From eaf117cce19f0fd78f551fea27f382d3b8b49110 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Wed, 7 Nov 2018 18:22:55 +0100 Subject: Added `If-Modified-Since` header support for better image caching and fixed absent 404 for photos --- Zotlabs/Module/Photo.php | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index d76fca278..d3d82f035 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -10,7 +10,7 @@ require_once('include/photos.php'); class Photo extends \Zotlabs\Web\Controller { function init() { - + $prvcachecontrol = false; $streaming = null; $channel = null; @@ -32,6 +32,7 @@ class Photo extends \Zotlabs\Web\Controller { } $observer_xchan = get_observer_hash(); + $ismodified = $_SERVER['HTTP_IF_MODIFIED_SINCE']; if(isset($type)) { @@ -86,6 +87,7 @@ class Photo extends \Zotlabs\Web\Controller { if(intval($r[0]['os_storage'])) $data = file_get_contents($data); } + if(! $data) { $data = fetch_image_from_url($default,$mimetype); } @@ -179,8 +181,19 @@ class Photo extends \Zotlabs\Web\Controller { } } + } else { + http_status_exit(404,'not found'); } } + + header_remove('Pragma'); + + if($ismodified === gmdate("D, d M Y H:i:s", $modified) . " GMT") { + header_remove('Expires'); + header_remove('Cache-Control'); + header_remove('Set-Cookie'); + http_status_exit(304,'not modified'); + } if(! isset($data)) { if(isset($resolution)) { @@ -219,11 +232,6 @@ class Photo extends \Zotlabs\Web\Controller { } - if(function_exists('header_remove')) { - header_remove('Pragma'); - header_remove('pragma'); - } - header("Content-type: " . $mimetype); if($prvcachecontrol) { -- cgit v1.2.3 From 3f6cd5a6634481024853f7823043e6b6ea1e4784 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Wed, 7 Nov 2018 19:52:38 +0100 Subject: Disable image caching if personal or group permissions enabled --- Zotlabs/Module/Photo.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index d3d82f035..09c698b1a 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -128,9 +128,7 @@ class Photo extends \Zotlabs\Web\Controller { $photo = substr($photo,0,-2); // If viewing on a high-res screen, attempt to serve a higher resolution image: if ($resolution == 2 && ($cookie_value > 1)) - { $resolution = 1; - } } $r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", @@ -171,6 +169,8 @@ class Photo extends \Zotlabs\Web\Controller { $modified = strtotime($e[0]['edited']); if(intval($e[0]['os_storage'])) $streaming = $data; + if($e[0]['allow_cid'] != '' || $e[0]['allow_gid'] != '' || $e[0]['deny_gid'] != '' || $e[0]['deny_gid'] != '') + $prvcachecontrol = true; } else { if(! $allowed) { @@ -188,13 +188,13 @@ class Photo extends \Zotlabs\Web\Controller { header_remove('Pragma'); - if($ismodified === gmdate("D, d M Y H:i:s", $modified) . " GMT") { + if($ismodified === gmdate("D, d M Y H:i:s", $modified) . " GMT") { header_remove('Expires'); header_remove('Cache-Control'); header_remove('Set-Cookie'); - http_status_exit(304,'not modified'); - } - + http_status_exit(304,'not modified'); + } + if(! isset($data)) { if(isset($resolution)) { switch($resolution) { -- cgit v1.2.3 From e0a0570cc4409943d546ba114f5e9ba5e4aaa5d1 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 8 Nov 2018 11:06:44 +0100 Subject: $data only contains the link to the image if the image is in os storage. The size is calculatet wrong in this case and the download fails. rely on filesize from the db for content-length --- Zotlabs/Module/Photo.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 09c698b1a..de11b41c7 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -165,6 +165,7 @@ class Photo extends \Zotlabs\Web\Controller { if($exists && $allowed) { $data = dbunescbin($e[0]['content']); + $filesize = $e[0]['filesize']; $mimetype = $e[0]['mimetype']; $modified = strtotime($e[0]['edited']); if(intval($e[0]['os_storage'])) @@ -261,7 +262,7 @@ class Photo extends \Zotlabs\Web\Controller { } header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT"); - header("Content-Length: " . strlen($data)); + header("Content-Length: " . $filesize); // If it's a file resource, stream it. -- cgit v1.2.3 From dc0335d1d56f1d76fa170ef0b222560176e074b5 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Thu, 8 Nov 2018 11:53:27 +0100 Subject: Correct "Content-Length:" calculation added --- Zotlabs/Module/Photo.