From 6a7fa6bf5414a89c27f4f7d8da1ad8bb33d7c5a1 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 24 Jul 2017 20:23:00 -0700 Subject: provide a keychange operation to rebase an identity on a new keypair --- include/channel.php | 99 +++++++++++++++++++++++ include/xchan.php | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++++ include/zot.php | 44 ++++++++++ 3 files changed, 372 insertions(+) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 49da57fd6..23ceb1414 100644 --- a/include/channel.php +++ b/include/channel.php @@ -454,6 +454,105 @@ function create_identity($arr) { return $ret; } + +function change_channel_keys($channel) { + + $ret = array('success' => false); + + $stored = []; + + $key = new_keypair(4096); + + $sig = base64url_encode(rsa_sign($channel['channel_guid'],$key['prvkey'])); + $hash = make_xchan_hash($channel['channel_guid'],$sig); + + $stored['old_guid'] = $channel['channel_guid']; + $stored['old_guid_sig'] = $channel['channel_guid_sig']; + $stored['old_key'] = $channel['channel_pubkey']; + $stored['old_hash'] = $channel['channel_hash']; + + $stored['new_key'] = $key['pubkey']; + $stored['new_sig'] = base64url_encode(rsa_sign($key['pubkey'],$channel['channel_prvkey'])); + + // Save this info for the notifier to collect + + set_pconfig($channel['channel_id'],'system','keychange',$stored); + + $r = q("update channel set channel_prvkey = '%s', channel_pubkey = '%s', channel_guid_sig = '%s', channel_hash = '%s' where channel_id = %d", + dbesc($key['prvkey']), + dbesc($key['pubkey']), + dbesc($sig), + dbesc($hash), + intval($channel['channel_id']) + ); + if(! $r) { + return $ret; + } + $r = q("select * from channel where channel_id = %d", + intval($channel['channel_id']) + ); + + if(! $r) { + $ret['message'] = t('Unable to retrieve modified identity'); + return $ret; + } + + $modified = $r[0]; + + $h = q("select * from hubloc where hubloc_hash = '%s' and hubloc_url = '%s' ", + dbesc($stored['old_hash']), + dbesc(z_root()) + ); + + if($h) { + foreach($h as $hv) { + $hv['hubloc_guid_sig'] = $sig; + $hv['hubloc_hash'] = $hash; + $hv['hubloc_url_sig'] = base64url_encode(rsa_sign(z_root(),$modifed['channel_prvkey'])); + hubloc_store_lowlevel($hv); + } + } + + $x = q("select * from xchan where xchan_hash = '%s' ", + dbesc($stored['old_hash']) + ); + + $check = q("select * from xchan where xchan_hash = '%s'", + dbesc($hash) + ); + + if(($x) && (! $check)) { + $oldxchan = $x[0]; + foreach($x as $xv) { + $xv['xchan_guid_sig'] = $sig; + $xv['xchan_hash'] = $hash; + $xv['xchan_pubkey'] = $key['pubkey']; + xchan_store_lowlevel($xv); + $newxchan = $xv; + } + } + + $a = q("select * from abook where abook_xchan = '%s' and abook_self = 1", + dbesc($stored['old_hash']) + ); + + if($a) { + q("update abook set abook_xchan = '%s' where abook_id = %d", + dbesc($hash), + intval($a[0]['abook_id']) + ); + } + + xchan_change_key($oldxchan,$newxchan,$stored); + + Zotlabs\Daemon\Master::Summon(array('Notifier', 'keychange', $channel['channel_id'])); + + $ret['success'] = true; + return $ret; +} + + + /** * @brief Set default channel to be used on login. * diff --git a/include/xchan.php b/include/xchan.php index 12eb674fa..dba0b8b88 100644 --- a/include/xchan.php +++ b/include/xchan.php @@ -137,3 +137,232 @@ function xchan_fetch($arr) { } +function xchan_change_key($oldx,$newx,$data) { + + $r = q("update abook set abook_xchan = '%s' where abook_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update abconfig set xchan = '%s' where xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update group_member set xchan = '%s' where xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update chat set chat_xchan = '%s' where chat_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update chatpresence set cp_xchan = '%s' where cp_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update event set event_xchan = '%s' where event_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update item set owner_xchan = '%s' where owner_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update item set author_xchan = '%s' where author_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update item set source_xchan = '%s' where source_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update mail set from_xchan = '%s' where from_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update mail set to_xchan = '%s' where to_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update shares set share_xchan = '%s' where share_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update source set src_channel_xchan = '%s' where src_channel_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update source set src_xchan = '%s' where src_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update xchat set xchat_xchan = '%s' where xchat_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update xconfig set xchan = '%s' where xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update xign set xchan = '%s' where xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update xlink set xlink_xchan = '%s' where xlink_xchan = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update xprof set xprof_hash = '%s' where xprof_hash = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("update xtag set xtag_hash = '%s' where xtag_hash = '%s'", + dbsec($newx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + $r = q("select channel_id, channel_allow_cid, channel_deny_cid from channel where (channel_allow_cid like '%s' or channel_deny_cid like '%s') ", + dbesc($oldx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + if($r) { + foreach($r as $rv) { + $z = q("update channel set channel_allow_cid = '%s', channel_deny_cid = '%s' where channel_id = %d", + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['channel_allow_cid'])), + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['channel_deny_cid'])), + intval($rv['channel_id']) + ); + } + } + + $r = q("select id, allow_cid, deny_cid from attach where (allow_cid like '%s' or deny_cid like '%s') ", + dbesc($oldx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + if($r) { + foreach($r as $rv) { + $z = q("update attach set allow_cid = '%s', deny_cid = '%s' where id = %d", + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), + intval($rv['id']) + ); + } + } + + $r = q("select cr_id, allow_cid, deny_cid from chatroom where (allow_cid like '%s' or deny_cid like '%s') ", + dbesc($oldx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + if($r) { + foreach($r as $rv) { + $z = q("update chatroom set allow_cid = '%s', deny_cid = '%s' where cr_id = %d", + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), + intval($rv['cr_id']) + ); + } + } + + + $r = q("select id, allow_cid, deny_cid from event where (allow_cid like '%s' or deny_cid like '%s') ", + dbesc($oldx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + if($r) { + foreach($r as $rv) { + $z = q("update event set allow_cid = '%s', deny_cid = '%s' where id = %d", + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), + intval($rv['id']) + ); + } + } + + + $r = q("select id, allow_cid, deny_cid from item where (allow_cid like '%s' or deny_cid like '%s') ", + dbesc($oldx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + if($r) { + foreach($r as $rv) { + $z = q("update item set allow_cid = '%s', deny_cid = '%s' where id = %d", + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), + intval($rv['id']) + ); + } + } + + + $r = q("select mitem_id, allow_cid, deny_cid from menu_item where (allow_cid like '%s' or deny_cid like '%s') ", + dbesc($oldx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + if($r) { + foreach($r as $rv) { + $z = q("update menu_item set allow_cid = '%s', deny_cid = '%s' where mitem_id = %d", + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), + intval($rv['mitem_id']) + ); + } + } + + + + $r = q("select obj_id, allow_cid, deny_cid from obj where (allow_cid like '%s' or deny_cid like '%s') ", + dbesc($oldx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + if($r) { + foreach($r as $rv) { + $z = q("update obj set allow_cid = '%s', deny_cid = '%s' where obj_id = %d", + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), + intval($rv['obj_id']) + ); + } + } + + $r = q("select id, allow_cid, deny_cid from photo where (allow_cid like '%s' or deny_cid like '%s') ", + dbesc($oldx['xchan_hash']), + dbesc($oldx['xchan_hash']) + ); + + if($r) { + foreach($r as $rv) { + $z = q("update photo set allow_cid = '%s', deny_cid = '%s' where id = %d", + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), + dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), + intval($rv['id']) + ); + } + } + + +} \ No newline at end of file diff --git a/include/zot.php b/include/zot.php index 8bbc4a969..220292994 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3757,6 +3757,50 @@ function zot_reply_message_request($data) { json_return_and_die($ret); } +function zot_rekey_request($sender,$data) { + + $ret = array('success' => false); + + // newsig is newkey signed with oldkey + + // The original xchan will remain. In Zot/Receiver we will have imported the new xchan and hubloc to verify + // the packet authenticity. What we will do now is verify that the keychange operation was signed by the + // oldkey, and if so change all the abook, abconfig, group, and permission elements which reference the + // old xchan_hash. + + if((! $data['oldkey']) && (! $data['oldsig']) && (! $data['newkey']) && (! $data['newsig'])) + json_return_and_die($ret); + + $oldhash = make_xchan_hash($data['old_guid'],$data['old_guid_sig']); + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($oldhash) + ); + + if(! $r) { + json_return_and_die($ret); + } + + $xchan = $r[0]; + + if(! rsa_verify($data['newkey'],base64url_decode($data['newsig']),$xchan['xchan_pubkey'])) { + json_return_and_die($ret); + } + + $newhash = make_xchan_hash($sender['guid'],$sender['guid_sig']); + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($newhash) + ); + + $newxchan = $r[0]; + + xchan_change_key($xchan,$newxchan,$data); + + $ret['success'] = true; + json_return_and_die($ret); +} + function zotinfo($arr) { -- cgit v1.2.3 From ddecbf052eabe92f61091bcd2541190b1037e466 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 24 Jul 2017 22:45:50 -0700 Subject: new field names did not get saved --- include/zot.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 220292994..33cf1d40d 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3768,7 +3768,7 @@ function zot_rekey_request($sender,$data) { // oldkey, and if so change all the abook, abconfig, group, and permission elements which reference the // old xchan_hash. - if((! $data['oldkey']) && (! $data['oldsig']) && (! $data['newkey']) && (! $data['newsig'])) + if((! $data['old_key']) && (! $data['new_key']) && (! $data['new_sig'])) json_return_and_die($ret); $oldhash = make_xchan_hash($data['old_guid'],$data['old_guid_sig']); @@ -3783,7 +3783,7 @@ function zot_rekey_request($sender,$data) { $xchan = $r[0]; - if(! rsa_verify($data['newkey'],base64url_decode($data['newsig']),$xchan['xchan_pubkey'])) { + if(! rsa_verify($data['new_key'],base64url_decode($data['new_sig']),$xchan['xchan_pubkey'])) { json_return_and_die($ret); } -- cgit v1.2.3 From c24cfbc62af111f18576cfde8e4e920e66c57ff5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 25 Jul 2017 15:59:58 -0700 Subject: make signing methods variable and signable --- include/crypto.php | 10 ++++++++++ include/zot.php | 3 ++- 2 files changed, 12 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/crypto.php b/include/crypto.php index 2c5545e9b..6ac3fd732 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -185,6 +185,16 @@ function crypto_methods() { } +function signing_methods() { + + + $r = [ 'sha256' ]; + call_hooks('signing_methods',$r); + return $r; + +} + + function aes_encapsulate($data,$pubkey) { if(! $pubkey) logger('aes_encapsulate: no key. data: ' . $data); diff --git a/include/zot.php b/include/zot.php index 33cf1d40d..f9682237e 100644 --- a/include/zot.php +++ b/include/zot.php @@ -122,7 +122,8 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot ], 'callback' => '/post', 'version' => ZOT_REVISION, - 'encryption' => crypto_methods() + 'encryption' => crypto_methods(), + 'signing' => signing_methods() ]; if ($recipients) { -- cgit v1.2.3 From 029cf6395dc1da503ebda7718cae30a8c19de691 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 25 Jul 2017 17:58:46 -0700 Subject: sync key changes to clones --- include/channel.php | 3 ++ include/zot.php | 114 +++++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 111 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 23ceb1414..f6252f094 100644 --- a/include/channel.php +++ b/include/channel.php @@ -488,6 +488,7 @@ function change_channel_keys($channel) { if(! $r) { return $ret; } + $r = q("select * from channel where channel_id = %d", intval($channel['channel_id']) ); @@ -532,6 +533,8 @@ function change_channel_keys($channel) { } } + build_sync_packet($channel['channel_id'], [ 'keychange' => $stored ]); + $a = q("select * from abook where abook_xchan = '%s' and abook_self = 1", dbesc($stored['old_hash']) ); diff --git a/include/zot.php b/include/zot.php index f9682237e..a86948ef9 100644 --- a/include/zot.php +++ b/include/zot.php @@ -2949,6 +2949,11 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { if($packet) logger('packet: ' . print_r($packet, true),LOGGER_DATA, LOG_DEBUG); + $keychange = (($packet && array_key_exists('keychange',$packet)) ? true : false); + if($keychange) { + logger('keychange sync'); + } + if(! $uid) $uid = local_channel(); @@ -2962,6 +2967,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { return; $channel = $r[0]; + unset($channel['channel_password']); unset($channel['channel_salt']); @@ -2972,12 +2978,11 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { } } - if(intval($channel['channel_removed'])) return; $h = q("select hubloc.*, site.site_crypto from hubloc left join site on site_url = hubloc_url where hubloc_hash = '%s' and hubloc_deleted = 0", - dbesc($channel['channel_hash']) + dbesc(($keychange) ? $packet['keychange']['old_hash'] : $channel['channel_hash']) ); if(! $h) @@ -3032,7 +3037,15 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { // don't pass these elements, they should not be synchronised - $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey','channel_address','channel_deleted','channel_removed','channel_system'); + + $disallowed = [ + 'channel_id','channel_account_id','channel_primary','channel_address', + 'channel_deleted','channel_removed','channel_system' + ]; + + if(! $keychange) { + $disallowed[] = 'channel_prvkey'; + } if(in_array($k,$disallowed)) continue; @@ -3092,17 +3105,18 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { function process_channel_sync_delivery($sender, $arr, $deliveries) { - require_once('include/import.php'); /** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */ - $result = array(); + $result = []; + + $keychange = ((array_key_exists('keychange',$arr)) ? true : false); foreach ($deliveries as $d) { $r = q("select * from channel where channel_hash = '%s' limit 1", - dbesc($d['hash']) + dbesc(($keychange) ? $arr['keychange']['old_hash'] : $d['hash']) ); if (! $r) { @@ -3121,6 +3135,94 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { continue; } + if($keychange) { + // verify the keychange operation + if(! rsa_verify($arr['channel']['channel_pubkey'],base64url_decode($arr['keychange']['new_sig']),$channel['channel_prvkey'])) { + logger('sync keychange: verification failed'); + continue; + } + + $sig = base64url_encode(rsa_sign($channel['channel_guid'],$arr['channel']['channel_prvkey'])); + $hash = make_xchan_hash($channel['channel_guid'],$sig); + + + $r = q("update channel set channel_prvkey = '%s', channel_pubkey = '%s', channel_guid_sig = '%s', + channel_hash = '%s' where channel_id = %d", + dbesc($arr['channel']['channel_prvkey']), + dbesc($arr['channel']['channel_pubkey']), + dbesc($sig), + dbesc($hash), + intval($channel['channel_id']) + ); + if(! $r) { + logger('keychange sync: channel update failed'); + continue; + } + + $r = q("select * from channel where channel_id = %d", + intval($channel['channel_id']) + ); + + if(! $r) { + logger('keychange sync: channel retrieve failed'); + continue; + } + + $channel = $r[0]; + + $h = q("select * from hubloc where hubloc_hash = '%s' and hubloc_url = '%s' ", + dbesc($arr['keychange']['old_hash']), + dbesc(z_root()) + ); + + if($h) { + foreach($h as $hv) { + $hv['hubloc_guid_sig'] = $sig; + $hv['hubloc_hash'] = $hash; + $hv['hubloc_url_sig'] = base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])); + hubloc_store_lowlevel($hv); + } + } + + $x = q("select * from xchan where xchan_hash = '%s' ", + dbesc($arr['keychange']['old_hash']) + ); + + $check = q("select * from xchan where xchan_hash = '%s'", + dbesc($hash) + ); + + if(($x) && (! $check)) { + $oldxchan = $x[0]; + foreach($x as $xv) { + $xv['xchan_guid_sig'] = $sig; + $xv['xchan_hash'] = $hash; + $xv['xchan_pubkey'] = $channel['channel_pubkey']; + xchan_store_lowlevel($xv); + $newxchan = $xv; + } + } + + $a = q("select * from abook where abook_xchan = '%s' and abook_self = 1", + dbesc($arr['keychange']['old_hash']) + ); + + if($a) { + q("update abook set abook_xchan = '%s' where abook_id = %d", + dbesc($hash), + intval($a[0]['abook_id']) + ); + } + + xchan_change_key($oldxchan,$newxchan,$arr['keychange']); + + // keychange operations can end up in a confused state if you try and sync anything else + // besides the channel keys, so ignore any other packets. + + continue; + } + + if(array_key_exists('config',$arr) && is_array($arr['config']) && count($arr['config'])) { foreach($arr['config'] as $cat => $k) { foreach($arr['config'][$cat] as $k => $v) -- cgit v1.2.3 From eec2871680ae97810de4bdc20bb3decf2d919019 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 25 Jul 2017 20:52:29 -0700 Subject: consolidate duplicated code --- include/xchan.php | 267 ++++++++++++------------------------------------------ 1 file changed, 59 insertions(+), 208 deletions(-) (limited to 'include') diff --git a/include/xchan.php b/include/xchan.php index dba0b8b88..8c9c09c72 100644 --- a/include/xchan.php +++ b/include/xchan.php @@ -137,232 +137,83 @@ function xchan_fetch($arr) { } -function xchan_change_key($oldx,$newx,$data) { - - $r = q("update abook set abook_xchan = '%s' where abook_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update abconfig set xchan = '%s' where xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update group_member set xchan = '%s' where xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update chat set chat_xchan = '%s' where chat_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update chatpresence set cp_xchan = '%s' where cp_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update event set event_xchan = '%s' where event_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update item set owner_xchan = '%s' where owner_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update item set author_xchan = '%s' where author_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update item set source_xchan = '%s' where source_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update mail set from_xchan = '%s' where from_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update mail set to_xchan = '%s' where to_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update shares set share_xchan = '%s' where share_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update source set src_channel_xchan = '%s' where src_channel_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update source set src_xchan = '%s' where src_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update xchat set xchat_xchan = '%s' where xchat_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update xconfig set xchan = '%s' where xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update xign set xchan = '%s' where xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update xlink set xlink_xchan = '%s' where xlink_xchan = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update xprof set xprof_hash = '%s' where xprof_hash = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("update xtag set xtag_hash = '%s' where xtag_hash = '%s'", - dbsec($newx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - $r = q("select channel_id, channel_allow_cid, channel_deny_cid from channel where (channel_allow_cid like '%s' or channel_deny_cid like '%s') ", - dbesc($oldx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - if($r) { - foreach($r as $rv) { - $z = q("update channel set channel_allow_cid = '%s', channel_deny_cid = '%s' where channel_id = %d", - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['channel_allow_cid'])), - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['channel_deny_cid'])), - intval($rv['channel_id']) - ); - } - } - - $r = q("select id, allow_cid, deny_cid from attach where (allow_cid like '%s' or deny_cid like '%s') ", - dbesc($oldx['xchan_hash']), - dbesc($oldx['xchan_hash']) +function xchan_keychange_table($table,$column,$oldxchan,$newxchan) { + $r = q("update $table set $column = '%s' where $column = '%s'", + dbesc($newxchan['xchan_hash']), + dbesc($oldxchan['xchan_hash']) ); + return $r; +} - if($r) { - foreach($r as $rv) { - $z = q("update attach set allow_cid = '%s', deny_cid = '%s' where id = %d", - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), - intval($rv['id']) - ); - } - } - - $r = q("select cr_id, allow_cid, deny_cid from chatroom where (allow_cid like '%s' or deny_cid like '%s') ", - dbesc($oldx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - if($r) { - foreach($r as $rv) { - $z = q("update chatroom set allow_cid = '%s', deny_cid = '%s' where cr_id = %d", - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), - intval($rv['cr_id']) - ); - } - } - - - $r = q("select id, allow_cid, deny_cid from event where (allow_cid like '%s' or deny_cid like '%s') ", - dbesc($oldx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); +function xchan_keychange_acl($table,$column,$oldxchan,$newxchan) { - if($r) { - foreach($r as $rv) { - $z = q("update event set allow_cid = '%s', deny_cid = '%s' where id = %d", - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), - intval($rv['id']) - ); - } - } + $allow = (($table === 'channel') ? 'channel_allow_cid' : 'allow_cid'); + $deny = (($table === 'channel') ? 'channel_deny_cid' : 'deny_cid'); - $r = q("select id, allow_cid, deny_cid from item where (allow_cid like '%s' or deny_cid like '%s') ", - dbesc($oldx['xchan_hash']), - dbesc($oldx['xchan_hash']) + $r = q("select $column, $allow, $deny from $table where ($allow like '%s' or $deny like '%s') ", + dbesc('<' . $oldxchan['xchan_hash'] . '>'), + dbesc('<' . $oldxchan['xchan_hash'] . '>') ); if($r) { foreach($r as $rv) { - $z = q("update item set allow_cid = '%s', deny_cid = '%s' where id = %d", - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), - intval($rv['id']) + $z = q("update $table set $allow = '%s', $deny = '%s' where $column = %d", + dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>', + $rv[$allow])), + dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>', + $rv[$deny])), + intval($rv[$column]) ); } } + return $z; +} - $r = q("select mitem_id, allow_cid, deny_cid from menu_item where (allow_cid like '%s' or deny_cid like '%s') ", - dbesc($oldx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - if($r) { - foreach($r as $rv) { - $z = q("update menu_item set allow_cid = '%s', deny_cid = '%s' where mitem_id = %d", - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), - intval($rv['mitem_id']) - ); - } - } - +function xchan_change_key($oldx,$newx,$data) { + $tables = [ + 'abook' => 'abook_xchan', + 'abconfig' => 'xchan', + 'group_member' => 'xchan', + 'chat' => 'chat_xchan', + 'chatpresence' => 'cp_xchan', + 'event' => 'event_xchan', + 'item' => 'owner_xchan', + 'item' => 'author_xchan', + 'item' => 'source_xchan', + 'mail' => 'from_xchan', + 'mail' => 'to_xchan', + 'shares' => 'share_xchan', + 'source' => 'src_channel_xchan', + 'source' => 'src_xchan', + 'xchat' => 'xchat_xchan', + 'xconfig' => 'xchan', + 'xign' => 'xchan', + 'xlink' => 'xlink_xchan', + 'xprof' => 'xprof_hash', + 'xtag' => 'xtag_hash' + ]; + + + $acls = [ + 'channel' => 'channel_id', + 'attach' => 'id', + 'chatroom' => 'cr_id', + 'event' => 'id', + 'item' => 'id', + 'menu_item' => 'mitem_id', + 'obj' => 'obj_id', + 'photo' => 'id' + ]; - $r = q("select obj_id, allow_cid, deny_cid from obj where (allow_cid like '%s' or deny_cid like '%s') ", - dbesc($oldx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - if($r) { - foreach($r as $rv) { - $z = q("update obj set allow_cid = '%s', deny_cid = '%s' where obj_id = %d", - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), - intval($rv['obj_id']) - ); - } + foreach($tables as $k => $v) { + xchan_keychange_table($k,$v,$oldx,$newx); } - $r = q("select id, allow_cid, deny_cid from photo where (allow_cid like '%s' or deny_cid like '%s') ", - dbesc($oldx['xchan_hash']), - dbesc($oldx['xchan_hash']) - ); - - if($r) { - foreach($r as $rv) { - $z = q("update photo set allow_cid = '%s', deny_cid = '%s' where id = %d", - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['allow_cid'])), - dbesc(str_replace('<' . $oldx['xchan_hash'] . '>', '<' . $newx['xchan_hash'] . '>', $rv['deny_cid'])), - intval($rv['id']) - ); - } + foreach($acls as $k => $v) { + xchan_keychange_acl($k,$v,$oldx,$newx); } - - } \ No newline at end of file -- cgit v1.2.3 From 7d82b5f28d3fe10792098d8ecc4c60e224b8bd3d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 25 Jul 2017 22:17:31 -0700 Subject: start to implement the code needed for verifying variable signature algorithms --- include/zot.php | 46 +++++++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 15 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index a86948ef9..976b4290e 100644 --- a/include/zot.php +++ b/include/zot.php @@ -111,13 +111,15 @@ function zot_get_hublocs($hash) { */ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remote_key = null, $methods = '', $secret = null, $extra = null) { + $sig_method = get_config('system','signature_algorithm','sha256'); + $data = [ 'type' => $type, 'sender' => [ 'guid' => $channel['channel_guid'], - 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'])), + 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)), 'url' => z_root(), - 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), + 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'],$sig_method)), 'sitekey' => get_config('system','pubkey') ], 'callback' => '/post', @@ -135,7 +137,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot if ($secret) { $data['secret'] = $secret; - $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'])); + $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method)); } if ($extra) { @@ -576,6 +578,8 @@ function zot_register_hub($arr) { if($arr['url'] && $arr['url_sig'] && $arr['guid'] && $arr['guid_sig']) { + $sig_methods = ((array_key_exists('signing',$arr) && is_array($arr['signing'])) ? $arr['signing'] : [ 'sha256' ]); + $guid_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']); $url = $arr['url'] . '/.well-known/zot-info/?f=&guid_hash=' . $guid_hash; @@ -595,17 +599,18 @@ function zot_register_hub($arr) { * our current communication. */ - if((rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'])) - && (rsa_verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'])) + foreach($sig_methods as $method) { + if((rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'],$method)) + && (rsa_verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'],$method)) && ($arr['guid'] === $record['guid']) && ($arr['guid_sig'] === $record['guid_sig'])) { - - $c = import_xchan($record); - if($c['success']) - $result['success'] = true; - } - else { - logger('zot_register_hub: failure to verify returned packet.'); + $c = import_xchan($record); + if($c['success']) + $result['success'] = true; + } + else { + logger('zot_register_hub: failure to verify returned packet using ' . $method); + } } } } @@ -658,8 +663,19 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $import_photos = false; - if(! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'])) { - logger('import_xchan: Unable to verify channel signature for ' . $arr['address']); + $sig_methods = ((array_key_exists('signing',$arr) && is_array($arr['signing'])) ? $arr['signing'] : [ 'sha256' ]); + $verified = false; + + foreach($sig_methods as $method) { + if(! