From 66effbfe0827fc61fff6d248797a894213ad20d6 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 28 May 2016 17:46:24 +0200 Subject: upgrade to sabre32 --- Zotlabs/Storage/Browser.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index f875cbf33..713d75108 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -219,7 +219,7 @@ class Browser extends DAV\Browser\Plugin { $output = ''; if ($this->enablePost) { - $this->server->emit('onHTMLActionsPanel', array($parent, &$output)); + $this->server->emit('onHTMLActionsPanel', array($parent, &$output, $path)); } $html .= replace_macros(get_markup_template('cloud.tpl'), array( @@ -266,7 +266,7 @@ class Browser extends DAV\Browser\Plugin { * @param \Sabre\DAV\INode $node * @param string &$output */ - public function htmlActionsPanel(DAV\INode $node, &$output) { + public function htmlActionsPanel(DAV\INode $node, &$output, $path) { if (! $node instanceof DAV\ICollection) return; -- cgit v1.2.3 From 2029b2b9ed0544d4559d7a918a0902587fd580bc Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 26 Jun 2016 21:58:09 -0700 Subject: document the daemon classes --- Zotlabs/Daemon/README.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 Zotlabs/Daemon/README.md (limited to 'Zotlabs') diff --git a/Zotlabs/Daemon/README.md b/Zotlabs/Daemon/README.md new file mode 100644 index 000000000..cb5b00a56 --- /dev/null +++ b/Zotlabs/Daemon/README.md @@ -0,0 +1,43 @@ +Daemon (background) Processes +============================= + + +This directory provides background tasks which are executed by a +command-line process and detached from normal web processing. + +Background tasks are invoked by calling + + + Zotlabs\Daemon\Master::Summon([ $cmd, $arg1, $argn... ]); + +The Master class loads the desired command file and passes the arguments. + + +To create a background task 'Foo' use the following template. + + Date: Sun, 26 Jun 2016 22:13:59 -0700 Subject: remove the app $a passed to profile_load, also add profile_load to mod_wiki which should fix issue #431 --- Zotlabs/Module/Achievements.php | 2 +- Zotlabs/Module/Block.php | 2 +- Zotlabs/Module/Blocks.php | 2 +- Zotlabs/Module/Cal.php | 2 +- Zotlabs/Module/Channel.php | 2 +- Zotlabs/Module/Chat.php | 2 +- Zotlabs/Module/Cloud.php | 2 +- Zotlabs/Module/Common.php | 2 +- Zotlabs/Module/Connect.php | 2 +- Zotlabs/Module/Cover_photo.php | 2 +- Zotlabs/Module/Dav.php | 2 +- Zotlabs/Module/Editblock.php | 2 +- Zotlabs/Module/Editlayout.php | 2 +- Zotlabs/Module/Editwebpage.php | 2 +- Zotlabs/Module/Hcard.php | 2 +- Zotlabs/Module/Id.php | 2 +- Zotlabs/Module/Layouts.php | 2 +- Zotlabs/Module/Page.php | 2 +- Zotlabs/Module/Photos.php | 2 +- Zotlabs/Module/Profile.php | 2 +- Zotlabs/Module/Profile_photo.php | 2 +- Zotlabs/Module/Profiles.php | 4 ++-- Zotlabs/Module/Profperm.php | 2 +- Zotlabs/Module/Viewconnections.php | 2 +- Zotlabs/Module/Webpages.php | 2 +- Zotlabs/Module/Wiki.php | 2 ++ 26 files changed, 28 insertions(+), 26 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Achievements.php b/Zotlabs/Module/Achievements.php index 8ddefb3e5..1529448d3 100644 --- a/Zotlabs/Module/Achievements.php +++ b/Zotlabs/Module/Achievements.php @@ -18,7 +18,7 @@ class Achievements extends \Zotlabs\Web\Controller { $profile = 0; $profile = argv(1); - profile_load($a,$which,$profile); + profile_load($which,$profile); $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which) diff --git a/Zotlabs/Module/Block.php b/Zotlabs/Module/Block.php index 45e61e4ea..e671730f6 100644 --- a/Zotlabs/Module/Block.php +++ b/Zotlabs/Module/Block.php @@ -12,7 +12,7 @@ class Block extends \Zotlabs\Web\Controller { $which = argv(1); $profile = 0; - profile_load($a,$which,$profile); + profile_load($which,$profile); if(\App::$profile['profile_uid']) head_set_icon(\App::$profile['thumb']); diff --git a/Zotlabs/Module/Blocks.php b/Zotlabs/Module/Blocks.php index 475cfa6b3..e6a97794d 100644 --- a/Zotlabs/Module/Blocks.php +++ b/Zotlabs/Module/Blocks.php @@ -22,7 +22,7 @@ class Blocks extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } diff --git a/Zotlabs/Module/Cal.php b/Zotlabs/Module/Cal.php index 1da42684d..fd4169e68 100644 --- a/Zotlabs/Module/Cal.php +++ b/Zotlabs/Module/Cal.php @@ -20,7 +20,7 @@ class Cal extends \Zotlabs\Web\Controller { if(argc() > 1) { $nick = argv(1); - profile_load($a,$nick); + profile_load($nick); $channelx = channelx_by_nick($nick); diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 29bfcbc3c..d09388901 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -48,7 +48,7 @@ class Channel extends \Zotlabs\Web\Controller { // Run profile_load() here to make sure the theme is set before // we start loading content - profile_load($a,$which,$profile); + profile_load($which,$profile); } diff --git a/Zotlabs/Module/Chat.php b/Zotlabs/Module/Chat.php index 026e8369a..ff55a9319 100644 --- a/Zotlabs/Module/Chat.php +++ b/Zotlabs/Module/Chat.php @@ -39,7 +39,7 @@ class Chat extends \Zotlabs\Web\Controller { // Run profile_load() here to make sure the theme is set before // we start loading content - profile_load($a,$which,$profile); + profile_load($which,$profile); } diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index b691475ce..833b1b493 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -37,7 +37,7 @@ class Cloud extends \Zotlabs\Web\Controller { \App::$page['htmlhead'] .= '' . "\r\n"; if ($which) - profile_load($a, $which, $profile); + profile_load( $which, $profile); $auth = new \Zotlabs\Storage\BasicAuth(); diff --git a/Zotlabs/Module/Common.php b/Zotlabs/Module/Common.php index 1c428d256..2f3c57267 100644 --- a/Zotlabs/Module/Common.php +++ b/Zotlabs/Module/Common.php @@ -21,7 +21,7 @@ class Common extends \Zotlabs\Web\Controller { ); if($x) - profile_load($a,$x[0]['channel_address'],0); + profile_load($x[0]['channel_address'],0); } diff --git a/Zotlabs/Module/Connect.php b/Zotlabs/Module/Connect.php index f68e0baac..962c05cce 100644 --- a/Zotlabs/Module/Connect.php +++ b/Zotlabs/Module/Connect.php @@ -26,7 +26,7 @@ class Connect extends \Zotlabs\Web\Controller { if($r) \App::$data['channel'] = $r[0]; - profile_load($a,$which,''); + profile_load($which,''); } function post() { diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index 5633976c8..9887b8203 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -29,7 +29,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { } $channel = \App::get_channel(); - profile_load($a,$channel['channel_address']); + profile_load($channel['channel_address']); } diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index 2fddabe19..6528e0271 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -58,7 +58,7 @@ class Dav extends \Zotlabs\Web\Controller { \App::$page['htmlhead'] .= '' . "\r\n"; if ($which) - profile_load($a, $which, $profile); + profile_load( $which, $profile); diff --git a/Zotlabs/Module/Editblock.php b/Zotlabs/Module/Editblock.php index 1d6ef7a0a..6a9fa5f2d 100644 --- a/Zotlabs/Module/Editblock.php +++ b/Zotlabs/Module/Editblock.php @@ -21,7 +21,7 @@ class Editblock extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } diff --git a/Zotlabs/Module/Editlayout.php b/Zotlabs/Module/Editlayout.php index fe794b5fd..26732dc77 100644 --- a/Zotlabs/Module/Editlayout.php +++ b/Zotlabs/Module/Editlayout.php @@ -21,7 +21,7 @@ class Editlayout extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php index 6d67c08e7..5cd409e1e 100644 --- a/Zotlabs/Module/Editwebpage.php +++ b/Zotlabs/Module/Editwebpage.php @@ -23,7 +23,7 @@ class Editwebpage extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } diff --git a/Zotlabs/Module/Hcard.php b/Zotlabs/Module/Hcard.php index 2636e676b..93c8d3ece 100644 --- a/Zotlabs/Module/Hcard.php +++ b/Zotlabs/Module/Hcard.php @@ -40,7 +40,7 @@ class Hcard extends \Zotlabs\Web\Controller { } } - profile_load($a,$which,$profile); + profile_load($which,$profile); } diff --git a/Zotlabs/Module/Id.php b/Zotlabs/Module/Id.php index 6a94b57f5..e053bf99c 100644 --- a/Zotlabs/Module/Id.php +++ b/Zotlabs/Module/Id.php @@ -57,7 +57,7 @@ class Id extends \Zotlabs\Web\Controller { $profile = ''; $channel = \App::get_channel(); - profile_load($a,$which,$profile); + profile_load($which,$profile); $op = new MysqlProvider; $op->server(); diff --git a/Zotlabs/Module/Layouts.php b/Zotlabs/Module/Layouts.php index a0b1c31cc..c07f65ce1 100644 --- a/Zotlabs/Module/Layouts.php +++ b/Zotlabs/Module/Layouts.php @@ -21,7 +21,7 @@ class Layouts extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } diff --git a/Zotlabs/Module/Page.php b/Zotlabs/Module/Page.php index deb23da68..6ef285dd0 100644 --- a/Zotlabs/Module/Page.php +++ b/Zotlabs/Module/Page.php @@ -13,7 +13,7 @@ class Page extends \Zotlabs\Web\Controller { $which = argv(1); $profile = 0; - profile_load($a,$which,$profile); + profile_load($which,$profile); diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 1bdc23897..1633e08ef 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -27,7 +27,7 @@ class Photos extends \Zotlabs\Web\Controller { if(argc() > 1) { $nick = argv(1); - profile_load($a,$nick); + profile_load($nick); $channelx = channelx_by_nick($nick); diff --git a/Zotlabs/Module/Profile.php b/Zotlabs/Module/Profile.php index 8bf358bc8..9e868db92 100644 --- a/Zotlabs/Module/Profile.php +++ b/Zotlabs/Module/Profile.php @@ -48,7 +48,7 @@ class Profile extends \Zotlabs\Web\Controller { } } - profile_load($a,$which,$profile); + profile_load($which,$profile); } diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index 72c92e721..62c5e99ae 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -34,7 +34,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { } $channel = \App::get_channel(); - profile_load($a,$channel['channel_address']); + profile_load($channel['channel_address']); } diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index 06e5cfd7b..899c79b15 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -193,7 +193,7 @@ class Profiles extends \Zotlabs\Web\Controller { $chan = \App::get_channel(); - profile_load($a,$chan['channel_address'],$r[0]['id']); + profile_load($chan['channel_address'],$r[0]['id']); } } @@ -584,7 +584,7 @@ class Profiles extends \Zotlabs\Web\Controller { if($is_default) { // reload the info for the sidebar widget - why does this not work? - profile_load($a,$channel['channel_address']); + profile_load($channel['channel_address']); \Zotlabs\Daemon\Master::Summon(array('Directory',local_channel())); } } diff --git a/Zotlabs/Module/Profperm.php b/Zotlabs/Module/Profperm.php index 79ce7a7ed..b1da147c1 100644 --- a/Zotlabs/Module/Profperm.php +++ b/Zotlabs/Module/Profperm.php @@ -17,7 +17,7 @@ class Profperm extends \Zotlabs\Web\Controller { $profile = \App::$argv[1]; - profile_load($a,$which,$profile); + profile_load($which,$profile); } diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index ea478f92a..7523c259b 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -11,7 +11,7 @@ class Viewconnections extends \Zotlabs\Web\Controller { return; } if(argc() > 1) - profile_load($a,argv(1)); + profile_load(argv(1)); } function get() { diff --git a/Zotlabs/Module/Webpages.php b/Zotlabs/Module/Webpages.php index fc292be6f..bb8d9c6ed 100644 --- a/Zotlabs/Module/Webpages.php +++ b/Zotlabs/Module/Webpages.php @@ -23,7 +23,7 @@ class Webpages extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index de5863d2e..6a8bdf0db 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -20,6 +20,8 @@ class Wiki extends \Zotlabs\Web\Controller { notice(t('You must be logged in to see this page.') . EOL); goaway('/login'); } + profile_load($nick); + } function get() { -- cgit v1.2.3 From 8d298d5a068845856c9827c0d2ea3f02f1399d72 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 26 Jun 2016 22:26:45 -0700 Subject: fix for the rendering side of issue #412. We traditionally store all "user generated" content with ENT_COMPAT encoding to reduce the attack vector for JS CSS exploits. This may present compatibility issues sharing wikis to platforms which do not provide such CSS protection. We can either decide that wikis are inherently insecure and filter them on render (with an associated performance penalty), or keep the existing method of filtering on store. I'm not making that choice. I'm merely fixing the obvious rendering issue in mono-platform viewing. --- Zotlabs/Module/Wiki.