From 7d0c1bb737f3683cd770ebd757d938f39a9b55ef Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 18 Feb 2018 20:24:41 -0500 Subject: Created test vehicle module oauth2test --- Zotlabs/Module/Oauth2test.php | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 Zotlabs/Module/Oauth2test.php (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Oauth2test.php b/Zotlabs/Module/Oauth2test.php new file mode 100644 index 000000000..14aa6137a --- /dev/null +++ b/Zotlabs/Module/Oauth2test.php @@ -0,0 +1,43 @@ + z_root(), + '$endpoints' => array( + array( + 'oauth2test', + array( + array( + 'action', 'create_db' + ) + ), + 'oauth2test_create_db', + 'Create the OAuth2 database tables' + ) + ) + )); + + return $o; + } + + function post() { + + logger(json_encode($_POST), LOGGER_DEBUG); + + switch ($_POST['action']) { + case 'create_db': + logger('Creating database tables...', LOGGER_DEBUG); + break; + + default: + break; + } + + } + +} -- cgit v1.2.3 From 89a825cd038df7da609d64ef0254ba58caaede31 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Tue, 20 Feb 2018 21:11:38 -0500 Subject: OAuth2TestVehicle module can create and delete oauth2 database tables. --- Zotlabs/Module/Oauth2test.php | 43 -------------- Zotlabs/Module/Oauth2testvehicle.php | 107 +++++++++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+), 43 deletions(-) delete mode 100644 Zotlabs/Module/Oauth2test.php create mode 100644 Zotlabs/Module/Oauth2testvehicle.php (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Oauth2test.php b/Zotlabs/Module/Oauth2test.php deleted file mode 100644 index 14aa6137a..000000000 --- a/Zotlabs/Module/Oauth2test.php +++ /dev/null @@ -1,43 +0,0 @@ - z_root(), - '$endpoints' => array( - array( - 'oauth2test', - array( - array( - 'action', 'create_db' - ) - ), - 'oauth2test_create_db', - 'Create the OAuth2 database tables' - ) - ) - )); - - return $o; - } - - function post() { - - logger(json_encode($_POST), LOGGER_DEBUG); - - switch ($_POST['action']) { - case 'create_db': - logger('Creating database tables...', LOGGER_DEBUG); - break; - - default: - break; - } - - } - -} diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php new file mode 100644 index 000000000..2a2590928 --- /dev/null +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -0,0 +1,107 @@ + z_root(), + /* + endpoints => array( + array( + 'path_to_endpoint', + array( + array('field_name_1', 'value'), + array('field_name_2', 'value'), + ... + ), + 'submit_button_name', + 'Description of API action' + ) + ) + */ + '$endpoints' => array( + array( + 'oauth2testvehicle', + array( + array( + 'action', 'create_db' + ) + ), + 'oauth2test_create_db', + 'Create the OAuth2 database tables' + ), + array( + 'oauth2testvehicle', + array( + array( + 'action', 'delete_db' + ) + ), + 'oauth2test_delete_db', + 'Delete the OAuth2 database tables' + ) + ) + )); + + return $o; + } + + function post() { + + logger(json_encode($_POST), LOGGER_DEBUG); + + switch ($_POST['action']) { + + case 'delete_db': + $status = true; + // Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables + // by passing it the database connection + $pdo = \DBA::$dba->db; + $storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo); + logger('Deleting existing database tables...', LOGGER_DEBUG); + foreach ($storage->getConfig() as $key => $table) { + logger('Deleting table ' . dbesc($table), LOGGER_DEBUG); + $r = q("DROP TABLE IF EXISTS %s;", dbesc($table)); + if (!$r) { + logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG); + $status = false; + } + } + if (!$status) { + notice('Errors encountered deleting database tables.' . EOL); + } else { + info('Database tables deleted successfully.' . EOL); + } + + break; + + case 'create_db': + $status = true; + logger('Creating database tables...', LOGGER_DEBUG); + @include('.htconfig.php'); + $pdo = \DBA::$dba->db; + $storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo); + foreach (explode(';', $storage->getBuildSql($db_data)) as $statement) { + try { + $result = $pdo->exec($statement); + } catch (\PDOException $e) { + $status = false; + logger('Error executing database statement: ' . $statement, LOGGER_DEBUG); + } + } + + if (!$status) { + notice('Errors encountered creating database tables.' . EOL); + } else { + info('Database tables created successfully.' . EOL); + } + + default: + break; + } + } + +} -- cgit v1.2.3 From 43fca182e3915734587abf389d819546ebade3a4 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Thu, 22 Feb 2018 15:10:05 -0500 Subject: The authorization step with client registration and authorization code retrieval working. Might not conform perfectly to OAuth2 spec, but it is a start. --- Zotlabs/Module/Authorize.php | 79 +++++++++++++++++++++++++++--------- Zotlabs/Module/Oauth2testvehicle.php | 56 ++++++++++++++++++------- 2 files changed, 100 insertions(+), 35 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index 254700b4e..f98453fb5 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -4,15 +4,14 @@ namespace Zotlabs\Module; use Zotlabs\Identity\OAuth2Storage; - class Authorize extends \Zotlabs\Web\Controller { function init() { // workaround for HTTP-auth in CGI mode if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; - if(strlen($userpass)) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); + if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; @@ -20,43 +19,83 @@ class Authorize extends \Zotlabs\Web\Controller { } if (x($_SERVER, 'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; - if(strlen($userpass)) { + $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)); + if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; } } + } + + function get() { + if (!local_channel()) { + return login(); + } else { + // display an authorization form + $app = array('name' => 'Test App', 'icon' => '/images/icons/plugin.png'); + $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( + '$title' => '', + '$authorize' => 'Do you authorize the app "' . $app['name'] . '" to access your channel data?', + '$app' => $app, + '$yes' => t('Allow'), + '$no' => t('Deny'), + '$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''), + '$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''), + '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : '') + )); + return $o; + } + } + + function post() { + if (!local_channel()) { + return $this->get(); + } + + $storage = new OAuth2Storage(\DBA::$dba->db); + $s = new \Zotlabs\Identity\OAuth2Server($storage); + + + // If no client_id was provided, generate a new one. + if (x($_POST, 'client_id')) { + $client_id = $_POST['client_id']; + logger('client_id was provided: ' . $client_id); + } else { + $client_id = $_POST['client_id'] = random_string(16); + logger('client_id was not provided. Generated new id: ' . $client_id); + } + // If no redirect_uri was provided, generate a fake one. + if (x($_POST, 'redirect_uri')) { + $redirect_uri = $_POST['redirect_uri']; + } else { + $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com'; + } - $s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db)); + logger('redirect_uri is : ' . $redirect_uri); + // If the client is not registered, add to the database + if (!$storage->getClientDetails($client_id)) { + $client_secret = random_string(16); + $storage->setClientDetails($client_id, $client_secret, $redirect_uri); + } $request = \OAuth2\Request::createFromGlobals(); + logger(json_encode($request, JSON_PRETTY_PRINT), LOGGER_DEBUG); $response = new \OAuth2\Response(); // validate the authorize request - if (! $s->validateAuthorizeRequest($request, $response)) { + if (!$s->validateAuthorizeRequest($request, $response)) { $response->send(); killme(); } - // display an authorization form - if (empty($_POST)) { - - return ' -
-
- - -
'; - } - // print the authorization code if the user has authorized your client - $is_authorized = ($_POST['authorized'] === 'yes'); + $is_authorized = ($_POST['authorize'] === 'allow'); $s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel()); if ($is_authorized) { // this is only here so that you get to see your code in the cURL request. Otherwise, // we'd redirect back to the client - $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40); + $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40); echo("SUCCESS! Authorization Code: $code"); } diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 2a2590928..6e9f31c47 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -4,23 +4,34 @@ namespace Zotlabs\Module; class OAuth2TestVehicle extends \Zotlabs\Web\Controller { + function init() { + + // If there is a 'code' and 'state' parameter then this is a client app + // callback issued after the authorization code request + if ($_REQUEST['code'] && $_REQUEST['state']) { + logger('Authorization callback invoked.', LOGGER_DEBUG); + logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG); + info('Authorization callback invoked.' . EOL); + return $this->get(); + } + } function get() { $o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array( '$baseurl' => z_root(), /* - endpoints => array( + endpoints => array( + array( + 'path_to_endpoint', array( - 'path_to_endpoint', - array( - array('field_name_1', 'value'), - array('field_name_2', 'value'), - ... - ), - 'submit_button_name', - 'Description of API action' + array('field_name_1', 'value'), + array('field_name_2', 'value'), + ... + ), + 'submit_button_name', + 'Description of API action' + ) ) - ) */ '$endpoints' => array( array( @@ -31,7 +42,8 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { ) ), 'oauth2test_create_db', - 'Create the OAuth2 database tables' + 'Create the OAuth2 database tables', + 'POST' ), array( 'oauth2testvehicle', @@ -41,7 +53,20 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { ) ), 'oauth2test_delete_db', - 'Delete the OAuth2 database tables' + 'Delete the OAuth2 database tables', + 'POST' + ), + array( + 'authorize', + array( + array('response_type', 'code'), + array('client_id', urlencode('test_app_client_id')), + array('redirect_uri', urlencode('http://hub.localhost/oauth2testvehicle')), + array('state', 'xyz') + ), + 'oauth_authorize', + 'Authorize a test client app', + 'GET' ) ) )); @@ -53,8 +78,9 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { logger(json_encode($_POST), LOGGER_DEBUG); + switch ($_POST['action']) { - + case 'delete_db': $status = true; // Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables @@ -64,7 +90,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { logger('Deleting existing database tables...', LOGGER_DEBUG); foreach ($storage->getConfig() as $key => $table) { logger('Deleting table ' . dbesc($table), LOGGER_DEBUG); - $r = q("DROP TABLE IF EXISTS %s;", dbesc($table)); + $r = q("DROP TABLE %s;", dbesc($table)); if (!$r) { logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG); $status = false; @@ -77,7 +103,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { } break; - + case 'create_db': $status = true; logger('Creating database tables...', LOGGER_DEBUG); -- cgit v1.2.3 From 64ee42fc3d00765bc5c60e451b86230ea38ffdfb Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sat, 24 Feb 2018 06:48:30 -0500 Subject: Add channel ID to user_id in clients table. Added TODO comments about dynamic client registration protocol. --- Zotlabs/Module/Authorize.php | 27 +++++++++++++++++---------- Zotlabs/Module/Oauth2testvehicle.php | 11 +++++++++-- 2 files changed, 26 insertions(+), 12 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index f98453fb5..2c0c9248f 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -32,17 +32,23 @@ class Authorize extends \Zotlabs\Web\Controller { if (!local_channel()) { return login(); } else { - // display an authorization form - $app = array('name' => 'Test App', 'icon' => '/images/icons/plugin.png'); + // TODO: Fully implement the dynamic client registration protocol: + // OpenID Connect Dynamic Client Registration 1.0 Client Metadata + // http://openid.net/specs/openid-connect-registration-1_0.html + $app = array( + 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : 'Unknown App'), + 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : '/images/icons/plugin.png'), + 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''), + ); $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( '$title' => '', - '$authorize' => 'Do you authorize the app "' . $app['name'] . '" to access your channel data?', + '$authorize' => 'Do you authorize the app ' . $app['name'] . ' to access your channel data?', '$app' => $app, '$yes' => t('Allow'), '$no' => t('Deny'), '$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''), '$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''), - '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : '') + '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''), )); return $o; } @@ -56,14 +62,15 @@ class Authorize extends \Zotlabs\Web\Controller { $storage = new OAuth2Storage(\DBA::$dba->db); $s = new \Zotlabs\Identity\OAuth2Server($storage); - + // TODO: The automatic client registration protocol below should adhere more + // closely to "OAuth 2.0 Dynamic Client Registration Protocol" defined + // at https://tools.ietf.org/html/rfc7591 + // If no client_id was provided, generate a new one. if (x($_POST, 'client_id')) { $client_id = $_POST['client_id']; - logger('client_id was provided: ' . $client_id); } else { $client_id = $_POST['client_id'] = random_string(16); - logger('client_id was not provided. Generated new id: ' . $client_id); } // If no redirect_uri was provided, generate a fake one. if (x($_POST, 'redirect_uri')) { @@ -72,15 +79,15 @@ class Authorize extends \Zotlabs\Web\Controller { $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com'; } - logger('redirect_uri is : ' . $redirect_uri); // If the client is not registered, add to the database if (!$storage->getClientDetails($client_id)) { $client_secret = random_string(16); - $storage->setClientDetails($client_id, $client_secret, $redirect_uri); + // Client apps are registered per channel + $user_id = local_channel(); + $storage->setClientDetails($client_id, $client_secret, $redirect_uri, null, null, $user_id); } $request = \OAuth2\Request::createFromGlobals(); - logger(json_encode($request, JSON_PRETTY_PRINT), LOGGER_DEBUG); $response = new \OAuth2\Response(); // validate the authorize request diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 6e9f31c47..79958f025 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -8,6 +8,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { // If there is a 'code' and 'state' parameter then this is a client app // callback issued after the authorization code request + // TODO: Check state value and compare to original sent value if ($_REQUEST['code'] && $_REQUEST['state']) { logger('Authorization callback invoked.', LOGGER_DEBUG); logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG); @@ -61,8 +62,14 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { array( array('response_type', 'code'), array('client_id', urlencode('test_app_client_id')), - array('redirect_uri', urlencode('http://hub.localhost/oauth2testvehicle')), - array('state', 'xyz') + array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'), + array('state', 'xyz'), + // OpenID Connect Dynamic Client Registration 1.0 Client Metadata + // http://openid.net/specs/openid-connect-registration-1_0.html + array('client_name', urlencode('Killer App')), + array('logo_uri', urlencode('https://client.example.com/website/img/icon.png')), + array('client_uri', urlencode('https://client.example.com/website')), + array('application_type', 'web'), // would be 'native' for mobile app ), 'oauth_authorize', 'Authorize a test client app', -- cgit v1.2.3 From 70b8f3240f9bc38a41e314f613f6c1bd69f5b430 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 25 Feb 2018 08:36:40 -0500 Subject: An authorization token is received, but I had to modify the Request class in vendor/bshaffer/oauth2-server-php/ to accept $_REQUEST instead of $_POST. --- Zotlabs/Module/Authorize.php | 9 ++--- Zotlabs/Module/Oauth2testvehicle.php | 66 ++++++++++++++++++++++++++++++------ Zotlabs/Module/Token.php | 3 +- 3 files changed, 63 insertions(+), 15 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index 2c0c9248f..f505b4681 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -79,17 +79,18 @@ class Authorize extends \Zotlabs\Web\Controller { $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com'; } + $request = \OAuth2\Request::createFromGlobals(); + $response = new \OAuth2\Response(); + // If the client is not registered, add to the database if (!$storage->getClientDetails($client_id)) { $client_secret = random_string(16); // Client apps are registered per channel $user_id = local_channel(); - $storage->setClientDetails($client_id, $client_secret, $redirect_uri, null, null, $user_id); + $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', null, $user_id); + $response->setParameter('client_secret', $client_secret); } - $request = \OAuth2\Request::createFromGlobals(); - $response = new \OAuth2\Response(); - // validate the authorize request if (!$s->validateAuthorizeRequest($request, $response)) { $response->send(); diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 79958f025..37a0b9b0e 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -9,6 +9,11 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { // If there is a 'code' and 'state' parameter then this is a client app // callback issued after the authorization code request // TODO: Check state value and compare to original sent value + // "You should first compare this state value to ensure it matches the + // one you started with. You can typically store the state value in a + // cookie, and compare it when the user comes back. This ensures your + // redirection endpoint isn't able to be tricked into attempting to + // exchange arbitrary authorization codes." if ($_REQUEST['code'] && $_REQUEST['state']) { logger('Authorization callback invoked.', LOGGER_DEBUG); logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG); @@ -39,29 +44,29 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { 'oauth2testvehicle', array( array( - 'action', 'create_db' + 'action', 'delete_db' ) ), - 'oauth2test_create_db', - 'Create the OAuth2 database tables', + 'oauth2test_delete_db', + 'Delete the OAuth2 database tables', 'POST' ), array( 'oauth2testvehicle', array( array( - 'action', 'delete_db' + 'action', 'create_db' ) ), - 'oauth2test_delete_db', - 'Delete the OAuth2 database tables', + 'oauth2test_create_db', + 'Create the OAuth2 database tables', 'POST' ), array( 'authorize', array( array('response_type', 'code'), - array('client_id', urlencode('test_app_client_id')), + array('client_id', urlencode('killer_app')), array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'), array('state', 'xyz'), // OpenID Connect Dynamic Client Registration 1.0 Client Metadata @@ -74,6 +79,27 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { 'oauth_authorize', 'Authorize a test client app', 'GET' + ), + /* + * POST https://api.authorization-server.com/token + grant_type=authorization_code& + code=AUTH_CODE_HERE& + redirect_uri=REDIRECT_URI& + client_id=CLIENT_ID + */ + array( + 'oauth2testvehicle', + array( + array('action', 'request_token'), + array('grant_type', 'authorization_code'), + array('code', (x($_REQUEST, 'code') ? $_REQUEST['code'] : 'no_authorization_code')), + array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'), + array('client_id', urlencode('killer_app')), + array('client_secret', (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : 'no_client_secret')), + ), + 'oauth_token_request', + 'Request a token', + 'POST' ) ) )); @@ -83,11 +109,31 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { function post() { - logger(json_encode($_POST), LOGGER_DEBUG); - + //logger(json_encode($_POST, JSON_PRETTY_PRINT), LOGGER_DEBUG); switch ($_POST['action']) { - + case 'request_token': + $grant_type = (x($_POST, 'grant_type') ? $_POST['grant_type'] : ''); + $redirect_uri = (x($_POST, 'redirect_uri') ? $_POST['redirect_uri'] : ''); + $client_id = (x($_POST, 'client_id') ? $_POST['client_id'] : ''); + $code = (x($_POST, 'code') ? $_POST['code'] : ''); + $client_secret = (x($_POST, 'client_secret') ? $_POST['client_secret'] : ''); + $url = z_root() . '/token/?'; + $url .= 'grant_type=' . urlencode($grant_type); + $url .= '&redirect_uri=' . urlencode($redirect_uri); + $url .= '&client_id=' . urlencode($client_id); + $url .