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'],$method)) { + logger('import_xchan: Unable to verify channel signature for ' . $arr['address'] . ' using ' . $method); + continue; + } + else { + $verified = true; + } + } + if(! $verified) { $ret['message'] = t('Unable to verify channel signature'); return $ret; } @@ -918,7 +934,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { } elseif(! $ud_flags) { // nothing changed but we still need to update the updates record - q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ", + q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) > 0 ", intval(UPDATE_FLAGS_UPDATED), dbesc($address), intval(UPDATE_FLAGS_UPDATED) -- cgit v1.2.3 From 7d891a54e7a47dc7471774a3e51e0e4da7e2e3d9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 26 Jul 2017 16:22:20 -0700 Subject: improve the formatting of shares when converting from bbcode to markdown --- include/markdown.php | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) (limited to 'include') diff --git a/include/markdown.php b/include/markdown.php index 5d3c4c7df..ccd108c1b 100644 --- a/include/markdown.php +++ b/include/markdown.php @@ -84,6 +84,72 @@ function markdown_to_bb($s, $use_zrl = false, $options = []) { +function bb_to_markdown_share($match) { + + $matches = array(); + $attributes = $match[1]; + + $author = ""; + preg_match("/author='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $author = urldecode($matches[1]); + + $link = ""; + preg_match("/link='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $link = $matches[1]; + + $avatar = ""; + preg_match("/avatar='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $avatar = $matches[1]; + + $profile = ""; + preg_match("/profile='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $profile = $matches[1]; + + $posted = ""; + preg_match("/posted='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $posted = $matches[1]; + + // message_id is never used, do we still need it? + $message_id = ""; + preg_match("/message_id='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $message_id = $matches[1]; + + if(! $message_id) { + preg_match("/guid='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $message_id = $matches[1]; + } + + + $reldate = datetime_convert('UTC', date_default_timezone_get(), $posted, 'r'); + + $headline = ''; + + if ($avatar != "") + $headline .= '[url=' . zid($profile) . '][img]' . $avatar . '[/img][/url]'; + + // Bob Smith wrote the following post 2 hours ago + + $fmt = sprintf( t('%1$s wrote the following %2$s %3$s'), + '[url=' . zid($profile) . ']' . $author . '[/url]', + '[url=' . zid($link) . ']' . t('post') . '[/url]', + $reldate + ); + + $headline .= $fmt . "\n\n"; + + $text = $headline . trim($match[2]); + + return $text; +} + + function bb_to_markdown($Text) { @@ -100,9 +166,12 @@ function bb_to_markdown($Text) { // Converting images with size parameters to simple images. Markdown doesn't know it. $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $Text); + $Text = preg_replace_callback("/\[share(.*?)\](.*?)\[\/share\]/ism", 'bb_to_markdown_share', $Text); + call_hooks('bb_to_markdown_bb',$Text); + // Convert it to HTML - don't try oembed $Text = bbcode($Text, $preserve_nl, false); -- cgit v1.2.3 From 769f697ae32b9c8a2ac30d7e9e349c1f54975219 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 26 Jul 2017 16:36:09 -0700 Subject: more work on signature algorithm choice --- include/zot.php | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 976b4290e..75c37836d 100644 --- a/include/zot.php +++ b/include/zot.php @@ -31,9 +31,9 @@ require_once('include/perm_upgrade.php'); * @param string $channel_nick a unique nickname of controlling entity * @returns string */ + function zot_new_uid($channel_nick) { $rawstr = z_root() . '/' . $channel_nick . '.' . mt_rand(); - return(base64url_encode(hash('whirlpool', $rawstr, true), true)); } @@ -49,6 +49,7 @@ function zot_new_uid($channel_nick) { * @param string $guid * @param string $guid_sig */ + function make_xchan_hash($guid, $guid_sig) { return base64url_encode(hash('whirlpool', $guid . $guid_sig, true)); } @@ -62,17 +63,17 @@ function make_xchan_hash($guid, $guid_sig) { * @param string $hash - xchan_hash * @returns array of hubloc (hub location structures) * * \b hubloc_id int - * * \b hubloc_guid char(255) + * * \b hubloc_guid char(191) * * \b hubloc_guid_sig text - * * \b hubloc_hash char(255) - * * \b hubloc_addr char(255) + * * \b hubloc_hash char(191) + * * \b hubloc_addr char(191) * * \b hubloc_flags int * * \b hubloc_status int - * * \b hubloc_url char(255) + * * \b hubloc_url char(191) * * \b hubloc_url_sig text - * * \b hubloc_host char(255) - * * \b hubloc_callback char(255) - * * \b hubloc_connect char(255) + * * \b hubloc_host char(191) + * * \b hubloc_callback char(191) + * * \b hubloc_connect char(191) * * \b hubloc_sitekey text * * \b hubloc_updated datetime * * \b hubloc_connected datetime @@ -97,7 +98,7 @@ function zot_get_hublocs($hash) { * @param array $channel * sender channel structure * @param string $type - * packet type: one of 'ping', 'pickup', 'purge', 'refresh', 'force_refresh', 'notify', 'auth_check' + * packet type: one of 'ping', 'pickup', 'purge', 'refresh', 'keychange', 'force_refresh', 'notify', 'auth_check' * @param array $recipients * envelope information, array ( 'guid' => string, 'guid_sig' => string ); empty for public posts * @param string $remote_key @@ -532,7 +533,7 @@ function zot_gethub($arr, $multiple = false) { } $limit = (($multiple) ? '' : ' limit 1 '); - $sitekey = ((array_key_exists('sitekey',$arr) && $arr['sitekey']) ? " and hubloc_sitekey = '" . protect_sprintf($arr['sitekey']) . "' " : ''); + $sitekey = ((array_key_exists('sitekey',$arr) && $arr['sitekey']) ? " and hubloc_sitekey = '" . dbesc(protect_sprintf($arr['sitekey'])) . "' " : ''); $r = q("select hubloc.*, site.site_crypto from hubloc left join site on hubloc_url = site_url where hubloc_guid = '%s' and hubloc_guid_sig = '%s' @@ -3925,6 +3926,8 @@ function zotinfo($arr) { $ret = array('success' => false); + $sig_method = get_config('system','signature_algorithm','sha256'); + $zhash = ((x($arr,'guid_hash')) ? $arr['guid_hash'] : ''); $zguid = ((x($arr,'guid')) ? $arr['guid'] : ''); $zguid_sig = ((x($arr,'guid_sig')) ? $arr['guid_sig'] : ''); @@ -4088,7 +4091,7 @@ function zotinfo($arr) { // Communication details if($token) - $ret['signed_token'] = base64url_encode(rsa_sign('token.' . $token,$e['channel_prvkey'])); + $ret['signed_token'] = base64url_encode(rsa_sign('token.' . $token,$e['channel_prvkey'],$sig_method)); $ret['guid'] = $e['xchan_guid']; @@ -4157,7 +4160,7 @@ function zotinfo($arr) { $ret['site'] = array(); $ret['site']['url'] = z_root(); - $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$e['channel_prvkey'])); + $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$e['channel_prvkey'],$sig_method)); $ret['site']['zot_auth'] = z_root() . '/magic'; $dirmode = get_config('system','directory_mode'); @@ -4175,6 +4178,7 @@ function zotinfo($arr) { $ret['site']['encryption'] = crypto_methods(); + $ret['site']['signing'] = signing_methods(); // hide detailed site information if you're off the grid -- cgit v1.2.3 From 9132b9c02661586a54823517c331fb718a9cbd17 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 26 Jul 2017 16:39:13 -0700 Subject: remove activitypub components from core --- include/feedutils.php | 182 -------------------------------------------------- 1 file changed, 182 deletions(-) (limited to 'include') diff --git a/include/feedutils.php b/include/feedutils.php index 4f68fdeef..e660574ed 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -1868,185 +1868,3 @@ function atom_entry($item, $type, $author, $owner, $comment = false, $cid = 0, $ return $x['entry']; } -/** - * @brief - * - * @param array $items - * @return array - */ -function gen_asld($items) { - $ret = array(); - if(! $items) - return $ret; - - foreach($items as $item) { - $ret[] = i2asld($item); - } - - return $ret; -} - -/** - * @brief - * - * @param array $i - * @return array - */ -function i2asld($i) { - - if(! $i) - return array(); - - $ret = array(); - - $ret['@context'] = array( 'https://www.w3.org/ns/activitystreams', 'zot' => 'http://purl.org/zot/protocol'); - - if($i['verb']) { - if(strpos(dirname($i['verb'],'activitystrea.ms/schema/1.0'))) { - $ret['type'] = ucfirst(basename($i['verb'])); - } - elseif(strpos(dirname($i['verb'],'purl.org/zot'))) { - $ret['type'] = 'zot:' . ucfirst(basename($i['verb'])); - } - } - $ret['id'] = $i['plink']; - - $ret['published'] = datetime_convert('UTC','UTC',$i['created'],ATOM_TIME); - - // we need to pass the parent into this -// if($i['id'] != $i['parent'] && $i['obj_type'] === ACTIVITY_OBJ_NOTE) { -// $ret['inReplyTo'] = asencode_note -// } - - if($i['obj_type'] === ACTIVITY_OBJ_NOTE) - $ret['object'] = asencode_note($i); - - $ret['actor'] = asencode_person($i['author']); - - return $ret; -} - -function asencode_note($i) { - - $ret = array(); - - $ret['@type'] = 'Note'; - $ret['id'] = $i['plink']; - if($i['title']) - $ret['title'] = bbcode($i['title']); - - $ret['content'] = bbcode($i['body']); - $ret['zot:owner'] = asencode_person($i['owner']); - $ret['published'] = datetime_convert('UTC','UTC',$i['created'],ATOM_TIME); - if($i['created'] !== $i['edited']) - $ret['updated'] = datetime_convert('UTC','UTC',$i['edited'],ATOM_TIME); - - return $ret; -} - - -function asencode_person($p) { - $ret = []; - $ret['type'] = 'Person'; - $ret['id'] = $p['xchan_url']; - $ret['name'] = $p['xchan_name']; - $ret['icon'] = [ - [ - 'type' => 'Image', - 'mediaType' => $p['xchan_photo_mimetype'], - 'url' => $p['xchan_photo_l'], - 'height' => 300, - 'width' => 300, - ], - [ - 'type' => 'Image', - 'mediaType' => $p['xchan_photo_mimetype'], - 'url' => $p['xchan_photo_m'], - 'height' => 80, - 'width' => 80, - ], - [ - 'type' => 'Image', - 'mediaType' => $p['xchan_photo_mimetype'], - 'url' => $p['xchan_photo_l'], - 'height' => 48, - 'width' => 48, - ] - ]; - $ret['url'] = [ - 'type' => 'Link', - 'mediaType' => 'text/html', - 'href' => $p['xchan_url'] - ]; - - if(array_key_exists('channel_id',$p)) { - $ret['inbox'] = z_root() . '/inbox/' . $p['channel_address']; - $ret['outbox'] = z_root() . '/outbox/' . $p['channel_address']; - $ret['me:magic_keys'] = [ - [ - 'value' => salmon_key($p['channel_pubkey']), - 'key_id' => base64url_encode(hash('sha256',salmon_key($p['channel_pubkey'])),true) - ] - ]; - - - } - else { - $collections = get_xconfig($p['xchan_hash'],'activitystreams','collections',[]); - if($collections) { - $ret = array_merge($ret,$collections); - } - } - - return $ret; -} - - -function activity_mapper($verb) { - - $acts = [ - 'http://activitystrea.ms/schema/1.0/post' => 'Create', - 'http://activitystrea.ms/schema/1.0/update' => 'Update', - 'http://activitystrea.ms/schema/1.0/like' => 'Like', - 'http://activitystrea.ms/schema/1.0/favorite' => 'Like', - 'http://purl.org/zot/activity/dislike' => 'Dislike', - 'http://activitystrea.ms/schema/1.0/tag' => 'Add', - 'http://activitystrea.ms/schema/1.0/follow' => 'Follow', - 'http://activitystrea.ms/schema/1.0/unfollow' => 'Unfollow', - ]; - - - if(array_key_exists($acts[$verb])) { - return $acts[$verb]; - } - return false; -} - - -function activity_obj_mapper($obj,$reverse = false) { - - $objs = [ - 'http://activitystrea.ms/schema/1.0/note' => 'Note', - 'http://activitystrea.ms/schema/1.0/comment' => 'Note', - 'http://activitystrea.ms/schema/1.0/person' => 'Person', - 'http://purl.org/zot/activity/profile' => 'Profile', - 'http://activitystrea.ms/schema/1.0/photo' => 'Image', - 'http://activitystrea.ms/schema/1.0/profile-photo' => 'Icon', - 'http://activitystrea.ms/schema/1.0/event' => 'Event', - 'http://activitystrea.ms/schema/1.0/wiki' => 'Document', - 'http://purl.org/zot/activity/location' => 'Place', - 'http://purl.org/zot/activity/chessgame' => 'Game', - 'http://purl.org/zot/activity/tagterm' => 'zot:Tag', - 'http://purl.org/zot/activity/thing' => 'zot:Thing', - 'http://purl.org/zot/activity/file' => 'zot:File', - 'http://purl.org/zot/activity/poke' => 'zot:Action', - 'http://purl.org/zot/activity/react' => 'zot:Reaction', - 'http://purl.org/zot/activity/mood' => 'zot:Mood', - - ]; - - if(array_key_exists($objs[$verb])) { - return $objs[$verb]; - } - return false; -} -- cgit v1.2.3 From dbbae4bac81d18f814c18ac8d0ea51667e00703f Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 26 Jul 2017 17:38:34 -0700 Subject: issue with OStatus comments being propagated downstream --- include/feedutils.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'include') diff --git a/include/feedutils.php b/include/feedutils.php index e660574ed..eb24f9032 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -999,6 +999,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { foreach($items as $item) { $is_reply = false; + $send_downstream = false; $parent_link = ''; logger('processing ' . $item->get_id(), LOGGER_DEBUG); @@ -1200,6 +1201,15 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { $status = 202; continue; } + + // The salmon endpoint sets this to indicate that we should send comments from + // interactive feeds (such as OStatus) downstream to our followers + // We do not want to set it for non-interactive feeds or conversations we do not own + + if(array_key_exists('send_downstream',$importer) && intval($importer['send_downstream']) + && ($parent_item['owner_xchan'] == $importer['channel_hash'])) { + $send_downstream = true; + } } else { if((! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream')) && (! $importer['system'])) { @@ -1229,6 +1239,11 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { $xx = item_store($datarray); $r = $xx['item_id']; + + if($send_downstream) { + \Zotlabs\Daemon\Master::Summon(array('Notifier', 'comment', $r)); + } + continue; } else { -- cgit v1.2.3 From f9b342c87d4129c457244861b3b841cb9dfe139b Mon Sep 17 00:00:00 2001 From: git-marijus Date: Fri, 28 Jul 2017 22:42:02 +0200 Subject: initial notifications support for new shared files and new (since initial site load) pubstream activity --- include/nav.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index cd32126a1..f53a3eed5 100644 --- a/include/nav.php +++ b/include/nav.php @@ -200,12 +200,18 @@ EOT; $nav['settings'] = array('settings', t('Settings'),"", t('Account/Channel Settings'),'settings_nav_btn'); + $nav['files'] = array('sharedwithme', t('Shared Files'), "", t('New files shared with me'),'files_nav_btn'); + + } + + if(! get_config('system', 'disable_discover_tab')) { + $nav['pubs'] = array('pubstream', t('Public stream'), "", t('Public stream activities'),'pubs_nav_btn'); } /** * Admin page */ - if (is_site_admin()){ + if (is_site_admin()) { $nav['admin'] = array('admin/', t('Admin'), "", t('Site Setup and Configuration'),'admin_nav_btn'); } -- cgit v1.2.3 From 8161ec88e5a2b9d1f7071dfed6a70c850e42ed4b Mon Sep 17 00:00:00 2001 From: git-marijus Date: Sat, 29 Jul 2017 23:32:48 +0200 Subject: implement file notification on initial upload and rename get_parent_cloudpath() to get_cloud_url() which now includes the filename --- include/attach.php | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 3a0c8b7ba..4d20f094c 100644 --- a/include/attach.php +++ b/include/attach.php @@ -423,6 +423,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $hash = (($arr && $arr['hash']) ? $arr['hash'] : null); $upload_path = (($arr && $arr['directory']) ? $arr['directory'] : ''); $visible = (($arr && $arr['visible']) ? $arr['visible'] : ''); + $notify = (($arr && $arr['notify']) ? $arr['notify'] : ''); $observer = array(); @@ -884,6 +885,12 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { build_sync_packet($channel['channel_id'],array('file' => array($sync))); } + if($notify) { + $cloudPath = z_root() . '/cloud/' . $channel['channel_address'] . $r['0']['display_path']; + $object = get_file_activity_object($channel['channel_id'], $r['0']['hash'], $cloudPath); + file_activity($channel['channel_id'], $object, $r['0']['allow_cid'], $r['0']['allow_gid'], $r['0']['deny_cid'], $r['0']['deny_gid'], 'post', $notify); + } + return $ret; } @@ -1297,8 +1304,8 @@ function attach_delete($channel_id, $resource, $is_photo = 0) { return; } - $cloudpath = get_parent_cloudpath($channel_id, $channel_address, $resource); - $object = get_file_activity_object($channel_id, $resource, $cloudpath); + $url = get_cloudpath($channel_id, $channel_address, $resource); + $object = get_file_activity_object($channel_id, $resource, $url); // If resource is a directory delete everything in the directory recursive if(intval($r[0]['is_dir'])) { @@ -1439,7 +1446,7 @@ function get_cloudpath($arr) { * @param string $attachHash * @return string with the full folder path */ -function get_parent_cloudpath($channel_id, $channel_name, $attachHash) { +function get_cloud_url($channel_id, $channel_name, $attachHash) { $parentFullPath = ''; // build directory tree $parentHash = $attachHash; @@ -1451,9 +1458,9 @@ function get_parent_cloudpath($channel_id, $channel_name, $attachHash) { } } while ($parentHash); - $parentFullPath = z_root() . '/cloud/' . $channel_name . '/' . $parentFullPath; + $url = z_root() . '/cloud/' . $channel_name . '/' . $parentFullPath . find_filename_by_hash($channel_id, $attachHash); - return $parentFullPath; + return $url; } /** @@ -1731,14 +1738,14 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, * @param string $hash * @param string $cloudpath */ -function get_file_activity_object($channel_id, $hash, $cloudpath) { +function get_file_activity_object($channel_id, $hash, $url) { $x = q("SELECT creator, filename, filetype, filesize, revision, folder, os_storage, is_photo, is_dir, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid FROM attach WHERE uid = %d AND hash = '%s' LIMIT 1", intval($channel_id), dbesc($hash) ); - $url = rawurlencode($cloudpath . $x[0]['filename']); + $url = rawurlencode($url); $links = array(); $links[] = array( -- cgit v1.2.3 From 4a071b9a1cac32ed331a9a4e76d8a6c9aa312bef Mon Sep 17 00:00:00 2001 From: git-marijus Date: Sun, 30 Jul 2017 19:21:02 +0200 Subject: ltrim $display_path in attach_store() to be consistent with attach_mkdir() and go to created folder after successfully creating one --- include/attach.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 4d20f094c..8de4983fa 100644 --- a/include/attach.php +++ b/include/attach.php @@ -708,7 +708,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $os_relpath = ltrim($os_relpath,'/'); $os_path = $os_relpath; - $display_path = $pathname . '/' . $filename; + $display_path = ltrim($pathname . '/' . $filename,'/'); if($src) @file_put_contents($os_basepath . $os_relpath,@file_get_contents($src)); @@ -886,7 +886,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { } if($notify) { - $cloudPath = z_root() . '/cloud/' . $channel['channel_address'] . $r['0']['display_path']; + $cloudPath = z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['0']['display_path']; $object = get_file_activity_object($channel['channel_id'], $r['0']['hash'], $cloudPath); file_activity($channel['channel_id'], $object, $r['0']['allow_cid'], $r['0']['allow_gid'], $r['0']['deny_cid'], $r['0']['deny_gid'], 'post', $notify); } -- cgit v1.2.3 From 35c05a318016e3269e4bc677a36b515833fab66e Mon Sep 17 00:00:00 2001 From: git-marijus Date: Sun, 30 Jul 2017 19:46:52 +0200 Subject: fix a bug where if multiple channels uploaded the same file to the same folder, the uploaded file would end up with an incremental number added to the filename for each upload even if the file did not exist yet in the channels folder --- include/attach.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 8de4983fa..785969a32 100644 --- a/include/attach.php +++ b/include/attach.php @@ -611,7 +611,8 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { // A freshly uploaded file. Check for duplicate and resolve with the channel's overwrite settings. - $r = q("select filename, id, hash, filesize from attach where filename = '%s' and folder = '%s' ", + $r = q("select filename, id, hash, filesize from attach where uid = %d and filename = '%s' and folder = '%s' ", + intval($channel_id), dbesc($filename), dbesc($folder_hash) ); @@ -633,7 +634,8 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $ext = $def_extension; } - $r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' ", + $r = q("select filename from attach where uid = %d and ( filename = '%s' OR filename like '%s' ) and folder = '%s' ", + intval($channel_id), dbesc($basename . $ext), dbesc($basename . '(%)' . $ext), dbesc($folder_hash) -- cgit v1.2.3 From 40effa441743fcbb8d62591421611a3193e352d4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 30 Jul 2017 13:52:16 -0700 Subject: add options flag to bb_to_markdown so we can distinguish between diaspora use and other use and therefore filter and adjust content selectively --- include/markdown.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/markdown.php b/include/markdown.php index ccd108c1b..530af57a0 100644 --- a/include/markdown.php +++ b/include/markdown.php @@ -151,7 +151,7 @@ function bb_to_markdown_share($match) { -function bb_to_markdown($Text) { +function bb_to_markdown($Text, $options = []) { /* * Transform #tags, strip off the [url] and replace spaces with underscore @@ -168,9 +168,11 @@ function bb_to_markdown($Text) { $Text = preg_replace_callback("/\[share(.*?)\](.*?)\[\/share\]/ism", 'bb_to_markdown_share', $Text); + $x = [ 'bbcode' => $Text, 'options' => $options ]; - call_hooks('bb_to_markdown_bb',$Text); + call_hooks('bb_to_markdown_bb',$x); + $Text = $x['bbcode']; // Convert it to HTML - don't try oembed $Text = bbcode($Text, $preserve_nl, false); -- cgit v1.2.3 From 964a02d68456912e08e76ec2bbfa1074e624cae7 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 30 Jul 2017 16:15:34 -0700 Subject: provide a better "is_commentable" default for OStatus conversations that were fetched on the fly --- include/feedutils.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/feedutils.php b/include/feedutils.php index eb24f9032..e3f899a1e 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -1028,6 +1028,11 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { if(! $datarray['mid']) continue; + // This probably isn't an appropriate default but we're about to change it + // if it's wrong. + + $datarray['comment_policy'] = 'authenticated'; + // A Mastodon privacy tag has been found. We cannot send private comments // through the OStatus protocol, so block commenting. @@ -1256,6 +1261,11 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { if(! $datarray['mid']) continue; + // This probably isn't an appropriate default but we're about to change it + // if it's wrong. + + $datarray['comment_policy'] = 'authenticated'; + // A Mastodon privacy tag has been found. We cannot send private comments // through the OStatus protocol, so block commenting. @@ -1270,6 +1280,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { } + // if we have everything but a photo, provide the default profile photo if($author['author_name'] && $author['author_link'] && (! $author['author_photo'])) @@ -1493,7 +1504,7 @@ function process_salmon_feed($xml, $importer) { // reset policies which are restricted by default for RSS connections // This item is likely coming from GNU-social via salmon and allows public interaction $datarray['public_policy'] = ''; - $datarray['comment_policy'] = ''; + $datarray['comment_policy'] = 'authenticated'; $ret['item'] = $datarray; } -- cgit v1.2.3 From 988371be0b2df3f917da67f39814e21f96f9f957 Mon Sep 17 00:00:00 2001 From: git-marijus Date: Mon, 31 Jul 2017 02:35:46 +0200 Subject: disable file notifications on initial upload for now - it can behave funky when uploading multiple small files at once --- include/attach.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 785969a32..75235d7e1 100644 --- a/include/attach.php +++ b/include/attach.php @@ -888,9 +888,9 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { } if($notify) { - $cloudPath = z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['0']['display_path']; - $object = get_file_activity_object($channel['channel_id'], $r['0']['hash'], $cloudPath); - file_activity($channel['channel_id'], $object, $r['0']['allow_cid'], $r['0']['allow_gid'], $r['0']['deny_cid'], $r['0']['deny_gid'], 'post', $notify); + //$cloudPath = z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['0']['display_path']; + //$object = get_file_activity_object($channel['channel_id'], $r['0']['hash'], $cloudPath); + //file_activity($channel['channel_id'], $object, $r['0']['allow_cid'], $r['0']['allow_gid'], $r['0']['deny_cid'], $r['0']['deny_gid'], 'post', $notify); } return $ret; -- cgit v1.2.3 From 8f3a99ad1f87973d0788596371f311e0e4fa1ee3 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 30 Jul 2017 19:04:17 -0700 Subject: ensure we can work around the $is_http var in include/follow - this is left over from when the only non-webfinger connections we could make were RSS/Atom feeds. --- include/follow.php | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) (limited to 'include') diff --git a/include/follow.php b/include/follow.php index 2c2f5e209..9e2fd6a9c 100644 --- a/include/follow.php +++ b/include/follow.php @@ -182,6 +182,11 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $hash = get_observer_hash(); $default_group = $channel['channel_default_group']; + if($hash == $xchan_hash) { + $result['message'] = t('Cannot connect to yourself.'); + return $result; + } + if($xchan['xchan_network'] === 'rss') { // check service class feed limits @@ -196,28 +201,22 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $result['message'] = upgrade_message(); return $result; } - } - if($hash == $xchan_hash) { - $result['message'] = t('Cannot connect to yourself.'); - return $result; + // Always set these "remote" permissions for feeds since we cannot interact with them + // to negotiate a suitable permission response + + set_abconfig($uid,$xchan_hash,'their_perms','view_stream',1); + set_abconfig($uid,$xchan_hash,'their_perms','republish',1); + } + $r = q("select abook_id, abook_xchan, abook_pending, abook_instance from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($xchan_hash), intval($uid) ); - if($is_http) { - - // Always set these "remote" permissions for feeds since we cannot interact with them - // to negotiate a suitable permission response - - set_abconfig($uid,$xchan_hash,'their_perms','view_stream',1); - set_abconfig($uid,$xchan_hash,'their_perms','republish',1); - } - if($r) { $abook_instance = $r[0]['abook_instance']; @@ -250,7 +249,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) 'abook_channel' => intval($uid), 'abook_closeness' => intval($closeness), 'abook_xchan' => $xchan_hash, - 'abook_feed' => intval(($is_http) ? 1 : 0), + 'abook_feed' => intval(($xchan['xchan_network'] === 'rss') ? 