aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/attach.php73
-rw-r--r--mod/dfrn_notify.php4
-rw-r--r--mod/editpost.php1
-rw-r--r--mod/item.php53
-rw-r--r--mod/profile.php7
-rw-r--r--mod/profiles.php18
-rw-r--r--mod/wall_attach.php106
-rw-r--r--mod/wall_upload.php2
8 files changed, 253 insertions, 11 deletions
diff --git a/mod/attach.php b/mod/attach.php
new file mode 100644
index 000000000..3953d3aa1
--- /dev/null
+++ b/mod/attach.php
@@ -0,0 +1,73 @@
+<?php
+
+function attach_init(&$a) {
+
+ if($a->argc != 2) {
+ notice( t('Item not available.') . EOL);
+ return;
+ }
+
+ $item_id = intval($a->argv[1]);
+
+ $r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1",
+ intval($item_id)
+ );
+ if(! count($r)) {
+ notice( t('Item was not found.'). EOL);
+ return;
+ }
+
+ $owner = $r[0]['uid'];
+
+ $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
+
+ if(local_user() && ($owner == $_SESSION['uid'])) {
+
+ // Owner can always see his/her photos
+ $sql_extra = '';
+
+ }
+ elseif(remote_user()) {
+
+ // authenticated visitor - here lie dragons
+
+ $groups = init_groups_visitor($_SESSION['visitor_id']);
+ $gs = '<<>>'; // should be impossible to match
+ if(count($groups)) {
+ foreach($groups as $g)
+ $gs .= '|<' . intval($g) . '>';
+ }
+
+ $sql_extra = sprintf(
+ " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
+ AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
+ AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
+ AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
+
+ intval($_SESSION['visitor_id']),
+ intval($_SESSION['visitor_id']),
+ dbesc($gs),
+ dbesc($gs)
+ );
+ }
+
+ // Now we'll see if we can access the attachment
+
+ $r = q("SELECT * FROM `attach` WHERE `id` = '%d' $sql_extra LIMIT 1",
+ dbesc($item_id)
+ );
+
+ if(count($r)) {
+ $data = $r[0]['data'];
+ }
+ else {
+ notice( t('Permission denied.') . EOL);
+ return;
+ }
+
+ header('Content-type: ' . $r[0]['filetype']);
+ header('Content-disposition: attachment; filename=' . $r[0]['filename']);
+ echo $data;
+ killme();
+ // NOTREACHED
+} \ No newline at end of file
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 65fd29eb3..7aace856e 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -440,10 +440,10 @@ function dfrn_notify_post(&$a) {
require_once("include/EmailNotification.php");
EmailNotification::sendTextHtmlEmail(
$msg['notificationfromname'],
- t("Administrator@") . $a->get_hostname(),
+ t("Administrator") . '@' . $a->get_hostname(),
t("noreply") . '@' . $a->get_hostname(),
$importer['email'],
- $from . t(" commented on an item at ") . $a->config['sitename'],
+ sprintf( t('%s commented on an item at %s'), $from , $a->config['sitename']),
$email_html_body_tpl,
$email_text_body_tpl
);
diff --git a/mod/editpost.php b/mod/editpost.php
index d211074c9..cd0bbf223 100644
--- a/mod/editpost.php
+++ b/mod/editpost.php
@@ -87,6 +87,7 @@ function editpost_content(&$a) {
'$action' => 'item',
'$share' => t('Edit'),
'$upload' => t('Upload photo'),
+ '$attach' => t('Attach file'),
'$weblink' => t('Insert web link'),
'$youtube' => t('Insert YouTube video'),
'$video' => t('Insert Vorbis [.ogg] video'),
diff --git a/mod/item.php b/mod/item.php
index 1a7acadf3..6120b140b 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -218,6 +218,32 @@ function item_post(&$a) {
}
}
+
+ $match = null;
+
+ if(preg_match_all("/\[attachment\](.+?)\[\/attachment\]/",$body,$match)) {
+ $attaches = $match[1];
+ if(count($attaches)) {
+ foreach($attaches as $attach) {
+ $r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
+ intval($profile_uid),
+ intval($attaches)
+ );
+ if(count($r)) {
+ $r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
+ WHERE `uid` = %d AND `id` = %d LIMIT 1",
+ intval($profile_uid),
+ intval($attaches)
+ );
+ }
+ }
+ }
+ }
+
+
+
+
+
/**
* Fold multi-line [code] sequences
*/
@@ -322,6 +348,23 @@ function item_post(&$a) {
}
}
+ $attachments = '';
+
+ if(preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/',$body,$match)) {
+ foreach($match[2] as $mtch) {
+ $r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
+ intval($profile_uid),
+ intval($mtch)
+ );
+ if(count($r)) {
+ if(strlen($attachments))
+ $attachments .= ',';
+ $attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['id'] . '" size="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . $r[0]['filename'] . '"[/attach]';
+ }
+ $body = str_replace($match[1],'',$body);
+ }
+ }
+
$wall = 0;
if($post_type === 'wall' || $post_type === 'wall-comment')
@@ -365,6 +408,7 @@ function item_post(&$a) {
$datarray['deny_gid'] = $str_group_deny;
$datarray['private'] = $private;
$datarray['pubmail'] = $pubmail_enable;
+ $datarray['attach'] = $attachments;
/**
* These fields are for the convenience of plugins...
