From e8c9dafb90e556a9cc9590022ef1131d76b1129d Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 15 Nov 2013 15:32:26 -0800 Subject: revert to prepare_page - but have it call prepare_body --- include/conversation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index fea53015e..a2eeda25b 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1301,7 +1301,7 @@ function prepare_page($item) { '$auth_url' => (($naked) ? '' : $item['author']['xchan_url']), '$date' => (($naked) ? '' : datetime_convert('UTC',date_default_timezone_get(),$item['created'],'Y-m-d H:i')), '$title' => smilies(bbcode($item['title'])), - '$body' => prepare_text($item['body'],$item['mimetype']) + '$body' => prepare_body($item,true) )); } -- cgit v1.2.3 From 06e0272db873ad0b7dbc96596e92b8c635f940a2 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 16:50:32 -0800 Subject: populate some posts when somebody is granted "read stream" permission --- include/items.php | 5 +++++ include/onepoll.php | 9 ++++++--- include/poller.php | 3 +++ include/zot.php | 14 +++++++++++++- 4 files changed, 27 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 520ea7230..5793a7d66 100755 --- a/include/items.php +++ b/include/items.php @@ -3757,6 +3757,7 @@ function fetch_post_tags($items,$link = false) { function zot_feed($uid,$observer_xchan,$mindate) { + $result = array(); $mindate = datetime_convert('UTC','UTC',$mindate); if(! $mindate) @@ -3764,10 +3765,14 @@ function zot_feed($uid,$observer_xchan,$mindate) { $mindate = dbesc($mindate); + logger('zot_feed: ' . $uid); + if(! perm_is_allowed($uid,$observer_xchan,'view_stream')) { + logger('zot_feed: permission denied.'); return $result; } + require_once('include/security.php'); $sql_extra = item_permissions_sql($uid); if($mindate != '0000-00-00 00:00:00') { diff --git a/include/onepoll.php b/include/onepoll.php index 50c2566be..5e5589228 100644 --- a/include/onepoll.php +++ b/include/onepoll.php @@ -98,8 +98,11 @@ function onepoll_run($argv, $argc){ return; if($contact['xchan_connurl']) { - $feedurl = str_replace('/poco/','/zotfeed/',$channel['xchan_connurl']); - $x = z_fetch_url($feedurl . '?f=&mindate=' . $last_update); + $feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']); + $x = z_fetch_url($feedurl . '?f=&mindate=' . urlencode($last_update)); + + logger('feed_update: ' . print_r($x,true), LOGGER_DATA); + if($x['success']) { $total = 0; logger('onepoll: feed update ' . $contact['xchan_name']); @@ -107,7 +110,7 @@ function onepoll_run($argv, $argc){ $j = json_decode($x['body'],true); if($j['success'] && $j['messages']) { foreach($j['messages'] as $message) { - $results = process_delivery(array('hash' => $contact['xchan_hash']),$message, + $results = process_delivery(array('hash' => $contact['xchan_hash']), get_item_elements($message), array(array('hash' => $importer['xchan_hash'])), false); $total ++; } diff --git a/include/poller.php b/include/poller.php index 3c4e6402c..0dcec4c0f 100644 --- a/include/poller.php +++ b/include/poller.php @@ -117,7 +117,10 @@ function poller_run($argv, $argc){ set_config('system','last_expire_day',$d2); + // Uncomment when expire protocol component is working +// Update - this is not going to happen. We are only going to +// implement per-item expire, not blanket expiration // proc_run('php','include/expire.php'); proc_run('php','include/cli_suggest.php'); diff --git a/include/zot.php b/include/zot.php index 09a3c28fa..71f720a6d 100644 --- a/include/zot.php +++ b/include/zot.php @@ -306,6 +306,11 @@ function zot_refresh($them,$channel = null) { ); if(! $y) logger('abook update failed'); + else { + // if we were just granted read stream permission and didn't have it before, try to pull in some posts + if((! ($r[0]['abook_their_perms'] & PERMS_R_STREAM)) && ($their_perms & PERMS_R_STREAM)) + proc_run('php','include/onepoll.php',$r[0]['abook_id']); + } } else { $default_perms = 0; @@ -330,7 +335,6 @@ function zot_refresh($them,$channel = null) { ); if($y) { - logger("New introduction received for {$channel['channel_name']}"); if($default_perms) { // send back a permissions update for auto-friend/auto-permissions @@ -342,6 +346,14 @@ function zot_refresh($them,$channel = null) { if($z) proc_run('php','include/notifier.php','permission_update',$z[0]['abook_id']); } + $new_connection = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s' order by abook_created desc limit 1", + intval($channel['channel_id']), + dbesc($x['hash']) + ); + + if($new_connection && ($their_perms & PERMS_R_STREAM)) + proc_run('php','include/onepoll.php',$new_connection[0]['abook_id']); + } } } -- cgit v1.2.3 From 13538cdd21c6e13a2ff108f1b42dbecaab8b375a Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 19:22:24 -0800 Subject: pull in some posts when we first connect with a new channel (if allowed to) - if not allowed to, do it if that condition changes --- include/items.php | 27 ++++++++++++++++++++------- include/onepoll.php | 24 ++++++++++++++++++------ include/zot.php | 4 ++-- 3 files changed, 40 insertions(+), 15 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 5793a7d66..f8b698a4a 100755 --- a/include/items.php +++ b/include/items.php @@ -552,15 +552,20 @@ function get_item_elements($x) { $arr['created'] = datetime_convert('UTC','UTC',$x['created']); $arr['edited'] = datetime_convert('UTC','UTC',$x['edited']); - $arr['expires'] = ((x($x,'expires') && $x['expires']) - ? datetime_convert('UTC','UTC',$x['expires']) - : '0000-00-00 00:00:00'); if($arr['created'] > datetime_convert()) $arr['created'] = datetime_convert(); if($arr['edited'] > datetime_convert()) $arr['edited'] = datetime_convert(); + $arr['expires'] = ((x($x,'expires') && $x['expires']) + ? datetime_convert('UTC','UTC',$x['expires']) + : '0000-00-00 00:00:00'); + + $arr['commented'] = ((x($x,'commented') && $x['commented']) + ? datetime_convert('UTC','UTC',$x['commented']) + : $arr['created']); + $arr['title'] = (($x['title']) ? htmlentities($x['title'], ENT_COMPAT,'UTF-8',false) : ''); if(mb_strlen($arr['title']) > 255) @@ -714,6 +719,7 @@ function encode_item($item) { $x['created'] = $item['created']; $x['edited'] = $item['edited']; $x['expires'] = $item['expires']; + $x['commented'] = $item['commented']; $x['mimetype'] = $item['mimetype']; $x['title'] = $item['title']; $x['body'] = $item['body']; @@ -1539,8 +1545,8 @@ function item_store($arr,$allow_exec = false) { $arr['owner_xchan'] = ((x($arr,'owner_xchan')) ? notags(trim($arr['owner_xchan'])) : ''); $arr['created'] = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert()); $arr['edited'] = ((x($arr,'edited') !== false) ? datetime_convert('UTC','UTC',$arr['edited']) : datetime_convert()); - $arr['expires'] = ((x($arr,'expires') !== false) ? datetime_convert('UTC','UTC',$arr['expires']) : '0000-00-00 00:00:00'); - $arr['commented'] = datetime_convert(); + $arr['expires'] = ((x($arr,'expires') !== false) ? datetime_convert('UTC','UTC',$arr['expires']) : '0000-00-00 00:00:00'); + $arr['commented'] = ((x($arr,'commented') !== false) ? datetime_convert('UTC','UTC',$arr['commented']) : datetime_convert()); $arr['received'] = datetime_convert(); $arr['changed'] = datetime_convert(); $arr['location'] = ((x($arr,'location')) ? notags(trim($arr['location'])) : ''); @@ -1777,8 +1783,15 @@ function item_store($arr,$allow_exec = false) { // update the commented timestamp on the parent - q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d LIMIT 1", - dbesc(datetime_convert()), + q("update item set commented = ( select max(created) from item where parent_mid = '%s' and uid = %d ) + where id = %d limit 1", + dbesc($arr['parent_mid']), + intval($arr['uid']), + intval($parent_id) + ); + + + q("UPDATE item set changed = '%s' WHERE id = %d LIMIT 1", dbesc(datetime_convert()), intval($parent_id) ); diff --git a/include/onepoll.php b/include/onepoll.php index 5e5589228..a821b76cf 100644 --- a/include/onepoll.php +++ b/include/onepoll.php @@ -36,11 +36,12 @@ function onepoll_run($argv, $argc){ $contacts = q("SELECT abook.*, xchan.*, account.* FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan where abook_id = %d - AND (( abook_flags = %d ) OR ( abook_flags = %d )) + AND (( abook_flags = %d ) OR ( abook_flags = %d ) OR ( abook_flags & %d )) AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1", intval($contact_id), intval(ABOOK_FLAG_HIDDEN), intval(0), + intval(ABOOK_FLAG_PENDING), intval(ACCOUNT_OK), intval(ACCOUNT_UNVERIFIED) ); @@ -67,7 +68,7 @@ function onepoll_run($argv, $argc){ logger("onepoll: poll: ({$contact['id']}) IMPORTER: {$importer['xchan_name']}, CONTACT: {$contact['xchan_name']}"); - $last_update = (($contact['abook_updated'] === '0000-00-00 00:00:00') + $last_update = ((($contact['abook_updated'] === $contact['abook_created']) || ($contact['abook_updated'] === '0000-00-00 00:00:00')) ? datetime_convert('UTC','UTC','now - 7 days') : datetime_convert('UTC','UTC',$contact['abook_updated'] . ' - 2 days') ); @@ -98,12 +99,22 @@ function onepoll_run($argv, $argc){ return; if($contact['xchan_connurl']) { - $feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']); - $x = z_fetch_url($feedurl . '?f=&mindate=' . urlencode($last_update)); + $fetch_feed = true; + $x = null; - logger('feed_update: ' . print_r($x,true), LOGGER_DATA); + if(! ($contact['abook_their_perms'] & PERMS_R_STREAM )) + $fetch_feed = false; - if($x['success']) { + if($fetch_feed) { + + $feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']); + $x = z_fetch_url($feedurl . '?f=&mindate=' . urlencode($last_update)); + + logger('feed_update: ' . print_r($x,true), LOGGER_DATA); + + } + + if(($x) && ($x['success'])) { $total = 0; logger('onepoll: feed update ' . $contact['xchan_name']); @@ -112,6 +123,7 @@ function onepoll_run($argv, $argc){ foreach($j['messages'] as $message) { $results = process_delivery(array('hash' => $contact['xchan_hash']), get_item_elements($message), array(array('hash' => $importer['xchan_hash'])), false); + logger('onepoll: feed_update: process_delivery: ' . print_r($results,true)); $total ++; } logger("onepoll: $total messages processed"); diff --git a/include/zot.php b/include/zot.php index 71f720a6d..018f00ba5 100644 --- a/include/zot.php +++ b/include/zot.php @@ -346,12 +346,12 @@ function zot_refresh($them,$channel = null) { if($z) proc_run('php','include/notifier.php','permission_update',$z[0]['abook_id']); } - $new_connection = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s' order by abook_created desc limit 1", + $new_connection = q("select abook_id, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' order by abook_created desc limit 1", intval($channel['channel_id']), dbesc($x['hash']) ); - if($new_connection && ($their_perms & PERMS_R_STREAM)) + if($new_connection && (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) && ($their_perms & PERMS_R_STREAM)) proc_run('php','include/onepoll.php',$new_connection[0]['abook_id']); } -- cgit v1.2.3 From 23352b939b0fadaadad9c6e02d6d1545f00ee0e9 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 19:49:48 -0800 Subject: better job of setting parent created --- include/items.php | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index f8b698a4a..5625f2c68 100755 --- a/include/items.php +++ b/include/items.php @@ -1783,16 +1783,13 @@ function item_store($arr,$allow_exec = false) { // update the commented timestamp on the parent - q("update item set commented = ( select max(created) from item where parent_mid = '%s' and uid = %d ) - where id = %d limit 1", + $z = q("select max(created) as created from item where parent_mid = '%s' and uid = %d ", dbesc($arr['parent_mid']), - intval($arr['uid']), - intval($parent_id) + intval($arr['uid']) ); - - q("UPDATE item set changed = '%s' WHERE id = %d LIMIT 1", - dbesc(datetime_convert()), + q("UPDATE item set created = '%s', changed = '%s' WHERE id = %d LIMIT 1", + dbesc(($z) ? $z[0]['created'] : (datetime_convert())), intval($parent_id) ); -- cgit v1.2.3 From 6378600747e70ed19f43614cd022aa332d731c45 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 20:09:40 -0800 Subject: fix commented timestamp --- include/items.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 5625f2c68..7db22d0da 100755 --- a/include/items.php +++ b/include/items.php @@ -1783,13 +1783,14 @@ function item_store($arr,$allow_exec = false) { // update the commented timestamp on the parent - $z = q("select max(created) as created from item where parent_mid = '%s' and uid = %d ", + $z = q("select max(commented) as commented from item where parent_mid = '%s' and uid = %d ", dbesc($arr['parent_mid']), intval($arr['uid']) ); - q("UPDATE item set created = '%s', changed = '%s' WHERE id = %d LIMIT 1", - dbesc(($z) ? $z[0]['created'] : (datetime_convert())), + q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d LIMIT 1", + dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), + dbesc(datetime_convert()), intval($parent_id) ); -- cgit v1.2.3 From f8b07e1935dd6d035b7458141eca099a2445b077 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 20:43:50 -0800 Subject: filter out duplicate recipients on local deliveries. We only need to deliver stuff once to any particular channel. --- include/zot.php | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 018f00ba5..1191cc221 100644 --- a/include/zot.php +++ b/include/zot.php @@ -910,11 +910,29 @@ function zot_import($arr, $sender_url) { $deliveries = allowed_public_recips($i); } + + // Go through the hash array and remove duplicates. array_unique() won't do this because the array is more than one level. + + $no_dups = array(); + if($deliveries) { + foreach($deliveries as $d) { + if(! in_array($d['hash'],$no_dups)) + $no_dups[] = $d['hash']; + } + + if($no_dups) { + $deliveries = array(); + foreach($no_dups as $n) { + $deliveries[] = array('hash' => $n); + } + } + } + if(! $deliveries) { logger('zot_import: no deliveries on this site'); continue; } - + if($i['message']) { if($i['message']['type'] === 'activity') { $arr = get_item_elements($i['message']); -- cgit v1.2.3 From dd6c64f95adc89895d4adf9ede8fbc8fdae41750 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 23:12:34 -0800 Subject: magic auth issues --- include/items.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 7db22d0da..7e21b9c4d 100755 --- a/include/items.php +++ b/include/items.php @@ -1783,7 +1783,7 @@ function item_store($arr,$allow_exec = false) { // update the commented timestamp on the parent - $z = q("select max(commented) as commented from item where parent_mid = '%s' and uid = %d ", + $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d ", dbesc($arr['parent_mid']), intval($arr['uid']) ); -- cgit v1.2.3 From ed129f19b01f4f8f34129e297f93c9926e36548a Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 18 Nov 2013 18:37:38 -0800 Subject: fix plugin and them toggles for the colourblind, add theme info block and recent screenshot to redbasic --- include/plugin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/plugin.php b/include/plugin.php index ea88a61df..d90434b3a 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -298,10 +298,10 @@ function get_theme_info($theme){ 'name' => $theme, 'description' => "", 'author' => array(), - 'maintainer' => array(), 'version' => "", - 'credits' => "", 'compat' => "", + 'credits' => "", + 'maintainer' => array(), 'experimental' => false, 'unsupported' => false ); -- cgit v1.2.3 From d7ee552c570f4fca760c3d1573f32c005cf73bb8 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 20 Nov 2013 15:20:12 -0800 Subject: Protocol: now set data['alg'] on all encapsulated encrypted packets, so that we can more easily retire 'aes256cbc' once it is no longer viable. --- include/crypto.php | 16 ++++++++++++++++ include/follow.php | 2 +- include/items.php | 26 +++++++++++++------------- include/message.php | 16 ++++++++-------- include/text.php | 4 ++-- include/zot.php | 10 +++++----- 6 files changed, 45 insertions(+), 29 deletions(-) (limited to 'include') diff --git a/include/crypto.php b/include/crypto.php index a0268ef93..ca01814da 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -49,6 +49,13 @@ function AES256CBC_decrypt($data,$key,$iv) { str_pad($iv,16,"\0"))); } +function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { + if($alg === 'aes256cbc') + return aes_encapsulate($data,$pubkey); + +} + + function aes_encapsulate($data,$pubkey) { if(! $pubkey) logger('aes_encapsulate: no key. data: ' . $data); @@ -60,12 +67,21 @@ function aes_encapsulate($data,$pubkey) { $x = debug_backtrace(); logger('aes_encapsulate: RSA failed. ' . print_r($x[0],true)); } + $result['alg'] = 'aes256cbc'; $result['key'] = base64url_encode($k,true); openssl_public_encrypt($iv,$i,$pubkey); $result['iv'] = base64url_encode($i,true); return $result; } +function crypto_unencapsulate($data,$prvkey) { + $alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc'); + if($alg === 'aes256cbc') + return aes_unencapsulate($data,$prvkey); + +} + + function aes_unencapsulate($data,$prvkey) { openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); diff --git a/include/follow.php b/include/follow.php index 10bcddf2b..5cf161304 100644 --- a/include/follow.php +++ b/include/follow.php @@ -96,7 +96,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $global_perms = get_perms(); if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) { - $permissions = aes_unencapsulate(array( + $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), diff --git a/include/items.php b/include/items.php index 7e21b9c4d..fabad6a63 100755 --- a/include/items.php +++ b/include/items.php @@ -644,9 +644,9 @@ function get_item_elements($x) { $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; $key = get_config('system','pubkey'); if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); } @@ -699,9 +699,9 @@ function encode_item($item) { if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) { $key = get_config('system','prvkey'); if($item['title']) - $item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); if($item['body']) - $item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); } if($item['item_restrict'] & ITEM_DELETED) { @@ -908,9 +908,9 @@ function encode_mail($item) { if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) { $key = get_config('system','prvkey'); if($item['title']) - $item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); if($item['body']) - $item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); } $x['message_id'] = $item['mid']; @@ -963,10 +963,10 @@ function get_mail_elements($x) { $arr['mail_flags'] |= MAIL_OBSCURED; $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false); if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['created'] > datetime_convert()) $arr['created'] = datetime_convert(); @@ -1516,9 +1516,9 @@ function item_store($arr,$allow_exec = false) { $key = get_config('system','pubkey'); $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); } } @@ -1887,9 +1887,9 @@ function item_store_update($arr,$allow_exec = false) { $key = get_config('system','pubkey'); $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); } } @@ -2243,7 +2243,7 @@ function tag_deliver($uid,$item_id) { if($item['item_flags'] & ITEM_OBSCURED) { $key = get_config('system','prvkey'); if($item['body']) - $body = aes_unencapsulate(json_decode_plus($item['body']),$key); + $body = crypto_unencapsulate(json_decode_plus($item['body']),$key); } else $body = $item['body']; diff --git a/include/message.php b/include/message.php index 2fca9bef0..a95021583 100644 --- a/include/message.php +++ b/include/message.php @@ -109,9 +109,9 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $key = get_config('system','pubkey'); if($subject) - $subject = json_encode(aes_encapsulate($subject,$key)); + $subject = json_encode(crypto_encapsulate($subject,$key)); if($body) - $body = json_encode(aes_encapsulate($body,$key)); + $body = json_encode(crypto_encapsulate($body,$key)); @@ -231,9 +231,9 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $key = get_config('system','prvkey'); if($r[$k]['title']) - $r[$k]['title'] = aes_unencapsulate(json_decode_plus($r[$k]['title']),$key); + $r[$k]['title'] = crypto_unencapsulate(json_decode_plus($r[$k]['title']),$key); if($r[$k]['body']) - $r[$k]['body'] = aes_unencapsulate(json_decode_plus($r[$k]['body']),$key); + $r[$k]['body'] = crypto_unencapsulate(json_decode_plus($r[$k]['body']),$key); } } @@ -270,9 +270,9 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { $key = get_config('system','prvkey'); if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); + $messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key); if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); + $messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key); } } @@ -358,9 +358,9 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { $key = get_config('system','prvkey'); if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); + $messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key); if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); + $messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key); } } diff --git a/include/text.php b/include/text.php index fc70e3509..780992f4a 100755 --- a/include/text.php +++ b/include/text.php @@ -1010,9 +1010,9 @@ function unobscure(&$item) { if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) { $key = get_config('system','prvkey'); if($item['title']) - $item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); if($item['body']) - $item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); } } diff --git a/include/zot.php b/include/zot.php index 1191cc221..a4a27ce9c 100644 --- a/include/zot.php +++ b/include/zot.php @@ -82,7 +82,7 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_ // Hush-hush ultra top-secret mode if($remote_key) { - $data = aes_encapsulate(json_encode($data),$remote_key); + $data = crypto_encapsulate(json_encode($data),$remote_key); } return json_encode($data); @@ -269,7 +269,7 @@ function zot_refresh($them,$channel = null) { if($channel) { $global_perms = get_perms(); if($j['permissions']['data']) { - $permissions = aes_unencapsulate(array( + $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), @@ -823,7 +823,7 @@ function zot_fetch($arr) { 'secret_sig' => base64url_encode(rsa_sign($arr['secret'],get_config('system','prvkey'))) ); - $datatosend = json_encode(aes_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'])); + $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'])); $fetch = zot_zot($url,$datatosend); $result = zot_import($fetch, $arr['sender']['url']); @@ -849,7 +849,7 @@ function zot_import($arr, $sender_url) { } if(array_key_exists('iv',$data)) { - $data = json_decode(aes_unencapsulate($data,get_config('system','prvkey')),true); + $data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true); } $incoming = $data['pickup']; @@ -861,7 +861,7 @@ function zot_import($arr, $sender_url) { $result = null; if(array_key_exists('iv',$i['notify'])) { - $i['notify'] = json_decode(aes_unencapsulate($i['notify'],get_config('system','prvkey')),true); + $i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true); } logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA); -- cgit v1.2.3 From 5315c88621719c93235f4d2d8a93eed29d7ae851 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 20 Nov 2013 16:20:32 -0800 Subject: webpage edit - losing the ability to pass unfiltered html and perhaps some php due to unsetting uid too early in item_store_update() --- include/items.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index fabad6a63..9fbd3fd8a 100755 --- a/include/items.php +++ b/include/items.php @@ -1844,8 +1844,6 @@ function item_store_update($arr,$allow_exec = false) { $arr['item_flags'] = intval($arr['item_flags']) | $orig[0]['item_flags']; $arr['item_restrict'] = intval($arr['item_restrict']) | $orig[0]['item_restrict']; - unset($arr['id']); - unset($arr['uid']); if(array_key_exists('edit',$arr)) unset($arr['edit']); @@ -1911,7 +1909,8 @@ function item_store_update($arr,$allow_exec = false) { } - + unset($arr['id']); + unset($arr['uid']); unset($arr['aid']); unset($arr['mid']); unset($arr['parent']); -- cgit v1.2.3 From 4791b2fd9c6dabc9ebb1f42a4993185d85493261 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 20 Nov 2013 21:09:13 -0800 Subject: add aid to notifiy table which we may need to supress duplicate notify emails across your channels also try to handle the wretched mess of broken and duplicated hublocs that fred.cepheus.uberspace.de typically reports --- include/enotify.php | 8 +++++--- include/notifier.php | 12 ++++++++---- include/zot.php | 16 +++++++++++++--- 3 files changed, 26 insertions(+), 10 deletions(-) (limited to 'include') diff --git a/include/enotify.php b/include/enotify.php index 67fe748d1..91b37a913 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -322,6 +322,7 @@ function notification($params) { $datarray['url'] = $sender['xchan_url']; $datarray['photo'] = $sender['xchan_photo_s']; $datarray['date'] = datetime_convert(); + $datarray['aid'] = $recip['channel_account_id']; $datarray['uid'] = $recip['channel_id']; $datarray['link'] = $itemlink; $datarray['parent'] = $parent_id; @@ -340,13 +341,14 @@ function notification($params) { // create notification entry in DB - $r = q("insert into notify (hash,name,url,photo,date,uid,link,parent,type,verb,otype) - values('%s','%s','%s','%s','%s',%d,'%s',%d,%d,'%s','%s')", + $r = q("insert into notify (hash,name,url,photo,date,aid,uid,link,parent,type,verb,otype) + values('%s','%s','%s','%s','%s',%d,%d,'%s',%d,%d,'%s','%s')", dbesc($datarray['hash']), dbesc($datarray['name']), dbesc($datarray['url']), dbesc($datarray['photo']), dbesc($datarray['date']), + intval($datarray['aid']), intval($datarray['uid']), dbesc($datarray['link']), intval($datarray['parent']), @@ -559,7 +561,7 @@ class enotify { // send the message $res = mail( - $params['toEmail'], // send to address + $params['toEmail'], // send to address $messageSubject, // subject $multipartMessageBody, // message body $messageHeader // message headers diff --git a/include/notifier.php b/include/notifier.php index 1407be4b3..2ca3531d6 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -408,9 +408,9 @@ function notifier_run($argv, $argc){ // for public posts always include our own hub - $sql_extra = (($private) ? "" : " or hubloc_url = '" . z_root() . "' "); + $sql_extra = (($private) ? "" : " or hubloc_url = '" . dbesc(z_root()) . "' "); - $r = q("select distinct hubloc_sitekey, hubloc_flags, hubloc_callback, hubloc_host from hubloc + $r = q("select hubloc_sitekey, hubloc_flags, hubloc_callback, hubloc_host from hubloc where hubloc_hash in (" . implode(',',$recipients) . ") $sql_extra group by hubloc_sitekey"); if(! $r) { logger('notifier: no hubs'); @@ -419,10 +419,14 @@ function notifier_run($argv, $argc){ $hubs = $r; $hublist = array(); + $keys = array(); + foreach($hubs as $hub) { - // don't try to deliver to deleted hublocs - if(! ($hub['hubloc_flags'] & HUBLOC_FLAGS_DELETED)) { + // don't try to deliver to deleted hublocs - and inexplicably SQL "distinct" and "group by" + // both return records with duplicate keys in rare circumstances + if((! ($hub['hubloc_flags'] & HUBLOC_FLAGS_DELETED)) && (! in_array($hub['hubloc_sitekey'],$keys))) { $hublist[] = $hub['hubloc_host']; + $keys[] = $hub['hubloc_sitekey']; } } diff --git a/include/zot.php b/include/zot.php index a4a27ce9c..9906b7ec8 100644 --- a/include/zot.php +++ b/include/zot.php @@ -584,7 +584,7 @@ function import_xchan($arr,$ud_flags = 1) { if($arr['locations']) { - $xisting = q("select hubloc_id, hubloc_url from hubloc where hubloc_hash = '%s'", + $xisting = q("select hubloc_id, hubloc_url, hubloc_sitekey from hubloc where hubloc_hash = '%s'", dbesc($xchan_hash) ); @@ -596,14 +596,14 @@ function import_xchan($arr,$ud_flags = 1) { } for($x = 0; $x < count($xisting); $x ++) { - if($xisting[$x]['hubloc_url'] == $location['url']) { + if(($xisting[$x]['hubloc_url'] === $location['url']) && ($xisting[$x]['hubloc_sitekey'] === $location['sitekey'])) { $xisting[$x]['updated'] = true; } } // match as many fields as possible in case anything at all changed. - $r = q("select * from hubloc where hubloc_hash = '%s' and hubloc_guid = '%s' and hubloc_guid_sig = '%s' and hubloc_url = '%s' and hubloc_url_sig = '%s' and hubloc_host = '%s' and hubloc_addr = '%s' and hubloc_callback = '%s' and hubloc_sitekey = '%s' limit 1", + $r = q("select * from hubloc where hubloc_hash = '%s' and hubloc_guid = '%s' and hubloc_guid_sig = '%s' and hubloc_url = '%s' and hubloc_url_sig = '%s' and hubloc_host = '%s' and hubloc_addr = '%s' and hubloc_callback = '%s' and hubloc_sitekey = '%s' ", dbesc($xchan_hash), dbesc($arr['guid']), dbesc($arr['guid_sig']), @@ -624,6 +624,16 @@ function import_xchan($arr,$ud_flags = 1) { intval($r[0]['hubloc_id']) ); } + + // Remove pure duplicates + if($count($r) > 1) { + for($h = 1; $h < count($r); $h ++) { + q("delete from hubloc where hubloc_id = %d limit 1", + intval($r[$h]['hubloc_id']) + ); + } + } + if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) && (! $location['primary'])) || ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY)) && ($location['primary']))) { $r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1", -- cgit v1.2.3 From be8a7e2de6326ea9fb16bebbafeaeaf6fa52a767 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 21 Nov 2013 15:58:42 -0800 Subject: this is necessary for any possibility of a federated future. --- include/notifier.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/notifier.php b/include/notifier.php index 2ca3531d6..0868ac77e 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -382,12 +382,27 @@ function notifier_run($argv, $argc){ $env_recips = (($private) ? array() : null); - $details = q("select xchan_hash, xchan_addr, xchan_guid, xchan_guid_sig from xchan where xchan_hash in (" . implode(',',$recipients) . ")"); + $details = q("select xchan_hash, xchan_instance_url, xchan_addr, xchan_guid, xchan_guid_sig from xchan where xchan_hash in (" . implode(',',$recipients) . ")"); $recip_list = array(); if($details) { foreach($details as $d) { + + // If the recipient is federated from a traditional network they won't be able to + // handle nomadic identity. If we're publishing from a site that they aren't + // directly connected with, ignore them. + + // FIXME: make sure we run through a notifier loop on the hub they're connected + // with if this post comes in from a different hub - so that we will deliver to them. + + // On the down side, these channels will stop working if the hub they connected with + // goes down permanently, as they are (doh) not nomadic. + + if(($d['xchan_instance_url']) && ($d['xchan_instance_url'] != z_root())) + continue; + + $recip_list[] = $d['xchan_addr'] . ' (' . $d['xchan_hash'] . ')'; if($private) $env_recips[] = array('guid' => $d['xchan_guid'],'guid_sig' => $d['xchan_guid_sig']); -- cgit v1.2.3 From 3e0ac769aad2ae15934c32eef2f4992bde73e178 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 21 Nov 2013 17:23:14 -0800 Subject: white screen --- include/group.php | 6 +++--- include/zot.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/group.php b/include/group.php index eece07983..d339301b4 100644 --- a/include/group.php +++ b/include/group.php @@ -202,7 +202,7 @@ function group_get_members($gid) { return $ret; } -function mini_group_select($uid,$gid = 0) { +function mini_group_select($uid,$group = '') { $grps = array(); $o = ''; @@ -210,10 +210,10 @@ function mini_group_select($uid,$gid = 0) { $r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d ORDER BY `name` ASC", intval($uid) ); - $grps[] = array('name' => '', 'id' => '0', 'selected' => ''); + $grps[] = array('name' => '', 'hash' => '0', 'selected' => ''); if(count($r)) { foreach($r as $rr) { - $grps[] = array('name' => $rr['name'], 'id' => $rr['id'], 'selected' => (($gid == $rr['id']) ? 'true' : '')); + $grps[] = array('name' => $rr['name'], 'id' => $rr['hash'], 'selected' => (($group == $rr['hash']) ? 'true' : '')); } } diff --git a/include/zot.php b/include/zot.php index 9906b7ec8..65f3b606f 100644 --- a/include/zot.php +++ b/include/zot.php @@ -626,7 +626,7 @@ function import_xchan($arr,$ud_flags = 1) { } // Remove pure duplicates - if($count($r) > 1) { + if(count($r) > 1) { for($h = 1; $h < count($r); $h ++) { q("delete from hubloc where hubloc_id = %d limit 1", intval($r[$h]['hubloc_id']) -- cgit v1.2.3 From f2435ed4cdee6e20a92f2acfd60399cb92b2c1e3 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 21 Nov 2013 17:49:14 -0800 Subject: follow and accept_follow hooks --- include/follow.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include') diff --git a/include/follow.php b/include/follow.php index 5cf161304..845ce11da 100644 --- a/include/follow.php +++ b/include/follow.php @@ -175,6 +175,10 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) proc_run('php', 'include/notifier.php', 'permission_update', $result['abook']['abook_id']); } + $arr = array('channel_id' => $uid, 'abook' => $result['abook']); + + call_hooks('follow', $arr); + /** If there is a default group for this channel, add this member to it */ if($default_group) { -- cgit v1.2.3 From 4be581494e03aa7c79c5691e64b75bee313d778f Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 21 Nov 2013 20:40:31 -0800 Subject: add recipient name to some of the notification emails for those who have a lot of channels and it isn't always obvious which channel is getting the notification. If this works out we should probably add this to the rest of them. --- include/enotify.