1 : 0), 'abook_created' => datetime_convert(), 'abook_updated' => datetime_convert(), 'abook_instance' => (($singleton) ? z_root() : '') -- cgit v1.2.3 From e3c8e4f4833b485469616c753cc660e8a55bef29 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 30 Jul 2017 21:55:28 -0700 Subject: modify connection edit display for channels with no address/webbie --- include/network.php | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index fe9a9aa2b..fa49e5765 100644 --- a/include/network.php +++ b/include/network.php @@ -1142,7 +1142,7 @@ function discover_by_webbie($webbie) { $network = null; - $webbie = strtolower($webbie); +// $webbie = strtolower($webbie); $x = webfinger_rfc7033($webbie,true); if($x && array_key_exists('links',$x) && $x['links']) { @@ -1688,18 +1688,19 @@ function get_repository_version($branch = 'master') { function network_to_name($s) { $nets = array( - NETWORK_DFRN => t('Friendica'), - NETWORK_FRND => t('Friendica'), - NETWORK_OSTATUS => t('OStatus'), - NETWORK_GNUSOCIAL => t('GNU-Social'), - NETWORK_FEED => t('RSS/Atom'), - NETWORK_MAIL => t('Email'), - NETWORK_DIASPORA => t('Diaspora'), - NETWORK_FACEBOOK => t('Facebook'), - NETWORK_ZOT => t('Zot'), - NETWORK_LINKEDIN => t('LinkedIn'), - NETWORK_XMPP => t('XMPP/IM'), - NETWORK_MYSPACE => t('MySpace'), + NETWORK_DFRN => t('Friendica'), + NETWORK_FRND => t('Friendica'), + NETWORK_OSTATUS => t('OStatus'), + NETWORK_GNUSOCIAL => t('GNU-Social'), + NETWORK_FEED => t('RSS/Atom'), + NETWORK_ACTIVITYPUB => t('ActivityPub'), + NETWORK_MAIL => t('Email'), + NETWORK_DIASPORA => t('Diaspora'), + NETWORK_FACEBOOK => t('Facebook'), + NETWORK_ZOT => t('Zot'), + NETWORK_LINKEDIN => t('LinkedIn'), + NETWORK_XMPP => t('XMPP/IM'), + NETWORK_MYSPACE => t('MySpace'), ); call_hooks('network_to_name', $nets); -- cgit v1.2.3 From 9ec995dbf072eb3143cae2b11a89522577a005ff Mon Sep 17 00:00:00 2001 From: git-marijus Date: Mon, 31 Jul 2017 16:59:43 +0200 Subject: improve file_activity() a little --- include/attach.php | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 75235d7e1..d19de2ea3 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1684,17 +1684,9 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $arr['obj'] = $u_jsonobject; $arr['body'] = ''; - $post = item_store($arr); - $item_id = $post['item_id']; - if($item_id) { - Zotlabs\Daemon\Master::Summon(array('Notifier','activity',$item_id)); - } - - call_hooks('post_local_end', $arr); + post_activity_item($arr); $update = false; - - //notice( t('File activity updated') . EOL); } //don't create new activity if notify was not enabled @@ -1719,16 +1711,7 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $arr['obj'] = (($update) ? $u_jsonobject : $jsonobject); $arr['body'] = ''; - $post = item_store($arr); - $item_id = $post['item_id']; - - if($item_id) { - Zotlabs\Daemon\Master::Summon(array('Notifier','activity',$item_id)); - } - - call_hooks('post_local_end', $arr); - - //(($verb === 'post') ? notice( t('File activity posted') . EOL) : notice( t('File activity dropped') . EOL)); + post_activity_item($arr); return; } @@ -1894,7 +1877,7 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny //if none is allowed restrict to self if(($r_arr_allow_gid === false) && ($r_arr_allow_cid === false)) { - $ret['allow_cid'] = $poster['xchan_hash']; + $ret['allow_cid'] = [$poster['xchan_hash']]; } else { $ret['allow_gid'] = $r_arr_allow_gid; $ret['allow_cid'] = $r_arr_allow_cid; -- cgit v1.2.3 From 599b395e247c991756c7cf5db29608b2c817f476 Mon Sep 17 00:00:00 2001 From: git-marijus Date: Tue, 1 Aug 2017 23:20:39 +0200 Subject: finally fix recursive attachments permissions --- include/attach.php | 133 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 79 insertions(+), 54 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index d19de2ea3..79a38590b 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1605,7 +1605,10 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $folder_hash = $object['folder']; - $r_perms = recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash); + $r_perms = attach_recursive_perms($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash); + + if($r_perms === false) //nobody has recursive perms - nobody must be notified + return; //split up returned perms $arr_allow_cid = $r_perms['allow_cid']; @@ -1768,7 +1771,7 @@ function get_file_activity_object($channel_id, $hash, $url) { } /** - * @brief Returns array of channels which have recursive permission for a file + * @brief Returns recursive permissions array or false if nobody has recursive permissions * * @param array $arr_allow_cid * @param array $arr_allow_gid @@ -1776,19 +1779,20 @@ function get_file_activity_object($channel_id, $hash, $url) { * @param array $arr_deny_gid * @param string $folder_hash */ -function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash) { +function attach_recursive_perms($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash) { $ret = array(); $parent_arr = array(); $count_values = array(); $poster = App::get_observer(); - //turn allow_gid into allow_cid's - foreach($arr_allow_gid as $gid) { - $in_group = group_get_members($gid); + //lookup all channels in sharee group and add them to sharee $arr_allow_cid + if($arr_allow_gid) { + $in_group = expand_groups($arr_allow_gid); $arr_allow_cid = array_unique(array_merge($arr_allow_cid, $in_group)); } + //count existing parent folders - we will compare to that count later $count = 0; while($folder_hash) { $x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid, folder FROM attach WHERE hash = '%s' LIMIT 1", @@ -1797,30 +1801,20 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny //only process private folders if($x[0]['allow_cid'] || $x[0]['allow_gid'] || $x[0]['deny_cid'] || $x[0]['deny_gid']) { - $parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']); $parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']); - - /** - * @TODO should find a much better solution for the allow_cid <-> allow_gid problem. - * Do not use allow_gid for now. Instead lookup the members of the group directly and add them to allow_cid. - * */ - if($parent_arr['allow_gid']) { - foreach($parent_arr['allow_gid'][$count] as $gid) { - $in_group = group_get_members($gid); - $parent_arr['allow_cid'][$count] = array_unique(array_merge($parent_arr['allow_cid'][$count], $in_group)); - } - } - $parent_arr['deny_cid'][] = expand_acl($x[0]['deny_cid']); $parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']); + //this is the number of all existing parent folders - we will compare to that count later $count++; } $folder_hash = $x[0]['folder']; } + //logger(EOL . 'parent_arr: ' . print_r($parent_arr,true)); + //if none of the parent folders is private just return file perms if(!$parent_arr['allow_cid'] && !$parent_arr['allow_gid'] && !$parent_arr['deny_cid'] && !$parent_arr['deny_gid']) { $ret['allow_gid'] = $arr_allow_gid; @@ -1831,7 +1825,7 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny return $ret; } - //if there are no perms on the file we get them from the first parent folder + //if there are no perms on the file we will work with the perms from the first parent folder if(!$arr_allow_cid && !$arr_allow_gid && !$arr_deny_cid && !$arr_deny_gid) { $arr_allow_cid = $parent_arr['allow_cid'][0]; $arr_allow_gid = $parent_arr['allow_gid'][0]; @@ -1839,52 +1833,83 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny $arr_deny_gid = $parent_arr['deny_gid'][0]; } - //allow_cid - $r_arr_allow_cid = false; - foreach ($parent_arr['allow_cid'] as $folder_arr_allow_cid) { - foreach ($folder_arr_allow_cid as $ac_hash) { - $count_values[$ac_hash]++; + + /*** + * + * check if sharee has perms for all parent folders + * + ***/ + + $r_arr_allow_cid = []; + + if($parent_arr['allow_cid']) { + //check sharee arr_allow_cid against allow_cid of all parent folders + foreach($parent_arr['allow_cid'] as $folder_arr_allow_cid) { + foreach($folder_arr_allow_cid as $ac_hash) { + $count_values[$ac_hash]++; + } } - } - foreach ($arr_allow_cid as $fac_hash) { - if($count_values[$fac_hash] == $count) - $r_arr_allow_cid[] = $fac_hash; + foreach($arr_allow_cid as $fac_hash) { + if($count_values[$fac_hash] == $count) + $r_arr_allow_cid[] = $fac_hash; + } + //logger(EOL . 'r_arr_allow_cid: ' . print_r($r_arr_allow_cid,true)); } - //allow_gid - $r_arr_allow_gid = false; - foreach ($parent_arr['allow_gid'] as $folder_arr_allow_gid) { - foreach ($folder_arr_allow_gid as $ag_hash) { - $count_values[$ag_hash]++; + if($parent_arr['allow_gid']) { + //check sharee arr_allow_cid against members of allow_gid of all parent folders + foreach($parent_arr['allow_gid'] as $folder_arr_allow_gid) { + //get the group members + $folder_arr_allow_cid = expand_groups($folder_arr_allow_gid); + foreach($folder_arr_allow_cid as $ac_hash) { + $count_values[$ac_hash]++; + } } - } - foreach ($arr_allow_gid as $fag_hash) { - if($count_values[$fag_hash] == $count) - $r_arr_allow_gid[] = $fag_hash; + foreach($arr_allow_cid as $fac_hash) { + if($count_values[$fac_hash] == $count) + $r_arr_allow_cid[] = $fac_hash; + } + //logger(EOL . 'groups - r_arr_allow_cid: ' . print_r($r_arr_allow_cid,true)); } - //deny_gid - foreach($parent_arr['deny_gid'] as $folder_arr_deny_gid) { - $r_arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid); - } - $r_arr_deny_gid = array_unique($r_arr_deny_gid); + + /*** + * + * check if sharee is denied somewhere in parent folders and deny him if so + * + ***/ //deny_cid - foreach($parent_arr['deny_cid'] as $folder_arr_deny_cid) { - $r_arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid); + $r_arr_deny_cid = []; + + if($parent_arr['deny_cid']) { + foreach($parent_arr['deny_cid'] as $folder_arr_deny_cid) { + $r_arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid); + } + $r_arr_deny_cid = array_unique($r_arr_deny_cid); + //logger(EOL . 'r_arr_deny_cid: ' . print_r($r_arr_deny_cid,true)); } - $r_arr_deny_cid = array_unique($r_arr_deny_cid); - //if none is allowed restrict to self - if(($r_arr_allow_gid === false) && ($r_arr_allow_cid === false)) { - $ret['allow_cid'] = [$poster['xchan_hash']]; - } else { - $ret['allow_gid'] = $r_arr_allow_gid; - $ret['allow_cid'] = $r_arr_allow_cid; - $ret['deny_gid'] = $r_arr_deny_gid; - $ret['deny_cid'] = $r_arr_deny_cid; + //deny_gid + $r_arr_deny_gid = []; + + if($parent_arr['deny_cid']) { + foreach($parent_arr['deny_gid'] as $folder_arr_deny_gid) { + $r_arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid); + } + $r_arr_deny_gid = array_unique($r_arr_deny_gid); + //logger(EOL . 'r_arr_deny_gid: ' . print_r($r_arr_dr_arr_deny_gideny_cid,true)); } + //if no channel is allowed return false + if(! $r_arr_allow_cid) + return false; + + $ret['allow_gid'] = []; // eventual group members are already collected in $r_arr_allow_cid + $ret['allow_cid'] = $r_arr_allow_cid; + $ret['deny_gid'] = $r_arr_deny_gid; + $ret['deny_cid'] = $r_arr_deny_cid; + return $ret; } -- cgit v1.2.3 From a97b09210e977d52a5bda1dee2b1eddc19afc013 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 1 Aug 2017 18:05:04 -0700 Subject: auto preview when inserting a media item or embed into a post. Since this unanticipated action could be alarming (some might think the post was actually submitted), also provide a visible preview indicator within the previewed content. Remove the css for the old striped background image which hasn't been available for previewed content for a year or two. --- include/conversation.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 1c1a4479d..460c97efb 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -467,6 +467,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa $preview = (($page_mode === 'preview') ? true : false); $previewing = (($preview) ? ' preview ' : ''); + $preview_lbl = t('This is an unsaved preview'); if ($mode === 'network') { @@ -684,6 +685,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa 'mode' => $mode, 'approve' => t('Approve'), 'delete' => t('Delete'), + 'preview_lbl' => $preview_lbl, 'id' => (($preview) ? 'P0' : $item['item_id']), 'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, $profile_url), 'profile_url' => $profile_link, -- cgit v1.2.3 From bee09a6d8bbfd0da650aeeb5081648aa1e6c45f6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 2 Aug 2017 22:11:46 -0700 Subject: minor activitypub rendering stuff --- include/bbcode.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/bbcode.php b/include/bbcode.php index c408af35d..9f9b5c5e1 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -7,7 +7,7 @@ require_once('include/oembed.php'); require_once('include/event.php'); require_once('include/zot.php'); - +require_once('include/html2plain.php'); function get_bb_tag_pos($s, $name, $occurance = 1) { -- cgit v1.2.3 From d06ce6294d8bbf6bed668e7f0f363fcad63f4e05 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 3 Aug 2017 04:55:56 -0700 Subject: some bb-to-markdown issues --- include/markdown.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/markdown.php b/include/markdown.php index 530af57a0..0cd9ab237 100644 --- a/include/markdown.php +++ b/include/markdown.php @@ -157,11 +157,11 @@ function bb_to_markdown($Text, $options = []) { * Transform #tags, strip off the [url] and replace spaces with underscore */ - $Text = preg_replace_callback('/#\[([zu])rl\=(\w+.*?)\](\w+.*?)\[\/[(zu)]rl\]/i', + $Text = preg_replace_callback('/#\[([zu])rl\=(.*?)\](.*?)\[\/[(zu)]rl\]/i', create_function('$match', 'return \'#\'. str_replace(\' \', \'_\', $match[3]);'), $Text); - $Text = preg_replace('/#\^\[([zu])rl\=(\w+.*?)\](\w+.*?)\[\/([zu])rl\]/i', '[$1rl=$2]$3[/$4rl]', $Text); + $Text = preg_replace('/#\^\[([zu])rl\=(.*?)\](.*?)\[\/([zu])rl\]/i', '[$1rl=$2]$3[/$4rl]', $Text); // Converting images with size parameters to simple images. Markdown doesn't know it. $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $Text); @@ -197,9 +197,6 @@ function bb_to_markdown($Text, $options = []) { // Remove empty zrl links $Text = preg_replace("/\[zrl\=\].*?\[\/zrl\]/is", "", $Text); - // escape all unconverted tags - $Text = escape_tags($Text); - $Text = trim($Text); call_hooks('bb_to_markdown', $Text); -- cgit v1.2.3 From 3aa22c29fdaaae5902be7a8ce3be89678ee6bab4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 4 Aug 2017 19:02:41 -0700 Subject: allow channel address to be changed --- include/channel.php | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index f6252f094..efa39dcac 100644 --- a/include/channel.php +++ b/include/channel.php @@ -554,6 +554,92 @@ function change_channel_keys($channel) { return $ret; } +function channel_change_address($channel,$new_address) { + + $ret = array('success' => false); + + $old_address = $channel['channel_address']; + + if($new_address === 'sys') { + $ret['message'] = t('Reserved nickname. Please choose another.'); + return $ret; + } + + if(check_webbie(array($new_address)) !== $new_address) { + $ret['message'] = t('Nickname has unsupported characters or is already being used on this site.'); + return $ret; + } + + $r = q("update channel set channel_address = '%s' where channel_id = %d", + dbesc($new_address), + intval($channel['channel_id']) + ); + if(! $r) { + return $ret; + } + + $r = q("select * from channel where channel_id = %d", + intval($channel['channel_id']) + ); + + if(! $r) { + $ret['message'] = t('Unable to retrieve modified identity'); + return $ret; + } + + $r = q("update xchan set xchan_addr = '%s' where xchan_hash = '%s'", + dbesc($new_address . '@' . App::get_hostname()), + dbesc($channel['channel_hash']) + ); + + $h = q("select * from hubloc where hubloc_hash = '%s' and hubloc_url = '%s' ", + dbesc($channel['channel_hash']), + dbesc(z_root()) + ); + + if($h) { + foreach($h as $hv) { + if($hv['hubloc_primary']) { + q("update hubloc set hubloc_primary = 0 where hubloc_id = %d", + intval($hv['hubloc_id']) + ); + } + q("update hubloc set hubloc_deleted = 1 where hubloc_id = %d", + intval($hv['hubloc_id']) + ); + + unset($hv['hubloc_id']); + $hv['hubloc_addr'] = $new_address . '@' . App::get_hostname(); + hubloc_store_lowlevel($hv); + } + } + + // fix apps which were stored with the actual name rather than a macro + + $r = q("select * from app where app_channel = %d and app_system = 1", + intval($channel['channel_id']) + ); + if($r) { + foreach($r as $rv) { + $replace = preg_replace('/([\=\/])(' . $old_address . ')($|[\%\/])/ism','$1' . $new_address . '$3',$rv['app_url']); + if($replace != $rv['app_url']) { + q("update app set app_url = '%s' where id = %d", + dbesc($replace), + intval($rv['id']) + ); + } + } + } + + Zotlabs\Daemon\Master::Summon(array('Notifier', 'refresh_all', $channel['channel_id'])); + + $ret['success'] = true; + return $ret; +} + + + + /** -- cgit v1.2.3 From 68b32cd8f414fc3df1279a3458082b2d8dfc3430 Mon Sep 17 00:00:00 2001 From: git-marijus Date: Sun, 6 Aug 2017 21:40:39 +0200 Subject: consolidate disable_discover_tab config if it was not yet set to either 1 or 0 in DB --- include/conversation.php | 6 ++---- include/zot.php | 4 +++- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 460c97efb..13ae571d6 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1624,11 +1624,9 @@ function network_tabs() { // tabs $tabs = array(); - $d = get_config('system','disable_discover_tab'); - if($d === false) - $d = 1; + $disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false; - if(! $d) { + if(! $disable_discover_tab) { $tabs[] = array( 'label' => t('Discover'), 'url' => z_root() . '/' . $cmd . '?f=&fh=1' , diff --git a/include/zot.php b/include/zot.php index 75c37836d..3e2a66734 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1344,8 +1344,10 @@ function public_recips($msg) { $include_sys = false; if($msg['message']['type'] === 'activity') { - if(! get_config('system','disable_discover_tab')) + $disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false; + if(! $disable_discover_tab) $include_sys = true; + $perm = 'send_stream'; if(array_key_exists('flags',$msg['message']) && in_array('thread_parent', $msg['message']['flags'])) { -- cgit v1.2.3 From c00796d553946a48a97474ea3e5d16f1b1e04f21 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 6 Aug 2017 19:33:51 -0700 Subject: ostatus feed was missing comments --- include/feedutils.php | 2 +- include/items.php | 12 ++++-------- 2 files changed, 5 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/feedutils.php b/include/feedutils.php index e3f899a1e..07cb79340 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -115,7 +115,7 @@ function get_feed_for($channel, $observer_hash, $params) { $items = items_fetch( [ - 'wall' => '1', + 'wall' => '1', 'datequery' => $params['end'], 'datequery2' => $params['begin'], 'start' => intval($params['start']), diff --git a/include/items.php b/include/items.php index 386c25922..5a0ca01c6 100755 --- a/include/items.php +++ b/include/items.php @@ -3929,8 +3929,8 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } } - if(intval($arr['compat']) === 1) { - $sql_extra = " AND author_xchan = owner_xchan and item_wall = 1 and item_private = 0 "; + if($channel && intval($arr['compat']) === 1) { + $sql_extra = " AND author_xchan = '" . $channel['channel_hash'] . "' and item_private = 0 "; } if ($arr['datequery']) { @@ -3940,11 +3940,6 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $sql_extra3 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert('UTC','UTC',$arr['datequery2'])))); } - if(! array_key_exists('nouveau',$arr)) { - $sql_extra2 = " AND item.parent = item.id "; -// $sql_extra3 = ''; - } - if($arr['search']) { if(strpos($arr['search'],'#') === 0) @@ -4016,7 +4011,8 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C if($arr['item_type'] === '*') $item_restrict = ''; - if ($arr['nouveau'] && ($client_mode & CLIENT_MODE_LOAD) && $channel) { + if ((($arr['compat']) || ($arr['nouveau'] && ($client_mode & CLIENT_MODE_LOAD))) && $channel) { + // "New Item View" - show all items unthreaded in reverse created date order $items = q("SELECT item.*, item.id AS item_id FROM item -- cgit v1.2.3 From 6531cbd1d286738acb9448b141bf4d7d5f97ccf3 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 9 Aug 2017 17:35:03 -0700 Subject: libxml errors --- include/conversation.php | 2 +- include/network.php | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 13ae571d6..f15077e76 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -538,7 +538,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa } elseif ($mode === 'photos') { - $profile_onwer = App::$profile['profile_uid']; + $profile_owner = App::$profile['profile_uid']; $page_writeable = ($profile_owner == local_channel()); $live_update_div = '
' . "\r\n"; // for photos we've already formatted the top-level item (the photo) diff --git a/include/network.php b/include/network.php index fa49e5765..cd6e980ff 100644 --- a/include/network.php +++ b/include/network.php @@ -671,11 +671,12 @@ function parse_xml_string($s,$strict = true) { libxml_use_internal_errors(true); $x = @simplexml_load_string($s2); - if(! $x) { + if($x === false) { logger('libxml: parse: error: ' . $s2, LOGGER_DATA); - foreach(libxml_get_errors() as $err) - logger('libxml: parse: ' . $err->code." at ".$err->line.":".$err->column." : ".$err->message, LOGGER_DATA); - + foreach(libxml_get_errors() as $err) { + logger('libxml: parse: ' . $err->code . ' at ' . $err->line + . ':' . $err->column . ' : ' . $err->message, LOGGER_DATA); + } libxml_clear_errors(); } -- cgit v1.2.3 From 568690186961d2946543c8320faf5575758acfca Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 9 Aug 2017 22:45:52 -0700 Subject: some doco fixes and other real minor stuff to improve logreading ability --- include/photo/photo_driver.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index f47a9c878..94d0faa94 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -446,7 +446,7 @@ abstract class photo_driver { */ function guess_image_type($filename, $headers = '') { - logger('Photo: guess_image_type: '.$filename . ($headers?' from curl headers':''), LOGGER_DEBUG); +// logger('Photo: guess_image_type: '.$filename . ($headers?' from curl headers':''), LOGGER_DEBUG); $type = null; if ($headers) { @@ -513,7 +513,7 @@ function guess_image_type($filename, $headers = '') { } } - logger('Photo: guess_image_type: type = ' . $type, LOGGER_DEBUG); + logger('Photo: guess_image_type: filename = ' . $filename . ' type = ' . $type, LOGGER_DEBUG); return $type; } -- cgit v1.2.3 From 0a96cdd950f30974fe0fecf60b214701673dad86 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 10 Aug 2017 08:09:02 +0200 Subject: merge red/master into dev --- include/conversation.php | 2 +- include/network.php | 9 +++++---- include/photo/photo_driver.php | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 13ae571d6..f15077e76 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -538,7 +538,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa } elseif ($mode === 'photos') { - $profile_onwer = App::$profile['profile_uid']; + $profile_owner = App::$profile['profile_uid']; $page_writeable = ($profile_owner == local_channel()); $live_update_div = '
' . "\r\n"; // for photos we've already formatted the top-level item (the photo) diff --git a/include/network.php b/include/network.php index fa49e5765..cd6e980ff 100644 --- a/include/network.php +++ b/include/network.php @@ -671,11 +671,12 @@ function parse_xml_string($s,$strict = true) { libxml_use_internal_errors(true); $x = @simplexml_load_string($s2); - if(! $x) { + if($x === false) { logger('libxml: parse: error: ' . $s2, LOGGER_DATA); - foreach(libxml_get_errors() as $err) - logger('libxml: parse: ' . $err->code." at ".$err->line.":".$err->column." : ".$err->message, LOGGER_DATA); - + foreach(libxml_get_errors() as $err) { + logger('libxml: parse: ' . $err->code . ' at ' . $err->line + . ':' . $err->column . ' : ' . $err->message, LOGGER_DATA); + } libxml_clear_errors(); } diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index f47a9c878..94d0faa94 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -446,7 +446,7 @@ abstract class photo_driver { */ function guess_image_type($filename, $headers = '') { - logger('Photo: guess_image_type: '.$filename . ($headers?' from curl headers':''), LOGGER_DEBUG); +// logger('Photo: guess_image_type: '.$filename . ($headers?' from curl headers':''), LOGGER_DEBUG); $type = null; if ($headers) { @@ -513,7 +513,7 @@ function guess_image_type($filename, $headers = '') { } } - logger('Photo: guess_image_type: type = ' . $type, LOGGER_DEBUG); + logger('Photo: guess_image_type: filename = ' . $filename . ' type = ' . $type, LOGGER_DEBUG); return $type; } -- cgit v1.2.3 From 9411732c1b0a4aa07528763381313adc7a775da6 Mon Sep 17 00:00:00 2001 From: git-marijus Date: Thu, 10 Aug 2017 11:41:00 +0200 Subject: do not show channel manager and nav channel select if we are in a delegate session --- include/nav.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index f53a3eed5..76a8f8fb9 100644 --- a/include/nav.php +++ b/include/nav.php @@ -34,9 +34,11 @@ EOT; intval($channel['channel_id']) ); - $chans = q("select channel_name, channel_id from channel where channel_account_id = %d and channel_removed = 0 order by channel_name ", - intval(get_account_id()) - ); + if(! $_SESSION['delegate']) { + $chans = q("select channel_name, channel_id from channel where channel_account_id = %d and channel_removed = 0 order by channel_name ", + intval(get_account_id()) + ); + } } elseif(remote_channel()) $observer = App::get_observer(); @@ -196,7 +198,9 @@ EOT; $nav['all_events']['all']=array('events', t('View events'), "", ""); $nav['all_events']['mark'] = array('', t('Mark all events seen'), '',''); - $nav['manage'] = array('manage', t('Channel Manager'), "", t('Manage Your Channels'),'manage_nav_btn'); + if(! $_SESSION['delegate']) { + $nav['manage'] = array('manage', t('Channel Manager'), "", t('Manage Your Channels'),'manage_nav_btn'); + } $nav['settings'] = array('settings', t('Settings'),"", t('Account/Channel Settings'),'settings_nav_btn'); -- cgit v1.2.3 From 6c55e44f4cc0950144269f244fdf3baed5be4e49 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 10 Aug 2017 12:49:20 -0700 Subject: when following, allow [network]follow_address syntax to connect with a specific network for multi-protocol services --- include/follow.php | 21 +++++++++++++++++---- include/network.php | 6 +++--- 2 files changed, 20 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/follow.php b/include/follow.php index 9e2fd6a9c..130f8b06b 100644 --- a/include/follow.php +++ b/include/follow.php @@ -17,6 +17,17 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $my_perms = false; $is_zot = false; + $protocol = ''; + + + if(substr($url,0,1) === '[') { + $x = strpos($url,']'); + if($x) { + $protocol = substr($url,1,$x-1); + $url = substr($url,$x+1); + } + } + $is_http = ((strpos($url,'://') !== false) ? true : false); if($is_http && substr($url,-1,1) === '/') @@ -47,13 +58,13 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) } - $arr = array('url' => $url, 'channel' => array()); + $arr = array('url' => $url, 'protocol', 'channel' => array()); call_hooks('follow_init', $arr); if($arr['channel']['success']) $ret = $arr['channel']; - elseif(! $is_http) + elseif((! $is_http) && ((! $protocol) || (strtolower($protocol) === 'zot'))) $ret = Zotlabs\Zot\Finger::run($url,$channel); if($ret && is_array($ret) && $ret['success']) { @@ -118,8 +129,10 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) else { $xchan_hash = ''; + $sql_options = (($protocol) ? " and xchan_network = '" . dbesc($protocol) . "' " : ''); + - $r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' limit 1", + $r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' $sql_options limit 1", dbesc($url), dbesc($url) ); @@ -127,7 +140,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) if(! $r) { // attempt network auto-discovery - $d = discover_by_webbie($url); + $d = discover_by_webbie($url,$protocol); if((! $d) && ($is_http)) { diff --git a/include/network.php b/include/network.php index cd6e980ff..96f4416c8 100644 --- a/include/network.php +++ b/include/network.php @@ -1137,7 +1137,7 @@ function discover_by_url($url, $arr = null) { return true; } -function discover_by_webbie($webbie) { +function discover_by_webbie($webbie,$protocol = '') { $result = []; @@ -1153,7 +1153,7 @@ function discover_by_webbie($webbie) { // If we discover zot - don't search further; grab the info and get out of // here. - if($link['rel'] === PROTOCOL_ZOT) { + if($link['rel'] === PROTOCOL_ZOT && ((! $protocol) || (strtolower($protocol) === 'zot'))) { logger('discover_by_webbie: zot found for ' . $webbie, LOGGER_DEBUG); if(array_key_exists('zot',$x) && $x['zot']['success']) { $i = import_xchan($x['zot']); @@ -1174,7 +1174,7 @@ function discover_by_webbie($webbie) { logger('webfinger: ' . print_r($x,true), LOGGER_DATA, LOG_INFO); - $arr = array('address' => $webbie, 'success' => false, 'webfinger' => $x); + $arr = array('address' => $webbie, 'protocol' => $protocol, 'success' => false, 'webfinger' => $x); call_hooks('discover_channel_webfinger', $arr); if($arr['success']) return true; -- cgit v1.2.3 From 7cec3f4dbf53d64ab5d7fd579e98bbdf56a7a605 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 10 Aug 2017 18:05:06 -0700 Subject: include the mastodon summary in the post --- include/feedutils.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/feedutils.php b/include/feedutils.php index 07cb79340..145d4361c 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -255,7 +255,7 @@ function get_atom_elements($feed, $item, &$author) { $author['author_is_feed'] = false; $rawauthor = $feed->get_feed_tags(SIMPLEPIE_NAMESPACE_ATOM_10, 'author'); - logger('rawauthor: ' . print_r($rawauthor, true)); + //logger('rawauthor: ' . print_r($rawauthor, true)); } else { @@ -519,7 +519,7 @@ function get_atom_elements($feed, $item, &$author) { // turn Mastodon content warning into a #nsfw hashtag if($mastodon && $summary) { - $res['body'] .= "\n\n#ContentWarning\n"; + $res['body'] = $summary . "\n\n" . $res['body'] . "\n\n#ContentWarning\n"; } -- cgit v1.2.3 From 1408e3da3bcb818134b76db338fb913ae0b54aa1 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 10 Aug 2017 21:08:07 -0700 Subject: prevent uploads to comments if the channel has a default private ACL. --- include/conversation.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index f15077e76..30ba4d812 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -550,6 +550,19 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa if (! feature_enabled($profile_owner,'multi_delete')) $page_dropping = false; + $uploading = true; + + if($profile_owner > 0) { + $owner_channel = channelx_by_n($profile_owner); + if($owner_channel['channel_allow_cid'] || $owner_channel['channel_allow_gid'] + || $owner_channel['channel_deny_cid'] || $owner_channel['channel_deny_gid']) { + $uploading = false; + } + } + else { + $uploading = false; + } + $channel = App::get_channel(); $observer = App::get_observer(); @@ -753,7 +766,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa // Normal View // logger('conv: items: ' . print_r($items,true)); - $conv = new Zotlabs\Lib\ThreadStream($mode, $preview, $prepared_item); + $conv = new Zotlabs\Lib\ThreadStream($mode, $preview, $uploading, $prepared_item); // In the display mode we don't have a profile owner. -- cgit v1.2.3 From 86c4743ed9e76f8a813f6aa8075eb68e155d85dd Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 10 Aug 2017 21:43:36 -0700 Subject: deliverable_singleton - also check hubloc_hash in case we don't have an xchan_hash --- include/network.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index 96f4416c8..4ea619bf5 100644 --- a/include/network.php +++ b/include/network.php @@ -1652,9 +1652,17 @@ function check_channelallowed($hash) { } function deliverable_singleton($channel_id,$xchan) { + + if(array_key_exists('xchan_hash',$xchan)) + $xchan_hash = $xchan['xchan_hash']; + elseif(array_key_exists('hubloc_hash',$xchan)) + $xchan_hash = $xchan['hubloc_hash']; + else + return true; + $r = q("select abook_instance from abook where abook_channel = %d and abook_xchan = '%s' limit 1", intval($channel_id), - dbesc($xchan['xchan_hash']) + dbesc($xchan_hash) ); if($r) { if(! $r[0]['abook_instance']) -- cgit v1.2.3 From 998bd585bb75daf8b70071f21c5245bf24d46aa1 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 12 Aug 2017 00:59:05 -0700 Subject: add protocol selection to following feeds --- include/follow.