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 6a8bdf0db..38b49effc 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -125,7 +125,7 @@ class Wiki extends \Zotlabs\Web\Controller { notice('Error retrieving page content' . EOL); goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName); } - $content = ($p['content'] !== '' ? $p['content'] : '"# New page\n"'); + $content = ($p['content'] !== '' ? htmlspecialchars_decode($p['content'],ENT_COMPAT) : '"# New page\n"'); // Render the Markdown-formatted page content in HTML require_once('library/markdown.php'); $renderedContent = wiki_convert_links(Markdown(json_decode($content)),argv(0).'/'.argv(1).'/'.$wikiUrlName); -- cgit v1.2.3 From ee1d52749733c1de7e88ede6c63f155215e1ae1c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 27 Jun 2016 16:15:47 -0700 Subject: comment on the setup page about the possible need for intermediate certs. --- Zotlabs/Module/New_channel.php | 4 ++-- Zotlabs/Module/Setup.php | 10 ++++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/New_channel.php b/Zotlabs/Module/New_channel.php index 30d7c83c6..1dcf84fb0 100644 --- a/Zotlabs/Module/New_channel.php +++ b/Zotlabs/Module/New_channel.php @@ -62,7 +62,7 @@ class New_channel extends \Zotlabs\Web\Controller { } - function post() { + function post() { $arr = $_POST; @@ -96,7 +96,7 @@ class New_channel extends \Zotlabs\Web\Controller { } - function get() { + function get() { $acc = \App::get_account(); diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index c4878e217..c5d0ccc21 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -596,7 +596,7 @@ class Setup extends \Zotlabs\Web\Controller { if(! is_writable('store')) { $status = false; - $help = t('Red uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL; + $help = t('This software uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL; $help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL; } @@ -639,6 +639,9 @@ class Setup extends \Zotlabs\Web\Controller { $help .= t('If your certificate is not recognized, members of other sites (who may themselves have valid certificates) will get a warning message on their own site complaining about security issues.') . EOL; $help .= t('This can cause usability issues elsewhere (not just on your own site) so we must insist on this requirement.') .EOL; $help .= t('Providers are available that issue free certificates which are browser-valid.'). EOL; + + $help .= t('If you are confident that the certificate is valid and signed by a trusted authority, check to see if you have failed to install an intermediate cert. These are not normally required by browsers, but are required for server-to-server communications.') . EOL; + $this->check_add($checks, t('SSL certificate validation'), false, true, $help); } @@ -695,6 +698,7 @@ class Setup extends \Zotlabs\Web\Controller { // install the standard theme set_config('system', 'allowed_themes', 'redbasic'); + // Set a lenient list of ciphers if using openssl. Other ssl engines // (e.g. NSS used in RedHat) require different syntax, so hopefully // the default curl cipher list will work for most sites. If not, @@ -704,7 +708,9 @@ class Setup extends \Zotlabs\Web\Controller { // z_fetch_url() is also used to import shared links and other content // so in theory most any cipher could show up and we should do our best // to make the content available rather than tell folks that there's a - // weird SSL error which they can't do anything about. + // weird SSL error which they can't do anything about. This does not affect + // the SSL server, but is only a client negotiation to find something workable. + // Hence it will not make your system susceptible to POODL or other nasties. $x = curl_version(); if(stristr($x['ssl_version'],'openssl')) -- cgit v1.2.3 From 3704ff57cb65dce6ddd17136580e3bf82e7d97f2 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 27 Jun 2016 16:50:06 -0700 Subject: replace [+] and [-] with chevron icons --- Zotlabs/Lib/ThreadItem.