From aaa327ca056fe8d1315b8fff9bb08b1c1d40fa1c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 15 Apr 2016 01:25:15 -0700 Subject: testing the new router/module code --- Zotlabs/Web/Router.php | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index 29f2b5206..699b27891 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -54,7 +54,17 @@ class Router { */ if(! (\App::$module_loaded)) { - if(file_exists("mod/site/{$module}.php")) { + $newmod = ucfirst($module); +logger('0' . "Zotlabs/Module/{$newmod}.php"); + if(file_exists("Zotlabs/Module/{$newmod}.php")) { +logger('1' . "Zotlabs/Module/{$newmod}.php"); + include_once("Zotlabs/Module/{$newmod}.php"); +logger('2'); + if(class_exists("Zotlabs\\Module\\{$newmod}")) + \App::$module_loaded = true; +logger('3'); + } + elseif(file_exists("mod/site/{$module}.php")) { include_once("mod/site/{$module}.php"); \App::$module_loaded = true; } @@ -122,6 +132,12 @@ class Router { * Call module functions */ + $nmod = false; + + $newmod = ucfirst(\App::$module); + if(class_exists("Zotlabs\\Module\\{$newmod}")) + $nmod = true; + if(\App::$module_loaded) { \App::$page['page_title'] = \App::$module; $placeholder = ''; @@ -133,6 +149,10 @@ class Router { * to over-ride them. */ + $modname = (($nmod) ? "Zotlabs\\Module\\{$newmod}" : ''); + if($modname && method_exists($modname,'init')) + logger('function_exists: ' . $modname . '->init'); + if(function_exists(\App::$module . '_init')) { $arr = array('init' => true, 'replace' => false); call_hooks(\App::$module . '_mod_init', $arr); -- cgit v1.2.3 From 07650b4646137e35ec975664ee69f077c9f370d3 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 15 Apr 2016 16:13:55 -0700 Subject: get init() working with class modules --- Zotlabs/Web/Controller.php | 12 ++++++++++++ Zotlabs/Web/Router.php | 24 +++++++++++++++--------- 2 files changed, 27 insertions(+), 9 deletions(-) create mode 100644 Zotlabs/Web/Controller.php (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Controller.php b/Zotlabs/Web/Controller.php new file mode 100644 index 000000000..ac835e008 --- /dev/null +++ b/Zotlabs/Web/Controller.php @@ -0,0 +1,12 @@ +init'); - - if(function_exists(\App::$module . '_init')) { - $arr = array('init' => true, 'replace' => false); - call_hooks(\App::$module . '_mod_init', $arr); - if(! $arr['replace']) { + $arr = array('init' => true, 'replace' => false); + call_hooks(\App::$module . '_mod_init', $arr); + if(! $arr['replace']) { + if($modname && method_exists($modname,'init')) { + logger('function_exists: ' . $modname . '->init'); + $modclass = new $modname; + $modclass->init(); + } + elseif(function_exists(\App::$module . '_init')) { $func = \App::$module . '_init'; $func($a); } @@ -199,6 +204,7 @@ logger('3'); } } + if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! \App::$error) && (function_exists(\App::$module . '_post')) && (! x($_POST, 'auth-params'))) { -- cgit v1.2.3 From b57f69d14d98630caab3207b23e9cc96df34dc43 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 15 Apr 2016 20:43:05 -0700 Subject: cleanup and test of new router --- Zotlabs/Web/Router.php | 78 +++++++++++++++++++++++++------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index cbd9c107a..6330efa17 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -5,6 +5,9 @@ namespace Zotlabs\Web; class Router { + private $modname = ''; + private $controller = null; + function __construct(&$a) { /** @@ -54,25 +57,26 @@ class Router { */ if(! (\App::$module_loaded)) { - $newmod = ucfirst($module); -logger('0' . "Zotlabs/Module/{$newmod}.php"); - if(file_exists("Zotlabs/Module/{$newmod}.php")) { -logger('1' . "Zotlabs/Module/{$newmod}.php"); - include_once("Zotlabs/Module/{$newmod}.php"); -logger('2'); - if(class_exists("Zotlabs\\Module\\{$newmod}")) + try { + $modname = "Zotlabs\\Module\\" . ucfirst($module); + $filename = 'Zotlabs/Module/'. ucfirst($module). '.php'; + if(file_exists($filename)) { + $this->controller = new $modname; \App::$module_loaded = true; -logger('3'); - } - elseif(file_exists("mod/site/{$module}.php")) { - include_once("mod/site/{$module}.php"); - \App::$module_loaded = true; + } + else throw new \Exception('Module not found'); } - elseif(file_exists("mod/{$module}.php")) { - include_once("mod/{$module}.php"); - \App::$module_loaded = true; + catch(\Exception $e) { + if(file_exists("mod/site/{$module}.php")) { + include_once("mod/site/{$module}.php"); + \App::$module_loaded = true; + } + elseif(file_exists("mod/{$module}.php")) { + include_once("mod/{$module}.php"); + \App::$module_loaded = true; + } + else logger("mod/{$module}.php not found."); } - else logger("mod/{$module}.php not found."); } @@ -132,16 +136,6 @@ logger('3'); * Call module functions */ - $nmod = false; - $modname = ''; - - $newmod = ucfirst(\App::$module); - - if(class_exists("Zotlabs\\Module\\{$newmod}")) { - $nmod = true; - $modname = "Zotlabs\\Module\\{$newmod}"; - } - if(\App::$module_loaded) { \App::$page['page_title'] = \App::$module; $placeholder = ''; @@ -156,10 +150,8 @@ logger('3'); $arr = array('init' => true, 'replace' => false); call_hooks(\App::$module . '_mod_init', $arr); if(! $arr['replace']) { - if($modname && method_exists($modname,'init')) { - logger('function_exists: ' . $modname . '->init'); - $modclass = new $modname; - $modclass->init(); + if($this->controller && method_exists($this->controller,'init')) { + $this->controller->init(); } elseif(function_exists(\App::$module . '_init')) { $func = \App::$module . '_init'; @@ -204,22 +196,30 @@ logger('3'); } } - - if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! \App::$error) - && (function_exists(\App::$module . '_post')) - && (! x($_POST, 'auth-params'))) { + if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! \App::$error) && (! x($_POST, 'auth-params'))) { call_hooks(\App::$module . '_mod_post', $_POST); - $func = \App::$module . '_post'; - $func($a); + + if($this->controller && method_exists($this->controller,'post')) { + $this->controller->post(); + } + elseif(function_exists(\App::$module . '_post')) { + $func = \App::$module . '_post'; + $func($a); + } } - if((! \App::$error) && (function_exists(\App::$module . '_content'))) { + if(! \App::$error) { $arr = array('content' => \App::$page['content'], 'replace' => false); call_hooks(\App::$module . '_mod_content', $arr); \App::$page['content'] = $arr['content']; if(! $arr['replace']) { - $func = \App::$module . '_content'; - $arr = array('content' => $func($a)); + if($this->controller && method_exists($this->controller,'get')) { + $arr = array('content' => $this->controller->get()); + } + elseif(function_exists(\App::$module . '_content')) { + $func = \App::$module . '_content'; + $arr = array('content' => $func($a)); + } } call_hooks(\App::$module . '_mod_aftercontent', $arr); \App::$page['content'] .= $arr['content']; -- cgit v1.2.3 From 966773cdbba80103e93290ccf01d0c91df5a000e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 17 Apr 2016 19:55:36 -0700 Subject: pull in the new object router and a few selected samples for the new controller layout --- Zotlabs/Web/Router.php | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index 6330efa17..6376f7697 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -14,14 +14,23 @@ class Router { * * We have already parsed the server path into App::$argc and App::$argv * - * App::$argv[0] is our module name. We will load the file mod/{App::$argv[0]}.php + * App::$argv[0] is our module name. Let's call it 'foo'. We will load the + * Zotlabs/Module/Foo.php (object) or file mod/foo.php (procedural) * and use it for handling our URL request. * The module file contains a few functions that we call in various circumstances * and in the following order: * - * "module"_init - * "module"_post (only called if there are $_POST variables) - * "module"_content - the string return of this function contains our page body + * Object: + * class Foo extends Zotlabs\Web\Controller { + * function init() { init function } + * function post() { post function } + * function get() { nomral page function } + * } + * + * Procedual interface: + * foo_init() + * foo_post() (only called if there are $_POST variables) + * foo_content() - the string return of this function contains our page body * * Modules which emit other serialisations besides HTML (XML,JSON, etc.) should do * so within the module init and/or post functions and then invoke killme() to terminate @@ -160,7 +169,7 @@ class Router { } /** - * Do all theme initialiasion here before calling any additional module functions. + * Do all theme initialisation here before calling any additional module functions. * The module_init function may have changed the theme. * Additionally any page with a Comanche template may alter the theme. * So we'll check for those now. -- cgit v1.2.3 From 2b0a04ea9e91196e2966844be0f6b673bd87f032 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 20 Apr 2016 22:10:00 -0700 Subject: revert the reversal of checkjs logic, but still restrict the behaviour scope to just those urls that require it --- Zotlabs/Web/CheckJS.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/CheckJS.php b/Zotlabs/Web/CheckJS.php index 3ad5fc1ed..50af34a40 100644 --- a/Zotlabs/Web/CheckJS.php +++ b/Zotlabs/Web/CheckJS.php @@ -10,14 +10,27 @@ class CheckJS { function __construct($test = 0) { if(intval($_REQUEST['jsdisabled'])) $this->jsdisabled = 1; + else + $this->jsdisabled = 0; if(intval($_COOKIE['jsdisabled'])) $this->jsdisabled = 1; + else + $this->jsdisabled = 0; if(! $this->jsdisabled) { $page = urlencode(\App::$query_string); if($test) { - \App::$page['htmlhead'] .= "\r\n" . '' . "\r\n"; + + logger('page=' . $page); + + if($_COOKIE['jsdisabled'] == 0) { + \App::$page['htmlhead'] .= "\r\n" . '' . "\r\n"; + /* emulate JS cookie if cookies are not accepted */ + if ($_GET['jsdisabled'] == 0) { + $_COOKIE['jsdisabled'] = 0; + } + } } else { \App::$page['htmlhead'] .= "\r\n" . '' . "\r\n"; -- cgit v1.2.3 From 5eb594706bf54781a94438a26c8e574682d51128 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 20 Apr 2016 22:17:02 -0700 Subject: make the cookie check agnostic to cookie state --- Zotlabs/Web/CheckJS.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/CheckJS.php b/Zotlabs/Web/CheckJS.php index 50af34a40..5f9856a8c 100644 --- a/Zotlabs/Web/CheckJS.php +++ b/Zotlabs/Web/CheckJS.php @@ -22,13 +22,11 @@ class CheckJS { if($test) { - logger('page=' . $page); - - if($_COOKIE['jsdisabled'] == 0) { + if(! array_key_exists('jsdisabled',$_COOKIE)) { \App::$page['htmlhead'] .