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/follow.php b/include/follow.php index 130f8b06b..56d8294c5 100644 --- a/include/follow.php +++ b/include/follow.php @@ -138,6 +138,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) ); if(! $r) { + // attempt network auto-discovery $d = discover_by_webbie($url,$protocol); @@ -146,11 +147,13 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) // try RSS discovery - if(get_config('system','feed_contacts')) { + $feeds = get_config('system','feed_contacts'); + + if(($feeds) && ($protocol === '' || $protocol === 'feed')) { $d = discover_by_url($url); } else { - $result['message'] = t('Protocol disabled.'); + $result['message'] = t('Remote channel or protocol unavailable.'); return $result; } } -- cgit v1.2.3 From 68f6043d44e65f0516b2374948b51ccc8ab241fc Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 14 Aug 2017 17:34:47 -0700 Subject: new content type --- include/items.php | 1 - 1 file changed, 1 deletion(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 5a0ca01c6..e7bec7f20 100755 --- a/include/items.php +++ b/include/items.php @@ -1600,7 +1600,6 @@ function item_store($arr, $allow_exec = false, $deliver = true) { $arr['aid'] = ((x($arr,'aid')) ? intval($arr['aid']) : 0); $arr['mid'] = ((x($arr,'mid')) ? notags(trim($arr['mid'])) : random_string()); $arr['revision'] = ((x($arr,'revision') && intval($arr['revision']) > 0) ? intval($arr['revision']) : 0); -logger('revision: ' . $arr['revision']); $arr['author_xchan'] = ((x($arr,'author_xchan')) ? notags(trim($arr['author_xchan'])) : ''); $arr['owner_xchan'] = ((x($arr,'owner_xchan')) ? notags(trim($arr['owner_xchan'])) : ''); -- cgit v1.2.3 From 9b87940ed2bf8cd7c80337d224d390f1bcb379e9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 15 Aug 2017 18:49:08 -0700 Subject: remove easter egg --- include/text.php | 7 ------- 1 file changed, 7 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 5af4f1b67..dd2dc7620 100644 --- a/include/text.php +++ b/include/text.php @@ -2401,13 +2401,6 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d //...do nothing return $replaced; } - if($tag == '#getzot') { - $basetag = 'getzot'; - $url = 'http://hubzilla.org'; - $newtag = '#[zrl=' . $url . ']' . $basetag . '[/zrl]'; - $body = str_replace($tag,$newtag,$body); - $replaced = true; - } if(! $replaced) { //base tag has the tags name only -- cgit v1.2.3 From 4111ba8dee5562bb3314e72e05ba01de152cecc2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 18 Aug 2017 03:04:15 -0700 Subject: php warnings --- include/network.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index 4ea619bf5..96cea4b6f 100644 --- a/include/network.php +++ b/include/network.php @@ -1291,7 +1291,7 @@ function fetch_xrd_links($url) { return array(); $h = parse_xml_string($xml); - if(! $h) + if($h === false) return array(); $arr = convert_xml_element_to_array($h); -- cgit v1.2.3 From 8a5c23fd50d26fb44d3d1d0f11d3bbd23872d060 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 20 Aug 2017 17:45:08 -0700 Subject: issue with oembed of a shared item, which wraps in another share. --- include/conversation.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 30ba4d812..3b8ec19d3 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -295,7 +295,7 @@ function localize_item(&$item){ } $plink = '[zrl=' . $obj['plink'] . ']' . $post_type . '[/zrl]'; - $parsedobj = parse_xml_string($xmlhead.$item['obj']); +// $parsedobj = parse_xml_string($xmlhead.$item['obj']); $tag = sprintf('#[zrl=%s]%s[/zrl]', $parsedobj->id, $parsedobj->content); $item['body'] = sprintf( t('%1$s tagged %2$s\'s %3$s with %4$s'), $author, $objauthor, $plink, $tag ); @@ -312,7 +312,7 @@ function localize_item(&$item){ $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; - $obj = parse_xml_string($xmlhead.$item['obj']); +// $obj = parse_xml_string($xmlhead.$item['obj']); if(strlen($obj->id)) { $r = q("select * from item where mid = '%s' and uid = %d limit 1", dbesc($obj->id), -- cgit v1.2.3 From 9d5b6858ea627b5eb6115cacd870ef0277f87b2a Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 21 Aug 2017 02:01:41 -0700 Subject: stream_perms_xchans wasn't working which has effects in mod_display and there are also issues with the oembed provider for mod_display. This is a first cut for the second but hasn't yet been tested --- include/security.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/security.php b/include/security.php index 6e7b3dbb2..16c6f1680 100644 --- a/include/security.php +++ b/include/security.php @@ -640,7 +640,7 @@ function stream_perms_xchans($perms = NULL ) { if(local_channel()) $ret[] = get_observer_hash(); - $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' "); + $x = q("select uid, v from pconfig where cat = 'perm_limits' and k = 'view_stream' "); if($x) { $y = []; foreach($x as $xv) { @@ -650,6 +650,7 @@ function stream_perms_xchans($perms = NULL ) { } if($y) { $ids = ids_to_querystr($y,'uid'); + $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ", intval(PAGE_ADULT|PAGE_CENSORED) ); -- cgit v1.2.3 From 9f37dbc6dc1798b9b56a683ed1975adc318ff931 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 22 Aug 2017 18:29:51 -0700 Subject: util/dcp - support recursion and folders full of photos by importing files singly in separate processes - not yet tested --- include/attach.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 79a38590b..78e133b03 100644 --- a/include/attach.php +++ b/include/attach.php @@ -460,6 +460,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { // By default remove $src when finished $remove_when_processed = true; + $import_replace = false; if($options === 'import') { $src = $arr['src']; @@ -476,6 +477,9 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { if($arr['preserve_original']) $remove_when_processed = false; + if($arr['replace']) + $import_replace = true; + // if importing a directory, just do it now and go home - we're done. if(array_key_exists('is_dir',$arr) && intval($arr['is_dir'])) { @@ -617,8 +621,10 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { dbesc($folder_hash) ); if($r) { - $overwrite = get_pconfig($channel_id,'system','overwrite_dup_files'); + $overwrite = (($import_replace || get_pconfig($channel_id,'system','overwrite_dup_files')) ? true : false); if(($overwrite) || ($options === 'import')) { + if(! array_key_exists('edited',$arr)) + $arr['edited'] = datetime_convert(); $options = 'replace'; $existing_id = $x[0]['id']; $existing_size = intval($x[0]['filesize']); -- cgit v1.2.3 From 6c388575022cc10f28ed99e8e414fbc76a67bb00 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Wed, 23 Aug 2017 03:33:03 +0000 Subject: Repaired and extended support for help page translations including table of contents files at the top level. Moved help module javascript to mod_help.js. --- include/help.php | 39 +++++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 10 deletions(-) (limited to 'include') diff --git a/include/help.php b/include/help.php index 4f9251b1b..cbadd02d9 100644 --- a/include/help.php +++ b/include/help.php @@ -107,20 +107,39 @@ function preg_callback_help_include($matches) { } - +function determine_help_language() { + require_once('Text/LanguageDetect.php'); + $lang_detect = new Text_LanguageDetect(); + $lang_detect->setNameMode(2); + if($lang_detect->languageExists(argv(1))) { + $lang = argv(1); + $from_url = true; + } else { + $lang = \App::$language; + if(! isset($lang)) + $lang = 'en'; + $from_url = false; + } + return array('language' => $lang, 'from_url' => $from_url); +} function load_doc_file($s) { - $lang = \App::$language; - if(! isset($lang)) - $lang = 'en'; + $path = 'doc'; + $x = determine_help_language(); + $lang = $x['language']; + $url_idx = ($x['from_url'] ? 1 : 0); + if($x['from_url'] && $lang !== 'en') { + $path .= '/' . $lang; + } + $b = basename($s); - $d = dirname($s); - - if($dirname !== '-') { - $c = find_doc_file("$d/$lang/$b"); - if($c) - return $c; + + for($i=1+$url_idx; $i Date: Wed, 23 Aug 2017 00:01:02 -0700 Subject: cards feature --- include/contact_widgets.php | 43 +++++++++++++++++++++++++ include/conversation.php | 16 ++++++++-- include/features.php | 9 ++++++ include/nav.php | 12 +++++++ include/taxonomy.php | 76 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 154 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/contact_widgets.php b/include/contact_widgets.php index 8f76bb4bc..aac756a46 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -100,6 +100,49 @@ function categories_widget($baseurl,$selected = '') { return ''; } +function cardcategories_widget($baseurl,$selected = '') { + + if(! feature_enabled(App::$profile['profile_uid'],'categories')) + return ''; + + $item_normal = "and item.item_hidden = 0 and item.item_type = 6 and item.item_deleted = 0 + and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 + and item.item_blocked = 0 "; + + $terms = array(); + $r = q("select distinct(term.term) + from term join item on term.oid = item.id + where item.uid = %d + and term.uid = item.uid + and term.ttype = %d + and term.otype = %d + and item.owner_xchan = '%s' + $item_normal + order by term.term asc", + intval(App::$profile['profile_uid']), + intval(TERM_CATEGORY), + intval(TERM_OBJ_POST), + dbesc(App::$profile['channel_hash']) + ); + if($r && count($r)) { + foreach($r as $rr) + $terms[] = array('name' => $rr['term'], 'selected' => (($selected == $rr['term']) ? 'selected' : '')); + + return replace_macros(get_markup_template('categories_widget.tpl'),array( + '$title' => t('Categories'), + '$desc' => '', + '$sel_all' => (($selected == '') ? 'selected' : ''), + '$all' => t('Everything'), + '$terms' => $terms, + '$base' => $baseurl, + + )); + } + return ''; +} + + + function common_friends_visitor_widget($profile_uid) { if(local_channel() == $profile_uid) diff --git a/include/conversation.php b/include/conversation.php index 3b8ec19d3..c9142ac30 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1835,7 +1835,8 @@ function profile_tabs($a, $is_owner = false, $nickname = null){ require_once('include/menu.php'); $has_bookmarks = menu_list_count(local_channel(),'',MENU_BOOKMARK) + menu_list_count(local_channel(),'',MENU_SYSTEM|MENU_BOOKMARK); - if ($is_owner && $has_bookmarks) { + + if($is_owner && $has_bookmarks) { $tabs[] = array( 'label' => t('Bookmarks'), 'url' => z_root() . '/bookmarks', @@ -1846,6 +1847,17 @@ function profile_tabs($a, $is_owner = false, $nickname = null){ ); } + if(feature_enabled($uid,'cards')) { + $tabs[] = array( + 'label' => t('Cards'), + 'url' => z_root() . '/cards/' . $nickname, + 'sel' => ((argv(0) == 'cards') ? 'active' : ''), + 'title' => t('View Cards'), + 'id' => 'cards-tab', + 'icon' => 'list' + ); + } + if($has_webpages && feature_enabled($uid,'webpages')) { $tabs[] = array( 'label' => t('Webpages'), @@ -1856,7 +1868,7 @@ function profile_tabs($a, $is_owner = false, $nickname = null){ 'icon' => 'newspaper-o' ); } - + if ($p['view_wiki']) { if(feature_enabled($uid,'wiki') && (get_account_techlevel($account_id) > 3)) { diff --git a/include/features.php b/include/features.php index f32dbe82e..f84c9cb05 100644 --- a/include/features.php +++ b/include/features.php @@ -117,6 +117,15 @@ function get_features($filtered = true) { feature_level('private_notes',1), ], + [ + 'cards', + t('Cards'), + t('Create personal planning cards'), + false, + get_config('feature_lock','cards'), + feature_level('cards',1), + ], + [ 'nav_channel_select', t('Navigation Channel Select'), diff --git a/include/nav.php b/include/nav.php index 76a8f8fb9..f5a1236a8 100644 --- a/include/nav.php +++ b/include/nav.php @@ -434,6 +434,18 @@ function channel_apps($is_owner = false, $nickname = null) { ]; } + if($p['view_pages'] && feature_enabled($uid,'cards')) { + $tabs[] = [ + 'label' => t('Cards'), + 'url' => z_root() . '/cards/' . $nickname , + 'sel' => ((argv(0) == 'cards') ? 'active' : ''), + 'title' => t('View Cards'), + 'id' => 'cards-tab', + 'icon' => 'list' + ]; + } + + if($has_webpages && feature_enabled($uid,'webpages')) { $tabs[] = [ 'label' => t('Webpages'), diff --git a/include/taxonomy.php b/include/taxonomy.php index 46d661581..36e05b008 100644 --- a/include/taxonomy.php +++ b/include/taxonomy.php @@ -199,6 +199,62 @@ function tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags = 0, $re } + + +function card_tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags = 0, $restrict = 0, $type = TERM_CATEGORY) { + + require_once('include/security.php'); + + if(! perm_is_allowed($uid,get_observer_hash(),'view_pages')) + return array(); + + + $item_normal = item_normal(); + $sql_options = item_permissions_sql($uid); + $count = intval($count); + + if($flags) { + if($flags === 'wall') + $sql_options .= " and item_wall = 1 "; + } + + if($authors) { + if(! is_array($authors)) + $authors = array($authors); + + stringify_array_elms($authors,true); + $sql_options .= " and author_xchan in (" . implode(',',$authors) . ") "; + } + + if($owner) { + $sql_options .= " and owner_xchan = '" . dbesc($owner) . "' "; + } + + + // Fetch tags + $r = q("select term, count(term) as total from term left join item on term.oid = item.id + where term.uid = %d and term.ttype = %d + and otype = %d and item_type = %d and item_private = 0 + $sql_options $item_normal + group by term order by total desc %s", + intval($uid), + intval($type), + intval(TERM_OBJ_POST), + intval($restrict), + ((intval($count)) ? "limit $count" : '') + ); + + if(! $r) + return array(); + + return Zotlabs\Text\Tagadelic::calc($r); + +} + + + + + function dir_tagadelic($count = 0) { $count = intval($count); @@ -316,6 +372,26 @@ function catblock($uid,$count = 0,$authors = '',$owner = '', $flags = 0,$restric return $o; } +function card_catblock($uid,$count = 0,$authors = '',$owner = '', $flags = 0,$restrict = 0,$type = TERM_CATEGORY) { + $o = ''; + + $r = card_tagadelic($uid,$count,$authors,$owner,$flags,$restrict,$type); + + if($r) { + $c = q("select channel_address from channel where channel_id = %d limit 1", + intval($uid) + ); + + $o = '

' . t('Categories') . '

'; + foreach($r as $rr) { + $o .= ''.$rr[0].' ' . "\r\n"; + } + $o .= '
'; + } + + return $o; +} + function dir_tagblock($link,$r) { $o = ''; -- cgit v1.2.3 From 3b68df1be6173cbcc50386efc0161ece2015112d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 23 Aug 2017 17:46:20 -0700 Subject: several card enhancements --- include/conversation.php | 7 ++++++- include/items.php | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index c9142ac30..e0de6fdce 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1305,6 +1305,11 @@ function status_editor($a, $x, $popup = false) { if(! $cipher) $cipher = 'aes256'; + if(array_key_exists('catsenabled',$x)) + $catsenabled = $x['catsenabled']; + else + $catsenabled = ((feature_enabled($x['profile_uid'], 'categories') && (! $webpage)) ? 'categories' : ''); + // avoid illegal offset errors if(! array_key_exists('permissions',$x)) $x['permissions'] = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ]; @@ -1349,7 +1354,7 @@ function status_editor($a, $x, $popup = false) { '$clearloc' => $clearloc, '$title' => ((x($x, 'title')) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8') : ''), '$placeholdertitle' => ((x($x, 'placeholdertitle')) ? $x['placeholdertitle'] : t('Title (optional)')), - '$catsenabled' => ((feature_enabled($x['profile_uid'], 'categories') && (! $webpage)) ? 'categories' : ''), + '$catsenabled' => $catsenabled, '$category' => ((x($x, 'category')) ? $x['category'] : ''), '$placeholdercategory' => t('Categories (optional, comma-separated list)'), '$permset' => t('Permission settings'), diff --git a/include/items.php b/include/items.php index e7bec7f20..070c4571a 100755 --- a/include/items.php +++ b/include/items.php @@ -4111,6 +4111,8 @@ function webpage_to_namespace($webpage) { $page_type = 'BUILDBLOCK'; elseif($webpage == ITEM_TYPE_PDL) $page_type = 'PDL'; + elseif($webpage == ITEM_TYPE_CARD) + $page_type = 'CARD'; elseif($webpage == ITEM_TYPE_DOC) $page_type = 'docfile'; else -- cgit v1.2.3 From 64cf36a2b5dc314728fbb262471f1dd7b0ad2d96 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 23 Aug 2017 19:25:42 -0700 Subject: lognoise: don't log sync packet contents if there are no clones to receive them --- include/zot.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 3e2a66734..343bc8ad8 100644 --- a/include/zot.php +++ b/include/zot.php @@ -2965,8 +2965,6 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { logger('build_sync_packet'); - if($packet) - logger('packet: ' . print_r($packet, true),LOGGER_DATA, LOG_DEBUG); $keychange = (($packet && array_key_exists('keychange',$packet)) ? true : false); if($keychange) { @@ -3033,6 +3031,9 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { $env_recips = array(); $env_recips[] = array('guid' => $r[0]['xchan_guid'],'guid_sig' => $r[0]['xchan_guid_sig']); + if($packet) + logger('packet: ' . print_r($packet, true),LOGGER_DATA, LOG_DEBUG); + $info = (($packet) ? $packet : array()); $info['type'] = 'channel_sync'; $info['encoding'] = 'red'; // note: not zot, this packet is very platform specific -- cgit v1.2.3 From f2e802229acb871e0b50afb729445cdef8586951 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 23 Aug 2017 20:02:28 -0700 Subject: add new conv_sort option --- include/conversation.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index e0de6fdce..2448775af 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1461,6 +1461,8 @@ function conv_sort($arr, $order) { usort($parents,'sort_thr_created'); elseif(stristr($order,'commented')) usort($parents,'sort_thr_commented'); + elseif(stristr($order,'updated')) + usort($parents,'sort_thr_updated'); elseif(stristr($order,'ascending')) usort($parents,'sort_thr_created_rev'); @@ -1502,6 +1504,10 @@ function sort_thr_commented($a,$b) { return strcmp($b['commented'],$a['commented']); } +function sort_thr_updated($a,$b) { + return strcmp($b['updated'],$a['updated']); +} + function find_thread_parent_index($arr,$x) { foreach($arr as $k => $v) if($v['id'] == $x['parent']) -- cgit v1.2.3 From e7788156052bcb3676fe761f89769c2d72dc4bca Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 23 Aug 2017 20:12:40 -0700 Subject: use two keys for the updated sort --- include/conversation.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 2448775af..7e0394058 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1505,7 +1505,9 @@ function sort_thr_commented($a,$b) { } function sort_thr_updated($a,$b) { - return strcmp($b['updated'],$a['updated']); + $indexa = (($a['changed'] > $a['edited']) ? $a['changed'] : $a['edited']); + $indexb = (($b['changed'] > $b['edited']) ? $b['changed'] : $b['edited']); + return strcmp($indexb,$indexa); } function find_thread_parent_index($arr,$x) { -- cgit v1.2.3 From 4450170790de3999dc9c6f8876074e76edee8241 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 23 Aug 2017 21:26:09 -0700 Subject: partial support (unfinished) for ajax loading cards with liveupdate; page still functions even though this isn't finished --- include/conversation.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 7e0394058..0d2dd2224 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -517,6 +517,15 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa } } + elseif ($mode === 'cards') { + $profile_owner = App::$profile['profile_uid']; + $page_writeable = ($profile_owner == local_channel()); + $live_update_div = '
' . "\r\n" + . "\r\n"; + } + + elseif ($mode === 'display') { $profile_owner = local_channel(); $page_writeable = false; -- cgit v1.2.3 From e157e3bec8722c04ed8dc2d215cd2efd0ce3ce79 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 23 Aug 2017 22:06:42 -0700 Subject: cards: make page load after comment post --- include/conversation.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 0d2dd2224..2d5ccb5b1 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -464,6 +464,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa $profile_owner = 0; $page_writeable = false; $live_update_div = ''; + $jsreload = ''; $preview = (($page_mode === 'preview') ? true : false); $previewing = (($preview) ? ' preview ' : ''); @@ -523,6 +524,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa $live_update_div = '
' . "\r\n" . "\r\n"; + $jsreload = $_SESSION['return_url']; } @@ -817,6 +819,10 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa $item_object->set_template('conv_list.tpl'); $item_object->set_display_mode('list'); } + if($page_mode === 'cards') { + $item_object->set_reload($jsreload); + } + } } -- cgit v1.2.3 From 592cf893c006f24c652902fa4fae7d2d94496c3c Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Thu, 24 Aug 2017 11:19:11 +0000 Subject: Fixed incorrect language path when choosing the language from browser preference --- include/help.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/help.php b/include/help.php index cbadd02d9..f38f77854 100644 --- a/include/help.php +++ b/include/help.php @@ -128,7 +128,7 @@ function load_doc_file($s) { $x = determine_help_language(); $lang = $x['language']; $url_idx = ($x['from_url'] ? 1 : 0); - if($x['from_url'] && $lang !== 'en') { + if($lang !== 'en') { $path .= '/' . $lang; } -- cgit v1.2.3 From cf2609530fcffdc7f5477336232b7cfde8b6403f Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Thu, 24 Aug 2017 18:57:41 +0000 Subject: Added language selector menu for Help pages --- include/help.php | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/help.php b/include/help.php index f38f77854..ef6b77e12 100644 --- a/include/help.php +++ b/include/help.php @@ -32,6 +32,13 @@ function get_help_content($tocpath = false) { if(! $tocpath) \App::$page['title'] = t('Help:') . ' ' . ucwords(str_replace('-',' ',notags($title))); + if($tocpath !== false && + load_doc_file('doc/' . $path . '.md') === '' && + load_doc_file('doc/' . $path . '.bb') === '' && + load_doc_file('doc/' . $path . '.html') === '' + ) { + $path = 'toc'; + } $text = load_doc_file('doc/' . $path . '.md'); if(! $text) { @@ -110,7 +117,10 @@ function preg_callback_help_include($matches) { function determine_help_language() { require_once('Text/LanguageDetect.php'); $lang_detect = new Text_LanguageDetect(); + // Set this mode to recognize language by the short code like "en", "ru", etc. $lang_detect->setNameMode(2); + // If the language was specified in the URL, override the language preference + // of the browser. Default to English if both of these are absent. if($lang_detect->languageExists(argv(1))) { $lang = argv(1); $from_url = true; @@ -125,13 +135,16 @@ function determine_help_language() { function load_doc_file($s) { $path = 'doc'; + // Determine the language and modify the path accordingly $x = determine_help_language(); $lang = $x['language']; $url_idx = ($x['from_url'] ? 1 : 0); + // The English translation is at the root of /doc/. Other languages are in + // subfolders named by the language code such as "de", "es", etc. if($lang !== 'en') { $path .= '/' . $lang; } - + $b = basename($s); for($i=1+$url_idx; $i Date: Thu, 24 Aug 2017 21:47:01 +0200 Subject: ditch discover tab in favour of the public stream app --- include/conversation.php | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 2d5ccb5b1..78d90a6fc 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1616,7 +1616,6 @@ function network_tabs() { $conv_active = ''; $spam_active = ''; $postord_active = ''; - $public_active = ''; if(x($_GET,'new')) { $new_active = 'active'; @@ -1638,16 +1637,11 @@ function network_tabs() { $spam_active = 'active'; } - if(x($_GET,'fh')) { - $public_active = 'active'; - } - if (($new_active == '') && ($starred_active == '') && ($conv_active == '') && ($search_active == '') - && ($spam_active == '') - && ($public_active == '')) { + && ($spam_active == '')) { $no_active = 'active'; } @@ -1665,17 +1659,6 @@ function network_tabs() { // tabs $tabs = array(); - $disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false; - - if(! $disable_discover_tab) { - $tabs[] = array( - 'label' => t('Discover'), - 'url' => z_root() . '/' . $cmd . '?f=&fh=1' , - 'sel' => $public_active, - 'title' => t('Imported public streams'), - ); - } - $tabs[] = array( 'label' => t('Commented Order'), 'url'=>z_root() . '/' . $cmd . '?f=&order=comment' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : '') . ((x($_GET,'gid')) ? '&gid=' . $_GET['gid'] : ''), -- cgit v1.2.3 From 341386a95ba68227f60964ab50f9b20989ac6802 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 24 Aug 2017 18:15:19 -0700 Subject: make cards searchable --- include/conversation.php | 5 ++++- include/items.php | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 2d5ccb5b1..5cb85c3f9 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -703,6 +703,9 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0) $is_new = true; + $conv_link = (($item['item_type'] == ITEM_TYPE_CARD) ? $item['plink'] : z_root() . '/display/' . gen_link_id($item['mid'])); + + $tmp_item = array( 'template' => $tpl, 'toplevel' => 'toplevel_item', @@ -757,7 +760,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa 'like' => '', 'dislike' => '', 'comment' => '', - 'conv' => (($preview) ? '' : array('href'=> z_root() . '/display/' . gen_link_id($item['mid']), 'title'=> t('View in context'))), + 'conv' => (($preview) ? '' : array('href'=> $conv_link, 'title'=> t('View in context'))), 'previewing' => $previewing, 'wait' => t('Please wait'), 'thread_level' => 1, diff --git a/include/items.php b/include/items.php index 070c4571a..8489ec162 100755 --- a/include/items.php +++ b/include/items.php @@ -177,7 +177,7 @@ function item_normal() { } function item_normal_search() { - return " and item.item_hidden = 0 and item.item_type in (0,3) and item.item_deleted = 0 + return " and item.item_hidden = 0 and item.item_type in (0,3,6) and item.item_deleted = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 and item.item_blocked = 0 "; } -- cgit v1.2.3 From 5c92337821834853dc03eecbc8af9e59b16b70a1 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 24 Aug 2017 18:34:12 -0700 Subject: cards - change placeholdertext, separate from button text --- include/conversation.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 5cb85c3f9..9a48a83d2 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1340,10 +1340,14 @@ function status_editor($a, $x, $popup = false) { call_hooks('jot_networks', $jotnets); } + $sharebutton = (x($x,'button') ? $x['button'] : t('Share')); + $placeholdtext = (x($x,'content_label') ? $x['content_label'] : $sharebutton); + $o .= replace_macros($tpl, array( '$return_path' => ((x($x, 'return_path')) ? $x['return_path'] : App::$query_string), '$action' => z_root() . '/item', - '$share' => (x($x,'button') ? $x['button'] : t('Share')), + '$share' => $sharebutton, + '$placeholdtext' => $placeholdtext, '$webpage' => $webpage, '$placeholdpagetitle' => ((x($x,'ptlabel')) ? $x['ptlabel'] : t('Page link name')), '$pagetitle' => (x($x,'pagetitle') ? $x['pagetitle'] : ''), -- cgit v1.2.3 From 75f3e9202e191486b8c9079b08cc6de4e1251b8d Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Fri, 25 Aug 2017 11:32:18 +0000 Subject: Removed duplicated table of contents (TOC) in Help pages by breaking hierarchical TOC loading. --- include/help.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/help.php b/include/help.php index ef6b77e12..02c3cb8e4 100644 --- a/include/help.php +++ b/include/help.php @@ -28,16 +28,22 @@ function get_help_content($tocpath = false) { } if($path) { + $title = basename($path); if(! $tocpath) \App::$page['title'] = t('Help:') . ' ' . ucwords(str_replace('-',' ',notags($title))); + // Check that there is a "toc" or "sitetoc" located at the specified path. + // If there is not, then there was not a translation of the table of contents + // available and so default back to the English TOC at /doc/toc.{html,bb,md} + // TODO: This is incompatible with the hierarchical TOC construction + // defined in /Zotlabs/Widget/Helpindex.php. if($tocpath !== false && load_doc_file('doc/' . $path . '.md') === '' && load_doc_file('doc/' . $path . '.bb') === '' && load_doc_file('doc/' . $path . '.html') === '' ) { - $path = 'toc'; + $path = $title; } $text = load_doc_file('doc/' . $path . '.md'); -- cgit v1.2.3 From e2b6464f83313bd56c2d9c962e089d978927cdfd Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 29 Aug 2017 20:07:26 -0700 Subject: escape 'http' inside code blocks so it doesn't trigger an oembed --- include/bbcode.php | 3 +++ include/text.php | 2 ++ 2 files changed, 5 insertions(+) (limited to 'include') diff --git a/include/bbcode.php b/include/bbcode.php index 9f9b5c5e1..470854f06 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1255,6 +1255,9 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) $Text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", 'bb_unspacefy_and_trim', $Text); } + // replace escaped links in code= blocks + $Text = str_replace('%eY9-!','http', $Text); + $Text = preg_replace('/\[\&\;([#a-z0-9]+)\;\]/', '&$1;', $Text); // fix any escaped ampersands that may have been converted into links diff --git a/include/text.php b/include/text.php index dd2dc7620..4b34364ce 100644 --- a/include/text.php +++ b/include/text.php @@ -2986,6 +2986,8 @@ function text_highlight($s, $lang) { else $o = $s; + $o = str_replace('http','%eY9-!',$o); + return('' . $o . ''); } -- cgit v1.2.3 From 77267e049a4a6039100e5b2b724ff78ced4a1b74 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 29 Aug 2017 20:47:49 -0700 Subject: use iso 8601 "Zulu" for log timestamps so it can be easily processed with fail2ban --- include/text.