From 9baaa6fa563525aac5e97822ec669a29310ff08b Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 21 Sep 2015 20:05:54 -0700 Subject: issue #51 --- include/items.php | 12 ++++++++++++ mod/locs.php | 15 +++++++++++---- view/tpl/locmanage.tpl | 2 +- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/include/items.php b/include/items.php index 657168601..b209e55c5 100755 --- a/include/items.php +++ b/include/items.php @@ -4417,6 +4417,18 @@ function delete_item_lowlevel($item, $stage = DROPITEM_NORMAL, $force = false) { intval($item['uid']) ); + // remove delivery reports + + $c = q("select channel_hash from channel where channel_id = %d limit 1", + intval($item['uid']) + ); + if($c) { + q("delete from dreport where dreport_xchan = '%s' and dreport_mid = '%s'", + dbesc($c[0]['channel_hash']), + dbesc($item['mid']) + ); + } + // network deletion request. Keep the message structure so that we can deliver delete notifications. // Come back after several days (or perhaps a month) to do the lowlevel delete (DROPITEM_PHASE2). diff --git a/mod/locs.php b/mod/locs.php index 3f8bd9029..3c6a5da67 100644 --- a/mod/locs.php +++ b/mod/locs.php @@ -50,8 +50,17 @@ function locs_post(&$a) { return; } if(intval($r[0]['hubloc_primary'])) { - notice( t('Primary location cannot be removed.') . EOL); - return; + $x = q("select hubloc_id from hubloc where hubloc_primary = 1 and hubloc_hash = '%s'", + dbesc($channel['channel_hash']) + ); + if(! $x) { + notice( t('Location lookup failed.')); + return; + } + if(count($x) == 1) { + notice( t('Please select another location to become primary before removing the primary location.') . EOL); + return; + } } $r = q("update hubloc set hubloc_deleted = 1 where hubloc_id = %d and hubloc_hash = '%s'", @@ -91,8 +100,6 @@ function locs_content(&$a) { $r[$x]['deleted'] = (intval($r[$x]['hubloc_deleted']) ? true : false); } - - $o = replace_macros(get_markup_template('locmanage.tpl'), array( '$header' => t('Manage Channel Locations'), '$loc' => t('Location (address)'), diff --git a/view/tpl/locmanage.tpl b/view/tpl/locmanage.tpl index 944b3c3f4..e0232547f 100644 --- a/view/tpl/locmanage.tpl +++ b/view/tpl/locmanage.tpl @@ -19,7 +19,7 @@ function drophub(id) { {{if $hub.primary}}{{else}}{{/if}} -{{if $hub.primary}}{{else}}{{if ! $hub.deleted}}{{/if}}{{/if}} +{{if ! $hub.deleted}}{{/if}} {{/foreach}} -- cgit v1.2.3 From 477228d4ff80583eaf98a6529e51d9b4d28a5340 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 21 Sep 2015 20:17:48 -0700 Subject: issue #50 - cloud listings produce white screen for unauthenticated viewer --- mod/cloud.php | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/mod/cloud.php b/mod/cloud.php index 7f6dc0962..efb33f935 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -73,6 +73,8 @@ function cloud_init(&$a) { $server->addPlugin($lockPlugin); +/* This next bit should no longer be needed... */ + // The next section of code allows us to bypass prompting for http-auth if a // FILE is being accessed anonymously and permissions allow this. This way // one can create hotlinks to public media files in their cloud and anonymous @@ -83,24 +85,24 @@ function cloud_init(&$a) { // In order to avoid prompting for passwords for viewing a DIRECTORY, add // the URL query parameter 'davguest=1'. - $isapublic_file = false; - $davguest = ((x($_SESSION, 'davguest')) ? true : false); - - if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { - try { - $x = RedFileData('/' . $a->cmd, $auth); - if($x instanceof RedDAV\RedFile) - $isapublic_file = true; - } - catch (Exception $e) { - $isapublic_file = false; - } - } - - if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { - logger('mod_cloud: auth exception'); - http_status_exit(401, 'Permission denied.'); - } +// $isapublic_file = false; +// $davguest = ((x($_SESSION, 'davguest')) ? true : false); + +// if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { +// try { +// $x = RedFileData('/' . $a->cmd, $auth); +// if($x instanceof