= "\r\n" . '' . "\r\n"; /* emulate JS cookie if cookies are not accepted */ - if ($_GET['jsdisabled'] == 0) { - $_COOKIE['jsdisabled'] = 0; + if (array_key_exists('jsdisabled',$_GET)) { + $_COOKIE['jsdisabled'] = $_GET['jsdisabled']; } } } -- cgit v1.2.3 From 657b34c012210bb916adca878b08789d1b347103 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 20 Apr 2016 22:50:59 -0700 Subject: change the 404 warning from the router to reflect the new architecture --- Zotlabs/Web/Router.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index 6376f7697..665aa676c 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -84,11 +84,9 @@ class Router { include_once("mod/{$module}.php"); \App::$module_loaded = true; } - else logger("mod/{$module}.php not found."); } } - - + /** * This provides a place for plugins to register module handlers which don't otherwise exist on the system. * If the plugin sets 'installed' to true we won't throw a 404 error for the specified module even if @@ -96,11 +94,12 @@ class Router { * The plugin should catch at least one of the module hooks for this URL. */ - $x = array('module' => $module, 'installed' => false); + $x = array('module' => $module, 'installed' => \App::$module_loaded); call_hooks('module_loaded', $x); if($x['installed']) \App::$module_loaded = true; + /** * The URL provided does not resolve to a valid module. * @@ -119,6 +118,8 @@ class Router { killme(); } + logger("Module {$module} not found.", LOGGER_DEBUG, LOG_WARNING); + if((x($_SERVER, 'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && \App::$config['system']['dreamhost_error_hack']) { logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']); goaway(z_root() . $_SERVER['REQUEST_URI']); -- cgit v1.2.3 From 692e41c41ea54f6957c93b901a5ed4a437969691 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 21 Apr 2016 16:09:25 -0700 Subject: provide a way for the router to support custom controller objects and allow plugins to register class objects as modules instead of the traditional procedural interface. --- Zotlabs/Web/Router.php | 39 ++++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index 665aa676c..e6733ffdb 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -16,7 +16,7 @@ class Router { * * App::$argv[0] is our module name. Let's call it 'foo'. We will load the * Zotlabs/Module/Foo.php (object) or file mod/foo.php (procedural) - * and use it for handling our URL request. + * and use it for handling our URL request to 'https://ourgreatwebsite.something/foo' . * The module file contains a few functions that we call in various circumstances * and in the following order: * @@ -24,7 +24,7 @@ class Router { * class Foo extends Zotlabs\Web\Controller { * function init() { init function } * function post() { post function } - * function get() { nomral page function } + * function get() { normal page function } * } * * Procedual interface: @@ -38,6 +38,7 @@ class Router { */ $module = \App::$module; + $modname = "Zotlabs\\Module\\" . ucfirst($module); if(strlen($module)) { @@ -50,8 +51,13 @@ class Router { if(is_array(\App::$plugins) && in_array($module,\App::$plugins) && file_exists("addon/{$module}/{$module}.php")) { include_once("addon/{$module}/{$module}.php"); - if(function_exists($module . '_module')) + if(class_exists($modname)) { + $this->controller = new $modname; \App::$module_loaded = true; + } + elseif(function_exists($module . '_module')) { + \App::$module_loaded = true; + } } if((strpos($module,'admin') === 0) && (! is_site_admin())) { @@ -62,18 +68,27 @@ class Router { /** * If the site has a custom module to over-ride the standard module, use it. - * Otherwise, look for the standard program module in the 'mod' directory + * Otherwise, look for the standard program module */ if(! (\App::$module_loaded)) { try { - $modname = "Zotlabs\\Module\\" . ucfirst($module); - $filename = 'Zotlabs/Module/'. ucfirst($module). '.php'; + $filename = 'Zotlabs/SiteModule/'. ucfirst($module). '.php'; if(file_exists($filename)) { + // This won't be picked up by the autoloader, so load it explicitly + require_once($filename); $this->controller = new $modname; \App::$module_loaded = true; } - else throw new \Exception('Module not found'); + else { + $filename = 'Zotlabs/Module/'. ucfirst($module). '.php'; + if(file_exists($filename)) { + $this->controller = new $modname; + \App::$module_loaded = true; + } + } + if(! \App::$module_loaded) + throw new \Exception('Module not found'); } catch(\Exception $e) { if(file_exists("mod/site/{$module}.php")) { @@ -88,17 +103,19 @@ class Router { } /** - * This provides a place for plugins to register module handlers which don't otherwise exist on the system. + * This provides a place for plugins to register module handlers which don't otherwise exist + * on the system, or to completely over-ride an existing module. * If the plugin sets 'installed' to true we won't throw a 404 error for the specified module even if * there is no specific module file or matching plugin name. * The plugin should catch at least one of the module hooks for this URL. */ - $x = array('module' => $module, 'installed' => \App::$module_loaded); + $x = array('module' => $module, 'installed' => \App::$module_loaded, 'controller' => $this->controller); call_hooks('module_loaded', $x); - if($x['installed']) + if($x['installed']) { \App::$module_loaded = true; - + $this->controller = $x['controller']; + } /** * The URL provided does not resolve to a valid module. -- cgit v1.2.3 From 0c5434d5e35f13340df5bf5edd22c6d9e9e8379c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 10 May 2016 01:30:22 -0700 Subject: try again with shutdown handler, fix issue #373 (live-pubstream div wasn't present --- Zotlabs/Web/Session.