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index f724ac95d..6625b7b52 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -418,7 +418,7 @@ class ThreadItem { if(($nb_children > $visible_comments) || ($thread_level > 1)) { $result['children'][0]['comment_firstcollapsed'] = true; $result['children'][0]['num_comments'] = $comment_count_txt; - $result['children'][0]['hide_text'] = t('[+] show all'); + $result['children'][0]['hide_text'] = sprintf( t('%s show all'), ''); if($thread_level > 1) { $result['children'][$nb_children - 1]['comment_lastcollapsed'] = true; } -- cgit v1.2.3 From b155e93ab134759f3d31a509d197916a5af84adb Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 27 Jun 2016 19:04:00 -0700 Subject: add letsencrypt x3 intermediate cert and new cert file, improve UX of new registrations --- Zotlabs/Module/Register.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 7cd1ee501..6afa4a94c 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -259,7 +259,8 @@ class Register extends \Zotlabs\Web\Controller { '$email' => $email, '$pass1' => $password, '$pass2' => $password2, - '$submit' => ((UNO || $auto_create || $registration_is) ? t('Register') : t('Proceed to create your first channel')) + '$submit' => t('Register'), + '$verify_note' => t('This site may require email verification after submitting this form. If you are returned to a login page, please check your email for instructions.') )); return $o; -- cgit v1.2.3 From 30a5fe30617ef19d7cb896783442d43277ce5a8e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 27 Jun 2016 19:53:35 -0700 Subject: provide a daemon for implementing zot magic-auth over curl. --- Zotlabs/Daemon/CurlAuth.php | 52 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 Zotlabs/Daemon/CurlAuth.php (limited to 'Zotlabs') diff --git a/Zotlabs/Daemon/CurlAuth.php b/Zotlabs/Daemon/CurlAuth.php new file mode 100644 index 000000000..d0296a729 --- /dev/null +++ b/Zotlabs/Daemon/CurlAuth.php @@ -0,0 +1,52 @@ + 0 && $line[0] != '#' && substr_count($line, "\t") == 6) { + $tokens = explode("\t", $line); + $tokens = array_map('trim', $tokens); + if($tokens[4] > time()) { + $output .= $line . "\n"; + } + } + else + $output .= $line; + } + } + } + + file_put_contents($f, $output . 'HttpOnly_' . \App::get_hostname() . "\tFALSE\t/\tFALSE\t0\tPHPSESSID\t" . $x, (($e) ? FILE_APPEND : 0)); + + killme(); + } +} \ No newline at end of file -- cgit v1.2.3 From 7d7f43c2056fd50ff26aed5df553bf4936ead196 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 27 Jun 2016 22:25:37 -0700 Subject: still working through some issues with curl magic-auth fixed profile photo upload --- Zotlabs/Daemon/CurlAuth.php | 7 +++++-- Zotlabs/Lib/SuperCurl.php | 15 +++++++++++++++ Zotlabs/Module/Cover_photo.php | 2 +- Zotlabs/Module/Profile_photo.php | 5 ++--- 4 files changed, 23 insertions(+), 6 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Daemon/CurlAuth.php b/Zotlabs/Daemon/CurlAuth.php index d0296a729..be12bc779 100644 --- a/Zotlabs/Daemon/CurlAuth.php +++ b/Zotlabs/Daemon/CurlAuth.php @@ -15,7 +15,7 @@ class CurlAuth { if($argc != 2) killme(); - session_start(); + \App::$session->start(); $_SESSION['authenticated'] = 1; $_SESSION['uid'] = $argv[1]; @@ -23,6 +23,7 @@ class CurlAuth { $x = session_id(); $f = 'store/[data]/cookie_' . $argv[1]; + $c = 'store/[data]/cookien_' . $argv[1]; $e = file_exists($f); @@ -44,8 +45,10 @@ class CurlAuth { } } } + $t = time() + (24 * 3600); + file_put_contents($f, $output . 'HttpOnly_' . \App::get_hostname() . "\tFALSE\t/\tTRUE\t$t\tPHPSESSID\t" . $x, (($e) ? FILE_APPEND : 0)); - file_put_contents($f, $output . 