RedDAV\RedFile) +// $isapublic_file = true; +// } +// catch (Exception $e) { +// $isapublic_file = false; +// } +// } + +// if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { +// logger('mod_cloud: auth exception'); +// http_status_exit(401, 'Permission denied.'); +// } require_once('include/RedDAV/RedBrowser.php'); // provide a directory view for the cloud in Hubzilla -- cgit v1.2.3 From 8c16f12d7a8dab8def506cc5cd94105abb6e4fbb Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 21 Sep 2015 20:20:16 -0700 Subject: issue #52 - try all matching hublocs for remote auth, not just the "best one". --- mod/post.php | 263 ++++++++++++++++++++++++++++++----------------------------- version.inc | 2 +- 2 files changed, 136 insertions(+), 129 deletions(-) diff --git a/mod/post.php b/mod/post.php index 908b9eb1d..a429dc33a 100644 --- a/mod/post.php +++ b/mod/post.php @@ -119,7 +119,7 @@ function post_init(&$a) { } // Try and find a hubloc for the person attempting to auth - $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc", dbesc($address) ); @@ -130,7 +130,7 @@ function post_init(&$a) { $j = json_decode($ret['body'], true); if ($j) import_xchan($j); - $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc", dbesc($address) ); } @@ -146,161 +146,169 @@ function post_init(&$a) { goaway($desturl); } - logger('mod_zot: auth request received from ' . $x[0]['hubloc_addr'] ); - // check credentials and access + foreach($x as $xx) { + logger('mod_zot: auth request received from ' . $xx['hubloc_addr'] ); - // If they are already authenticated and haven't changed credentials, - // we can save an expensive network round trip and improve performance. + // check credentials and access - $remote = remote_channel(); - $result = null; - $remote_service_class = ''; - $remote_level = 0; - $remote_hub = $x[0]['hubloc_url']; - $DNT = 0; + // If they are already authenticated and haven't changed credentials, + // we can save an expensive network round trip and improve performance. - // Also check that they are coming from the same site as they authenticated with originally. + $remote = remote_channel(); + $result = null; + $remote_service_class = ''; + $remote_level = 0; + $remote_hub = $xx['hubloc_url']; + $DNT = 0; - $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); - if($delegate && $delegate !== $_SESSION['delegate_channel']) - $already_authed = false; + // Also check that they are coming from the same site as they authenticated with originally. - $j = array(); + $already_authed = ((($remote) && ($xx['hubloc_hash'] == $remote) && ($xx['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); + if($delegate && $delegate !== $_SESSION['delegate_channel']) + $already_authed = false; - if (! $already_authed) { + $j = array(); - // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key - // The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender - // which can be verified - - $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec); - if ($test) { - $ret['message'] .= 'auth check packet created using sitekey ' . $x[0]['hubloc_sitekey'] . EOL; - $ret['message'] .= 'packet contents: ' . $p . EOL; - } - - $result = zot_zot($x[0]['hubloc_callback'],$p); + if (! $already_authed) { - if (! $result['success']) { - logger('mod_zot: auth_check callback failed.'); + // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key + // The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender + // which can be verified + + $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $xx['hubloc_guid'],'guid_sig' => $xx['hubloc_guid_sig'])), $xx['hubloc_sitekey'], $sec); if ($test) { - $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; - json_return_and_die($ret); - } - - goaway($desturl); - } - $j = json_decode($result['body'], true); - if (! $j) { - logger('mod_zot: auth_check json data malformed.'); - if($test) { - $ret['message'] .= 'json malformed: ' . $result['body'] . EOL; - json_return_and_die($ret); + $ret['message'] .