From 70fa00c014fcdbb666ac870873024c41b6609191 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Fri, 15 May 2015 22:20:45 +0200 Subject: allow a block to contain $content --- include/comanche.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/comanche.php b/include/comanche.php index 3030ae5c6..fc4e4004b 100644 --- a/include/comanche.php +++ b/include/comanche.php @@ -166,12 +166,19 @@ function comanche_block($s, $class = '') { intval($channel_id), dbesc($name) ); + if($r) { $o .= (($var['wrap'] == 'none') ? '' : '
'); if($r[0]['title']) $o .= '

' . $r[0]['title'] . '

'; - $o .= prepare_text($r[0]['body'], $r[0]['mimetype']); + if($r[0]['body'] === '$content') { + $o .= prepare_text(get_app()->data['webpage'][0]['body'], get_app()->data['webpage'][0]['mimetype']); + } + else { + $o .= prepare_text($r[0]['body'], $r[0]['mimetype']); + } + $o .= (($var['wrap'] == 'none') ? '' : '
'); } } -- cgit v1.2.3 From e2980e871fd9d7e769cf19b58c03574d386e542e Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Sat, 16 May 2015 11:12:39 +0200 Subject: Add functions to parse and get some values from php.ini. Get upload limits from php.ini. These functions will be used for checking against upload limits and to give information in the frontend. Wasn't sure in which file to put these functions, so I created a new one include/environment.php. --- include/environment.php | 66 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 include/environment.php (limited to 'include') diff --git a/include/environment.php b/include/environment.php new file mode 100644 index 000000000..47ad241a7 --- /dev/null +++ b/include/environment.php @@ -0,0 +1,66 @@ + 8388608 + * + * \note This method does not recognise other human readable formats like + * 8MB, etc. + * + * @todo Make this function more universal useable. MB, T, etc. + * + * @param string $val value from php.ini e.g. 2M, 8M + * @return int size in bytes + */ +function phpiniSizeToBytes($val) { + $val = trim($val); + $unit = strtolower($val[strlen($val)-1]); + switch($unit) { + case 'g': + $val *= 1024; + case 'm': + $val *= 1024; + case 'k': + $val *= 1024; + } + + return (int)$val; +} \ No newline at end of file -- cgit v1.2.3 From 6757e86e852293f74debc5c011e4a2809471487b Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Sun, 17 May 2015 01:24:47 +0200 Subject: Add some more documentation to attach_store() --- include/attach.php | 71 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 39 insertions(+), 32 deletions(-) (limited to 'include') diff --git a/include/attach.php b/include/attach.php index e6d6e5f24..4bbda9530 100644 --- a/include/attach.php +++ b/include/attach.php @@ -4,10 +4,11 @@ * * @brief File/attach API with the potential for revision control. * - * @TODO: a filesystem storage abstraction which maintains security (and 'data' contains a system filename - * which is inaccessible from the web). This could get around PHP storage limits and store videos and larger - * items, using fread or OS methods or native code to read/write or chunk it through. - * Also an 'append' option to the storage function might be a useful addition. + * @TODO A filesystem storage abstraction which maintains security (and 'data' + * contains a system filename which is inaccessible from the web). This could + * get around PHP storage limits and store videos and larger items, using fread + * or OS methods or native code to read/write or chunk it through. + * @todo Also an 'append' option to the storage function might be a useful addition. */ require_once('include/permissions.php'); @@ -123,7 +124,7 @@ function z_mime_content_type($filename) { * @param string $hash (optional) * @param string $filename (optional) * @param string $filetype (optional) - * @return assoziative array with: + * @return associative array with: * * \e boolean \b success * * \e int|boolean \b results amount of found results, or false * * \e string \b message with error messages if any @@ -161,7 +162,7 @@ function attach_count_files($channel_id, $observer, $hash = '', $filename = '', /** * @brief Returns a list of files/attachments. - * + * * @param $channel_id * @param $observer * @param $hash (optional) @@ -170,10 +171,10 @@ function attach_count_files($channel_id, $observer, $hash = '', $filename = '', * @param $orderby * @param $start * @param $entries - * @return array - * $ret['success'] boolean - * $ret['results'] array with results, or false - * $ret['message'] string with error messages if any + * @return associative array with: + * * \e boolean \b success + * * \e array|boolean \b results array with results, or false + * * \e string \b message with error messages if any */ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '', $orderby = 'created desc', $start = 0, $entries = 