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index f998df396..e18ad38fb 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -31,7 +31,7 @@ class Session { $handler = new \Zotlabs\Web\SessionHandler(); self::$handler = $handler; - $x = session_set_save_handler($handler,true); + $x = session_set_save_handler($handler,false); if(! $x) logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR); @@ -46,6 +46,9 @@ class Session { ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false), ((isset($arr['httponly'])) ? $arr['httponly'] : true) ); + + register_shutdown_function('session_write_close'); + } function start() { -- cgit v1.2.3 From 605c05fc8b6af43c095818a69150e35b41795d78 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 16 May 2016 02:03:15 -0700 Subject: changes to session for cdev compatibility --- Zotlabs/Web/Session.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index e18ad38fb..5ee4343df 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -16,7 +16,7 @@ class Session { private static $handler = null; private static $session_started = false; - function init() { + static public function init() { $gc_probability = 50; @@ -51,7 +51,7 @@ class Session { } - function start() { + static public function start() { session_start(); self::$session_started = true; } @@ -62,7 +62,7 @@ class Session { * @return void */ - function nuke() { + static public function nuke() { self::new_cookie(0); // 0 means delete on browser exit if($_SESSION && count($_SESSION)) { foreach($_SESSION as $k => $v) { @@ -71,7 +71,7 @@ class Session { } } - function new_cookie($xtime) { + static public function new_cookie($xtime) { $newxtime = (($xtime> 0) ? (time() + $xtime) : 0); @@ -98,7 +98,7 @@ class Session { } - function extend_cookie() { + static public function extend_cookie() { // if there's a long-term cookie, extend it @@ -112,7 +112,7 @@ class Session { } - function return_check() { + static public function return_check() { // check a returning visitor against IP changes. // If the change results in being blocked from re-entry with the current cookie -- cgit v1.2.3 From 18a9831cd3408ec4ac7e22320f1f92ef81c6d293 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 16 May 2016 13:46:35 -0700 Subject: restrict static to the one function that requires it --- Zotlabs/Web/Session.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index 5ee4343df..248da51a7 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -16,7 +16,7 @@ class Session { private static $handler = null; private static $session_started = false; - static public function init() { + public function init() { $gc_probability = 50; @@ -51,7 +51,7 @@ class Session { } - static public function start() { + public function start() { session_start(); self::$session_started = true; } @@ -71,7 +71,7 @@ class Session { } } - static public function new_cookie($xtime) { + public function new_cookie($xtime) { $newxtime = (($xtime> 0) ? (time() + $xtime) : 0); @@ -98,7 +98,7 @@ class Session { } - static public function extend_cookie() { + public function extend_cookie() { // if there's a long-term cookie, extend it @@ -112,7 +112,7 @@ class Session { } - static public function return_check() { + public function return_check() { // check a returning visitor against IP changes. // If the change results in being blocked from re-entry with the current cookie -- cgit v1.2.3 From 2dcedd69519a40ca0f40bf7b8b86423e98c778c9 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 16 May 2016 17:07:39 -0700 Subject: more work on sessions and cookies, as some anomalies appeared in caldav and firefox which suggested deeper issues --- Zotlabs/Web/Session.php | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index 248da51a7..df7249a34 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,8 +13,8 @@ namespace Zotlabs\Web; class Session { - private static $handler = null; - private static $session_started = false; + static private $handler = null; + static private $session_started = false; public function init() { @@ -29,7 +29,7 @@ class Session { */ $handler = new \Zotlabs\Web\SessionHandler(); - self::$handler = $handler; + $this->handler = $handler; $x = session_set_save_handler($handler,false); if(! $x) @@ -38,11 +38,12 @@ class Session { // Force cookies to be secure (https only) if this site is SSL enabled. // Must be done before session_start(). + $arr = session_get_cookie_params(); session_set_cookie_params( ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0), ((isset($arr['path'])) ? $arr['path'] : '/'), - ((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()), + (($arr['domain']) ? $arr['domain'] : \App::get_hostname()), ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false), ((isset($arr['httponly'])) ? $arr['httponly'] : true) ); @@ -53,7 +54,7 @@ class Session { public function start() { session_start(); - self::$session_started = true; + $this->session_started = true; } /** @@ -62,8 +63,8 @@ class Session { * @return void */ - static public function nuke() { - self::new_cookie(0); // 0 means delete on browser exit + public function nuke() { + $this->new_cookie(0); // 0 means delete on browser exit if($_SESSION && count($_SESSION)) { foreach($_SESSION as $k => $v) { unset($_SESSION[$k]); @@ -77,21 +78,23 @@ class Session { $old_sid = session_id(); - if(self::$handler && self::$session_started) { + $arr = session_get_cookie_params(); + + if($this->handler && $this->session_started) { session_regenerate_id(true); // force SessionHandler record creation with the new session_id // which occurs as a side effect of read() - self::$handler->read(session_id()); + $this->handler->read(session_id()); } else logger('no session handler'); if (x($_COOKIE, 'jsdisabled')) { - setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime); + setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); } - setcookie(session_name(),session_id(),$newxtime); + setcookie(session_name(),session_id(),$newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); $arr = array('expire' => $xtime); call_hooks('new_cookie', $arr); @@ -100,12 +103,14 @@ class Session { public function extend_cookie() { + $arr = session_get_cookie_params(); + // if there's a long-term cookie, extend it $xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 ); if($xtime) - setcookie(session_name(),session_id(),(time() + $xtime)); + setcookie(session_name(),session_id(),(time() + $xtime), '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); $arr = array('expire' => $xtime); call_hooks('extend_cookie', $arr); @@ -152,7 +157,7 @@ class Session { // check any difference at all logger('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - self::nuke(); + $this->nuke(); goaway(z_root()); break; } -- cgit v1.2.3 From 883b1ff51355b72a1af2a1ab09877bc444ee905f Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 16 May 2016 19:23:42 -0700 Subject: an issue related to #386 --- Zotlabs/Web/Session.php | 1 + 1 file changed, 1 insertion(+) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index df7249a34..b1f5526ea 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -29,6 +29,7 @@ class Session { */ $handler = new \Zotlabs\Web\SessionHandler(); + $this->handler = $handler; $x = session_set_save_handler($handler,false); -- cgit v1.2.3 From 51edd472c2e007490bdad3198ba1b2a3d7a09c45 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 16 May 2016 22:01:33 -0700 Subject: yet more session work --- Zotlabs/Web/Session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index b1f5526ea..c26b3523c 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,8 +13,8 @@ namespace Zotlabs\Web; class Session { - static private $handler = null; - static private $session_started = false; + private $handler = null; + private $session_started = false; public function init() { -- cgit v1.2.3 From 20cb4130d47028cbedf09f8da9feb6ccf8f759db Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 17 May 2016 17:46:30 -0700 Subject: support work for a long-term fix for issue #390, essentially one can specify a theme:schema string anywhere a theme is input. It will be honoured unless an existing schema setting over-rides this behaviour. This should also be backward compatible but the theme selection code has been cleaned up slightly and there may be subtle differences in behaviour after this commit. On my site this required a page refresh as the first page load after this change was a bit confused. --- Zotlabs/Web/Router.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index e6733ffdb..f9290ac30 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -206,13 +206,15 @@ class Router { * load current theme info */ - $theme_info_file = 'view/theme/' . current_theme() . '/php/theme.php'; + $current_theme = \Zotlabs\Render\Theme::current(); + + $theme_info_file = 'view/theme/' . $current_theme[0] . '/php/theme.php'; if (file_exists($theme_info_file)){ require_once($theme_info_file); } - if(function_exists(str_replace('-', '_', current_theme()) . '_init')) { - $func = str_replace('-', '_', current_theme()) . '_init'; + if(function_exists(str_replace('-', '_', $current_theme[0]) . '_init')) { + $func = str_replace('-', '_', $current_theme[0]) . '_init'; $func($a); } elseif (x(\App::$theme_info, 'extends') && file_exists('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php')) { -- cgit v1.2.3 From 37d14f3a1dbc8b4fea6831585c746be4a6602fcb Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 18 May 2016 17:02:46 -0700 Subject: Revert "yet more session work" This reverts commit 51edd472c2e007490bdad3198ba1b2a3d7a09c45. --- Zotlabs/Web/Session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index c26b3523c..b1f5526ea 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,8 +13,8 @@ namespace Zotlabs\Web; class Session { - private $handler = null; - private $session_started = false; + static private $handler = null; + static private $session_started = false; public function init() { -- cgit v1.2.3 From 1f7e6cae823e75ab47fa9c9a1a496842d20901d5 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 18 May 2016 17:03:54 -0700 Subject: Revert "Revert "yet more session work"" This reverts commit 37d14f3a1dbc8b4fea6831585c746be4a6602fcb. --- Zotlabs/Web/Session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index b1f5526ea..c26b3523c 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,8 +13,8 @@ namespace Zotlabs\Web; class Session { - static private $handler = null; - static private $session_started = false; + private $handler = null; + private $session_started = false; public function init() { -- cgit v1.2.3 From c17b47518d57de90264378ff082e8a2576bec273 