= 'auth check packet created using sitekey ' . $xx['hubloc_sitekey'] . EOL; + $ret['message'] .= 'packet contents: ' . $p . EOL; } - } - } - if ($test) { - $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL; - } + $result = zot_zot($xx['hubloc_callback'],$p); - if ($already_authed || $j['success']) { - if ($j['success']) { - // legit response, but we do need to check that this wasn't answered by a man-in-middle - if (! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) { - logger('mod_zot: auth: final confirmation failed.'); + if (! $result['success']) { + logger('mod_zot: auth_check callback failed.'); if ($test) { - $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($x[0],true); - json_return_and_die($ret); + $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; + continue; } - - goaway($desturl); + continue; } - if (array_key_exists('service_class',$j)) - $remote_service_class = $j['service_class']; - if (array_key_exists('level',$j)) - $remote_level = $j['level']; - if (array_key_exists('DNT',$j)) - $DNT = $j['DNT']; + $j = json_decode($result['body'], true); + if (! $j) { + logger('mod_zot: auth_check json data malformed.'); + if($test) { + $ret['message'] .= 'json malformed: ' . $result['body'] . EOL; + continue; + } + } + } + + if ($test) { + $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL; } - // everything is good... maybe - if(local_channel()) { - // tell them to logout if they're logged in locally as anything but the target remote account - // in which case just shut up because they don't need to be doing this at all. + if ($already_authed || $j['success']) { + if ($j['success']) { + // legit response, but we do need to check that this wasn't answered by a man-in-middle + if (! rsa_verify($sec . $xx['xchan_hash'],base64url_decode($j['confirm']),$xx['xchan_pubkey'])) { + logger('mod_zot: auth: final confirmation failed.'); + if ($test) { + $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($xx,true); + continue; + } - if ($a->channel['channel_hash'] != $x[0]['xchan_hash']) { - logger('mod_zot: auth: already authenticated locally as somebody else.'); - notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); - if ($test) { - $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL; - json_return_and_die($ret); + continue; } + if (array_key_exists('service_class',$j)) + $remote_service_class = $j['service_class']; + if (array_key_exists('level',$j)) + $remote_level = $j['level']; + if (array_key_exists('DNT',$j)) + $DNT = $j['DNT']; + } + // everything is good... maybe + if(local_channel()) { + + // tell them to logout if they're logged in locally as anything but the target remote account + // in which case just shut up because they don't need to be doing this at all. + + if ($a->channel['channel_hash'] != $xx['xchan_hash']) { + logger('mod_zot: auth: already authenticated locally as somebody else.'); + notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); + if ($test) { + $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL; + continue; + } + } + continue; } - goaway($desturl); - } - // log them in + // log them in - if ($test) { - $ret['success'] = true; - $ret['message'] .= 'Authentication Success!' . EOL; - json_return_and_die($ret); - } + if ($test) { + $ret['success'] = true; + $ret['message'] .= 'Authentication Success!' . EOL; + json_return_and_die($ret); + } - $delegation_success = false; - if ($delegate) { - $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", - dbesc($delegate) - ); - if ($r && intval($r[0]['channel_id'])) { - $allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate'); - if ($allowed) { - $_SESSION['delegate_channel'] = $r[0]['channel_id']; - $_SESSION['delegate'] = $x[0]['xchan_hash']; - $_SESSION['account_id'] = intval($r[0]['channel_account_id']); - require_once('include/security.php'); - change_channel($r[0]['channel_id']); - $delegation_success = true; + $delegation_success = false; + if ($delegate) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", + dbesc($delegate) + ); + if ($r && intval($r[0]['channel_id'])) { + $allowed = perm_is_allowed($r[0]['channel_id'],$xx['xchan_hash'],'delegate'); + if ($allowed) { + $_SESSION['delegate_channel'] = $r[0]['channel_id']; + $_SESSION['delegate'] = $xx['xchan_hash']; + $_SESSION['account_id'] = intval($r[0]['channel_account_id']); + require_once('include/security.php'); + change_channel($r[0]['channel_id']); + $delegation_success = true; + } } } - } - $_SESSION['authenticated'] = 1; - if (! $delegation_success) { - $_SESSION['visitor_id'] = $x[0]['xchan_hash']; - $_SESSION['my_url'] = $x[0]['xchan_url']; - $_SESSION['my_address'] = $address; - $_SESSION['remote_service_class'] = $remote_service_class; - $_SESSION['remote_level'] = $remote_level; - $_SESSION['remote_hub'] = $remote_hub; - $_SESSION['DNT'] = $DNT; + $_SESSION['authenticated'] = 1; + if (! $delegation_success) { + $_SESSION['visitor_id'] = $xx['xchan_hash']; + $_SESSION['my_url'] = $xx['xchan_url']; + $_SESSION['my_address'] = $address; + $_SESSION['remote_service_class'] = $remote_service_class; + $_SESSION['remote_level'] = $remote_level; + $_SESSION['remote_hub'] = $remote_hub; + $_SESSION['DNT'] = $DNT; + } + + $arr = array('xchan' => $xx, 'url' => $desturl, 'session' => $_SESSION); + call_hooks('magic_auth_success',$arr); + $a->set_observer($xx); + require_once('include/security.php'); + $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$xx['xchan_name'])); + logger('mod_zot: auth success from ' . $xx['xchan_addr']); + q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", + intval(HUBLOC_WORKS), + intval($xx['hubloc_id']) + ); + } else { + if ($test) { + $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + continue; + } + logger('mod_zot: magic-auth failure - not authenticated: ' . $xx['xchan_addr']); + q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", + intval(HUBLOC_RECEIVE_ERROR), + intval($xx['hubloc_id']) + ); } - $arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION); - call_hooks('magic_auth_success',$arr); - $a->set_observer($x[0]); - require_once('include/security.php'); - $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); - info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); - logger('mod_zot: auth success from ' . $x[0]['xchan_addr']); - q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", - intval(HUBLOC_WORKS), - intval($x[0]['hubloc_id']) - ); - } else { if ($test) { - $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; - json_return_and_die($ret); + $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + continue; } - logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']); - q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", - intval(HUBLOC_RECEIVE_ERROR), - intval($x[0]['hubloc_id']) - ); } + /** * @FIXME we really want to save the return_url in the session before we * visit rmagic. This does however prevent a recursion if you visit @@ -308,14 +316,13 @@ function post_init(&$a) { * But z_root() probably isn't where you really want to go. */ + if(strstr($desturl,z_root() . '/rmagic')) + goaway(z_root()); + if ($test) { - $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; json_return_and_die($ret); } - if(strstr($desturl,z_root() . '/rmagic')) - goaway(z_root()); - goaway($desturl); } } diff --git a/version.inc b/version.inc index e412e1495..ecb05b628 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2015-09-20.1161 +2015-09-21.1162 -- cgit v1.2.3 From 146ff6f70308647b27374a1bba386c156498bd2e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 21 Sep 2015 22:30:28 -0700 Subject: more progress on delivery reports. Store the remote results from zot sites locally. --- include/zot.