0) { @@ -213,11 +214,11 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $ /** * @brief Find an attachment by hash and revision. - * + * * Returns the entire attach structure including data. - * + * * This could exhaust memory so most useful only when immediately sending the data. - * + * * @param string $hash * @param int $rev Revision * @return array @@ -275,7 +276,7 @@ function attach_by_hash($hash, $rev = 0) { * @see attach_by_hash() * @param $hash * @param $rev revision default 0 - * @return array Everything except data. + * @return associative array with everything except data * * \e boolean \b success boolean true or false * * \e string \b message (optional) only when success is false * * \e array \b data array of attach DB entry without data component @@ -326,12 +327,18 @@ function attach_by_hash_nodata($hash, $rev = 0) { } /** - * @brief + * @brief Stores an attachment from a POST file upload. + * + * This function stores an attachment. It can be a new one, a replacement or a + * new revision depending on value set in \e $options. * - * @param $channel channel array of owner - * @param $observer_hash hash of current observer - * @param $options (optional) - * @param $arr (optional) + * @note Requires an input field \e userfile and does not accept multiple files + * in one request. + * + * @param array $channel channel array of owner + * @param string $observer_hash hash of current observer + * @param string $options (optional) one of update, replace, revision + * @param array $arr (optional) associative array */ function attach_store($channel, $observer_hash, $options = '', $arr = null) { @@ -366,7 +373,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { if($options === 'replace') { /** @BUG $replace is undefined here */ - $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", + $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", intval($replace), intval($channel_id) ); @@ -457,7 +464,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { ); } elseif($options === 'update') { - $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', + $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d", dbesc((array_key_exists('filename',$arr)) ? $arr['filename'] : $x[0]['filename']), dbesc((array_key_exists('filetype',$arr)) ? $arr['filetype'] : $x[0]['filetype']), @@ -551,7 +558,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') { intval(ATTACH_FLAG_DIR) ); if(! $r) { - $ret['message'] = t('Path not available.'); + $ret['message'] = t('Path not available.'); return $ret; } @@ -621,7 +628,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { // Check for duplicate name. // Check both the filename and the hash as we will be making use of both. - + $r = q("select hash from attach where ( filename = '%s' or hash = '%s' ) and folder = '%s' and uid = %d limit 1", dbesc($arr['filename']), dbesc($arr['hash']), @@ -644,7 +651,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { $sql_options = permissions_sql($channel['channel_id']); do { - $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 + $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 $sql_options limit 1", intval($channel['channel_id']), dbesc($lfile), @@ -660,7 +667,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { $lpath = $r[0]['hash'] . '/' . $lpath; $lfile = $r[0]['folder']; } while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR)) ; - $path = $basepath . '/' . $lpath; + $path = $basepath . '/' . $lpath; } else $path = $basepath . '/'; @@ -716,7 +723,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { /** * @brief Changes permissions of a file. - * + * * @param int $channel_id * @param array $resource * @param string $allow_cid @@ -841,7 +848,7 @@ function attach_delete($channel_id, $resource) { * @warning This function cannot be used with mod/dav as it always returns a * path valid under mod/cloud. * - * @param array $arr assoziative array with: + * @param array $arr associative array with: * * \e int \b uid the channel's uid * * \e string \b folder * * \e string \b filename @@ -866,7 +873,7 @@ function get_cloudpath($arr) { $lfile = $arr['folder']; do { - $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 + $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 limit 1", intval($arr['uid']), dbesc($lfile), @@ -961,7 +968,7 @@ function find_filename_by_hash($channel_id, $attachHash) { } /** - * + * * @param $in * @param $out */ @@ -1210,6 +1217,7 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny $ret = array(); $parent_arr = array(); + $count_values = array(); $poster = get_app()->get_observer(); //turn allow_gid into allow_cid's @@ -1317,11 +1325,10 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny return $ret; } - /** - * @brief Returns members of a group + * @brief