From 0d8fcbe48dd92f37336dbb1bb86e609e8c86c488 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 22 Jun 2015 15:03:47 -0700 Subject: discovered a couple of loose ends in the per-member enable diaspora setting --- include/diaspora.php | 26 ++++++++++++++++++++++++++ version.inc | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/include/diaspora.php b/include/diaspora.php index 33ad4211b..77a400604 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -2371,6 +2371,24 @@ function diaspora_profile($importer,$xml,$msg) { function diaspora_share($owner,$contact) { $a = get_app(); + + $enabled = intval(get_config('system','diaspora_enabled')); + if(! $enabled) { + logger('diaspora_share: disabled'); + return; + } + + $allowed = get_pconfig($owner['channel_id'],'system','diaspora_allowed'); + if($allowed === false) + $allowed = 1; + + if(! intval($allowed)) { + logger('diaspora_share: disallowed for channel ' . $importer['channel_name']); + return; + } + + + $myaddr = $owner['channel_address'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); if(! array_key_exists('xchan_hash',$contact)) { @@ -2947,6 +2965,14 @@ function diaspora_transmit($owner,$contact,$slap,$public_batch,$queue_run=false) return 200; } + $allowed = get_pconfig($owner['channel_id'],'system','diaspora_allowed'); + if($allowed === false) + $allowed = 1; + + if(! intval($allowed)) { + return 200; + } + if($public_batch) $dest_url = $contact['hubloc_callback'] . '/public'; else diff --git a/version.inc b/version.inc index 03a0995b5..cbaf6aa9c 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2015-06-21.1070 +2015-06-22.1071 -- cgit v1.2.3 From 9879cf3c6ca0652e9dc5c69824f6ab655c484c28 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 22 Jun 2015 16:09:02 -0700 Subject: ensure we always sign a trimmed item body. --- include/items.php | 6 +++--- mod/item.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/items.php b/include/items.php index eb4ad1ead..229512ead 100755 --- a/include/items.php +++ b/include/items.php @@ -423,7 +423,7 @@ function post_activity_item($arr) { if(array_key_exists('item_private',$arr) && $arr['item_private']) { - $arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']); + $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype'])); if($channel) { if($channel['channel_hash'] === $arr['author_xchan']) { @@ -2064,7 +2064,7 @@ function item_store($arr, $allow_exec = false) { $arr['lang'] = detect_language($arr['body']); // apply the input filter here - if it is obscured it has been filtered already - $arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']); + $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype'])); if(local_channel() && (! $arr['sig'])) { $channel = get_app()->get_channel(); @@ -2461,7 +2461,7 @@ function item_store_update($arr,$allow_exec = false) { $arr['lang'] = detect_language($arr['body']); // apply the input filter here - if it is obscured it has been filtered already - $arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']); + $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype'])); if(local_channel() && (! $arr['sig'])) { $channel = get_app()->get_channel(); diff --git a/mod/item.php b/mod/item.php index 3ff286268..94e203788 100644 --- a/mod/item.php +++ b/mod/item.php @@ -798,7 +798,7 @@ function item_post(&$a) { if(array_key_exists('item_private',$datarray) && $datarray['item_private']) { - $datarray['body'] = z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']); + $datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype'])); if($uid) { if($channel['channel_hash'] === $datarray['author_xchan']) { -- cgit v1.2.3 From a189fc0872867e6692e02453fb2ea1ec95c0979c Mon Sep 17 00:00:00 2001 From: Alexandre Hannud Abdo Date: Tue, 23 Jun 2015 01:08:02 -0300 Subject: properly trims edited posts before signing so signature verification works --- mod/item.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mod/item.php b/mod/item.php index 3ff286268..9287081ef 100644 --- a/mod/item.php +++ b/mod/item.php @@ -343,8 +343,8 @@ function item_post(&$a) { $coord = $orig_post['coord']; $verb = $orig_post['verb']; $app = $orig_post['app']; - $title = $_REQUEST['title']; - $body = $_REQUEST['body']; + $title = escape_tags(trim($_REQUEST['title'])); + $body = trim($_REQUEST['body']); $item_flags = $orig_post['item_flags']; // force us to recalculate if we need to obscure this post -- cgit v1.2.3