= '&code=' . urlencode($code); + $post = z_fetch_url($url, false, 0, array( + 'custom' => 'POST', + 'http_auth' => $client_id . ':' . $client_secret, + )); + //logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG); + $response = json_decode($post['body'], true); + logger(json_encode($response, JSON_PRETTY_PRINT), LOGGER_DEBUG); + if($response['access_token']) { + info('Access token received: ' . $response['access_token'] . EOL); + } + break; case 'delete_db': $status = true; // Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables diff --git a/Zotlabs/Module/Token.php b/Zotlabs/Module/Token.php index f7c074233..32cf95c61 100644 --- a/Zotlabs/Module/Token.php +++ b/Zotlabs/Module/Token.php @@ -29,7 +29,8 @@ class Token extends \Zotlabs\Web\Controller { } $s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db)); - $s->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send(); + $request = \OAuth2\Request::createFromGlobals(); + $s->handleTokenRequest($request)->send(); killme(); } -- cgit v1.2.3 From 45e0fc6802b360710becf7ddaf6aed6a9de1d876 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Mon, 26 Feb 2018 18:16:43 -0500 Subject: Successful OAuth2 sequence demonstrated with the test vehicle, including an authenticated API call using an access_token. --- Zotlabs/Module/Authorize.php | 36 ++++-------- Zotlabs/Module/Oauth2testvehicle.php | 106 ++++++++++++++++++++++------------- 2 files changed, 77 insertions(+), 65 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index f505b4681..c76dfb9df 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -6,28 +6,6 @@ use Zotlabs\Identity\OAuth2Storage; class Authorize extends \Zotlabs\Web\Controller { - function init() { - - // workaround for HTTP-auth in CGI mode - if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); - if (strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } - } - - if (x($_SERVER, 'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)); - if (strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } - } - } - function get() { if (!local_channel()) { return login(); @@ -37,7 +15,7 @@ class Authorize extends \Zotlabs\Web\Controller { // http://openid.net/specs/openid-connect-registration-1_0.html $app = array( 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : 'Unknown App'), - 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : '/images/icons/plugin.png'), + 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'), 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''), ); $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( @@ -76,20 +54,26 @@ class Authorize extends \Zotlabs\Web\Controller { if (x($_POST, 'redirect_uri')) { $redirect_uri = $_POST['redirect_uri']; } else { - $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com'; + $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com/oauth'; } $request = \OAuth2\Request::createFromGlobals(); $response = new \OAuth2\Response(); // If the client is not registered, add to the database - if (!$storage->getClientDetails($client_id)) { + if (!$client = $storage->getClientDetails($client_id)) { $client_secret = random_string(16); // Client apps are registered per channel $user_id = local_channel(); $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', null, $user_id); - $response->setParameter('client_secret', $client_secret); + + } + if (!$client = $storage->getClientDetails($client_id)) { + // There was an error registering the client. + $response->send(); + killme(); } + $response->setParameter('client_secret', $client['client_secret']); // validate the authorize request if (!$s->validateAuthorizeRequest($request, $response)) { diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 37a0b9b0e..29c6ec50e 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -2,6 +2,12 @@ namespace Zotlabs\Module; +/** + * The OAuth2TestVehicle class is a way to test the registration of an OAuth2 + * client app. It allows you to walk through the steps of registering a client, + * requesting an authorization code for that client, and then requesting an + * access token for use in authentication against the Hubzilla API endpoints. + */ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { function init() { @@ -14,17 +20,19 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { // cookie, and compare it when the user comes back. This ensures your // redirection endpoint isn't able to be tricked into attempting to // exchange arbitrary authorization codes." - if ($_REQUEST['code'] && $_REQUEST['state']) { - logger('Authorization callback invoked.', LOGGER_DEBUG); - logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG); - info('Authorization callback invoked.' . EOL); - return $this->get(); - } + $_SESSION['redirect_uri'] = 'http://hub.localhost/oauth2testvehicle'; + $_SESSION['authorization_code'] = (x($_REQUEST, 'code') ? $_REQUEST['code'] : $_SESSION['authorization_code']); + $_SESSION['state'] = (x($_REQUEST, 'state') ? $_REQUEST['state'] : $_SESSION['state'] ); + $_SESSION['client_id'] = (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : $_SESSION['client_id'] ); + $_SESSION['client_secret'] = (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : $_SESSION['client_secret']); + $_SESSION['access_token'] = (x($_REQUEST, 'access_token') ? $_REQUEST['access_token'] : $_SESSION['access_token'] ); + $_SESSION['api_response'] = (x($_SESSION, 'api_response') ? $_SESSION['api_response'] : ''); } function get() { - + $o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array( '$baseurl' => z_root(), + '$api_response' => $_SESSION['api_response'], /* endpoints => array( array( @@ -49,7 +57,8 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { ), 'oauth2test_delete_db', 'Delete the OAuth2 database tables', - 'POST' + 'POST', + ($_SESSION['success'] === 'delete_db'), ), array( 'oauth2testvehicle', @@ -60,58 +69,76 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { ), 'oauth2test_create_db', 'Create the OAuth2 database tables', - 'POST' + 'POST', + ($_SESSION['success'] === 'create_db'), ), array( 'authorize', array( array('response_type', 'code'), - array('client_id', urlencode('killer_app')), - array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'), + array('client_id', (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : 'oauth2_test_app')), + array('redirect_uri', $_SESSION['redirect_uri']), array('state', 'xyz'), // OpenID Connect Dynamic Client Registration 1.0 Client Metadata // http://openid.net/specs/openid-connect-registration-1_0.html - array('client_name', urlencode('Killer App')), - array('logo_uri', urlencode('https://client.example.com/website/img/icon.png')), + array('client_name', 'OAuth2 Test App'), + array('logo_uri', urlencode(z_root() . '/images/icons/plugin.png')), array('client_uri', urlencode('https://client.example.com/website')), array('application_type', 'web'), // would be 'native' for mobile app ), 'oauth_authorize', 'Authorize a test client app', - 'GET' + 'GET', + (($_REQUEST['code'] && $_REQUEST['state']) ? true : false), ), - /* - * POST https://api.authorization-server.com/token - grant_type=authorization_code& - code=AUTH_CODE_HERE& - redirect_uri=REDIRECT_URI& - client_id=CLIENT_ID - */ array( 'oauth2testvehicle', array( array('action', 'request_token'), array('grant_type', 'authorization_code'), - array('code', (x($_REQUEST, 'code') ? $_REQUEST['code'] : 'no_authorization_code')), - array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'), - array('client_id', urlencode('killer_app')), - array('client_secret', (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : 'no_client_secret')), + array('code', $_SESSION['authorization_code']), + array('redirect_uri', $_SESSION['redirect_uri']), + array('client_id', ($_SESSION['client_id'] ? $_SESSION['client_id'] : 'oauth2_test_app')), + array('client_secret', $_SESSION['client_secret']), ), 'oauth_token_request', 'Request a token', - 'POST' + 'POST', + ($_SESSION['success'] === 'request_token'), + ), + array( + 'oauth2testvehicle', + array( + array('action', 'api_files'), + array('access_token', $_SESSION['access_token']), + ), + 'oauth_api_files', + 'API: Get channel files', + 'POST', + ($_SESSION['success'] === 'api_files'), ) ) )); - + $_SESSION['success'] = ''; return $o; } function post() { - //logger(json_encode($_POST, JSON_PRETTY_PRINT), LOGGER_DEBUG); - switch ($_POST['action']) { + case 'api_files': + $access_token = $_SESSION['access_token']; + $url = z_root() . '/api/z/1.0/files/'; + $headers = []; + $headers[] = 'Authorization: Bearer ' . $access_token; + $post = z_fetch_url($url, false, 0, array( + 'custom' => 'GET', + 'headers' => $headers, + )); + logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG); + $response = json_decode($post['body'], true); + $_SESSION['api_response'] = json_encode($response, JSON_PRETTY_PRINT); + break; case 'request_token': $grant_type = (x($_POST, 'grant_type') ? $_POST['grant_type'] : ''); $redirect_uri = (x($_POST, 'redirect_uri') ? $_POST['redirect_uri'] : ''); @@ -119,19 +146,21 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { $code = (x($_POST, 'code') ? $_POST['code'] : ''); $client_secret = (x($_POST, 'client_secret') ? $_POST['client_secret'] : ''); $url = z_root() . '/token/?'; - $url .= 'grant_type=' . urlencode($grant_type); + $url .= 'grant_type=' . $grant_type; $url .= '&redirect_uri=' . urlencode($redirect_uri); - $url .= '&client_id=' . urlencode($client_id); - $url .= '&code=' . urlencode($code); + $url .= '&client_id=' . $client_id; + $url .= '&code=' . $code; $post = z_fetch_url($url, false, 0, array( 'custom' => 'POST', 'http_auth' => $client_id . ':' . $client_secret, )); - //logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG); + logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG); $response = json_decode($post['body'], true); logger(json_encode($response, JSON_PRETTY_PRINT), LOGGER_DEBUG); if($response['access_token']) { info('Access token received: ' . $response['access_token'] . EOL); + $_SESSION['success'] = 'request_token'; + $_SESSION['access_token'] = $response['access_token']; } break; case 'delete_db': @@ -140,26 +169,23 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { // by passing it the database connection $pdo = \DBA::$dba->db; $storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo); - logger('Deleting existing database tables...', LOGGER_DEBUG); foreach ($storage->getConfig() as $key => $table) { - logger('Deleting table ' . dbesc($table), LOGGER_DEBUG); $r = q("DROP TABLE %s;", dbesc($table)); if (!$r) { - logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG); $status = false; } } if (!$status) { notice('Errors encountered deleting database tables.' . EOL); + $_SESSION['success'] = ''; } else { info('Database tables deleted successfully.' . EOL); + $_SESSION['success'] = 'delete_db'; } - break; case 'create_db': $status = true; - logger('Creating database tables...', LOGGER_DEBUG); @include('.htconfig.php'); $pdo = \DBA::$dba->db; $storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo); @@ -168,15 +194,17 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { $result = $pdo->exec($statement); } catch (\PDOException $e) { $status = false; - logger('Error executing database statement: ' . $statement, LOGGER_DEBUG); } } if (!$status) { notice('Errors encountered creating database tables.' . EOL); + $_SESSION['success'] = ''; } else { info('Database tables created successfully.' . EOL); + $_SESSION['success'] = 'create_db'; } + break; default: break; -- cgit v1.2.3 From 1620691cbe076b463e0c86542be8fa5be967ddfe Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 1 Mar 2018 16:38:14 -0800 Subject: add federation property to webfinger --- Zotlabs/Module/Wfinger.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 753721d27..81d4beaed 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -123,7 +123,8 @@ class Wfinger extends \Zotlabs\Web\Controller { $result['properties'] = [ 'http://webfinger.net/ns/name' => $r[0]['channel_name'], 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], - 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'] + 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'], + 'http://purl.org/zot/federation' => 'zot' ]; foreach($aliases as $alias) -- cgit v1.2.3 From dcfe9bc64f822af02021767bf8c70fbe9d847bda Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 2 Mar 2018 01:01:30 -0800 Subject: background work for caldav integration continued, modify mod_follow to allow it to be called from ajax without redirecting. --- Zotlabs/Module/Follow.php | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php index d8a86d0ce..04ac746cb 100644 --- a/Zotlabs/Module/Follow.php +++ b/Zotlabs/Module/Follow.php @@ -17,15 +17,20 @@ class Follow extends \Zotlabs\Web\Controller { $url = notags(trim($_REQUEST['url'])); $return_url = $_SESSION['return_url']; $confirm = intval($_REQUEST['confirm']); - + $interactive = (($_REQUEST['interactive']) ? intval($_REQUEST['interactive']) : 1); $channel = \App::get_channel(); - $result = new_contact($uid,$url,$channel,true,$confirm); + $result = new_contact($uid,$url,$channel,$interactive,$confirm); if($result['success'] == false) { if($result['message']) notice($result['message']); - goaway($return_url); + if($interactive) { + goaway($return_url); + } + else { + json_return_and_die($result); + } } info( t('Channel added.') . EOL); @@ -53,7 +58,12 @@ class Follow extends \Zotlabs\Web\Controller { if(($can_view_stream) || ($result['abook']['xchan_network'] === 'rss')) \Zotlabs\Daemon\Master::Summon(array('Onepoll',$result['abook']['abook_id'])); - goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1'); + if($interactive) { + goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1'); + } + else { + json_return_and_die([ 'success' => true ]); + } } -- cgit v1.2.3 From b38ce967f36e0dc5a503fbca9477732cd8967ea6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 2 Mar 2018 12:41:50 -0800 Subject: sort settings/featured --- Zotlabs/Module/Settings/Featured.php | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Featured.php b/Zotlabs/Module/Settings/Featured.php index 1da139206..542a05363 100644 --- a/Zotlabs/Module/Settings/Featured.php +++ b/Zotlabs/Module/Settings/Featured.php @@ -57,7 +57,10 @@ class Featured { } call_hooks('feature_settings', $settings_addons); - + + $this->sortpanels($settings_addons); + + $tpl = get_markup_template("settings_addons.tpl"); $o .= replace_macros($tpl, array( '$form_security_token' => get_form_security_token("settings_featured"), @@ -67,5 +70,15 @@ class Featured { )); return $o; } - -} \ No newline at end of file + + function sortpanels(&$s) { + $a = explode('
',$s); + if($a) { + usort($a,'featured_sort'); + $s = implode('
',$a); + } + } + +} + + -- cgit v1.2.3 From 4c69c5679736bb77d141a528c1e63a80d11c8026 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 2 Mar 2018 14:09:59 -0800 Subject: string change "Channel added" -> "Connection added" --- Zotlabs/Module/Follow.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php index 04ac746cb..146c4e564 100644 --- a/Zotlabs/Module/Follow.php +++ b/Zotlabs/Module/Follow.php @@ -33,7 +33,7 @@ class Follow extends \Zotlabs\Web\Controller { } } - info( t('Channel added.') . EOL); + info( t('Connection added.') . EOL); $clone = array(); foreach($result['abook'] as $k => $v) { -- cgit v1.2.3 From ca1022675c84c862e9ae3180a47360040b24e9e2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 3 Mar 2018 15:19:39 -0800 Subject: There was no pdl for mod_thing; add one because it's only a link away from profile creation and remains on that page until you go elsewhere and new members may need help to find their way out --- Zotlabs/Module/Thing.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Thing.php b/Zotlabs/Module/Thing.php index f816632ab..c3d8ff802 100644 --- a/Zotlabs/Module/Thing.php +++ b/Zotlabs/Module/Thing.php @@ -20,6 +20,11 @@ class Thing extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); + if($_SERVER['REQUEST_METHOD'] === 'GET' && argc() < 2) { + profile_load($channel['channel_address']); + } + + $term_hash = (($_REQUEST['term_hash']) ? $_REQUEST['term_hash'] : ''); $name = escape_tags($_REQUEST['term']); -- cgit v1.2.3 From 471c3c4d068d1c6d4e149098d400d792fb3550a6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 3 Mar 2018 15:52:57 -0800 Subject: add dummy f= arg to suggestion urls, use directory version of suggest for newmember link instead of the suggest module as the UI is prettier. --- Zotlabs/Module/Directory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index b1552a694..85c0be6b6 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -17,7 +17,7 @@ class Directory extends \Zotlabs\Web\Controller { intval(local_channel()), dbesc($_GET['ignore']) ); - goaway(z_root() . '/directory?suggest=1'); + goaway(z_root() . '/directory?f=&suggest=1'); } $observer = get_observer_hash(); -- cgit v1.2.3 From be6619d9c06a31fa211c6200aad377d94c1fd0b5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 4 Mar 2018 15:29:10 -0800 Subject: bugfix: unable to reset profile fields to defaults in admin/profs by emptying the textarea --- Zotlabs/Module/Admin/Profs.php | 39 ++++++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Profs.php b/Zotlabs/Module/Admin/Profs.php index b3da09cb7..eb2501d43 100644 --- a/Zotlabs/Module/Admin/Profs.php +++ b/Zotlabs/Module/Admin/Profs.php @@ -9,17 +9,37 @@ class Profs { if(array_key_exists('basic',$_REQUEST)) { $arr = explode(',',$_REQUEST['basic']); - for($x = 0; $x < count($arr); $x ++) - if(trim($arr[$x])) - $arr[$x] = trim($arr[$x]); - set_config('system','profile_fields_basic',$arr); - + array_walk($arr,'array_trim'); + $narr = []; + if(count($arr)) { + foreach($arr as $a) { + if(strlen($a)) { + $narr[] = $a; + } + } + } + if(! $narr) + del_config('system','profile_fields_basic'); + else + set_config('system','profile_fields_basic',$narr); + + if(array_key_exists('advanced',$_REQUEST)) { $arr = explode(',',$_REQUEST['advanced']); - for($x = 0; $x < count($arr); $x ++) - if(trim($arr[$x])) - $arr[$x] = trim($arr[$x]); - set_config('system','profile_fields_advanced',$arr); + array_walk($arr,'array_trim'); + $narr = []; + if(count($arr)) { + foreach($arr as $a) { + if(strlen($a)) { + $narr[] = $a; + } + } + } + if(! $narr) + del_config('system','profile_fields_advanced'); + else + set_config('system','profile_fields_advanced',$narr); + } goaway(z_root() . '/admin/profs'); } @@ -98,6 +118,7 @@ class Profs { $basic = ''; $barr = array(); $fields = get_profile_fields_basic(); + if(! $fields) $fields = get_profile_fields_basic(1); if($fields) { -- cgit v1.2.3 From 59a2057fa0faac2db7b36a5d6c40435c6e13d378 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 4 Mar 2018 17:36:52 -0800 Subject: fix some issues with friend suggestions on standalone sites with no 'suggestme' volunteers. This wrongly pulled up a site directory suggesting everybody on the site. While a better outcome than finding nobody, this does not fit with our ethical design goals. If there are no friends of friends, we will only suggest those who volunteer to be on the default suggestion list. Also do not attempt to load poco data from dead sites. --- Zotlabs/Module/Directory.php | 5 +++++ Zotlabs/Module/Sitelist.php | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index 85c0be6b6..62a1670f9 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -101,6 +101,11 @@ class Directory extends \Zotlabs\Web\Controller { if($suggest) { $r = suggestion_query(local_channel(),get_observer_hash()); + + if(! $r) { + notice( t('No default suggestions were found.') . EOL); + return; + } // Remember in which order the suggestions were $addresses = array(); diff --git a/Zotlabs/Module/Sitelist.php b/Zotlabs/Module/Sitelist.php index e7d4187b7..2ac5ed1b8 100644 --- a/Zotlabs/Module/Sitelist.php +++ b/Zotlabs/Module/Sitelist.php @@ -32,7 +32,7 @@ class Sitelist extends \Zotlabs\Web\Controller { $result = array('success' => false); - $r = q("select count(site_url) as total from site where site_type = %d $sql_extra ", + $r = q("select count(site_url) as total from site where site_type = %d and site_dead = 0 $sql_extra ", intval(SITE_TYPE_ZOT) ); @@ -42,7 +42,7 @@ class Sitelist extends \Zotlabs\Web\Controller { $result['start'] = $start; $result['limit'] = $limit; - $r = q("select * from site where site_type = %d $sql_extra $sql_order $sql_limit", + $r = q("select * from site where site_type = %d and site_dead = 0 $sql_extra $sql_order $sql_limit", intval(SITE_TYPE_ZOT) ); -- cgit v1.2.3 From 04f7f99fc3ac68b5cea357b35a7d755f62fb999b Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 7 Mar 2018 20:29:37 +0100 Subject: we do not support separate mobile themes anymore --- Zotlabs/Module/Admin/Site.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 880dbbe4b..015c6535c 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -24,7 +24,7 @@ class Site { $siteinfo = ((x($_POST,'siteinfo')) ? trim($_POST['siteinfo']) : ''); $language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : ''); $theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : ''); - $theme_mobile = ((x($_POST,'theme_mobile')) ? notags(trim($_POST['theme_mobile'])) : ''); +// $theme_mobile = ((x($_POST,'theme_mobile')) ? notags(trim($_POST['theme_mobile'])) : ''); // $site_channel = ((x($_POST,'site_channel')) ? notags(trim($_POST['site_channel'])) : ''); $maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0); @@ -122,11 +122,11 @@ class Site { set_config('system','siteinfo',$siteinfo); set_config('system', 'language', $language); set_config('system', 'theme', $theme); - if ( $theme_mobile === '---' ) { - del_config('system', 'mobile_theme'); - } else { - set_config('system', 'mobile_theme', $theme_mobile); - } +// if ( $theme_mobile === '---' ) { +// del_config('system', 'mobile_theme'); +// } else { +// set_config('system', 'mobile_theme', $theme_mobile); +// } // set_config('system','site_channel', $site_channel); set_config('system','maximagesize', $maximagesize); @@ -305,7 +305,7 @@ class Site { '$siteinfo' => array('siteinfo', t('Site Information'), get_config('system','siteinfo'), t("Publicly visible description of this site. Displayed on siteinfo page. BBCode can be used here")), '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - change theme settings"), $theme_choices), - '$theme_mobile' => array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile), +// '$theme_mobile' => array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile), // '$site_channel' => array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")), '$feed_contacts' => array('feed_contacts', t('Allow Feeds as Connections'),get_config('system','feed_contacts'),t('(Heavy system resource usage)')), '$maximagesize' => array('maximagesize', t("Maximum image size"), intval(get_config('system','maximagesize')), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")), -- cgit v1.2.3 From 17c102ebe115bd8272da830bf9523b691ce115ee Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 7 Mar 2018 21:11:57 +0100 Subject: we need the javascript in the template since strings are involved --- Zotlabs/Module/Cover_photo.php | 6 ++++++ Zotlabs/Module/Profile_photo.php | 6 ++++++ 2 files changed, 12 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index 047bcf3d4..2da99b447 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -364,6 +364,12 @@ class Cover_photo extends \Zotlabs\Web\Controller { '$embedPhotosModalTitle' => t('Use a photo from your albums'), '$embedPhotosModalCancel' => t('Cancel'), '$embedPhotosModalOK' => t('OK'), + '$modalchooseimages' => t('Choose images to embed'), + '$modalchoosealbum' => t('Choose an album'), + '$modaldiffalbum' => t('Choose a different album'), + '$modalerrorlist' => t('Error getting album list'), + '$modalerrorlink' => t('Error getting photo link'), + '$modalerroralbum' => t('Error getting album'), '$form_security_token' => get_form_security_token("cover_photo"), /// @FIXME - yuk '$select' => t('Select existing photo'), diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index 44b7c18c6..2ce8686b9 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -463,6 +463,12 @@ class Profile_photo extends \Zotlabs\Web\Controller { '$embedPhotosModalTitle' => t('Use a photo from your albums'), '$embedPhotosModalCancel' => t('Cancel'), '$embedPhotosModalOK' => t('OK'), + '$modalchooseimages' => t('Choose images to embed'), + '$modalchoosealbum' => t('Choose an album'), + '$modaldiffalbum' => t('Choose a different album'), + '$modalerrorlist' => t('Error getting album list'), + '$modalerrorlink' => t('Error getting photo link'), + '$modalerroralbum' => t('Error getting album'), '$form_security_token' => get_form_security_token("profile_photo"), '$select' => t('Select existing photo'), )); -- cgit v1.2.3 From 48b1042347d098672e583010fe9dbf71eb81623c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 7 Mar 2018 16:59:55 -0800 Subject: hashtag autocomplete --- Zotlabs/Module/Hashtags.php | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 Zotlabs/Module/Hashtags.php (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Hashtags.php b/Zotlabs/Module/Hashtags.php new file mode 100644 index 000000000..d87a82818 --- /dev/null +++ b/Zotlabs/Module/Hashtags.php @@ -0,0 +1,29 @@ + strtolower($rv['term']) ]; + } + } + logger(print_r($result,true)); + json_return_and_die($result); + } +} \ No newline at end of file -- cgit v1.2.3 From 1700aedbed9050ca2eee621c04c29e5b34150bc5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 7 Mar 2018 17:29:01 -0800 Subject: remove extraneous logging --- Zotlabs/Module/Hashtags.