@@ -399,11 +443,11 @@ function item_post(&$a) {
else
$post_id = 0;
-
+dbg(1);
$r = q("INSERT INTO `item` (`uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`,
`author-name`, `author-link`, `author-avatar`, `created`, `edited`, `changed`, `uri`, `title`, `body`, `location`, `coord`,
- `tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail` )
- VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
+ `tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach` )
+ VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s' )",
intval($datarray['uid']),
dbesc($datarray['type']),
intval($datarray['wall']),
@@ -431,7 +475,8 @@ function item_post(&$a) {
dbesc($datarray['deny_cid']),
dbesc($datarray['deny_gid']),
intval($datarray['private']),
- intval($datarray['pubmail'])
+ intval($datarray['pubmail']),
+ dbesc($datarray['attach'])
);
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
diff --git a/mod/profile.php b/mod/profile.php
index 634aec460..8d46d6c5b 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -51,11 +51,14 @@ function profile_init(&$a) {
function profile_content(&$a, $update = 0) {
- if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
+ if(get_config('system','block_public') && (! local_user()) && (! remote_user())) {
return login();
}
-
+ if($a->profile['hidewall'] && (! local_user()) && (! remote_user())) {
+ notice( t('Access to this profile has been restricted.') . EOL);
+ return;
+ }
require_once("include/bbcode.php");
require_once('include/security.php');
diff --git a/mod/profiles.php b/mod/profiles.php
index 9c92d81ba..b64c1294e 100644
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -129,6 +129,7 @@ function profiles_post(&$a) {
$work = escape_tags(trim($_POST['work']));
$education = escape_tags(trim($_POST['education']));
$hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0);
+ $hidewall = (($_POST['hidewall'] == 1) ? 1: 0);
$r = q("UPDATE `profile`
@@ -160,7 +161,8 @@ function profiles_post(&$a) {
`romance` = '%s',
`work` = '%s',
`education` = '%s',
- `hide-friends` = %d
+ `hide-friends` = %d,
+ `hidewall` = %d
WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc($profile_name),
dbesc($name),
@@ -191,6 +193,7 @@ function profiles_post(&$a) {
dbesc($work),
dbesc($education),
intval($hide_friends),
+ intval($hidewall),
intval($a->argv[1]),
intval($_SESSION['uid'])
);
@@ -351,13 +354,23 @@ function profiles_content(&$a) {
$opt_tpl = get_markup_template("profile-hide-friends.tpl");
$hide_friends = replace_macros($opt_tpl,array(
- '$desc' => t('Hide my contact/friend list from viewers of this profile?'),
+ '$desc' => t('Hide your contact/friend list from viewers of this profile?'),
'$yes_str' => t('Yes'),
'$no_str' => t('No'),
'$yes_selected' => (($r[0]['hide-friends']) ? " checked=\"checked\" " : ""),
'$no_selected' => (($r[0]['hide-friends'] == 0) ? " checked=\"checked\" " : "")
));
+ $opt_tpl = get_markup_template("profile-hide-wall.tpl");
+ $hide_wall = replace_macros($opt_tpl,array(
+ '$desc' => t('Hide your messages from unknown viewers of this profile?'),
+ '$yes_str' => t('Yes'),
+ '$no_str' => t('No'),
+ '$yes_selected' => (($r[0]['hidewall']) ? " checked=\"checked\" " : ""),
+ '$no_selected' => (($r[0]['hidewall'] == 0) ? " checked=\"checked\" " : "")
+ ));
+
+
