From 0c3d5e99a299fb51a63f51d2e8b9117590b717f7 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 21 Jul 2016 20:50:39 -0700 Subject: PConfig : Check for is_null($uid) as well as false. We actually allow $uid = 0 though it shouldn't normally happen. --- Zotlabs/Lib/PConfig.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Lib/PConfig.php b/Zotlabs/Lib/PConfig.php index 195321375..319b8f203 100644 --- a/Zotlabs/Lib/PConfig.php +++ b/Zotlabs/Lib/PConfig.php @@ -17,7 +17,7 @@ class PConfig { */ static public function Load($uid) { - if($uid === false) + if(is_null($uid) || $uid === false) return false; if(! array_key_exists($uid, \App::$config)) @@ -61,7 +61,7 @@ class PConfig { static public function Get($uid,$family,$key,$instore = false) { - if($uid === false) + if(is_null($uid) || $uid === false) return false; if(! array_key_exists($uid, \App::$config)) @@ -102,7 +102,7 @@ class PConfig { // we provide a function backtrace in the logs so that we can find // and fix the calling function. - if($uid === false) { + if(is_null($uid) || $uid === false) { btlogger('UID is FALSE!', LOGGER_NORMAL, LOG_ERR); return; } @@ -172,6 +172,9 @@ class PConfig { static public function Delete($uid, $family, $key) { + if(is_null($uid) || $uid === false) + return false; + $ret = false; if(array_key_exists($key, \App::$config[$uid][$family])) -- cgit v1.2.3 From 7d897a3f03bd57ed556433eb84a41963ba44e02e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 21 Jul 2016 23:06:55 -0700 Subject: more work on #453 --- Zotlabs/Module/Like.php | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 1ca37d646..170349509 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -264,23 +264,22 @@ class Like extends \Zotlabs\Web\Controller { logger('like: no item ' . $item_id); killme(); } - - + + + xchan_query($r,true,(($r[0]['uid'] == local_channel()) ? 0 : local_channel())); + $item = $r[0]; - $owner_uid = $item['uid']; - $owner_aid = $item['aid']; - - - $sys = get_sys_channel(); - - - // if this is a "discover" item, (item['uid'] is the sys channel), - // fallback to the item comment policy, which should've been - // respected when generating the conversation thread. - // Even if the activity is rejected by the item owner, it should still get attached - // to the local discover conversation on this site. - - if(($owner_uid != $sys['channel_id']) && (! perm_is_allowed($owner_uid,$observer['xchan_hash'],'post_comments'))) { + + $owner_uid = $r[0]['uid']; + $owner_aid = $r[0]['aid']; + + $can_comment = false; + if((array_key_exists('owner',$item)) && intval($item['owner']['abook_self'])) + $can_comment = perm_is_allowed($item['uid'],$observer['xchan_hash'],'post_comments'); + else + $can_comment = can_comment_on_post($observer['xchan_hash'],$item); + + if(! $can_comment) { notice( t('Permission denied') . EOL); killme(); } -- cgit v1.2.3 From 6998bb1f23b63c3439f34d9b3f53c42a6922a58e Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 24 Jul 2016 07:41:53 -0400 Subject: Multiple file upload by drag and drop with progress indicators and auto page reload --- Zotlabs/Storage/Browser.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index 713d75108..e719530b5 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -306,7 +306,8 @@ class Browser extends DAV\Browser\Plugin { '$folder_submit' => t('Create'), '$upload_header' => t('Upload file'), '$upload_submit' => t('Upload'), - '$quota' => $quota + '$quota' => $quota, + '$dragdroptext' => t('Drop files here to immediately upload') )); } -- cgit v1.2.3 From b5f2b4af354b8864a3dfa1756c52631625430c44 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 24 Jul 2016 16:11:34 -0700 Subject: string update and some minor comment edits --- Zotlabs/Module/Openid.