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/enotify.php b/include/enotify.php index 91b37a913..cfa8c25ae 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -79,7 +79,7 @@ function notification($params) { logger('notification: mail'); $subject = sprintf( t('[Red:Notify] New mail received at %s'),$sitename); - $preamble = sprintf( t('%1$s sent you a new private message at %2$s.'),$sender['xchan_name'],$sitename); + $preamble = sprintf( t('%1$s, %2$s sent you a new private message at %3$s.'),$recip['channel_name'], $sender['xchan_name'],$sitename); $epreamble = sprintf( t('%1$s sent you %2$s.'),'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', '[zrl=$itemlink]' . t('a private message') . '[/zrl]'); $sitelink = t('Please visit %s to view and/or reply to your private messages.'); $tsitelink = sprintf( $sitelink, $siteurl . '/message/' . $params['item']['id'] ); @@ -198,7 +198,7 @@ function notification($params) { } $subject = sprintf( t('[Red:Notify] %s tagged you') , $sender['xchan_name']); - $preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename); + $preamble = sprintf( t('%1$s, %2$s tagged you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename); $epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') , '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', $params['link']); @@ -212,7 +212,7 @@ function notification($params) { if($params['type'] == NOTIFY_POKE) { $subject = sprintf( t('[Red:Notify] %1$s poked you') , $sender['xchan_name']); - $preamble = sprintf( t('%1$s poked you at %2$s') , $sender['xchan_name'], $sitename); + $preamble = sprintf( t('%1$s, %2$s poked you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename); $epreamble = sprintf( t('%1$s [zrl=%2$s]poked you[/zrl].') , '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', $params['link']); -- cgit v1.2.3 From 34f8b215114f1041094784c9f931d185b78b0ec2 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 22 Nov 2013 11:52:38 -0800 Subject: init_groups_visitor() was still using old array of id output (not the newer array of hash which we need for permission queries) --- include/security.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/security.php b/include/security.php index 1181e6bf2..296fa450f 100644 --- a/include/security.php +++ b/include/security.php @@ -386,12 +386,12 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f if(! function_exists('init_groups_visitor')) { function init_groups_visitor($contact_id) { $groups = array(); - $r = q("SELECT gid FROM group_member WHERE xchan = '%s' ", + $r = q("SELECT hash FROM `group` left join group_member on group.id = group_member.gid WHERE xchan = '%s' ", dbesc($contact_id) ); if(count($r)) { foreach($r as $rr) - $groups[] = $rr['gid']; + $groups[] = $rr['hash']; } return $groups; }} -- cgit v1.2.3 From 8619fc368d24fa903c543561428709452b08c5a7 Mon Sep 17 00:00:00 2001 From: tuscanhobbit Date: Fri, 22 Nov 2013 22:45:16 +0100 Subject: updated logo in readme and r# shorthand --- include/text.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 780992f4a..54626a772 100755 --- a/include/text.php +++ b/include/text.php @@ -916,8 +916,8 @@ function smilies($s, $sample = false) { ':facepalm', ':like', ':dislike', - 'red# the Red Matrix', - 'r# the Red Matrix', + 'redred#matrix', + 'redr#matrix', '~friendica ~friendica' ); -- cgit v1.2.3 From 2c6e1b7aee2928c077bc090b1c4fe65c599d5d12 Mon Sep 17 00:00:00 2001 From: tuscanhobbit Date: Sat, 23 Nov 2013 20:01:11 +0100 Subject: replaced rhash icon --- include/api.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index 1dd970cbc..8f7be37c7 100644 --- a/include/api.php +++ b/include/api.php @@ -233,7 +233,7 @@ require_once('include/photos.php'); 'updated' => api_date(null), 'atom_updated' => datetime_convert('UTC','UTC','now',ATOM_TIME), 'language' => $user_info['language'], - 'logo' => $a->get_baseurl()."/images/rhash-64.png", + 'logo' => $a->get_baseurl()."/images/rm-64.png", ); return $arr; @@ -1581,7 +1581,7 @@ require_once('include/photos.php'); $name = get_config('system','sitename'); $server = $a->get_hostname(); - $logo = $a->get_baseurl() . '/images/rhash-64.png'; + $logo = $a->get_baseurl() . '/images/rm-64.png'; $email = get_config('system','admin_email'); $closed = ((get_config('system','register_policy') == REGISTER_CLOSED) ? 'true' : 'false'); $private = ((get_config('system','block_public')) ? 'true' : 'false'); -- cgit v1.2.3 From a82a1d7c0548eccc10ce9ad71c2514cd70e03b3d Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 24 Nov 2013 14:39:29 -0800 Subject: add recipient name to the rest of the notification emails --- include/enotify.php | 84 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 47 insertions(+), 37 deletions(-) (limited to 'include') diff --git a/include/enotify.php b/include/enotify.php index cfa8c25ae..808efef51 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -132,25 +132,28 @@ function notification($params) { //$possess_desc = str_replace('',$possess_desc); // "a post" - $dest_str = sprintf(t('%1$s commented on [zrl=%2$s]a %3$s[/zrl]'), - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $itemlink, - $item_post_type); + $dest_str = sprintf(t('%1$s, %2$s commented on [zrl=%3$s]a %4$s[/zrl]'), + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $itemlink, + $item_post_type); // "George Bull's post" if($p) - $dest_str = sprintf(t('%1$s commented on [zrl=%2$s]%3$s\'s %4$s[/zrl]'), - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $itemlink, - $p[0]['author']['xchan_name'], - $item_post_type); + $dest_str = sprintf(t('%1$s, %2$s commented on [zrl=%3$s]%4$s\'s %5$s[/zrl]'), + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $itemlink, + $p[0]['author']['xchan_name'], + $item_post_type); // "your post" if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && ($p[0]['item_flags'] & ITEM_WALL)) - $dest_str = sprintf(t('%1$s commented on [zrl=%2$s]your %3$s[/zrl]'), - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $itemlink, - $item_post_type); + $dest_str = sprintf(t('%1$s, %2$s commented on [zrl=%3$s]your %4$s[/zrl]'), + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $itemlink, + $item_post_type); // Some mail softwares relies on subject field for threading. // So, we cannot have different subjects for notifications of the same thread. @@ -158,7 +161,7 @@ function notification($params) { // differents subjects for messages on the same thread. $subject = sprintf( t('[Red:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']); - $preamble = sprintf( t('%s commented on an item/conversation you have been following.'), $sender['xchan_name']); + $preamble = sprintf( t('%1$s, %2$s commented on an item/conversation you have been following.'), $recip['channel_name'], $sender['xchan_name']); $epreamble = $dest_str; $sitelink = t('Please visit %s to view and/or reply to the conversation.'); @@ -170,11 +173,13 @@ function notification($params) { if($params['type'] == NOTIFY_WALL) { $subject = sprintf( t('[Red:Notify] %s posted to your profile wall') , $sender['xchan_name']); - $preamble = sprintf( t('%1$s posted to your profile wall at %2$s') , $sender['xchan_name'], $sitename); + $preamble = sprintf( t('%1$s, %2$s posted to your profile wall at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('%1$s posted to [zrl=%2$s]your wall[/zrl]') , - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $params['link']); + $epreamble = sprintf( t('%1$s, %2$s posted to [zrl=%3$s]your wall[/zrl]') , + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $params['link']); + // FIXME - check the item privacy $private = false; @@ -199,9 +204,10 @@ function notification($params) { $subject = sprintf( t('[Red:Notify] %s tagged you') , $sender['xchan_name']); $preamble = sprintf( t('%1$s, %2$s tagged you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') , - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $params['link']); + $epreamble = sprintf( t('%1$s, %2$s [zrl=%3$s]tagged you[/zrl].') , + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $params['link']); $sitelink = t('Please visit %s to view and/or reply to the conversation.'); $tsitelink = sprintf( $sitelink, $siteurl ); @@ -213,9 +219,10 @@ function notification($params) { $subject = sprintf( t('[Red:Notify] %1$s poked you') , $sender['xchan_name']); $preamble = sprintf( t('%1$s, %2$s poked you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('%1$s [zrl=%2$s]poked you[/zrl].') , - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $params['link']); + $epreamble = sprintf( t('%1$s, %2$s [zrl=%2$s]poked you[/zrl].') , + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $params['link']); $subject = str_replace('poked', t($params['activity']), $subject); $preamble = str_replace('poked', t($params['activity']), $preamble); @@ -229,10 +236,11 @@ function notification($params) { if($params['type'] == NOTIFY_TAGSHARE) { $subject = sprintf( t('[Red:Notify] %s tagged your post') , $sender['xchan_name']); - $preamble = sprintf( t('%1$s tagged your post at %2$s') , $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('%1$s tagged [zrl=%2$s]your post[/zrl]') , - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $itemlink); + $preamble = sprintf( t('%1$s, %2$s tagged your post at %3$s') , $recip['channel_name'],$sender['xchan_name'], $sitename); + $epreamble = sprintf( t('%1$s, %2$s tagged [zrl=%3$s]your post[/zrl]') , + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $itemlink); $sitelink = t('Please visit %s to view and/or reply to the conversation.'); $tsitelink = sprintf( $sitelink, $siteurl ); @@ -242,10 +250,11 @@ function notification($params) { if($params['type'] == NOTIFY_INTRO) { $subject = sprintf( t('[Red:Notify] Introduction received')); - $preamble = sprintf( t('You\'ve received an introduction from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('You\'ve received [zrl=%1$s]an introduction[/zrl] from %2$s.'), - $itemlink, - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); + $preamble = sprintf( t('%1$s, you\'ve received an introduction from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); + $epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]an introduction[/zrl] from %3$s.'), + $recip['channel_name'], + $itemlink, + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); $body = sprintf( t('You may visit their profile at %s'),$sender['xchan_url']); $sitelink = t('Please visit %s to approve or reject the introduction.'); @@ -256,11 +265,12 @@ function notification($params) { if($params['type'] == NOTIFY_SUGGEST) { $subject = sprintf( t('[Red:Notify] Friend suggestion received')); - $preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('You\'ve received [zrl=%1$s]a friend suggestion[/zrl] for %2$s from %3$s.'), - $itemlink, - '[zrl=' . $params['item']['url'] . ']' . $params['item']['name'] . '[/zrl]', - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); + $preamble = sprintf( t('%1$s, you\'ve received a friend suggestion from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); + $epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]a friend suggestion[/zrl] for %3$s from %4$s.'), + $recip['channel_name'], + $itemlink, + '[zrl=' . $params['item']['url'] . ']' . $params['item']['name'] . '[/zrl]', + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); $body = t('Name:') . ' ' . $params['item']['name'] . "\n"; $body .= t('Photo:') . ' ' . $params['item']['photo'] . "\n"; -- cgit v1.2.3 From dde3e28ceb150b2ddc6f60ea6c0c25aa45176921 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 26 Nov 2013 15:26:11 -0800 Subject: add drop_item hook --- include/items.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include') diff --git a/include/items.php b/include/items.php index 9fbd3fd8a..6968781f7 100755 --- a/include/items.php +++ b/include/items.php @@ -3551,6 +3551,9 @@ function drop_item($id,$interactive = true) { if($ok_to_delete) { + $arr = array('item' => $item); + call_hooks('drop_item', $arr ); + $notify_id = intval($item['id']); $items = q("select * from item where parent = %d and uid = %d", -- cgit v1.2.3 From 6f6fcddfc3fc9bb2e63dd615f29116ced49838d5 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 26 Nov 2013 16:38:48 -0800 Subject: api fixes --- include/api.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index 8f7be37c7..717f1572a 100644 --- a/include/api.php +++ b/include/api.php @@ -739,7 +739,7 @@ require_once('include/photos.php'); 'created_at' => api_date($lastwall['created']), 'in_reply_to_status_id' => $in_reply_to_status_id, 'source' => (($lastwall['app']) ? $lastwall['app'] : 'web'), - 'id' => (($w) ? $w[0]['abook_id'] : $user_info['id']), + 'id' => ($lastwall['id']), 'in_reply_to_user_id' => $in_reply_to_user_id, 'in_reply_to_screen_name' => $in_reply_to_screen_name, 'geo' => '', @@ -1081,10 +1081,18 @@ require_once('include/photos.php'); // params $id = intval(argv(3)); - logger('API: api_statuses_destroy: '.$id); + // first prove that we own the item + + $r = q("select * from item where id = %d and uid = %d limit 1", + intval($id), + intval($user_info['uid']) + ); - require_once('include/items.php'); - drop_item($id, false); + if($r) { + logger('API: api_statuses_destroy: '.$id); + require_once('include/items.php'); + drop_item($id, false); + } if ($type == 'xml') $ok = "true"; -- cgit v1.2.3 From ef53c72a708ed2b1ba4cc1ffc6a926a33ba6a2f2 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 26 Nov 2013 17:02:49 -0800 Subject: delete from the wp side as well as from the red side --- include/api.php | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index 717f1572a..ca5592d08 100644 --- a/include/api.php +++ b/include/api.php @@ -1080,19 +1080,35 @@ require_once('include/photos.php'); // params $id = intval(argv(3)); + if($id) { + // first prove that we own the item - // first prove that we own the item + $r = q("select * from item where id = %d and uid = %d limit 1", + intval($id), + intval($user_info['uid']) + ); + if(! $r) + return false; + } + else { + if($_REQUEST['namespace'] && $_REQUEST['remote_id']) { + $r = q("select * from item_id where service = '%s' and sid = '%s' and uid = %d limit 1", + dbesc($_REQUEST['namespace']), + dbesc($_REQUEST['remote_id']), + intval($user_info['uid']) + ); + if(! $r) + return false; + $id = $r[0]['iid']; + } + } + if(! $id) + return false; - $r = q("select * from item where id = %d and uid = %d limit 1", - intval($id), - intval($user_info['uid']) - ); + logger('API: api_statuses_destroy: '.$id); + require_once('include/items.php'); + drop_item($id, false); - if($r) { - logger('API: api_statuses_destroy: '.$id); - require_once('include/items.php'); - drop_item($id, false); - } if ($type == 'xml') $ok = "true"; @@ -1114,7 +1130,7 @@ require_once('include/photos.php'); if (api_user()===false) return false; $user_info = api_get_user($a); - // get last newtork messages + // get last network messages // params -- cgit v1.2.3 From ff635f0133532b82efc1e1fb531a1e3943cfe337 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 26 Nov 2013 23:00:32 -0800 Subject: ensure that drop_item doesn't recurse --- include/items.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 6968781f7..02f733d92 100755 --- a/include/items.php +++ b/include/items.php @@ -3525,7 +3525,7 @@ function drop_item($id,$interactive = true) { intval($id) ); - if(! $r) { + if((! $r) || ($r[0]['item_restrict'] & ITEM_DELETED)) { if(! $interactive) return 0; notice( t('Item not found.') . EOL); -- cgit v1.2.3 From da29ce6dac0667de2883101e34c9dd64258719ce Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 26 Nov 2013 23:10:10 -0800 Subject: more loop prevention --- include/items.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'include') diff --git a/include/items.php b/include/items.php index 02f733d92..45c5f5ac9 100755 --- a/include/items.php +++ b/include/items.php @@ -3551,6 +3551,14 @@ function drop_item($id,$interactive = true) { if($ok_to_delete) { + // set the deleted flag immediately on this item just in case the + // hook calls a remote process which loops. We'll delete it properly in a second. + + $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ) WHERE id = %d LIMIT 1", + intval(ITEM_DELETED), + intval($item['id']) + ); + $arr = array('item' => $item); call_hooks('drop_item', $arr ); -- cgit v1.2.3 From 64b467ea98fd4cf3cb6215be9ff8e5a9d13ba1a8 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 27 Nov 2013 02:51:16 -0800 Subject: reduce the likelihood that a given channel will have 30-40 valid hublocs with the same hubloc_url. --- include/zot.php | 31 +++++++++---------------------- 1 file changed, 9 insertions(+), 22 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 65f3b606f..0e92b0bff 100644 --- a/include/zot.php +++ b/include/zot.php @@ -18,33 +18,20 @@ function zot_new_uid($channel_nick) { /** - * - * Given an array of zot hashes, return all distinct hubs - * If primary is true, return only primary hubs - * Result is ordered by url to assist in batching. - * Return only the first primary hub as there should only be one. + * @function zot_get_hublocs($hash) + * Given a zot hash, return all distinct hubs + * @param string $hash - xchan_hash + * @retuns array * */ -function zot_get_hubloc($arr,$primary = false) { - - $tmp = ''; - - if(is_array($arr)) { - foreach($arr as $e) { - if(strlen($tmp)) - $tmp .= ','; - $tmp .= "'" . dbesc($e) . "'" ; - } - } - - if(! strlen($tmp)) - return array(); +function zot_get_hublocs($hash) { - $sql_extra = (($primary) ? " and hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) : "" ); - $limit = (($primary) ? " limit 1 " : ""); - return q("select * from hubloc where hubloc_hash in ( $tmp ) $sql_extra order by hubloc_url $limit"); + $ret = q("select * from hubloc where hubloc_hash = '%s' group by hubloc_url ", + dbesc($hash) + ); + return $ret; } /* -- cgit v1.2.3 From aab9b30d03e2cad7be2207fa22dcd6ddad224369 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 28 Nov 2013 00:16:13 -0800 Subject: synchronise deletion of comments between red and wp --- include/api.