From 96f196febda488e1db2d9a677fd5eb736aa76ae6 Mon Sep 17 00:00:00 2001 From: Hubzilla Date: Thu, 19 Jan 2017 15:37:30 -0800 Subject: add gen_link_id() function to selectively encode/decode the message-id component of /display/ links for message-ids that contain troublesome characters --- Zotlabs/Module/Display.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Module/Display.php') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 42f6dd4ac..638aa881a 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -30,12 +30,10 @@ class Display extends \Zotlabs\Web\Controller { if(argc() > 1 && argv(1) !== 'load') $item_hash = argv(1); - if($_REQUEST['mid']) $item_hash = $_REQUEST['mid']; - - - if(! $item_hash) { + + if(! $item_hash) { \App::$error = 404; notice( t('Item not found.') . EOL); return; @@ -93,9 +91,15 @@ class Display extends \Zotlabs\Web\Controller { // find a copy of the item somewhere $target_item = null; - + + if(strpos($item_hash,'b64.') === 0) + $decoded = @base64url_decode(substr($item_hash,4)); + if($decoded) + $item_hash = $decoded; + $r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1", - dbesc($item_hash . '%') + dbesc($item_hash . '%'), + dbesc($decoded . '%') ); if($r) { -- cgit v1.2.3 From bbacfbdd6ac09786194502350deb50b0244166b2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 21 Feb 2017 15:24:39 -0800 Subject: display page not updating after comment --- Zotlabs/Module/Display.php | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) (limited to 'Zotlabs/Module/Display.php') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 638aa881a..a4d59a1b6 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -1,12 +1,17 @@ 1 && argv(1) !== 'load') $item_hash = argv(1); @@ -40,6 +37,7 @@ class Display extends \Zotlabs\Web\Controller { } $observer_is_owner = false; + $updateable = false; if(local_channel() && (! $update)) { @@ -184,10 +182,9 @@ class Display extends \Zotlabs\Web\Controller { $item_normal = item_normal(); $sql_extra = public_permissions_sql($observer_hash); - + if(($update && $load) || ($checkjs->disabled())) { - $updateable = false; $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']),intval(\App::$pager['start'])); @@ -197,9 +194,9 @@ class Display extends \Zotlabs\Web\Controller { require_once('include/channel.php'); $sys = get_sys_channel(); $sysid = $sys['channel_id']; - + if(local_channel()) { - $r = q("SELECT * from item + $r = q("SELECT item.id as item_id from item WHERE uid = %d and mid = '%s' $item_normal @@ -213,6 +210,7 @@ class Display extends \Zotlabs\Web\Controller { } } + if($r === null) { // in case somebody turned off public access to sys channel content using permissions @@ -222,7 +220,7 @@ class Display extends \Zotlabs\Web\Controller { $sysid = 0; - $r = q("SELECT * from item + $r = q("SELECT item.id as item_id from item WHERE mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) @@ -245,11 +243,11 @@ class Display extends \Zotlabs\Web\Controller { require_once('include/channel.php'); $sys = get_sys_channel(); $sysid = $sys['channel_id']; - + if(local_channel()) { - $r = q("SELECT * from item + $r = q("SELECT item.parent AS item_id from item WHERE uid = %d - and mid = '%s' + and parent_mid = '%s' $item_normal $simple_update limit 1", @@ -260,14 +258,15 @@ class Display extends \Zotlabs\Web\Controller { $updateable = true; } } + if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner_xchan can't match if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) $sysid = 0; - $r = q("SELECT * from item - WHERE mid = '%s' + $r = q("SELECT item.parent AS item_id from item + WHERE parent_mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) @@ -289,7 +288,7 @@ class Display extends \Zotlabs\Web\Controller { if($r) { - $parents_str = ids_to_querystr($r,'id'); + $parents_str = ids_to_querystr($r,'item_id'); if($parents_str) { $items = q("SELECT item.*, item.id AS item_id @@ -319,10 +318,10 @@ class Display extends \Zotlabs\Web\Controller { if($updateable) { $x = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 AND uid = %d and parent = %d ", intval(local_channel()), - intval($r[0]['parent']) + intval($r[0]['item_id']) ); } - + $o .= '
'; return $o; -- cgit v1.2.3