From 4b17ea04a75eba037d5ad5bc2aeffaadddfcfa04 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 1 Jun 2023 10:15:35 +0000 Subject: add owner and author to item_permissions_sql() --- include/security.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/security.php b/include/security.php index de9f1f337..2fbe1da1a 100644 --- a/include/security.php +++ b/include/security.php @@ -490,12 +490,19 @@ function item_permissions_sql($owner_id, $remote_observer = null) { $gs = '<<>>'; // should be impossible to match } + // This function is often called without an $owner_id in places where this could not be + // determined in advance. The ACL fields will usually not contain the original author or owner + // so we will also check for author_xchan and owner_xchan to account for this ACL deficiency. + $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND (( NOT (deny_cid $regexop '%s' OR deny_gid $regexop '%s') - AND ( allow_cid $regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 )) - ) OR ( item_private = 1 $scope )) + " AND ( author_xchan = '%s' OR owner_xchan = '%s' OR + (( NOT (deny_cid $regexop '%s' OR deny_gid $regexop '%s') + AND ( allow_cid $regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 )) + ))) ", + dbesc($observer), + dbesc($observer), dbesc($cs), dbesc($gs), dbesc($cs), -- cgit v1.2.3 From 65a472c113b0ad93465e2698fafe388e739bdacb Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Fri, 2 Jun 2023 13:30:21 +0200 Subject: fix theme_attachments() --- include/text.php | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index aadca80e1..2693e7b16 100644 --- a/include/text.php +++ b/include/text.php @@ -1543,7 +1543,6 @@ function link_compare($a, $b) { function theme_attachments(&$item) { - $s = ''; $arr = json_decode($item['attach'],true); @@ -1557,15 +1556,25 @@ function theme_attachments(&$item) { $label = ''; - if(isset($r['title'])) + if(isset($r['name'])) { + $label = urldecode(htmlspecialchars($r['name'], ENT_COMPAT, 'UTF-8')); + } + + if(! $label && isset($r['title'])) { $label = urldecode(htmlspecialchars($r['title'], ENT_COMPAT, 'UTF-8')); + } - if(! $label && isset($r['href'])) - $label = basename($r['href']); + if(!$label && isset($r['href'])) { + $m = parse_url($r['href']); + if ($m && $m['path']) { + $label = basename($m['path']); + } + } //some feeds provide an attachment where title an empty space - if(! $label || $label == ' ') - $label = t('Unknown Attachment'); + if(!trim($label)) { + $label = t('Unknown attachment'); + } $title = t('Size') . ' ' . (isset($r['length']) ? userReadableSize($r['length']) : t('unknown')); @@ -1594,7 +1603,6 @@ function theme_attachments(&$item) { return $s; } - function format_categories(&$item,$writeable) { $s = ''; -- cgit v1.2.3 From 48a33f08e2042b0bb809f43f9bec9d7739af3c28 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 2 Jun 2023 11:33:44 +0000 Subject: ocap initial checkin --- include/attach.php | 54 +++++++++++++++------ include/items.php | 130 +++++++++++++++++++++++++++++++++++++++++++++++++++ include/security.php | 12 ++++- 3 files changed, 182 insertions(+), 14 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index b7fb17f38..4465a67fe 100644 --- a/include/attach.php +++ b/include/attach.php @@ -338,36 +338,46 @@ function attach_by_id($id, $observer_hash) { return $ret; } -function attach_can_view($uid,$ob_hash,$resource) { +function attach_can_view($uid, $ob_hash, $resource, $token = EMPTY_STR) { - $sql_extra = permissions_sql($uid,$ob_hash); + $sql_extra = permissions_sql($uid, $ob_hash, '', $token); $hash = $resource; - if(! perm_is_allowed($uid,$ob_hash,'view_storage')) { - return false; + if (!$token) { + if(! perm_is_allowed($uid, $ob_hash, 'view_storage')) { + return false; + } } $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", dbesc($hash), intval($uid) ); - if(! $r) { + + if(!