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index de11b41c7..e218d1c53 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -262,7 +262,7 @@ class Photo extends \Zotlabs\Web\Controller { } header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT"); - header("Content-Length: " . $filesize); + header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data))); // If it's a file resource, stream it. -- cgit v1.2.3 From dc59561a95f8354209f423a07bfd7fb3381f3633 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Fri, 9 Nov 2018 22:17:11 +0100 Subject: Fixed timezone conversion --- Zotlabs/Module/Photo.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index e218d1c53..6d2c400a9 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -80,7 +80,7 @@ class Photo extends \Zotlabs\Web\Controller { intval(PHOTO_PROFILE) ); if($r) { - $modified = strtotime($r[0]['edited']); + $modified = strtotime($r[0]['edited'] . "Z"); $data = dbunescbin($r[0]['content']); $mimetype = $r[0]['mimetype']; } @@ -167,7 +167,7 @@ class Photo extends \Zotlabs\Web\Controller { $data = dbunescbin($e[0]['content']); $filesize = $e[0]['filesize']; $mimetype = $e[0]['mimetype']; - $modified = strtotime($e[0]['edited']); + $modified = strtotime($e[0]['edited'] . 'Z'); if(intval($e[0]['os_storage'])) $streaming = $data; if($e[0]['allow_cid'] != '' || $e[0]['allow_gid'] != '' || $e[0]['deny_gid'] != '' || $e[0]['deny_gid'] != '') @@ -193,7 +193,7 @@ class Photo extends \Zotlabs\Web\Controller { header_remove('Expires'); header_remove('Cache-Control'); header_remove('Set-Cookie'); - http_status_exit(304,'not modified'); + http_status_exit(304,'not modified'); } if(! isset($data)) { @@ -261,7 +261,7 @@ class Photo extends \Zotlabs\Web\Controller { } - header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT"); + header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified . "Z") . " GMT"); header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data))); // If it's a file resource, stream it. -- cgit v1.2.3 From f7b00c62a4f9a13cf7737697b89df45342c55ea2 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Sat, 10 Nov 2018 10:05:28 +0100 Subject: Remove unnecessary Zulu timezone mention --- Zotlabs/Module/Photo.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 6d2c400a9..95e3404fb 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -261,7 +261,7 @@ class Photo extends \Zotlabs\Web\Controller { } - header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified . "Z") . " GMT"); + header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT"); header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data))); // If it's a file resource, stream it. -- cgit v1.2.3 From b57d296adccc54131df9b0271a29e385b2095454 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Sat, 10 Nov 2018 20:35:14 +0100 Subject: Preserve photo modification date --- Zotlabs/Module/Photos.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 78bfb1f09..03fd8a53d 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -263,7 +263,8 @@ class Photos extends \Zotlabs\Web\Controller { $fsize = strlen($data); } - $x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0", + $x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0", + dbesc(datetime_convert()), dbescbin($data), intval($fsize), intval($height), @@ -278,7 +279,8 @@ class Photos extends \Zotlabs\Web\Controller { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1", + $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1", + dbesc(datetime_convert()), dbescbin($ph->imageString()), intval($height), intval($width), @@ -293,7 +295,8 @@ class Photos extends \Zotlabs\Web\Controller { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2", + $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2", + dbesc(datetime_convert()), dbescbin($ph->imageString()), intval($height), intval($width), @@ -308,7 +311,8 @@ class Photos extends \Zotlabs\Web\Controller { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3", + $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3", + dbesc(datetime_convert()), dbescbin($ph->imageString()), intval($height), intval($width), -- cgit v1.2.3 From 4a6b45cf048f4561cbeecab9a487ce55cdc4ddfd Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 12 Nov 2018 11:13:36 -0800 Subject: enotify::format hook for superblock --- Zotlabs/Lib/Enotify.