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Hashtags.php b/Zotlabs/Module/Hashtags.php index d87a82818..edb631871 100644 --- a/Zotlabs/Module/Hashtags.php +++ b/Zotlabs/Module/Hashtags.php @@ -8,8 +8,6 @@ class Hashtags extends \Zotlabs\Web\Controller { function init() { $result = []; - logger(print_r($_REQUEST,true)); - $t = escape_tags($_REQUEST['t']); if(! $t) json_return_and_die($result); @@ -23,7 +21,7 @@ class Hashtags extends \Zotlabs\Web\Controller { $result[] = [ 'text' => strtolower($rv['term']) ]; } } - logger(print_r($result,true)); + json_return_and_die($result); } } \ No newline at end of file -- cgit v1.2.3 From a0a1246efb74473269238f7b3e4d35f90c11b49e Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Mar 2018 10:50:03 +0100 Subject: use dbunescbin() for cover photos --- Zotlabs/Module/Cover_photo.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index 2da99b447..56e35f912 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -207,7 +207,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { } } - $imagedata = (($os_storage) ? @file_get_contents($imagedata) : $imagedata); + $imagedata = (($os_storage) ? @file_get_contents(dbunescbin($imagedata)) : dbunescbin($imagedata)); $ph = photo_factory($imagedata, $filetype); if(! $ph->is_valid()) { -- cgit v1.2.3 From cd21519de38bb422d55fdc2d4f9ea01012f4e013 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 10 Mar 2018 21:21:44 +0100 Subject: do not use trim on array --- Zotlabs/Module/Admin/Site.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 015c6535c..bfb9be8bd 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -38,7 +38,7 @@ class Site { $site_sellpage = ((x($_POST,'site_sellpage')) ? notags(trim($_POST['site_sellpage'])) : ''); $site_location = ((x($_POST,'site_location')) ? notags(trim($_POST['site_location'])) : ''); $frontpage = ((x($_POST,'frontpage')) ? notags(trim($_POST['frontpage'])) : ''); - $firstpage = ((x(trim($_POST,'firstpage'))) ? notags(trim($_POST['firstpage'])) : 'profiles'); + $firstpage = ((x($_POST,'firstpage')) ? notags(trim($_POST['firstpage'])) : 'profiles'); $mirror_frontpage = ((x($_POST,'mirror_frontpage')) ? intval(trim($_POST['mirror_frontpage'])) : 0); $directory_server = ((x($_POST,'directory_server')) ? trim($_POST['directory_server']) : ''); $allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : ''); -- cgit v1.2.3 From aa6f7481a023c04b30ffc6aec2016e2b7b3b386f Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sat, 10 Mar 2018 15:43:13 -0500 Subject: Fixed access_token request bug and returned oauth2-server-php library to unmodified state. --- Zotlabs/Module/Oauth2testvehicle.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 29c6ec50e..82e309f1c 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -145,13 +145,14 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { $client_id = (x($_POST, 'client_id') ? $_POST['client_id'] : ''); $code = (x($_POST, 'code') ? $_POST['code'] : ''); $client_secret = (x($_POST, 'client_secret') ? $_POST['client_secret'] : ''); - $url = z_root() . '/token/?'; - $url .= 'grant_type=' . $grant_type; - $url .= '&redirect_uri=' . urlencode($redirect_uri); - $url .= '&client_id=' . $client_id; - $url .= '&code=' . $code; - $post = z_fetch_url($url, false, 0, array( - 'custom' => 'POST', + $url = z_root() . '/token/'; + $params = http_build_query(array( + 'grant_type' => $grant_type, + 'redirect_uri' => urlencode($redirect_uri), + 'client_id' => $client_id, + 'code' => $code, + )); + $post = z_post_url($url, $params, 0, array( 'http_auth' => $client_id . ':' . $client_secret, )); logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG); -- cgit v1.2.3 From a417389934933af64e631c6372d410cbf864450a Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 10 Mar 2018 13:20:20 -0800 Subject: trim expects error ... in admin/site --- Zotlabs/Module/Admin/Site.php | 12 +++++++++--- Zotlabs/Module/Import.php | 19 ++++++++++--------- 2 files changed, 19 insertions(+), 12 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 880dbbe4b..45391a43a 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -14,6 +14,8 @@ class Site { return; } +logger('post: ' . print_r($_POST,true)); + check_form_security_token_redirectOnErr('/admin/site', 'admin_site'); $sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : ''); @@ -38,7 +40,11 @@ class Site { $site_sellpage = ((x($_POST,'site_sellpage')) ? notags(trim($_POST['site_sellpage'])) : ''); $site_location = ((x($_POST,'site_location')) ? notags(trim($_POST['site_location'])) : ''); $frontpage = ((x($_POST,'frontpage')) ? notags(trim($_POST['frontpage'])) : ''); - $firstpage = ((x(trim($_POST,'firstpage'))) ? notags(trim($_POST['firstpage'])) : 'profiles'); + $first_page = ((x($_POST,'first_page')) ? notags(trim($_POST['first_page'])) : 'profiles'); + // check value after trim + if(! $first_page) { + $first_page = 'profiles'; + } $mirror_frontpage = ((x($_POST,'mirror_frontpage')) ? intval(trim($_POST['mirror_frontpage'])) : 0); $directory_server = ((x($_POST,'directory_server')) ? trim($_POST['directory_server']) : ''); $allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : ''); @@ -82,7 +88,7 @@ class Site { set_config('system', 'maxloadavg', $maxloadavg); set_config('system', 'frontpage', $frontpage); set_config('system', 'sellpage', $site_sellpage); - set_config('system', 'workflow_channel_next', $firstpage); + set_config('system', 'workflow_channel_next', $first_page); set_config('system', 'site_location', $site_location); set_config('system', 'mirror_frontpage', $mirror_frontpage); set_config('system', 'sitename', $sitename); @@ -345,7 +351,7 @@ class Site { '$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')), '$sellpage' => array('site_sellpage', t('Public servers: Optional landing (marketing) webpage for new registrants'), get_config('system','sellpage',''), sprintf( t('Create this page first. Default is %s/register'),z_root())), - '$firstpage' => array('firstpage', t('Page to display after creating a new channel'), get_config('system','workflow_channel_next','profiles'), t('Recommend: profiles, go, or settings')), + '$first_page' => array('first_page', t('Page to display after creating a new channel'), get_config('system','workflow_channel_next','profiles'), t('Recommend: profiles, go, or settings')), '$location' => array('site_location', t('Optional: site location'), get_config('system','site_location',''), t('Region or country')), diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index 36bd72310..81c405f00 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -114,15 +114,16 @@ class Import extends \Zotlabs\Web\Controller { return; } - if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) { - $v1 = substr($data['compatibility']['database'],-4); - $v2 = substr(DB_UPDATE_VERSION,-4); - if($v2 > $v1) { - $t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 ); - notice($t); - } - - } +// This is only an info message but it is alarming to folks who then report failure with this as the cause, when in fact we ignore this completely. +// if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) { +// $v1 = substr($data['compatibility']['database'],-4); +// $v2 = substr(DB_UPDATE_VERSION,-4); +// if($v2 > $v1) { +// $t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 ); +// notice($t); +// } +// +// } if($moving) $seize = 1; -- cgit v1.2.3 From 08d2adddf519117e0cd7c0a97222cac63a431631 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 10 Mar 2018 13:21:22 -0800 Subject: remove debugging --- Zotlabs/Module/Admin/Site.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 45391a43a..2ff5ed9c4 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -14,8 +14,6 @@ class Site { return; } -logger('post: ' . print_r($_POST,true)); - check_form_security_token_redirectOnErr('/admin/site', 'admin_site'); $sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : ''); -- cgit v1.2.3 From 717ae5486806f7f238f6cdafe08c8aefd94056d2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 11 Mar 2018 16:42:46 -0700 Subject: Setup - .htconfig.php write access is now required for automated installation. [String change - leave in dev for the next release] --- Zotlabs/Module/Setup.php | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index 8e7fbbddf..a3832d156 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -563,16 +563,20 @@ class Setup extends \Zotlabs\Web\Controller { $status = true; $help = ''; - if( (file_exists('.htconfig.php') && !is_writable('.htconfig.php')) || - (!file_exists('.htconfig.php') && !is_writable('.')) ) { - $status = false; - $help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL; - $help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL; - $help .= t('At the end of this procedure, we will give you a text to save in a file named .htconfig.php in your Red top folder.').EOL; - $help .= t('You can alternatively skip this procedure and perform a manual installation. Please see the file "install/INSTALL.txt" for instructions.').EOL; + $fname = '.htconfig.php'; + + if((file_exists($fname) && is_writable($fname)) || + (! (file_exists($fname) && is_writable('.')))) { + $this->check_add($checks, t('.htconfig.php is writable'), $status, true, $help); + return; } - $this->check_add($checks, t('.htconfig.php is writable'), $status, false, $help); + $status = false; + $help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL; + $help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL; + $help .= t('Please see install/INSTALL.txt for additional information.'); + + $this->check_add($checks, t('.htconfig.php is writable'), $status, true, $help); } /** -- cgit v1.2.3 From 34399b8b47d9a85eb3c4095392ab994792257d88 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 12 Mar 2018 15:47:33 -0700 Subject: obscure permission issue with custom permissions when using the highly discouraged advisory privacy modes --- Zotlabs/Module/Item.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 3f857030b..fba2ef7a4 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -830,6 +830,12 @@ class Item extends \Zotlabs\Web\Controller { $datarray['plink'] = $plink; $datarray['route'] = $route; + + // A specific ACL over-rides public_policy completely + + if(! empty_acl($datarray)) + $datarray['public_policy'] = ''; + if($iconfig) $datarray['iconfig'] = $iconfig; -- cgit v1.2.3 From ab1d47b36f21e5881900d9d805f4f7876f1c472f Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 12 Mar 2018 20:54:55 -0700 Subject: unicode/emoji usernames. Warning: experimental feature, unstable, untested, disabled by default, use at your own risk, may not federate to other platforms and protocols. May not clone correctly. Bug reports which neglect to include detailed roubleshooting information and patches/pull requests will be ignored. --- Zotlabs/Module/Follow.php | 2 +- Zotlabs/Module/New_channel.php | 20 +++++++++++++++++--- 2 files changed, 18 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php index 146c4e564..d441f21d2 100644 --- a/Zotlabs/Module/Follow.php +++ b/Zotlabs/Module/Follow.php @@ -14,7 +14,7 @@ class Follow extends \Zotlabs\Web\Controller { } $uid = local_channel(); - $url = notags(trim($_REQUEST['url'])); + $url = notags(trim(unpunify($_REQUEST['url']))); $return_url = $_SESSION['return_url']; $confirm = intval($_REQUEST['confirm']); $interactive = (($_REQUEST['interactive']) ? intval($_REQUEST['interactive']) : 1); diff --git a/Zotlabs/Module/New_channel.php b/Zotlabs/Module/New_channel.php index 548f28c4f..ea9f27447 100644 --- a/Zotlabs/Module/New_channel.php +++ b/Zotlabs/Module/New_channel.php @@ -16,8 +16,15 @@ class New_channel extends \Zotlabs\Web\Controller { require_once('library/urlify/URLify.php'); $result = array('error' => false, 'message' => ''); $n = trim($_REQUEST['name']); - - $x = strtolower(\URLify::transliterate($n)); + + $x = false; + + if(get_config('system','unicode_usernames')) { + $x = punify(mb_strtolower($n)); + } + + if((! $x) || strlen($x) > 64) + $x = strtolower(\URLify::transliterate($n)); $test = array(); @@ -43,7 +50,14 @@ class New_channel extends \Zotlabs\Web\Controller { $result = array('error' => false, 'message' => ''); $n = trim($_REQUEST['nick']); - $x = strtolower(\URLify::transliterate($n)); + $x = false; + + if(get_config('system','unicode_usernames')) { + $x = punify(mb_strtolower($n)); + } + + if((! $x) || strlen($x) > 64) + $x = strtolower(\URLify::transliterate($n)); $test = array(); -- cgit v1.2.3 From 2bcfa0c12687d47c11e8c445a5a38ffe96d5c135 Mon Sep 17 00:00:00 2001 From: mrjive Date: Tue, 13 Mar 2018 02:57:08 -0700 Subject: small work on connections page --- Zotlabs/Module/Connections.php | 42 ++++++++++++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 10 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 255731c9c..3bbdbf326 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -32,6 +32,7 @@ class Connections extends \Zotlabs\Web\Controller { nav_set_selected('Connections'); + $active = false; $blocked = false; $hidden = false; $ignored = false; @@ -44,11 +45,16 @@ class Connections extends \Zotlabs\Web\Controller { if(! $_REQUEST['aj']) $_SESSION['return_url'] = \App::$query_string; - $search_flags = ''; + $search_flags = ""; $head = ''; if(argc() == 2) { switch(argv(1)) { + case 'active': + $search_flags = " and abook_blocked = 0 and abook_ignored = 0 and abook_hidden = 0 and abook_archived = 0 AND abook_not_here = 0 "; + $head = t('Active'); + $active = true; + break; case 'blocked': $search_flags = " and abook_blocked = 1 "; $head = t('Blocked'); @@ -101,8 +107,9 @@ class Connections extends \Zotlabs\Web\Controller { case 'all': $head = t('All'); default: - $search_flags = ''; - $all = true; + $search_flags = " and abook_blocked = 0 and abook_ignored = 0 and abook_hidden = 0 and abook_archived = 0 and abook_not_here = 0 "; + $active = true; + $head = t('Active'); break; } @@ -129,6 +136,13 @@ class Connections extends \Zotlabs\Web\Controller { ), */ + 'active' => array( + 'label' => t('Active Connections'), + 'url' => z_root() . '/connections/active', + 'sel' => ($active) ? 'active' : '', + 'title' => t('Show active connections'), + ), + 'pending' => array( 'label' => t('New Connections'), 'url' => z_root() . '/connections/pending', @@ -136,12 +150,6 @@ class Connections extends \Zotlabs\Web\Controller { 'title' => t('Show pending (new) connections'), ), - 'all' => array( - 'label' => t('All Connections'), - 'url' => z_root() . '/connections/all', - 'sel' => ($all) ? 'active' : '', - 'title' => t('Show all connections'), - ), /* array( @@ -187,6 +195,13 @@ class Connections extends \Zotlabs\Web\Controller { // 'title' => t('Only show one-way connections'), // ), + + 'all' => array( + 'label' => t('All Connections'), + 'url' => z_root() . '/connections', + 'sel' => ($all) ? 'active' : '', + 'title' => t('Show all connections'), + ), ); @@ -238,6 +253,7 @@ class Connections extends \Zotlabs\Web\Controller { $status_str = ''; $status = array( + ((intval($rr['abook_active'])) ? t('Active') : ''), ((intval($rr['abook_pending'])) ? t('Pending approval') : ''), ((intval($rr['abook_archived'])) ? t('Archived') : ''), ((intval($rr['abook_hidden'])) ? t('Hidden') : ''), @@ -245,6 +261,11 @@ class Connections extends \Zotlabs\Web\Controller { ((intval($rr['abook_blocked'])) ? t('Blocked') : ''), ((intval($rr['abook_not_here'])) ? t('Not connected at this location') : '') ); + + $oneway = false; + if(! intval(get_abconfig(local_channel(),$rr['xchan_hash'],'their_perms','post_comments'))) { + $oneway = true; + } foreach($status as $str) { if(!$str) @@ -283,7 +304,8 @@ class Connections extends \Zotlabs\Web\Controller { 'ignore_hover' => t('Ignore connection'), 'ignore' => ((! $rr['abook_ignored']) ? t('Ignore') : false), 'recent_label' => t('Recent activity'), - 'recentlink' => z_root() . '/network/?f=&cid=' . intval($rr['abook_id']) + 'recentlink' => z_root() . '/network/?f=&cid=' . intval($rr['abook_id']), + 'oneway' => $oneway ); } } -- cgit v1.2.3 From a0cbed80f3e488ab3592094f88b4587c68738737 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 14 Mar 2018 00:50:12 -0700 Subject: make unicode usernames work in chanview module --- Zotlabs/Module/Chanview.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Chanview.php b/Zotlabs/Module/Chanview.php index 24ab9b022..779c7e646 100644 --- a/Zotlabs/Module/Chanview.php +++ b/Zotlabs/Module/Chanview.php @@ -19,7 +19,7 @@ class Chanview extends \Zotlabs\Web\Controller { } if($_REQUEST['address']) { $r = q("select * from xchan where xchan_addr = '%s' limit 1", - dbesc($_REQUEST['address']) + dbesc(punify($_REQUEST['address'])) ); } elseif(local_channel() && intval($_REQUEST['cid'])) { -- cgit v1.2.3 From d4fa33ddddcd4594f83868796af93222013d74bb Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 14 Mar 2018 09:19:06 +0100 Subject: whitespace --- Zotlabs/Module/Profiles.php | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index b1cf9596c..fad16cb04 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -786,22 +786,22 @@ class Profiles extends \Zotlabs\Web\Controller { '$channels' => array('channels', t('My other channels'), $r[0]['channels']), '$extra_fields' => $extra_fields, '$comms' => t('Communications'), - '$tel_label' => t('Phone'), - '$email_label' => t('Email'), - '$impp_label' => t('Instant messenger'), - '$url_label' => t('Website'), - '$adr_label' => t('Address'), - '$note_label' => t('Note'), - '$mobile' => t('Mobile'), - '$home' => t('Home'), - '$work' => t('Work'), - '$other' => t('Other'), - '$add_card' => t('Add Contact'), - '$add_field' => t('Add Field'), - '$create' => t('Create'), - '$update' => t('Update'), - '$delete' => t('Delete'), - '$cancel' => t('Cancel'), + '$tel_label' => t('Phone'), + '$email_label' => t('Email'), + '$impp_label' => t('Instant messenger'), + '$url_label' => t('Website'), + '$adr_label' => t('Address'), + '$note_label' => t('Note'), + '$mobile' => t('Mobile'), + '$home' => t('Home'), + '$work' => t('Work'), + '$other' => t('Other'), + '$add_card' => t('Add Contact'), + '$add_field' => t('Add Field'), + '$create' => t('Create'), + '$update' => t('Update'), + '$delete' => t('Delete'), + '$cancel' => t('Cancel'), )); $arr = array('profile' => $r[0], 'entry' => $o); -- cgit v1.2.3 From fa3e7a574fdfef87f86dc89fbb30bbfef7e98463 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 14 Mar 2018 10:03:17 +0100 Subject: show site registration notifications setting only to site admin --- Zotlabs/Module/Settings/Channel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php index fb8284d2e..139e5f966 100644 --- a/Zotlabs/Module/Settings/Channel.php +++ b/Zotlabs/Module/Settings/Channel.php @@ -202,7 +202,7 @@ class Channel { $vnotify += intval($_POST['vnotify9']); if(x($_POST,'vnotify10')) $vnotify += intval($_POST['vnotify10']); - if(x($_POST,'vnotify11')) + if(x($_POST,'vnotify11') && is_site_admin()) $vnotify += intval($_POST['vnotify11']); if(x($_POST,'vnotify12')) $vnotify += intval($_POST['vnotify12']); @@ -569,7 +569,7 @@ class Channel { '$vnotify8' => array('vnotify8', t('System info messages'), ($vnotify & VNOTIFY_INFO), VNOTIFY_INFO, t('Recommended'), $yes_no), '$vnotify9' => array('vnotify9', t('System critical alerts'), ($vnotify & VNOTIFY_ALERT), VNOTIFY_ALERT, t('Recommended'), $yes_no), '$vnotify10' => array('vnotify10', t('New connections'), ($vnotify & VNOTIFY_INTRO), VNOTIFY_INTRO, t('Recommended'), $yes_no), - '$vnotify11' => array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no), + '$vnotify11' => ((is_site_admin()) ? array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no) : array()), '$vnotify12' => array('vnotify12', t('Unseen shared files'), ($vnotify & VNOTIFY_FILES), VNOTIFY_FILES, '', $yes_no), '$vnotify13' => (($disable_discover_tab) ? array() : array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no)), '$mailhost' => [ 'mailhost', t('Email notification hub (hostname)'), get_pconfig(local_channel(),'system','email_notify_host',\App::get_hostname()), sprintf( t('If your channel is mirrored to multiple hubs, set this to your preferred location. This will prevent duplicate email notifications. Example: %s'),\App::get_hostname()) ], -- cgit v1.2.3 From 75721b7e8242701cc690a635175b8ef63ddba4fe Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 14 Mar 2018 10:24:08 +0100 Subject: reveal the profile name field only if multi prifiles feature is enabled --- Zotlabs/Module/Profiles.php | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index fad16cb04..e02cb33db 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -655,7 +655,7 @@ class Profiles extends \Zotlabs\Web\Controller { intval($id), intval(local_channel()) ); - if(! count($r)) { + if(! $r) { notice( t('Profile not found.') . EOL); return; } @@ -712,13 +712,10 @@ class Profiles extends \Zotlabs\Web\Controller { $tpl = get_markup_template("profile_edit.tpl"); $o .