$r) { return false; } - return attach_can_view_folder($uid,$ob_hash,$r[0]['folder']); + // don't perform recursive folder check when using OCAP. Only when using ACL access. + // For OCAP if the token is valid they can see the thing. + + if ($token) { + return true; + } + + return attach_can_view_folder($uid, $ob_hash, $r[0]['folder'], $token); } -function attach_can_view_folder($uid,$ob_hash,$folder_hash) { +function attach_can_view_folder($uid, $ob_hash, $folder_hash, $token = EMPTY_STR) { - $sql_extra = permissions_sql($uid,$ob_hash); + $sql_extra = permissions_sql($uid, $ob_hash, '', $token); $hash = $folder_hash; - if(! $folder_hash) { - return perm_is_allowed($uid,$ob_hash,'view_storage'); + if(!$folder_hash && !$token) { + return perm_is_allowed($uid, $ob_hash, 'view_storage'); } @@ -508,7 +518,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $upload_path = $arr['directory'] ?? ''; $visible = $arr['visible'] ?? 0; $notify = $arr['notify'] ?? 0; - + $flags = (($arr && array_key_exists('flags', $arr)) ? intval($arr['flags']) : 0); $observer = array(); $dosync = ((array_key_exists('nosync',$arr) && $arr['nosync']) ? 0 : 1); @@ -933,8 +943,8 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { ); } else { - $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, content, created, edited, os_path, display_path, allow_cid, allow_gid,deny_cid, deny_gid ) - VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, flags, content, created, edited, os_path, display_path, allow_cid, allow_gid,deny_cid, deny_gid ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), @@ -946,6 +956,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { intval(0), intval(1), intval($is_photo), + intval($flags), dbescbin($os_basepath . $os_relpath), dbesc($created), dbesc($created), @@ -1413,6 +1424,23 @@ function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gi if(! $r) return; + $private = $allow_cid || $allow_gid || $deny_cid || $deny_gid; + + // preserve any existing tokens that may have been set for this file + // @fixme - we need a way to unconditionally clear these if desired. + + if ($private) { + $token_matches = null; + if (preg_match_all('/\/', $r[0]['allow_cid'], $token_matches, PREG_SET_ORDER)) { + foreach ($token_matches as $m) { + $tok = ''; + if (!str_contains($allow_cid, $tok)) { + $allow_cid .= $tok; + } + } + } + } + if(intval($r[0]['is_dir'])) { if($recurse) { $r = q("select hash, flags, is_dir from attach where folder = '%s' and uid = %d", diff --git a/include/items.php b/include/items.php index f6a93cc2c..a74fe8b50 100644 --- a/include/items.php +++ b/include/items.php @@ -5009,6 +5009,136 @@ function fix_attached_file_permissions($channel,$observer_hash,$body, } } +function list_attached_local_files($body) { + + $files = []; + $match = []; + + // match img and zmg image links + if (preg_match_all("/\[[zi]mg(.*?)](.*?)\[\/[zi]mg]/", $body, $match)) { + $images = array_merge($match[1], $match[2]); + if ($images) { + foreach ($images as $image) { + if (!stristr($image, z_root() . '/photo/')) { + continue; + } + $image_uri = substr($image,strrpos($image,'/') + 1); + if (str_contains($image_uri, '-')) { + $image_uri = substr($image_uri,0, strrpos($image_uri,'-')); + } + if (str_contains($image_uri, '.')) { + $image_uri = substr($image_uri,0, strpos($image_uri,'.')); + } + if ($image_uri && !in_array($image_uri, $files)) { + $files[] = $image_uri; + } + } + } + } + if (preg_match_all("/\[attachment](.*?)