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php index cfb0bd344..25c96d9cc 100644 --- a/Zotlabs/Lib/Enotify.php +++ b/Zotlabs/Lib/Enotify.php @@ -825,7 +825,7 @@ class Enotify { // convert this logic into a json array just like the system notifications - return array( + $x = array( 'notify_link' => $item['llink'], 'name' => $item['author']['xchan_name'], 'url' => $item['author']['xchan_url'], @@ -835,9 +835,19 @@ class Enotify { 'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])), 'notify_id' => 'undefined', 'thread_top' => (($item['item_thread_top']) ? true : false), - 'message' => strip_tags(bbcode($itemem_text)) + 'message' => strip_tags(bbcode($itemem_text)), + // these are for the superblock addon + 'hash' => $item['author']['xchan_hash'], + 'uid' => local_channel(), + 'display' => true ); + call_hooks('enotify_format',$x); + if(! $x['display']) { + return []; + } + + return $x; } } -- cgit v1.2.3 From 6375f2d73a0c314e8de12071f1e604e59d8c76de Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Tue, 13 Nov 2018 11:25:14 +0100 Subject: Replace fetch_image_from_url() with z_fetch_url() --- Zotlabs/Module/Photo.php | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 95e3404fb..69685a257 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -89,11 +89,11 @@ class Photo extends \Zotlabs\Web\Controller { } if(! $data) { - $data = fetch_image_from_url($default,$mimetype); - } - if(! $mimetype) { + $x = z_fetch_url($default,true,0,[ 'novalidate' => true ]); + $data = $x['body']; $mimetype = 'image/png'; } + } else { @@ -200,19 +200,22 @@ class Photo extends \Zotlabs\Web\Controller { if(isset($resolution)) { switch($resolution) { case 4: - $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(),$mimetype); + $default = z_root() . '/' . get_default_profile_photo(); break; case 5: - $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(80),$mimetype); + $default = z_root() . '/' . get_default_profile_photo(80); break; case 6: - $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(48),$mimetype); + $default = z_root() . '/' . get_default_profile_photo(48); break; default: killme(); // NOTREACHED break; } + $x = z_fetch_url($default,true,0,[ 'novalidate' => true ]); + $data = $x['body']; + $mimetype = 'image/png'; } } -- cgit v1.2.3 From b38ffef2be2ca4d53128768d3adb267985f4f856 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Tue, 13 Nov 2018 11:25:46 +0100 Subject: Revert "Replace fetch_image_from_url() with z_fetch_url()" This reverts commit 6375f2d73a0c314e8de12071f1e604e59d8c76de --- Zotlabs/Module/Photo.php | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 69685a257..95e3404fb 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -89,11 +89,11 @@ class Photo extends \Zotlabs\Web\Controller { } if(! $data) { - $x = z_fetch_url($default,true,0,[ 'novalidate' => true ]); - $data = $x['body']; + $data = fetch_image_from_url($default,$mimetype); + } + if(! $mimetype) { $mimetype = 'image/png'; } - } else { @@ -200,22 +200,19 @@ class Photo extends \Zotlabs\Web\Controller { if(isset($resolution)) { switch($resolution) { case 4: - $default = z_root() . '/' . get_default_profile_photo(); + $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(),$mimetype); break; case 5: - $default = z_root() . '/' . get_default_profile_photo(80); + $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(80),$mimetype); break; case 6: - $default = z_root() . '/' . get_default_profile_photo(48); + $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(48),$mimetype); break; default: killme(); // NOTREACHED break; } - $x = z_fetch_url($default,true,0,[ 'novalidate' => true ]); - $data = $x['body']; - $mimetype = 'image/png'; } } -- cgit v1.2.3 From 31f4d9066b6bffcbe539f293bf814c418f1523cf Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 13 Nov 2018 14:23:56 -0800 Subject: xss in search --- Zotlabs/Module/Search.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index e520c671d..272bbdac1 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -6,7 +6,7 @@ class Search extends \Zotlabs\Web\Controller { function init() { if(x($_REQUEST,'search')) - \App::$data['search'] = $_REQUEST['search']; + \App::$data['search'] = escape_tags($_REQUEST['search']); } @@ -46,12 +46,12 @@ class Search extends \Zotlabs\Web\Controller { if(x(\App::$data,'search')) $search = trim(\App::$data['search']); else - $search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : ''); + $search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : ''); $tag = false; if(x($_GET,'tag')) { $tag = true; - $search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : ''); + $search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : ''); } $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); -- cgit v1.2.3