= replace_macros($tpl,array( - + '$multi_profiles' => ((feature_enabled(local_channel(),'multi_profiles')) ? true : false), '$form_security_token' => get_form_security_token("profile_edit"), - '$profile_clone_link' => ((feature_enabled(local_channel(),'multi_profiles')) ? 'profiles/clone/' . $r[0]['id'] . '?t=' - . get_form_security_token("profile_clone") : ''), - '$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' - . get_form_security_token("profile_drop"), - + '$profile_clone_link' => 'profiles/clone/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_clone"), + '$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_drop"), '$fields' => $fields, '$vcard' => $vcard, '$guid' => $r[0]['profile_guid'], -- cgit v1.2.3 From 7b56fdebacda402512fc19c040d1355a6558a3aa Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 14 Mar 2018 18:42:07 -0700 Subject: more work with unicode usernames --- Zotlabs/Module/Acl.php | 6 +++--- Zotlabs/Module/Follow.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index fae7e2e44..245b0a9b7 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -82,7 +82,7 @@ class Acl extends \Zotlabs\Web\Controller { if($search) { $sql_extra = " AND groups.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; - $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; + $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; // This horrible mess is needed because position also returns 0 if nothing is found. // Would be MUCH easier if it instead returned a very large value @@ -92,7 +92,7 @@ class Acl extends \Zotlabs\Web\Controller { $order_extra2 = "CASE WHEN xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " then POSITION('" . protect_sprintf(dbesc($search)) - . "' IN xchan_name) else position('" . protect_sprintf(dbesc($search)) . "' IN xchan_addr) end, "; + . "' IN xchan_name) else position('" . protect_sprintf(dbesc(punify($search))) . "' IN xchan_addr) end, "; $col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' ); $sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; @@ -435,7 +435,7 @@ class Acl extends \Zotlabs\Web\Controller { $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 100); if($url) { $query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : ''); - $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : ''); + $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode(punify($search)) : ''); $x = z_fetch_url($query); if($x['success']) { diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php index d441f21d2..cbf9d62c5 100644 --- a/Zotlabs/Module/Follow.php +++ b/Zotlabs/Module/Follow.php @@ -14,7 +14,7 @@ class Follow extends \Zotlabs\Web\Controller { } $uid = local_channel(); - $url = notags(trim(unpunify($_REQUEST['url']))); + $url = notags(trim(punify($_REQUEST['url']))); $return_url = $_SESSION['return_url']; $confirm = intval($_REQUEST['confirm']); $interactive = (($_REQUEST['interactive']) ? intval($_REQUEST['interactive']) : 1); -- cgit v1.2.3 From 91b710b07d5fc2b48b5d56d1801a36532008d1e9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 15 Mar 2018 17:51:24 -0700 Subject: add auth flag to share attributes so we can make a costly determination to use zid at post submission time instead of making multiple calls to is_matrix_url() at render time --- Zotlabs/Module/Oep.php | 4 ++++ Zotlabs/Module/Rpost.php | 38 +------------------------------------- Zotlabs/Module/Share.php | 21 ++++++++++++++------- 3 files changed, 19 insertions(+), 44 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index bb3a13b56..ec40bf9db 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -125,6 +125,7 @@ class Oep extends \Zotlabs\Web\Controller { "' profile='".$p[0]['author']['xchan_url'] . "' avatar='".$p[0]['author']['xchan_photo_s']. "' link='".$p[0]['plink']. + "' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') . "' posted='".$p[0]['created']. "' message_id='".$p[0]['mid']."']"; if($p[0]['title']) @@ -209,6 +210,7 @@ class Oep extends \Zotlabs\Web\Controller { "' profile='".$p[0]['author']['xchan_url'] . "' avatar='".$p[0]['author']['xchan_photo_s']. "' link='".$p[0]['plink']. + "' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') . "' posted='".$p[0]['created']. "' message_id='".$p[0]['mid']."']"; if($p[0]['title']) @@ -292,6 +294,7 @@ class Oep extends \Zotlabs\Web\Controller { "' profile='".$p[0]['author']['xchan_url'] . "' avatar='".$p[0]['author']['xchan_photo_s']. "' link='".$p[0]['plink']. + "' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') . "' posted='".$p[0]['created']. "' message_id='".$p[0]['mid']."']"; if($p[0]['title']) @@ -366,6 +369,7 @@ class Oep extends \Zotlabs\Web\Controller { "' profile='".$p[0]['author']['xchan_url'] . "' avatar='".$p[0]['author']['xchan_photo_s']. "' link='".$p[0]['plink']. + "' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') . "' posted='".$p[0]['created']. "' message_id='".$p[0]['mid']."']"; if($p[0]['title']) diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php index 5d2f0d7e8..e6ea52845 100644 --- a/Zotlabs/Module/Rpost.php +++ b/Zotlabs/Module/Rpost.php @@ -111,43 +111,7 @@ class Rpost extends \Zotlabs\Web\Controller { } if($_REQUEST['post_id']) { - $r = q("SELECT * from item WHERE id = %d LIMIT 1", - intval($_REQUEST['post_id']) - ); - if(($r) && (! intval($r[0]['item_private']))) { - $sql_extra = item_permissions_sql($r[0]['uid']); - - $r = q("select * from item where id = %d $sql_extra", - intval($_REQUEST['post_id']) - ); - if($r && $r[0]['mimetype'] === 'text/bbcode') { - - xchan_query($r); - - $is_photo = (($r[0]['obj_type'] === ACTIVITY_OBJ_PHOTO) ? true : false); - if($is_photo) { - $object = json_decode($r[0]['obj'],true); - $photo_bb = $object['body']; - } - - if (strpos($r[0]['body'], "[/share]") !== false) { - $pos = strpos($r[0]['body'], "[share"); - $i = substr($r[0]['body'], $pos); - } else { - $i = "[share author='".urlencode($r[0]['author']['xchan_name']). - "' profile='".$r[0]['author']['xchan_url'] . - "' avatar='".$r[0]['author']['xchan_photo_s']. - "' link='".$r[0]['plink']. - "' posted='".$r[0]['created']. - "' message_id='".$r[0]['mid']."']"; - if($r[0]['title']) - $i .= '[b]'.$r[0]['title'].'[/b]'."\r\n"; - $i .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']); - $i .= "[/share]"; - } - } - } - $_REQUEST['body'] = $_REQUEST['body'] . $i; + $_REQUEST['body'] .= '[share=' . intval($_REQUEST['post_id']) . '][/share]'; } $x = array( diff --git a/Zotlabs/Module/Share.php b/Zotlabs/Module/Share.php index 7f4d8b1eb..c6d0be051 100644 --- a/Zotlabs/Module/Share.php +++ b/Zotlabs/Module/Share.php @@ -14,10 +14,15 @@ class Share extends \Zotlabs\Web\Controller { if(! $post_id) killme(); - echo '[share=' . $post_id . '][/share]'; killme(); + + /** + * The remaining code is deprecated and handled in Zotlabs/Lib/Share.php at post + * submission time. + */ + if(! (local_channel() || remote_channel())) killme(); @@ -60,12 +65,14 @@ class Share extends \Zotlabs\Web\Controller { $pos = strpos($r[0]['body'], "[share"); $o = substr($r[0]['body'], $pos); } else { - $o = "[share author='".urlencode($r[0]['author']['xchan_name']). - "' profile='".$r[0]['author']['xchan_url'] . - "' avatar='".$r[0]['author']['xchan_photo_s']. - "' link='".$r[0]['plink']. - "' posted='".$r[0]['created']. - "' message_id='".$r[0]['mid']."']"; + $o = "[share author='" . urlencode($r[0]['author']['xchan_name']) . + "' profile='" . $r[0]['author']['xchan_url'] . + "' avatar='" . $r[0]['author']['xchan_photo_s'] . + "' link='" . $r[0]['plink'] . + "' auth='" . (($r[0]['author']['network'] === 'zot') ? 'true' : 'false') . + "' posted='" . $r[0]['created'] . + "' message_id='" . $r[0]['mid'] . + "']"; if($r[0]['title']) $o .= '[b]'.$r[0]['title'].'[/b]'."\r\n"; $o .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']); -- cgit v1.2.3 From 0009f7f05133a74bbe3206a5b4d0223ba9dea4bc Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 17 Mar 2018 21:52:56 +0100 Subject: do not include pending registrations in accounts and goaway to /admin/accounts after approval or denial of an pending registration --- Zotlabs/Module/Admin/Accounts.php | 7 ++++--- Zotlabs/Module/Regmod.php | 2 ++ 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 2e417edd1..0c7e089be 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -133,12 +133,13 @@ class Accounts { $base = z_root() . '/admin/accounts?f='; $odir = (($dir === 'asc') ? '0' : '1'); - + $users = q("SELECT account_id , account_email, account_lastlog, account_created, account_expires, account_service_class, ( account_flags & %d ) > 0 as blocked, (SELECT %s FROM channel as ch WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as channels FROM account as ac - where true $serviceclass order by $key $dir limit %d offset %d ", + where true $serviceclass and account_flags != %d order by $key $dir limit %d offset %d ", intval(ACCOUNT_BLOCKED), db_concat('ch.channel_address', ' '), + intval(ACCOUNT_BLOCKED | ACCOUNT_PENDING), intval(\App::$pager['itemspage']), intval(\App::$pager['start']) ); @@ -203,4 +204,4 @@ class Accounts { } -} \ No newline at end of file +} diff --git a/Zotlabs/Module/Regmod.php b/Zotlabs/Module/Regmod.php index c7e5c44aa..70635d707 100644 --- a/Zotlabs/Module/Regmod.php +++ b/Zotlabs/Module/Regmod.php @@ -35,6 +35,8 @@ class Regmod extends \Zotlabs\Web\Controller { if($cmd === 'allow') { if (! account_allow($hash)) killme(); } + + goaway('/admin/accounts'); } } -- cgit v1.2.3 From dc066d4c9b84267bd551ecb122cf3708b6f1472b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 21 Mar 2018 15:44:56 -0700 Subject: Add Ochannel module for testing OStatus bad behaviour --- Zotlabs/Module/Ochannel.php | 66 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 Zotlabs/Module/Ochannel.php (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Ochannel.php b/Zotlabs/Module/Ochannel.php new file mode 100644 index 000000000..3b187d2a6 --- /dev/null +++ b/Zotlabs/Module/Ochannel.php @@ -0,0 +1,66 @@ + 1) + $which = argv(1); + if(! $which) { + if(local_channel()) { + $channel = \App::get_channel(); + if($channel && $channel['channel_address']) + $which = $channel['channel_address']; + } + } + if(! $which) { + notice( t('You must be logged in to see this page.') . EOL ); + return; + } + + $profile = 0; + $channel = \App::get_channel(); + + if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; + $profile = argv(1); + } + + head_add_link( [ + 'rel' => 'alternate', + 'type' => 'application/atom+xml', + 'href' => z_root() . '/ofeed/' . $which + ]); + + + // Run profile_load() here to make sure the theme is set before + // we start loading content + + profile_load($which,$profile); + } + + function get($update = 0, $load = false) { + + if($load) + $_SESSION['loadtime'] = datetime_convert(); + + return ''; + + } + +} -- cgit v1.2.3 From 1514b0f4e5c053df60b8873b5411c70be727d227 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 21 Mar 2018 21:19:18 -0700 Subject: initial support for alternative sort orders on the cloud pages. Can be triggered manually but further development is required. --- Zotlabs/Module/Cloud.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index 8b5476efc..34397d275 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -60,6 +60,12 @@ class Cloud extends \Zotlabs\Web\Controller { // if we arrived at this path with any query parameters in the url, build a clean url without // them and redirect. + if(! array_key_exists('cloud_sort',$_SESSION)) { + $_SESSION['cloud_sort'] = 'name'; + } + + $_SESSION['cloud_sort'] = (($_REQUEST['sort']) ? trim(notags($_REQUEST['sort'])) : $_SESSION['cloud_sort']); + $x = clean_query_string(); if($x !== \App::$query_string) goaway(z_root() . '/' . $x); -- cgit v1.2.3 From 1f128e84fb8f407c6bd678b3b2bb25605884cfc5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 21 Mar 2018 22:52:24 -0700 Subject: Hubzilla issue #1006, fix anonymous comments bump thread before being approved. --- Zotlabs/Module/Moderate.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Moderate.php b/Zotlabs/Module/Moderate.php index cf1625a6b..b4709f3bd 100644 --- a/Zotlabs/Module/Moderate.php +++ b/Zotlabs/Module/Moderate.php @@ -52,6 +52,20 @@ class Moderate extends \Zotlabs\Web\Controller { intval(local_channel()), intval($post_id) ); + + // update the parent's commented timestamp + + $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ", + dbesc($r[0]['parent_mid']), + intval(local_channel()) + ); + + q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d", + dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), + dbesc(datetime_convert()), + intval($r[0]['parent']) + ); + notice( t('Comment approved') . EOL); } elseif($action === 'drop') { -- cgit v1.2.3 From 8ea8700eef07098629b808ded3bee0a11c1e3608 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 22 Mar 2018 13:55:23 +0100 Subject: prevent reload loop if somebody lands on /ochannel (without channel_address and without trailing slash) --- Zotlabs/Module/Ochannel.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Ochannel.php b/Zotlabs/Module/Ochannel.php index 3b187d2a6..508be1408 100644 --- a/Zotlabs/Module/Ochannel.php +++ b/Zotlabs/Module/Ochannel.php @@ -56,6 +56,9 @@ class Ochannel extends \Zotlabs\Web\Controller { function get($update = 0, $load = false) { + if(argc() < 2) + return; + if($load) $_SESSION['loadtime'] = datetime_convert(); -- cgit v1.2.3 From 9a52b90f227e8ff774110cc2f5cd536714d9802d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 22 Mar 2018 15:38:00 -0700 Subject: hubzilla issue #1013 - comments not displayed in single card/article view --- Zotlabs/Module/Articles.php | 5 +++-- Zotlabs/Module/Cards.php | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Articles.php b/Zotlabs/Module/Articles.php index e2e0fed5d..81f7b6543 100644 --- a/Zotlabs/Module/Articles.php +++ b/Zotlabs/Module/Articles.php @@ -129,19 +129,20 @@ class Articles extends \Zotlabs\Web\Controller { $sql_extra = item_permissions_sql($owner); + $sql_item = ''; if($selected_card) { $r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and iconfig.v = '%s' limit 1", dbesc($selected_card) ); if($r) { - $sql_extra .= "and item.id = " . intval($r[0]['iid']) . " "; + $sql_item = "and item.id = " . intval($r[0]['iid']) . " "; } } $r = q("select * from item where item.uid = %d and item_type = %d - $sql_extra order by item.created desc", + $sql_extra $sql_item order by item.created desc", intval($owner), intval(ITEM_TYPE_ARTICLE) ); diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php index f87988183..1bcd88a33 100644 --- a/Zotlabs/Module/Cards.php +++ b/Zotlabs/Module/Cards.php @@ -132,19 +132,20 @@ class Cards extends \Zotlabs\Web\Controller { $sql_extra = item_permissions_sql($owner); + $sql_item = ''; if($selected_card) { $r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1", dbesc($selected_card) ); if($r) { - $sql_extra .= "and item.id = " . intval($r[0]['iid']) . " "; + $sql_item = "and item.id = " . intval($r[0]['iid']) . " "; } } $r = q("select * from item where uid = %d and item_type = %d - $sql_extra order by item.created desc", + $sql_extra $sql_item order by item.created desc", intval($owner), intval(ITEM_TYPE_CARD) ); -- cgit v1.2.3 From 4ba91cf4e3da5637a8c2a4a65f84c3178ce0d343 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 22 Mar 2018 16:34:27 -0700 Subject: make alt_pager work for articles/cards --- Zotlabs/Module/Articles.php | 17 ++++++++++++++--- Zotlabs/Module/Cards.php | 18 +++++++++++++++--- 2 files changed, 29 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Articles.php b/Zotlabs/Module/Articles.php index 81f7b6543..c622edd10 100644 --- a/Zotlabs/Module/Articles.php +++ b/Zotlabs/Module/Articles.php @@ -127,6 +127,10 @@ class Articles extends \Zotlabs\Web\Controller { $editor = ''; } + $itemspage = get_pconfig(local_channel(),'system','itemspage'); + \App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); + $sql_extra = item_permissions_sql($owner); $sql_item = ''; @@ -142,7 +146,7 @@ class Articles extends \Zotlabs\Web\Controller { $r = q("select * from item where item.uid = %d and item_type = %d - $sql_extra $sql_item order by item.created desc", + $sql_extra $sql_item order by item.created desc $pager_sql", intval($owner), intval(ITEM_TYPE_ARTICLE) ); @@ -153,6 +157,8 @@ class Articles extends \Zotlabs\Web\Controller { if($r) { + $pager_total = count($r); + $parents_str = ids_to_querystr($r,'id'); $items = q("SELECT item.*, item.id AS item_id @@ -174,13 +180,18 @@ class Articles extends \Zotlabs\Web\Controller { $mode = 'articles'; - $content = conversation($items,$mode,false,'traditional'); + if(get_pconfig(local_channel(),'system','articles_list_mode')) + $page_mode = 'list'; + else + $page_mode = 'traditional'; + + $content = conversation($items,$mode,false,$page_mode); $o = replace_macros(get_markup_template('cards.tpl'), [ '$title' => t('Articles'), '$editor' => $editor, '$content' => $content, - '$pager' => alt_pager($a,count($items)) + '$pager' => alt_pager($a,$pager_total) ]); return $o; diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php index 1bcd88a33..d507f1a9f 100644 --- a/Zotlabs/Module/Cards.php +++ b/Zotlabs/Module/Cards.php @@ -131,6 +131,11 @@ class Cards extends \Zotlabs\Web\Controller { } + $itemspage = get_pconfig(local_channel(),'system','itemspage'); + \App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); + + $sql_extra = item_permissions_sql($owner); $sql_item = ''; @@ -145,7 +150,7 @@ class Cards extends \Zotlabs\Web\Controller { $r = q("select * from item where uid = %d and item_type = %d - $sql_extra $sql_item order by item.created desc", + $sql_extra $sql_item order by item.created desc $pager_sql", intval($owner), intval(ITEM_TYPE_CARD) ); @@ -157,6 +162,8 @@ class Cards extends \Zotlabs\Web\Controller { $items_result = []; if($r) { + $pager_total = count($r); + $parents_str = ids_to_querystr($r, 'id'); $items = q("SELECT item.