\[\/attachment]/",$body,$match)) { + $attaches = $match[1]; + if ($attaches) { + foreach ($attaches as $attach) { + $hash = substr($attach,0,strpos($attach,',')); + if ($hash && !in_array($hash, $files)) { + $files[] = $hash; + } + } + } + } + + return $files; +} + +function fix_attached_permissions($uid, $body, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $token = EMPTY_STR) { + + $files = list_attached_local_files($body); + + if (! $files) { + return; + } + + foreach ($files as $file) { + $attach_q = q("select id, hash, flags, is_photo, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d", + dbesc($file), + intval($uid) + ); + + if (! $attach_q) { + continue; + } + + $attach = array_shift($attach_q); + + $new_public = !(($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny)); + $existing_public = !(($attach['allow_cid'] || $attach['allow_gid'] || $attach['deny_cid'] || $attach['deny_gid'])); + + if ($existing_public) { + // permissions have already been fixed and they are public. There's nothing for us to do. + continue; + } + + // if flags & 1, the attachment was uploaded directly into a post and needs to have permissions corrected + // or - if it is a private file and a new token was generated, we'll need to add the token to the ACL. + + if (((intval($attach['flags']) & 1) !== 1) && (! $token)) { + continue; + } + + $item_private = 0; + + if ($new_public === false) { + $item_private = (($str_group_allow || ($str_contact_allow && substr_count($str_contact_allow,'<') > 2)) ? 1 : 2); + + // preserve any existing tokens that may have been set for this file + $token_matches = null; + if (preg_match_all('//',$attach['allow_cid'],$token_matches, PREG_SET_ORDER)) { + foreach ($token_matches as $m) { + $tok = ''; + if (!str_contains($str_contact_allow, $tok)) { + $str_contact_allow .= $tok; + } + } + } + if ($token && !str_contains($str_contact_allow, $token)) { + $str_contact_allow .= ''; + } + } + + q("update attach SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', flags = 0 + WHERE id = %d AND uid = %d", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + intval($attach['id']), + intval($uid) + ); + + if ($attach['is_photo']) { + $r = q("UPDATE photo SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' + WHERE resource_id = '%s' AND uid = %d ", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + dbesc($file), + intval($uid) + ); + + $r = q("UPDATE item SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d + WHERE resource_id = '%s' AND 'resource_type' = 'photo' AND uid = %d", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + intval($item_private), + dbesc($file), + intval($uid) + ); + } + } +} function item_create_edit_activity($post) { diff --git a/include/security.php b/include/security.php index 2fbe1da1a..539e5f5b5 100644 --- a/include/security.php +++ b/include/security.php @@ -330,7 +330,7 @@ function change_channel($change_channel) { * @return string additional SQL where statement */ -function permissions_sql($owner_id, $remote_observer = null, $table = '') { +function permissions_sql($owner_id, $remote_observer = null, $table = '', $token = EMPTY_STR) { $local_channel = local_channel(); @@ -412,6 +412,16 @@ function permissions_sql($owner_id, $remote_observer = null, $table = '') { dbesc($gs) ); } + + /* + * OCAP token access + */ + + elseif ($token) { + $sql = " AND ( {$table}allow_cid like '" . protect_sprintf('%%') . + "' OR ( {$table}allow_cid = '' AND {$table}allow_gid = '' AND {$table}deny_cid = '' AND {$table}deny_gid = '' ) )"; + } + } return $sql; -- cgit v1.2.3 From 11a2419c22693fd1546ade79c0b5fa3a9aea9dfd Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 2 Jun 2023 19:10:53 +0000 Subject: fix wrong array key --- include/attach.