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/include/zot.php b/include/zot.php index 767abae38..f728d8fb9 100644 --- a/include/zot.php +++ b/include/zot.php @@ -957,6 +957,21 @@ function zot_process_response($hub, $arr, $outq) { logger('zot_process_response: headers: ' . print_r($arr['header'],true), LOGGER_DATA); } + if(array_key_exists('delivery_report',$x)) { + foreach($x['delivery_report'] as $xx) { + if(is_array($xx) && array_key_exists('message_id',$xx)) { + q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ", + dbesc($xx['message_id']), + dbesc($xx['location']), + dbesc($xx['recipient']), + dbesc($xx['status']), + dbesc(datetime_convert($xx['date'])), + dbesc($xx['sender']) + ); + } + } + } + // update the timestamp for this site q("update site set site_dead = 0, site_update = '%s' where site_url = '%s'", -- cgit v1.2.3 From ea9f169a6c58ede69882a82160618f3a29b32c42 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Tue, 22 Sep 2015 10:59:19 +0200 Subject: fix consensus items - issue #53 --- mod/item.php | 1 + 1 file changed, 1 insertion(+) diff --git a/mod/item.php b/mod/item.php index d0cf59091..93f24bd1a 100644 --- a/mod/item.php +++ b/mod/item.php @@ -641,6 +641,7 @@ function item_post(&$a) { $item_unseen = ((local_channel() != $profile_uid) ? 1 : 0); $item_wall = (($post_type === 'wall' || $post_type === 'wall-comment') ? 1 : 0); $item_origin = (($origin) ? 1 : 0); + $item_consensus = (($consensus) ? 1 : 0); // determine if this is a wall post -- cgit v1.2.3 From 0b1b11ea53ee3fd466eb338ac5ce67e62af87413 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 22 Sep 2015 02:32:04 -0700 Subject: heavy lifting for delivery reports --- boot.php | 2 +- include/deliver.php | 23 ++++++++++++++++++++++- include/notifier.php | 12 ++++++++++++ include/poller.php | 11 +++++++++++ include/zot.php | 12 +++++++++++- install/schema_mysql.sql | 2 ++ install/schema_postgres.sql | 2 ++ install/update.php | 13 ++++++++++++- mod/dreport.php | 32 ++++++++++++++++++++++++++++++++ 9 files changed, 105 insertions(+), 4 deletions(-) create mode 100644 mod/dreport.php diff --git a/boot.php b/boot.php index ac2a26380..5a564bb9d 100755 --- a/boot.php +++ b/boot.php @@ -50,7 +50,7 @@ define ( 'PLATFORM_NAME', 'hubzilla' ); define ( 'RED_VERSION', trim(file_get_contents('version.inc')) . 'H'); define ( 'ZOT_REVISION', 1 ); -define ( 'DB_UPDATE_VERSION', 1153 ); +define ( 'DB_UPDATE_VERSION', 1154 ); /** * @brief Constant with a HTML line break. diff --git a/include/deliver.php b/include/deliver.php index 26739fb06..7a43e3d47 100644 --- a/include/deliver.php +++ b/include/deliver.php @@ -15,7 +15,10 @@ function deliver_run($argv, $argc) { logger('deliver: invoked: ' . print_r($argv,true), LOGGER_DATA); + for($x = 1; $x < $argc; $x ++) { + + $dresult = null; $r = q("select * from outq where outq_hash = '%s' limit 1", dbesc($argv[$x]) ); @@ -98,11 +101,29 @@ function deliver_run($argv, $argc) { } else { $msg = array('body' => json_encode(array('success' => true, 'pickup' => array(array('notify' => $notify,'message' => $m))))); - zot_import($msg,z_root()); + $dresult = zot_import($msg,z_root()); } $r = q("delete from outq where outq_hash = '%s'", dbesc($argv[$x]) ); + if($dresult && is_array($dresult)) { + foreach($dresult as $xx) { + if(is_array($xx) && array_key_exists('message_id',$xx)) { + q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ", + dbesc($xx['message_id']), + dbesc($xx['location']), + dbesc($xx['recipient']), + dbesc($xx['status']), + dbesc(datetime_convert($xx['date'])), + dbesc($xx['sender']) + ); + } + } + } + + q("delete from dreport where dreport_queue = '%s' limit 1", + dbesc($argv[$x]) + ); } } else { diff --git a/include/notifier.php b/include/notifier.php index e16f80ecf..fd95d53e2 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -662,6 +662,18 @@ function notifier_run($argv, $argc){ dbesc($n), dbesc(json_encode($encoded_item)) ); + // only create delivery reports for normal undeleted items + if(array_key_exists('postopts',$target_item) && (! $target_item['item_deleted'])) { + q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan, dreport_queue ) values ( '%s','%s','%s','%s','%s','%s','%s' ) ", + dbesc($target_item['mid']), + dbesc($hub['hubloc_host']), + dbesc($hub['hubloc_host']), + dbesc('queued'), + dbesc(datetime_convert()), + dbesc($channel['channel_hash']), + dbesc($hash) + ); + } } $deliver[] = $hash; diff --git a/include/poller.php b/include/poller.php index 72f22d946..031fb4533 100644 --- a/include/poller.php +++ b/include/poller.php @@ -201,6 +201,17 @@ function poller_run($argv, $argc){ db_utcnow(), db_quoteinterval('30 DAY') ); + // expire old delivery reports + + $keep_reports = intval(get_config('system','expire_delivery_reports')); + if($keep_reports === 0) + $keep_reports = 30; + + q("delete from dreport where dreport_time < %s - INTERVAL %s", + db_utcnow(), + db_quoteinterval($keep_reports . ' DAY') + ); + // expire any expired accounts downgrade_accounts(); diff --git a/include/zot.php b/include/zot.php index f728d8fb9..942998b98 100644 --- a/include/zot.php +++ b/include/zot.php @@ -971,7 +971,11 @@ function zot_process_response($hub, $arr, $outq) { } } } - + + q("delete from dreport where dreport_queue = '%s' limit 1", + dbesc($outq['outq_hash']) + ); + // update the timestamp for this site q("update site set site_dead = 0, site_update = '%s' where site_url = '%s'", @@ -1575,6 +1579,12 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ continue; } + if($d['hash'] === $sender['hash']) { + $DR->update('self delivery ignored'); + $result[] = $DR->get(); + continue; + } + $channel = $r[0]; $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql index 3bb3b7133..a21e5f48a 100644 --- a/install/schema_mysql.sql +++ b/install/schema_mysql.sql @@ -359,11 +359,13 @@ CREATE TABLE IF NOT EXISTS `dreport` ( `dreport_result` char(255) NOT NULL DEFAULT '', `dreport_time` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `dreport_xchan` char(255) NOT NULL DEFAULT '', + `dreport_queue` char(255) NOT NULL DEFAULT '', PRIMARY KEY (`dreport_id`), KEY `dreport_mid` (`dreport_mid`), KEY `dreport_site` (`dreport_site`), KEY `dreport_time` (`dreport_time`), KEY `dreport_xchan` (`dreport_xchan`), + KEY `dreport_queue` (`dreport_queue`), KEY `dreport_channel` (`dreport_channel`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql index 1298f3cb3..26d7d79a3 100644 --- a/install/schema_postgres.sql +++ b/install/schema_postgres.sql @@ -350,6 +350,7 @@ CREATE TABLE IF NOT EXISTS "dreport" ( "dreport_result" char(255) NOT NULL DEFAULT '', "dreport_time" timestamp NOT NULL DEFAULT '0001-01-01 00:00:00', "dreport_xchan" char(255) NOT NULL DEFAULT '', + "dreport_queue" char(255) NOT NULL DEFAULT '', PRIMARY KEY ("dreport_id") ); @@ -357,6 +358,7 @@ create index "dreport_mid" on dreport ("dreport_mid"); create index "dreport_site" on dreport ("dreport_site"); create index "dreport_time" on dreport ("dreport_time"); create index "dreport_xchan" on dreport ("dreport_xchan"); +create index "dreport_queue" on dreport ("dreport_queue"); create index "dreport_channel" on dreport ("dreport_channel"); diff --git a/install/update.php b/install/update.php index cf35698df..bef754570 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ get_channel(); + + $mid = ((argc() > 1) ? argv(1) : ''); + + if(! $mid) { + notice( t('Invalid message') . EOL); + return; + } + + $r = q("select * from dreport where dreport_xchan = '%s' and dreport_mid = '%s'", + dbesc($channel['channel_hash']), + dbesc($mid) + ); + + if(! $r) { + notice( t('no results') . EOL); + return; + } + + return print_r($r,true); + + +} \ No newline at end of file -- cgit v1.2.3 From 5068ce05693d3bb52e049156eb7900cbe55ff650 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 22 Sep 2015 02:33:24 -0700 Subject: dummy update --- boot.php | 2 +- install/update.php | 6 +++++- version.inc | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/boot.php b/boot.php index e00997cef..bde797347 100755 --- a/boot.php +++ b/boot.php @@ -49,7 +49,7 @@ define ( 'PLATFORM_NAME', 'redmatrix' ); define ( 'RED_VERSION', trim(file_get_contents('version.inc')) . 