From b60098ec68e76cad9ebebdc83bb9c23766be9c52 Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Thu, 1 Mar 2018 11:29:15 +0100 Subject: Update composer autoload cache. --- include/zot.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 0cfc370a2..25e30ccbc 100644 --- a/include/zot.php +++ b/include/zot.php @@ -171,6 +171,8 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot * packet type: one of 'ping', 'pickup', 'purge', 'refresh', 'keychange', 'force_refresh', 'notify', 'auth_check' * @param array $recipients * envelope information, array ( 'guid' => string, 'guid_sig' => string ); empty for public posts + * @param string msg + * optional message * @param string $remote_key * optional public site key of target hub used to encrypt entire packet * NOTE: remote_key and encrypted packets are required for 'auth_check' packets, optional for all others @@ -299,7 +301,7 @@ function zot_zot($url, $data, $channel = null,$crypto = null) { if($channel) { $headers['X-Zot-Token'] = random_string(); $hash = \Zotlabs\Web\HTTPSig::generate_digest($data,false); - $headers['X-Zot-Digest'] = 'SHA-256=' . $hash; + $headers['X-Zot-Digest'] = 'SHA-256=' . $hash; $h = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,false,'sha512',(($crypto) ? $crypto['hubloc_sitekey'] : ''), (($crypto) ? zot_best_algorithm($crypto['site_crypto']) : '')); } @@ -393,7 +395,7 @@ function zot_refresh($them, $channel = null, $force = false) { if($s && intval($s[0]['site_dead']) && (! $force)) { logger('zot_refresh: site ' . $url . ' is marked dead and force flag is not set. Cancelling operation.'); return false; - } + } $token = random_string(); @@ -1156,7 +1158,7 @@ function zot_process_response($hub, $arr, $outq) { * and also that the signer and the sender match. * If that happens, we do not need to fetch/pickup the message - we have it already and it is verified. * Translate it into the form we need for zot_import() and import it. - * + * * Otherwise send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign with our site * private key. * The entire pickup message is encrypted with the remote site's public key. @@ -5090,7 +5092,7 @@ function zot_reply_refresh($sender, $recipients) { function zot6_check_sig() { $ret = [ 'success' => false ]; - + logger('server: ' . print_r($_SERVER,true), LOGGER_DATA); if(array_key_exists('HTTP_SIGNATURE',$_SERVER)) { -- cgit v1.2.3 From 0a876e1518e83636f65b35394076745254db019d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 6 Mar 2018 11:39:49 -0800 Subject: don't add pending connections to the default privacy group until accepted --- include/zot.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 25e30ccbc..c11cace2a 100644 --- a/include/zot.php +++ b/include/zot.php @@ -589,13 +589,16 @@ function zot_refresh($them, $channel = null, $force = false) { // If there is a default group for this channel, add this connection to it - - $default_group = $channel['channel_default_group']; - if($default_group) { - require_once('include/group.php'); - $g = group_rec_byhash($channel['channel_id'],$default_group); - if($g) - group_add_member($channel['channel_id'],'',$x['hash'],$g['id']); + // for pending connections this will happens at acceptance time. + + if(! intval($new_connection[0]['abook_pending'])) { + $default_group = $channel['channel_default_group']; + if($default_group) { + require_once('include/group.php'); + $g = group_rec_byhash($channel['channel_id'],$default_group); + if($g) + group_add_member($channel['channel_id'],'',$x['hash'],$g['id']); + } } unset($new_connection[0]['abook_id']); -- cgit v1.2.3 From 034032c7c27ca0e0ba0720aeea84ba6272eb6d36 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 22 Mar 2018 19:52:25 -0700 Subject: slight change in mail privacy implementation. If you initiate a private mail conversation and they respond, accept the reply. You can't hide behind your permissions or lack thereof. Often this will be accidental. If you truly want to block them from replying and your permissions otherwise would not allow them to reply, delete the conversation. --- include/zot.php | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index c11cace2a..25ea9b8fb 100644 --- a/include/zot.php +++ b/include/zot.php @@ -2285,13 +2285,31 @@ function process_mail_delivery($sender, $arr, $deliveries) { continue; } + if(! perm_is_allowed($channel['channel_id'],$sender['hash'],'post_mail')) { - logger("permission denied for mail delivery {$channel['channel_id']}"); - $DR->update('permission denied'); - $result[] = $DR->get(); - continue; + + /* + * Always allow somebody to reply if you initiated the conversation. It's anti-social + * and a bit rude to send a private message to somebody and block their ability to respond. + * If you are being harrassed and want to put an end to it, delete the conversation. + */ + + $return = false; + if($arr['parent_mid']) { + $return = q("select * from mail where mid = '%s' and channel_id = %d limit 1", + dbesc($arr['parent_mid']), + intval($channel['channel_id']) + ); + } + if(! $return) { + logger("permission denied for mail delivery {$channel['channel_id']}"); + $DR->update('permission denied'); + $result[] = $DR->get(); + continue; + } } + $r = q("select id from mail where mid = '%s' and channel_id = %d limit 1", dbesc($arr['mid']), intval($channel['channel_id']) -- cgit v1.2.3 From f4c94ab121167ac34e550939f032e9982d69307b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 5 Apr 2018 17:31:20 -0700 Subject: use profile_store_lowlevel() when importing profile structures to ensure all non-null fields are present --- include/zot.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 25ea9b8fb..2ad43f0e5 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3855,11 +3855,14 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { intval($channel['channel_id']) ); if(! $x) { - q("insert into profile ( profile_guid, aid, uid ) values ('%s', %d, %d)", - dbesc($profile['profile_guid']), - intval($channel['channel_account_id']), - intval($channel['channel_id']) + profile_store_lowlevel( + [ + 'aid' => $channel['channel_account_id'], + 'uid' => $channel['channel_id'], + 'profile_guid' => $profile['profile_guid'], + ] ); + $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']) -- cgit v1.2.3 From 43e55eb9a6cb66ad040064fca8b8296bcd298a03 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 16 Apr 2018 21:40:43 -0700 Subject: Active channels information is a bit imprecise. Provide a higher accuracy method. This will require a transition period --- include/zot.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 2ad43f0e5..c2b622277 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3208,6 +3208,9 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { $channel = $r[0]; + // don't provide these in the export + + unset($channel['channel_active']); unset($channel['channel_password']); unset($channel['channel_salt']); @@ -3474,6 +3477,14 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { continue; } + // if the clone is active, so are we + + if(substr($channel['channel_active'],0,10) !== substr(datetime_convert(),0,10)) { + q("UPDATE channel set channel_active = '%s' where channel_id = %d", + dbesc(datetime_convert()), + intval($channel['channel_id']) + ); + } if(array_key_exists('config',$arr) && is_array($arr['config']) && count($arr['config'])) { foreach($arr['config'] as $cat => $k) { -- cgit v1.2.3 From fedb5fbcf5bf2a5dcecc0ad6324775ccbedbf3d6 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 23 Apr 2018 10:47:35 +0200 Subject: update zot.php to fix php warning invalid argument supplied for foreach() - this is taken from pr #1085 which was against wrong branch --- include/zot.php | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index c2b622277..0343f4464 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3811,25 +3811,27 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { foreach($x as $y) { // for each group, loop on members list we just received - foreach($members[$y['hash']] as $member) { - $found = false; - $z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1", - intval($y['id']), - intval($channel['channel_id']), - dbesc($member) - ); - if($z) - $found = true; - - // if somebody is in the group that wasn't before - add them - - if(! $found) { - q("INSERT INTO group_member (uid, gid, xchan) - VALUES( %d, %d, '%s' ) ", - intval($channel['channel_id']), + if(isset($y['hash']) && isset($members[$y['hash']])) { + foreach($members[$y['hash']] as $member) { + $found = false; + $z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1", intval($y['id']), + intval($channel['channel_id']), dbesc($member) ); + if($z) + $found = true; + + // if somebody is in the group that wasn't before - add them + + if(! $found) { + q("INSERT INTO group_member (uid, gid, xchan) + VALUES( %d, %d, '%s' ) ", + intval($channel['channel_id']), + intval($y['id']), + dbesc($member) + ); + } } } -- cgit v1.2.3