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 4465a67fe..1de5f5a67 100644 --- a/include/attach.php +++ b/include/attach.php @@ -974,7 +974,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $args = array( 'source' => $source, 'visible' => $visible, 'resource_id' => $hash, 'album' => $pathname, 'os_syspath' => $os_basepath . $os_relpath, 'os_path' => $os_path, 'display_path' => $display_path, 'filename' => $filename, 'getimagesize' => $gis, 'directory' => $direct, 'options' => $options ); if (array_key_exists('contact_allow', $arr)) $args['contact_allow'] = $arr['contact_allow']; - if (array_key_exists('contact_deny', $arr)) + if (array_key_exists('group_allow', $arr)) $args['group_allow'] = $arr['group_allow']; if (array_key_exists('contact_deny', $arr)) $args['contact_deny'] = $arr['contact_deny']; -- cgit v1.2.3 From 0c2cb18578f2f02c96cdb5ab44d0db7b24ce2af5 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Jun 2023 15:33:02 +0000 Subject: shuffle queue deliveries for more randomness --- include/network.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/network.php b/include/network.php index f0642d8f7..b34fdffcc 100644 --- a/include/network.php +++ b/include/network.php @@ -1729,12 +1729,14 @@ function deliverable_singleton($channel_id,$xchan) { intval($channel_id), dbesc($xchan_hash) ); + if($r) { if(! $r[0]['abook_instance']) return true; if(strpos($r[0]['abook_instance'],z_root()) !== false) return true; } + return false; } -- cgit v1.2.3 From fb9a193c44ea55f3119fbbafe8b421c1a4087f18 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Jun 2023 16:24:02 +0000 Subject: do not add deleted xchans for poco --- include/socgraph.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/socgraph.php b/include/socgraph.php index f08913ee2..49cc45d52 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -152,7 +152,7 @@ function poco_load($xchan = '', $url = null) { // We've never seen this person before. Import them. - if(($x !== false) && (! count($x))) { + if(!$x) { if($address) { if($network === 'zot6') { $j = Zotfinger::exec($profile_url); @@ -174,7 +174,6 @@ function poco_load($xchan = '', $url = null) { $total ++; - $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 0 limit 1", dbesc($xchan), dbesc($hash) @@ -431,7 +430,7 @@ function poco() { intval($startIndex) ); } else { - $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d + $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and xchan_deleted = 0 $sql_extra LIMIT %d OFFSET %d", intval($channel_id), intval($itemsPerPage), -- cgit v1.2.3 From 59b217f7eaf4d5efd08ca8db82866b38ce1f5cf4 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 12 Jun 2023 08:13:42 +0000 Subject: only remove the owner from delivery if its their post and minor cleanup --- include/socgraph.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/socgraph.php b/include/socgraph.php index 49cc45d52..e5e8ddf74 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -112,12 +112,8 @@ function poco_load($xchan = '', $url = null) { $profile_url = ''; $profile_photo = ''; $address = ''; - $name = ''; - $hash = ''; - $rating = 0; - - $name = $entry['displayName']; - $hash = $entry['hash']; + $name = $entry['displayName'] ?? ''; + $hash = $entry['hash'] ?? ''; if(x($entry,'urls') && is_array($entry['urls'])) { foreach($entry['urls'] as $url) { -- cgit v1.2.3 From cd26ead043f9cb92ca4d59e587480520cb51f117 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 23 Jun 2023 09:13:51 +0000 Subject: implement optional moderation of unsolicited comments, minor css fixes and some more work on ocap --- include/attach.php | 31 ++++++++++++++----------------- include/items.php | 18 +++++++++++++++--- include/security.php | 1 + 3 files changed, 30 insertions(+), 20 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index 1de5f5a67..ead5a8e06 100644 --- a/include/attach.php +++ b/include/attach.php @@ -254,7 +254,7 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $ * @param int $rev (optional) Revision default 0 * @return array */ -function attach_by_hash($hash, $observer_hash, $rev = 0) { +function attach_by_hash($hash, $observer_hash, $rev = 0, $token = EMPTY_STR) { $ret = array('success' => false); @@ -274,7 +274,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { return $ret; } - if(! attach_can_view($r[0]['uid'], $observer_hash, $hash)) { + if(! attach_can_view($r[0]['uid'], $observer_hash, $hash, $token)) { $ret['message'] = t('Permission denied.'); return $ret; } @@ -311,7 +311,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { * @param string $observer_hash * @return array */ -function attach_by_id($id, $observer_hash) { +function attach_by_id($id, $observer_hash, $token = EMPTY_STR) { $ret = array('success' => false); @@ -325,7 +325,7 @@ function attach_by_id($id, $observer_hash) { return $ret; } - if(! attach_can_view($r[0]['uid'], $observer_hash, $r[0]['hash'])) { + if(! attach_can_view($r[0]['uid'], $observer_hash, $r[0]['hash'], $token)) { $ret['message'] = t('Permission denied.'); return $ret; } @@ -340,17 +340,16 @@ function attach_by_id($id, $observer_hash) { function attach_can_view($uid, $ob_hash, $resource, $token = EMPTY_STR) { - $sql_extra = permissions_sql($uid, $ob_hash, '', $token); - $hash = $resource; - if (!$token) { if(! perm_is_allowed($uid, $ob_hash, 'view_storage')) { return false; } } + $sql_extra = permissions_sql($uid, $ob_hash, '', $token); + $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", - dbesc($hash), + dbesc($resource), intval($uid) ); @@ -373,24 +372,22 @@ function attach_can_view($uid, $ob_hash, $resource, $token = EMPTY_STR) { function attach_can_view_folder($uid, $ob_hash, $folder_hash, $token = EMPTY_STR) { - $sql_extra = permissions_sql($uid, $ob_hash, '', $token); - $hash = $folder_hash; - if(!$folder_hash && !$token) { return perm_is_allowed($uid, $ob_hash, 'view_storage'); } + $sql_extra = permissions_sql($uid, $ob_hash, '', $token); do { $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", - dbesc($hash), + dbesc($folder_hash), intval($uid) ); if(! $r) return false; - $hash = $r[0]['folder']; - } while($hash); + $folder_hash = $r[0]['folder']; + } while($folder_hash); return true; } @@ -410,7 +407,7 @@ function attach_can_view_folder($uid, $ob_hash, $folder_hash, $token = EMPTY_STR * * \e string \b message (optional) only when success is false * * \e array \b data array of attach DB entry without data component */ -function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { +function attach_by_hash_nodata($hash, $observer_hash, $rev = 0, $token = EMPTY_STR) { $ret = array('success' => false); @@ -435,7 +432,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { return $ret; } - $sql_extra = permissions_sql($r[0]['uid'], $observer_hash); + $sql_extra = permissions_sql($r[0]['uid'], $observer_hash, '', $token); // Now we'll see if we can access the attachment @@ -450,7 +447,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { } if($r[0]['folder']) { - $x = attach_can_view_folder($r[0]['uid'], $observer_hash, $r[0]['folder']); + $x = attach_can_view_folder($r[0]['uid'], $observer_hash, $r[0]['folder'], $token); if(! $x) { $ret['message'] = t('Permission denied.'); return $ret; diff --git a/include/items.php b/include/items.php index a74fe8b50..c6aeaa0ed 100644 --- a/include/items.php +++ b/include/items.php @@ -242,9 +242,21 @@ function comments_are_now_closed($item) { } function item_normal() { - return " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 - and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 - and item.item_blocked = 0 "; + $profile_uid = App::$profile['profile_uid'] ?? App::$profile_uid ?? null; + $uid = local_channel(); + $is_owner = ($uid && intval($profile_uid) === $uid); + + $sql = " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 + and item.item_unpublished = 0 and item.item_pending_remove = 0"; + + if ($is_owner) { + $sql .= " and item.item_blocked IN (0, " . intval(ITEM_MODERATED) . ") and item.item_delayed IN (0, 1) "; + } + else { + $sql .