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Openid.php b/Zotlabs/Module/Openid.php index 8cbc6d2fd..31c249f85 100644 --- a/Zotlabs/Module/Openid.php +++ b/Zotlabs/Module/Openid.php @@ -82,8 +82,8 @@ class Openid extends \Zotlabs\Web\Controller { // no xchan... // create one. - // We should probably probe the openid url and figure out if they have any kind of social presence we might be able to - // scrape some identifying info from. + // We should probably probe the openid url and figure out if they have any kind of + // social presence we might be able to scrape some identifying info from. $name = $authid; $url = trim($_REQUEST['openid_identity'],'/'); -- cgit v1.2.3 From 271f85be3b36a4d4aac55a51cb7ff2580a95ce3e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 24 Jul 2016 20:27:59 -0700 Subject: add acl selection to files upload via /cloud (still missing from directory creation) --- Zotlabs/Module/File_upload.php | 38 ++++++++++++++++++++++++++++++++++++++ Zotlabs/Storage/Browser.php | 21 ++++++++++++++++++++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 Zotlabs/Module/File_upload.php (limited to 'Zotlabs') diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php new file mode 100644 index 000000000..45f820b7c --- /dev/null +++ b/Zotlabs/Module/File_upload.php @@ -0,0 +1,38 @@ +auth-owner_id) { + $channel = channelx_by_n($this->auth->owner_id); + if($channel) { + $acl = new \Zotlabs\Access\AccessList($channel); + $channel_acl = $acl->get(); + $lockstate = (($acl->is_private()) ? 'lock' : 'unlock'); + + $aclselect = ((local_channel() == $this->auth->owner_id) ? populate_acl($channel_acl,false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')) : ''); + + } + } // Storage and quota for the account (all channels of the owner of this directory)! $limit = engr_units_to_bytes(service_class_fetch($owner, 'attach_upload_limit')); @@ -293,7 +309,6 @@ class Browser extends DAV\Browser\Plugin { userReadableSize($limit), round($used / $limit, 1) * 100); } - // prepare quota for template $quota = array(); $quota['used'] = $used; @@ -307,6 +322,10 @@ class Browser extends DAV\Browser\Plugin { '$upload_header' => t('Upload file'), '$upload_submit' => t('Upload'), '$quota' => $quota, + '$channick' => $this->auth->owner_nick, + '$aclselect' => $aclselect, + '$lockstate' => $lockstate, + '$return_url' => \App::$cmd, '$dragdroptext' => t('Drop files here to immediately upload') )); } -- cgit v1.2.3 From 063b4286e7feae472d52e9717ba1bafede48d1b4 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 24 Jul 2016 22:36:37 -0700 Subject: trace log pconfig cache if for some reason it isn't an array --- Zotlabs/Lib/PConfig.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'Zotlabs') diff --git a/Zotlabs/Lib/PConfig.php b/Zotlabs/Lib/PConfig.php index 319b8f203..a481667a5 100644 --- a/Zotlabs/Lib/PConfig.php +++ b/Zotlabs/Lib/PConfig.php @@ -23,6 +23,14 @@ class PConfig { if(! array_key_exists($uid, \App::$config)) \App::$config[$uid] = array(); + if(! is_array(\App::$config)) { + btlogger('App::$config not an array: ' . $uid); + } + + if(! is_array(\App::$config[$uid])) { + btlogger('App::$config[$uid] not an array: ' . $uid); + } + $r = q("SELECT * FROM pconfig WHERE uid = %d", intval($uid) ); -- cgit v1.2.3 From 01338a76103a18d053413f1a8ad45870b2babf02 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 24 Jul 2016 22:58:26 -0700 Subject: make drag/drop work with acl, which bypassed the form --- Zotlabs/Module/File_upload.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php index 45f820b7c..999b241f1 100644 --- a/Zotlabs/Module/File_upload.php +++ b/Zotlabs/Module/File_upload.php @@ -9,6 +9,8 @@ require_once('include/photos.php'); class File_upload extends \Zotlabs\Web\Controller { function post() { + + // logger('file upload: ' . print_r($_REQUEST,true)); $channel = (($_REQUEST['channick']) ? get_channel_by_nick($_REQUEST['channick']) : null); -- cgit v1.2.3 From 5d4245ff01fd2445843cd9e99bae5f44d160d5fa Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 25 Jul 2016 17:16:41 -0700 Subject: move openid to addon --- Zotlabs/Module/Id.php | 319 ---------------------------------------------- Zotlabs/Module/Openid.php | 198 ---------------------------- 2 files changed, 517 deletions(-) delete mode 100644 Zotlabs/Module/Id.php delete mode 100644 Zotlabs/Module/Openid.php (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Id.php b/Zotlabs/Module/Id.php