*, item.id AS item_id @@ -176,13 +183,18 @@ class Cards extends \Zotlabs\Web\Controller { $mode = 'cards'; - $content = conversation($items_result, $mode, false, 'traditional'); + if(get_pconfig(local_channel(),'system','articles_list_mode')) + $page_mode = 'list'; + else + $page_mode = 'traditional'; + + $content = conversation($items_result, $mode, false, $page_mode); $o = replace_macros(get_markup_template('cards.tpl'), [ '$title' => t('Cards'), '$editor' => $editor, '$content' => $content, - '$pager' => alt_pager($a, count($items_result)) + '$pager' => alt_pager($a, $pager_total)) ]); return $o; -- cgit v1.2.3 From 05e11844e5a0f90b7f45f27047b2926442484108 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 22 Mar 2018 17:17:00 -0700 Subject: make list mode work in cards and articles --- Zotlabs/Module/Articles.php | 4 ++-- Zotlabs/Module/Cards.php | 6 +++--- Zotlabs/Module/Display.php | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 5 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Articles.php b/Zotlabs/Module/Articles.php index c622edd10..62ce1cb9c 100644 --- a/Zotlabs/Module/Articles.php +++ b/Zotlabs/Module/Articles.php @@ -180,8 +180,8 @@ class Articles extends \Zotlabs\Web\Controller { $mode = 'articles'; - if(get_pconfig(local_channel(),'system','articles_list_mode')) - $page_mode = 'list'; + if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card)) + $page_mode = 'pager_list'; else $page_mode = 'traditional'; diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php index d507f1a9f..d3b16e82e 100644 --- a/Zotlabs/Module/Cards.php +++ b/Zotlabs/Module/Cards.php @@ -183,8 +183,8 @@ class Cards extends \Zotlabs\Web\Controller { $mode = 'cards'; - if(get_pconfig(local_channel(),'system','articles_list_mode')) - $page_mode = 'list'; + if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card)) + $page_mode = 'pager_list'; else $page_mode = 'traditional'; @@ -194,7 +194,7 @@ class Cards extends \Zotlabs\Web\Controller { '$title' => t('Cards'), '$editor' => $editor, '$content' => $content, - '$pager' => alt_pager($a, $pager_total)) + '$pager' => alt_pager($a, $pager_total) ]); return $o; diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 8e8a1ed24..fa29ce66c 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -134,6 +134,40 @@ class Display extends \Zotlabs\Web\Controller { return ''; } } + if($target_item['item_type'] == ITEM_TYPE_ARTICLE) { + $x = q("select * from channel where channel_id = %d limit 1", + intval($target_item['uid']) + ); + $y = q("select * from iconfig left join item on iconfig.iid = item.id + where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and item.id = %d limit 1", + intval($target_item['uid']), + intval($target_item['id']) + ); + if($x && $y) { + goaway(z_root() . '/articles/' . $x[0]['channel_address'] . '/' . $y[0]['v']); + } + else { + notice( t('Page not found.') . EOL); + return ''; + } + } + if($target_item['item_type'] == ITEM_TYPE_CARD) { + $x = q("select * from channel where channel_id = %d limit 1", + intval($target_item['uid']) + ); + $y = q("select * from iconfig left join item on iconfig.iid = item.id + where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'CARD' and item.id = %d limit 1", + intval($target_item['uid']), + intval($target_item['id']) + ); + if($x && $y) { + goaway(z_root() . '/cards/' . $x[0]['channel_address'] . '/' . $y[0]['v']); + } + else { + notice( t('Page not found.') . EOL); + return ''; + } + } $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); -- cgit v1.2.3 From 558e3f804247b14448969d8a0c8cf83b6c0fe4d7 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 24 Mar 2018 02:22:24 -0700 Subject: code optimisations and de-duplication on updating parent commented timestamp --- Zotlabs/Module/Moderate.php | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Moderate.php b/Zotlabs/Module/Moderate.php index b4709f3bd..10c8ab8f2 100644 --- a/Zotlabs/Module/Moderate.php +++ b/Zotlabs/Module/Moderate.php @@ -47,24 +47,17 @@ class Moderate extends \Zotlabs\Web\Controller { ); if($r) { + $item = $r[0]; + if($action === 'approve') { q("update item set item_blocked = 0 where uid = %d and id = %d", intval(local_channel()), intval($post_id) ); - // update the parent's commented timestamp + $item['item_blocked'] = 0; - $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ", - dbesc($r[0]['parent_mid']), - intval(local_channel()) - ); - - q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d", - dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), - dbesc(datetime_convert()), - intval($r[0]['parent']) - ); + item_update_parent_commented($item); notice( t('Comment approved') . EOL); } @@ -72,6 +65,8 @@ class Moderate extends \Zotlabs\Web\Controller { drop_item($post_id,false); notice( t('Comment deleted') . EOL); } + + // refetch the item after changes have been made $r = q("select * from item where id = %d", intval($post_id) -- cgit v1.2.3 From d4e91d5d9b6f71b20382a6fdc941337cb67b5a5b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 24 Mar 2018 15:13:19 -0700 Subject: app sellpage not being stored --- Zotlabs/Module/Appman.php | 1 + 1 file changed, 1 insertion(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Appman.php b/Zotlabs/Module/Appman.php index 64d4628ae..3ebafafa4 100644 --- a/Zotlabs/Module/Appman.php +++ b/Zotlabs/Module/Appman.php @@ -25,6 +25,7 @@ class Appman extends \Zotlabs\Web\Controller { 'photo' => escape_tags($_REQUEST['photo']), 'version' => escape_tags($_REQUEST['version']), 'price' => escape_tags($_REQUEST['price']), + 'page' => escape_tags($_REQUEST['page']), 'requires' => escape_tags($_REQUEST['requires']), 'system' => intval($_REQUEST['system']), 'plugin' => escape_tags($_REQUEST['plugin']), -- cgit v1.2.3 From 5ea11d1222c24330dee496dade4bd08d362e95bd Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 27 Mar 2018 16:27:28 -0700 Subject: don't include the q and PHPSESSID request variables in a redirected rpost --- Zotlabs/Module/Rpost.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php index e6ea52845..f0c4a06b9 100644 --- a/Zotlabs/Module/Rpost.php +++ b/Zotlabs/Module/Rpost.php @@ -45,7 +45,9 @@ class Rpost extends \Zotlabs\Web\Controller { $url = get_rpost_path(\App::get_observer()); // make sure we're not looping to our own hub if(($url) && (! stristr($url, \App::get_hostname()))) { - foreach($_REQUEST as $key => $arg) { + foreach($_GET as $key => $arg) { + if($key === 'q') + continue; $url .= '&' . $key . '=' . $arg; } goaway($url); -- cgit v1.2.3 From 08274ffab733a2e7c861006d6ba72f4695b069e6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 27 Mar 2018 18:01:20 -0700 Subject: put vcard widget with author of top-level post on display page --- Zotlabs/Module/Display.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index fa29ce66c..d3047bc59 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -102,7 +102,7 @@ class Display extends \Zotlabs\Web\Controller { if($decoded) $item_hash = $decoded; - $r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid like '%s' limit 1", + $r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, author_xchan, item_blocked from item where mid like '%s' limit 1", dbesc($item_hash . '%') ); @@ -110,6 +110,13 @@ class Display extends \Zotlabs\Web\Controller { $target_item = $r[0]; } + $x = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($target_item['author_xchan']) + ); + if($x) { + \App::$poi = $x[0]; + } + //if the item is to be moderated redirect to /moderate if($target_item['item_blocked'] == ITEM_MODERATED) { goaway(z_root() . '/moderate/' . $target_item['id']); @@ -169,6 +176,7 @@ class Display extends \Zotlabs\Web\Controller { } } + $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); -- cgit v1.2.3 From 14383a4c4aac4fc1b62e3dca25f9a2783cdd154c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 27 Mar 2018 18:43:59 -0700 Subject: uexport: set content-type to json and add sections info to the default filename if present --- Zotlabs/Module/Uexport.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Uexport.php b/Zotlabs/Module/Uexport.php index 28c840ceb..9af1887dc 100644 --- a/Zotlabs/Module/Uexport.php +++ b/Zotlabs/Module/Uexport.php @@ -22,8 +22,8 @@ class Uexport extends \Zotlabs\Web\Controller { $month = intval(argv(2)); } - header('content-type: application/octet_stream'); - header('content-disposition: attachment; filename="' . $channel['channel_address'] . (($year) ? '-' . $year : '') . (($month) ? '-' . $month : '') . '.json"' ); + header('content-type: application/json'); + header('content-disposition: attachment; filename="' . $channel['channel_address'] . (($year) ? '-' . $year : '') . (($month) ? '-' . $month : '') . (($_REQUEST['sections']) ? '-' . $_REQUEST['sections'] : '') . '.json"' ); if($year) { echo json_encode(identity_export_year(local_channel(),$year,$month)); -- cgit v1.2.3 From 33bb89729cdb7d8cc462253fd2b984e2e2bf4471 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 29 Mar 2018 02:26:25 -0700 Subject: hubzilla issue #1019 - punycode urls on connedit page when displaying locations --- Zotlabs/Module/Connedit.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index f359175c1..cb9c19cf0 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -828,7 +828,7 @@ class Connedit extends \Zotlabs\Web\Controller { $locstr = locations_by_netid($contact['xchan_hash']); if(! $locstr) - $locstr = $contact['xchan_url']; + $locstr = unpunify($contact['xchan_url']); $clone_warn = ''; $clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false); @@ -852,8 +852,8 @@ class Connedit extends \Zotlabs\Web\Controller { '$permcat' => [ 'permcat', t('Permission role'), '', '',$permcats ], '$permcat_new' => t('Add permission role'), '$permcat_enable' => feature_enabled(local_channel(),'permcats'), - '$addr' => $contact['xchan_addr'], - '$primeurl' => $contact['xchan_url'], + '$addr' => unpunify($contact['xchan_addr']), + '$primeurl' => unpunify($contact['xchan_url']), '$section' => $section, '$sections' => $sections, '$vcard' => $vcard, -- cgit v1.2.3 From 998f39868fd6a4dce11e9f32aabc2744c76785dd Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 29 Mar 2018 14:27:26 -0700 Subject: directory: link entry keywords to a directory keyword search --- Zotlabs/Module/Directory.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index 62a1670f9..87387ef56 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -299,9 +299,9 @@ class Directory extends \Zotlabs\Web\Controller { if(strlen($out)) $out .= ', '; if($marr && in_arrayi($k,$marr)) - $out .= '' . $k . ''; + $out .= '' . $k . ''; else - $out .= $k; + $out .= '' . $k . ''; } } -- cgit v1.2.3 From 6d0e1b0e07f26ee07d9f53732daab8ade12566d0 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 29 Mar 2018 17:06:23 -0700 Subject: display and link issues with quoted tags --- Zotlabs/Module/Tagger.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Tagger.php b/Zotlabs/Module/Tagger.php index 603a95f2b..24adf1bde 100644 --- a/Zotlabs/Module/Tagger.php +++ b/Zotlabs/Module/Tagger.php @@ -80,6 +80,8 @@ class Tagger extends \Zotlabs\Web\Controller { break; } + + $clean_term = trim($term,'"\' '); $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => z_root() . '/display/' . gen_link_id($item['mid']))); @@ -103,15 +105,15 @@ class Tagger extends \Zotlabs\Web\Controller { ), )); - $tagid = z_root() . '/search?tag=' . $term; + $tagid = z_root() . '/search?tag=' . $clean_term; $objtype = ACTIVITY_OBJ_TAGTERM; $obj = json_encode(array( 'type' => $objtype, 'id' => $tagid, 'link' => array(array('rel' => 'alternate','type' => 'text/html', 'href' => $tagid)), - 'title' => $term, - 'content' => $term + 'title' => $clean_term, + 'content' => $clean_term )); $bodyverb = t('%1$s tagged %2$s\'s %3$s with %4$s'); @@ -119,7 +121,7 @@ class Tagger extends \Zotlabs\Web\Controller { // saving here for reference // also check out x22d5 and x2317 and x0d6b and x0db8 and x24d0 and xff20 !!! - $termlink = html_entity_decode('⋕') . '[zrl=' . z_root() . '/search?tag=' . urlencode($term) . ']'. $term . '[/zrl]'; + $termlink = html_entity_decode('⋕') . '[zrl=' . z_root() . '/search?tag=' . urlencode($clean_term) . ']'. $clean_term . '[/zrl]'; $channel = \App::get_channel(); @@ -143,8 +145,7 @@ class Tagger extends \Zotlabs\Web\Controller { $arr['obj_type'] = $objtype; $arr['obj'] = $obj; $arr['parent_mid'] = $item['mid']; - - store_item_tag($item['uid'],$item['id'],TERM_OBJ_POST,TERM_COMMUNITYTAG,$term,$tagid); + store_item_tag($item['uid'],$item['id'],TERM_OBJ_POST,TERM_COMMUNITYTAG,$clean_term,$tagid); $ret = post_activity_item($arr); if($ret['success']) { -- cgit v1.2.3 From f54aa4f21e63e2d0be94ee92f681ddec641da441 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 30 Mar 2018 01:59:32 -0700 Subject: allow case independence of replacements as well as patterns --- Zotlabs/Module/Hashtags.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Hashtags.php b/Zotlabs/Module/Hashtags.php index edb631871..300485196 100644 --- a/Zotlabs/Module/Hashtags.php +++ b/Zotlabs/Module/Hashtags.php @@ -18,7 +18,7 @@ class Hashtags extends \Zotlabs\Web\Controller { ); if($r) { foreach($r as $rv) { - $result[] = [ 'text' => strtolower($rv['term']) ]; + $result[] = [ 'text' => $rv['term'] ]; } } -- cgit v1.2.3 From 43249bd4be8495dadaae859bf42f14a90af7b574 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 30 Mar 2018 15:18:33 -0700 Subject: hubzilla issue #1020 - PM using unicode domain for recipient. May require further testing --- Zotlabs/Module/Acl.php | 2 +- Zotlabs/Module/Mail.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 245b0a9b7..ef901aef1 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -95,7 +95,7 @@ class Acl extends \Zotlabs\Web\Controller { . "' IN xchan_name) else position('" . protect_sprintf(dbesc(punify($search))) . "' IN xchan_addr) end, "; $col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' ); - $sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; + $sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc(($col === 'xchan_addr') ? punify($search) : $search) . "%'" ) . " "; } else { diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php index b58b169d0..ca183f644 100644 --- a/Zotlabs/Module/Mail.php +++ b/Zotlabs/Module/Mail.php @@ -67,14 +67,14 @@ class Mail extends \Zotlabs\Web\Controller { if(! $recipient) { $channel = \App::get_channel(); - $j = \Zotlabs\Zot\Finger::run($rstr,$channel); + $j = \Zotlabs\Zot\Finger::run(punify($rstr),$channel); if(! $j['success']) { notice( t('Unable to lookup recipient.') . EOL); return; } - logger('message_post: lookup: ' . $url . ' ' . print_r($j,true)); + logger('message_post: lookup: ' . $rstr . ' ' . print_r($j,true)); if(! $j['guid']) { notice( t('Unable to communicate with requested channel.')); -- cgit v1.2.3 From af125fbe4f72b1f170ef6722d1bf9ca4beb3c7c5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 30 Mar 2018 16:09:25 -0700 Subject: Hubzilla issue #1022 - provide a way to share wiki pages. Currently this is only implemented in the 'edit' pane and could use some improvement/enhancement --- Zotlabs/Module/Wiki.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index ae543eb98..a2cc87f13 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -284,6 +284,8 @@ class Wiki extends \Zotlabs\Web\Controller { $wikiheaderPage = urldecode($pageUrlName); $renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page')); + $sharePage = t('Share page'); + $p = []; if(! $ignore_language) { @@ -354,6 +356,8 @@ class Wiki extends \Zotlabs\Web\Controller { '$wikiheaderName' => $wikiheaderName, '$wikiheaderPage' => $wikiheaderPage, '$renamePage' => $renamePage, + '$sharePage' => $sharePage, + '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'), '$showPageControls' => $showPageControls, '$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')), '$tools_label' => 'Page Tools', -- cgit v1.2.3 From 1c3e6697615b70d2528856b6c8e69962a14763dc Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 30 Mar 2018 16:47:47 -0700 Subject: Hubzilla issue #1022 - improve the usability --- Zotlabs/Module/Wiki.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index a2cc87f13..696191f70 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -284,7 +284,7 @@ class Wiki extends \Zotlabs\Web\Controller { $wikiheaderPage = urldecode($pageUrlName); $renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page')); - $sharePage = t('Share page'); + $sharePage = t('Share'); $p = []; @@ -357,7 +357,7 @@ class Wiki extends \Zotlabs\Web\Controller { '$wikiheaderPage' => $wikiheaderPage, '$renamePage' => $renamePage, '$sharePage' => $sharePage, - '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'), + '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . '[ ' . $owner['channel_name'] . ' ] - ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'), '$showPageControls' => $showPageControls, '$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')), '$tools_label' => 'Page Tools', -- cgit v1.2.3 From 1e086a4ac8ba45d179f9130c5a49aa68b1949909 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 30 Mar 2018 17:13:21 -0700 Subject: Hubzilla issue #1022 cleanup of post formatting --- Zotlabs/Module/Wiki.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 696191f70..7dc8eb1bc 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -357,7 +357,7 @@ class Wiki extends \Zotlabs\Web\Controller { '$wikiheaderPage' => $wikiheaderPage, '$renamePage' => $renamePage, '$sharePage' => $sharePage, - '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . '[ ' . $owner['channel_name'] . ' ] - ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'), + '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'), '$showPageControls' => $showPageControls, '$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')), '$tools_label' => 'Page Tools', -- cgit v1.2.3 From e155e7d9ce36ba87a77f8c9089a69c808172a1ef Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 31 Mar 2018 01:43:33 -0700 Subject: undo vcard on display module until we can make it accurate --- Zotlabs/Module/Display.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index d3047bc59..30f2a7f5f 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -114,7 +114,8 @@ class Display extends \Zotlabs\Web\Controller { dbesc($target_item['author_xchan']) ); if($x) { - \App::$poi = $x[0]; +// not yet ready for prime time +// \App::$poi = $x[0]; } //if the item is to be moderated redirect to /moderate -- cgit v1.2.3 From bcffb6cf55ff2d9d88fcb38105695b14ea3586b3 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 1 Apr 2018 16:53:10 -0700 Subject: obscurify chats --- Zotlabs/Module/Chatsvc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Chatsvc.php b/Zotlabs/Module/Chatsvc.php index 0f79e3b4c..b4657e84d 100644 --- a/Zotlabs/Module/Chatsvc.php +++ b/Zotlabs/Module/Chatsvc.php @@ -60,7 +60,7 @@ class Chatsvc extends \Zotlabs\Web\Controller { intval(\App::$data['chat']['room_id']), dbesc(get_observer_hash()), dbesc(datetime_convert()), - dbesc($arr['chat_text']) + dbesc(str_rot47(base64url_encode($arr['chat_text']))) ); $ret['success'] = true; @@ -157,7 +157,7 @@ class Chatsvc extends \Zotlabs\Web\Controller { 'name' => $rr['xchan_name'], 'isotime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'c'), 'localtime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'r'), - 'text' => zidify_links(smilies(bbcode($rr['chat_text']))), + 'text' => zidify_links(smilies(bbcode(base64url_decode(str_rot47($rr['chat_text']))))), 'self' => ((get_observer_hash() == $rr['chat_xchan']) ? 'self' : '') ); } -- cgit v1.2.3 From cf6d51bee84bfd147e36084b79c5bdc2093d0081 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 2 Apr 2018 22:47:11 -0700 Subject: some more work on hubzilla issue #1019 --- Zotlabs/Module/Settings/Channel.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php index 139e5f966..a7dfdd790 100644 --- a/Zotlabs/Module/Settings/Channel.php +++ b/Zotlabs/Module/Settings/Channel.php @@ -412,12 +412,16 @@ class Channel { )); $subdir = ((strlen(\App::get_path())) ? '
' . t('or') . ' ' . z_root() . '/channel/' . $nickname : ''); + + $webbie = $nickname . '@' . \App::get_hostname(); + $intl_nickname = unpunify($nickname) . '@' . unpunify(\App::get_hostname()); + $tpl_addr = get_markup_template("settings_nick_set.tpl"); $prof_addr = replace_macros($tpl_addr,array( '$desc' => t('Your channel address is'), - '$nickname' => $nickname, + '$nickname' => (($intl_nickname === $webbie) ? $webbie : $intl_nickname . ' (' . $webbie . ')'), '$subdir' => $subdir, '$davdesc' => t('Your files/photos are accessible via WebDAV at'), '$davpath' => ((get_account_techlevel() > 3) ? z_root() . '/dav/' . $nickname : ''), -- cgit v1.2.3 From 4915a4efbb5a25668a917a953b8d8c49a3181e1c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 3 Apr 2018 21:08:40 -0700 Subject: OAuth2 integration --- Zotlabs/Module/Authorize.php | 18 ++++++++---------- Zotlabs/Module/Oauth2testvehicle.php | 2 ++ 2 files changed, 10 insertions(+), 10 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index c76dfb9df..bfb76150f 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -14,13 +14,13 @@ class Authorize extends \Zotlabs\Web\Controller { // OpenID Connect Dynamic Client Registration 1.0 Client Metadata // http://openid.net/specs/openid-connect-registration-1_0.html $app = array( - 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : 'Unknown App'), - 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'), - 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''), + 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')), + 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'), + 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''), ); $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( - '$title' => '', - '$authorize' => 'Do you authorize the app ' . $app['name'] . ' to access your channel data?', + '$title' => t('Authorize'), + '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '' . $app['name'] . ' '), '$app' => $app, '$yes' => t('Allow'), '$no' => t('Deny'), @@ -33,8 +33,8 @@ class Authorize extends \Zotlabs\Web\Controller { } function post() { - if (!local_channel()) { - return $this->get(); + if (! local_channel()) { + return; } $storage = new OAuth2Storage(\DBA::$dba->db); @@ -85,10 +85,8 @@ class Authorize extends \Zotlabs\Web\Controller { $is_authorized = ($_POST['authorize'] === 'allow'); $s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel()); if ($is_authorized) { - // this is only here so that you get to see your code in the cURL request. Otherwise, - // we'd redirect back to the client $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40); - echo("SUCCESS! Authorization Code: $code"); + logger('Authorization Code: ' . $code); } $response->send(); diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 82e309f1c..8d6552e36 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -164,6 +164,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { $_SESSION['access_token'] = $response['access_token']; } break; +/* case 'delete_db': $status = true; // Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables @@ -206,6 +207,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { $_SESSION['success'] = 'create_db'; } break; +*/ default: break; -- cgit v1.2.3 From 29b377d4c56763807d514a0e192cd12dd717f45d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 3 Apr 2018 21:13:26 -0700 Subject: get rid of dangerous test code --- Zotlabs/Module/Oauth2testvehicle.php | 68 ------------------------------------ 1 file changed, 68 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 8d6552e36..a724dc549 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -48,30 +48,6 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { ) */ '$endpoints' => array( - array( - 'oauth2testvehicle', - array( - array( - 'action', 'delete_db' - ) - ), - 'oauth2test_delete_db', - 'Delete the OAuth2 database tables', - 'POST', - ($_SESSION['success'] === 'delete_db'), - ), - array( - 'oauth2testvehicle', - array( - array( - 'action', 'create_db' - ) - ), - 'oauth2test_create_db', - 'Create the OAuth2 database tables', - 'POST', - ($_SESSION['success'] === 'create_db'), - ), array( 'authorize', array( @@ -164,50 +140,6 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { $_SESSION['access_token'] = $response['access_token']; } break; -/* - case 'delete_db': - $status = true; - // Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables - // by passing it the database connection - $pdo = \DBA::$dba->db; - $storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo); - foreach ($storage->getConfig() as $key => $table) { - $r = q("DROP TABLE %s;", dbesc($table)); - if (!$r) { - $status = false; - } - } - if (!