'R'); define ( 'ZOT_REVISION', 1 ); -define ( 'DB_UPDATE_VERSION', 1153 ); +define ( 'DB_UPDATE_VERSION', 1154 ); /** * @brief Constant with a HTML line break. diff --git a/install/update.php b/install/update.php index bcce4e5b7..c90d4abbb 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ Date: Tue, 22 Sep 2015 02:34:34 -0700 Subject: remove dummy update from merge --- install/update.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/install/update.php b/install/update.php index f4ef0d4c3..bef754570 100644 --- a/install/update.php +++ b/install/update.php @@ -1865,7 +1865,3 @@ function update_r1153() { } - -function update_r1153() { - return UPDATE_SUCCESS; -} -- cgit v1.2.3 From 2869ccfe39cbda4974a82c303eeeb4e38966b126 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 22 Sep 2015 04:04:51 -0700 Subject: delivery reports - crude but mostly functional at least for zot deliveries --- include/ItemObject.php | 2 ++ include/zot.php | 7 ++++--- mod/dreport.php | 13 ++++++++++++- view/tpl/conv_item.tpl | 5 +++++ 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/include/ItemObject.php b/include/ItemObject.php index d23c1c658..5296a1cf0 100644 --- a/include/ItemObject.php +++ b/include/ItemObject.php @@ -286,6 +286,7 @@ class Item extends BaseObject { 'body' => $body, 'text' => strip_tags($body), 'id' => $this->get_id(), + 'mid' => $item['mid'], 'isevent' => $isevent, 'attend' => $attend, 'consensus' => $consensus, @@ -301,6 +302,7 @@ class Item extends BaseObject { 'vwall' => t('via Wall-To-Wall:'), 'profile_url' => $profile_link, 'item_photo_menu' => item_photo_menu($item), + 'dreport' => t('Delivery Report'), 'name' => $profile_name, 'thumb' => $profile_avatar, 'osparkle' => $osparkle, diff --git a/include/zot.php b/include/zot.php index 942998b98..fb55da0fa 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1579,15 +1579,16 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ continue; } + $channel = $r[0]; + $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); + + if($d['hash'] === $sender['hash']) { $DR->update('self delivery ignored'); $result[] = $DR->get(); continue; } - $channel = $r[0]; - $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); - // allow public postings to the sys channel regardless of permissions, but not // for comments travelling upstream. Wait and catch them on the way down. diff --git a/mod/dreport.php b/mod/dreport.php index 7e245fbe0..3c74a9e33 100644 --- a/mod/dreport.php +++ b/mod/dreport.php @@ -26,7 +26,18 @@ function dreport_content(&$a) { return; } - return print_r($r,true); + + $o .= '

' . sprintf( t('Delivery report for %1$s'),substr($mid,0,32)) . '...' . '

'; + $o .= ''; + + foreach($r as $rr) { + $name = escape_tags(substr($rr['dreport_recip'],strpos($rr['dreport_recip'],' '))); + $o .= ''; + } + $o .= '
' . $name . '' . $rr['dreport_result'] . '' . $rr['dreport_time'] . '
'; + + return $o; + } \ No newline at end of file diff --git a/view/tpl/conv_item.tpl b/view/tpl/conv_item.tpl index 30a007bd6..dc8064f1a 100755 --- a/view/tpl/conv_item.tpl +++ b/view/tpl/conv_item.tpl @@ -123,6 +123,11 @@ {{if $item.item_photo_menu}} {{$item.item_photo_menu}} + + {{if $item.edpost}} +
  • {{$item.dreport}}
    • + {{/if}} + {{/if}} -- cgit v1.2.3 From 4b13f0e025b08263d7231845bc76034d9adc7847 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 22 Sep 2015 04:08:03 -0700 Subject: since this is now usable, protect the displayed delivery reports from XSS injection --- mod/dreport.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod/dreport.php b/mod/dreport.php index 3c74a9e33..a20e17372 100644 --- a/mod/dreport.php +++ b/mod/dreport.php @@ -32,7 +32,7 @@ function dreport_content(&$a) { foreach($r as $rr) { $name = escape_tags(substr($rr['dreport_recip'],strpos($rr['dreport_recip'],' '))); - $o .= '' . $name . '' . $rr['dreport_result'] . '' . $rr['dreport_time'] . ''; + $o .= '' . $name . '' . escape_tags($rr['dreport_result']) . '' . escape_tags($rr['dreport_time']) . ''; } $o .= ''; -- cgit v1.2.3