From 2bd1004587fc8d928b9458b2383b656df115578c Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 27 May 2012 21:01:58 -0700 Subject: rework the way private photos are embedded to avoid url differences and also check the permissions if possible to make sure that nothing sneaks by. --- include/items.php | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 80 insertions(+), 8 deletions(-) (limited to 'include/items.php') diff --git a/include/items.php b/include/items.php index e5b640fd2..f45b40cc0 100644 --- a/include/items.php +++ b/include/items.php @@ -2832,7 +2832,7 @@ function atom_author($tag,$name,$uri,$h,$w,$photo) { return $o; } -function atom_entry($item,$type,$author,$owner,$comment = false) { +function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) { $a = get_app(); @@ -2844,7 +2844,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false) { if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid']) - $body = fix_private_photos($item['body'],$owner['uid']); + $body = fix_private_photos($item['body'],$owner['uid'],$item,$cid); else $body = $item['body']; @@ -2927,14 +2927,17 @@ function atom_entry($item,$type,$author,$owner,$comment = false) { return $o; } -function fix_private_photos($s,$uid) { +function fix_private_photos($s,$uid, $item = null, $cid = 0) { $a = get_app(); - logger('fix_private_photos'); + + logger('fix_private_photos', LOGGER_DEBUG); + $site = substr($a->get_baseurl(),strpos($a->get_baseurl,'://')); if(preg_match("/\[img\](.*?)\[\/img\]/is",$s,$matches)) { $image = $matches[1]; - logger('fix_private_photos: found photo ' . $image); - if(stristr($image ,$a->get_baseurl() . '/photo/')) { + logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG); + if(stristr($image , $site . '/photo/')) { + $replace = false; $i = basename($image); $i = str_replace('.jpg','',$i); $x = strpos($i,'-'); @@ -2947,8 +2950,39 @@ function fix_private_photos($s,$uid) { intval($uid) ); if(count($r)) { - logger('replacing photo'); - $s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s); + + // Check to see if we should replace this photo link with an embedded image + // 1. No need to do so if the photo is public + // 2. If there's a contact-id provided, see if they're in the access list + // for the photo. If so, embed it. + // 3. Otherwise, if we have an item, see if the item permissions match the photo + // permissions, regardless of order but first check to see if they're an exact + // match to save some processing overhead. + + // Currently we only embed one private photo per message so as not to hit import + // size limits at the receiving end. + + // To embed multiples, we would need to parse out the embedded photos on message + // receipt and limit size based only on the text component. Would also need to + // ignore all photos during bbcode translation and item localisation, as these + // will hit internal regex backtrace limits. + + if(has_permissions($r[0])) { + if($cid) { + $recips = enumerate_permissions($r[0]); + if(in_array($cid, $recips)) { + $replace = true; + } + } + elseif($item) { + if(compare_permissions($item,$r[0])) + $replace = true; + } + } + if($replace) { + logger('replacing photo'); + $s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s); + } } } logger('fix_private_photos: replaced: ' . $s, LOGGER_DATA); @@ -2958,6 +2992,44 @@ function fix_private_photos($s,$uid) { } +function has_permissions($obj) { + if(($obj['allow_cid'] != '') || ($obj['allow_gid'] != '') || ($obj['deny_cid'] != '') || ($obj['deny_gid'] != '')) + return true; + return false; +} + +function compare_permissions($obj1,$obj2) { + // first part is easy. Check that these are exactly the same. + if(($obj1['allow_cid'] == $obj2['allow_cid']) + && ($obj1['allow_gid'] == $obj2['allow_gid']) + && ($obj1['deny_cid'] == $obj2['deny_cid']) + && ($obj1['deny_gid'] == $obj2['deny_gid'])) + return true; + + // This is harder. Parse all the permissions and compare the resulting set. + + $recipients1 = enumerate_permissions($obj1); + $recipients2 = enumerate_permissions($obj2); + sort($recipients1); + sort($recipients2); + if($recipients1 == $recipients2) + return true; + return false; +} + +// returns an array of contact-ids that are allowed to see this object + +function enumerate_permissions($obj) { + require_once('include/group.php'); + $allow_people = expand_acl($obj['allow_cid']); + $allow_groups = expand_groups(expand_acl($obj['allow_gid'])); + $deny_people = expand_acl($obj['deny_cid']); + $deny_groups = expand_groups(expand_acl($obj['deny_gid'])); + $recipients = array_unique(array_merge($allow_people,$allow_groups)); + $deny = array_unique(array_merge($deny_people,$deny_groups)); + $recipients = array_diff($recipients,$deny); + return $recipients; +} function item_getfeedtags($item) { $ret = array(); -- cgit v1.2.3 From f033c9a4ae822bf2ad46f1885a80daf85eca2f62 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 28 May 2012 16:51:52 -0700 Subject: rev update --- include/items.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/items.php') diff --git a/include/items.php b/include/items.php index f45b40cc0..66e111b55 100644 --- a/include/items.php +++ b/include/items.php @@ -2980,12 +2980,12 @@ function fix_private_photos($s,$uid, $item = null, $cid = 0) { } } if($replace) { - logger('replacing photo'); + logger('fix_private_photos: replacing photo', LOGGER_DEBUG); $s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s); + logger('fix_private_photos: replaced: ' . $s, LOGGER_DATA); } } } - logger('fix_private_photos: replaced: ' . $s, LOGGER_DATA); } } return($s); -- cgit v1.2.3 From 0241bd1fbf28e15daeb939bc14976cd2fd6d3251 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 28 May 2012 23:24:10 -0700 Subject: Provide backend option to only expire other peoples' conversations. --- include/items.