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 18 May 2016 17:55:22 -0700 Subject: comment out session_regenerate until we get this sorted --- Zotlabs/Web/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index c26b3523c..2b058d379 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -82,7 +82,7 @@ class Session { $arr = session_get_cookie_params(); if($this->handler && $this->session_started) { - session_regenerate_id(true); + // session_regenerate_id(true); // force SessionHandler record creation with the new session_id // which occurs as a side effect of read() -- cgit v1.2.3 From f4b31dcb3a56789c9c96e982466b11fe472e1444 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 18 May 2016 20:36:03 -0700 Subject: Document what I know about the session regeneration issue. I'm really tired of fighting this darn thing. Sessions and cookies need to work. --- Zotlabs/Web/Session.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index 2b058d379..63ccd91fe 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -82,6 +82,19 @@ class Session { $arr = session_get_cookie_params(); if($this->handler && $this->session_started) { + + // The session should be regenerated to prevent session fixation attacks. + // Traditionally this has been working well, but stopped working in Firefox + // recently (~46.0). It works well in other browsers. FF takes time for the + // new cookie to propagate and it appears to still use the old cookie for the + // next several requests. We don't have an easy way to flush the cookies and + // ensure the browser is using the right one. I've tried several methods including + // delayed cookie deletion and issuing a page reload just after authentication + // and none have been successful and all are hacks to work around what looks to be + // a browser issue. This is an important @FIXME. We should enable by default and let + // folks disable it if they have issues, except they can't login to change it if + // their sessions aren't working. + // session_regenerate_id(true); // force SessionHandler record creation with the new session_id -- cgit v1.2.3 From ada26dd2cbf99e7e8395b4e466a3f73245d004f1 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 18 May 2016 21:00:31 -0700 Subject: This explains it all. Don't set the domain when creating a cookie. You'll get a wildcard and sessions will break if you have multiple domains running hubzilla (or any php basic session based code). --- Zotlabs/Web/Session.php | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index 63ccd91fe..4f2a3f1f7 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -41,10 +41,15 @@ class Session { $arr = session_get_cookie_params(); + + // Note when setting cookies: set the domain to false which creates a single domain + // cookie. If you use a hostname it will create a .domain.com wildcard which will + // have some nasty side effects if you have any other subdomains running hubzilla. + session_set_cookie_params( ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0), ((isset($arr['path'])) ? $arr['path'] : '/'), - (($arr['domain']) ? $arr['domain'] : \App::get_hostname()), + (($arr['domain']) ? $arr['domain'] : false), ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false), ((isset($arr['httponly'])) ? $arr['httponly'] : true) ); @@ -83,19 +88,7 @@ class Session { if($this->handler && $this->session_started) { - // The session should be regenerated to prevent session fixation attacks. - // Traditionally this has been working well, but stopped working in Firefox - // recently (~46.0). It works well in other browsers. FF takes time for the - // new cookie to propagate and it appears to still use the old cookie for the - // next several requests. We don't have an easy way to flush the cookies and - // ensure the browser is using the right one. I've tried several methods including - // delayed cookie deletion and issuing a page reload just after authentication - // and none have been successful and all are hacks to work around what looks to be - // a browser issue. This is an important @FIXME. We should enable by default and let - // folks disable it if they have issues, except they can't login to change it if - // their sessions aren't working. - - // session_regenerate_id(true); + session_regenerate_id(true); // force SessionHandler record creation with the new session_id // which occurs as a side effect of read() @@ -106,9 +99,9 @@ class Session { logger('no session handler'); if (x($_COOKIE, 'jsdisabled')) { - setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); + setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime, '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); } - setcookie(session_name(),session_id(),$newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); + setcookie(session_name(),session_id(),$newxtime, '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); $arr = array('expire' => $xtime); call_hooks('new_cookie', $arr); @@ -124,7 +117,7 @@ class Session { $xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 ); if($xtime) - setcookie(session_name(),session_id(),(time() + $xtime), '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); + setcookie(session_name(),session_id(),(time() + $xtime), '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); $arr = array('expire' => $xtime); call_hooks('extend_cookie', $arr); -- cgit