deleted file mode 100644 index e053bf99c..000000000 --- a/Zotlabs/Module/Id.php +++ /dev/null @@ -1,319 +0,0 @@ - t('First Name'), - 'namePerson/last' => t('Last Name'), - 'namePerson/friendly' => t('Nickname'), - 'namePerson' => t('Full Name'), - 'contact/internet/email' => t('Email'), - 'contact/email' => t('Email'), - 'media/image/aspect11' => t('Profile Photo'), - 'media/image' => t('Profile Photo'), - 'media/image/default' => t('Profile Photo'), - 'media/image/16x16' => t('Profile Photo 16px'), - 'media/image/32x32' => t('Profile Photo 32px'), - 'media/image/48x48' => t('Profile Photo 48px'), - 'media/image/64x64' => t('Profile Photo 64px'), - 'media/image/80x80' => t('Profile Photo 80px'), - 'media/image/128x128' => t('Profile Photo 128px'), - 'timezone' => t('Timezone'), - 'contact/web/default' => t('Homepage URL'), - 'language/pref' => t('Language'), - 'birthDate/birthYear' => t('Birth Year'), - 'birthDate/birthMonth' => t('Birth Month'), - 'birthDate/birthday' => t('Birth Day'), - 'birthDate' => t('Birthdate'), - 'gender' => t('Gender'), -); - - -/** - * @brief Entrypoint for the OpenID implementation. - * - * @param App &$a - */ - -class Id extends \Zotlabs\Web\Controller { - - function init() { - - logger('id: ' . print_r($_REQUEST, true)); - - if(argc() > 1) { - $which = argv(1); - } else { - \App::$error = 404; - return; - } - - $profile = ''; - $channel = \App::get_channel(); - profile_load($which,$profile); - - $op = new MysqlProvider; - $op->server(); - } - - /** - * @brief Returns user data needed for OpenID. - * - * If no $handle is provided we will use local_channel() by default. - * - * @param string $handle (default null) - * @return boolean|array - */ - static public function getUserData($handle = null) { - if (! local_channel()) { - notice( t('Permission denied.') . EOL); - \App::$page['content'] = login(); - - return false; - } - - // logger('handle: ' . $handle); - - if ($handle) { - $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", - dbesc($handle) - ); - } else { - $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d", - intval(local_channel()) - ); - } - - if (! r) - return false; - - $x = q("select * from account where account_id = %d limit 1", - intval($r[0]['channel_account_id']) - ); - if ($x) - $r[0]['email'] = $x[0]['account_email']; - - $p = q("select * from profile where is_default = 1 and uid = %d limit 1", - intval($r[0]['channel_account_id']) - ); - - $gender = ''; - if ($p[0]['gender'] == t('Male')) - $gender = 'M'; - if ($p[0]['gender'] == t('Female')) - $gender = 'F'; - - $r[0]['firstName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],0,strpos($r[0]['channel_name'],' ')) : $r[0]['channel_name']); - $r[0]['lastName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],strpos($r[0]['channel_name'],' ')+1) : ''); - $r[0]['namePerson'] = $r[0]['channel_name']; - $r[0]['pphoto'] = $r[0]['xchan_photo_l']; - $r[0]['pphoto16'] = z_root() . '/photo/profile/16/' . $r[0]['channel_id'] . '.jpg'; - $r[0]['pphoto32'] = z_root() . '/photo/profile/32/' . $r[0]['channel_id'] . '.jpg'; - $r[0]['pphoto48'] = z_root() . '/photo/profile/48/' . $r[0]['channel_id'] . '.jpg'; - $r[0]['pphoto64'] = z_root() . '/photo/profile/64/' . $r[0]['channel_id'] . '.jpg'; - $r[0]['pphoto80'] = z_root() . '/photo/profile/80/' . $r[0]['channel_id'] . '.jpg'; - $r[0]['pphoto128'] = z_root() . '/photo/profile/128/' . $r[0]['channel_id'] . '.jpg'; - $r[0]['timezone'] = $r[0]['channel_timezone']; - $r[0]['url'] = $r[0]['xchan_url']; - $r[0]['language'] = (($x[0]['account_language']) ? $x[0]['account_language'] : 'en'); - $r[0]['birthyear'] = ((intval(substr($p[0]['dob'],0,4))) ? intval(substr($p[0]['dob'],0,4)) : ''); - $r[0]['birthmonth'] = ((intval(substr($p[0]['dob'],5,2))) ? intval(substr($p[0]['dob'],5,2)) : ''); - $r[0]['birthday'] = ((intval(substr($p[0]['dob'],8,2))) ? intval(substr($p[0]['dob'],8,2)) : ''); - $r[0]['birthdate'] = (($r[0]['birthyear'] && $r[0]['birthmonth'] && $r[0]['birthday']) ? $p[0]['dob'] : ''); - $r[0]['gender'] = $gender; - - return $r[0]; - - /* - * if(isset($_POST['login'],$_POST['password'])) { - * $login = mysql_real_escape_string($_POST['login']); - * $password = sha1($_POST['password']); - * $q = mysql_query("SELECT * FROM Users WHERE login = '$login' AND password = '$password'"); - * if($data = mysql_fetch_assoc($q)) { - * return $data; - * } - * if($handle) { - * echo 'Wrong login/password.'; - * } - * } - * if($handle) { - * ?> - *