Returns members of a group. * - * @param $group_id + * @param int $group_id id of the group to look up */ function in_group($group_id) { $group_members = array(); -- cgit v1.2.3 From 91d7b0f7eb7d3d7240b9ba12e2fbd71334b5a458 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 17 May 2015 16:28:16 -0700 Subject: more work isolating the projectname from core. --- include/bb2diaspora.php | 2 +- include/diaspora.php | 8 ++++---- include/enotify.php | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/bb2diaspora.php b/include/bb2diaspora.php index 118e78639..8129ab5e6 100644 --- a/include/bb2diaspora.php +++ b/include/bb2diaspora.php @@ -450,7 +450,7 @@ function format_event_diaspora($ev) { $bd_format = t('l F d, Y \@ g:i A') ; // Friday January 18, 2011 @ 8 AM - $o = t('Redmatrix event notification:') . "\n"; + $o = t('$Projectname event notification:') . "\n"; $o .= '**' . (($ev['summary']) ? bb2diaspora($ev['summary']) : bb2diaspora($ev['desc'])) . '**' . "\n"; diff --git a/include/diaspora.php b/include/diaspora.php index e8a470178..43651166d 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -706,8 +706,8 @@ function diaspora_request($importer,$xml) { $cnv = random_string(); $mid = random_string(); - $msg = t('You have started sharing with a Redmatrix premium channel.'); - $msg .= t('Redmatrix premium channels are not available for sharing with Diaspora members. This sharing request has been blocked.') . "\r"; + $msg = t('You have started sharing with a $Projectname premium channel.'); + $msg .= t('$Projectname premium channels are not available for sharing with Diaspora members. This sharing request has been blocked.') . "\r"; $msg .= t('Please do not reply to this message, as this channel is not sharing with you and any reply will not be seen by the recipient.') . "\r"; $created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d H:i:s \U\T\C'); @@ -2458,7 +2458,7 @@ function diaspora_send_status($item,$owner,$contact,$public_batch = false) { '$handle' => xmlify($myaddr), '$public' => $public, '$created' => $created, - '$provider' => (($item['app']) ? $item['app'] : 'redmatrix') + '$provider' => (($item['app']) ? $item['app'] : t('$projectname')) )); } else { $tpl = get_markup_template('diaspora_post.tpl'); @@ -2469,7 +2469,7 @@ function diaspora_send_status($item,$owner,$contact,$public_batch = false) { '$handle' => xmlify($myaddr), '$public' => $public, '$created' => $created, - '$provider' => (($item['app']) ? $item['app'] : 'redmatrix') + '$provider' => (($item['app']) ? $item['app'] : t('projectname')) )); } diff --git a/include/enotify.php b/include/enotify.php index b5495dc7c..b1aae816b 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -55,8 +55,8 @@ function notification($params) { push_lang($recip['account_language']); // should probably have a channel language - $banner = t('Red Matrix Notification'); - $product = t('redmatrix'); // PLATFORM_NAME; + $banner = t('$Projectname Notification'); + $product = t('$projectname'); // PLATFORM_NAME; $siteurl = $a->get_baseurl(true); $thanks = t('Thank You,'); $sitename = get_config('system','sitename'); -- cgit v1.2.3 From 3b859aa9ef01d065b40943f5a5701f35217b89f3 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 17 May 2015 18:14:50 -0700 Subject: Implement permission checking for OAuth clients using the xperm table. Currently 'all' permissions are applied to OAuth clients which gives them the same rights as the channel owner and full access to API functions as the channel owner. However, individual permissions can now be created. These mirror the permission names from the normal permission table (although it isn't required that they do so). Lack of an xp_perm entry for the specified permission and lack of an 'all' override indicates permission denied. --- include/api.php | 5 ++- include/oauth.php | 11 ++++--- include/permissions.php | 84 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 95 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index 12247c183..788a84208 100644 --- a/include/api.php +++ b/include/api.php @@ -78,11 +78,14 @@ require_once('include/items.php'); // list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); if (!is_null($token)){ $oauth->loginUser($token->uid); + + $a->set_oauth_key($consumer->key); + call_hooks('logged_in', $a->user); return; } echo __file__.__line__.__function__."
"; 
-			var_dump($consumer, $token); 
+//			var_dump($consumer, $token); 
 			die();
 		}
 		catch(Exception $e) {
diff --git a/include/oauth.php b/include/oauth.php
index 8eb8a83d8..ec754db95 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -20,19 +20,21 @@ class FKOAuthDataStore extends OAuthDataStore {
 		logger(__function__.":".$consumer_key);
 //      echo "
"; var_dump($consumer_key); killme();
 