'HttpOnly_' . \App::get_hostname() . "\tFALSE\t/\tFALSE\t0\tPHPSESSID\t" . $x, (($e) ? FILE_APPEND : 0)); + file_put_contents($c,$x); killme(); } diff --git a/Zotlabs/Lib/SuperCurl.php b/Zotlabs/Lib/SuperCurl.php index 40ca1addb..fd47c399c 100644 --- a/Zotlabs/Lib/SuperCurl.php +++ b/Zotlabs/Lib/SuperCurl.php @@ -26,6 +26,7 @@ class SuperCurl { private $request_method = 'GET'; private $upload = false; + private $cookies = false; private function set_data($s) { @@ -62,6 +63,11 @@ class SuperCurl { case 'http_auth': $this->auth = $v; break; + case 'magicauth': + $this->magicauth = $v; + \Zotlabs\Daemon\Master::Summon([ 'CurlAuth', $v ]); + sleep(2); + break; case 'custom': $this->request_method = $v; break; @@ -90,8 +96,17 @@ class SuperCurl { function exec() { $opts = $this->curlopts; + $url = $this->url; if($this->auth) $opts['http_auth'] = $this->auth; + if($this->magicauth) { + $opts['cookiejar'] = 'store/[data]/cookie_' . $this->magicauth; + $opts['cookiefile'] = 'store/[data]/cookie_' . $this->magicauth; + $opts['cookie'] = 'PHPSESSID=' . trim(file_get_contents('store/[data]/cookien_' . $this->magicauth)); + $c = channelx_by_n($this->magicauth); + if($c) + $url = zid($this->url,$c['channel_address'] . '@' . \App::get_hostname()); + } if($this->custom) $opts['custom'] = $this->custom; if($this->headers) diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index 9887b8203..886958b37 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -50,7 +50,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { check_form_security_token_redirectOnErr('/cover_photo', 'cover_photo'); - if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) { + if((array_key_exists('cropfinal',$_POST)) && ($_POST['cropfinal'] == 1)) { // phase 2 - we have finished cropping diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index 62c5e99ae..9359b80f8 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -53,7 +53,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); - if((array_key_exists('postfinal',$_POST)) && (intval($_POST['cropfinal']) == 1)) { + if((array_key_exists('cropfinal',$_POST)) && (intval($_POST['cropfinal']) == 1)) { // phase 2 - we have finished cropping @@ -90,12 +90,11 @@ class Profile_photo extends \Zotlabs\Web\Controller { $srcY = $_POST['ystart']; $srcW = $_POST['xfinal'] - $srcX; $srcH = $_POST['yfinal'] - $srcY; - + $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND uid = %d AND imgscale = %d LIMIT 1", dbesc($image_id), dbesc(local_channel()), intval($scale)); - if($r) { $base_image = $r[0]; -- cgit v1.2.3 From 7d62e087c65d964282171dd736e337cba135610f Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 28 Jun 2016 13:36:48 -0700 Subject: identity_export_year() was a bit short-sighted. We really require arbitrary date ranges. A new function was created to tackle this - channel_export_items() which takes a channel, and a start and finish date. Finish date will default to "now" if not set. Will be working this into the interface under a module named "export_items" which will correspond closely to the existing "import_items" module you'll need to do the reverse operation. Will also make it available via the API. Once that is complete, I anticipate removing identity_export_year() as it will then be somewhat redundant, and modifying the documentation on the channel export page accordingly. Note: the function works strictly in GMT so an interface would need to convert from channel local time. --- Zotlabs/Lib/SuperCurl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Lib/SuperCurl.php b/Zotlabs/Lib/SuperCurl.php index fd47c399c..1c8583ff5 100644 --- a/Zotlabs/Lib/SuperCurl.php +++ b/Zotlabs/Lib/SuperCurl.php @@ -64,9 +64,9 @@ class SuperCurl { $this->auth = $v; break; case 'magicauth': + // currently experimental $this->magicauth = $v; \Zotlabs\Daemon\Master::Summon([ 'CurlAuth', $v ]); - sleep(2); break; case 'custom': $this->request_method = $v; -- cgit v1.2.3 From 715b1667d928175c0fac5832b998d9ded92974a3 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 28 Jun 2016 20:48:43 -0700 Subject: readability --- Zotlabs/Module/Viewconnections.