= " and item.item_blocked = 0 and item.item_delayed = 0 "; + } + + return $sql; } function item_normal_search() { diff --git a/include/security.php b/include/security.php index 539e5f5b5..5ea6f13ef 100644 --- a/include/security.php +++ b/include/security.php @@ -326,6 +326,7 @@ function change_channel($change_channel) { * @param int $owner_id * @param bool $remote_observer (optional) use current observer if unset * @param $table (optional) + * @param $token (optional) * * @return string additional SQL where statement */ -- cgit v1.2.3 From 750641ef196d9e113b0e80da9734f70400b55652 Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 27 Jun 2023 14:53:23 +0000 Subject: implement inline moderation of reactions --- include/conversation.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 2f0b6f6fd..c02b0c4c8 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1215,11 +1215,16 @@ function builtin_activity_puller($item, &$conv_responses) { if((activity_match($item['verb'], $verb)) && ($item['id'] != $item['parent'])) { $name = (($item['author']['xchan_name']) ? $item['author']['xchan_name'] : t('Unknown')); + + $moderate = ((intval($item['item_blocked']) === ITEM_MODERATED) ? '' : ''); + $url = (($item['author_xchan'] && $item['author']['xchan_photo_s']) - ? '' . '' . urlencode($name) . ' ' . $name . '' + ? '
' . $moderate . '' . '' . urlencode($name) . ' ' . $name . '
' : '' . $name . '' ); + + if(! $item['thr_parent']) $item['thr_parent'] = $item['parent_mid']; -- cgit v1.2.3 From 9f6844ec30612fe2b1f0af4e52018a432698b226 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 29 Jun 2023 11:43:02 +0000 Subject: pass $escape to stringify_array_elms() --- include/text.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 2693e7b16..dcf0980c5 100644 --- a/include/text.php +++ b/include/text.php @@ -2699,7 +2699,7 @@ function stringify_array_elms(&$arr, $escape = false) { */ function stringify_array($arr, $escape = false) { if($arr) { - stringify_array_elms($arr); + stringify_array_elms($arr, $escape); return(implode(',',$arr)); } return EMPTY_STR; -- cgit v1.2.3 From 7755936a2ef31d8ad9976d6fe80eb85f0b816f70 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 29 Jun 2023 12:31:32 +0000 Subject: remove unused pseudo abook code --- include/permissions.php | 16 +++------------- include/security.php | 15 --------------- 2 files changed, 3 insertions(+), 28 deletions(-) (limited to 'include') diff --git a/include/permissions.php b/include/permissions.php index c3a9286c0..28f242712 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -175,7 +175,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ // They are in your address book, but haven't been approved - if($channel_perm & PERMS_PENDING && (! intval($x[0]['abook_pseudo']))) { + if($channel_perm & PERMS_PENDING) { $ret[$perm_name] = 1; continue; } @@ -188,12 +188,6 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ // They're a contact, so they have permission if($channel_perm & PERMS_CONTACTS) { - // it was a fake abook entry, not really a connection - if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) { - $ret[$perm_name] = 0; - continue; - } - $ret[$perm_name] = 1; continue; } @@ -340,7 +334,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; } - // From here on we require that the observer be a connection or pseudo connection + // From here on we require that the observer be a connection if(! $x) { return false; @@ -348,7 +342,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // They are in your address book, but haven't been approved - if($channel_perm & PERMS_PENDING && (! intval($x[0]['abook_pseudo']))) { + if($channel_perm & PERMS_PENDING) { return true; } @@ -359,10 +353,6 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // They're a contact, so they have permission if($channel_perm & PERMS_CONTACTS) { - // it was a fake abook entry, not really a connection - if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) { - return false; - } return true; } diff --git a/include/security.php b/include/security.php index 5ea6f13ef..b3e45742e 100644 --- a/include/security.php +++ b/include/security.php @@ -237,21 +237,6 @@ function atoken_abook($uid, $xchan_hash) { } -function pseudo_abook($xchan) { - if (!