$status) { - notice('Errors encountered deleting database tables.' . EOL); - $_SESSION['success'] = ''; - } else { - info('Database tables deleted successfully.' . EOL); - $_SESSION['success'] = 'delete_db'; - } - break; - - case 'create_db': - $status = true; - @include('.htconfig.php'); - $pdo = \DBA::$dba->db; - $storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo); - foreach (explode(';', $storage->getBuildSql($db_data)) as $statement) { - try { - $result = $pdo->exec($statement); - } catch (\PDOException $e) { - $status = false; - } - } - - if (!$status) { - notice('Errors encountered creating database tables.' . EOL); - $_SESSION['success'] = ''; - } else { - info('Database tables created successfully.' . EOL); - $_SESSION['success'] = 'create_db'; - } - break; -*/ default: break; -- cgit v1.2.3 From 8871f8d0f4b33a4ed76ce18c15b7a8fcab916d6e Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 3 Apr 2018 21:58:11 -0700 Subject: disable the oauth2testvehicle completely until it is safe --- Zotlabs/Module/Oauth2testvehicle.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index a724dc549..5ae278e8c 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -11,6 +11,8 @@ namespace Zotlabs\Module; class OAuth2TestVehicle extends \Zotlabs\Web\Controller { function init() { + + killme(); // If there is a 'code' and 'state' parameter then this is a client app // callback issued after the authorization code request @@ -20,7 +22,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { // cookie, and compare it when the user comes back. This ensures your // redirection endpoint isn't able to be tricked into attempting to // exchange arbitrary authorization codes." - $_SESSION['redirect_uri'] = 'http://hub.localhost/oauth2testvehicle'; + $_SESSION['redirect_uri'] = z_root() . '/oauth2testvehicle'; $_SESSION['authorization_code'] = (x($_REQUEST, 'code') ? $_REQUEST['code'] : $_SESSION['authorization_code']); $_SESSION['state'] = (x($_REQUEST, 'state') ? $_REQUEST['state'] : $_SESSION['state'] ); $_SESSION['client_id'] = (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : $_SESSION['client_id'] ); -- cgit v1.2.3 From 1a25b0bda7d598888a49ee722f0f5cbea2a2f8f9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 4 Apr 2018 17:54:43 -0700 Subject: allow the profile recrods to be cloned separately --- Zotlabs/Module/Like.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 6d9fde17c..12de86e72 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -296,10 +296,11 @@ class Like extends \Zotlabs\Web\Controller { notice( t('Permission denied') . EOL); killme(); } - + $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['owner_xchan']) ); + if($r) $thread_owner = $r[0]; else -- cgit v1.2.3 From e8646799427a51a13e97f83a7858274fbf85ba20 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 4 Apr 2018 18:53:06 -0700 Subject: private forum mentions --- Zotlabs/Module/Item.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index fba2ef7a4..ad72d9ccd 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -542,7 +542,7 @@ class Item extends \Zotlabs\Web\Controller { // Look for tags and linkify them $results = linkify_tags($a, $body, ($uid) ? $uid : $profile_uid); - + if($results) { // Set permissions based on tag replacements -- cgit v1.2.3 From b7386a0e88ca292bf183cd1de9b09bd6e819172d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 5 Apr 2018 16:58:37 -0700 Subject: fix permalinks to children of articles and cards --- Zotlabs/Module/Display.php | 6 +++--- Zotlabs/Module/Item.php | 1 + Zotlabs/Module/Like.php | 1 + Zotlabs/Module/React.php | 1 + 4 files changed, 6 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 30f2a7f5f..06c9479b2 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -132,7 +132,7 @@ class Display extends \Zotlabs\Web\Controller { $y = q("select * from iconfig left join item on iconfig.iid = item.id where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'WEBPAGE' and item.id = %d limit 1", intval($target_item['uid']), - intval($target_item['id']) + intval($target_item['parent']) ); if($x && $y) { goaway(z_root() . '/page/' . $x[0]['channel_address'] . '/' . $y[0]['v']); @@ -149,7 +149,7 @@ class Display extends \Zotlabs\Web\Controller { $y = q("select * from iconfig left join item on iconfig.iid = item.id where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and item.id = %d limit 1", intval($target_item['uid']), - intval($target_item['id']) + intval($target_item['parent']) ); if($x && $y) { goaway(z_root() . '/articles/' . $x[0]['channel_address'] . '/' . $y[0]['v']); @@ -166,7 +166,7 @@ class Display extends \Zotlabs\Web\Controller { $y = q("select * from iconfig left join item on iconfig.iid = item.id where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'CARD' and item.id = %d limit 1", intval($target_item['uid']), - intval($target_item['id']) + intval($target_item['parent']) ); if($x && $y) { goaway(z_root() . '/cards/' . $x[0]['channel_address'] . '/' . $y[0]['v']); diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index ad72d9ccd..bba1dc02d 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -468,6 +468,7 @@ class Item extends \Zotlabs\Web\Controller { $private = intval($acl->is_private() || $parent_item['item_private']); $public_policy = $parent_item['public_policy']; $owner_hash = $parent_item['owner_xchan']; + $webpage = $parent_item['item_type']; } if((! $allow_empty) && (! strlen($body))) { diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 12de86e72..4e216f08b 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -419,6 +419,7 @@ class Like extends \Zotlabs\Web\Controller { $arr['item_origin'] = 1; $arr['item_notshown'] = 1; + $arr['item_type'] = $item['item_type']; if(intval($item['item_wall'])) $arr['item_wall'] = 1; diff --git a/Zotlabs/Module/React.php b/Zotlabs/Module/React.php index 6473317c7..fbb760786 100644 --- a/Zotlabs/Module/React.php +++ b/Zotlabs/Module/React.php @@ -49,6 +49,7 @@ class React extends \Zotlabs\Web\Controller { $n['aid'] = $channel['channel_account_id']; $n['uid'] = $channel['channel_id']; $n['item_origin'] = true; + $n['item_type'] = $i[0]['item_type']; $n['parent'] = $postid; $n['parent_mid'] = $i[0]['mid']; $n['mid'] = item_message_id(); -- cgit v1.2.3 From 4a45c35c4e0e27b737d80a6f151b0b50aaef3d1e Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 5 Apr 2018 21:01:36 -0700 Subject: oauth2 client settings page --- Zotlabs/Module/Settings/Oauth.php | 11 +-- Zotlabs/Module/Settings/Oauth2.php | 160 +++++++++++++++++++++++++++++++++++++ 2 files changed, 166 insertions(+), 5 deletions(-) create mode 100644 Zotlabs/Module/Settings/Oauth2.php (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Oauth.php b/Zotlabs/Module/Settings/Oauth.php index c612c7667..d6576c6de 100644 --- a/Zotlabs/Module/Settings/Oauth.php +++ b/Zotlabs/Module/Settings/Oauth.php @@ -23,11 +23,12 @@ class Oauth { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); - $name = ((x($_POST,'name')) ? $_POST['name'] : ''); - $key = ((x($_POST,'key')) ? $_POST['key'] : ''); - $secret = ((x($_POST,'secret')) ? $_POST['secret'] : ''); - $redirect = ((x($_POST,'redirect')) ? $_POST['redirect'] : ''); - $icon = ((x($_POST,'icon')) ? $_POST['icon'] : ''); + $name = ((x($_POST,'name')) ? escape_tags($_POST['name']) : ''); + $key = ((x($_POST,'key')) ? escape_tags($_POST['key']) : ''); + $secret = ((x($_POST,'secret')) ? escape_tags($_POST['secret']) : ''); + $redirect = ((x($_POST,'redirect')) ? escape_tags($_POST['redirect']) : ''); + $icon = ((x($_POST,'icon')) ? escape_tags($_POST['icon']) : ''); + $oauth2 = ((x($_POST,'oauth2')) ? intval($_POST['oauth2']) : 0); $ok = true; if($name == '') { $ok = false; diff --git a/Zotlabs/Module/Settings/Oauth2.php b/Zotlabs/Module/Settings/Oauth2.php new file mode 100644 index 000000000..88bbea3b8 --- /dev/null +++ b/Zotlabs/Module/Settings/Oauth2.php @@ -0,0 +1,160 @@ + 2) && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST,'submit')) { + + check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2'); + + $name = ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : ''); + $secret = ((x($_POST,'secret')) ? escape_tags(trim($_POST['secret'])) : ''); + $redirect = ((x($_POST,'redirect')) ? escape_tags(trim($_POST['redirect'])) : ''); + $grant = ((x($_POST,'grant')) ? escape_tags(trim($_POST['grant'])) : ''); + $scope = ((x($_POST,'scope')) ? escape_tags(trim($_POST['scope'])) : ''); + + $ok = true; + if($name == '' || $secret == '') { + $ok = false; + notice( t('Name and Secret are required') . EOL); + } + + if($ok) { + if ($_POST['submit']==t("Update")){ + $r = q("UPDATE oauth_clients SET + client_id = '%s', + client_secret = '%s', + redirect_uri = '%s', + grant_types = '%s', + scope = '%s', + user_id = '%s' + WHERE client_id='%s'", + dbesc($name), + dbesc($secret), + dbesc($redirect), + dbesc($grant), + dbesc($scope), + dbesc(local_channel()), + dbesc($name)); + } else { + $r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id) + VALUES ('%s','%s','%s','%s','%s','%s')", + dbesc($name), + dbesc($secret), + dbesc($redirect), + dbesc($grant), + dbesc($scope), + dbesc(local_channel()) + ); + $r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", + dbesc($name), + intval(local_channel()), + dbesc('all') + ); + } + } + goaway(z_root()."/settings/oauth2/"); + return; + } + } + + function get() { + + if((argc() > 2) && (argv(2) === 'add')) { + $tpl = get_markup_template("settings_oauth2_edit.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_oauth2"), + '$title' => t('Add OAuth2 application'), + '$submit' => t('Submit'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), '', t('Name of application')), + '$secret' => array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')), + '$redirect' => array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')), + '$grant' => array('grant', t('Grant Types'), '', t('leave blank unless your application sepcifically requires this')), + '$scope' => array('scope', t('Authorization scope'), '', t('leave blank unless your application sepcifically requires this')), + )); + return $o; + } + + if((argc() > 3) && (argv(2) === 'edit')) { + $r = q("SELECT * FROM oauth_clients WHERE client_id='%s' AND user_id= '%s'", + dbesc(argv(3)), + dbesc(local_channel()) + ); + + if (! $r){ + notice(t('OAuth2 Application not found.')); + return; + } + + $app = $r[0]; + + $tpl = get_markup_template("settings_oauth2_edit.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_oauth2"), + '$title' => t('Add application'), + '$submit' => t('Update'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), $app['client_id'], t('Name of application')), + '$secret' => array('secret', t('Consumer Secret'), $app['client_secret'], t('Automatically generated - change if desired. Max length 20')), + '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], t('Redirect URI - leave blank unless your application specifically requires this')), + '$grant' => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application sepcifically requires this')), + '$scope' => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application sepcifically requires this')), + )); + return $o; + } + + if((argc() > 3) && (argv(2) === 'delete')) { + check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2', 't'); + + $r = q("DELETE FROM oauth_clients WHERE client_id = '%s' AND user_id = '%s'", + dbesc(argv(3)), + dbesc(local_channel()) + ); + goaway(z_root()."/settings/oauth2/"); + return; + } + + + $r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = '%s') AS my + FROM oauth_clients + LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id + WHERE oauth_clients.user_id IN ('%s',0)", + dbesc(local_channel()), + dbesc(local_channel()) + ); + + $tpl = get_markup_template("settings_oauth2.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_oauth2"), + '$baseurl' => z_root(), + '$title' => t('Connected OAuth2 Apps'), + '$add' => t('Add application'), + '$edit' => t('Edit'), + '$delete' => t('Delete'), + '$consumerkey' => t('Client key starts with'), + '$noname' => t('No name'), + '$remove' => t('Remove authorization'), + '$apps' => $r, + )); + return $o; + + } + +} \ No newline at end of file -- cgit v1.2.3 From b17f7410501acadbf547c68a4577c371826e69e3 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 5 Apr 2018 22:15:15 -0700 Subject: bring back the dnt policy document, not sure when it was lost --- Zotlabs/Module/Well_known.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Well_known.php b/Zotlabs/Module/Well_known.php index b57666bff..177de2323 100644 --- a/Zotlabs/Module/Well_known.php +++ b/Zotlabs/Module/Well_known.php @@ -26,7 +26,6 @@ class Well_known extends \Zotlabs\Web\Controller { killme(); } - switch(argv(1)) { case 'zot-info': \App::$argc -= 1; @@ -52,6 +51,10 @@ class Well_known extends \Zotlabs\Web\Controller { $module->init(); break; + case 'dnt-policy.txt': + echo file_get_contents('doc/dnt-policy.txt'); + killme(); + default: if(file_exists(\App::$cmd)) { echo file_get_contents(\App::$cmd); -- cgit v1.2.3 From 4d08fcf1a7075c933c8b57b9bf1d66acbb19ec07 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 7 Apr 2018 13:29:36 +0200 Subject: Use Add Files/Photos instead of Upload to open the upload dialog --- Zotlabs/Module/Photos.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 81af607ec..05cacb2c2 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -841,7 +841,7 @@ class Photos extends \Zotlabs\Web\Controller { '$album_id' => $datum, '$album_edit' => array(t('Edit Album'), $album_edit), '$can_post' => $can_post, - '$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . $datum), + '$upload' => array(t('Add Photos'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . $datum), '$order' => $order, '$upload_form' => $upload_form, '$usage' => $usage_message @@ -1378,7 +1378,7 @@ class Photos extends \Zotlabs\Web\Controller { '$title' => t('Recent Photos'), '$album_id' => bin2hex(t('Recent Photos')), '$can_post' => $can_post, - '$upload' => array(t('Upload'), z_root().'/photos/'.\App::$data['channel']['channel_address'].'/upload'), + '$upload' => array(t('Add Photos'), z_root().'/photos/'.\App::$data['channel']['channel_address'].'/upload'), '$photos' => $photos, '$upload_form' => $upload_form, '$usage' => $usage_message -- cgit v1.2.3 From 969a91c4321eecade0537bf40b2ba5930da27d8a Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 7 Apr 2018 13:36:34 +0200 Subject: use Title instead of Caption - issue #1037 --- Zotlabs/Module/Photos.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 05cacb2c2..fa22c3f26 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -695,8 +695,8 @@ class Photos extends \Zotlabs\Web\Controller { '$newalbum_label' => t('Enter an album name'), '$newalbum_placeholder' => t('or select an existing album (doubleclick)'), '$visible' => array('visible', t('Create a status post for this upload'), 0,'', array(t('No'), t('Yes')), 'onclick="showHideBodyTextarea();"'), - '$caption' => array('description', t('Caption (optional):')), - '$body' => array('body', t('Description (optional):'),'', 'Description will only appear in the status post'), + '$caption' => array('description', t('Title (optional)')), + '$body' => array('body', t('Description (optional)'),'', 'Description will only appear in the status post'), '$albums' => $albums['albums'], '$selname' => $selname, '$permissions' => t('Permissions'), @@ -1065,7 +1065,7 @@ class Photos extends \Zotlabs\Web\Controller { 'newalbum_placeholder' => t('or select an existing one (doubleclick)'), 'nickname' => \App::$data['channel']['channel_address'], 'resource_id' => $ph[0]['resource_id'], - 'capt_label' => t('Caption'), + 'capt_label' => t('Title (optional)'), 'caption' => $caption_e, 'tag_label' => t('Add a Tag'), 'permissions' => t('Permissions'), -- cgit v1.2.3 From 0fd763433912d50b07a0d2fc20208e1060318df7 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 7 Apr 2018 13:50:41 +0200 Subject: rename relation to relationship - issue #1044 --- Zotlabs/Module/Profiles.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index e02cb33db..202ee462a 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -732,7 +732,7 @@ class Profiles extends \Zotlabs\Web\Controller { '$addthing' => t('Add profile things'), '$personal' => t('Personal'), '$location' => t('Location'), - '$relation' => t('Relation'), + '$relation' => t('Relationship'), '$miscellaneous'=> t('Miscellaneous'), '$exportable' => feature_enabled(local_channel(),'profile_export'), '$lbl_import' => t('Import profile from file'), -- cgit v1.2.3 From 9369150db7ada4b57936caef838766c806aa1ca7 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 7 Apr 2018 14:15:07 +0200 Subject: rename button label in editpost from edit to submit --- Zotlabs/Module/Editpost.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php index a54c42e7f..57a4cb97f 100644 --- a/Zotlabs/Module/Editpost.php +++ b/Zotlabs/Module/Editpost.php @@ -82,7 +82,7 @@ class Editpost extends \Zotlabs\Web\Controller { 'editor_autocomplete'=> true, 'bbco_autocomplete'=> 'bbcode', 'return_path' => $_SESSION['return_url'], - 'button' => t('Edit'), + 'button' => t('Submit'), 'hide_voting' => true, 'hide_future' => true, 'hide_location' => true, -- cgit v1.2.3 From d47ea20aa8bb8219f7a0760e81ba3db542392390 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 7 Apr 2018 16:54:49 -0700 Subject: we shouldn't need distinct here, since ids_to_querystr() will filter duplicates. It might have an effect on pager totals. Need to monitor for a few days. --- Zotlabs/Module/Channel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 3d3eb2a85..6a334b59a 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -204,7 +204,7 @@ class Channel extends \Zotlabs\Web\Controller { $_SESSION['loadtime'] = datetime_convert(); } else { - $r = q("SELECT distinct parent AS item_id from item + $r = q("SELECT parent AS item_id from item left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) WHERE uid = %d $item_normal_update AND item_wall = 1 $simple_update -- cgit v1.2.3 From f2078b25adc71e8c9b1b197864bbb3f4aab6fb8b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 8 Apr 2018 16:51:11 -0700 Subject: hubzilla issue #1050 pubstream notifications visible when pubstream is not --- Zotlabs/Module/Ping.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Ping.php b/Zotlabs/Module/Ping.php index eab49d69e..55ce40929 100644 --- a/Zotlabs/Module/Ping.php +++ b/Zotlabs/Module/Ping.php @@ -140,7 +140,8 @@ class Ping extends \Zotlabs\Web\Controller { db_utcnow(), db_quoteinterval('3 MINUTE') ); - $discover_tab_on = ((get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false) ? false : true); + $discover_tab_on = can_view_public_stream(); + $notify_pubs = ((local_channel()) ? ($vnotify & VNOTIFY_PUBS) && $discover_tab_on : $discover_tab_on); if($notify_pubs) { -- cgit v1.2.3 From c3cd613f427b6aef483fce0c5bd1cebcefba8891 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 8 Apr 2018 17:30:46 -0700 Subject: extend AC --- Zotlabs/Module/Acl.php | 2 +- Zotlabs/Module/Search.php | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index ef901aef1..4c5883e88 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -24,7 +24,7 @@ class Acl extends \Zotlabs\Web\Controller { function init() { - logger('mod_acl: ' . print_r($_REQUEST,true)); + logger('mod_acl: ' . print_r($_REQUEST,true),LOGGER_DATA); $start = (x($_REQUEST,'start') ? $_REQUEST['start'] : 0); $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 500); diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index 55e0e746f..43464ad8b 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -66,6 +66,10 @@ class Search extends \Zotlabs\Web\Controller { $search = substr($search,1); goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search); } + if(strpos($search,'!') === 0) { + $search = substr($search,1); + goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search); + } if(strpos($search,'?') === 0) { $search = substr($search,1); goaway(z_root() . '/help' . '?f=1&navsearch=1&search=' . $search); -- cgit v1.2.3 From e0255c0dc45d8c670b865087336b4807d831e0fb Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 8 Apr 2018 20:05:30 -0700 Subject: first cut of feature/techlevel merge --- Zotlabs/Module/Settings/Features.php | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Features.php b/Zotlabs/Module/Settings/Features.php index 5b642acc3..3c3205c65 100644 --- a/Zotlabs/Module/Settings/Features.php +++ b/Zotlabs/Module/Settings/Features.php @@ -11,7 +11,13 @@ class Features { // Build list of features and check which are set // We will not create any settings for features that are above our techlevel - $features = get_features(); + if(intval($_REQUEST['techlevel'])) + $level = intval($_REQUEST['techlevel']); + else { + $level = get_account_techlevel(); + } + + $features = get_features(true,$level); $all_features = array(); foreach($features as $k => $v) { foreach($v as $f) @@ -28,9 +34,21 @@ class Features { } function get() { - $arr = array(); - $features = get_features(); - + + $arr = []; + if(intval($_REQUEST['techlevel'])) + $level = intval($_REQUEST['techlevel']); + else { + $level = get_account_techlevel(); + } + + $techlevels = \Zotlabs\Lib\Techlevels::levels(); + + $def_techlevel = \App::$account['account_level']; + $techlock = get_config('system','techlevel_lock'); + + $features = get_features(true,$level); + foreach($features as $fname => $fdata) { $arr[$fname] = array(); $arr[$fname][0] = $fdata[0]; @@ -43,6 +61,8 @@ class Features { $o .