From 6c92a240cca673b4cdac25a2e64503a0d50c0124 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Thu, 16 Mar 2017 18:36:58 -0700
Subject: remove include/widgets.php

---
 include/channel.php | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

(limited to 'include/channel.php')

diff --git a/include/channel.php b/include/channel.php
index b838f8393..7cf78cb8b 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -1193,11 +1193,6 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa
 	else
 		$tpl = get_markup_template('profile_vcard.tpl');
 
-	require_once('include/widgets.php');
-
-//	if(! feature_enabled($profile['uid'],'hide_rating'))
-	$z = widget_rating(array('target' => $profile['channel_hash']));
-
 	$o .= replace_macros($tpl, array(
 		'$zcard'         => $zcard,
 		'$profile'       => $profile,
@@ -1211,7 +1206,7 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa
 		'$chanmenu'      => $channel_menu,
 		'$diaspora'      => $diaspora,
 		'$reddress'      => $reddress,
-		'$rating'        => $z,
+		'$rating'        => '',
 		'$contact_block' => $contact_block,
 		'$editmenu'	 => profile_edit_menu($profile['uid'])
 	));
-- 
cgit v1.2.3


From 0f7832dc30fb4d8aedd24b6ad8a9e48876a77dd0 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Mon, 13 Mar 2017 16:19:47 -0700
Subject: code_allowed is a real mess. Start the cleanup by remving the account
 level code allow and limiting to specific channels only. This reduces the
 possibility of cross channel security issues coming into play. Then provide a
 single function for checking the code permission. This is only partially done
 as we often need to check against the observer or logged in channel as well
 as the resource owner to ensure that this only returns true for local
 channels which also own the requested resource.

---
 include/channel.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'include/channel.php')

diff --git a/include/channel.php b/include/channel.php
index 7cf78cb8b..f88a2f8aa 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -2247,3 +2247,20 @@ function channel_remove($channel_id, $local = true, $unset_session=false) {
 	}
 
 }
+
+/*
+ * This checks if a channel is allowed to publish executable code.
+ * It is up to the caller to determine if the observer or local_channel 
+ * is in fact the resource owner whose channel_id is being checked
+ */
+
+function channel_codeallowed($channel_id) {
+
+	if(! intval($channel_id))
+		return false;
+
+	$x = channelx_by_n($channel_id);
+	if(($x) && ($x['channel_pageflags'] & PAGE_ALLOWCODE))
+		return true;
+	return false;
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 7033966bb860ce21220e21d8feefc574fa9f88a7 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Wed, 29 Mar 2017 15:16:41 +0200
Subject: create channel_store_lowlevel()

---
 include/channel.php | 76 +++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 56 insertions(+), 20 deletions(-)

(limited to 'include/channel.php')

diff --git a/include/channel.php b/include/channel.php
index f88a2f8aa..7ad4c6a4c 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -242,25 +242,22 @@ function create_identity($arr) {
 
 	$expire = 0;
 
-	$r = q("insert into channel ( channel_account_id, channel_primary,
-		channel_name, channel_address, channel_guid, channel_guid_sig,
-		channel_hash, channel_prvkey, channel_pubkey, channel_pageflags, channel_system, channel_expire_days, channel_timezone )
-		values ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s' ) ",
-
-		intval($arr['account_id']),
-		intval($primary),
-		dbesc($name),
-		dbesc($nick),
-		dbesc($guid),
-		dbesc($sig),
-		dbesc($hash),
-		dbesc($key['prvkey']),
-		dbesc($key['pubkey']),
-		intval($pageflags),
-		intval($system),
-		intval($expire),
-		dbesc(App::$timezone)
-	);
+	$r = channel_store_lowlevel(
+		[
+			'channel_account_id'  => intval($arr['account_id']),
+			'channel_primary'     => intval($primary),
+			'channel_name'        => $name,
+			'channel_address'     => $nick,
+			'channel_guid'        => $guid,
+			'channel_guid_sig'    => $sig,
+			'channel_hash'        => $hash,
+			'channel_prvkey'      => $key['prvkey'],
+			'channel_pubkey'      => $key['pubkey'],
+			'channel_pageflags'   => intval($pageflags),
+			'channel_system'      => intval($system),
+			'channel_expire_days' => intval($expire),
+			'channel_timezone'    => App::$timezone
+		]
 
 	$r = q("select * from channel where channel_account_id = %d
 		and channel_guid = '%s' limit 1",
@@ -1990,6 +1987,45 @@ function remote_login() {
 }
 