$xchan) - return false; - - // set abook_pseudo to flag that we aren't really connected. - - $xchan['abook_pseudo'] = 1; - $xchan['abook_blocked'] = 0; - $xchan['abook_ignored'] = 0; - $xchan['abook_pending'] = 0; - - return $xchan; -} - - /** * @brief Change to another channel with current logged-in account. * -- cgit v1.2.3 From 4f03272a5f4c33f6c893b6f56f43fe5e839173b3 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 1 Jul 2023 11:03:26 +0000 Subject: unify code for selecting deliverable abook xchans --- include/connections.php | 29 +++++++++++++++++++++++++++++ include/items.php | 23 +++++++---------------- include/text.php | 18 +++++++++--------- 3 files changed, 45 insertions(+), 25 deletions(-) (limited to 'include') diff --git a/include/connections.php b/include/connections.php index e8415bb25..9a6ee7d8d 100644 --- a/include/connections.php +++ b/include/connections.php @@ -67,6 +67,35 @@ function rconnect_url($channel_id,$xchan) { } +function deliverable_abook_xchans($channel_id, $filter = [], $flatten = true) { + $filter_sql = ''; + + if ($filter) { + $filter_sql = " AND abook_xchan IN (" . protect_sprintf(stringify_array($filter, true)) . ") "; + } + + $r = q("SELECT abook_xchan, xchan_network FROM abook LEFT JOIN xchan ON abook_xchan = xchan_hash WHERE + abook_channel = %d $filter_sql + AND abook_self = 0 + AND abook_pending = 0 + AND abook_archived = 0 + AND abook_not_here = 0 + AND xchan_network NOT IN ('anon', 'token', 'rss')", + intval($channel_id) + ); + + if (!$r) { + return []; + } + + if ($flatten) { + return ids_to_array($r, 'abook_xchan'); + } + + return $r; +} + + function abook_connections($channel_id, $sql_conditions = '') { $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_self = 0 $sql_conditions", diff --git a/include/items.php b/include/items.php index c6aeaa0ed..c832a3075 100644 --- a/include/items.php +++ b/include/items.php @@ -53,35 +53,28 @@ function collect_recipients($item, &$private_envelope,$include_groups = true) { $allow_groups = []; } - $recipients = array_unique(array_merge($allow_people,$allow_groups)); + $raw_recipients = array_unique(array_merge($allow_people, $allow_groups)); + $recipients = deliverable_abook_xchans($item['uid'], $raw_recipients); // if you specifically deny somebody but haven't allowed anybody, we'll allow everybody in your // address book minus the denied connections. The post is still private and can't be seen publicly // as that would allow the denied person to see the post by logging out. - if((! $item['allow_cid']) && (! $item['allow_gid'])) { - $r = q("select * from abook where abook_channel = %d and abook_self = 0 and abook_pending = 0 and abook_archived = 0 ", - intval($item['uid']) - ); - - if($r) { - foreach($r as $rr) { - $recipients[] = $rr['abook_xchan']; - } - } + if(!$item['allow_cid'] && !$item['allow_gid']) { + $recipients = deliverable_abook_xchans($item['uid']); } $deny_people = expand_acl($item['deny_cid']); $deny_groups = AccessList::expand(expand_acl($item['deny_gid'])); - $deny = array_unique(array_merge($deny_people,$deny_groups)); + $deny = array_unique(array_merge($deny_people, $deny_groups)); // Don't deny anybody if nobody was allowed (e.g. they were all filtered out) // That would lead to array_diff doing the wrong thing. // This will result in a private post that won't be delivered to anybody. if($recipients && $deny) - $recipients = array_diff($recipients,$deny); + $recipients = array_diff($recipients, $deny); $private_envelope = true; } @@ -112,9 +105,7 @@ function collect_recipients($item, &$private_envelope,$include_groups = true) { if ($hookinfo['recipients']) { $r = $hookinfo['recipients']; } else { - $r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_self = 0 and abook_pending = 0 and abook_archived = 0 and abook_not_here = 0 and xchan_network not in ('anon', 'token', 'rss')", - intval($item['uid']) - ); + $r = deliverable_abook_xchans($item['uid'], [], false); } if($r) { diff --git a/include/text.php b/include/text.php index dcf0980c5..c038d3d3d 100644 --- a/include/text.php +++ b/include/text.php @@ -2529,26 +2529,26 @@ function check_webbie($arr) { return ''; } -function ids_to_array($arr,$idx = 'id') { - $t = array(); +function ids_to_array($arr, $idx = 'id') { + $t = []; if($arr) { foreach($arr as $x) { - if(array_key_exists($idx,$x) && strlen($x[$idx]) && (! in_array($x[$idx],$t))) { + if(array_key_exists($idx, $x) && strlen($x[$idx]) && (! in_array($x[$idx], $t))) { $t[] = $x[$idx]; } } } - return($t); + return $t; } -function ids_to_querystr($arr,$idx = 'id',$quote = false) { - $t = array(); +function ids_to_querystr($arr, $idx = 'id', $quote = false) { + $t = []; if($arr) { foreach($arr as $x) { - if(! in_array($x[$idx],$t)) { + if(!in_array($x[$idx], $t)) { if($quote) $t[] = "'" . dbesc($x[$idx]) . "'"; else @@ -2556,7 +2556,7 @@ function ids_to_querystr($arr,$idx = 'id',$quote = false) { } } } - return(implode(',', $t)); + return implode(',', $t); } /** @@ -2700,7 +2700,7 @@ function stringify_array_elms(&$arr, $escape = false) { function stringify_array($arr, $escape = false) { if($arr) { stringify_array_elms($arr, $escape); - return(implode(',',$arr)); + return(implode(',', $arr)); } return EMPTY_STR; } -- cgit v1.2.3 From 7a0f22b0a7d909518c22264d524f584c9d2df456 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 3 Jul 2023 10:37:32 +0000 Subject: make sure to return infos from current hub where applicable - fix issue #1770 --- include/channel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 01302a1b9..2e8aefaaa 100644 --- a/include/channel.php +++ b/include/channel.php @@ -3092,5 +3092,5 @@ function channel_url($channel) { function get_channel_hashes() { $r = dbq("SELECT channel_hash FROM channel WHERE channel_removed = 0"); - return flatten_array_recursive($r); + return ids_to_array($r, 'channel_hash'); } -- cgit v1.2.3 From 10b49af776e3a8cc94cb99332fca987503b09be1 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 3 Jul 2023 12:42:46 +0000 Subject: fix php warning --- include/items.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index c832a3075..d88a676a1 100644 --- a/include/items.php +++ b/include/items.php @@ -2451,13 +2451,17 @@ function send_status_notifications($post_id,$item) { intval($item['uid']) ); - $thr_parent_id = $r[0]['id']; + if ($r) { + $thr_parent_id = $r[0]['id']; + } + } $r = q("select channel_hash from channel where channel_id = %d limit 1", intval($item['uid']) ); - if(! $r) + + if(!$r) return; // my own post - no notification needed -- cgit v1.2.3 From 6753d260e47bddbc61bbfe1fe6d9de384afc2da6 Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 4 Jul 2023 08:05:00 +0000 Subject: do not linkify in nobb and noparse tags - issue #1776 --- include/text.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/text.php b/include/text.php index c038d3d3d..6ab8fc1ce 100644 --- a/include/text.php +++ b/include/text.php @@ -887,6 +887,8 @@ function get_tags($s) { // ignore anything in a code or svg block $s = preg_replace('/\[code(.*?)\](.*?)\[\/code\]/sm','',$s); + $s = preg_replace('/\[nobb\](.*?)\[\/nobb\]/sm','',$s); + $s = preg_replace('/\[noparse\](.*?)\[\/noparse\]/sm','',$s); $s = preg_replace('/\[svg(.*?)\](.*?)\[\/svg\]/sm','',$s); $s = preg_replace('/\[toc(.*?)\]/sm','',$s); -- cgit v1.2.3