= replace_macros($tpl, array( '$form_security_token' => get_form_security_token("settings_features"), '$title' => t('Additional Features'), + '$techlevel' => [ 'techlevel', t('Your technical skill level'), $def_techlevel, t('Used to provide a member experience and additional features consistent with your comfort level'), $techlevels ], + '$techlock' => $techlock, '$features' => $arr, '$submit' => t('Submit'), )); -- cgit v1.2.3 From e4ee165e296404b5ff6ed8ee252c98313f84de91 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 8 Apr 2018 22:02:48 -0700 Subject: more work merging techlevels and features --- Zotlabs/Module/Settings/Features.php | 57 ++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 25 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Features.php b/Zotlabs/Module/Settings/Features.php index 3c3205c65..43ca57be2 100644 --- a/Zotlabs/Module/Settings/Features.php +++ b/Zotlabs/Module/Settings/Features.php @@ -8,26 +8,16 @@ class Features { function post() { check_form_security_token_redirectOnErr('/settings/features', 'settings_features'); - // Build list of features and check which are set - // We will not create any settings for features that are above our techlevel + $features = get_features(false); - if(intval($_REQUEST['techlevel'])) - $level = intval($_REQUEST['techlevel']); - else { - $level = get_account_techlevel(); - } - - $features = get_features(true,$level); - $all_features = array(); - foreach($features as $k => $v) { - foreach($v as $f) - $all_features[] = $f[0]; - } - foreach($all_features as $k) { - if(x($_POST,"feature_$k")) - set_pconfig(local_channel(),'feature',$k, 1); - else - set_pconfig(local_channel(),'feature',$k, 0); + foreach($features as $fname => $fdata) { + foreach(array_slice($fdata,1) as $f) { + $k = $f[0]; + if(array_key_exists("feature_$k",$_POST)) + set_pconfig(local_channel(),'feature',$k, (string) $_POST["feature_$k"]); + else + set_pconfig(local_channel(),'feature', $k, ''); + } } build_sync_packet(); return; @@ -36,6 +26,8 @@ class Features { function get() { $arr = []; + $harr = []; + if(intval($_REQUEST['techlevel'])) $level = intval($_REQUEST['techlevel']); else { @@ -44,27 +36,42 @@ class Features { $techlevels = \Zotlabs\Lib\Techlevels::levels(); - $def_techlevel = \App::$account['account_level']; + unset($techlevels[0]); + + logger('techlevels: ' . print_r($techlevels,true)); + + $def_techlevel = (($level > 0) ? $level : 1); $techlock = get_config('system','techlevel_lock'); + $all_features_raw = get_features(false); + + foreach($all_features_raw as $fname => $fdata) { + foreach(array_slice($fdata,1) as $f) { + $harr[$f[0]] = ((intval(feature_enabled(local_channel(),$f[0]))) ? "1" : ''); + } + } + $features = get_features(true,$level); foreach($features as $fname => $fdata) { $arr[$fname] = array(); $arr[$fname][0] = $fdata[0]; foreach(array_slice($fdata,1) as $f) { - $arr[$fname][1][] = array('feature_' .$f[0],$f[1],((intval(feature_enabled(local_channel(),$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On'))); + $arr[$fname][1][] = array('feature_' . $f[0],$f[1],((intval(feature_enabled(local_channel(),$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On'))); + unset($harr[$f[0]]); } } $tpl = get_markup_template("settings_features.tpl"); $o .= replace_macros($tpl, array( '$form_security_token' => get_form_security_token("settings_features"), - '$title' => t('Additional Features'), + '$title' => t('Additional Features'), '$techlevel' => [ 'techlevel', t('Your technical skill level'), $def_techlevel, t('Used to provide a member experience and additional features consistent with your comfort level'), $techlevels ], - '$techlock' => $techlock, - '$features' => $arr, - '$submit' => t('Submit'), + '$techlock' => $techlock, + '$features' => $arr, + '$hiddens' => $harr, + '$baseurl' => z_root(), + '$submit' => t('Submit'), )); return $o; -- cgit v1.2.3 From cda3d23508430f8c2dd07fe9d5731b0ba8f4aa24 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 8 Apr 2018 22:09:08 -0700 Subject: more intelligent handling of level 0 - and remove an extraneous logging function --- Zotlabs/Module/Settings/Features.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Features.php b/Zotlabs/Module/Settings/Features.php index 43ca57be2..888032c28 100644 --- a/Zotlabs/Module/Settings/Features.php +++ b/Zotlabs/Module/Settings/Features.php @@ -34,11 +34,16 @@ class Features { $level = get_account_techlevel(); } + if(! intval($level)) { + notice( t('Permission denied.') . EOL); + return; + } + $techlevels = \Zotlabs\Lib\Techlevels::levels(); - unset($techlevels[0]); + // This page isn't accessible at techlevel 0 - logger('techlevels: ' . print_r($techlevels,true)); + unset($techlevels[0]); $def_techlevel = (($level > 0) ? $level : 1); $techlock = get_config('system','techlevel_lock'); -- cgit v1.2.3 From c50105b8c155de6b2e3bf3fcfcc6697db9dbe8f4 Mon Sep 17 00:00:00 2001 From: Julian Schweinsberg Date: Mon, 9 Apr 2018 19:26:35 +0200 Subject: Show "Unseen public activity" channel setting when site only public streams are activated --- Zotlabs/Module/Settings/Channel.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php index a7dfdd790..48f3edb80 100644 --- a/Zotlabs/Module/Settings/Channel.php +++ b/Zotlabs/Module/Settings/Channel.php @@ -484,7 +484,8 @@ class Channel { $plugin = [ 'basic' => '', 'security' => '', 'notify' => '', 'misc' => '' ]; call_hooks('channel_settings',$plugin); - $disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false; + $disable_discover_tab = intval(get_config('system','disable_discover_tab',1)) == 1; + $site_firehose = intval(get_config('system','site_firehose',0)) == 1; $o .= replace_macros($stpl,array( '$ptitle' => t('Channel Settings'), @@ -575,7 +576,7 @@ class Channel { '$vnotify10' => array('vnotify10', t('New connections'), ($vnotify & VNOTIFY_INTRO), VNOTIFY_INTRO, t('Recommended'), $yes_no), '$vnotify11' => ((is_site_admin()) ? array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no) : array()), '$vnotify12' => array('vnotify12', t('Unseen shared files'), ($vnotify & VNOTIFY_FILES), VNOTIFY_FILES, '', $yes_no), - '$vnotify13' => (($disable_discover_tab) ? array() : array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no)), + '$vnotify13' => (($disable_discover_tab && !$site_firehose) ? array() : array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no)), '$mailhost' => [ 'mailhost', t('Email notification hub (hostname)'), get_pconfig(local_channel(),'system','email_notify_host',\App::get_hostname()), sprintf( t('If your channel is mirrored to multiple hubs, set this to your preferred location. This will prevent duplicate email notifications. Example: %s'),\App::get_hostname()) ], '$always_show_in_notices' => array('always_show_in_notices', t('Also show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no), -- cgit v1.2.3 From 887a59066bafeb3061091515970359e702443654 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 10 Apr 2018 00:05:20 -0700 Subject: last commented expiration setting in admin --- Zotlabs/Module/Admin/Site.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 95d44d754..656770ad9 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -56,6 +56,7 @@ class Site { $global_directory = ((x($_POST,'directory_submit_url')) ? notags(trim($_POST['directory_submit_url'])) : ''); $no_community_page = !((x($_POST,'no_community_page')) ? True : False); $default_expire_days = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0); + $active_expire_days = ((array_key_exists('active_expire_days',$_POST)) ? intval($_POST['active_expire_days']) : 7); $reply_address = ((array_key_exists('reply_address',$_POST) && trim($_POST['reply_address'])) ? trim($_POST['reply_address']) : 'noreply@' . \App::get_hostname()); $from_email = ((array_key_exists('from_email',$_POST) && trim($_POST['from_email'])) ? trim($_POST['from_email']) : 'Administrator@' . \App::get_hostname()); @@ -95,6 +96,7 @@ class Site { set_config('system', 'enable_context_help', $enable_context_help); set_config('system', 'verify_email', $verify_email); set_config('system', 'default_expire_days', $default_expire_days); + set_config('system', 'active_expire_days', $active_expire_days); set_config('system', 'reply_address', $reply_address); set_config('system', 'from_email', $from_email); set_config('system', 'from_email_name' , $from_email_name); @@ -348,6 +350,7 @@ class Site { '$thumbnail_security' => array('thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.")), '$maxloadavg' => array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")), '$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')), + '$active_expire_days' => array('active_expire_days', t('Do not expire any posts which have comments less than this many days ago'), intval(get_config('system','active_expire_days',7)), ''), '$sellpage' => array('site_sellpage', t('Public servers: Optional landing (marketing) webpage for new registrants'), get_config('system','sellpage',''), sprintf( t('Create this page first. Default is %s/register'),z_root())), '$first_page' => array('first_page', t('Page to display after creating a new channel'), get_config('system','workflow_channel_next','profiles'), t('Recommend: profiles, go, or settings')), -- cgit v1.2.3 From fee258edbe0fe20b9c5ba66968fabe15699c6458 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 11 Apr 2018 11:49:33 +0200 Subject: allow to toggle visibility of likes/dislikes in notifications --- Zotlabs/Module/Ping.php | 13 ++++++++++++- Zotlabs/Module/Settings/Channel.php | 5 ++++- 2 files changed, 16 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Ping.php b/Zotlabs/Module/Ping.php index 55ce40929..9372866d7 100644 --- a/Zotlabs/Module/Ping.php +++ b/Zotlabs/Module/Ping.php @@ -140,6 +140,11 @@ class Ping extends \Zotlabs\Web\Controller { db_utcnow(), db_quoteinterval('3 MINUTE') ); + + $sql_extra = ''; + if(! ($vnotify & VNOTIFY_LIKE)) + $sql_extra = ' AND verb NOT IN ("' . dbesc(ACTIVITY_LIKE) . '", "' . dbesc(ACTIVITY_DISLIKE) . '") '; + $discover_tab_on = can_view_public_stream(); $notify_pubs = ((local_channel()) ? ($vnotify & VNOTIFY_PUBS) && $discover_tab_on : $discover_tab_on); @@ -152,7 +157,8 @@ class Ping extends \Zotlabs\Web\Controller { AND item_unseen = 1 AND author_xchan != '%s' AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "' - $item_normal", + $item_normal + $sql_extra", intval($sys['channel_id']), dbesc(get_observer_hash()) ); @@ -161,6 +167,8 @@ class Ping extends \Zotlabs\Web\Controller { $result['pubs'] = intval($pubs[0]['total']); } + + if((argc() > 1) && (argv(1) === 'pubs') && ($notify_pubs)) { $sys = get_sys_channel(); $result = array(); @@ -171,6 +179,7 @@ class Ping extends \Zotlabs\Web\Controller { AND author_xchan != '%s' AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "' $item_normal + $sql_extra ORDER BY created DESC LIMIT 300", intval($sys['channel_id']), @@ -335,6 +344,7 @@ class Ping extends \Zotlabs\Web\Controller { AND item_unseen = 1 AND author_xchan != '%s' $item_normal + $sql_extra ORDER BY created DESC LIMIT 300", intval(local_channel()), @@ -509,6 +519,7 @@ class Ping extends \Zotlabs\Web\Controller { $r = q("SELECT id, item_wall FROM item WHERE uid = %d and item_unseen = 1 $item_normal + $sql_extra AND author_xchan != '%s'", intval(local_channel()), dbesc($ob_hash) diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php index 48f3edb80..e274c9786 100644 --- a/Zotlabs/Module/Settings/Channel.php +++ b/Zotlabs/Module/Settings/Channel.php @@ -208,6 +208,8 @@ class Channel { $vnotify += intval($_POST['vnotify12']); if(x($_POST,'vnotify13')) $vnotify += intval($_POST['vnotify13']); + if(x($_POST,'vnotify14')) + $vnotify += intval($_POST['vnotify14']); $always_show_in_notices = x($_POST,'always_show_in_notices') ? 1 : 0; @@ -577,8 +579,9 @@ class Channel { '$vnotify11' => ((is_site_admin()) ? array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no) : array()), '$vnotify12' => array('vnotify12', t('Unseen shared files'), ($vnotify & VNOTIFY_FILES), VNOTIFY_FILES, '', $yes_no), '$vnotify13' => (($disable_discover_tab && !$site_firehose) ? array() : array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no)), + '$vnotify14' => array('vnotify14', t('Unseen likes and dislikes'), ($vnotify & VNOTIFY_LIKE), VNOTIFY_LIKE, '', $yes_no), '$mailhost' => [ 'mailhost', t('Email notification hub (hostname)'), get_pconfig(local_channel(),'system','email_notify_host',\App::get_hostname()), sprintf( t('If your channel is mirrored to multiple hubs, set this to your preferred location. This will prevent duplicate email notifications. Example: %s'),\App::get_hostname()) ], - '$always_show_in_notices' => array('always_show_in_notices', t('Also show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no), + '$always_show_in_notices' => array('always_show_in_notices', t('Show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no), '$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')), '$basic_addon' => $plugin['basic'], -- cgit v1.2.3 From 2fa9645dfc4dc640d7460f069fc9536cce1e4fd2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 11 Apr 2018 17:40:04 -0700 Subject: channel delegation: push current identity and pop it on logout from the delegated channel. This fixes the known issue of being forced to log back in after leaving the delegated channel. --- Zotlabs/Module/Logout.php | 7 ++++++- Zotlabs/Module/Magic.php | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Logout.php b/Zotlabs/Module/Logout.php index f06e7278b..d11ce54ac 100644 --- a/Zotlabs/Module/Logout.php +++ b/Zotlabs/Module/Logout.php @@ -5,7 +5,12 @@ namespace Zotlabs\Module; class Logout extends \Zotlabs\Web\Controller { function init() { - \App::$session->nuke(); + if($_SESSION['delegate'] && $_SESSION['delegate_push']) { + $_SESSION = $_SESSION['delegate_push']; + } + else { + \App::$session->nuke(); + } goaway(z_root()); } diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 15e5cedcf..4b3a223ba 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -112,6 +112,8 @@ class Magic extends \Zotlabs\Web\Controller { if($r && intval($r[0]['channel_id'])) { $allowed = perm_is_allowed($r[0]['channel_id'],get_observer_hash(),'delegate'); if($allowed) { + $tmp = $_SESSION; + $_SESSION['delegate_push'] = $tmp; $_SESSION['delegate_channel'] = $r[0]['channel_id']; $_SESSION['delegate'] = get_observer_hash(); $_SESSION['account_id'] = intval($r[0]['channel_account_id']); -- cgit v1.2.3 From a422063c7d83c2980dba280efaf1ca271e1939d2 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sun, 15 Apr 2018 10:15:49 +0200 Subject: fix regression where in the starred tab only top level posts were visible --- Zotlabs/Module/Network.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index 6e961dc36..5d4239896 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -213,7 +213,7 @@ class Network extends \Zotlabs\Web\Controller { $distinct = ''; $item_thread_top = ' AND item_thread_top = 1 '; - $sql_extra = $sql_options; + $sql_extra = ''; if($group) { $contact_str = ''; @@ -464,7 +464,7 @@ class Network extends \Zotlabs\Web\Controller { WHERE true $uids $item_normal and (abook.abook_blocked = 0 or abook.abook_flags is null) $simple_update - $sql_extra $sql_nets + $sql_extra $sql_options $sql_nets $net_query2 ORDER BY item.received DESC $pager_sql " ); @@ -493,7 +493,7 @@ class Network extends \Zotlabs\Web\Controller { WHERE true $uids $item_thread_top $item_normal AND item.mid = item.parent_mid and (abook.abook_blocked = 0 or abook.abook_flags is null) - $sql_extra3 $sql_extra $sql_nets + $sql_extra3 $sql_extra $sql_options $sql_nets $net_query2 ORDER BY $ordering DESC $pager_sql " ); @@ -506,7 +506,7 @@ class Network extends \Zotlabs\Web\Controller { $net_query WHERE true $uids $item_normal_update $simple_update and (abook.abook_blocked = 0 or abook.abook_flags is null) - $sql_extra3 $sql_extra $sql_nets $net_query2" + $sql_extra3 $sql_extra $sql_options $sql_nets $net_query2" ); $_SESSION['loadtime'] = datetime_convert(); } -- cgit v1.2.3 From bef5be827d15bc54c9b88bc10313b28172069fef Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 16 Apr 2018 11:42:13 +0200 Subject: remove some more distinct in queries and observe any regressions. this is related to issue #1079 and commit d47ea20aa8bb8219f7a0760e81ba3db542392390 --- Zotlabs/Module/Network.php | 7 +------ Zotlabs/Module/Pubstream.php | 2 +- 2 files changed, 2 insertions(+), 7 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index 5d4239896..b11b470f5 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -210,7 +210,6 @@ class Network extends \Zotlabs\Web\Controller { $sql_nets = ''; - $distinct = ''; $item_thread_top = ' AND item_thread_top = 1 '; $sql_extra = ''; @@ -229,7 +228,6 @@ class Network extends \Zotlabs\Web\Controller { $contact_str = ' 0 '; info( t('Privacy group is empty')); } - $distinct = ' distinct '; $item_thread_top = ''; $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent $item_normal ) "; @@ -254,7 +252,6 @@ class Network extends \Zotlabs\Web\Controller { intval(local_channel()) ); if($r) { - $distinct = ' distinct '; $item_thread_top = ''; $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) $item_normal ) "; $title = replace_macros(get_markup_template("section_title.tpl"),array( @@ -274,7 +271,6 @@ class Network extends \Zotlabs\Web\Controller { dbesc($xchan) ); if($r) { - $distinct = ' distinct '; $item_thread_top = ''; $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($xchan) . "' or owner_xchan = '" . dbesc($xchan) . "' ) $item_normal ) "; $title = replace_macros(get_markup_template("section_title.tpl"),array( @@ -381,7 +377,6 @@ class Network extends \Zotlabs\Web\Controller { } if($conv) { - $distinct = ' distinct '; $item_thread_top = ''; $sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or item_mentionsme = 1 )) ", dbesc(protect_sprintf($channel['channel_hash'])) @@ -487,7 +482,7 @@ class Network extends \Zotlabs\Web\Controller { if($load) { // Fetch a page full of parent items for this page - $r = q("SELECT $distinct item.parent AS item_id FROM item + $r = q("SELECT item.parent AS item_id FROM item left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) $net_query WHERE true $uids $item_thread_top $item_normal diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php index 79f205a22..45487e3a4 100644 --- a/Zotlabs/Module/Pubstream.php +++ b/Zotlabs/Module/Pubstream.php @@ -224,7 +224,7 @@ class Pubstream extends \Zotlabs\Web\Controller { ); } else { - $r = q("SELECT distinct parent AS item_id, $ordering FROM item + $r = q("SELECT parent AS item_id FROM item left join abook on item.author_xchan = abook.abook_xchan $net_query WHERE true $uids $item_normal_update -- cgit v1.2.3 From 411b8e48a3acc7ce283555a8e7fe82c7eadecfd6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 16 Apr 2018 18:09:14 -0700 Subject: don't save a permcat with empty name --- Zotlabs/Module/Settings/Permcats.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Permcats.php b/Zotlabs/Module/Settings/Permcats.php index 535399083..40641c3f2 100644 --- a/Zotlabs/Module/Settings/Permcats.php +++ b/Zotlabs/Module/Settings/Permcats.php @@ -19,6 +19,11 @@ class Permcats { $all_perms = \Zotlabs\Access\Permissions::Perms(); $name = escape_tags(trim($_POST['name'])); + if(! $name) { + notice( t('Permission Name is required.') . EOL); + return; + } + $pcarr = []; -- cgit v1.2.3 From dcd636f7be5b3f2f6fa32bc77cec4230e5bfcd2d Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Tue, 17 Apr 2018 18:56:33 +0200 Subject: fix closing parenthesis in wrong spot --- Zotlabs/Module/Ping.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Ping.php b/Zotlabs/Module/Ping.php index 9372866d7..87f9ee78a 100644 --- a/Zotlabs/Module/Ping.php +++ b/Zotlabs/Module/Ping.php @@ -285,10 +285,10 @@ class Ping extends \Zotlabs\Web\Controller { intval(local_channel()) ); - $b64mid = ((strpos($r[0]['thr_parent'], 'b64.' === 0)) ? $r[0]['thr_parent'] : 'b64.' . base64url_encode($r[0]['thr_parent'])); + $b64mid = ((strpos($r[0]['thr_parent'], 'b64.') === 0) ? $r[0]['thr_parent'] : 'b64.' . base64url_encode($r[0]['thr_parent'])); } else { - $b64mid = ((strpos($mid, 'b64.' === 0)) ? $mid : 'b64.' . base64url_encode($mid)); + $b64mid = ((strpos($mid, 'b64.') === 0) ? $mid : 'b64.' . base64url_encode($mid)); } $notifs[] = array( -- cgit v1.2.3 From 0576046d024a4eefba2dd7e43706e1d78270fa40 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 17 Apr 2018 16:29:32 -0700 Subject: when changing cover photo, show existing --- Zotlabs/Module/Cover_photo.php | 1 + 1 file changed, 1 insertion(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index 56e35f912..d76c1b408 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -355,6 +355,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { $o .= replace_macros($tpl,array( '$user' => \App::$channel['channel_address'], + '$existing' => get_cover_photo(local_channel(),'array',PHOTO_RES_COVER_850), '$lbl_upfile' => t('Upload File:'), '$lbl_profiles' => t('Select a profile:'), '$title' => t('Change Cover Photo'), -- cgit v1.2.3 From 393cd46a82bd4c00c72e8734df2d1fa62928cc06 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 17 Apr 2018 20:08:14 -0700 Subject: public stream tag enhancements --- Zotlabs/Module/Pubstream.