 
+function channel_store_lowlevel($arr) {
+
+	$store = [
+		'channel_account_id'      => ((array_key_exists('channel_account_id',$arr))      ? $arr['channel_account_id']      : '0'),
+		'channel_primary'         => ((array_key_exists('channel_primary',$arr))         ? $arr['channel_primary']         : '0'),
+		'channel_name'            => ((array_key_exists('channel_name',$arr))            ? $arr['channel_name']            : ''),
+		'channel_address'         => ((array_key_exists('channel_address',$arr))         ? $arr['channel_address']         : ''),
+		'channel_guid'            => ((array_key_exists('channel_guid',$arr))            ? $arr['channel_guid']            : ''),
+		'channel_guid_sig'        => ((array_key_exists('channel_guid_sig',$arr))        ? $arr['channel_guid_sig']        : ''),
+		'channel_hash'            => ((array_key_exists('channel_hash',$arr))            ? $arr['channel_hash']            : ''),
+		'channel_timezone'        => ((array_key_exists('channel_timezone',$arr))        ? $arr['channel_timezone']        : 'UTC'),
+		'channel_location'        => ((array_key_exists('channel_location',$arr))        ? $arr['channel_location']        : ''),
+		'channel_theme'           => ((array_key_exists('channel_theme',$arr))           ? $arr['channel_theme']           : ''),
+		'channel_startpage'       => ((array_key_exists('channel_startpage',$arr))       ? $arr['channel_startpage']       : ''),
+		'channel_pubkey'          => ((array_key_exists('channel_pubkey',$arr))          ? $arr['channel_pubkey']          : ''),
+		'channel_prvkey'          => ((array_key_exists('channel_prvkey',$arr))          ? $arr['channel_prvkey']          : ''),
+		'channel_notifyflags'     => ((array_key_exists('channel_notifyflags',$arr))     ? $arr['channel_notifyflags']     : '65535'),
+		'channel_pageflags'       => ((array_key_exists('channel_pageflags',$arr))       ? $arr['channel_pageflags']       : '0'),
+		'channel_dirdate'         => ((array_key_exists('channel_dirdate',$arr))         ? $arr['channel_dirdate']         : NULL_DATE),
+		'channel_lastpost'        => ((array_key_exists('channel_lastpost',$arr))        ? $arr['channel_lastpost']        : NULL_DATE),
+		'channel_deleted'         => ((array_key_exists('channel_deleted',$arr))         ? $arr['channel_deleted']         : NULL_DATE),
+		'channel_max_anon_mail'   => ((array_key_exists('channel_max_anon_mail',$arr))   ? $arr['channel_max_anon_mail']   : '10'),
+		'channel_max_friend_req'  => ((array_key_exists('channel_max_friend_req',$arr))  ? $arr['channel_max_friend_req']  : '10'),
+		'channel_expire_days'     => ((array_key_exists('channel_expire_days',$arr))     ? $arr['channel_expire_days']     : '0'),
+		'channel_passwd_reset'    => ((array_key_exists('channel_passwd_reset',$arr))    ? $arr['channel_passwd_reset']    : ''),
+		'channel_default_group'   => ((array_key_exists('channel_default_group',$arr))   ? $arr['channel_default_group']   : ''),
+		'channel_allow_cid'       => ((array_key_exists('channel_allow_cid',$arr))       ? $arr['channel_allow_cid']       : ''),
+		'channel_allow_gid'       => ((array_key_exists('channel_allow_gid',$arr))       ? $arr['channel_allow_gid']       : ''),
+		'channel_deny_cid'        => ((array_key_exists('channel_deny_cid',$arr))        ? $arr['channel_deny_cid']        : ''),
+		'channel_deny_gid'        => ((array_key_exists('channel_deny_gid',$arr))        ? $arr['channel_deny_gid']        : ''),
+		'channel_removed'         => ((array_key_exists('channel_removed',$arr))         ? $arr['channel_removed']         : '0'),
+		'channel_system'          => ((array_key_exists('channel_system',$arr))          ? $arr['channel_system']          : '0'),
+		'channel_moved'           => ((array_key_exists('channel_moved',$arr))           ? $arr['channel_moved']           : '')
+	];
+
+	return create_table_from_array('channel',$store);
+
+}
+
 
 function profile_store_lowlevel($arr) {
 
@@ -2263,4 +2299,4 @@ function channel_codeallowed($channel_id) {
 	if(($x) && ($x['channel_pageflags'] & PAGE_ALLOWCODE))
 		return true;
 	return false;
-}
\ No newline at end of file
+}
-- 
cgit v1.2.3


From 29c9972b868468e3d37c8ed79a458288d3e35de0 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Wed, 29 Mar 2017 15:19:54 +0200
Subject: missing closing bracket and semicolon

---
 include/channel.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include/channel.php')

diff --git a/include/channel.php b/include/channel.php
index 7ad4c6a4c..1bdd5a478 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -258,6 +258,7 @@ function create_identity($arr) {
 			'channel_expire_days' => intval($expire),
 			'channel_timezone'    => App::$timezone
 		]
+	);
 
 	$r = q("select * from channel where channel_account_id = %d
 		and channel_guid = '%s' limit 1",
-- 
cgit v1.2.3