v1.2.3 From 84ba6393ad32406a9875044aef2d031c7d0d7a46 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 24 May 2016 16:36:55 -0700 Subject: relocate index and db --- Zotlabs/Web/WebServer.php | 191 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 Zotlabs/Web/WebServer.php (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php new file mode 100644 index 000000000..98bf62c9a --- /dev/null +++ b/Zotlabs/Web/WebServer.php @@ -0,0 +1,191 @@ +convert(); + + \App::$timezone = ((x($default_timezone)) ? $default_timezone : 'UTC'); + date_default_timezone_set(\App::$timezone); + + + /* + * Try to open the database; + */ + + require_once('include/dba/dba_driver.php'); + + if(! \App::$install) { + $db = DBA::dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, \App::$install); + if(! $db->connected) { + system_unavailable(); + } + + unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type); + + /** + * Load configs from db. Overwrite configs from .htconfig.php + */ + + load_config('config'); + load_config('system'); + load_config('feature'); + + \App::$session = new Zotlabs\Web\Session(); + \App::$session->init(); + load_hooks(); + call_hooks('init_1'); + + } + + + \App::$language = get_best_language(); + load_translation_table(\App::$language,\App::$install); + + + /** + * + * Important stuff we always need to do. + * + * The order of these may be important so use caution if you think they're all + * intertwingled with no logical order and decide to sort it out. Some of the + * dependencies have changed, but at least at one time in the recent past - the + * order was critical to everything working properly + * + */ + + if(\App::$session) { + \App::$session->start(); + } + else { + session_start(); + register_shutdown_function('session_write_close'); + } + + /** + * Language was set earlier, but we can over-ride it in the session. + * We have to do it here because the session was just now opened. + */ + + if(array_key_exists('system_language',$_POST)) { + if(strlen($_POST['system_language'])) + $_SESSION['language'] = $_POST['system_language']; + else + unset($_SESSION['language']); + } + if((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) { + \App::$language = $_SESSION['language']; + load_translation_table(\App::$language); + } + + if((x($_GET,'zid')) && (! \App::$install)) { + \App::$query_string = strip_zids(\App::$query_string); + if(! local_channel()) { + $_SESSION['my_address'] = $_GET['zid']; + zid_init($a); + } + } + + if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || (\App::$module === 'login')) + require('include/auth.php'); + + if(! x($_SESSION, 'sysmsg')) + $_SESSION['sysmsg'] = array(); + + if(! x($_SESSION, 'sysmsg_info')) + $_SESSION['sysmsg_info'] = array(); + + /* + * check_config() is responsible for running update scripts. These automatically + * update the DB schema whenever we push a new one out. It also checks to see if + * any plugins have been added or removed and reacts accordingly. + */ + + + if(\App::$install) { + /* Allow an exception for the view module so that pcss will be interpreted during installation */ + if(\App::$module != 'view') + \App::$module = 'setup'; + } + else + check_config($a); + + nav_set_selected('nothing'); + + $Router = new Zotlabs\Web\Router($a); + + /* initialise content region */ + + if(! x(\App::$page, 'content')) + \App::$page['content'] = ''; + + call_hooks('page_content_top', \App::$page['content']); + + + $Router->Dispatch($a); + + + // If you're just visiting, let javascript take you home + + if(x($_SESSION, 'visitor_home')) { + $homebase = $_SESSION['visitor_home']; + } elseif(local_channel()) { + $homebase = z_root() . '/channel/' . \App::$channel['channel_address']; + } + + if(isset($homebase)) { + \App::$page['content'] .= ''; + } + + // now that we've been through the module content, see if the page reported + // a permission problem and if so, a 403 response would seem to be in order. + + if(stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) { + header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.')); + } + + call_hooks('page_end', \App::$page['content']); + + construct_page($a); + + killme(); + } +} \ No newline at end of file -- cgit v1.2.3 From 516c43ba154dc43ec0ef6135fb0a9732d0185a6f Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 24 May 2016 17:54:45 -0700 Subject: more work associated with DBA and index.php shuffle --- Zotlabs/Web/WebServer.php | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index 98bf62c9a..5237bf667 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -1,19 +1,16 @@ connected) { + \DBA::dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, \App::$install); + if(! \DBA::$dba->connected) { system_unavailable(); } @@ -69,7 +66,7 @@ class WebServer { load_config('system'); load_config('feature'); - \App::$session = new Zotlabs\Web\Session(); + \App::$session = new Session(); \App::$session->init(); load_hooks(); call_hooks('init_1'); @@ -150,7 +147,7 @@ class WebServer { nav_set_selected('nothing'); - $Router = new Zotlabs\Web\Router($a); + $Router = new Router($a); /* initialise content region */ -- cgit v1.2.3 From 096fdfc61b5381bd3f7918a7c5f6004461354f32 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 26 May 2016 16:33:01 -0700 Subject: consolidate all the sys_boot functionality that is common between the web server and the cli