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'include/items.php') diff --git a/include/items.php b/include/items.php index 66e111b55..4b79003f6 100644 --- a/include/items.php +++ b/include/items.php @@ -3076,13 +3076,20 @@ function item_getfeedattach($item) { function item_expire($uid,$days) { - if((! $uid) || (! $days)) + if((! $uid) || ($days < 1)) return; + // $expire_network_only = save your own wall posts + // and just expire conversations started by others + + $expire_network_only = get_pconfig($uid,'expire','expire_network_only'); + $sql_extra = ((intval($expire_network_only)) ? " AND wall = 0 " : ""); + $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `created` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `id` = `parent` + $sql_extra AND `deleted` = 0", intval($uid), intval($days) -- cgit v1.2.3 From 2eafa9a47519f9f35c5eb568cf4235c092c1dcce Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 29 May 2012 01:14:53 -0700 Subject: ability to only expire contacts, not self --- include/items.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/items.php') diff --git a/include/items.php b/include/items.php index 4b79003f6..3fe977b6f 100644 --- a/include/items.php +++ b/include/items.php @@ -3082,7 +3082,7 @@ function item_expire($uid,$days) { // $expire_network_only = save your own wall posts // and just expire conversations started by others - $expire_network_only = get_pconfig($uid,'expire','expire_network_only'); + $expire_network_only = get_pconfig($uid,'expire','network_only'); $sql_extra = ((intval($expire_network_only)) ? " AND wall = 0 " : ""); $r = q("SELECT * FROM `item` -- cgit v1.2.3 From 419cf91aae555f6e42767765f476b1f1cc85e5df Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 29 May 2012 16:44:02 -0700 Subject: bugfixes: private photo embeds and search for strings with % --- include/items.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/items.php') diff --git a/include/items.php b/include/items.php index 3fe977b6f..b08e491be 100644 --- a/include/items.php +++ b/include/items.php @@ -2931,7 +2931,7 @@ function fix_private_photos($s,$uid, $item = null, $cid = 0) { $a = get_app(); logger('fix_private_photos', LOGGER_DEBUG); - $site = substr($a->get_baseurl(),strpos($a->get_baseurl,'://')); + $site = substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')); if(preg_match("/\[img\](.*?)\[\/img\]/is",$s,$matches)) { $image = $matches[1]; -- cgit v1.2.3 From 88a0d6a1d53a93fa0d43591f85b72a8a72c13d53 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 29 May 2012 22:57:15 -0700 Subject: private group tests, cont. --- include/items.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include/items.php') diff --git a/include/items.php b/include/items.php index b08e491be..c6d852fe7 100644 --- a/include/items.php +++ b/include/items.php @@ -1063,9 +1063,6 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $a = get_app(); -// if((! strlen($contact['issued-id'])) && (! $contact['duplex']) && (! ($owner['page-flags'] == PAGE_COMMUNITY))) -// return 3; - $idtosend = $orig_id = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']); if($contact['duplex'] && $contact['dfrn-id']) @@ -1130,6 +1127,9 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); $page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0); + if($owner['page-flags'] == PAGE_PRVGROUP) + $page = 2; + $final_dfrn_id = ''; if($perm) { @@ -1183,7 +1183,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $postvars['ssl_policy'] = $ssl_policy; if($page) - $postvars['page'] = '1'; + $postvars['page'] = $page; if($rino && $rino_allowed && (! $dissolve)) { $key = substr(random_string(),0,16); -- cgit v1.2.3 From e5a988f0b58f3a2319863580817dc22545e2c498 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 30 May 2012 01:52:58 -0700 Subject: fix private photos that also have a size specification --- include/items.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/items.php') diff --git a/include/items.php b/include/items.php index c6d852fe7..8324d4bdd 100644 --- a/include/items.php +++ b/include/items.php @@ -2933,8 +2933,8 @@ function fix_private_photos($s,$uid, $item = null, $cid = 0) { logger('fix_private_photos', LOGGER_DEBUG); $site = substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')); - if(preg_match("/\[img\](.*?)\[\/img\]/is",$s,$matches)) { - $image = $matches[1]; + if(preg_match("/\[img(.*?)\](.*?)\[\/img\]/is",$s,$matches)) { + $image = $matches[2]; logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG); if(stristr($image , $site . '/photo/')) { $replace = false; -- cgit v1.2.3 From f0cf0ebb485432b444b1d85843385ebfda0260fd Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 30 May 2012 19:11:01 -0700 Subject: prevent email from leaking in feeds --- include/items.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include/items.php') diff --git a/include/items.php b/include/items.php index 8324d4bdd..0ed16217f 100644 --- a/include/items.php +++ b/include/items.php @@ -180,6 +180,10 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) foreach($items as $item) { + // prevent private email from leaking. + if($item['network'] === NETWORK_MAIL) + continue; + // public feeds get html, our own nodes use bbcode if($public_feed) { -- cgit v1.2.3