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 4b34364ce..1919e4b57 100644 --- a/include/text.php +++ b/include/text.php @@ -651,7 +651,7 @@ function logger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) { $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; - $s = datetime_convert() . ':' . log_priority_str($priority) . ':' . session_id() . ':' . $where . $msg . PHP_EOL; + $s = datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . log_priority_str($priority) . ':' . session_id() . ':' . $where . $msg . PHP_EOL; $pluginfo = array('filename' => $logfile, 'loglevel' => $level, 'message' => $s,'priority' => $priority, 'logged' => false); if(! (App::$module == 'setup')) @@ -679,7 +679,7 @@ function btlogger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) { if(file_exists(BTLOGGER_DEBUG_FILE) && is_writable(BTLOGGER_DEBUG_FILE)) { $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; - $s = datetime_convert() . ':' . log_priority_str($priority) . ':' . session_id() . ':' . $where . $msg . PHP_EOL; + $s = datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . log_priority_str($priority) . ':' . session_id() . ':' . $where . $msg . PHP_EOL; @file_put_contents(BTLOGGER_DEBUG_FILE, $s, FILE_APPEND); } @@ -750,7 +750,7 @@ function dlogger($msg, $level = 0) { $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; - @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $where . $msg . PHP_EOL, FILE_APPEND); + @file_put_contents($logfile, datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . session_id() . ' ' . $where . $msg . PHP_EOL, FILE_APPEND); } @@ -2966,6 +2966,9 @@ function flatten_array_recursive($arr) { * @param string $s Text to highlight * @param string $lang Which language should be highlighted * @return string + * Important: The returned text has the text pattern 'http' translated to '%eY9-!' which should be converted back + * after further processing. This was done to prevent oembed links from occurring inside code blocks. + * See include/bbcode.php */ function text_highlight($s, $lang) { -- cgit v1.2.3 From be097bf415c898c470e85e89cd059e7121517d15 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 30 Aug 2017 16:24:26 -0700 Subject: issue with mentions and xchans with @ or / --- include/text.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 1919e4b57..ea21e2184 100644 --- a/include/text.php +++ b/include/text.php @@ -2485,7 +2485,7 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d if(($t2) && (! $diaspora)) { //get the id - $tagcid = substr($newname,$t2 + 1); + $tagcid = urldecode(substr($newname,$t2 + 1)); if(strrpos($tagcid,' ')) $tagcid = substr($tagcid,0,strrpos($tagcid,' ')); -- cgit v1.2.3 From 74f55d15042d04b530e22ed57bcb56520bca3e72 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 30 Aug 2017 21:45:54 -0700 Subject: check input is hex before sending it to hex2bin --- include/photos.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/photos.php b/include/photos.php index f5d5fdb48..c7c8fc0a4 100644 --- a/include/photos.php +++ b/include/photos.php @@ -595,7 +595,7 @@ function photos_album_exists($channel_id, $observer_hash, $album) { // partial backward compatibility with Hubzilla < 2.4 when we used the filename only // (ambiguous which would get chosen if you had two albums of the same name in different directories) - if(!$r) { + if(!$r && ctype_xdigit($album)) { $r = q("SELECT folder, hash, is_dir, filename, os_path, display_path FROM attach WHERE filename = '%s' AND is_dir = 1 AND uid = %d $sql_extra limit 1", dbesc(hex2bin($album)), intval($channel_id) -- cgit v1.2.3 From 5e767144c9fad9fe84573f4c46cd74b8edf76391 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 31 Aug 2017 19:09:07 -0700 Subject: simplify api_auth --- include/api_auth.php | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) (limited to 'include') diff --git a/include/api_auth.php b/include/api_auth.php index e5cd7cab3..7fc8dec3a 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -33,21 +33,15 @@ function api_login(&$a){ // workarounds for HTTP-auth in CGI mode - if(x($_SERVER,'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } - } - - if(x($_SERVER,'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; + foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') { + $userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + break; } } -- cgit v1.2.3 From 0cf5536e902aa9e74c7ca8f62bec3992f6f6a276 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 31 Aug 2017 20:08:58 -0700 Subject: server to server magic auth --- include/api_auth.php | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/api_auth.php b/include/api_auth.php index 7fc8dec3a..4b1aae642 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -7,6 +7,7 @@ function api_login(&$a){ $record = null; + $remote_auth = false; require_once('include/oauth.php'); @@ -34,6 +35,9 @@ function api_login(&$a){ // workarounds for HTTP-auth in CGI mode foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + + /* Basic authentication */ + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') { $userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ; if(strlen($userpass)) { @@ -43,6 +47,52 @@ function api_login(&$a){ } break; } + + /* Signature authentication */ + + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Signature') { + $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + if($sigblock) { + $keyId = $sigblock['keyId']; + if($keyId) { + $r = q("select * from hubloc where hubloc_addr = '%s' limit 1", + dbesc($keyId) + ); + if($r) { + $c = channelx_by_hash($r[0]['hubloc_hash']); + if($c) { + $a = q("select * from account where account_id = %d limit 1", + intval($c[0]['channel_account_id']) + ); + if($a) { + $record = [ 'channel' => $c[0], 'account' => $a[0] ]; + $channel_login = $c[0]['channel_id']; + } + else { + continue; + } + } + else { + continue; + } + } + else { + continue; + } + + if($head !== 'HTTP_AUTHORIZATION') { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; + } + if($record) { + $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); + if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { + $record = null; + } + break; + } + } + } + } } require_once('include/auth.php'); @@ -58,8 +108,6 @@ function api_login(&$a){ } } - - if($record['account']) { authenticate_success($record['account']); -- cgit v1.2.3 From b413beeb365ea09ac79f57e68dbb6ac49b5ea056 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 31 Aug 2017 20:45:13 -0700 Subject: add server-to-server magic auth to dav and cdav controllers --- include/api_auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/api_auth.php b/include/api_auth.php index 4b1aae642..01a4599aa 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -50,7 +50,7 @@ function api_login(&$a){ /* Signature authentication */ - if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Signature') { + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); if($sigblock) { $keyId = $sigblock['keyId']; -- cgit v1.2.3 From ae8cdc3b42a01bfa6a8a7baf80bad2544c3821a7 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 31 Aug 2017 21:38:03 -0700 Subject: some changes after testing server-to-server magic auth --- include/api_auth.php | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/api_auth.php b/include/api_auth.php index 01a4599aa..0818fa54b 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -8,6 +8,7 @@ function api_login(&$a){ $record = null; $remote_auth = false; + $sigblock = null; require_once('include/oauth.php'); @@ -51,6 +52,11 @@ function api_login(&$a){ /* Signature authentication */ if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { + if($head !== 'HTTP_AUTHORIZATION') { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; + continue; + } + $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); if($sigblock) { $keyId = $sigblock['keyId']; @@ -62,11 +68,11 @@ function api_login(&$a){ $c = channelx_by_hash($r[0]['hubloc_hash']); if($c) { $a = q("select * from account where account_id = %d limit 1", - intval($c[0]['channel_account_id']) + intval($c['channel_account_id']) ); if($a) { - $record = [ 'channel' => $c[0], 'account' => $a[0] ]; - $channel_login = $c[0]['channel_id']; + $record = [ 'channel' => $c, 'account' => $a[0] ]; + $channel_login = $c['channel_id']; } else { continue; @@ -80,9 +86,6 @@ function api_login(&$a){ continue; } - if($head !== 'HTTP_AUTHORIZATION') { - $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; - } if($record) { $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { @@ -127,8 +130,8 @@ function api_login(&$a){ } -function retry_basic_auth() { - header('WWW-Authenticate: Basic realm="Hubzilla"'); +function retry_basic_auth($method = 'Basic') { + header('WWW-Authenticate: ' . $method . ' realm="Hubzilla"'); header('HTTP/1.0 401 Unauthorized'); echo('This api requires login'); killme(); -- cgit v1.2.3 From 5bffae621979f37740cbfc7d97adf15f95e6c6e8 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 31 Aug 2017 23:21:06 -0700 Subject: cut down on a few extraneous gprobe processes --- include/channel.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index efa39dcac..faf28df28 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1616,13 +1616,15 @@ function get_my_address() { function zid_init() { $tmp_str = get_my_address(); if(validate_email($tmp_str)) { - Zotlabs\Daemon\Master::Summon(array('Gprobe',bin2hex($tmp_str))); $arr = array('zid' => $tmp_str, 'url' => App::$cmd); call_hooks('zid_init',$arr); if(! local_channel()) { $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc limit 1", dbesc($tmp_str) ); + if(! $r) { + Zotlabs\Daemon\Master::Summon(array('Gprobe',bin2hex($tmp_str))); + } if($r && remote_channel() && remote_channel() === $r[0]['hubloc_hash']) return; logger('zid_init: not authenticated. Invoking reverse magic-auth for ' . $tmp_str); -- cgit v1.2.3 From 7bff60edacd68ef3dccf6f956e9c57092919950a Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 2 Sep 2017 14:04:37 -0700 Subject: may be exploitable in current form - awaiting review --- include/api_auth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/api_auth.php b/include/api_auth.php index 0818fa54b..0acd4ac68 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -85,7 +85,8 @@ function api_login(&$a){ else { continue; } - +// requires security review +$record = null; if($record) { $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { -- cgit v1.2.3 From 499b7de0d217e5e56819f34dea26cb5d395e2a0b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 3 Sep 2017 00:59:51 -0700 Subject: Reviewed. This is OK. Revert "may be exploitable in current form - awaiting review" This reverts commit 7bff60edacd68ef3dccf6f956e9c57092919950a. --- include/api_auth.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include') diff --git a/include/api_auth.php b/include/api_auth.php index 0acd4ac68..0818fa54b 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -85,8 +85,7 @@ function api_login(&$a){ else { continue; } -// requires security review -$record = null; + if($record) { $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { -- cgit v1.2.3 From dc18440c18549a07b31c7506316e7a4bd40b9712 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sun, 3 Sep 2017 21:33:07 +0200 Subject: introduce item_normal_update(). the differnce to item_normal() is that we do not query for item_deleted = 0 and therefor can find deleted likes which allows us to update our unlikes on the fly if static page update is enabled --- include/items.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'include') diff --git a/include/items.php b/include/items.php index 8489ec162..d10d43687 100755 --- a/include/items.php +++ b/include/items.php @@ -182,6 +182,12 @@ function item_normal_search() { and item.item_blocked = 0 "; } +function item_normal_update() { + return " and item.item_hidden = 0 and item.item_type = 0 + and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 + and item.item_blocked = 0 "; +} + /** * @brief -- cgit v1.2.3 From 3d0a7f4fc5eacbafa08f49118dc7e54927b4fbed Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 3 Sep 2017 22:09:16 -0700 Subject: paths in xchan_addr no longer means RSS specifically but could be activitypub --- include/html2bbcode.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'include') diff --git a/include/html2bbcode.php b/include/html2bbcode.php index 29880a627..d7fbd8660 100644 --- a/include/html2bbcode.php +++ b/include/html2bbcode.php @@ -87,9 +87,6 @@ function deletenode(&$doc, $node) function html2bbcode($message) { - //$file = tempnam("/tmp/", "html"); - //file_put_contents($file, $message); - $message = str_replace("\r", "", $message); $message = str_replace(array( -- cgit v1.2.3 From fc62f07a089daf698953e6e4197668fbf8aebef9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 3 Sep 2017 23:50:18 -0700 Subject: validate the security context --- include/zot.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 343bc8ad8..56bd7d212 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4621,6 +4621,7 @@ function zot_reply_auth_check($data,$encrypted_packet) { // First verify their signature. We will have obtained a zot-info packet from them as part of the sender // verification. + // needs a nonce!!!! if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL; -- cgit v1.2.3 From 05654e498034329759351c4a64349734ce6b7204 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 4 Sep 2017 21:02:44 -0700 Subject: card embed improved --- include/bbcode.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/bbcode.php b/include/bbcode.php index 470854f06..9a2a6eb9b 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -327,11 +327,16 @@ function bb_ShareAttributes($match) { if ($avatar != "") $headline .= '' . $author . ''; + if(strpos($link,'/cards/')) + $type = t('card'); + else + $type = t('post'); + // Bob Smith wrote the following post 2 hours ago $fmt = sprintf( t('%1$s wrote the following %2$s %3$s'), '' . $author . '', - '' . t('post') . '', + '' . $type . '', $reldate ); -- cgit v1.2.3 From 842a041a888434df7d6312db08ce805c5ee21bf7 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 5 Sep 2017 16:38:55 -0700 Subject: remove period from characters allowed in username, as this will mess up URL based content-type negotiation. It was previously disallowed but permitted a month or two ago after seeing Diaspora started allowing it. It's OK if they have it, but we can't; as many of our urls are based on username and theirs are primarily based on uid. --- include/channel.php | 4 ++-- include/text.php | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index faf28df28..41feca362 100644 --- a/include/channel.php +++ b/include/channel.php @@ -52,7 +52,7 @@ function identity_check_service_class($account_id) { * * This action is pluggable. * We're currently only checking for an empty name or one that exceeds our - * storage limit (255 chars). 255 chars is probably going to create a mess on + * storage limit (191 chars). 191 chars is probably going to create a mess on * some pages. * Plugins can set additional policies such as full name requirements, character * sets, multi-byte length, etc. @@ -67,7 +67,7 @@ function validate_channelname($name) { if (! $name) return t('Empty name'); - if (strlen($name) > 255) + if (mb_strlen($name) > 191) return t('Name too long'); $arr = ['name' => $name]; diff --git a/include/text.php b/include/text.php index ea21e2184..a3c2bbc08 100644 --- a/include/text.php +++ b/include/text.php @@ -1984,14 +1984,14 @@ function is_a_date_arg($s) { } function legal_webbie($s) { - if(! strlen($s)) + if(! $s) return ''; - // WARNING: This regex will not work in a federated environment. + // WARNING: This regex may not work in a federated environment. // You will probably want something like // preg_replace('/([^a-z0-9\_])/','',strtolower($s)); - $r = preg_replace('/([^a-z0-9\-\_\.])/','',strtolower($s)); + $r = preg_replace('/([^a-z0-9\-\_])/','',strtolower($s)); $x = [ 'input' => $s, 'output' => $r ]; call_hooks('legal_webbie',$x); @@ -2003,7 +2003,7 @@ function legal_webbie_text() { // WARNING: This will not work in a federated environment. - $s = t('a-z, 0-9, -, _, and . only'); + $s = t('a-z, 0-9, -, and _ only'); $x = [ 'text' => $s ]; call_hooks('legal_webbie_text',$x); -- cgit v1.2.3 From 6147f819ce908d7a52f905658e827c48aad92074 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 5 Sep 2017 17:12:31 -0700 Subject: avoid a security patch and resultant compatibility issues; instead restrict the input characters we accept in token verification strings to hex digits. This will all be changing in the coming weeks/months anyway. --- include/zot.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 56bd7d212..cb213eff3 100644 --- a/include/zot.php +++ b/include/zot.php @@ -137,7 +137,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot } if ($secret) { - $data['secret'] = $secret; + $data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret); $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method)); } @@ -4621,7 +4621,6 @@ function zot_reply_auth_check($data,$encrypted_packet) { // First verify their signature. We will have obtained a zot-info packet from them as part of the sender // verification. - // needs a nonce!!!! if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL; -- cgit v1.2.3 From 45eb61bcf079557094fed8714afc994f1120e6db Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 5 Sep 2017 18:32:37 -0700 Subject: provide sharing of cards --- include/conversation.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index ec445ba4c..c034e8a65 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -709,6 +709,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa $tmp_item = array( 'template' => $tpl, 'toplevel' => 'toplevel_item', + 'item_type' => intval($item['item_type']), 'mode' => $mode, 'approve' => t('Approve'), 'delete' => t('Delete'), -- cgit v1.2.3 From ab9b82e77878e1c904d02ab931f8f6f8c0651a21 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 6 Sep 2017 16:44:10 -0700 Subject: ignore diaspora_meta column on item import. --- include/import.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include') diff --git a/include/import.php b/include/import.php index 2199400af..4d38c8061 100644 --- a/include/import.php +++ b/include/import.php @@ -602,6 +602,11 @@ function import_items($channel, $items, $sync = false, $relocate = null) { if(! $item) continue; + // deprecated + + if(array_key_exists('diaspora_meta',$item)) + unset($item['diaspora_meta']); + if($relocate && $item['mid'] === $item['parent_mid']) { item_url_replace($channel,$item,$relocate['url'],z_root(),$relocate['channel_address']); } -- cgit v1.2.3 From 318643cf9a8b40fad98df58f6c262d6ae6a0c63b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 6 Sep 2017 19:55:32 -0700 Subject: mastodon wraps oembed in an iframe - which we immediately purify our of existence and what we really want to purify is the content. So strip away the iframe, fetch the content and purify that instead. --- include/oembed.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'include') diff --git a/include/oembed.php b/include/oembed.php index 460e0244e..f662d84c7 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -225,6 +225,17 @@ function oembed_fetch_url($embedurl){ if($j['html']) { $orig = $j['html']; $allow_position = (($is_matrix) ? true : false); + + // some sites wrap their entire embed in an iframe + // which we will purify away and which we provide anyway. + // So if we see this, grab the frame src url and use that + // as the embed content - which will still need to be purified. + + if(preg_match('# Date: Wed, 6 Sep 2017 20:07:53 -0700 Subject: use array_key_exists() instead of x() in this case as the latter fails on an array that's empty and we unconditionally need to encode the array even if empty --- include/items.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index d10d43687..f286015fe 100755 --- a/include/items.php +++ b/include/items.php @@ -2004,17 +2004,17 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) { $arr = $translate['item']; } - if((x($arr,'obj')) && is_array($arr['obj'])) { + if((array_key_exists('obj',$arr)) && is_array($arr['obj'])) { activity_sanitise($arr['obj']); $arr['obj'] = json_encode($arr['obj']); } - if((x($arr,'target')) && is_array($arr['target'])) { + if((array_key_exists('target',$arr)) && is_array($arr['target'])) { activity_sanitise($arr['target']); $arr['target'] = json_encode($arr['target']); } - if((x($arr,'attach')) && is_array($arr['attach'])) { + if((array_key_exists('attach',$arr)) && is_array($arr['attach'])) { activity_sanitise($arr['attach']); $arr['attach'] = json_encode($arr['attach']); } -- cgit v1.2.3 From 61f339a874784d3181f4c884bab9994ec9200f50 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 17:56:02 -0700 Subject: owa - first commit --- include/zid.php | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) (limited to 'include') diff --git a/include/zid.php b/include/zid.php index ee43fd7c8..5d58ff257 100644 --- a/include/zid.php +++ b/include/zid.php @@ -81,6 +81,10 @@ function zid($s,$address = '') { } +function strip_query_param($s,$param) { + return preg_replace('/[\?&]' . $param . '=(.*?)(&|$)/ism','$2',$s); +} + function strip_zids($s) { return preg_replace('/[\?&]zid=(.*?)(&|$)/ism','$2',$s); } @@ -230,3 +234,65 @@ function red_zrlify_img_callback($matches) { return $matches[0]; } +function owt_init($token) { + + \Zotlabs\Zot\Verify::purge('owt','3 MINUTE'); + + $ob_hash = \Zotlabs\Zot\Verify::get_meta('owt',0,$token); + if($ob_hash === false) { + return; + } + + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash + where hubloc_addr = '%s' order by hubloc_id desc", + dbesc($ob_hash) + ); + + if(! $r) { + // finger them if they can't be found. + $j = Finger::run($ob_hash, null); + if ($j['success']) { + import_xchan($j); + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash + where hubloc_addr = '%s' order by hubloc_id desc", + dbesc($ob_hash) + ); + } + } + if(! $r) { + logger('owt: unable to finger ' . $ob_hash); + return; + } + $hubloc = $r[0]; + + $delegate_success = false; + if($_REQUEST['delegate']) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", + dbesc($_REQUEST['delegate']) + ); + if ($r && intval($r[0]['channel_id'])) { + $allowed = perm_is_allowed($r[0]['channel_id'],$hubloc['xchan_hash'],'delegate'); + if($allowed) { + $_SESSION['delegate_channel'] = $r[0]['channel_id']; + $_SESSION['delegate'] = $hubloc['xchan_hash']; + $_SESSION['account_id'] = intval($r[0]['channel_account_id']); + require_once('include/security.php'); + // this will set the local_channel authentication in the session + change_channel($r[0]['channel_id']); + $delegate_success = true; + } + } + } + + if (! $delegate_success) { + // normal visitor (remote_channel) login session credentials + $_SESSION['visitor_id'] = $hubloc['xchan_hash']; + $_SESSION['my_url'] = $hubloc['xchan_url']; + $_SESSION['my_address'] = $hubloc['hubloc_addr']; + $_SESSION['remote_hub'] = $hubloc['hubloc_url']; + $_SESSION['DNT'] = 1; + } + + logger('owa success!'); + +} \ No newline at end of file -- cgit v1.2.3 From 4d794103be4112a6f1f0d8f54e0d54c0961297b5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 18:09:31 -0700 Subject: testing owa --- include/channel.php | 2 +- include/connections.php | 2 +- include/text.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 41feca362..213676f52 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1633,7 +1633,7 @@ function zid_init() { $query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query); $dest = '/' . urlencode($query); if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { - goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&dest=' . z_root() . $dest); + goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&dest=' . z_root() . $dest); } else logger('zid_init: no hubloc found.'); diff --git a/include/connections.php b/include/connections.php index 8df795190..a9f906649 100644 --- a/include/connections.php +++ b/include/connections.php @@ -115,7 +115,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { App::$profile_uid = $xchan['channel_id']; $url = (($observer) - ? z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] + ? z_root() . '/magic?f=&owa=1&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] : $xchan['xchan_url'] ); diff --git a/include/text.php b/include/text.php index a3c2bbc08..51d711021 100644 --- a/include/text.php +++ b/include/text.php @@ -987,7 +987,7 @@ function chanlink_cid($d) { function magiclink_url($observer,$myaddr,$url) { return (($observer) - ? z_root() . '/magic?f=&dest=' . $url . '&addr=' . $myaddr + ? z_root() . '/magic?f=&owa=1&dest=' . $url . '&addr=' . $myaddr : $url ); } @@ -1389,7 +1389,7 @@ function theme_attachments(&$item) { if(is_foreigner($item['author_xchan'])) $url = $r['href']; else - $url = z_root() . '/magic?f=&hash=' . $item['author_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision']; + $url = z_root() . '/magic?f=&owa=1&hash=' . $item['author_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision']; //$s .= '' . $icon . ''; $attaches[] = array('label' => $label, 'url' => $url, 'icon' => $icon, 'title' => $title); -- cgit v1.2.3 From 1fbb1e6c2a665159d0085217c9b73d571e360256 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 18:52:18 -0700 Subject: initial testing success with owa --- include/zid.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/zid.php b/include/zid.php index 5d58ff257..d5d863be6 100644 --- a/include/zid.php +++ b/include/zid.php @@ -239,6 +239,7 @@ function owt_init($token) { \Zotlabs\Zot\Verify::purge('owt','3 MINUTE'); $ob_hash = \Zotlabs\Zot\Verify::get_meta('owt',0,$token); + if($ob_hash === false) { return; } @@ -250,7 +251,7 @@ function owt_init($token) { if(! $r) { // finger them if they can't be found. - $j = Finger::run($ob_hash, null); + $j = \Zotlabs\Zot\Finger::run($ob_hash, null); if ($j['success']) { import_xchan($j); $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash @@ -265,6 +266,8 @@ function owt_init($token) { } $hubloc = $r[0]; + $_SESSION['authenticated'] = 1; + $delegate_success = false; if($_REQUEST['delegate']) { $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", -- cgit v1.2.3 From 84c86f01c853f87be93807b3e190f954aca2e6e6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 8 Sep 2017 16:00:27 -0700 Subject: owa: missed the set-observer stuff --- include/zid.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/zid.php b/include/zid.php index d5d863be6..08d8f061b 100644 --- a/include/zid.php +++ b/include/zid.php @@ -296,6 +296,13 @@ function owt_init($token) { $_SESSION['DNT'] = 1; } - logger('owa success!'); + $arr = array('xchan' => $hubloc, 'url' => \App::query_string, 'session' => $_SESSION); + call_hooks('magic_auth_success',$arr); + \App::set_observer($hubloc); + require_once('include/security.php'); + \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$hubloc['xchan_name'])); + logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); + } \ No newline at end of file -- cgit v1.2.3 From e2e7bee3cca6f2ffc88aee9c94066e117e7a682b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 9 Sep 2017 13:34:57 -0700 Subject: owa cleanup --- include/zid.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/zid.php b/include/zid.php index 08d8f061b..ce9f70385 100644 --- a/include/zid.php +++ b/include/zid.php @@ -296,12 +296,13 @@ function owt_init($token) { $_SESSION['DNT'] = 1; } - $arr = array('xchan' => $hubloc, 'url' => \App::query_string, 'session' => $_SESSION); + $arr = array('xchan' => $hubloc, 'url' => \App::$query_string, 'session' => $_SESSION); call_hooks('magic_auth_success',$arr); \App::set_observer($hubloc); require_once('include/security.php'); \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); - info(sprintf( t('Welcome %s. Remote authentication successful.'),$hubloc['xchan_name'])); + if(! get_config('system','hide_owa_greeting')) + info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name'])); logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); -- cgit v1.2.3 From 187fc9a51b4549659925a6c0c5c5bbb474c6bcf5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 10 Sep 2017 17:40:40 -0700 Subject: fix regex --- include/oembed.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/oembed.php b/include/oembed.php index f662d84c7..390fcba94 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -231,7 +231,7 @@ function oembed_fetch_url($embedurl){ // So if we see this, grab the frame src url and use that // as the embed content - which will still need to be purified. - if(preg_match('# Date: Sun, 10 Sep 2017 22:59:26 -0700 Subject: regex was still broken --- include/oembed.