From 4cab74c18cf237eae6c57baea2b1d4fd260fe590 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 3 Dec 2015 21:05:48 -0800 Subject: use the channel blacklist for items and mail, still todo: directory and stuff --- include/plugin.php | 9 +++++++++ include/zot.php | 16 ++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/include/plugin.php b/include/plugin.php index 1d4caac0f..1f4d60736 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -495,6 +495,15 @@ function format_css_if_exists($source) { return '' . "\r\n"; } +/* + * This basically calculates the baseurl. We have other functions to do that, but + * there was an issue with script paths and mixed-content whose details are arcane + * and perhaps lost in the message archives. The short answer is that we're ignoring + * the URL which we are "supposed" to use, and generating script paths relative to + * the URL which we are currently using; in order to ensure they are found and aren't + * blocked due to mixed content issues. + */ + function script_path() { if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS']) $scheme = 'https'; diff --git a/include/zot.php b/include/zot.php index 6764072aa..d41d5e828 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1611,6 +1611,14 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $channel = $r[0]; $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); + /* blacklisted channels get a permission denied, no special message to tip them off */ + + if(! check_channelallowed($sender['hash'])) { + $DR->update('permission denied'); + $result[] = $DR->get(); + continue; + } + /** * @FIXME: Somehow we need to block normal message delivery from our clones, as the delivered * message doesn't have ACL information in it as the cloned copy does. That copy @@ -2082,6 +2090,14 @@ function process_mail_delivery($sender, $arr, $deliveries) { $channel = $r[0]; $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); + /* blacklisted channels get a permission denied, no special message to tip them off */ + + if(! check_channelallowed($sender['hash'])) { + $DR->update('permission denied'); + $result[] = $DR->get(); + continue; + } + if(! perm_is_allowed($channel['channel_id'],$sender['hash'],'post_mail')) { logger("permission denied for mail delivery {$channel['channel_id']}"); $DR->update('permission denied'); -- cgit v1.2.3 From 36ef1d1bc63d6c2040947ee9c18ba16072ffb76e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 5 Dec 2015 13:24:58 -0800 Subject: move the instance stuff to abook where it belongs --- boot.php | 2 +- install/schema_mysql.sql | 1 + install/schema_postgres.sql | 1 + install/update.php | 9 ++++++++- 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/boot.php b/boot.php index 48d81ff59..d80d5fd07 100755 --- a/boot.php +++ b/boot.php @@ -51,7 +51,7 @@ define ( 'RED_VERSION', trim(file_get_contents('version.inc')) . 'H' define ( 'STD_VERSION', '1.0' ); define ( 'ZOT_REVISION', 1 ); -define ( 'DB_UPDATE_VERSION', 1160 ); +define ( 'DB_UPDATE_VERSION', 1161 ); /** diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql index 3dab6c822..9c24cbd94 100644 --- a/install/schema_mysql.sql +++ b/install/schema_mysql.sql @@ -23,6 +23,7 @@ CREATE TABLE IF NOT EXISTS `abook` ( `abook_profile` char(64) NOT NULL DEFAULT '', `abook_incl` TEXT NOT NULL DEFAULT '', `abook_excl` TEXT NOT NULL DEFAULT '', + `abook_instance` TEXT NOT NULL DEFAULT '', PRIMARY KEY (`abook_id`), KEY `abook_account` (`abook_account`), KEY `abook_channel` (`abook_channel`), diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql index 95ed9acb7..0214c0c2a 100644 --- a/install/schema_postgres.sql +++ b/install/schema_postgres.sql @@ -22,6 +22,7 @@ CREATE TABLE "abook" ( "abook_profile" char(64) NOT NULL DEFAULT '', "abook_incl" TEXT NOT NULL DEFAULT '', "abook_excl" TEXT NOT NULL DEFAULT '', + "abook_instance" TEXT NOT NULL DEFAULT '', PRIMARY KEY ("abook_id") ); create index "abook_account" on abook ("abook_account"); diff --git a/install/update.php b/install/update.php index 10ae6725e..37351656f 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ Date: Sat, 5 Dec 2015 13:56:32 -0800 Subject: change text "Red developers" in update failed email --- view/en/update_fail_eml.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/view/en/update_fail_eml.tpl b/view/en/update_fail_eml.tpl index 61f44b1e6..86bb61aaa 100644 --- a/view/en/update_fail_eml.tpl +++ b/view/en/update_fail_eml.tpl @@ -4,7 +4,7 @@ I'm the web server at {{$sitename}}; The Hubzilla developers released update {{$update}} recently, but when I tried to install it, something went terribly wrong. This needs to be fixed soon and it requires human intervention. -Please contact a Red developer if you can not figure out how to +Please contact a project developer if you can not figure out how to fix it on your own. My database might be invalid. The error message is '{{$error}}'. -- cgit v1.2.3 From 553b3a5c6c2ba6b93ad1193ec044ee92cf7690aa Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 6 Dec 2015 14:22:36 -0800 Subject: version --- version.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.inc b/version.inc index ca9a1ee72..8816dde5d 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2015-12-05.1237 +2015-12-06.1238 -- cgit v1.2.3 From 3f920da4137ecb91b3aeb2683f2e2b59b4d088cc Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 6 Dec 2015 14:25:47 -0800 Subject: update error --- install/update.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/update.php b/install/update.php index 37351656f..24f4f21d5 100644 --- a/install/update.php +++ b/install/update.php @@ -1951,7 +1951,7 @@ function update_r1159() { function update_r1160() { - $r1 = q("alter table abook add abook_instance text not null default '' "); + $r = q("alter table abook add abook_instance text not null default '' "); if($r) return UPDATE_SUCCESS; return UPDATE_FAILED; -- cgit v1.2.3