- * - * Login:
- * Password:
- * - *
- * 'firstName', - 'namePerson/last' => 'lastName', - 'namePerson/friendly' => 'channel_address', - 'namePerson' => 'namePerson', - 'contact/internet/email' => 'email', - 'contact/email' => 'email', - 'media/image/aspect11' => 'pphoto', - 'media/image' => 'pphoto', - 'media/image/default' => 'pphoto', - 'media/image/16x16' => 'pphoto16', - 'media/image/32x32' => 'pphoto32', - 'media/image/48x48' => 'pphoto48', - 'media/image/64x64' => 'pphoto64', - 'media/image/80x80' => 'pphoto80', - 'media/image/128x128' => 'pphoto128', - 'timezone' => 'timezone', - 'contact/web/default' => 'url', - 'language/pref' => 'language', - 'birthDate/birthYear' => 'birthyear', - 'birthDate/birthMonth' => 'birthmonth', - 'birthDate/birthday' => 'birthday', - 'birthDate' => 'birthdate', - 'gender' => 'gender', - ); - - function setup($identity, $realm, $assoc_handle, $attributes) { - global $attrMap; - - // logger('identity: ' . $identity); - // logger('realm: ' . $realm); - // logger('assoc_handle: ' . $assoc_handle); - // logger('attributes: ' . print_r($attributes,true)); - - $data = \Zotlabs\Module\Id::getUserData($assoc_handle); - - - /** @FIXME this needs to be a template with localised strings */ - - $o .= '
' - . '' - . '' - . '' - . "$realm wishes to authenticate you."; - if($attributes['required'] || $attributes['optional']) { - $o .= " It also requests following information (required fields marked with *):" - . '
    '; - - foreach($attributes['required'] as $attr) { - if(isset($this->attrMap[$attr])) { - $o .= '
  • ' - . ' ' - . $this->attrMap[$attr] . ' *
    • '; - } - } - - foreach($attributes['optional'] as $attr) { - if(isset($this->attrMap[$attr])) { - $o .= '
  • ' - . ' ' - . $this->attrMap[$attr] . '
    • '; - } - } - $o .= '
'; - } - $o .= '
' - . ' ' - . ' ' - . ' ' - . '
'; - - \App::$page['content'] .= $o; - } - - function checkid($realm, &$attributes) { - - logger('checkid: ' . $realm); - logger('checkid attrs: ' . print_r($attributes,true)); - - if(isset($_POST['cancel'])) { - $this->cancel(); - } - - $data = \Zotlabs\Module\Id::getUserData(); - if(! $data) { - return false; - } - - $q = get_pconfig(local_channel(), 'openid', $realm); - - $attrs = array(); - if($q) { - $attrs = $q; - } elseif(isset($_POST['attributes'])) { - $attrs = array_keys($_POST['attributes']); - } elseif(!isset($_POST['once']) && !isset($_POST['always'])) { - return false; - } - - $attributes = array(); - foreach($attrs as $attr) { - if(isset($this->attrFieldMap[$attr])) { - $attributes[$attr] = $data[$this->attrFieldMap[$attr]]; - } - } - - if(isset($_POST['always'])) { - set_pconfig(local_channel(),'openid',$realm,array_keys($attributes)); - } - - return z_root() . '/id/' . $data['channel_address']; - } - - function assoc_handle() { - logger('assoc_handle'); - $channel = \App::get_channel(); - - return z_root() . '/channel/' . $channel['channel_address']; - } - - function setAssoc($handle, $data) { - logger('setAssoc'); - $channel = channelx_by_nick(basename($handle)); - if($channel) - set_pconfig($channel['channel_id'],'openid','associate',$data); - } - - function getAssoc($handle) { - logger('getAssoc: ' . $handle); - - $channel = channelx_by_nick(basename($handle)); - if($channel) - return get_pconfig($channel['channel_id'], 'openid', 'associate'); - - return false; - } - - function delAssoc($handle) { - logger('delAssoc'); - $channel = channelx_by_nick(basename($handle)); - if($channel) - return del_pconfig($channel['channel_id'], 'openid', 'associate'); - } - } - diff --git a/Zotlabs/Module/Openid.php b/Zotlabs/Module/Openid.php deleted file mode 100644 index 31c249f85..000000000 --- a/Zotlabs/Module/Openid.php +++ /dev/null @@ -1,198 +0,0 @@ -validate()) { - - logger('openid: validate'); - - $authid = normalise_openid($_REQUEST['openid_identity']); - - if(! strlen($authid)) { - logger( t('OpenID protocol error. No ID returned.') . EOL); - goaway(z_root()); - } - - $x = match_openid($authid); - if($x) { - - $r = q("select * from channel where channel_id = %d limit 1", - intval($x) - ); - if($r) { - $y = q("select * from account where account_id = %d limit 1", - intval($r[0]['channel_account_id']) - ); - if($y) { - foreach($y as $record) { - if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) { - logger('mod_openid: openid success for ' . $x[0]['channel_name']); - $_SESSION['uid'] = $r[0]['channel_id']; - $_SESSION['account_id'] = $r[0]['channel_account_id']; - $_SESSION['authenticated'] = true; - authenticate_success($record,$r[0],true,true,true,true); - goaway(z_root()); - } - } - } - } - } - - // Successful OpenID login - but we can't match it to an existing account. - // See if they've got an xchan - - $r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", - dbesc($authid) - ); - - if($r) { - $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $r[0]['xchan_hash']; - $_SESSION['my_url'] = $r[0]['xchan_url']; - $_SESSION['my_address'] = $r[0]['xchan_addr']; - $arr = array('xchan' => $r[0], 'session' => $_SESSION); - call_hooks('magic_auth_openid_success',$arr); - \App::set_observer($r[0]); - require_once('include/security.php'); - \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); - info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name'])); - logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); - if($_SESSION['return_url']) - goaway($_SESSION['return_url']); - goaway(z_root()); - } - - // no xchan... - // create one. - // We should probably probe the openid url and figure out if they have any kind of - // social presence we might be able to scrape some identifying info from. - - $name = $authid; - $url = trim($_REQUEST['openid_identity'],'/'); - if(strpos($url,'http') === false) - $url = 'https://' . $url; - $pphoto = z_root() . '/' . get_default_profile_photo(); - $parsed = @parse_url($url); - if($parsed) { - $host = $parsed['host']; - } - - $attr = $openid->getAttributes(); - - if(is_array($attr) && count($attr)) { - foreach($attr as $k => $v) { - if($k === 'namePerson/friendly') - $nick = notags(trim($v)); - if($k === 'namePerson/first') - $first = notags(trim($v)); - if($k === 'namePerson') - $name = notags(trim($v)); - if($k === 'contact/email') - $addr = notags(trim($v)); - if($k === 'media/image/aspect11') - $photosq = trim($v); - if($k === 'media/image/default') - $photo_other = trim($v); - } - } - if(! $nick) { - if($first) - $nick = $first; - else - $nick = $name; - } - - require_once('library/urlify/URLify.php'); - $x = strtolower(\URLify::transliterate($nick)); - if($nick & $host) - $addr = $nick . '@' . $host; - $network = 'unknown'; - - if($photosq) - $pphoto = $photosq; - elseif($photo_other) - $pphoto = $photo_other; - - $mimetype = guess_image_type($pphoto); - - $x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype, - xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date, - xchan_name_date, xchan_hidden) - values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 1) ", - dbesc($url), - dbesc(''), - dbesc(''), - dbesc(''), - dbesc($mimetype), - dbesc($pphoto), - dbesc($addr), - dbesc($url), - dbesc(''), - dbesc(''), - dbesc(''), - dbesc($name), - dbesc($network), - dbesc(datetime_convert()), - dbesc(datetime_convert()) - ); - if($x) { - $r = q("select * from xchan where xchan_hash = '%s' limit 1", - dbesc($url) - ); - if($r) { - - $photos = import_xchan_photo($pphoto,$url); - if($photos) { - $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', - xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", - dbesc(datetime_convert()), - dbesc($photos[0]), - dbesc($photos[1]), - dbesc($photos[2]), - dbesc($photos[3]), - dbesc($url) - ); - } - - set_xconfig($url,'system','openid',$authid); - $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $r[0]['xchan_hash']; - $_SESSION['my_url'] = $r[0]['xchan_url']; - $_SESSION['my_address'] = $r[0]['xchan_addr']; - $arr = array('xchan' => $r[0], 'session' => $_SESSION); - call_hooks('magic_auth_openid_success',$arr); - \App::set_observer($r[0]); - info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name'])); - logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); - if($_SESSION['return_url']) - goaway($_SESSION['return_url']); - goaway(z_root()); - } - } - - } - } - notice( t('Login failed.') . EOL); - goaway(z_root()); - // NOTREACHED - } - -} -- cgit v1.2.3 From 6900dd34a47786521bcfcd7bd128be797e5f8477 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Tue, 26 Jul 2016 09:04:52 +0200 Subject: URLUtil path has changed since sabredav 1.8 - fixes renaming issue in dav clients --- Zotlabs/Storage/Directory.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Storage/Directory.php b/Zotlabs/Storage/Directory.php index 6242d5274..0860f99a1 100644 --- a/Zotlabs/Storage/Directory.php +++ b/Zotlabs/Storage/Directory.php @@ -3,6 +3,7 @@ namespace Zotlabs\Storage; use Sabre\DAV; +use Sabre\HTTP; /** * @brief RedDirectory class. @@ -159,7 +160,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota { throw new DAV\Exception\Forbidden('Permission denied.'); } - list($parent_path, ) = DAV\URLUtil::splitPath($this->red_path); + list($parent_path, ) = HTTP\URLUtil::splitPath($this->red_path); $new_path = $parent_path . '/' . $name; $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND uid = %d", -- cgit v1.2.3 From 560af7a5b8e30001ea6bf9a6d2ea36e94ae904d0 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Tue, 26 Jul 2016 13:17:46 +0200 Subject: allow multiple-file cloud upload --- Zotlabs/Storage/Browser.php | 75 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) (limited to 'Zotlabs') diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index 93c55bd4c..0d1d4e791 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -69,6 +69,81 @@ class Browser extends DAV\Browser\Plugin { } } + /** + * Extend from parent to add our own listeners + */ + function initialize(DAV\Server $server) { + parent::initialize($server); + if ($this->enablePost) { + $this->server->on('onBrowserPostAction', [$this, 'cloudPostAction']); + } + } + + /** + * Handles POST requests for tree operations. + * + * @param string $uri + * @param string $action + * @param array $postVars + * @return boolean false will stop other events in the beforeMethod chain to execute + */ + function cloudPostAction($uri, $action, $postVars) { + switch ($postVars['sabreAction']) { + case 'mkcol' : + if (isset($postVars['name']) && trim($postVars['name'])) { + // Using basename() because we won't allow slashes + list(, $folderName) = \Sabre\HTTP\URLUtil::splitPath(trim($postVars['name'])); + + if (isset($postVars['resourceType'])) { + $resourceType = explode(',', $postVars['resourceType']); + } else { + $resourceType = ['{DAV:}collection']; + } + + $properties = []; + foreach ($postVars as $varName => $varValue) { + // Any _POST variable in clark notation is treated + // like a property. + if ($varName[0] === '{') { + // PHP will convert any dots to underscores. + // This leaves us with no way to differentiate + // the two. + // Therefore we replace the string *DOT* with a + // real dot. * is not allowed in uris so we + // should be good. + $varName = str_replace('*DOT*', '.', $varName); + $properties[$varName] = $varValue; + } + } + + $mkCol = new DAV\MkCol( + $resourceType, + $properties + ); + $this->server->createCollection($uri . '/' . $folderName, $mkCol); + } + break; + + case 'put' : + + if ($_FILES) + $file = current($_FILES); + else + break; + + for ($i = 0; $i < count($file['name']); $i++) { + list(, $newName) = \Sabre\HTTP\URLUtil::splitPath(trim($file['name'][$i])); + + if (is_uploaded_file($file['tmp_name'][$i])) { + $this->server->createFile($uri . '/' . $newName, fopen($file['tmp_name'][$i], 'r')); + } + } + break; + + } + return false; + } + /** * @brief Creates the directory listing for the given path. * -- cgit v1.2.3 From