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/oembed.php b/include/oembed.php index 390fcba94..c2bf0a0ed 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -231,7 +231,7 @@ function oembed_fetch_url($embedurl){ // So if we see this, grab the frame src url and use that // as the embed content - which will still need to be purified. - if(preg_match('# Date: Tue, 12 Sep 2017 21:34:14 +0200 Subject: rename activity notifications links --- include/nav.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index f5a1236a8..a2aab06f6 100644 --- a/include/nav.php +++ b/include/nav.php @@ -171,8 +171,8 @@ EOT; if(local_channel()) { $nav['network'] = array('network', t('Grid'), "", t('Your grid'),'network_nav_btn'); - $nav['network']['all'] = [ 'network', t('View your network/grid'), '','' ]; - $nav['network']['mark'] = array('', t('Mark all grid notifications seen'), '',''); + $nav['network']['all'] = [ 'network', t('View your network activity'), '','' ]; + $nav['network']['mark'] = array('', t('Mark all activity notifications seen'), '',''); $nav['home'] = array('channel/' . $channel['channel_address'], t('Channel Home'), "", t('Channel home'),'home_nav_btn'); $nav['home']['all'] = [ 'channel/' . $channel['channel_address'], t('View your channel home'), '' , '' ]; -- cgit v1.2.3 From 87ca60b0b128bf12b611146264159377baca71a3 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Tue, 12 Sep 2017 21:38:36 +0200 Subject: rename activity notifications links - one more --- include/nav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index a2aab06f6..01decb2bf 100644 --- a/include/nav.php +++ b/include/nav.php @@ -170,7 +170,7 @@ EOT; if(local_channel()) { - $nav['network'] = array('network', t('Grid'), "", t('Your grid'),'network_nav_btn'); + $nav['network'] = array('network', t('Activity'), "", t('Network Activity'),'network_nav_btn'); $nav['network']['all'] = [ 'network', t('View your network activity'), '','' ]; $nav['network']['mark'] = array('', t('Mark all activity notifications seen'), '',''); -- cgit v1.2.3 From 4ff89a58625e647ee74087dfab79ac6dd76cbe6c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 12 Sep 2017 20:24:57 -0700 Subject: drop salmon until we improve performance --- include/network.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index 96cea4b6f..da1afc3ac 100644 --- a/include/network.php +++ b/include/network.php @@ -411,7 +411,7 @@ function http_status($val, $msg = '') { if ($val >= 200 && $val < 300) $msg = (($msg) ? $msg : 'OK'); - logger('' . $val . ' ' . $msg); + logger(\App::$query_string . ':' . $val . ' ' . $msg); header($_SERVER['SERVER_PROTOCOL'] . ' ' . $val . ' ' . $msg); } -- cgit v1.2.3 From 5e99295bf6f85e7a6d50e0c8f0701a9b37f03332 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 12 Sep 2017 22:32:31 -0700 Subject: wiki mimetype selection --- include/text.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 51d711021..58e2b8256 100644 --- a/include/text.php +++ b/include/text.php @@ -1786,15 +1786,15 @@ function layout_select($channel_id, $current = '') { } -function mimetype_select($channel_id, $current = 'text/bbcode') { +function mimetype_select($channel_id, $current = 'text/bbcode', $choices = null) { - $x = array( + $x = (($choices) ? $choices : [ 'text/bbcode', 'text/html', 'text/markdown', 'text/plain', 'application/x-pdl' - ); + ]); if((App::$is_sys) || (channel_codeallowed($channel_id) && $channel_id == local_channel())){ -- cgit v1.2.3 From 0e6d84e20731f173e489fe0d54b43c01266c0391 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 12 Sep 2017 23:25:19 -0700 Subject: add option to mimetype selector so you can change the element name in case you end up with two of these suckers on the same page --- include/text.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 58e2b8256..c4d441e85 100644 --- a/include/text.php +++ b/include/text.php @@ -1786,7 +1786,7 @@ function layout_select($channel_id, $current = '') { } -function mimetype_select($channel_id, $current = 'text/bbcode', $choices = null) { +function mimetype_select($channel_id, $current = 'text/bbcode', $choices = null, $element = 'mimetype') { $x = (($choices) ? $choices : [ 'text/bbcode', @@ -1807,7 +1807,7 @@ function mimetype_select($channel_id, $current = 'text/bbcode', $choices = null) } $o = replace_macros(get_markup_template('field_select_raw.tpl'), array( - '$field' => array('mimetype', t('Page content type'), $selected, '', $options) + '$field' => array( $element, t('Page content type'), $selected, '', $options) )); return $o; -- cgit v1.2.3 From 13788af90838d66b1c701f935862a37fcc7262f4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 13 Sep 2017 19:20:16 -0700 Subject: Zot6: some things that need to be done ahead of time so we can turbocharge the delivery engine and split off site records from channel records. --- include/zot.php | 46 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 11 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index cb213eff3..7443a2dba 100644 --- a/include/zot.php +++ b/include/zot.php @@ -2875,8 +2875,13 @@ function import_site($arr, $pubkey) { $site_directory = DIRECTORY_MODE_NORMAL; } + $site_flags = $site_directory; + + if(array_key_exists('zot',$arr) && ((float) $arr['zot']) >= 6.0) + $site_flags = ($site_flags & ZOT6_COMPLIANT); + if($exists) { - if(($siterecord['site_flags'] != $site_directory) + if(($siterecord['site_flags'] != $site_flags) || ($siterecord['site_access'] != $access_policy) || ($siterecord['site_directory'] != $directory_url) || ($siterecord['site_sellpage'] != $sellpage) @@ -2896,7 +2901,7 @@ function import_site($arr, $pubkey) { $r = q("update site set site_dead = 0, site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s', site_type = %d, site_project = '%s', site_version = '%s', site_crypto = '%s' where site_url = '%s'", dbesc($site_location), - intval($site_directory), + intval($site_flags), intval($access_policy), dbesc($directory_url), intval($register_policy), @@ -2929,7 +2934,7 @@ function import_site($arr, $pubkey) { 'site_location' => $site_location, 'site_url' => $url, 'site_access' => intval($access_policy), - 'site_flags' => intval($site_directory), + 'site_flags' => intval($site_flags), 'site_update' => datetime_convert(), 'site_directory' => $directory_url, 'site_register' => intval($register_policy), @@ -4161,9 +4166,27 @@ function zotinfo($arr) { if($x) $ret['locations'] = $x; - $ret['site'] = array(); + $ret['site'] = zot_site_info($e); + + + check_zotinfo($e,$x,$ret); + + + call_hooks('zot_finger',$ret); + return($ret); + +} + + +function zot_site_info($channel = null) { + + $signing_key = (($channel) ? $channel['channel_prvkey'] : get_config('system','prvkey')); + $sig_method = get_config('system','signature_algorithm','sha256'); + + $ret = []; + $ret['site'] = []; $ret['site']['url'] = z_root(); - $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$e['channel_prvkey'],$sig_method)); + $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); $ret['site']['zot_auth'] = z_root() . '/magic'; $dirmode = get_config('system','directory_mode'); @@ -4182,6 +4205,12 @@ function zotinfo($arr) { $ret['site']['encryption'] = crypto_methods(); $ret['site']['signing'] = signing_methods(); + if(function_exists('zotvi_load')) { + $ret['site']['zot'] = '6.0'; + } + else { + $ret['site']['zot'] = ZOT_REVISION; + } // hide detailed site information if you're off the grid @@ -4234,15 +4263,10 @@ function zotinfo($arr) { } - check_zotinfo($e,$x,$ret); - - - call_hooks('zot_finger',$ret); - return($ret); + return $ret['site']; } - function check_zotinfo($channel,$locations,&$ret) { -- cgit v1.2.3 From b5966041be46ab7a16dc1ee93b5a07c5461bc73c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 13 Sep 2017 20:40:01 -0700 Subject: more zot6 --- include/connections.php | 15 +++++++++++---- include/zot.php | 1 + 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/connections.php b/include/connections.php index a9f906649..0cf4cdc5a 100644 --- a/include/connections.php +++ b/include/connections.php @@ -629,13 +629,20 @@ function get_vcard_array($vc,$id) { if($vc->ADR) { foreach($vc->ADR as $adr) { $type = (($adr['TYPE']) ? vcard_translate_type((string)$adr['TYPE']) : ''); - $adrs[] = [ + $entry = [ 'type' => $type, 'address' => $adr->getParts() ]; - $last_entry = end($adrs); - if($last_entry && is_array($adrs[$last_entry]['address'])) - array_walk($adrs[$last_entry]['address'],'array_escape_tags'); + + if(is_array($entry['address'])) { + array_walk($entry['address'],'array_escape_tags'); + } + else { + $entry['address'] = (string) escape_tags($entry['address']); + } + + $adrs[] = $entry; + } } diff --git a/include/zot.php b/include/zot.php index 7443a2dba..c819e26a5 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4188,6 +4188,7 @@ function zot_site_info($channel = null) { $ret['site']['url'] = z_root(); $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); $ret['site']['zot_auth'] = z_root() . '/magic'; + $ret['site']['key'] = get_config('system','pubkey'); $dirmode = get_config('system','directory_mode'); if(($dirmode === false) || ($dirmode == DIRECTORY_MODE_NORMAL)) -- cgit v1.2.3 From 5be132f877f792e7b122a2b6ca18934b31b2f10c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 13 Sep 2017 21:36:59 -0700 Subject: make wiki page mimetype default to wiki mimetype (this was the original intent but the wrong variable was used) --- include/zot.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index c819e26a5..c8321c2ae 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4187,7 +4187,9 @@ function zot_site_info($channel = null) { $ret['site'] = []; $ret['site']['url'] = z_root(); $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); - $ret['site']['zot_auth'] = z_root() . '/magic'; + $ret['site']['post'] = z_root() . '/post'; + $ret['site']['openWebAuth'] = z_root() . '/owa'; + $ret['site']['authRedirect'] = z_root() . '/magic'; $ret['site']['key'] = get_config('system','pubkey'); $dirmode = get_config('system','directory_mode'); -- cgit v1.2.3 From 1c0ece841152ea507e1cbaf031460078c2c22ad8 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 14 Sep 2017 18:48:55 -0700 Subject: provide a hook for importing a channel photo at channel creation time --- include/channel.php | 12 ++++++++++++ include/photo/photo_driver.php | 30 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 213676f52..204f375b1 100644 --- a/include/channel.php +++ b/include/channel.php @@ -7,6 +7,7 @@ require_once('include/zot.php'); require_once('include/crypto.php'); require_once('include/menu.php'); require_once('include/perm_upgrade.php'); +require_once('include/photo/photo_driver.php'); /** * @brief Called when creating a new channel. @@ -273,6 +274,17 @@ function create_identity($arr) { return $ret; } + $a = q("select * from account where account_id = %d", + intval($arr['account_id']) + ); + + $z = [ 'account' => $a[0], 'channel' = $r[0], 'photo_url' => '' ]; + call_hooks('create_channel_photo',$z); + + if($z['photo_url']) { + import_channel_photo_from_url($z['photo_url'],$arr['account_id'],$r[0]['channel_id']); + } + if($role_permissions && array_key_exists('limits',$role_permissions)) $perm_limits = $role_permissions['limits']; else diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 94d0faa94..c6c023147 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -637,6 +637,36 @@ function import_xchan_photo($photo,$xchan,$thing = false) { } +function import_channel_photo_from_url($photo,$aid,$uid) { + + if($photo) { + $filename = basename($photo); + + $result = z_fetch_url($photo,true); + + if($result['success']) { + $img_str = $result['body']; + $type = guess_image_type($photo, $result['header']); + + $h = explode("\n",$result['header']); + if($h) { + foreach($h as $hl) { + if(stristr($hl,'content-type:')) { + if(! stristr($hl,'image/')) { + $photo_failure = true; + } + } + } + } + } + } + else { + $photo_failure = true; + } + + import_channel_photo($img_str,$type,$aid,$uid); + +} function import_channel_photo($photo,$type,$aid,$uid) { -- cgit v1.2.3 From 67348547765876faa847fa53f92d37a6b4bc4aa5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 14 Sep 2017 18:50:43 -0700 Subject: typocheck --- include/channel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 204f375b1..7072bb4ce 100644 --- a/include/channel.php +++ b/include/channel.php @@ -278,7 +278,7 @@ function create_identity($arr) { intval($arr['account_id']) ); - $z = [ 'account' => $a[0], 'channel' = $r[0], 'photo_url' => '' ]; + $z = [ 'account' => $a[0], 'channel' => $r[0], 'photo_url' => '' ]; call_hooks('create_channel_photo',$z); if($z['photo_url']) { -- cgit v1.2.3 From 1d9e0f17a6e945a10c05ad6543682ad1c8cd87d9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 17 Sep 2017 18:40:32 -0700 Subject: more mastodon testing --- include/items.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include') diff --git a/include/items.php b/include/items.php index f286015fe..daf41aa4b 100755 --- a/include/items.php +++ b/include/items.php @@ -2498,6 +2498,9 @@ function tag_deliver($uid, $item_id) { $pattern = '/@\!?\[zrl\=([^\]]*?)\]((?:.(?!\[zrl\=))*?)\+\[\/zrl\]/'; + // statusnet style group tags + $pattern2 = '/^|[^@]\!\[zrl\=([^\]]*?)\]((?:.(?!\[zrl\=))*?)\+\[\/zrl\]/'; + if(preg_match_all($pattern,$body,$matches,PREG_SET_ORDER)) { $max_forums = get_config('system','max_tagged_forums'); if(! $max_forums) -- cgit v1.2.3 From 654139933fe1ed9527bd4a7f3dbb82abf6952388 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 17 Sep 2017 23:28:58 -0700 Subject: tagging changes --- include/text.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index c4d441e85..ce0352d8d 100644 --- a/include/text.php +++ b/include/text.php @@ -794,7 +794,7 @@ function get_tags($s) { // match any double quoted tags - if(preg_match_all('/([@#]\"\;.*?\"\;)/',$s,$match)) { + if(preg_match_all('/([@#!]\"\;.*?\"\;)/',$s,$match)) { foreach($match[1] as $mtch) { $ret[] = $mtch; } @@ -823,7 +823,7 @@ function get_tags($s) { // Otherwise pull out single word tags. These can be @nickname, @first_last // and #hash tags. - if(preg_match_all('/(? Date: Sun, 17 Sep 2017 23:54:29 -0700 Subject: more tag stuff --- include/text.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index ce0352d8d..dafb6f131 100644 --- a/include/text.php +++ b/include/text.php @@ -2446,7 +2446,7 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d if(strpos($tag,'!') === 0) { $grouptag = true; - + } if(strpos($tag,'@') === 0 || $grouptag) { -- cgit v1.2.3 From e812836a601f5fda32b520e9af29f89ae2227524 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 18 Sep 2017 17:46:34 -0700 Subject: provide rel=alternate link if no reshare content in post --- include/feedutils.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include') diff --git a/include/feedutils.php b/include/feedutils.php index 145d4361c..4cc194fb1 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -811,6 +811,7 @@ function feed_get_reshare(&$res,$item) { } $attach = $share['links']; + if($attach) { foreach($attach as $att) { if($att['rel'] === 'alternate') { @@ -845,6 +846,10 @@ function feed_get_reshare(&$res,$item) { } } + if((! $body) && ($share['alternate'])) { + $body = $share['alternate']; + } + $res['body'] = "[share author='" . urlencode($share['author']) . "' profile='" . $share['profile'] . "' avatar='" . $share['avatar'] . -- cgit v1.2.3 From c6bcea0f82a03657611621c338a6c01059ae8ec6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 18 Sep 2017 21:55:45 -0700 Subject: pubcrawl: make a good faith effort to handle multi-media content --- include/feedutils.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/feedutils.php b/include/feedutils.php index 4cc194fb1..112e10155 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -1711,7 +1711,7 @@ function compat_photos_list($s) { $found = preg_match_all('/\[[zi]mg(.*?)\](.*?)\[/ism',$s,$matches,PREG_SET_ORDER); if($found) { - foreach($matches as $match) { + foreach($matches as $match) { $ret[] = [ 'href' => $match[2], 'length' => 0, -- cgit v1.2.3 From 72a19a14aff7a13a8c1fb10e773784643f68d234 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 19 Sep 2017 17:35:57 -0700 Subject: turn common friends into a widget --- include/contact_widgets.php | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/contact_widgets.php b/include/contact_widgets.php index aac756a46..e5bb696f8 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -143,7 +143,7 @@ function cardcategories_widget($baseurl,$selected = '') { -function common_friends_visitor_widget($profile_uid) { +function common_friends_visitor_widget($profile_uid,$cnt = 10) { if(local_channel() == $profile_uid) return; @@ -156,19 +156,20 @@ function common_friends_visitor_widget($profile_uid) { require_once('include/socgraph.php'); $t = count_common_friends($profile_uid,$observer_hash); + if(! $t) return; - $r = common_friends($profile_uid,$observer_hash,0,5,true); + $r = common_friends($profile_uid,$observer_hash,0,$cnt,true); return replace_macros(get_markup_template('remote_friends_common.tpl'), array( - '$desc' => sprintf( tt("%d connection in common", "%d connections in common", $t), $t), - '$base' => z_root(), - '$uid' => $profile_uid, - '$cid' => $observer, - '$linkmore' => (($t > 5) ? 'true' : ''), - '$more' => t('show more'), - '$items' => $r + '$desc' => sprintf( t('Common connections: %d'), $t), + '$base' => z_root(), + '$uid' => $profile_uid, + '$cid' => $observer, + '$linkmore' => (($t > $cnt) ? 'true' : ''), + '$more' => t('show more'), + '$items' => $r )); }; -- cgit v1.2.3 From b0cdec0c35136db8cbb0cf13135a1f5cc8d1bc05 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 19 Sep 2017 19:15:15 -0700 Subject: perform caching of jsonld schemas --- include/network.php | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'include') diff --git a/include/network.php b/include/network.php index da1afc3ac..7e2dbf4cf 100644 --- a/include/network.php +++ b/include/network.php @@ -1943,4 +1943,35 @@ function getBestSupportedMimeType($mimeTypes = null, $acceptedTypes = false) { } // no mime-type found return null; +} + + +function jsonld_document_loader($url) { + + // perform caching for jsonld normaliser + + require_once('library/jsonld/jsonld.php'); + + $cachepath = 'store/[data]/ldcache'; + if(! is_dir($cachepath)) + os_mkdir($cachepath,STORAGE_DEFAULT_PERMISSIONS,true); + + $filename = $cachepath . '/' . urlencode($url); + if(file_exists($filename) && filemtime($filename) > time() - (12 * 60 * 60)) { + return json_decode(file_get_contents($filename)); + } + + $r = jsonld_default_document_loader($url); + if($r) { + file_put_contents($filename,json_encode($r)); + return $r; + } + + logger('not found'); + if(file_exists($filename)) { + return json_decode(file_get_contents($filename)); + } + + return []; + } \ No newline at end of file -- cgit v1.2.3 From 61d9b34929adc831eb780fd3410660eb98c114a9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 19 Sep 2017 23:30:52 -0700 Subject: use mimetype text description rather than technical name in dropdown choices, found bug in mimetype selection option code --- include/text.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index c4d441e85..49cc2d6c5 100644 --- a/include/text.php +++ b/include/text.php @@ -1789,21 +1789,21 @@ function layout_select($channel_id, $current = '') { function mimetype_select($channel_id, $current = 'text/bbcode', $choices = null, $element = 'mimetype') { $x = (($choices) ? $choices : [ - 'text/bbcode', - 'text/html', - 'text/markdown', - 'text/plain', - 'application/x-pdl' + 'text/bbcode' => t('BBcode'), + 'text/html' => t('HTML'), + 'text/markdown' => t('Markdown'), + 'text/plain' => t('Text'), + 'application/x-pdl' => t('Comanche Layout') ]); if((App::$is_sys) || (channel_codeallowed($channel_id) && $channel_id == local_channel())){ - $x[] = 'application/x-php'; + $x['application/x-php'] = t('PHP'); } - foreach($x as $y) { + foreach($x as $y => $z) { $selected = (($y == $current) ? ' selected="selected" ' : ''); - $options .= ''; + $options .= ''; } $o = replace_macros(get_markup_template('field_select_raw.tpl'), array( -- cgit v1.2.3 From 9e46472ca26f2bd38d2e71c221a9fbf5618b5822 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 20 Sep 2017 00:00:26 -0700 Subject: provide default photo mimetype --- include/channel.php | 5 ++++- include/perm_upgrade.php | 3 +++ include/photo/photo_driver.php | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 7072bb4ce..fef933ba7 100644 --- a/include/channel.php +++ b/include/channel.php @@ -278,11 +278,13 @@ function create_identity($arr) { intval($arr['account_id']) ); + $photo_type = null; + $z = [ 'account' => $a[0], 'channel' => $r[0], 'photo_url' => '' ]; call_hooks('create_channel_photo',$z); if($z['photo_url']) { - import_channel_photo_from_url($z['photo_url'],$arr['account_id'],$r[0]['channel_id']); + $photo_type = import_channel_photo_from_url($z['photo_url'],$arr['account_id'],$r[0]['channel_id']); } if($role_permissions && array_key_exists('limits',$role_permissions)) @@ -330,6 +332,7 @@ function create_identity($arr) { 'xchan_guid' => $guid, 'xchan_guid_sig' => $sig, 'xchan_pubkey' => $key['pubkey'], + 'xchan_photo_mimetype' => (($photo_type) ? $photo_type : 'image/png'), 'xchan_photo_l' => z_root() . "/photo/profile/l/{$newuid}", 'xchan_photo_m' => z_root() . "/photo/profile/m/{$newuid}", 'xchan_photo_s' => z_root() . "/photo/profile/s/{$newuid}", diff --git a/include/perm_upgrade.php b/include/perm_upgrade.php index 5be1ffbb2..9eb1efba2 100644 --- a/include/perm_upgrade.php +++ b/include/perm_upgrade.php @@ -135,6 +135,9 @@ function translate_abook_perms_outbound(&$abook) { $my_perms = 0; $their_perms = 0; + if(! $abook) + return; + if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && $abook['abconfig']) { foreach($abook['abconfig'] as $p) { if($p['cat'] === 'their_perms') { diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index c6c023147..17ca81419 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -666,6 +666,7 @@ function import_channel_photo_from_url($photo,$aid,$uid) { import_channel_photo($img_str,$type,$aid,$uid); + return $type; } -- cgit v1.2.3 From 3456c192feeab9495693e2cbdcff16fe99bff932 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 21 Sep 2017 23:37:13 -0700 Subject: encrypt delivery reports. This will cause a bit of consternation because this is not backward compatible and older sites will see some incorrect delivery reports from newer sites until the next upgrade; as their systems will not know how to read the ecnrypted final reports. --- include/zot.php | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index c8321c2ae..f03445781 100644 --- a/include/zot.php +++ b/include/zot.php @@ -977,6 +977,18 @@ function zot_process_response($hub, $arr, $outq) { } if(is_array($x) && array_key_exists('delivery_report',$x) && is_array($x['delivery_report'])) { + + if(array_key_exists('iv',$x['delivery_report'])) { + $j = crypto_unencapsulate($x['delivery_report'],get_config('system','prvkey')); + if($j) { + $x['delivery_report'] = json_decode($j,true); + } + if(! (is_array($x['delivery_report']) && count($x['delivery_report']))) { + logger('encrypted delivery report could not be decrypted'); + return; + } + } + foreach($x['delivery_report'] as $xx) { if(is_array($xx) && array_key_exists('message_id',$xx) && delivery_report_is_storable($xx)) { q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ", @@ -1048,13 +1060,15 @@ function zot_fetch($arr) { foreach($ret_hubs as $ret_hub) { + $secret = substr(preg_replace('/[^0-9a-fA-F]/','',$arr['secret']),0,64); + $data = [ 'type' => 'pickup', 'url' => z_root(), 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))), 'callback' => z_root() . '/post', - 'secret' => $arr['secret'], - 'secret_sig' => base64url_encode(rsa_sign($arr['secret'], get_config('system','prvkey'))) + 'secret' => $secret, + 'secret_sig' => base64url_encode(rsa_sign($secret, get_config('system','prvkey'))) ]; $algorithm = zot_best_algorithm($ret_hub['site_crypto']); @@ -1064,8 +1078,11 @@ function zot_fetch($arr) { $result = zot_import($fetch, $arr['sender']['url']); - if($result) + if($result) { + $result = crypto_encapsulate(json_encode($result),$ret_hub['hubloc_sitekey'], $algorithm); return $result; + } + } return; -- cgit v1.2.3 From 1650d79862c0e89887ede279a19c8df07fe0d927 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 24 Sep 2017 19:45:19 -0700 Subject: tagging changes - provides ability to mention a forum by using !forumname as well as the traditional red style (@forumname+). This should probably not be advertised on a wide scale until after a critical mass of sites have updated to a version containing these changes. This adds yet another option type to the ACL module which probably needs refactoring soon since it is turning into option type spaghetti. --- include/items.php | 81 +++++++++++++++++++++++++++++++++++++++------------- include/taxonomy.php | 2 ++ include/text.php | 19 ++++++++---- include/zot.php | 2 +- 4 files changed, 77 insertions(+), 27 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index daf41aa4b..cc209aacf 100755 --- a/include/items.php +++ b/include/items.php @@ -1130,7 +1130,7 @@ function encode_item_xchan($xchan) { function encode_item_terms($terms,$mirror = false) { $ret = array(); - $allowed_export_terms = array( TERM_UNKNOWN, TERM_HASHTAG, TERM_MENTION, TERM_CATEGORY, TERM_BOOKMARK, TERM_COMMUNITYTAG ); + $allowed_export_terms = array( TERM_UNKNOWN, TERM_HASHTAG, TERM_MENTION, TERM_CATEGORY, TERM_BOOKMARK, TERM_COMMUNITYTAG, TERM_FORUM ); if($mirror) { $allowed_export_terms[] = TERM_PCATEGORY; @@ -1178,7 +1178,7 @@ function decode_item_meta($meta) { * @return string */ function termtype($t) { - $types = array('unknown','hashtag','mention','category','private_category','file','search','thing','bookmark', 'hierarchy', 'communitytag'); + $types = array('unknown','hashtag','mention','category','private_category','file','search','thing','bookmark', 'hierarchy', 'communitytag', 'forum'); return(($types[$t]) ? $types[$t] : 'unknown'); } @@ -1227,6 +1227,9 @@ function decode_tags($t) { case 'communitytag': $tag['ttype'] = TERM_COMMUNITYTAG; break; + case 'forum': + $tag['ttype'] = TERM_FORUM; + break; default: case 'unknown': $tag['ttype'] = TERM_UNKNOWN; @@ -2457,7 +2460,7 @@ function tag_deliver($uid, $item_id) { * Now we've got those out of the way. Let's see if this is a post that's tagged for re-delivery */ - $terms = get_terms_oftype($item['term'],TERM_MENTION); + $terms = array_merge(get_terms_oftype($item['term'],TERM_MENTION),get_terms_oftype($item['term'],TERM_FORUM)); if($terms) logger('tag_deliver: post mentions: ' . print_r($terms,true), LOGGER_DATA); @@ -2492,25 +2495,46 @@ function tag_deliver($uid, $item_id) { $plustagged = false; $matches = array(); - $pattern = '/@\!?\[zrl\=' . preg_quote($term['url'],'/') . '\]' . preg_quote($term['term'],'/') . '\[\/zrl\]/'; + $pattern = '/[\!@]\!?\[zrl\=' . preg_quote($term['url'],'/') . '\]' . preg_quote($term['term'],'/') . '\[\/zrl\]/'; if(preg_match($pattern,$body,$matches)) $tagged = true; - $pattern = '/@\!?\[zrl\=([^\]]*?)\]((?:.(?!\[zrl\=))*?)\+\[\/zrl\]/'; + // original red forum tagging sequence @forumname+ + // standard forum tagging sequence !forumname + + $pluspattern = '/@\!?\[zrl\=([^\]]*?)\]((?:.(?!\[zrl\=))*?)\+\[\/zrl\]/'; + + $forumpattern = '/\!\!?\[zrl\=([^\]]*?)\]((?:.(?!\[zrl\=))*?)\[\/zrl\]/'; - // statusnet style group tags - $pattern2 = '/^|[^@]\!\[zrl\=([^\]]*?)\]((?:.(?!\[zrl\=))*?)\+\[\/zrl\]/'; + $found = false; + + $max_forums = get_config('system','max_tagged_forums'); + if(! $max_forums) + $max_forums = 2; + $matched_forums = 0; + $matches = array(); + + if(preg_match_all($pluspattern,$body,$matches,PREG_SET_ORDER)) { + foreach($matches as $match) { + $matched_forums ++; + if($term['url'] === $match[1] && $term['term'] === $match[2]) { + if($matched_forums <= $max_forums) { + $plustagged = true; + $found = true; + break; + } + logger('forum ' . $term['term'] . ' exceeded max_tagged_forums - ignoring'); + } + } + } - if(preg_match_all($pattern,$body,$matches,PREG_SET_ORDER)) { - $max_forums = get_config('system','max_tagged_forums'); - if(! $max_forums) - $max_forums = 2; - $matched_forums = 0; + if(preg_match_all($forumpattern,$body,$matches,PREG_SET_ORDER)) { foreach($matches as $match) { $matched_forums ++; if($term['url'] === $match[1] && $term['term'] === $match[2]) { if($matched_forums <= $max_forums) { $plustagged = true; + $found = true; break; } logger('forum ' . $term['term'] . ' exceeded max_tagged_forums - ignoring'); @@ -2609,7 +2633,8 @@ function tgroup_check($uid,$item) { if(! $u) return false; - $terms = get_terms_oftype($item['term'],TERM_MENTION); + + $terms = array_merge(get_terms_oftype($item['term'],TERM_MENTION),get_terms_oftype($item['term'],TERM_FORUM)); if($terms) logger('tgroup_check: post mentions: ' . print_r($terms,true), LOGGER_DATA); @@ -2640,18 +2665,34 @@ function tgroup_check($uid,$item) { $body = preg_replace('/\[share(.*?)\[\/share\]/','',$body); -// $pattern = '/@\!?\[zrl\=' . preg_quote($term['url'],'/') . '\]' . preg_quote($term['term'] . '+','/') . '\[\/zrl\]/'; - $pattern = '/@\!?\[zrl\=([^\]]*?)\]((?:.(?!\[zrl\=))*?)\+\[\/zrl\]/'; + $pluspattern = '/@\!?\[zrl\=([^\]]*?)\]((?:.(?!\[zrl\=))*?)\+\[\/zrl\]/'; + + $forumpattern = '/\!\!?\[zrl\=([^\]]*?)