // The correct solution would be to use a full pathname from your storage root for 'album' + // We also need to prevent/block removing the storage root folder. + + $folder_hash = ''; + + $r = q("select * from attach where is_dir = 1 and uid = %d and filename = '%s'", + intval($page_owner_uid), + dbesc($album) + ); + if(! $r) { + notice( t('Album not found.') . EOL); + return; + } + if(count($r) > 1) { + notice( t('Multiple storage folders exist with this album name, but within different directories. Please remove the desired folder or folders using the Files manager') . EOL); + return; + } + else { + $folder_hash = $r[0]['hash']; + } + + + $res = array(); // get the list of photos we are about to delete @@ -149,9 +177,6 @@ function photos_post(&$a) { if($r) { foreach($r as $i) { attach_delete($page_owner_uid, $i['resource_id'], 1 ); - // This is now being done in attach_delete() - // drop_item($i['id'],false,DROPITEM_PHASE1,true /* force removal of linked items */); - // proc_run('php','include/notifier.php','drop',$i['id']); } } @@ -163,6 +188,15 @@ function photos_post(&$a) { // @FIXME do the same for the linked attach + if($folder_hash) { + attach_delete($page_owner_uid,$folder_hash, 1); + + $sync = attach_export_data(App::$data['channel'],$folder_hash, true); + + if($sync) + build_sync_packet($page_owner_uid,array('file' => array($sync))); + } + } goaway(z_root() . '/photos/' . App::$data['channel']['channel_address']); @@ -183,23 +217,11 @@ function photos_post(&$a) { ); if($r) { -/* - q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'", - intval($page_owner_uid), - dbesc($r[0]['resource_id']) - ); -*/ attach_delete($page_owner_uid, $r[0]['resource_id'], 1 ); -/* - $i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1", - dbesc($r[0]['resource_id']), - intval($page_owner_uid) - ); - if(count($i)) { - drop_item($i[0]['id'],true,DROPITEM_PHASE1); - $url = z_root(); - } -*/ + $sync = attach_export_data(App::$data['channel'],$r[0]['resource_id'], true); + + if($sync) + build_sync_packet($page_owner_uid,array('file' => array($sync))); } goaway(z_root() . '/photos/' . App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']); @@ -218,7 +240,7 @@ function photos_post(&$a) { $acl->set_from_array($_POST); $perm = $acl->get(); - $resource_id = App::$argv[2]; + $resource_id = argv(2); if(! strlen($albname)) $albname = datetime_convert('UTC',date_default_timezone_get(),'now', 'Y'); @@ -443,6 +465,11 @@ function photos_post(&$a) { goaway(z_root() . '/' . $_SESSION['photo_return']); return; // NOTREACHED + $sync = attach_export_data(App::$data['channel'],$resource_id); + + if($sync) + build_sync_packet($page_owner_uid,array('file' => array($sync))); + } @@ -555,8 +582,8 @@ function photos_content(&$a) { $o = ""; - $o .= "<script> var profile_uid = " . App::$profile['profile_uid'] - . "; var netargs = '?f='; var profile_page = " . App::$pager['page'] . "; </script>\r\n"; + $o .= "<script> var profile_uid = " . App::$profile['profile_uid'] + . "; var netargs = '?f='; var profile_page = " . App::$pager['page'] . "; </script>\r\n"; // tabs diff --git a/mod/wall_attach.php b/mod/wall_attach.php index 75786b479..7f054705f 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -23,23 +23,6 @@ function wall_attach_post(&$a) { $observer = App::get_observer(); -// if($_FILES['userfile']['tmp_name']) { -// $x = @getimagesize($_FILES['userfile']['tmp_name']); -// logger('getimagesize: ' . print_r($x,true), LOGGER_DATA); -// if(($x) && ($x[2] === IMAGETYPE_GIF || $x[2] === IMAGETYPE_JPEG || $x[2] === IMAGETYPE_PNG)) { -// $args = array( 'source' => 'editor', 'visible' => 0, 'contact_allow' => array($channel['channel_hash'])); -// $ret = photo_upload($channel,$observer,$args); -// if($ret['success']) { -// echo "\n\n" . $ret['body'] . "\n\n"; -// killme(); -// } -// if($using_api) -// return; -// notice($ret['message']); -// killme(); -// } -// } - $def_album = get_pconfig($channel['channel_id'],'system','photo_path'); $def_attach = get_pconfig($channel['channel_id'],'system','attach_path'); diff --git a/mod/webpages.php b/mod/webpages.php index 2196eb9fc..c20a147da 100644 --- a/mod/webpages.php +++ b/mod/webpages.php @@ -114,7 +114,9 @@ function webpages_content(&$a) { 'mimetype' => $mimetype, 'layout' => $layout, 'expanded' => true, - 'novoting' => true + 'novoting'=> true, + 'bbco_autocomplete' => 'bbcode', + 'bbcode' => true ); if($_REQUEST['title']) |