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'include') diff --git a/include/api.php b/include/api.php index ca5592d08..093839875 100644 --- a/include/api.php +++ b/include/api.php @@ -1101,6 +1101,16 @@ require_once('include/photos.php'); return false; $id = $r[0]['iid']; } + if($_REQUEST['namespace'] && $_REQUEST['comment_id']) { + $r = q("select * from item_id left join item on item.id = item_id.iid where service = '%s' and sid = '%s' and uid = %d and item.id != item.parent limit 1", + dbesc($_REQUEST['namespace']), + dbesc($_REQUEST['comment_id']), + intval($user_info['uid']) + ); + if(! $r) + return false; + $id = $r[0]['iid']; + } } if(! $id) return false; -- cgit v1.2.3 From 2239d472e56c49c314af57af2090c1206500446c Mon Sep 17 00:00:00 2001 From: Olivier Migeot Date: Thu, 28 Nov 2013 12:24:37 +0100 Subject: Plurals for conversation.php --- include/conversation.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index a2eeda25b..e20fef9f6 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -993,9 +993,9 @@ function format_like($cnt,$arr,$type,$id) { else { $spanatts = 'class="fakelink" onclick="openClose(\'' . $type . 'list-' . $id . '\');"'; $o .= (($type === 'like') ? - sprintf( t('%2$d people like this.'), $spanatts, $cnt) + sprintf( tt('%2$d people like this.','%2$d people like this.',$cnt), $spanatts, $cnt) : - sprintf( t('%2$d people don\'t like this.'), $spanatts, $cnt) ); + sprintf( tt('%2$d people don\'t like this.','%2$d people don\'t like this.',$cnt), $spanatts, $cnt) ); $o .= EOL ; $total = count($arr); if($total >= MAX_LIKERS) @@ -1004,7 +1004,7 @@ function format_like($cnt,$arr,$type,$id) { $arr[count($arr)-1] = t('and') . ' ' . $arr[count($arr)-1]; $str = implode(', ', $arr); if($total >= MAX_LIKERS) - $str .= sprintf( t(', and %d other people'), $total - MAX_LIKERS ); + $str .= sprintf( tt(', and %d other people',', and %d other people',$total - MAX_LIKERS), $total - MAX_LIKERS ); $str = (($type === 'like') ? sprintf( t('%s like this.'), $str) : sprintf( t('%s don\'t like this.'), $str)); $o .= "\t" . ''; } -- cgit v1.2.3 From ff91541cfd753f0318f13835763bd86c5eafac53 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 28 Nov 2013 16:13:09 -0800 Subject: zot doco --- include/zot.php | 113 +++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 96 insertions(+), 17 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 0e92b0bff..6ee7665ee 100644 --- a/include/zot.php +++ b/include/zot.php @@ -353,7 +353,17 @@ function zot_refresh($them,$channel = null) { * @function: zot_gethub * * A guid and a url, both signed by the sender, distinguish a known sender at a known location - * This function looks these up to see if the channel is known. If not, we will need to verify it. + * This function looks these up to see if the channel is known and therefore previously verified. + * If not, we will need to verify it. + * + * @param array $arr + * $arr must contain: + * string $arr['guid'] => guid of conversant + * string $arr['guid_sig'] => guid signed with conversant's private key + * string $arr['url'] => URL of the origination hub of this communication + * string $arr['url_sig'] => URL signed with conversant's private key + * + * * @returns: array => hubloc record */ @@ -380,6 +390,27 @@ function zot_gethub($arr) { return null; } +/** + * @function zot_register_hub($arr) + * + * A communication has been received which has an unknown (to us) sender. + * Perform discovery based on our calculated hash of the sender at the origination address. + * This will fetch the discovery packet of the sender, which contains the public key we + * need to verify our guid and url signatures. + * + * @param array $arr + * $arr must contain: + * string $arr['guid'] => guid of conversant + * string $arr['guid_sig'] => guid signed with conversant's private key + * string $arr['url'] => URL of the origination hub of this communication + * string $arr['url_sig'] => URL signed with conversant's private key + * + * + * @returns array => 'success' (boolean true or false) + * 'message' (optional error string only if success is false) + */ + + function zot_register_hub($arr) { $result = array('success' => false); @@ -398,19 +429,43 @@ function zot_register_hub($arr) { if($x['success']) { $record = json_decode($x['body'],true); - $c = import_xchan($record); - if($c['success']) - $result['success'] = true; + + /* + * We now have a key - only continue registration if our signatures are valid + * AND the guid and guid sig in the returned packet match those provided in + * our current communication. + */ + + if((rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'])) + && (rsa_verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'])) + && ($arr['guid'] === $record['guid']) + && ($arr['guid_sig'] === $record['guid_sig'])) { + + $c = import_xchan($record); + if($c['success']) + $result['success'] = true; + } + else { + logger('zot_register_hub: failure to verify returned packet.'); + } } } return $result; } - -// Takes a json associative array from zot_finger and imports the xchan and hublocs -// If the xchan already exists, update the name and photo if these have changed. -// +/** + * @function import_xchan($arr,$ud_flags = 1) + * Takes an associative array of a fecthed discovery packet and updates + * all internal data structures which need to be updated as a result. + * + * @param array $arr => json_decoded discovery packet + * @param int $ud_flags + * Determines whether to create a directory update record if any changes occur, default 1 or true + * + * @returns array => 'success' (boolean true or false) + * 'message' (optional error string only if success is false) + */ function import_xchan($arr,$ud_flags = 1) { @@ -436,7 +491,6 @@ function import_xchan($arr,$ud_flags = 1) { return $ret; } - logger('import_xchan: ' . $xchan_hash, LOGGER_DEBUG); $r = q("select * from xchan where xchan_hash = '%s' limit 1", @@ -753,6 +807,20 @@ function import_xchan($arr,$ud_flags = 1) { return $ret; } +/** + * @function zot_process_response($hub,$arr,$outq) { + * Called immediately after sending a zot message which is using queue processing + * Updates the queue item according to the response result and logs any information + * returned to aid communications troubleshooting. + * + * @param string $hub - url of site we just contacted + * @param array $arr - output of z_post_url() + * @param array $outq - The queue structure attached to this request + * + * @returns nothing + */ + + function zot_process_response($hub,$arr,$outq) { if(! $arr['success']) { @@ -788,14 +856,16 @@ function zot_process_response($hub,$arr,$outq) { } /** - * @function: zot_fetch + * @function zot_fetch($arr) * - * We received a notification packet (in mod/post.php) that a message is waiting for us, and we've verified the sender. - * Now send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign. - * The entire pickup message is encrypted with the remote site's public key. - * If everything checks out on the remote end, we will receive back a packet containing one or more messages, - * which will be processed before returning. - * + * We received a notification packet (in mod/post.php) that a message is waiting for us, and we've verified the sender. + * Now send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign with our site private key. + * The entire pickup message is encrypted with the remote site's public key. + * If everything checks out on the remote end, we will receive back a packet containing one or more messages, + * which will be processed and delivered before this function ultimately returns. + * + * @param array $arr + * decrypted and json decoded notify packet from remote site */ @@ -833,7 +903,16 @@ function zot_fetch($arr) { * Process an incoming array of messages which were obtained via pickup, and * import, update, delete as directed. * - * The message types handled here are 'activity' (e.g. posts), 'mail' and 'profile' + * @param array $arr => 'pickup' structure returned from remote site + * @param string $sender_url => the url specified by the sender in the initial communication + * we will verify the sender and url in each returned message structure and also verify + * that all the messages returned match the site url that we are currently processing. + * + * The message types handled here are 'activity' (e.g. posts), 'mail' , 'profile', and 'channel_sync' + * + * @returns array => array ( [0] => string $channel_hash, [1] => string $delivery_status, [2] => string $address ) + * suitable for logging remotely, enumerating the processing results of each message/recipient combination. + * */ function zot_import($arr, $sender_url) { -- cgit v1.2.3 From fafba385c1f7bebc61909ab4b9add075c08fcd4e Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 28 Nov 2013 16:46:47 -0800 Subject: only list undeleted hublocs in zot_finger --- include/zot.