\]((?:.(?!\[zrl\=))*?)\[\/zrl\]/'; + $found = false; + + $max_forums = get_config('system','max_tagged_forums'); + if(! $max_forums) + $max_forums = 2; + $matched_forums = 0; $matches = array(); - if(preg_match_all($pattern,$body,$matches,PREG_SET_ORDER)) { - $max_forums = get_config('system','max_tagged_forums'); - if(! $max_forums) - $max_forums = 2; - $matched_forums = 0; + if(preg_match_all($pluspattern,$body,$matches,PREG_SET_ORDER)) { + foreach($matches as $match) { + $matched_forums ++; + if($term['url'] === $match[1] && $term['term'] === $match[2]) { + if($matched_forums <= $max_forums) { + $found = true; + break; + } + logger('forum ' . $term['term'] . ' exceeded max_tagged_forums - ignoring'); + } + } + } + + if(preg_match_all($forumpattern,$body,$matches,PREG_SET_ORDER)) { foreach($matches as $match) { $matched_forums ++; if($term['url'] === $match[1] && $term['term'] === $match[2]) { diff --git a/include/taxonomy.php b/include/taxonomy.php index 36e05b008..23acaa24d 100644 --- a/include/taxonomy.php +++ b/include/taxonomy.php @@ -134,6 +134,8 @@ function format_term_for_display($term) { $s = ''; if(($term['ttype'] == TERM_HASHTAG) || ($term['ttype'] == TERM_COMMUNITYTAG)) $s .= '#'; + elseif($term['ttype'] == TERM_FORUM) + $s .= '!'; elseif($term['ttype'] == TERM_MENTION) $s .= '@'; else diff --git a/include/text.php b/include/text.php index 16391bbc9..baac58e50 100644 --- a/include/text.php +++ b/include/text.php @@ -823,7 +823,7 @@ function get_tags($s) { // Otherwise pull out single word tags. These can be @nickname, @first_last // and #hash tags. - if(preg_match_all('/(? Date: Sun, 24 Sep 2017 21:09:21 -0700 Subject: ostatus - support likes of comments --- include/feedutils.php | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'include') diff --git a/include/feedutils.php b/include/feedutils.php index 112e10155..451946114 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -1033,6 +1033,12 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { if(! $datarray['mid']) continue; + $item_parent_mid = q("select parent_mid from item where mid = '%s' and uid = %d limit 1", + dbesc($parent_mid), + intval($importer['channel_id']) + ); + + // This probably isn't an appropriate default but we're about to change it // if it's wrong. @@ -1128,18 +1134,12 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { $datarray['parent_mid'] = $pmid; } } - if(! $pmid) { - $x = q("select parent_mid from item where mid = '%s' and uid = %d limit 1", - dbesc($parent_mid), - intval($importer['channel_id']) - ); - - if($x) { - logger('find_parent: matched in-reply-to: ' . $parent_mid, LOGGER_DEBUG); - $pmid = $x[0]['parent_mid']; - $datarray['parent_mid'] = $pmid; - } + if(($item_parent_mid) && (! $pmid)) { + logger('find_parent: matched in-reply-to: ' . $parent_mid, LOGGER_DEBUG); + $pmid = $item_parent_mid[0]['parent_mid']; + $datarray['parent_mid'] = $pmid; } + if((! $pmid) && $parent_link !== '') { $f = feed_conversation_fetch($importer,$contact,$parent_link); if($f) { @@ -1161,6 +1161,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { ); if($x) { + $item_parent_mid = $x; $pmid = $x[0]['parent_mid']; $datarray['parent_mid'] = $pmid; } @@ -1242,6 +1243,13 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { set_iconfig($datarray,'system','parent_mid',$parent_mid,true); } + + // allow likes of comments + + if($item_parent_mid && activity_match($datarray['verb'],ACTVITY_LIKE)) { + $datarray['thr_parent'] = $item_parent_mid[0]['parent_mid']; + } + $datarray['aid'] = $importer['channel_account_id']; $datarray['uid'] = $importer['channel_id']; -- cgit v1.2.3 From 906a810735597bd94c2f0d6aa12e8670690df110 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 24 Sep 2017 21:20:50 -0700 Subject: server/hub config storage for zot6 --- include/config.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'include') diff --git a/include/config.php b/include/config.php index 0b0e639ab..0be791715 100644 --- a/include/config.php +++ b/include/config.php @@ -126,3 +126,19 @@ function set_iconfig(&$item, $family, $key, $value, $sharing = false) { function del_iconfig(&$item, $family, $key) { return Zlib\IConfig::Delete($item, $family, $key); } + +function load_sconfig($server_id) { + Zlib\SConfig::Load($server_id); +} + +function get_sconfig($server_id, $family, $key, $default = false) { + return Zlib\SConfig::Get($server_id, $family, $key, $default); +} + +function set_sconfig($server_id, $family, $key, $value) { + return Zlib\SConfig::Set($server_id, $family, $key, $value); +} + +function del_sconfig($server_id, $family, $key) { + return Zlib\SConfig::Delete($server_id, $family, $key); +} -- cgit v1.2.3 From 741af8c1644a16f1ec44064090013953232bdce9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 24 Sep 2017 22:41:14 -0700 Subject: extend activity_match to work with arrays --- include/text.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index baac58e50..bd802b2c1 100644 --- a/include/text.php +++ b/include/text.php @@ -761,9 +761,17 @@ function profiler($t1,$t2,$label) { function activity_match($haystack,$needle) { - if(($haystack === $needle) || ((basename($needle) === $haystack) && strstr($needle,NAMESPACE_ACTIVITY_SCHEMA))) - return true; + if(! is_array($needle)) + $needle = [ $needle ]; + + if($needle) { + foreach($needle as $n) { + if(($haystack === $n) || (strtolower(basename($n)) === strtolower(basename($haystack)))) { + return true; + } + } + } return false; } -- cgit v1.2.3 From 66334374af2a19fb76383028975724b9eda03cf2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 25 Sep 2017 17:30:33 -0700 Subject: zot_site_info - always sign the site block with the site private key --- include/zot.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 1a9692ae9..a9ec95baa 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4183,7 +4183,7 @@ function zotinfo($arr) { if($x) $ret['locations'] = $x; - $ret['site'] = zot_site_info($e); + $ret['site'] = zot_site_info(); check_zotinfo($e,$x,$ret); @@ -4195,10 +4195,10 @@ function zotinfo($arr) { } -function zot_site_info($channel = null) { +function zot_site_info() { - $signing_key = (($channel) ? $channel['channel_prvkey'] : get_config('system','prvkey')); - $sig_method = get_config('system','signature_algorithm','sha256'); + $signing_key = get_config('system','prvkey'); + $sig_method = get_config('system','signature_algorithm','sha256'); $ret = []; $ret['site'] = []; -- cgit v1.2.3 From d91a82430ad4ea9def4f0c033df4be34cb26d42e Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 25 Sep 2017 20:11:21 -0700 Subject: more zot6 basic stuff --- include/zot.php | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index a9ec95baa..af7fbf8fd 100644 --- a/include/zot.php +++ b/include/zot.php @@ -124,7 +124,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot 'sitekey' => get_config('system','pubkey') ], 'callback' => '/post', - 'version' => ZOT_REVISION, + 'version' => Zotlabs\Lib\System::get_zot_revision(), 'encryption' => crypto_methods(), 'signing' => signing_methods() ]; @@ -2894,8 +2894,9 @@ function import_site($arr, $pubkey) { $site_flags = $site_directory; - if(array_key_exists('zot',$arr) && ((float) $arr['zot']) >= 6.0) - $site_flags = ($site_flags & ZOT6_COMPLIANT); + if(array_key_exists('zot',$arr)) { + set_sconfig($arr['url'],'system','zot_version',$arr['zot']); + } if($exists) { if(($siterecord['site_flags'] != $site_flags) @@ -4225,12 +4226,7 @@ function zot_site_info() { $ret['site']['encryption'] = crypto_methods(); $ret['site']['signing'] = signing_methods(); - if(function_exists('zotvi_load')) { - $ret['site']['zot'] = '6.0'; - } - else { - $ret['site']['zot'] = ZOT_REVISION; - } + $ret['site']['zot'] = Zotlabs\Lib\System::get_zot_revision(); // hide detailed site information if you're off the grid -- cgit v1.2.3 From 617f2863c47ba306e8d866ea76f7120ae4465427 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 27 Sep 2017 21:13:53 -0700 Subject: process activity deletes from OStatus which for whatever reason do not use the industry standard tombstone mechanism --- include/feedutils.php | 95 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 58 insertions(+), 37 deletions(-) (limited to 'include') diff --git a/include/feedutils.php b/include/feedutils.php index 451946114..217da8188 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -900,6 +900,41 @@ function encode_rel_links($links) { return $o; } + +function process_feed_tombstones($feed,$importer,$contact,$pass) { + + $arr_deleted = []; + + $del_entries = $feed->get_feed_tags(NAMESPACE_TOMB, 'deleted-entry'); + if(is_array($del_entries) && count($del_entries) && $pass != 2) { + foreach($del_entries as $dentry) { + if(isset($dentry['attribs']['']['ref'])) { + $arr_deleted[] = normalise_id($dentry['attribs']['']['ref']); + } + } + } + + if($arr_deleted && is_array($contact)) { + foreach($arr_deleted as $mid) { + $r = q("SELECT * from item where mid = '%s' and author_xchan = '%s' and uid = %d limit 1", + dbesc($mid), + dbesc($contact['xchan_hash']), + intval($importer['channel_id']) + ); + + if($r) { + $item = $r[0]; + + if(! intval($item['item_deleted'])) { + logger('deleting item ' . $item['id'] . ' mid=' . $item['mid'], LOGGER_DEBUG); + drop_item($item['id'],false); + } + } + } + } +} + + /** * @brief Process atom feed and update anything/everything we might need to update. * @@ -955,43 +990,11 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { $permalink = $feed->get_permalink(); - // Check at the feed level for updated contact name and/or photo - - // process any deleted entries - - $del_entries = $feed->get_feed_tags(NAMESPACE_TOMB, 'deleted-entry'); - if(is_array($del_entries) && count($del_entries) && $pass != 2) { - foreach($del_entries as $dentry) { - $deleted = false; - if(isset($dentry['attribs']['']['ref'])) { - $mid = normalise_id($dentry['attribs']['']['ref']); - $deleted = true; - if(isset($dentry['attribs']['']['when'])) { - $when = $dentry['attribs']['']['when']; - $when = datetime_convert('UTC','UTC', $when, 'Y-m-d H:i:s'); - } - else - $when = datetime_convert('UTC','UTC','now','Y-m-d H:i:s'); - } - if($deleted && is_array($contact)) { - $r = q("SELECT * from item where mid = '%s' and author_xchan = '%s' and uid = %d limit 1", - dbesc($mid), - dbesc($contact['xchan_hash']), - intval($importer['channel_id']) - ); + // Check at the feed level for tombstones - if($r) { - $item = $r[0]; + process_feed_tombstones($feed,$importer,$contact,$pass); - if(! intval($item['item_deleted'])) { - logger('deleting item ' . $item['id'] . ' mid=' . $item['mid'], LOGGER_DEBUG); - drop_item($item['id'],false); - } - } - } - } - } // Now process the feed @@ -1033,6 +1036,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { if(! $datarray['mid']) continue; + $item_parent_mid = q("select parent_mid from item where mid = '%s' and uid = %d limit 1", dbesc($parent_mid), intval($importer['channel_id']) @@ -1090,7 +1094,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { $datarray['owner_xchan'] = $contact['xchan_hash']; - $r = q("SELECT id, edited FROM item WHERE mid = '%s' AND uid = %d LIMIT 1", + $r = q("SELECT id, edited, author_xchan, item_deleted FROM item WHERE mid = '%s' AND uid = %d LIMIT 1", dbesc($datarray['mid']), intval($importer['channel_id']) ); @@ -1099,6 +1103,15 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { // Update content if 'updated' changes if($r) { + if(activity_match($datarray['verb'],ACTIVITY_DELETE) + && $datarray['author_xchan'] === $r[0]['author_xchan']) { + if(! intval($r[0]['item_deleted'])) { + logger('deleting item ' . $r[0]['id'] . ' mid=' . $datarray['mid'], LOGGER_DEBUG); + drop_item($r[0]['id'],false); + } + continue; + } + if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) { @@ -1343,8 +1356,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { } } - - $r = q("SELECT id, edited FROM item WHERE mid = '%s' AND uid = %d LIMIT 1", + $r = q("SELECT id, edited, author_xchan, item_deleted FROM item WHERE mid = '%s' AND uid = %d LIMIT 1", dbesc($datarray['mid']), intval($importer['channel_id']) ); @@ -1352,6 +1364,15 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { // Update content if 'updated' changes if($r) { + if(activity_match($datarray['verb'],ACTIVITY_DELETE) + && $datarray['author_xchan'] === $r[0]['author_xchan']) { + if(! intval($r[0]['item_deleted'])) { + logger('deleting item ' . $r[0]['id'] . ' mid=' . $datarray['mid'], LOGGER_DEBUG); + drop_item($r[0]['id'],false); + } + continue; + } + if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) { -- cgit v1.2.3 From ea4d1b5101022f928336a20f193f8f73adb4d5a7 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 30 Sep 2017 15:17:47 -0700 Subject: use imagick converter for large photos --- include/photos.php | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 77 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/photos.php b/include/photos.php index c7c8fc0a4..5de68f162 100644 --- a/include/photos.php +++ b/include/photos.php @@ -66,7 +66,19 @@ function photo_upload($channel, $observer, $args) { $os_storage = 0; if($args['os_syspath'] && $args['getimagesize']) { - $imagedata = @file_get_contents($args['os_syspath']); + if($args['getimagesize'][0] > 1600 || $args['getimagesize'][1] > 1600) { + $imagick_path = get_config('system','imagick_convert_path'); + if($imagick_path && @file_exists($imagick_path)) { + $tmp_name = $args['os_syspath'] . '-001'; + $newsize = photo_calculate_1600_scale($args['getimagesize']); + exec($imagick_path . ' ' . $args['os_syspath'] . ' -resize ' . $newsize . '^ ' . $tmp_name); + $imagedata = @file_get_contents($tmp_name); + @unlink($tmp_name); + } + } + else { + $imagedata = @file_get_contents($args['os_syspath']); + } $filename = $args['filename']; $filesize = strlen($imagedata); // this is going to be deleted if it exists @@ -122,7 +134,6 @@ function photo_upload($channel, $observer, $args) { } logger('photo_upload: loading the contents of ' . $src , LOGGER_DEBUG); - $imagedata = @file_get_contents($src); } @@ -428,6 +439,70 @@ function photo_upload($channel, $observer, $args) { return $ret; } + +function photo_calculate_1600_scale($arr) { + + $max = 1600; + $width = $arr[0]; + $height = $arr[1]; + + $dest_width = $dest_height = 0; + + if((! $width)|| (! $height)) + return FALSE; + + if($width > $max && $height > $max) { + + // very tall image (greater than 16:9) + // constrain the width - let the height float. + + if((($height * 9) / 16) > $width) { + $dest_width = $max; + $dest_height = intval(( $height * $max ) / $width); + } + + // else constrain both dimensions + + elseif($width > $height) { + $dest_width = $max; + $dest_height = intval(( $height * $max ) / $width); + } + else { + $dest_width = intval(( $width * $max ) / $height); + $dest_height = $max; + } + } + else { + if( $width > $max ) { + $dest_width = $max; + $dest_height = intval(( $height * $max ) / $width); + } + else { + if( $height > $max ) { + // very tall image (greater than 16:9) + // but width is OK - don't do anything + + if((($height * 9) / 16) > $width) { + $dest_width = $width; + $dest_height = $height; + } + else { + $dest_width = intval(( $width * $max ) / $height); + $dest_height = $max; + } + } + else { + $dest_width = $width; + $dest_height = $height; + } + } + } + + return $dest_width . 'x' . $dest_height; + +} + + /** * @brief Returns a list with all photo albums observer is allowed to see. * -- cgit v1.2.3 From 66511d8f078cebdbad34bf1b40097159c2335bf4 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Tue, 3 Oct 2017 10:53:08 +0200 Subject: move common connections widget to left aside --- include/contact_widgets.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/contact_widgets.php b/include/contact_widgets.php index e5bb696f8..a13f87573 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -143,7 +143,7 @@ function cardcategories_widget($baseurl,$selected = '') { -function common_friends_visitor_widget($profile_uid,$cnt = 10) { +function common_friends_visitor_widget($profile_uid,$cnt = 25) { if(local_channel() == $profile_uid) return; @@ -161,14 +161,14 @@ function common_friends_visitor_widget($profile_uid,$cnt = 10) { return; $r = common_friends($profile_uid,$observer_hash,0,$cnt,true); - + return replace_macros(get_markup_template('remote_friends_common.tpl'), array( - '$desc' => sprintf( t('Common connections: %d'), $t), + '$desc' => t('Common Connections'), '$base' => z_root(), '$uid' => $profile_uid, '$cid' => $observer, '$linkmore' => (($t > $cnt) ? 'true' : ''), - '$more' => t('show more'), + '$more' => sprintf( t('View all %d common connections'), $t), '$items' => $r )); -- cgit v1.2.3 From 9cf9217686841bfceb7e2c03b10da88f006f4a5f Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 3 Oct 2017 15:27:26 -0700 Subject: don't use chanlink_url() for feed mentions --- include/items.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index cc209aacf..dd8b394d3 100755 --- a/include/items.php +++ b/include/items.php @@ -4133,7 +4133,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C //$third = dba_timer(); - $items = fetch_post_tags($items,true); + $items = fetch_post_tags($items,false); //$fourth = dba_timer(); -- cgit v1.2.3 From 58155864cb7318321e70025ce67ca4453efee489 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 3 Oct 2017 15:36:56 -0700 Subject: urlencode hashes from mod_acl --- include/text.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index bd802b2c1..80914747b 100644 --- a/include/text.php +++ b/include/text.php @@ -2412,7 +2412,7 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d } if(! $replaced) { - //base tag has the tags name only + // base tag has the tags name only if((substr($tag,0,7) === '#"') && (substr($tag,-6,6) === '"')) { $basetag = substr($tag,7); -- cgit v1.2.3 From 7fb02752de4e3ee62d84eaf30bcb4c155ebabf30 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 3 Oct 2017 17:03:24 -0700 Subject: hubzilla issue #868 --- include/photo/photo_driver.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'include') diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 17ca81419..3b6beabf5 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -518,6 +518,27 @@ function guess_image_type($filename, $headers = '') { } + +function delete_thing_photo($url,$ob_hash) { + + $hash = basename($url); + $hash = substr($hash,0,strpos($hash,'-')); + + // hashes should be 32 bytes. + + if(strlen($hash) < 16) + return; + + $r = q("delete from photo where xchan = '%s' and photo_usage = %d and resource_id = '%s'", + dbesc($ob_hash), + intval(PHOTO_THING), + dbesc($hash) + ); + +} + + + function import_xchan_photo($photo,$xchan,$thing = false) { $flags = (($thing) ? PHOTO_THING : PHOTO_XCHAN); -- cgit v1.2.3 From d6b1eff70ef579036f706fde6c2ecfd8152317cb Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 3 Oct 2017 17:05:32 -0700 Subject: ensure we have an observer hash --- include/photo/photo_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 3b6beabf5..5eb1f9113 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -526,7 +526,7 @@ function delete_thing_photo($url,$ob_hash) { // hashes should be 32 bytes. - if(strlen($hash) < 16) + if((! $ob_hash) || (strlen($hash) < 16)) return; $r = q("delete from photo where xchan = '%s' and photo_usage = %d and resource_id = '%s'", -- cgit v1.2.3 From 295ed07d40ea330ef438d9cad8fe3af8fd265507 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 4 Oct 2017 13:37:17 +0200 Subject: bring back notifications for account approvals --- include/nav.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 01decb2bf..eccb89764 100644 --- a/include/nav.php +++ b/include/nav.php @@ -180,6 +180,8 @@ EOT; $nav['intros'] = array('connections/ifpending', t('Connections'), "", t('Connections'),'connections_nav_btn'); + if(is_site_admin()) + $nav['registrations'] = array('admin/accounts', t('Registrations'), "", t('Registrations'),'registrations_nav_btn'); $nav['notifications'] = array('notifications/system', t('Notices'), "", t('Notifications'),'notifications_nav_btn'); -- cgit v1.2.3 From a0eb62852606ef0362d3ed07e4bd50aeb5b6f73c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 5 Oct 2017 16:59:33 -0700 Subject: Experimental alternate channel_menu navigation. To use, "util/config system.channel_menu 1" --- include/channel.php | 1 - include/nav.php | 5 ++++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index fef933ba7..488bdeef0 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1373,7 +1373,6 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa ? trim(substr($profile['channel_name'],0,strpos($profile['channel_name'],' '))) : $profile['channel_name']); $lastname = (($firstname === $profile['channel_name']) ? '' : trim(substr($profile['channel_name'],strlen($firstname)))); - // @fixme move this to the diaspora plugin itself $contact_block = contact_block(); diff --git a/include/nav.php b/include/nav.php index eccb89764..b51a03c4f 100644 --- a/include/nav.php +++ b/include/nav.php @@ -280,6 +280,8 @@ EOT; '$help' => t('@name, #tag, ?doc, content'), '$pleasewait' => t('Please wait...'), '$nav_apps' => $nav_apps, + '$channel_menu' => get_config('system','channel_menu'), + '$channel_thumb' => ((App::$profile) ? App::$profile['thumb'] : ''), '$channel_apps' => $channel_apps, '$addapps' => t('Add Apps'), '$orderapps' => t('Arrange Apps'), @@ -481,7 +483,8 @@ function channel_apps($is_owner = false, $nickname = null) { [ '$tabs' => $arr['tabs'], '$name' => App::$profile['channel_name'], - '$thumb' => App::$profile['thumb'] + '$thumb' => App::$profile['thumb'], + '$channel_menu' => get_config('system','channel_menu') ] ); } -- cgit v1.2.3 From a6835f4e714b0648717672767aa32625b72dfc47 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 5 Oct 2017 23:01:42 -0700 Subject: changes to encryption encapsulation for zot6 (backward compatible) --- include/crypto.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include') diff --git a/include/crypto.php b/include/crypto.php index 6ac3fd732..622add4dc 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -148,6 +148,7 @@ function other_encapsulate($data,$pubkey,$alg) { // compromised by state actors and evidence is mounting that this has // already happened. + $result = [ 'encrypted' => true ]; $key = openssl_random_pseudo_bytes(256); $iv = openssl_random_pseudo_bytes(256); $result['data'] = base64url_encode($fn($data,$key,$iv),true); @@ -200,6 +201,9 @@ function aes_encapsulate($data,$pubkey) { logger('aes_encapsulate: no key. data: ' . $data); $key = openssl_random_pseudo_bytes(32); $iv = openssl_random_pseudo_bytes(16); + + $result = [ 'encrypted' => true ]; + $result['data'] = base64url_encode(AES256CBC_encrypt($data,$key,$iv),true); // log the offending call so we can track it down if(! openssl_public_encrypt($key,$k,$pubkey)) { -- cgit v1.2.3 From f427b4a325e3db897afc33a09fb04d9af765a53f Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Fri, 6 Oct 2017 16:46:27 +0200 Subject: introduce public stream notifications --- include/nav.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index b51a03c4f..441a198fa 100644 --- a/include/nav.php +++ b/include/nav.php @@ -211,7 +211,9 @@ EOT; } if(! get_config('system', 'disable_discover_tab')) { - $nav['pubs'] = array('pubstream', t('Public stream'), "", t('Public stream activities'),'pubs_nav_btn'); + $nav['pubs'] = array('pubstream', t('Public stream'), "", t('Public stream activity'),'pubs_nav_btn'); + $nav['pubs']['all'] = [ 'pubstream', t('View your public stream'), '','' ]; + $nav['pubs']['mark'] = array('', t('Mark all public stream items seen'), '',''); } /** -- cgit v1.2.3 From e15307747fb3adfb2b0b35fef192bdfb5a9e489f Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Fri, 6 Oct 2017 16:48:25 +0200 Subject: it is not your public stream -> just public stream --- include/nav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 441a198fa..264e64f20 100644 --- a/include/nav.php +++ b/include/nav.php @@ -212,7 +212,7 @@ EOT; if(! get_config('system', 'disable_discover_tab')) { $nav['pubs'] = array('pubstream', t('Public stream'), "", t('Public stream activity'),'pubs_nav_btn'); - $nav['pubs']['all'] = [ 'pubstream', t('View your public stream'), '','' ]; + $nav['pubs']['all'] = [ 'pubstream', t('View public stream'), '','' ]; $nav['pubs']['mark'] = array('', t('Mark all public stream items seen'), '',''); } -- cgit v1.2.3 From 991db280be4c3cbbff4fb1e4dae8f303a487ed3f Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sun, 8 Oct 2017 17:19:29 +0200 Subject: experimental new notifications - needs pconfig experimental_notif set to 1 for your channel to work. --- include/nav.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 264e64f20..6b56c9aee 100644 --- a/include/nav.php +++ b/include/nav.php @@ -62,10 +62,12 @@ EOT; if($banner === false) $banner = get_config('system','sitename'); - //the notifications template is in hdr.tpl - App::$page['header'] .= replace_macros(get_markup_template('hdr.tpl'), array( - //we could additionally use this to display important system notifications e.g. for updates - )); + if(! get_pconfig(local_channel(), 'system', 'experimental_notif')) { + //the notifications template is in hdr.tpl + App::$page['header'] .= replace_macros(get_markup_template('hdr.tpl'), array( + //we could additionally use this to display important system notifications e.g. for updates + )); + } $techlevel = get_account_techlevel(); @@ -269,6 +271,7 @@ EOT; App::$page['nav'] .= replace_macros($tpl, array( '$baseurl' => z_root(), + '$experimental_notif' => get_pconfig(local_channel(), 'system', 'experimental_notif'), '$fulldocs' => t('Help'), '$sitelocation' => $sitelocation, '$nav' => $x['nav'], @@ -287,7 +290,8 @@ EOT; '$channel_apps' => $channel_apps, '$addapps' => t('Add Apps'), '$orderapps' => t('Arrange Apps'), - '$sysapps_toggle' => t('Toggle System Apps') + '$sysapps_toggle' => t('Toggle System Apps'), + '$loc' => $myident )); if(x($_SESSION, 'reload_avatar') && $observer) { -- cgit v1.2.3 From 4011dd18f01d275620b13815573e359c77664e3a Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 8 Oct 2017 16:48:24 -0700 Subject: alternate navbar layouts --- include/nav.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 6b56c9aee..622717347 100644 --- a/include/nav.php +++ b/include/nav.php @@ -6,7 +6,7 @@ require_once('include/security.php'); require_once('include/menu.php'); -function nav() { +function nav($template = 'nav') { /** * @@ -267,7 +267,16 @@ EOT; $nav_apps[] = Zlib\Apps::app_render($app,'nav'); } - $tpl = get_markup_template('nav.tpl'); + $c = theme_include('navbar_' . $template . '.css'); + $tpl = get_markup_template('navbar_' . $template . '.tpl'); + + if($c && $tpl) { + head_add_css('navbar_' . $template . '.css'); + } + + if(! $tpl) { + $tpl = get_markup_template('nav.tpl'); + } App::$page['nav'] .= replace_macros($tpl, array( '$baseurl' => z_root(), @@ -490,7 +499,6 @@ function channel_apps($is_owner = false, $nickname = null) { '$tabs' => $arr['tabs'], '$name' => App::$profile['channel_name'], '$thumb' => App::$profile['thumb'], - '$channel_menu' => get_config('system','channel_menu') ] ); } -- cgit v1.2.3 From 23812e5b48b7a4d4f0c275c0fbb3d244a582397c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 8 Oct 2017 19:43:03 -0700 Subject: ability to pin apps to the navbar when using named navbars --- include/nav.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 622717347..588104eda 100644 --- a/include/nav.php +++ b/include/nav.php @@ -261,10 +261,18 @@ EOT; if(\App::$nav_sel['active'] == $app['name']) $app['active'] = true; - if($is_owner) + if($is_owner) { $nav_apps[] = Zlib\Apps::app_render($app,'nav'); - elseif(! $is_owner && strpos($app['requires'], 'local_channel') === false) + if(strpos($app['categories'],'navbar_' . $template)) { + $navbar_apps[] = Zlib\Apps::app_render($app,'navbar'); + } + } + elseif(! $is_owner && strpos($app['requires'], 'local_channel') === false) { $nav_apps[] = Zlib\Apps::app_render($app,'nav'); + if(strpos($app['categories'],'navbar_' . $template)) { + $navbar_apps[] = Zlib\Apps::app_render($app,'navbar'); + } + } } $c = theme_include('navbar_' . $template . '.css'); @@ -294,6 +302,7 @@ EOT; '$help' => t('@name, #tag, ?doc, content'), '$pleasewait' => t('Please wait...'), '$nav_apps' => $nav_apps, + '$navbar_apps' => $navbar_apps, '$channel_menu' => get_config('system','channel_menu'), '$channel_thumb' => ((App::$profile) ? App::$profile['thumb'] : ''), '$channel_apps' => $channel_apps, -- cgit v1.2.3 From f99c007187b83755d7b1c80c63fde7c1162a99c4 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 9 Oct 2017 17:49:15 +0200 Subject: new notification changes - use sticky_kit instead of position fixed --- include/nav.php | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 6b56c9aee..28ca54d07 100644 --- a/include/nav.php +++ b/include/nav.php @@ -103,12 +103,12 @@ EOT; $nav['logout'] = ['logout',t('Logout'), "", t('End this session'),'logout_nav_btn']; // user menu - $nav['usermenu'][] = ['profile/' . $channel['channel_address'], t('View Profile'), ((\App::$nav_sel['active'] == 'Profile') ? 'active' : ''), t('Your profile page'),'profile_nav_btn']; + $nav['usermenu'][] = ['profile/' . $channel['channel_address'], t('View Profile'), ((\App::$nav_sel['name'] == 'Profile') ? 