From 05654e498034329759351c4a64349734ce6b7204 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Mon, 4 Sep 2017 21:02:44 -0700
Subject: card embed improved

---
 include/bbcode.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/bbcode.php b/include/bbcode.php
index 470854f06..9a2a6eb9b 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -327,11 +327,16 @@ function bb_ShareAttributes($match) {
 	if ($avatar != "")
 		$headline .= '<a href="' . zid($profile) . '" ><img src="' . $avatar . '" alt="' . $author . '" height="32" width="32" /></a>';
 
+	if(strpos($link,'/cards/'))
+		$type = t('card');
+	else
+		$type = t('post');
+
 	// Bob Smith wrote the following post 2 hours ago
 
 	$fmt = sprintf( t('%1$s wrote the following %2$s %3$s'),
 		'<a href="' . zid($profile) . '" >' . $author . '</a>',
-		'<a href="' . zid($link) . '" >' . t('post') . '</a>',
+		'<a href="' . zid($link) . '" >' . $type . '</a>',
 		$reldate
 	);
 
-- 
cgit v1.2.3


From 842a041a888434df7d6312db08ce805c5ee21bf7 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Tue, 5 Sep 2017 16:38:55 -0700
Subject: remove period from characters allowed in username, as this will mess
 up URL based content-type negotiation. It was previously disallowed but
 permitted a month or two ago after seeing Diaspora started allowing it. It's
 OK if they have it, but we can't; as many of our urls are based on username
 and theirs are primarily based on uid.

---
 include/channel.php | 4 ++--
 include/text.php    | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'include')

diff --git a/include/channel.php b/include/channel.php
index faf28df28..41feca362 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -52,7 +52,7 @@ function identity_check_service_class($account_id) {
  *
  * This action is pluggable.
  * We're currently only checking for an empty name or one that exceeds our
- * storage limit (255 chars). 255 chars is probably going to create a mess on
+ * storage limit (191 chars). 191 chars is probably going to create a mess on
  * some pages.
  * Plugins can set additional policies such as full name requirements, character
  * sets, multi-byte length, etc.
@@ -67,7 +67,7 @@ function validate_channelname($name) {
 	if (! $name)
 		return t('Empty name');
 
-	if (strlen($name) > 255)
+	if (mb_strlen($name) > 191)
 		return t('Name too long');
 
 	$arr = ['name' => $name];
diff --git a/include/text.php b/include/text.php
index ea21e2184..a3c2bbc08 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1984,14 +1984,14 @@ function is_a_date_arg($s) {
 }
 
 function legal_webbie($s) {
-	if(! strlen($s))
+	if(! $s)
 		return '';
 
-	// WARNING: This regex will not work in a federated environment.
+	// WARNING: This regex may not work in a federated environment.
 	// You will probably want something like 
 	// preg_replace('/([^a-z0-9\_])/','',strtolower($s));
 
-	$r = preg_replace('/([^a-z0-9\-\_\.])/','',strtolower($s));
+	$r = preg_replace('/([^a-z0-9\-\_])/','',strtolower($s));
 
 	$x = [ 'input' => $s, 'output' => $r ];
 	call_hooks('legal_webbie',$x);
@@ -2003,7 +2003,7 @@ function legal_webbie_text() {
 
 	// WARNING: This will not work in a federated environment.
 
-	$s = t('a-z, 0-9, -, _, and . only');
+	$s = t('a-z, 0-9, -, and _ only');
 
 	$x = [ 'text' => $s ];
 	call_hooks('legal_webbie_text',$x);
-- 
cgit v1.2.3


From 6147f819ce908d7a52f905658e827c48aad92074 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Tue, 5 Sep 2017 17:12:31 -0700
Subject: avoid a security patch and resultant compatibility issues; instead
 restrict the input characters we accept in token verification strings to hex
 digits. This will all be changing in the coming weeks/months anyway.

---
 include/zot.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/zot.php b/include/zot.php
index 56bd7d212..cb213eff3 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -137,7 +137,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
 	}
 
 	if ($secret) {
-		$data['secret'] = $secret;
+		$data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret);
 		$data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method));
 	}
 
@@ -4621,7 +4621,6 @@ function zot_reply_auth_check($data,$encrypted_packet) {
 	// First verify their signature. We will have obtained a zot-info packet from them as part of the sender
 	// verification.
 
-	// needs a nonce!!!!
 	if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
 		logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
 		$ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL;
-- 
cgit v1.2.3


From 45eb61bcf079557094fed8714afc994f1120e6db Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Tue, 5 Sep 2017 18:32:37 -0700
Subject: provide sharing of cards

---
 include/conversation.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include')

diff --git a/include/conversation.php b/include/conversation.php
index ec445ba4c..c034e8a65 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -709,6 +709,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa
 				$tmp_item = array(
 					'template' => $tpl,
 					'toplevel' => 'toplevel_item',
+					'item_type' => intval($item['item_type']),			
 					'mode' => $mode,
 					'approve' => t('Approve'),
 					'delete' => t('Delete'),
-- 
cgit v1.2.3