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index 7523c259b..4364d482a 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -10,8 +10,11 @@ class Viewconnections extends \Zotlabs\Web\Controller { if(observer_prohibited()) { return; } - if(argc() > 1) + + if(argc() > 1) { profile_load(argv(1)); + } + } function get() { -- cgit v1.2.3 From f098600c41553bc47267a61fb47a4957046e696e Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 29 Jun 2016 23:04:34 +0200 Subject: missing backslash leads to wsod on refresh permissions --- Zotlabs/Module/Connedit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index feed9cb1a..7db4950b1 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -433,7 +433,7 @@ class Connedit extends \Zotlabs\Web\Controller { else { // if you are on a different network we'll force a refresh of the connection basic info - Zotlabs\Daemon\Master::Summon(array('Notifier','permission_update',$contact_id)); + \Zotlabs\Daemon\Master::Summon(array('Notifier','permission_update',$contact_id)); } goaway(z_root() . '/connedit/' . $contact_id); } -- cgit v1.2.3 From 2e93a09d83f16f12796ff4edc1aca09339ae2ccf Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 29 Jun 2016 17:31:48 -0700 Subject: stream large photos through buffered I/O if possible --- Zotlabs/Module/Photo.php | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 5148c4a94..66aaec49f 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -2,6 +2,7 @@ namespace Zotlabs\Module; require_once('include/security.php'); +require_once('include/attach.php'); require_once('include/photo/photo_driver.php'); @@ -10,6 +11,8 @@ class Photo extends \Zotlabs\Web\Controller { function init() { $prvcachecontrol = false; + $streaming = null; + $channel = null; switch(argc()) { case 4: @@ -131,6 +134,8 @@ class Photo extends \Zotlabs\Web\Controller { $sql_extra = permissions_sql($r[0]['uid']); + $channel = channelx_by_n($r[0]['uid']); + // Now we'll see if we can access the photo $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1", @@ -141,8 +146,9 @@ class Photo extends \Zotlabs\Web\Controller { if($r && $allowed) { $data = dbunescbin($r[0]['content']); $mimetype = $r[0]['mimetype']; - if(intval($r[0]['os_storage'])) - $data = file_get_contents($data); + if(intval($r[0]['os_storage'])) { + $streaming = $data; + } } else { @@ -242,7 +248,25 @@ class Photo extends \Zotlabs\Web\Controller { header("Cache-Control: max-age=" . $cache); } - echo $data; + + // If it's a file resource, stream it. + + if($streaming && $channel) { + if(strpos($streaming,'store') !== false) + $istream = fopen($streaming,'rb'); + else + $istream = fopen('store/' . $channel['channel_address'] . '/' . $streaming,'rb'); + $ostream = fopen('php://output','wb'); + if($istream && $ostream) { + pipe_streams($istream,$ostream); + fclose($istream); + fclose($ostream); + } + } + else { + echo $data; + } + killme(); // NOTREACHED } -- cgit v1.2.3 From 9ef710c557fcc4ea01c87e03fd7a477eb037f09c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 29 Jun 2016 20:59:00 -0700 Subject: provide wiki as a feature (default is on so there aren't any surprises) and add to channel menu and profile tabs --- Zotlabs/Module/Wiki.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 38b49effc..2f22f0a81 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -25,8 +25,18 @@ class Wiki extends \Zotlabs\Web\Controller { } function get() { + + if(observer_prohibited(true)) { + return login(); + } + + $tab = 'wiki'; + + require_once('include/wiki.php'); require_once('include/acl_selectors.php'); + require_once('include/conversation.php'); + // TODO: Combine the interface configuration into a unified object // Something like $interface = array('new_page_button' => false, 'new_wiki_button' => false, ...) $wiki_owner = false; @@ -151,6 +161,11 @@ class Wiki extends \Zotlabs\Web\Controller { ) ); + $is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false); + + $o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']); + + $o .