'active' : ''), t('Your profile page'),'profile_nav_btn']; if(feature_enabled(local_channel(),'multi_profiles')) - $nav['usermenu'][] = ['profiles', t('Edit Profiles'), ((\App::$nav_sel['active'] == 'Profiles') ? 'active' : '') , t('Manage/Edit profiles'),'profiles_nav_btn']; + $nav['usermenu'][] = ['profiles', t('Edit Profiles'), ((\App::$nav_sel['name'] == 'Profiles') ? 'active' : '') , t('Manage/Edit profiles'),'profiles_nav_btn']; else - $nav['usermenu'][] = ['profiles/' . $prof[0]['id'], t('Edit Profile'), ((\App::$nav_sel['active'] == 'Profiles') ? 'active' : ''), t('Edit your profile'),'profiles_nav_btn']; + $nav['usermenu'][] = ['profiles/' . $prof[0]['id'], t('Edit Profile'), ((\App::$nav_sel['name'] == 'Profiles') ? 'active' : ''), t('Edit your profile'),'profiles_nav_btn']; } else { @@ -258,7 +258,7 @@ EOT; $syslist = Zlib\Apps::app_order(local_channel(),$syslist); foreach($syslist as $app) { - if(\App::$nav_sel['active'] == $app['name']) + if(\App::$nav_sel['name'] == $app['name']) $app['active'] = true; if($is_owner) @@ -291,7 +291,8 @@ EOT; '$addapps' => t('Add Apps'), '$orderapps' => t('Arrange Apps'), '$sysapps_toggle' => t('Toggle System Apps'), - '$loc' => $myident + '$loc' => $myident, + '$url' => ((App::$nav_sel['url']) ? App::$nav_sel['url'] : App::$cmd) )); if(x($_SESSION, 'reload_avatar') && $observer) { @@ -314,7 +315,13 @@ EOT; * */ function nav_set_selected($item){ - App::$nav_sel['active'] = $item; + if(is_array($item)) { + App::$nav_sel['name'] = $item['name']; + App::$nav_sel['url'] = $item['url']; + } + else { + App::$nav_sel['name'] = $item; + } } -- cgit v1.2.3 From cc1ffff7cdfe5881636b6d2de3fe16f0094b5d69 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 9 Oct 2017 21:22:57 +0200 Subject: feed untranslated appnames to nav_set_selected() and query for the active app directly to get app details --- include/nav.php | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 8736133de..3da67ffd1 100644 --- a/include/nav.php +++ b/include/nav.php @@ -233,6 +233,15 @@ EOT; // turned off until somebody discovers this and figures out a good location for it. $powered_by = ''; + $active_app = q("SELECT app_url FROM app WHERE app_channel = %d AND app_name = '%s' LIMIT 1", + intval($channel['channel_id']), + dbesc(\App::$nav_sel['raw_name']) + ); + + if($active_app) { + $url = $active_app[0]['app_url']; + } + //app bin if($is_owner) { if(get_pconfig(local_channel(), 'system','initial_import_system_apps') === false) { @@ -297,7 +306,7 @@ EOT; '$userinfo' => $x['usermenu'], '$localuser' => local_channel(), '$is_owner' => $is_owner, - '$sel' => App::$nav_sel, + '$sel' => App::$nav_sel, '$powered_by' => $powered_by, '$help' => t('@name, #tag, ?doc, content'), '$pleasewait' => t('Please wait...'), @@ -309,8 +318,7 @@ EOT; '$addapps' => t('Add Apps'), '$orderapps' => t('Arrange Apps'), '$sysapps_toggle' => t('Toggle System Apps'), - '$loc' => $myident, - '$url' => ((App::$nav_sel['url']) ? App::$nav_sel['url'] : App::$cmd) + '$url' => $url )); if(x($_SESSION, 'reload_avatar') && $observer) { @@ -333,13 +341,10 @@ EOT; * */ function nav_set_selected($item){ - if(is_array($item)) { - App::$nav_sel['name'] = $item['name']; - App::$nav_sel['url'] = $item['url']; - } - else { - App::$nav_sel['name'] = $item; - } + App::$nav_sel['raw_name'] = $item; + $item = ['name' => $item]; + Zlib\Apps::translate_system_apps($item); + App::$nav_sel['name'] = $item['name']; } -- cgit v1.2.3 From 623dfa13845e34c85eae2a66c6aa855c3e059c38 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 9 Oct 2017 15:13:25 -0700 Subject: purify user-supplied filenames in some cases. Probably not needed but it's the right thing to do. --- include/nav.php | 4 ++-- include/text.php | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 588104eda..718e7befa 100644 --- a/include/nav.php +++ b/include/nav.php @@ -275,8 +275,8 @@ EOT; } } - $c = theme_include('navbar_' . $template . '.css'); - $tpl = get_markup_template('navbar_' . $template . '.tpl'); + $c = theme_include('navbar_' . purify_filename($template) . '.css'); + $tpl = get_markup_template('navbar_' . purify_filename($template) . '.tpl'); if($c && $tpl) { head_add_css('navbar_' . $template . '.css'); diff --git a/include/text.php b/include/text.php index 80914747b..8a65be0d5 100644 --- a/include/text.php +++ b/include/text.php @@ -3156,3 +3156,9 @@ function ellipsify($s,$maxlen) { return mb_substr($s,0,$maxlen / 2) . '...' . mb_substr($s,mb_strlen($s) - ($maxlen / 2)); } + +function purify_filename($s) { + if(($s[0] === '.') || strpos($s,'/') !== false) + return ''; + return $s; +} -- cgit v1.2.3 From e6f1fb3d954fc1354581a93509f8f64662aef2b5 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Tue, 10 Oct 2017 16:51:35 +0200 Subject: remove notifications code from nav and go live with new notifications --- include/nav.php | 71 +++++++++++---------------------------------------------- 1 file changed, 13 insertions(+), 58 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 44026e1e9..b5f713145 100644 --- a/include/nav.php +++ b/include/nav.php @@ -62,12 +62,9 @@ EOT; if($banner === false) $banner = get_config('system','sitename'); - if(! get_pconfig(local_channel(), 'system', 'experimental_notif')) { - //the notifications template is in hdr.tpl - App::$page['header'] .= replace_macros(get_markup_template('hdr.tpl'), array( - //we could additionally use this to display important system notifications e.g. for updates - )); - } + App::$page['header'] .= replace_macros(get_markup_template('hdr.tpl'), array( + //we could additionally use this to display important system notifications e.g. for updates + )); $techlevel = get_account_techlevel(); @@ -94,8 +91,6 @@ EOT; $nav['loginmenu'][] = Array('rmagic',t('Remote authentication'),'',t('Click to authenticate to your home hub'),'rmagic_nav_btn'); } - - if(local_channel()) { if($chans && count($chans) > 1 && feature_enabled(local_channel(),'nav_channel_select')) $nav['channels'] = $chans; @@ -171,51 +166,10 @@ EOT; */ if(local_channel()) { - - $nav['network'] = array('network', t('Activity'), "", t('Network Activity'),'network_nav_btn'); - $nav['network']['all'] = [ 'network', t('View your network activity'), '','' ]; - $nav['network']['mark'] = array('', t('Mark all activity notifications seen'), '',''); - - $nav['home'] = array('channel/' . $channel['channel_address'], t('Channel Home'), "", t('Channel home'),'home_nav_btn'); - $nav['home']['all'] = [ 'channel/' . $channel['channel_address'], t('View your channel home'), '' , '' ]; - $nav['home']['mark'] = array('', t('Mark all channel notifications seen'), '',''); - - - $nav['intros'] = array('connections/ifpending', t('Connections'), "", t('Connections'),'connections_nav_btn'); - if(is_site_admin()) - $nav['registrations'] = array('admin/accounts', t('Registrations'), "", t('Registrations'),'registrations_nav_btn'); - - - $nav['notifications'] = array('notifications/system', t('Notices'), "", t('Notifications'),'notifications_nav_btn'); - $nav['notifications']['all']=array('notifications/system', t('View all notifications'), "", ""); - $nav['notifications']['mark'] = array('', t('Mark all system notifications seen'), '',''); - - $nav['messages'] = array('mail/combined', t('Mail'), "", t('Private mail'),'mail_nav_btn'); - $nav['messages']['all']=array('mail/combined', t('View your private messages'), "", ""); - $nav['messages']['mark'] = array('', t('Mark all private messages seen'), '',''); - $nav['messages']['inbox'] = array('mail/inbox', t('Inbox'), "", t('Inbox')); - $nav['messages']['outbox']= array('mail/outbox', t('Outbox'), "", t('Outbox')); - $nav['messages']['new'] = array('mail/new', t('New Message'), "", t('New Message')); - - - $nav['all_events'] = array('events', t('Events'), "", t('Event Calendar'),'events_nav_btn'); - $nav['all_events']['all']=array('events', t('View events'), "", ""); - $nav['all_events']['mark'] = array('', t('Mark all events seen'), '',''); - if(! $_SESSION['delegate']) { $nav['manage'] = array('manage', t('Channel Manager'), "", t('Manage Your Channels'),'manage_nav_btn'); } - $nav['settings'] = array('settings', t('Settings'),"", t('Account/Channel Settings'),'settings_nav_btn'); - - $nav['files'] = array('sharedwithme', t('Shared Files'), "", t('New files shared with me'),'files_nav_btn'); - - } - - if(! get_config('system', 'disable_discover_tab')) { - $nav['pubs'] = array('pubstream', t('Public stream'), "", t('Public stream activity'),'pubs_nav_btn'); - $nav['pubs']['all'] = [ 'pubstream', t('View public stream'), '','' ]; - $nav['pubs']['mark'] = array('', t('Mark all public stream items seen'), '',''); } /** @@ -233,13 +187,15 @@ EOT; // turned off until somebody discovers this and figures out a good location for it. $powered_by = ''; - $active_app = q("SELECT app_url FROM app WHERE app_channel = %d AND app_name = '%s' LIMIT 1", - intval($channel['channel_id']), - dbesc(\App::$nav_sel['raw_name']) - ); - - if($active_app) { - $url = $active_app[0]['app_url']; + if(App::$profile_uid && App::$nav_sel['raw_name']) { + $active_app = q("SELECT app_url FROM app WHERE app_channel = %d AND app_name = '%s' LIMIT 1", + intval(App::$profile_uid), + dbesc(App::$nav_sel['raw_name']) + ); + + if($active_app) { + $url = $active_app[0]['app_url']; + } } //app bin @@ -297,7 +253,6 @@ EOT; App::$page['nav'] .= replace_macros($tpl, array( '$baseurl' => z_root(), - '$experimental_notif' => get_pconfig(local_channel(), 'system', 'experimental_notif'), '$fulldocs' => t('Help'), '$sitelocation' => $sitelocation, '$nav' => $x['nav'], @@ -318,7 +273,7 @@ EOT; '$addapps' => t('Add Apps'), '$orderapps' => t('Arrange Apps'), '$sysapps_toggle' => t('Toggle System Apps'), - '$url' => $url + '$url' => (($url) ? $url : App::$cmd) )); if(x($_SESSION, 'reload_avatar') && $observer) { -- cgit v1.2.3 From 69394c1680cc72b5c4b43c8d321a5348ca75be35 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 10 Oct 2017 18:40:02 -0700 Subject: re-implement single delivery --- include/import.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'include') diff --git a/include/import.php b/include/import.php index 4d38c8061..702fa7e54 100644 --- a/include/import.php +++ b/include/import.php @@ -644,6 +644,12 @@ function import_items($channel, $items, $sync = false, $relocate = null) { fix_attached_file_permissions($channel,$item['author_xchan'],$item['body'],$item['allow_cid'],$item['allow_gid'],$item['deny_cid'],$item['deny_gid']); + if($sync && $item['item_wall']) { + // deliver singletons if we have any + if($item_result && $item_result['success']) { + Zotlabs\Daemon\Master::Summon( [ 'Notifier','single_activity',$item_result['item_id'] ]); + } + } } } } @@ -1017,6 +1023,9 @@ function import_mail($channel, $mails, $sync = false) { $m['aid'] = $channel['channel_account_id']; $m['uid'] = $channel['channel_id']; $mail_id = mail_store($m); + if($sync && $mail_id) { + Zotlabs\Daemon\Master::Summon(array('Notifier','single_mail',$mail_id)); + } } } } -- cgit v1.2.3 From 09b4660c7d8d15cf2419202116199a725c7c109c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 10 Oct 2017 18:50:01 -0700 Subject: rename view/tpl/nav.tpl to navbar_default.tpl so that all navbar selection code is consistent --- include/nav.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index b5f713145..0d554fc84 100644 --- a/include/nav.php +++ b/include/nav.php @@ -6,7 +6,7 @@ require_once('include/security.php'); require_once('include/menu.php'); -function nav($template = 'nav') { +function nav($template = 'default') { /** * @@ -248,7 +248,7 @@ EOT; } if(! $tpl) { - $tpl = get_markup_template('nav.tpl'); + $tpl = get_markup_template('navbar_default.tpl'); } App::$page['nav'] .= replace_macros($tpl, array( -- cgit v1.2.3 From 1a7ccc462b8aeea7704562b8d14d31e3bcb41622 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 10 Oct 2017 19:45:11 -0700 Subject: on failed auth due to unverified email, tell the person why and remind them to check their email. --- include/auth.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/auth.php b/include/auth.php index c7be69583..78be32bf4 100644 --- a/include/auth.php +++ b/include/auth.php @@ -83,7 +83,7 @@ function account_verify_password($login, $pass) { if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($account['account_flags'] & ACCOUNT_UNVERIFIED)) { logger('email verification required for ' . $login); - return null; + return ( [ 'reason' => 'unvalidated' ] ); } if(($account['account_flags'] == ACCOUNT_OK) @@ -259,7 +259,10 @@ else { } else { $verify = account_verify_password($_POST['username'], $_POST['password']); - if($verify) { + if($verify && array_key_exists('reason',$verify) && $verify['reason'] === 'unvalidated') { + notice( t('Email validation is incomplete. Please check your email.')); + } + elseif($verify) { $atoken = $verify['xchan']; $channel = $verify['channel']; $account = App::$account = $verify['account']; -- cgit v1.2.3 From ff8ee6fb2250d2188962f4b27de91b89465cc3d5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 10 Oct 2017 22:02:22 -0700 Subject: for federated forums we need to keep track of what protocols are available to red/hubzilla channels to determine which posts need to be mangled for transport to individual networks - based on what networks the author can communicate with. We probably need this for all xchans and hublocs but at some point it becomes increasingly difficult to scrape this information and map out a compatibility matrix. It's also doubtful anybody will use this system because we basically have to forge comments between network sites involving different protocols and this is going to look like crap to anybody that isn't on red/Hubzilla. Eventually they have to fix their protocols for this to work correctly, but nobody seems to believe me that their networks are basically anti-federation, so we need something like this to highlight their walled garden specifications and the resulting federation problems in a form they can't really argue with. --- include/zot.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index af7fbf8fd..b6df6bca8 100644 --- a/include/zot.php +++ b/include/zot.php @@ -718,6 +718,16 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { if(intval($r[0]['xchan_pubforum']) != intval($arr['public_forum'])) $pubforum_changed = 1; + if($arr['protocols']) { + $protocols = implode(',',$arr['protocols']); + if($protocols !== 'zot') { + set_xconfig($xchan_hash,'system','protocols',$protocols); + } + else { + del_xconfig($xchan_hash,'system','protocols'); + } + } + if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_addr'] != $arr['address']) @@ -4035,6 +4045,11 @@ function zotinfo($arr) { $id = $e['channel_id']; + $x = [ 'channel_id' => $id, 'protocols' => 'zot' ]; + call_hooks('channel_protocols',$x); + $protocols = $x['protocols']; + + $sys_channel = (intval($e['channel_system']) ? true : false); $special_channel = (($e['channel_pageflags'] & PAGE_PREMIUM) ? true : false); $adult_channel = (($e['channel_pageflags'] & PAGE_ADULT) ? true : false); @@ -4135,6 +4150,7 @@ function zotinfo($arr) { $ret['target'] = $ztarget; $ret['target_sig'] = $zsig; $ret['searchable'] = $searchable; + $ret['protocols'] = $protocols; $ret['adult_content'] = $adult_channel; $ret['public_forum'] = $public_forum; if($deleted) -- cgit v1.2.3 From 0c5918f29096f173f3dcacd572916611d9ca7558 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 11 Oct 2017 01:21:00 -0700 Subject: bring back some nav stuff (notifications) for alternate navbars; still some things missing as the notification dropdowns aren't fully functional. --- include/nav.php | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 0d554fc84..6fd7d527b 100644 --- a/include/nav.php +++ b/include/nav.php @@ -92,6 +92,46 @@ EOT; } if(local_channel()) { + + + + $nav['network'] = array('network', t('Activity'), "", t('Network Activity'),'network_nav_btn'); + $nav['network']['all'] = [ 'network', t('View your network activity'), '','' ]; + $nav['network']['mark'] = array('', t('Mark all activity notifications seen'), '',''); + + $nav['home'] = array('channel/' . $channel['channel_address'], t('Channel Home'), "", t('Channel home'),'home_nav_btn'); + $nav['home']['all'] = [ 'channel/' . $channel['channel_address'], t('View your channel home'), '' , '' ]; + $nav['home']['mark'] = array('', t('Mark all channel notifications seen'), '',''); + + + $nav['intros'] = array('connections/ifpending', t('Connections'), "", t('Connections'),'connections_nav_btn'); + if(is_site_admin()) + $nav['registrations'] = array('admin/accounts', t('Registrations'), "", t('Registrations'),'registrations_nav_btn'); + + + $nav['notifications'] = array('notifications/system', t('Notices'), "", t('Notifications'),'notifications_nav_btn'); + $nav['notifications']['all']=array('notifications/system', t('View all notifications'), "", ""); + $nav['notifications']['mark'] = array('', t('Mark all system notifications seen'), '',''); + + $nav['messages'] = array('mail/combined', t('Mail'), "", t('Private mail'),'mail_nav_btn'); + $nav['messages']['all']=array('mail/combined', t('View your private messages'), "", ""); + $nav['messages']['mark'] = array('', t('Mark all private messages seen'), '',''); + $nav['messages']['inbox'] = array('mail/inbox', t('Inbox'), "", t('Inbox')); + $nav['messages']['outbox']= array('mail/outbox', t('Outbox'), "", t('Outbox')); + $nav['messages']['new'] = array('mail/new', t('New Message'), "", t('New Message')); + + + $nav['all_events'] = array('events', t('Events'), "", t('Event Calendar'),'events_nav_btn'); + $nav['all_events']['all']=array('events', t('View events'), "", ""); + $nav['all_events']['mark'] = array('', t('Mark all events seen'), '',''); + + if(! $_SESSION['delegate']) { + $nav['manage'] = array('manage', t('Channel Manager'), "", t('Manage Your Channels'),'manage_nav_btn'); + } + + $nav['settings'] = array('settings', t('Settings'),"", t('Account/Channel Settings'),'settings_nav_btn'); + + if($chans && count($chans) > 1 && feature_enabled(local_channel(),'nav_channel_select')) $nav['channels'] = $chans; -- cgit v1.2.3 From 6acd96fd33038f0e3535af6861d1ba658098abc8 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 11 Oct 2017 17:52:03 -0700 Subject: typo --- include/zot.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index b6df6bca8..da1f3bfa1 100644 --- a/include/zot.php +++ b/include/zot.php @@ -312,6 +312,7 @@ function zot_refresh($them, $channel = null, $force = false) { logger('zot_refresh: ' . $url, LOGGER_DATA, LOG_INFO); + $result = z_post_url($url . $rhs,$postvars); if ($result['success']) { @@ -4045,7 +4046,7 @@ function zotinfo($arr) { $id = $e['channel_id']; - $x = [ 'channel_id' => $id, 'protocols' => 'zot' ]; + $x = [ 'channel_id' => $id, 'protocols' => ['zot'] ]; call_hooks('channel_protocols',$x); $protocols = $x['protocols']; -- cgit v1.2.3 From 29a29f277e4280efe88e70b66e42ff97ca967db9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 12 Oct 2017 22:10:42 -0700 Subject: create an actual logout module instead of relying on internal variables --- include/channel.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 488bdeef0..d7116ce28 100644 --- a/include/channel.php +++ b/include/channel.php @@ -2308,7 +2308,7 @@ function profile_store_lowlevel($arr) { // It is the caller's responsibility to confirm the requestor's intent and // authorisation to do this. -function account_remove($account_id,$local = true,$unset_session=true) { +function account_remove($account_id,$local = true,$unset_session = true) { logger('account_remove: ' . $account_id); @@ -2353,13 +2353,12 @@ function account_remove($account_id,$local = true,$unset_session=true) { if ($unset_session) { - unset($_SESSION['authenticated']); - unset($_SESSION['uid']); - notice( sprintf(t("User '%s' deleted"),$account_email) . EOL); + App::$session->nuke(); + notice( sprintf(t('Account \'%s\' deleted'),$account_email) . EOL); goaway(z_root()); } - return $r; + return $r; } /** -- cgit v1.2.3 From 9b94ad2ffe9abd34d2fd756b2366121ef89f376a Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 14 Oct 2017 01:17:47 -0700 Subject: was unable to make the modal login dialog work on the channel page with a cover photo. So for mod_channel, send login to the login page instead of the modal popup. --- include/nav.php | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 6fd7d527b..89947e270 100644 --- a/include/nav.php +++ b/include/nav.php @@ -148,15 +148,20 @@ EOT; } else { if(! get_account_id()) { - $nav['login'] = login(true,'main-login',false,false); - $nav['loginmenu'][] = ['login',t('Login'),'',t('Sign in'),'login_nav_btn']; - App::$page['content'] .= replace_macros(get_markup_template('nav_login.tpl'), - [ - '$nav' => $nav, - 'userinfo' => $userinfo - ] - ); - + if(App::$module === 'channel') { + $nav['login'] = login(true,'main-login',false,false); + $nav['loginmenu'][] = ['login',t('Login'),'',t('Sign in'),'']; + } + else { + $nav['login'] = login(true,'main-login',false,false); + $nav['loginmenu'][] = ['login',t('Login'),'',t('Sign in'),'login_nav_btn']; + App::$page['content'] .= replace_macros(get_markup_template('nav_login.tpl'), + [ + '$nav' => $nav, + 'userinfo' => $userinfo + ] + ); + } } else $nav['alogout'] = ['logout',t('Logout'), "", t('End this session'),'logout_nav_btn']; -- cgit v1.2.3 From cf7481da53d051c385dbff8d813befc34c8f68ef Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 16 Oct 2017 15:20:45 -0700 Subject: regression in zot site info after zot6 work --- include/zot.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index da1f3bfa1..55632fc31 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4201,8 +4201,7 @@ function zotinfo($arr) { if($x) $ret['locations'] = $x; - $ret['site'] = zot_site_info(); - + $ret['site'] = zot_site_info($e['xchan_pubkey']); check_zotinfo($e,$x,$ret); @@ -4213,7 +4212,7 @@ function zotinfo($arr) { } -function zot_site_info() { +function zot_site_info($channel_key = '') { $signing_key = get_config('system','prvkey'); $sig_method = get_config('system','signature_algorithm','sha256'); @@ -4221,7 +4220,10 @@ function zot_site_info() { $ret = []; $ret['site'] = []; $ret['site']['url'] = z_root(); - $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); + if($channel_key) { + $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$channel_key,$sig_method)); + } + $ret['site']['url_site_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); $ret['site']['post'] = z_root() . '/post'; $ret['site']['openWebAuth'] = z_root() . '/owa'; $ret['site']['authRedirect'] = z_root() . '/magic'; -- cgit v1.2.3 From a791809a840f168cfe65ea9fd09a30b271f7731e Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 16 Oct 2017 22:31:38 -0700 Subject: ensure guests hve a unique (non-existent) url so that network discovery on remote servers doesn't come up mis-attributing the token. Future work should probably provide an actual page at this location describing it as a guest account of 'xyz'. --- include/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/security.php b/include/security.php index 16c6f1680..d9078eb89 100644 --- a/include/security.php +++ b/include/security.php @@ -116,7 +116,7 @@ function atoken_xchan($atoken) { 'xchan_name' => $atoken['atoken_name'], 'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(), 'xchan_network' => 'unknown', - 'xchan_url' => z_root(), + 'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'], 'xchan_hidden' => 1, 'xchan_photo_mimetype' => 'image/jpeg', 'xchan_photo_l' => get_default_profile_photo(300), -- cgit v1.2.3 From b106b53d05b434f5bc717b87d4db56b511e1418b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 16 Oct 2017 23:01:00 -0700 Subject: don't translate 'guest:' since it is part of a url --- include/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/security.php b/include/security.php index d9078eb89..450cc4f69 100644 --- a/include/security.php +++ b/include/security.php @@ -114,7 +114,7 @@ function atoken_xchan($atoken) { 'atoken_id' => $atoken['atoken_id'], 'xchan_hash' => substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'], 'xchan_name' => $atoken['atoken_name'], - 'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(), + 'xchan_addr' => 'guest:' . $atoken['atoken_name'] . '@' . \App::get_hostname(), 'xchan_network' => 'unknown', 'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'], 'xchan_hidden' => 1, -- cgit v1.2.3 From 21b2c0afa393ed0a3a363c5a0737727a53bc99b8 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 19 Oct 2017 10:21:47 +0200 Subject: fix issue #837 - w2w posts not removed in contact_remove() --- include/connections.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/connections.php b/include/connections.php index 0cf4cdc5a..60bce018e 100644 --- a/include/connections.php +++ b/include/connections.php @@ -369,7 +369,8 @@ function contact_remove($channel_id, $abook_id) { return false; - $r = q("select * from item where author_xchan = '%s' and uid = %d", + $r = q("select * from item where (owner_xchan = '%s' or author_xchan = '%s') and uid = %d", + dbesc($abook['abook_xchan']), dbesc($abook['abook_xchan']), intval($channel_id) ); -- cgit v1.2.3 From f3c374b6fff5122ad8a8a62446a65171ce0fb555 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 19 Oct 2017 11:20:09 +0200 Subject: redirect to be moderated items to /moderate and change the conv link to partent mid in /modrate --- include/conversation.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index c034e8a65..f395b2cbe 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -703,7 +703,9 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0) $is_new = true; - $conv_link = (($item['item_type'] == ITEM_TYPE_CARD) ? $item['plink'] : z_root() . '/display/' . gen_link_id($item['mid'])); + $conv_link_mid = (($mode == 'moderate') ? $item['parent_mid'] : $item['mid']); + + $conv_link = (($item['item_type'] == ITEM_TYPE_CARD) ? $item['plink'] : z_root() . '/display/' . gen_link_id($conv_link_mid)); $tmp_item = array( -- cgit v1.2.3 From 8c57ed64d08b0ccea08431d97d5510a28aa8a2a7 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 22 Oct 2017 12:35:17 -0700 Subject: wrong key --- include/zot.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 55632fc31..dad30dbb0 100644 --- a/include/zot.php +++ b/include/zot.php @@ -361,8 +361,6 @@ function zot_refresh($them, $channel = null, $force = false) { else $permissions = $j['permissions']; - $connected_set = false; - if($permissions && is_array($permissions)) { $old_read_stream_perm = get_abconfig($channel['channel_id'],$x['hash'],'their_perms','view_stream'); @@ -4177,7 +4175,7 @@ function zotinfo($arr) { if($ztarget_hash) { $permissions['connected'] = false; - $b = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + $b = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and abook_pending = 0 limit 1", dbesc($ztarget_hash), intval($e['channel_id']) ); @@ -4201,7 +4199,7 @@ function zotinfo($arr) { if($x) $ret['locations'] = $x; - $ret['site'] = zot_site_info($e['xchan_pubkey']); + $ret['site'] = zot_site_info($e['channel_prvkey']); check_zotinfo($e,$x,$ret); -- cgit v1.2.3 From 2c07a92ad7961e345a93d8c18043c6213c3e974c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 23 Oct 2017 12:35:46 -0700 Subject: hubzilla issue #885 --- include/contact_widgets.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'include') diff --git a/include/contact_widgets.php b/include/contact_widgets.php index a13f87573..9cc9f0baf 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -65,6 +65,10 @@ function categories_widget($baseurl,$selected = '') { if(! feature_enabled(App::$profile['profile_uid'],'categories')) return ''; + require_once('include/security.php'); + + $sql_extra = item_permissions_sql(App::$profile['profile_uid']); + $item_normal = item_normal(); $terms = array(); @@ -77,6 +81,7 @@ function categories_widget($baseurl,$selected = '') { and item.owner_xchan = '%s' and item.item_wall = 1 $item_normal + $sql_extra order by term.term asc", intval(App::$profile['profile_uid']), intval(TERM_CATEGORY), @@ -105,6 +110,8 @@ function cardcategories_widget($baseurl,$selected = '') { if(! feature_enabled(App::$profile['profile_uid'],'categories')) return ''; + $sql_extra = item_permissions_sql(App::$profile['profile_uid']); + $item_normal = "and item.item_hidden = 0 and item.item_type = 6 and item.item_deleted = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 and item.item_blocked = 0 "; @@ -118,6 +125,7 @@ function cardcategories_widget($baseurl,$selected = '') { and term.otype = %d and item.owner_xchan = '%s' $item_normal + $sql_extra order by term.term asc", intval(App::$profile['profile_uid']), intval(TERM_CATEGORY), -- cgit v1.2.3 From ccc8ff107e61de0fb86961f406bebd67348119b6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 23 Oct 2017 17:52:17 -0700 Subject: acl encoding issues --- include/text.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 8a65be0d5..d81b59d75 100644 --- a/include/text.php +++ b/include/text.php @@ -2846,7 +2846,7 @@ function item_url_replace($channel,&$item,$old,$new,$oldnick = '') { */ function sanitise_acl(&$item) { if (strlen($item)) - $item = '<' . notags(trim($item)) . '>'; + $item = '<' . notags(trim(urldecode($item))) . '>'; else unset($item); } -- cgit v1.2.3