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php index 45487e3a4..e8a0146c4 100644 --- a/Zotlabs/Module/Pubstream.php +++ b/Zotlabs/Module/Pubstream.php @@ -34,6 +34,8 @@ class Pubstream extends \Zotlabs\Web\Controller { } $mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : ''); + $hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : ''); + if(strpos($mid,'b64.') === 0) $decoded = @base64url_decode(substr($mid,4)); @@ -133,7 +135,7 @@ class Pubstream extends \Zotlabs\Web\Controller { '$order' => 'comment', '$file' => '', '$cats' => '', - '$tags' => '', + '$tags' => $hashtags, '$dend' => '', '$mid' => $mid, '$verb' => '', @@ -170,6 +172,10 @@ class Pubstream extends \Zotlabs\Web\Controller { $page_mode = 'client'; + if(x($hashtags)) { + $sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG)); + } + $net_query = (($net) ? " left join xchan on xchan_hash = author_xchan " : ''); $net_query2 = (($net) ? " and xchan_network = '" . protect_sprintf(dbesc($net)) . "' " : ''); -- cgit v1.2.3 From c53f788cc85f83f00e1b5bec19efd54f1372a12b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 17 Apr 2018 23:36:35 -0700 Subject: add alt_pager to mod_moderate, remove legacy $a parameter from all occurrences of alt_pager --- Zotlabs/Module/Articles.php | 2 +- Zotlabs/Module/Cards.php | 2 +- Zotlabs/Module/Channel.php | 2 +- Zotlabs/Module/Directory.php | 2 +- Zotlabs/Module/Message.php | 2 +- Zotlabs/Module/Moderate.php | 8 ++++++-- Zotlabs/Module/Network.php | 2 +- Zotlabs/Module/Pubstream.php | 2 +- 8 files changed, 13 insertions(+), 9 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Articles.php b/Zotlabs/Module/Articles.php index 62ce1cb9c..284868241 100644 --- a/Zotlabs/Module/Articles.php +++ b/Zotlabs/Module/Articles.php @@ -191,7 +191,7 @@ class Articles extends \Zotlabs\Web\Controller { '$title' => t('Articles'), '$editor' => $editor, '$content' => $content, - '$pager' => alt_pager($a,$pager_total) + '$pager' => alt_pager($pager_total) ]); return $o; diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php index d3b16e82e..f196988a2 100644 --- a/Zotlabs/Module/Cards.php +++ b/Zotlabs/Module/Cards.php @@ -194,7 +194,7 @@ class Cards extends \Zotlabs\Web\Controller { '$title' => t('Cards'), '$editor' => $editor, '$content' => $content, - '$pager' => alt_pager($a, $pager_total) + '$pager' => alt_pager($pager_total) ]); return $o; diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 6a334b59a..953f87f11 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -380,7 +380,7 @@ class Channel extends \Zotlabs\Web\Controller { } if((! $update) || ($checkjs->disabled())) { - $o .= alt_pager($a,count($items)); + $o .= alt_pager(count($items)); if ($mid && $items[0]['title']) \App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title']; } diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index 87387ef56..f2673fa1a 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -404,7 +404,7 @@ class Directory extends \Zotlabs\Web\Controller { '$entries' => $entries, '$dirlbl' => $suggest ? t('Channel Suggestions') : $dirtitle, '$submit' => t('Find'), - '$next' => alt_pager($a,$j['records'], t('next page'), t('previous page')), + '$next' => alt_pager($j['records'], t('next page'), t('previous page')), '$sort' => t('Sort options'), '$normal' => t('Alphabetic'), '$reverse' => t('Reverse Alphabetic'), diff --git a/Zotlabs/Module/Message.php b/Zotlabs/Module/Message.php index 7494f4bf4..5856bfbdf 100644 --- a/Zotlabs/Module/Message.php +++ b/Zotlabs/Module/Message.php @@ -93,7 +93,7 @@ class Message extends \Zotlabs\Web\Controller { )); - $o .= alt_pager($a,count($r)); + $o .= alt_pager(count($r)); return $o; diff --git a/Zotlabs/Module/Moderate.php b/Zotlabs/Module/Moderate.php index 10c8ab8f2..a7c98e05e 100644 --- a/Zotlabs/Module/Moderate.php +++ b/Zotlabs/Module/Moderate.php @@ -14,9 +14,12 @@ class Moderate extends \Zotlabs\Web\Controller { return; } + \App::set_pager_itemspage(60); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); + //show all items if(argc() == 1) { - $r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60", + $r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc $pager_sql", intval(local_channel()), intval(ITEM_MODERATED) ); @@ -26,7 +29,7 @@ class Moderate extends \Zotlabs\Web\Controller { if(argc() == 2) { $post_id = intval(argv(1)); - $r = q("select item.id as item_id, item.* from item where item.id = %d and item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60", + $r = q("select item.id as item_id, item.* from item where item.id = %d and item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc $pager_sql", intval($post_id), intval(local_channel()), intval(ITEM_MODERATED) @@ -92,6 +95,7 @@ class Moderate extends \Zotlabs\Web\Controller { } $o = conversation($items,'moderate',false,'traditional'); + $o .= alt_pager(count($items)); return $o; } diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index b11b470f5..8d017207b 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -565,7 +565,7 @@ class Network extends \Zotlabs\Web\Controller { $o .= conversation($items,$mode,$update,$page_mode); if(($items) && (! $update)) - $o .= alt_pager($a,count($items)); + $o .= alt_pager(count($items)); return $o; } diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php index e8a0146c4..571118201 100644 --- a/Zotlabs/Module/Pubstream.php +++ b/Zotlabs/Module/Pubstream.php @@ -279,7 +279,7 @@ class Pubstream extends \Zotlabs\Web\Controller { $o .= '
'; if(($items) && (! $update)) - $o .= alt_pager($a,count($items)); + $o .= alt_pager(count($items)); return $o; -- cgit v1.2.3 From aea61bf03468d9cda1abff414e7118662a6acd06 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 19 Apr 2018 19:05:13 -0700 Subject: rename social - party to social - federation. Cleanup some of the documentation surrounding channels. This checkin contains translatable string changes. --- Zotlabs/Module/New_channel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/New_channel.php b/Zotlabs/Module/New_channel.php index ea9f27447..60d0d7e0d 100644 --- a/Zotlabs/Module/New_channel.php +++ b/Zotlabs/Module/New_channel.php @@ -150,10 +150,10 @@ class New_channel extends \Zotlabs\Web\Controller { $o = replace_macros(get_markup_template('new_channel.tpl'), array( '$title' => t('Create Channel'), - '$desc' => t('A channel is your identity on this network. It can represent a person, a blog, or a forum to name a few. Channels can make connections with other channels to share information with highly detailed permissions.'), + '$desc' => t('A channel is a unique network identity. It can represent a person (social network profile), a forum (group), a business or celebrity page, a newsfeed, and many other things. Channels can make connections with other channels to share information with each other.') . ' ' . t('The type of channel you create affects the basic privacy settings, the permissions that are granted to connections/friends, and also the channel\'s visibility across the network.'), '$label_import' => t('or import an existing channel from another location.'), '$name' => $name, - '$role' => $role, + '$role' => $role, '$default_role' => $default_role, '$nickname' => $nickname, '$validate' => t('Validate'), -- cgit v1.2.3 From b1ed79f239e3a4517091c0acfd4f0d6cc28a7cab Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 19 Apr 2018 19:32:48 -0700 Subject: fix link to renamed permission roles doc subsection --- Zotlabs/Module/New_channel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/New_channel.php b/Zotlabs/Module/New_channel.php index 60d0d7e0d..d9becbc22 100644 --- a/Zotlabs/Module/New_channel.php +++ b/Zotlabs/Module/New_channel.php @@ -146,7 +146,7 @@ class New_channel extends \Zotlabs\Web\Controller { $name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"'), "*"); $nickhub = '@' . \App::get_hostname(); $nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub), "*"); - $role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' ' . t('Read more about roles') . '',$perm_roles); + $role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' ' . t('Read more about roles') . '',$perm_roles); $o = replace_macros(get_markup_template('new_channel.tpl'), array( '$title' => t('Create Channel'), -- cgit v1.2.3 From 55dc6fbc1cae70e4f2b207c517c8c9155fda9662 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 22 Apr 2018 18:12:16 -0700 Subject: imagemagick preserves exif when scaling. GD does not. We do not want to preserve exif on thumbnails which we have rotated, as a browser reading the exif information could rotate them yet again. This checkin adds an abstract function to the generic photo driver which makes the behaviour consistent by stripping EXIF from imagick processed images. However, we will attempt to preserve any ICC colour profiles. See http://php.net/manual/en/imagick.stripimage.php --- Zotlabs/Module/Webfinger.php | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Webfinger.php b/Zotlabs/Module/Webfinger.php index c50680de7..0dafae23c 100644 --- a/Zotlabs/Module/Webfinger.php +++ b/Zotlabs/Module/Webfinger.php @@ -17,33 +17,15 @@ class Webfinger extends \Zotlabs\Web\Controller { $o .= '

'; - $old = false; if(x($_GET,'addr')) { $addr = trim($_GET['addr']); - // if(strpos($addr,'@') !== false) { - $res = webfinger_rfc7033($addr,true); - if(! $res) { - $res = old_webfinger($addr); - $old = true; - } - // } - // else { - // if(function_exists('lrdd')) - // $res = lrdd($addr); - // } - - if($res && $old) { - foreach($res as $r) { - if($r['@attributes']['rel'] === 'http://microformats.org/profile/hcard') { - $hcard = unamp($r['@attributes']['href']); - require_once('library/HTML5/Parser.php'); - $res['vcard'] = scrape_vcard($hcard); - break; - } - } + + $res = webfinger_rfc7033($addr,true); + if(! $res) { + $res = old_webfinger($addr); } - + $o .= '
';
 			$o .= str_replace("\n",'
',print_r($res,true));
 			$o .= '
'; -- cgit v1.2.3 From 55b7182136adf1834efed8b8989ea219a1fbe1de Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 22 Apr 2018 18:48:48 -0700 Subject: use consistent naming for 'Channel role and privacy' --- Zotlabs/Module/Settings/Channel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php index e274c9786..3e928ec58 100644 --- a/Zotlabs/Module/Settings/Channel.php +++ b/Zotlabs/Module/Settings/Channel.php @@ -536,7 +536,7 @@ class Channel { '$deny_gid' => acl2json($perm_defaults['deny_gid']), '$suggestme' => $suggestme, '$group_select' => $group_select, - '$role' => array('permissions_role' , t('Channel permissions category:'), $permissions_role, '', $perm_roles), + '$role' => array('permissions_role' , t('Channel role and privacy'), $permissions_role, '', $perm_roles), '$defpermcat' => [ 'defpermcat', t('Default Permissions Group'), $default_permcat, '', $permcats ], '$permcat_enable' => feature_enabled(local_channel(),'permcats'), '$profile_in_dir' => $profile_in_dir, -- cgit v1.2.3 From 11624cd83ed4ce35fae46dece65931bb989912c5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 22 Apr 2018 19:24:15 -0700 Subject: owa: attempt channel discovery if not found --- Zotlabs/Module/Owa.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index e62fc9592..da26748b3 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -34,6 +34,15 @@ class Owa extends \Zotlabs\Web\Controller { where hubloc_addr = '%s' ", dbesc(str_replace('acct:','',$keyId)) ); + if(! $r) { + $found = discover_by_webbie(str_replace('acct:','',$keyId)); + if($found) { + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash + where hubloc_addr = '%s' ", + dbesc(str_replace('acct:','',$keyId)) + ); + } + } if($r) { foreach($r as $hubloc) { $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); -- cgit v1.2.3 From d401e5e7c49606f0400d1f357e297df82b656120 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 23 Apr 2018 21:12:31 +0200 Subject: possible fix for issue #1101 --- Zotlabs/Module/Ping.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Ping.php b/Zotlabs/Module/Ping.php index 87f9ee78a..206b8c3d1 100644 --- a/Zotlabs/Module/Ping.php +++ b/Zotlabs/Module/Ping.php @@ -143,7 +143,7 @@ class Ping extends \Zotlabs\Web\Controller { $sql_extra = ''; if(! ($vnotify & VNOTIFY_LIKE)) - $sql_extra = ' AND verb NOT IN ("' . dbesc(ACTIVITY_LIKE) . '", "' . dbesc(ACTIVITY_DISLIKE) . '") '; + $sql_extra = " AND verb NOT IN ('" . dbesc(ACTIVITY_LIKE) . "', '" . dbesc(ACTIVITY_DISLIKE) . "') "; $discover_tab_on = can_view_public_stream(); -- cgit v1.2.3 From 2dce7c212fe02f54a62143b31d01b39869d9b948 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Tue, 24 Apr 2018 15:41:35 +0200 Subject: fix php warnings --- Zotlabs/Module/Photos.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index fa22c3f26..a143c4d4c 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -1148,10 +1148,10 @@ class Photos extends \Zotlabs\Web\Controller { builtin_activity_puller($item, $conv_responses); } - $like_count = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid']] : ''); $like_list = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid'] . '-l'] : ''); - if (count($like_list) > MAX_LIKERS) { + + if(is_array($like_list) && (count($like_list) > MAX_LIKERS)) { $like_list_part = array_slice($like_list, 0, MAX_LIKERS); array_push($like_list_part, '' . t('View all') . ''); } else { @@ -1163,7 +1163,7 @@ class Photos extends \Zotlabs\Web\Controller { $dislike_count = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid']] : ''); $dislike_list = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid'] . '-l'] : ''); $dislike_button_label = tt('Dislike','Dislikes',$dislike_count,'noun'); - if (count($dislike_list) > MAX_LIKERS) { + if (is_array($dislike_list) && (count($dislike_list) > MAX_LIKERS)) { $dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS); array_push($dislike_list_part, '' . t('View all') . ''); } else { -- cgit v1.2.3 From 3af691043dca48a788274bce86979b0c7df14a82 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 30 Apr 2018 22:30:59 -0700 Subject: parent folder permissions weren't being checked back to the cloud root directory in all cases --- Zotlabs/Module/Photo.php | 70 +++++++++++++++--------------------------------- 1 file changed, 21 insertions(+), 49 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 8a110f925..b3171fe75 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -127,69 +127,45 @@ class Photo extends \Zotlabs\Web\Controller { } } - $r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", + $r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution) ); if($r) { - - $allowed = (($r[0]['uid']) ? perm_is_allowed($r[0]['uid'],$observer_xchan,'view_storage') : true); - - $sql_extra = permissions_sql($r[0]['uid']); - if(! $sql_extra) - $sql_extra = ' and true '; - - // Only check permissions on normal photos. Those photos we don't check includes - // profile photos, xchan photos (which are also profile photos), 'thing' photos, - // and cover photos - - $sql_extra = " and (( photo_usage = 0 $sql_extra ) or photo_usage != 0 )"; + $allowed = (-1); + if(intval($r[0]['photo_usage'])) { + $allowed = 1; + if(intval($r[0]['photo_usage']) === PHOTO_COVER) + if($resolution < PHOTO_RES_COVER_1200) + $allowed = (-1); + if(intval($r[0]['photo_usage']) === PHOTO_PROFILE) + if(! in_array($resolution,[4,5,6])) + $allowed = (-1); + } + if($allowed === (-1)) + $allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo); + $channel = channelx_by_n($r[0]['uid']); // Now we'll see if we can access the photo - $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1", + $e = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1", dbesc($photo), intval($resolution) ); - // viewing cover photos is allowed unless a plugin chooses to block it. - - if($r && intval($r[0]['photo_usage']) === PHOTO_COVER && $resolution >= PHOTO_RES_COVER_1200) - $allowed = 1; - - $d = [ 'imgscale' => $resolution, 'resource_id' => $photo, 'photo' => $r, 'allowed' => $allowed ]; - call_hooks('get_photo',$d); + $exists = (($e) ? true : false); - $resolution = $d['imgscale']; - $photo = $d['resource_id']; - $r = $d['photo']; - $allowed = $d['allowed']; - - if($r && $allowed) { - $data = dbunescbin($r[0]['content']); - $mimetype = $r[0]['mimetype']; - if(intval($r[0]['os_storage'])) { + if($exists && $allowed) { + $data = dbunescbin($e[0]['content']); + $mimetype = $e[0]['mimetype']; + if(intval($e[0]['os_storage'])) { $streaming = $data; } } else { - - // Does the picture exist? It may be a remote person with no credentials, - // but who should otherwise be able to view it. Show a default image to let - // them know permissions was denied. It may be possible to view the image - // through an authenticated profile visit. - // There won't be many completely unauthorised people seeing this because - // they won't have the photo link, so there's a reasonable chance that the person - // might be able to obtain permission to view it. - - $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", - dbesc($photo), - intval($resolution) - ); - - if($r) { + if(! $allowed) { logger('mod_photo: forbidden. ' . \App::$query_string); $observer = \App::get_observer(); logger('mod_photo: observer = ' . (($observer) ? $observer['xchan_addr'] : '(not authenticated)')); @@ -201,9 +177,6 @@ class Photo extends \Zotlabs\Web\Controller { } } - - - if(! isset($data)) { if(isset($resolution)) { switch($resolution) { @@ -295,7 +268,6 @@ class Photo extends \Zotlabs\Web\Controller { } killme(); - // NOTREACHED } } -- cgit v1.2.3 From b28279241b6a20af9024afef221dcf410fb43e06 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 1 May 2018 16:15:59 -0700 Subject: hubzilla issue #1149, don't duplicate addressbook entries on repeated channel imports --- Zotlabs/Module/Import.php | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index 81c405f00..58f0c60d5 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -363,11 +363,27 @@ class Import extends \Zotlabs\Web\Controller { continue; } - abook_store_lowlevel($abook); + $r = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc($abook['abook_xchan']), + intval($channel['channel_id']) + ); + if($r) { + foreach($abook as $k => $v) { + $r = q("UPDATE abook SET " . TQUOT . "%s" . TQUOT . " = '%s' WHERE abook_xchan = '%s' AND abook_channel = %d", + dbesc($k), + dbesc($v), + dbesc($abook['abook_xchan']), + intval($channel['channel_id']) + ); + } + } + else { + abook_store_lowlevel($abook); - $friends ++; - if(intval($abook['abook_feed'])) - $feeds ++; + $friends ++; + if(intval($abook['abook_feed'])) + $feeds ++; + } translate_abook_perms_inbound($channel,$abook_copy); -- cgit v1.2.3 From c99fb4b7f1f551926e87d093f1931556e14ff053 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 1 May 2018 16:54:54 -0700 Subject: provide warnings about profile photo and cover photo permissions --- Zotlabs/Module/Cover_photo.php | 1 + Zotlabs/Module/Profile_photo.php | 1 + 2 files changed, 2 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index d76c1b408..76e80156c 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -355,6 +355,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { $o .= replace_macros($tpl,array( '$user' => \App::$channel['channel_address'], + '$info' => t('Your cover photo may be visible to anybody on the internet'), '$existing' => get_cover_photo(local_channel(),'array',PHOTO_RES_COVER_850), '$lbl_upfile' => t('Upload File:'), '$lbl_profiles' => t('Select a profile:'), diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index 2ce8686b9..751c4338f 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -451,6 +451,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { $o .= replace_macros($tpl,array( '$user' => \App::$channel['channel_address'], + '$info' => ((count($profiles) > 1) ? t('Your default profile photo is visible to anybody on the internet. Profile photos for alternate profiles will inherit the permissions of the profile') : t('Your profile photo is visible to anybody on the internet and may be distributed to other websites.')), '$importfile' => (($importing) ? \App::$data['importfile'] : ''), '$lbl_upfile' => t('Upload File:'), '$lbl_profiles' => t('Select a profile:'), -- cgit v1.2.3 From a9b71f5b4a6ed0f40b42c828a27fce472988fc30 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 1 May 2018 19:38:32 -0700 Subject: The channel import page seems to have missed the big theme cleanup of the last couple of years. --- Zotlabs/Module/Import.php | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index 58f0c60d5..c36e4723a 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -532,16 +532,19 @@ class Import extends \Zotlabs\Web\Controller { '$desc' => t('Use this form to import an existing channel from a different server/hub. You may retrieve the channel identity from the old server/hub via the network or provide an export file.'), '$label_filename' => t('File to Upload'), '$choice' => t('Or provide the old server/hub details'), - '$label_old_address' => t('Your old identity address (xyz@example.com)'), - '$label_old_email' => t('Your old login email address'), - '$label_old_pass' => t('Your old login password'), + + '$old_address' => [ 'old_address', t('Your old identity address (xyz@example.com)'), '', ''], + '$email' => [ 'email', t('Your old login email address'), '', '' ], + '$password' => [ 'password', t('Your old login password'), '', '' ], + '$import_posts' => [ 'import_posts', t('Import a few months of posts if possible (limited by available memory'), false, '', [ t('No'), t('Yes') ]], + '$common' => t('For either option, please choose whether to make this hub your new primary address, or whether your old location should continue this role. You will be able to post from either location, but only one can be marked as the primary location for files, photos, and media.'), - '$label_import_primary' => t('Make this hub my primary location'), - '$label_import_moving' => t('Move this channel (disable all previous locations)'), - '$label_import_posts' => t('Import a few months of posts if possible (limited by available memory'), + + '$make_primary' => [ 'make_primary', t('Make this hub my primary location'), false, '', [ t('No'), t('Yes') ] ], + '$moving' => [ 'moving', t('Move this channel (disable all previous locations)'), false, '', [ t('No'), t('Yes') ] ], + '$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'), - '$email' => '', - '$pass' => '', + '$form_security_token' => get_form_security_token('channel_import'), '$submit' => t('Submit') )); -- cgit v1.2.3 From a3ed0b94cd5d43c70a835a6ed7226f5645f1c121 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 2 May 2018 22:05:55 -0700 Subject: make the cloud logging a bit less verbose until we actually need it. --- Zotlabs/Module/Oep.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index ec40bf9db..0f20a5f9a 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -72,7 +72,7 @@ class Oep extends \Zotlabs\Web\Controller { $url = $args['url']; $maxwidth = intval($args['maxwidth']); $maxheight = intval($args['maxheight']); - logger('processing display'); + if(preg_match('#//(.*?)/display/(.*?)(&|\?|$)#',$url,$matches)) { $res = $matches[2]; } -- cgit v1.2.3