$a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));
$a->page['htmlhead'] .= "<script type=\"text/javascript\" src=\"include/country.js\" ></script>";
@@ -413,6 +426,7 @@ function profiles_content(&$a) {
'$pdesc' => $r[0]['pdesc'],
'$dob' => dob($r[0]['dob']),
'$hide_friends' => $hide_friends,
+ '$hide_wall' => $hide_wall,
'$address' => $r[0]['address'],
'$locality' => $r[0]['locality'],
'$region' => $r[0]['region'],
diff --git a/mod/wall_attach.php b/mod/wall_attach.php
new file mode 100644
index 000000000..f18fd10b7
--- /dev/null
+++ b/mod/wall_attach.php
@@ -0,0 +1,106 @@
+<?php
+
+require_once('include/attach.php');
+require_once('include/datetime.php');
+
+function wall_attach_post(&$a) {
+
+ if($a->argc > 1) {
+ $nick = $a->argv[1];
+ $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
+ dbesc($nick)
+ );
+ if(! count($r))
+ return;
+
+ }
+ else
+ return;
+
+ $can_post = false;
+ $visitor = 0;
+
+ $page_owner_uid = $r[0]['uid'];
+ $page_owner_nick = $r[0]['nickname'];
+ $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
+
+ if((local_user()) && (local_user() == $page_owner_uid))
+ $can_post = true;
+ else {
+ if($community_page && remote_user()) {
+ $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
+ intval(remote_user()),
+ intval($page_owner_uid)
+ );
+ if(count($r)) {
+ $can_post = true;
+ $visitor = remote_user();
+ }
+ }
+ }
+
+ if(! $can_post) {
+ notice( t('Permission denied.') . EOL );
+ killme();
+ }
+
+ if(! x($_FILES,'userfile'))
+ killme();
+
+ $src = $_FILES['userfile']['tmp_name'];
+ $filename = basename($_FILES['userfile']['name']);
+ $filesize = intval($_FILES['userfile']['size']);
+
+ $maxfilesize = get_config('system','maxfilesize');
+
+ if(($maxfilesize) && ($filesize > $maxfilesize)) {
+ notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
+ @unlink($src);
+ return;
+ }
+
+ $filedata = @file_get_contents($src);
+
+ $mimetype = mime_content_type($src);
+ $hash = random_string();
+ $created = datetime_convert();
+
+ $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
+ VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+ intval($page_owner_uid),
+ dbesc($hash),
+ dbesc($filename),
+ dbesc($mimetype),
+ intval($filesize),
+ dbesc($filedata),
+ dbesc($created),
+ dbesc($created),
+ dbesc('<' . $page_owner_uid . '>'),
+ dbesc(''),
+ dbesc(''),
+ dbesc('')
+ );
+
+ @unlink($src);
+
+ if(! $r) {
+ echo ( t('File upload failed.') . EOL);
+ killme();
+ }
+
+ $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
+ intval($page_owner_uid),
+ dbesc($created),
+ dbesc($hash)
+ );
+
+ if(! count($r)) {
+ echo ( t('File upload failed.') . EOL);
+ killme();
+ }
+
+ echo '<br /><br />[attachment]' . $r[0]['id'] . '[/attachment]' . '<br />';
+
+ killme();
+ // NOTREACHED
+}
diff --git a/mod/wall_upload.php b/mod/wall_upload.php
index f7638b730..bd6b80562 100644
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@@ -53,7 +53,7 @@ function wall_upload_post(&$a) {
$maximagesize = get_config('system','maximagesize');
if(($maximagesize) && ($filesize > $maximagesize)) {
- notice( sprintf(t('Image exceeds size limit of %d'), $maximagesize) . EOL);
+ echo sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL;
@unlink($src);
return;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-08 12:19:32 +0000