db176eec409b73c290ee4d7580867e97dead41fb Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 26 Jul 2016 17:24:17 -0700 Subject: set App::$error on 404 so we don't get two 'Page not found.' page bodies. --- Zotlabs/Web/Router.php | 1 + 1 file changed, 1 insertion(+) (limited to 'Zotlabs') diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index f9290ac30..4ba2a450d 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -152,6 +152,7 @@ class Router { // pretend this is a module so it will initialise the theme \App::$module = '404'; \App::$module_loaded = true; + \App::$error = true; } } } -- cgit v1.2.3 From 80e433831430e9edc3829d2760551e03643cc598 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 26 Jul 2016 19:28:28 -0700 Subject: missing s --- Zotlabs/Web/WebServer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index d4f3cb9ea..5bb0e08e8 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -124,7 +124,7 @@ class WebServer { // now that we've been through the module content, see if the page reported // a permission problem and if so, a 403 response would seem to be in order. - if(stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) { + if(is_array($_SESSION['sysmsg']) && stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) { header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.')); } -- cgit v1.2.3 From 315dafbe122829aedd80ede1db99d3e4e380dbf8 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 26 Jul 2016 20:05:40 -0700 Subject: restrict url cache to 254 maxlen --- Zotlabs/Lib/Cache.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'Zotlabs') diff --git a/Zotlabs/Lib/Cache.php b/Zotlabs/Lib/Cache.php index 35c8f56ad..f211269be 100644 --- a/Zotlabs/Lib/Cache.php +++ b/Zotlabs/Lib/Cache.php @@ -8,6 +8,9 @@ namespace Zotlabs\Lib; class Cache { public static function get($key) { + + $key = substr($key,0,254); + $r = q("SELECT v FROM cache WHERE k = '%s' limit 1", dbesc($key) ); @@ -19,6 +22,8 @@ class Cache { public static function set($key,$value) { + $key = substr($key,0,254); + $r = q("SELECT * FROM cache WHERE k = '%s' limit 1", dbesc($key) ); -- cgit v1.2.3 From 72479041ae51a5af020cb405715aa7fa3d6a97f1 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 26 Jul 2016 22:50:31 -0700 Subject: don't include deleted or orphaned xchans in ratings search --- Zotlabs/Module/Ratingsearch.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Ratingsearch.php b/Zotlabs/Module/Ratingsearch.php index 5f463b378..b595e16b1 100644 --- a/Zotlabs/Module/Ratingsearch.php +++ b/Zotlabs/Module/Ratingsearch.php @@ -58,7 +58,8 @@ class Ratingsearch extends \Zotlabs\Web\Controller { $ret['success'] = true; $r = q("select * from xlink left join xchan on xlink_xchan = xchan_hash - where xlink_link = '%s' and xlink_rating != 0 and xlink_static = 1 order by xchan_name asc", + where xlink_link = '%s' and xlink_rating != 0 and xlink_static = 1 and xchan_orphan = 0 and xchan_deleted = 0 + order by xchan_name asc", dbesc($target) ); -- cgit v1.2.3 From f808f1601b548ee4830f7a16b479eadce3b66094 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 27 Jul 2016 16:49:55 +0200 Subject: rework drag and drop to drag directly into files area, implement the default upload button to work with the same mechanism as drag and drop, revert 560af7a5b8e30001ea6bf9a6d2ea36e94ae904d0 since it did not work so well with the new cloud upload mechanism --- Zotlabs/Storage/Browser.php | 75 --------------------------------------------- 1 file changed, 75 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index 0d1d4e791..93c55bd4c 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -69,81 +69,6 @@ class Browser extends DAV\Browser\Plugin { } } - /** - * Extend from parent to add our own listeners - */ - function initialize(DAV\Server $server) { - parent::initialize($server); - if ($this->enablePost) { - $this->server->on('onBrowserPostAction', [$this, 'cloudPostAction']); - } - } - - /** - * Handles POST requests for tree operations. - * - * @param string $uri - * @param string $action - * @param array $postVars - * @return boolean false will stop