From 458f2e748de22448206ce12c9961e9cce80c796d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 12 Nov 2017 14:14:20 -0800 Subject: cleanup of upload_to_comments test; we actually don't care about the profile owner. We only care that we're logged in locally and our storage is public by default. --- Zotlabs/Module/Item.php | 9 --------- 1 file changed, 9 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index b54de0fb9..f2b850ffc 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -577,15 +577,6 @@ class Item extends \Zotlabs\Web\Controller { * so we'll set the permissions regardless and realise that the media may not be * referenced in the post. * - * What is preventing us from being able to upload photos into comments is dealing with - * the photo and attachment permissions, since we don't always know who was in the - * distribution for the top level post. - * - * We might be able to provide this functionality with a lot of fiddling: - * - if the top level post is public (make the photo public) - * - if the top level post was written by us or a wall post that belongs to us (match the top level post) - * - if the top level post has privacy mentions, add those to the permissions. - * - otherwise disallow the photo *or* make the photo public. This is the part that gets messy. */ if(! $preview) { -- cgit v1.2.3 From 7b6ddeb859288a87573b922dcce086de21189f8c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 12 Nov 2017 21:43:46 -0800 Subject: allow a site to block (public) the directory separately from other resources. --- Zotlabs/Module/Directory.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index 256667ef3..b1552a694 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -64,6 +64,11 @@ class Directory extends \Zotlabs\Web\Controller { return; } + if(get_config('system','block_public_directory',false) && (! get_observer_hash())) { + notice( t('Public access denied.') . EOL); + return; + } + $observer = get_observer_hash(); $globaldir = get_directory_setting($observer, 'globaldir'); -- cgit v1.2.3 From 217a684e5f0399683b191e7fa9b1a3781fb21196 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 13 Nov 2017 10:08:51 +0100 Subject: also filter atokens on acl search --- Zotlabs/Module/Acl.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index e164875e8..ad1c8b8cd 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -176,11 +176,18 @@ class Acl extends \Zotlabs\Web\Controller { $extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 "; - // Add atokens belonging to the local channel @TODO restrict by search + // Add atokens belonging to the local channel + + if($search) { + $sql_extra_atoken = "AND ( atoken_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . ") "; + } + else { + $sql_extra_atoken = ''; + } $r2 = null; - $r1 = q("select * from atoken where atoken_uid = %d", + $r1 = q("select * from atoken where atoken_uid = %d $sql_extra_atoken", intval(local_channel()) ); -- cgit v1.2.3 From aff476d0d457f6debe21dfa1e2a0c3ccdcf71443 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 13 Nov 2017 15:21:49 -0800 Subject: move mailhost settings from plugin to core --- Zotlabs/Module/Settings/Channel.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php index 41e23b717..63370a141 100644 --- a/Zotlabs/Module/Settings/Channel.php +++ b/Zotlabs/Module/Settings/Channel.php @@ -148,6 +148,8 @@ class Channel { $defpermcat = ((x($_POST,'defpermcat')) ? notags(trim($_POST['defpermcat'])) : 'default'); $cal_first_day = (((x($_POST,'first_day')) && (intval($_POST['first_day']) == 1)) ? 1: 0); + $mailhost = ((array_key_exists('mailhost',$_POST)) ? notags(trim($_POST['mailhost'])) : ''); + $pageflags = $channel['channel_pageflags']; $existing_adult = (($pageflags & PAGE_ADULT) ? 1 : 0); @@ -239,6 +241,7 @@ class Channel { set_pconfig(local_channel(),'system','attach_path',$attach_path); set_pconfig(local_channel(),'system','cal_first_day',$cal_first_day); set_pconfig(local_channel(),'system','default_permcat',$defpermcat); + set_pconfig(local_channel(),'system','email_notify_host',$mailhost); $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d $set_perms where channel_id = %d", dbesc($username), @@ -561,6 +564,7 @@ class Channel { '$vnotify11' => array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no), '$vnotify12' => array('vnotify12', t('Unseen shared files'), ($vnotify & VNOTIFY_FILES), VNOTIFY_FILES, '', $yes_no), '$vnotify13' => ((get_config('system', 'disable_discover_tab') != 1) ? array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no) : array()), + '$mailhost' => [ 'mailhost', t('Email notification hub (hostname)'), get_pconfig(local_channel(),'system','email_notify_host',\App::get_hostname()), sprintf( t('If your channel is mirrored to multiple hubs, set this to your preferred location. This will prevent duplicate email notifications. Example: %s'),\App::get_hostname()) ], '$always_show_in_notices' => array('always_show_in_notices', t('Also show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no), '$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')), -- cgit v1.2.3