-		$r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
+		$r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id = '%s'",
 			dbesc($consumer_key)
 		);
 
-		if (count($r))
+		if($r) {
+			get_app()->set_oauth_key($consumer_key);
 			return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
+		}
 		return null;
   }
 
   function lookup_token($consumer, $token_type, $token) {
 		logger(__function__.":".$consumer.", ". $token_type.", ".$token);
 
-		$r = q("SELECT id, secret,scope, expires, uid  FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
+		$r = q("SELECT id, secret, scope, expires, uid  FROM tokens WHERE client_id = '%s' AND scope = '%s' AND id = '%s'",
 			dbesc($consumer->key),
 			dbesc($token_type),
 			dbesc($token)
@@ -51,7 +53,7 @@ class FKOAuthDataStore extends OAuthDataStore {
   function lookup_nonce($consumer, $token, $nonce, $timestamp) {
 //		echo __file__.":".__line__."
"; var_dump($consumer,$key); killme();
 
-		$r = q("SELECT id, secret  FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d",
+		$r = q("SELECT id, secret FROM tokens WHERE client_id = '%s' AND id = '%s' AND expires = %d",
 			dbesc($consumer->key),
 			dbesc($nonce),
 			intval($timestamp)
@@ -132,6 +134,7 @@ class FKOAuthDataStore extends OAuthDataStore {
 }
 
 class FKOAuth1 extends OAuthServer {
+
 	function __construct() {
 		parent::__construct(new FKOAuthDataStore());
 		$this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
diff --git a/include/permissions.php b/include/permissions.php
index 68ff2b3d4..f63c6da18 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -65,6 +65,10 @@ function get_perms() {
  */
 function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 
+	$api = get_app()->get_oauth_key();
+	if($api)
+		return get_all_api_perms($uid,$api);	
+
 	$global_perms = get_perms();
 
 	// Save lots of individual lookups
@@ -265,6 +269,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
  */
 function perm_is_allowed($uid, $observer_xchan, $permission) {
 
+	$api = get_app()->get_oauth_key();
+	if($api)
+		return api_perm_is_allowed($uid,$api,$permission);
+
 	$arr = array(
 		'channel_id'    => $uid,
 		'observer_hash' => $observer_xchan,
@@ -388,6 +396,82 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
 	return false;
 }
 
+function get_all_api_perms($uid,$api) {	
+
+	$global_perms = get_perms();
+
+	$ret = array();
+
+	$r = q("select * from xperm where xp_client = '%s' and xp_channel = %d",
+		dbesc($api),
+		intval($uid)
+	);
+
+	if(! $r)
+		return false;
+
+	$allow_all = false;
+	$allowed = array();
+	foreach($r as $rr) {
+		if($rr['xp_perm'] === 'all')
+			$allow_all = true;
+		if(! in_array($rr['xp_perm'],$allowed))
+			$allowed[] = $rr['xp_perm'];
+	}
+
+	foreach($global_perms as $perm_name => $permission) {
+		if($allow_all || in_array($perm_name,$allowed))
+			$ret[$perm_name] = true;
+		else
+			$ret[$perm_name] = false;
+
+	}
+
+	$arr = array(
+		'channel_id'    => $uid,
+		'observer_hash' => $observer_xchan,
+		'permissions'   => $ret);
+
+	call_hooks('get_all_api_perms',$arr);
+
+	return $arr['permissions'];
+
+}
+
+
+function api_perm_is_allowed($uid,$api,$permission) {
+
+	$arr = array(
+		'channel_id'    => $uid,
+		'observer_hash' => $observer_xchan,
+		'permission'    => $permission,
+		'result'        => false
+	);
+
+	call_hooks('api_perm_is_allowed', $arr);
+	if($arr['result'])
+		return true;
+
+	$r = q("select * from xperm where xp_client = '%s' and xp_channel = %d and ( xp_perm = 'all' OR xp_perm = '%s' )",
+		dbesc($api),
+		intval($uid),
+		dbesc($permission)
+	);
+
+	if(! $r)
+		return false;
+
+	foreach($r as $rr) {
+		if($rr['xp_perm'] === 'all' || $rr['xp_perm'] === $permission)
+			return true;
+
+	}
+
+	return false;
+
+}
+
+
 
 // Check a simple array of observers against a permissions
 // return a simple array of those with permission
-- 
cgit v1.2.3


From ac3b886cc46bd9c634cce7b409f5bea7211382da Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Sun, 17 May 2015 19:00:17 -0700
Subject: missing $

---
 include/diaspora.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/diaspora.php b/include/diaspora.php
index 43651166d..9b2e4623a 100755
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -2469,7 +2469,7 @@ function diaspora_send_status($item,$owner,$contact,$public_batch = false) {
 			'$handle' => xmlify($myaddr),
 			'$public' => $public,
 			'$created' => $created,
-			'$provider' => (($item['app']) ? $item['app'] : t('projectname'))
+			'$provider' => (($item['app']) ? $item['app'] : t('$projectname'))
 		));
 	}
 
-- 
cgit v1.2.3