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 6ee7665ee..156a26e9c 100644 --- a/include/zot.php +++ b/include/zot.php @@ -19,7 +19,8 @@ function zot_new_uid($channel_nick) { /** * @function zot_get_hublocs($hash) - * Given a zot hash, return all distinct hubs + * Given a zot hash, return all distinct hubs. + * This function is used in building the zot discovery packet * @param string $hash - xchan_hash * @retuns array * @@ -27,10 +28,12 @@ function zot_new_uid($channel_nick) { function zot_get_hublocs($hash) { - $ret = q("select * from hubloc where hubloc_hash = '%s' group by hubloc_url ", - dbesc($hash) - ); + /** Only search for active hublocs - e.g. those that haven't been marked deleted */ + $ret = q("select * from hubloc where hubloc_hash = '%s' and not ( hubloc_flags & %d ) group by hubloc_url ", + dbesc($hash), + intval(HUBLOC_FLAGS_DELETED) + ); return $ret; } -- cgit v1.2.3 From 8e0d3c2d6f2c4e23eacb62203b8a754db20cfb8c Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 28 Nov 2013 17:47:33 -0800 Subject: doco --- include/zot.php | 47 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 156a26e9c..57c3d3601 100644 --- a/include/zot.php +++ b/include/zot.php @@ -6,7 +6,15 @@ require_once('include/items.php'); /** * * @function zot_new_uid($channel_nick) - * @channel_id = unique nickname of controlling entity + * + * Generates a unique string for use as a zot guid using our DNS-based url, the channel nickname and some entropy. + * The entropy ensures uniqueness against re-installs where the same URL and nickname are chosen. + * NOTE: zot doesn't require this to be unique. Internally we use a whirlpool hash of this guid and the signature + * of this guid signed with the channel private key. This can be verified and should make the probability of + * collision of the verified result negligible within the constraints of our immediate universe. + * + * @param string channel_nickname = unique nickname of controlling entity + * * @returns string * */ @@ -21,8 +29,25 @@ function zot_new_uid($channel_nick) { * @function zot_get_hublocs($hash) * Given a zot hash, return all distinct hubs. * This function is used in building the zot discovery packet + * and therefore should only be used by channels which are defined + * on this hub * @param string $hash - xchan_hash - * @retuns array + * @retuns array of hubloc (hub location structures) + * hubloc_id int + * hubloc_guid char(255) + * hubloc_guid_sig text + * hubloc_hash char(255) + * hubloc_addr char(255) + * hubloc_flags int + * hubloc_status int + * hubloc_url char(255) + * hubloc_url_sig text + * hubloc_host char(255) + * hubloc_callback char(255) + * hubloc_connect char(255) + * hubloc_sitekey text + * hubloc_updated datetime + * hubloc_connected datetime * */ @@ -37,12 +62,22 @@ function zot_get_hublocs($hash) { return $ret; } -/* +/** + * + * @function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_key = null, $secret = null) + * builds a zot notification packet that you can either + * store in the queue with a message array or call zot_zot to immediately + * zot it to the other side * - * zot_build_packet builds a notification packet that you can either - * store in the queue with a message array or call zot_zot to immediately - * zot it to the other side + * @param array $channel => sender channel structure + * @param string $type => one of 'ping', 'pickup', 'purge', 'refresh', 'notify', 'auth_check' + * @param array $recipients => envelope information, array of string $xchan_hash; empty for public posts + * @param string $remote_key => optional public site key of target hub used to encrypt entire packet + * NOTE: remote_key and encrypted packets are required for 'auth_check' packets, optional for all others + * @param string $secret => random string, required for packets which require verification/callback + * e.g. 'pickup', 'purge', 'notify', 'auth_check' --- 'ping' and 'refresh' do not require verification * + * @returns string json encoded zot packet */ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_key = null, $secret = null) { -- cgit v1.2.3 From eae33275840495d27717f95f9647cf96c1c1d6cd Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 28 Nov 2013 18:10:04 -0800 Subject: item store hooks --- include/items.php | 15 +++++++++++++++ include/zot.php | 9 +++++++++ 2 files changed, 24 insertions(+) (limited to 'include') diff --git a/include/items.php b/include/items.php index 45c5f5ac9..e380be488 100755 --- a/include/items.php +++ b/include/items.php @@ -1432,6 +1432,12 @@ function encode_rel_links($links) { function item_store($arr,$allow_exec = false) { + $d = array('item' => $arr, 'allow_exec' => $allow_exec); + call_hooks('item_store', $d ); + $arr = $d['item']; + $allow_exec = $d['allow_exec']; + + $ret = array('result' => false, 'item_id' => 0); if(! $arr['uid']) { @@ -1808,6 +1814,15 @@ function item_store($arr,$allow_exec = false) { function item_store_update($arr,$allow_exec = false) { + + + $d = array('item' => $arr, 'allow_exec' => $allow_exec); + call_hooks('item_store_update', $d ); + $arr = $d['item']; + $allow_exec = $d['allow_exec']; + + + $ret = array('result' => false, 'item_id' => 0); if(! intval($arr['uid'])) { logger('item_store_update: no uid'); diff --git a/include/zot.php b/include/zot.php index 57c3d3601..725dc58e3 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3,6 +3,15 @@ require_once('include/crypto.php'); require_once('include/items.php'); +/** + * Red implementation of zot protocol. + * + * https://github.com/friendica/red/wiki/zot + * https://github.com/friendica/red/wiki/Zot---A-High-Level-Overview + * + */ + + /** * * @function zot_new_uid($channel_nick) -- cgit v1.2.3 From 94c293f2c6c8ff7d7a1a0f45ab9ab2ecfaa16372 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 28 Nov 2013 18:46:59 -0800 Subject: doco --- include/zot.php | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 725dc58e3..9777f7ae4 100644 --- a/include/zot.php +++ b/include/zot.php @@ -79,8 +79,8 @@ function zot_get_hublocs($hash) { * zot it to the other side * * @param array $channel => sender channel structure - * @param string $type => one of 'ping', 'pickup', 'purge', 'refresh', 'notify', 'auth_check' - * @param array $recipients => envelope information, array of string $xchan_hash; empty for public posts + * @param string $type => packet type: one of 'ping', 'pickup', 'purge', 'refresh', 'notify', 'auth_check' + * @param array $recipients => envelope information, array ( 'guid' => string, 'guid_sig' => string ); empty for public posts * @param string $remote_key => optional public site key of target hub used to encrypt entire packet * NOTE: remote_key and encrypted packets are required for 'auth_check' packets, optional for all others * @param string $secret => random string, required for packets which require verification/callback @@ -228,12 +228,27 @@ function zot_finger($webbie,$channel,$autofallback = true) { } /** - * @function: zot_refresh + * @function: zot_refresh($them, $channel = null) * - * zot_refresh is typically invoked when somebody has changed permissions of a channel and they are notified - * to fetch new permissions via a finger operation. This may result in a new connection (abook entry) being added to a local channel - * and it may result in auto-permissions being granted. + * zot_refresh is typically invoked when somebody has changed permissions of a channel and they are notified + * to fetch new permissions via a finger/discovery operation. This may result in a new connection + * (abook entry) being added to a local channel and it may result in auto-permissions being granted. + * + * Friending in zot is accomplished by sending a refresh packet to a specific channel which indicates a + * permission change has been made by the sender which affects the target channel. The hub controlling + * the target channel does targetted discovery (a zot-finger request requesting permissions for the local + * channel). These are decoded here, and if necessary and abook structure (addressbook) is created to store + * the permissions assigned to this channel. + * + * