From 8ab3a4ebd7fd25fe4b01e92c8d2f4507b0c6ff3d Mon Sep 17 00:00:00 2001 From: git-marijus Date: Wed, 9 Aug 2017 20:39:59 +0200 Subject: App::get_channel() does not return the right channel if we are not looking at our own channel. fix issue #841 --- Zotlabs/Widget/Wiki_pages.php | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/Zotlabs/Widget/Wiki_pages.php b/Zotlabs/Widget/Wiki_pages.php index 53966b06f..7285e2b42 100644 --- a/Zotlabs/Widget/Wiki_pages.php +++ b/Zotlabs/Widget/Wiki_pages.php @@ -11,14 +11,8 @@ class Wiki_pages { return; if(! $arr['resource_id']) { - - $c = \App::get_channel(); - - if(! $c) - $c = channelx_by_nick(argv(1)); - + $c = channelx_by_nick(argv(1)); $w = \Zotlabs\Lib\NativeWiki::exists_by_name($c['channel_id'],argv(2)); - $arr = array( 'resource_id' => $w['resource_id'], 'channel_id' => $c['channel_id'], -- cgit v1.2.3 From 09da109ebaf1b5f287db7065eaee5026b0a88eb1 Mon Sep 17 00:00:00 2001 From: git-marijus Date: Wed, 9 Aug 2017 20:45:59 +0200 Subject: update changelog --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index 6d9fb5dd1..1318a5c11 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -63,6 +63,7 @@ Hubzilla 2.6 (2017-??-??) - Replace Mardownify library with html-to-markdown library Bugfixes + - Fix wrong wiki pages in the sidebar github issue #841 - Fix a bug where if multiple channels uploaded the same file to the same folder, the uploaded file would end up with an incremental number added to the filename for each upload even if the file did not exist yet in the channels folder - Fix privacy groups not syncing across clones properly (github issue #832) - Fix an issue where the ability to use a portion of the message-id to display a message wasn't honoured in all cases -- cgit v1.2.3 From 0a96cdd950f30974fe0fecf60b214701673dad86 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 10 Aug 2017 08:09:02 +0200 Subject: merge red/master into dev --- Zotlabs/Daemon/Notifier.php | 4 ++-- Zotlabs/Lib/PConfig.php | 9 +++++---- Zotlabs/Lib/ThreadItem.php | 1 - Zotlabs/Lib/ThreadStream.php | 1 + Zotlabs/Module/Ofeed.php | 2 +- doc/developer/zot_protocol.bb | 10 +++++----- include/conversation.php | 2 +- include/network.php | 9 +++++---- include/photo/photo_driver.php | 4 ++-- 9 files changed, 22 insertions(+), 20 deletions(-) diff --git a/Zotlabs/Daemon/Notifier.php b/Zotlabs/Daemon/Notifier.php index f64e6748c..6fae69fcd 100644 --- a/Zotlabs/Daemon/Notifier.php +++ b/Zotlabs/Daemon/Notifier.php @@ -532,14 +532,14 @@ class Notifier { if($hub['hubloc_network'] == 'zot') { if(! in_array($hub['hubloc_sitekey'],$keys)) { - $hublist[] = $hub['hubloc_host']; + $hublist[] = $hub['hubloc_host'] . ' ' . $hub['hubloc_network']; $dhubs[] = $hub; $keys[] = $hub['hubloc_sitekey']; } } else { if(! in_array($hub['hubloc_url'],$urls)) { - $hublist[] = $hub['hubloc_host']; + $hublist[] = $hub['hubloc_host'] . ' ' . $hub['hubloc_network']; $dhubs[] = $hub; $urls[] = $hub['hubloc_url']; } diff --git a/Zotlabs/Lib/PConfig.php b/Zotlabs/Lib/PConfig.php index 25478e764..2a0b18aac 100644 --- a/Zotlabs/Lib/PConfig.php +++ b/Zotlabs/Lib/PConfig.php @@ -20,11 +20,12 @@ class PConfig { if(is_null($uid) || $uid === false) return false; - if(! array_key_exists($uid, \App::$config)) - \App::$config[$uid] = array(); - if(! is_array(\App::$config)) { - btlogger('App::$config not an array: ' . $uid); + btlogger('App::$config not an array'); + } + + if(! array_key_exists($uid, \App::$config)) { + \App::$config[$uid] = array(); } if(! is_array(\App::$config[$uid])) { diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index 3e76890b6..4a66c84bc 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -713,7 +713,6 @@ class ThreadItem { call_hooks('comment_buttons',$arr); $comment_buttons = $arr['comment_buttons']; - $comment_box = replace_macros($template,array( '$return_path' => '', '$threaded' => $this->is_threaded(), diff --git a/Zotlabs/Lib/ThreadStream.php b/Zotlabs/Lib/ThreadStream.php index 1fd746c38..35ccf4fdb 100644 --- a/Zotlabs/Lib/ThreadStream.php +++ b/Zotlabs/Lib/ThreadStream.php @@ -18,6 +18,7 @@ class ThreadStream { private $observer = null; private $writable = false; private $commentable = false; + private $uploadable = false; private $profile_owner = 0; private $preview = false; private $prepared_item = ''; diff --git a/Zotlabs/Module/Ofeed.php b/Zotlabs/Module/Ofeed.php index 2b7acff99..58488d4af 100644 --- a/Zotlabs/Module/Ofeed.php +++ b/Zotlabs/Module/Ofeed.php @@ -18,7 +18,7 @@ class Ofeed extends \Zotlabs\Web\Controller { $params['pages'] = ((x($_REQUEST,'pages')) ? intval($_REQUEST['pages']) : 0); $params['top'] = ((x($_REQUEST,'top')) ? intval($_REQUEST['top']) : 0); $params['start'] = ((x($params,'start')) ? intval($params['start']) : 0); - $params['records'] = ((x($params,'records')) ? intval($params['records']) : 40); + $params['records'] = ((x($params,'records')) ? intval($params['records']) : 10); $params['direction'] = ((x($params,'direction')) ? dbesc($params['direction']) : 'desc'); $params['cat'] = ((x($_REQUEST,'cat')) ? escape_tags($_REQUEST['cat']) : ''); $params['compat'] = ((x($_REQUEST,'compat')) ? intval($_REQUEST['compat']) : 1); diff --git a/doc/developer/zot_protocol.bb b/doc/developer/zot_protocol.bb index b87e1cd73..0d2edfc2b 100644 --- a/doc/developer/zot_protocol.bb +++ b/doc/developer/zot_protocol.bb @@ -79,7 +79,7 @@ We may also attempt to recover with even less information, but doing so is prone In order to implement high performance communications, the data transfer format for all aspects of Zot is JSON. XML communications require way too much overhead. -Bi-directional encryption is based on RSA 4096-bit keys expressed in DER/ASN.1 format using the PKCS#8 encoding variant, with AES-256-CBC used for block encryption of variable length or large items. +Bi-directional encryption is based on RSA 4096-bit keys expressed in DER/ASN.1 format using the PKCS#8 encoding variant, with AES encryption of variable length or large items. The precise encryption algorithms are negotiable between sites. Some aspects of well known "federation protocols" (webfinger, salmon, activitystreams, portablecontacts, etc.) may be used in zot, but we are not tied to them and will not be bound by them. $Projectname project is attempting some rather novel developments in decentralised communications and if there is any need to diverge from such "standard protocols" we will do so without question or hesitation. @@ -391,7 +391,7 @@ When this packet is received, a Zot message is initiated to the auth identity: } [/code] -auth_check messages MUST be encrypted with AES256CBC. This message is sent to the origination site, which checks the 'secret' to see if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the destination channel's private key and base64url encoded. If everything checks out, a json packet is returned: +auth_check messages MUST be encrypted. This message is sent to the origination site, which checks the 'secret' to see if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the destination channel's private key and base64url encoded. If everything checks out, a json packet is returned: [code nowrap] { "success":1, @@ -404,11 +404,11 @@ auth_check messages MUST be encrypted with AES256CBC. This message is sent to th [h4]Zot Signatures[/h4] All signed data in Zot is accomplished by performing an RSA sign operation using the private key of the initiator. The binary result is then base64url encoded for transport. [h4]Zot Encryption[/h4] -Encryption is currently provided by AES256-CBC, the Advanced Encryption Standard using 256-bit keys and the Cipher Block Chaining mode of operation. Additional algorithms MAY be supported. A 32-octet key and 16-octet initialisation vector are randomly generated. The desired data is then encrypted using these generated strings and the result base64url encoded. Then we build an array: +Encryption is currently provided by AES256CTR. Additional algorithms MAY be supported. A 32-octet key and 16-octet initialisation vector are randomly generated. The desired data is then encrypted using these generated strings and the result base64url encoded. Then we build an array: [dl terms="b"] [*= data]The base64url encoded encrypted data -[*= alg]The chosen algorithm, in this case the string 'aes256cbc'. +[*= alg]The chosen algorithm, in this case the string 'aes256ctr'. [*= key]The randomly generated key, RSA encrypted using the recipients public key, and the result base64url encoded [*= iv]The randomly generated initialization vector, RSA encrypted using the recipient's public key, and the result base64url encoded [/dl] @@ -449,7 +449,7 @@ M23in0xqMVsyQvzjNkpImrO/QdbEFRIIMee83IHq+adbyjQR49Z2hNEIZhkLPc3U "callback":"\/post", "version":"1.2", "encryption":{ - "aes256cbc" + "aes256ctr" }, "secret":"1eaa6613699be6ebb2adcefa5379c61a3678aa0df89025470fac871431b70467", "secret_sig":"0uShifsvhHnxnPIlDM9lWuZ1hSJTrk3NN9Ds6AKpyNRqf3DUdz81-Xvs8I2kj6y5vfFtm-FPKAqu77XP05r74vGaWbqb1r8zpWC7zxXakVVOHHC4plG6rLINjQzvdSFKCQb5R_xtGsPPfvuE24bv4fvN4ZG2ILvb6X4Dly37WW_HXBqBnUs24mngoTxFaPgNmz1nDQNYQu91-ekX4-BNaovjDx4tP379qIG3-NygHTjFoOMDVUvs-pOPi1kfaoMjmYF2mdZAmVYS2nNLWxbeUymkHXF8lT_iVsJSzyaRFJS1Iqn7zbvwH1iUBjD_pB9EmtNmnUraKrCU9eHES27xTwD-yaaH_GHNc1XwXNbhWJaPFAm35U8ki1Le4WbUVRluFx0qwVqlEF3ieGO84PMidrp51FPm83B_oGt80xpvf6P8Ht5WvVpytjMU8UG7-js8hAzWQeYiK05YTXk-78xg0AO6NoNe_RSRk05zYpF6KlA2yQ_My79rZBv9GFt4kUfIxNjd9OiV1wXdidO7Iaq_Q" diff --git a/include/conversation.php b/include/conversation.php index 13ae571d6..f15077e76 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -538,7 +538,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa } elseif ($mode === 'photos') { - $profile_onwer = App::$profile['profile_uid']; + $profile_owner = App::$profile['profile_uid']; $page_writeable = ($profile_owner == local_channel()); $live_update_div = '
' . "\r\n"; // for photos we've already formatted the top-level item (the photo) diff --git a/include/network.php b/include/network.php index fa49e5765..cd6e980ff 100644 --- a/include/network.php +++ b/include/network.php @@ -671,11 +671,12 @@ function parse_xml_string($s,$strict = true) { libxml_use_internal_errors(true); $x = @simplexml_load_string($s2); - if(! $x) { + if($x === false) { logger('libxml: parse: error: ' . $s2, LOGGER_DATA); - foreach(libxml_get_errors() as $err) - logger('libxml: parse: ' . $err->code." at ".$err->line.":".$err->column." : ".$err->message, LOGGER_DATA); - + foreach(libxml_get_errors() as $err) { + logger('libxml: parse: ' . $err->code . ' at ' . $err->line + . ':' . $err->column . ' : ' . $err->message, LOGGER_DATA); + } libxml_clear_errors(); } diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index f47a9c878..94d0faa94 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -446,7 +446,7 @@ abstract class photo_driver { */ function guess_image_type($filename, $headers = '') { - logger('Photo: guess_image_type: '.$filename . ($headers?' from curl headers':''), LOGGER_DEBUG); +// logger('Photo: guess_image_type: '.$filename . ($headers?' from curl headers':''), LOGGER_DEBUG); $type = null; if ($headers) { @@ -513,7 +513,7 @@ function guess_image_type($filename, $headers = '') { } } - logger('Photo: guess_image_type: type = ' . $type, LOGGER_DEBUG); + logger('Photo: guess_image_type: filename = ' . $filename . ' type = ' . $type, LOGGER_DEBUG); return $type; } -- cgit v1.2.3 From 9411732c1b0a4aa07528763381313adc7a775da6 Mon Sep 17 00:00:00 2001 From: git-marijus Date: Thu, 10 Aug 2017 11:41:00 +0200 Subject: do not show channel manager and nav channel select if we are in a delegate session --- include/nav.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/include/nav.php b/include/nav.php index f53a3eed5..76a8f8fb9 100644 --- a/include/nav.php +++ b/include/nav.php @@ -34,9 +34,11 @@ EOT; intval($channel['channel_id']) ); - $chans = q("select channel_name, channel_id from channel where channel_account_id = %d and channel_removed = 0 order by channel_name ", - intval(get_account_id()) - ); + if(! $_SESSION['delegate']) { + $chans = q("select channel_name, channel_id from channel where channel_account_id = %d and channel_removed = 0 order by channel_name ", + intval(get_account_id()) + ); + } } elseif(remote_channel()) $observer = App::get_observer(); @@ -196,7 +198,9 @@ EOT; $nav['all_events']['all']=array('events', t('View events'), "", ""); $nav['all_events']['mark'] = array('', t('Mark all events seen'), '',''); - $nav['manage'] = array('manage', t('Channel Manager'), "", t('Manage Your Channels'),'manage_nav_btn'); + if(! $_SESSION['delegate']) { + $nav['manage'] = array('manage', t('Channel Manager'), "", t('Manage Your Channels'),'manage_nav_btn'); + } $nav['settings'] = array('settings', t('Settings'),"", t('Account/Channel Settings'),'settings_nav_btn'); -- cgit v1.2.3 From 5b88e9574f5db517dd5bb7b893f177446abbe95c Mon Sep 17 00:00:00 2001 From: git-marijus Date: Thu, 10 Aug 2017 11:59:12 +0200 Subject: update changelog --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index 1318a5c11..eeb02d483 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -63,6 +63,7 @@ Hubzilla 2.6 (2017-??-??) - Replace Mardownify library with html-to-markdown library Bugfixes + - Fix channel manager and nav channel select visible if in a delegate session - Fix wrong wiki pages in the sidebar github issue #841 - Fix a bug where if multiple channels uploaded the same file to the same folder, the uploaded file would end up with an incremental number added to the filename for each upload even if the file did not exist yet in the channels folder - Fix privacy groups not syncing across clones properly (github issue #832) -- cgit v1.2.3 From 0e3b5536e2a576c3959bf6644103c7a676684024 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 10 Aug 2017 21:58:44 +0200 Subject: create cdav principal also on client access and remove redundant pconfig check in authentication process --- Zotlabs/Module/Cdav.php | 9 +++++++++ Zotlabs/Storage/BasicAuth.php | 9 +++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index bc563ab43..d0619ef0b 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -85,6 +85,15 @@ class Cdav extends \Zotlabs\Web\Controller { if($channel['channel_timezone']) $auth->setTimezone($channel['channel_timezone']); $auth->observer = $channel['channel_hash']; + + $principalUri = 'principals/' . $channel['channel_address']; + if(!cdav_principal($principalUri)) { + $this->activate($pdo, $channel); + if(!cdav_principal($principalUri)) { + return; + } + } + } diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php index 0ff9fad13..ad2582bb2 100644 --- a/Zotlabs/Storage/BasicAuth.php +++ b/Zotlabs/Storage/BasicAuth.php @@ -188,13 +188,10 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { protected function check_module_access($channel_id) { if($channel_id && \App::$module === 'cdav') { - $x = get_pconfig($channel_id,'cdav','enabled'); - if(! $x) { - $this->module_disabled = true; - return false; - } + return true; } - return true; + $this->module_disabled = true; + return false; } /** -- cgit v1.2.3