other events in the beforeMethod chain to execute - */ - function cloudPostAction($uri, $action, $postVars) { - switch ($postVars['sabreAction']) { - case 'mkcol' : - if (isset($postVars['name']) && trim($postVars['name'])) { - // Using basename() because we won't allow slashes - list(, $folderName) = \Sabre\HTTP\URLUtil::splitPath(trim($postVars['name'])); - - if (isset($postVars['resourceType'])) { - $resourceType = explode(',', $postVars['resourceType']); - } else { - $resourceType = ['{DAV:}collection']; - } - - $properties = []; - foreach ($postVars as $varName => $varValue) { - // Any _POST variable in clark notation is treated - // like a property. - if ($varName[0] === '{') { - // PHP will convert any dots to underscores. - // This leaves us with no way to differentiate - // the two. - // Therefore we replace the string *DOT* with a - // real dot. * is not allowed in uris so we - // should be good. - $varName = str_replace('*DOT*', '.', $varName); - $properties[$varName] = $varValue; - } - } - - $mkCol = new DAV\MkCol( - $resourceType, - $properties - ); - $this->server->createCollection($uri . '/' . $folderName, $mkCol); - } - break; - - case 'put' : - - if ($_FILES) - $file = current($_FILES); - else - break; - - for ($i = 0; $i < count($file['name']); $i++) { - list(, $newName) = \Sabre\HTTP\URLUtil::splitPath(trim($file['name'][$i])); - - if (is_uploaded_file($file['tmp_name'][$i])) { - $this->server->createFile($uri . '/' . $newName, fopen($file['tmp_name'][$i], 'r')); - } - } - break; - - } - return false; - } - /** * @brief Creates the directory listing for the given path. * -- cgit v1.2.3 From 5f3a8cbe937a22809947b1f7612a089c9f601085 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 27 Jul 2016 16:14:46 -0700 Subject: add the hidden flag also --- Zotlabs/Module/Ratingsearch.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Ratingsearch.php b/Zotlabs/Module/Ratingsearch.php index b595e16b1..dcbfd6a9b 100644 --- a/Zotlabs/Module/Ratingsearch.php +++ b/Zotlabs/Module/Ratingsearch.php @@ -58,7 +58,8 @@ class Ratingsearch extends \Zotlabs\Web\Controller { $ret['success'] = true; $r = q("select * from xlink left join xchan on xlink_xchan = xchan_hash - where xlink_link = '%s' and xlink_rating != 0 and xlink_static = 1 and xchan_orphan = 0 and xchan_deleted = 0 + where xlink_link = '%s' and xlink_rating != 0 and xlink_static = 1 + and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 order by xchan_name asc", dbesc($target) ); -- cgit v1.2.3 From be1ffca6f41cef79c481ce58a2cd3c5fc16fd8b2 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 27 Jul 2016 22:28:30 -0700 Subject: fix italian strings (messed up by rtl variable); and finish removing openid from core --- Zotlabs/Module/Rmagic.php | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index 26b0c46a6..e144c9376 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -32,18 +32,6 @@ class Rmagic extends \Zotlabs\Web\Controller { $arr = array('address' => $address); call_hooks('reverse_magic_auth', $arr); - try { - require_once('library/openid/openid.php'); - $openid = new \LightOpenID(z_root()); - $openid->identity = $address; - $openid->returnUrl = z_root() . '/openid'; - $openid->required = array('namePerson/friendly', 'namePerson'); - $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - } catch (\Exception $e) { - notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'

'. t('The error message was:').' '.$e->getMessage()); - } - // if they're still here... notice( t('Authentication failed.') . EOL); return; -- cgit v1.2.3 From 02fc082e45cfaf6b313f40f1107122837019dd32 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 27 Jul 2016 22:40:33 -0700 Subject: github didn't accept the last push. Touching the files to force a git revision --- Zotlabs/Module/Rmagic.php | 1 - 1 file changed, 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index e144c9376..9252d1f1d 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -2,7 +2,6 @@ namespace Zotlabs\Module; - class Rmagic extends \Zotlabs\Web\Controller { function init() { -- cgit v1.2.3