= replace_macros(get_markup_template('wiki.tpl'),array( '$wikiheaderName' => $wikiheaderName, '$wikiheaderPage' => $wikiheaderPage, -- cgit v1.2.3 From bfe84a9ff753d4d9834ea24ad65edfef3561458c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 29 Jun 2016 22:46:47 -0700 Subject: templatise the Dreport page and add a redeliver option for when things stuff up badly. --- Zotlabs/Module/Dreport.php | 52 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 43 insertions(+), 9 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php index e8709c952..904646d5d 100644 --- a/Zotlabs/Module/Dreport.php +++ b/Zotlabs/Module/Dreport.php @@ -16,7 +16,24 @@ class Dreport extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); $mid = ((argc() > 1) ? argv(1) : ''); - + + if($mid === 'push') { + $table = 'push'; + $mid = ((argc() > 2) ? argv(2) : ''); + if($mid) { + $i = q("select id from item where mid = '%s' and author_xchan = '%s' and uid = %d", + dbesc($mid), + dbesc($channel['channel_hash']), + intval($channel['channel_id']) + ); + if($i) { + \Zotlabs\Daemon\Master::Summon([ 'Notifier', 'edit_post', $i[0]['id'] ]); + } + } + sleep(3); + goaway(z_root() . '/dreport/' . urlencode($mid)); + } + if($mid === 'mail') { $table = 'mail'; $mid = ((argc() > 2) ? argv(2) : ''); @@ -60,9 +77,10 @@ class Dreport extends \Zotlabs\Web\Controller { return; } - $o .= '
'; - $o .= '

' . sprintf( t('Delivery report for %1$s'),substr($mid,0,32)) . '...' . '

'; - $o .= ''; +// $o .= '
'; +// $o .= '

' . sprintf( t('Delivery report for %1$s'),substr($mid,0,32)) . '...' . '

'; + +// $o .= '
'; for($x = 0; $x < count($r); $x++ ) { $r[$x]['name'] = escape_tags(substr($r[$x]['dreport_recip'],strpos($r[$x]['dreport_recip'],' '))); @@ -119,13 +137,29 @@ class Dreport extends \Zotlabs\Web\Controller { } usort($r,'self::dreport_gravity_sort'); - - + + $entries = array(); foreach($r as $rr) { - $o .= ''; + $entries[] = [ + 'name' => $rr['name'], + 'result' => escape_tags($rr['dreport_result']), + 'time' => escape_tags($rr['dreport_time']) + ]; } - $o .= '
' . $rr['name'] . '' . escape_tags($rr['dreport_result']) . '' . escape_tags($rr['dreport_time']) . '
'; - $o .= '
'; + + $o = replace_macros(get_markup_template('dreport.tpl'), array( + '$title' => sprintf( t('Delivery report for %1$s'),substr($mid,0,32)) . '...', + '$table' => $table, + '$mid' => urlencode($mid), + '$push' => t('Redeliver'), + '$entries' => $entries + )); + +// foreach($r as $rr) { +// $o .= '' . $rr['name'] . '' . escape_tags($rr['dreport_result']) . '' . escape_tags($rr['dreport_time']) . ''; +// } +// $o .= ''; +// $o .= ''; return $o; -- cgit v1.2.3 From 1cc816f66223d5ea5043d4c667478503293414b8 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 29 Jun 2016 22:53:18 -0700 Subject: dreport: convert timestamp to channel localtime and get rid of old pre-template code --- Zotlabs/Module/Dreport.php | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php index 904646d5d..17ed6515e 100644 --- a/Zotlabs/Module/Dreport.php +++ b/Zotlabs/Module/Dreport.php @@ -76,12 +76,7 @@ class Dreport extends \Zotlabs\Web\Controller { notice( t('no results') . EOL); return; } - -// $o .= '
'; -// $o .= '

' . sprintf( t('Delivery report for %1$s'),substr($mid,0,32)) . '...' . '

'; -// $o .= ''; - for($x = 0; $x < count($r); $x++ ) { $r[$x]['name'] = escape_tags(substr($r[$x]['dreport_recip'],strpos($r[$x]['dreport_recip'],' '))); @@ -143,7 +138,7 @@ class Dreport extends \Zotlabs\Web\Controller { $entries[] = [ 'name' => $rr['name'], 'result' => escape_tags($rr['dreport_result']), - 'time' => escape_tags($rr['dreport_time']) + 'time' => escape_tags(datetime_convert('UTC',date_default_timezone_get(),$rr['dreport_time'])) ]; } @@ -155,11 +150,6 @@ class Dreport extends \Zotlabs\Web\Controller { '$entries' => $entries )); -// foreach($r as $rr) { -// $o .= ''; -// } -// $o .= '
' . $rr['name'] . '' . escape_tags($rr['dreport_result']) . '' . escape_tags($rr['dreport_time']) . '
'; -// $o .= '
'; return $o; -- cgit v1.2.3