daemon manager. Get rid of yet another global variable ($default_timezone) whilst doing so. --- Zotlabs/Web/WebServer.php | 60 +---------------------------------------------- 1 file changed, 1 insertion(+), 59 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index 5237bf667..88ab4995b 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -13,65 +13,7 @@ class WebServer { require_once('boot.php'); - if(file_exists('.htsite.php')) - include('.htsite.php'); - - - // miniApp is a conversion object from old style .htconfig.php files - - $a = new \miniApp; - - // our central App object - - \App::init(); - - /* - * Load the configuration file which contains our DB credentials. - * Ignore errors. If the file doesn't exist or is empty, we are running in - * installation mode. - */ - - \App::$install = ((file_exists('.htconfig.php') && filesize('.htconfig.php')) ? false : true); - - @include('.htconfig.php'); - - if(! defined('UNO')) - define('UNO', 0); - - $a->convert(); - - \App::$timezone = ((x($default_timezone)) ? $default_timezone : 'UTC'); - date_default_timezone_set(\App::$timezone); - - - /* - * Try to open the database; - */ - - require_once('include/dba/dba_driver.php'); - - if(! \App::$install) { - \DBA::dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, \App::$install); - if(! \DBA::$dba->connected) { - system_unavailable(); - } - - unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type); - - /** - * Load configs from db. Overwrite configs from .htconfig.php - */ - - load_config('config'); - load_config('system'); - load_config('feature'); - - \App::$session = new Session(); - \App::$session->init(); - load_hooks(); - call_hooks('init_1'); - - } + sys_boot(); \App::$language = get_best_language(); -- cgit v1.2.3 From dfb6255f59980835d364402b372dd39f2b41ee7c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 31 May 2016 17:50:47 -0700 Subject: more removal of reserved words from DB schemas --- Zotlabs/Web/SessionHandler.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php index 6980a6408..6e7333b4b 100644 --- a/Zotlabs/Web/SessionHandler.php +++ b/Zotlabs/Web/SessionHandler.php @@ -18,10 +18,10 @@ class SessionHandler implements \SessionHandlerInterface { function read ($id) { if($id) { - $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id)); + $r = q("SELECT `sess_data` FROM `session` WHERE `sid`= '%s'", dbesc($id)); if($r) { - return $r[0]['data']; + return $r[0]['sess_data']; } else { q("INSERT INTO `session` (sid, expire) values ('%s', '%s')", @@ -59,7 +59,7 @@ class SessionHandler implements \SessionHandlerInterface { } q("UPDATE `session` - SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'", + SET `sess_data` = '%s', `expire` = '%s' WHERE `sid` = '%s'", dbesc($data), dbesc($expire), dbesc($id) -- cgit v1.2.3 From 212d8b6cfd28151b5b8abdd3f1fcd3b3daeeb0da Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 14 Jun 2016 20:30:34 -0700 Subject: support cookie auth in Sabre DAV --- Zotlabs/Web/Controller.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Controller.php b/Zotlabs/Web/Controller.php index ac835e008..2d0f58891 100644 --- a/Zotlabs/Web/Controller.php +++ b/Zotlabs/Web/Controller.php @@ -9,4 +9,5 @@ class Controller { function post() {} function get() {} -} \ No newline at end of file +} + -- cgit v1.2.3 From 415a8d1e01107e8bcff1a1ac1bdd8beb2d461408 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 21 Jun 2016 19:42:08 -0700 Subject: channel homepage not providing content when javascript disabled --- Zotlabs/Web/CheckJS.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/CheckJS.php b/Zotlabs/Web/CheckJS.php index 5f9856a8c..109790fa5 100644 --- a/Zotlabs/Web/CheckJS.php +++ b/Zotlabs/Web/CheckJS.php @@ -21,6 +21,9 @@ class CheckJS { $page = urlencode(\App::$query_string); if($test) { + self::$jsdisabled = 1; + if(array_key_exists('jsdisabled',$_COOKIE)) + self::$jsdisabled = $_COOKIE['jsdisabled']; if(! array_key_exists('jsdisabled',$_COOKIE)) { \App::$page['htmlhead'] .= "\r\n" . '' . "\r\n"; -- cgit v1.2.3 From fb36561a6841c165dc8644a61c4c37a771461e2b Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 11 Jul 2016 13:27:44 -0700 Subject: force non-null sess_data --- Zotlabs/Web/SessionHandler.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php index 6e7333b4b..93b27a7e8 100644 --- a/Zotlabs/Web/SessionHandler.php +++ b/Zotlabs/Web/SessionHandler.php @@ -24,7 +24,8 @@ class SessionHandler implements \SessionHandlerInterface { return $r[0]['sess_data']; } else { - q("INSERT INTO `session` (sid, expire) values ('%s', '%s')", + q("INSERT INTO `session` (sess_data, sid, expire) values ('%s', '%s', '%s')", + dbesc(''), dbesc($id), dbesc(time() + 300) ); -- cgit v1.2.3 From f3eb9af046b155c53a194db6104a24b6d6756072 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 14 Jul 2016 19:43:47 -0700 Subject: more ZAT work --- Zotlabs/Web/WebServer.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index 88ab4995b..d4f3cb9ea 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -59,7 +59,14 @@ class WebServer { \App::$query_string = strip_zids(\App::$query_string); if(! local_channel()) { $_SESSION['my_address'] = $_GET['zid']; - zid_init($a); + zid_init(); + } + } + + if((x($_GET,'zat')) && (! \App::$install)) { + \App::$query_string = strip_zats(\App::$query_string); + if(! local_channel()) { + zat_init(); } } -- cgit v1.2.3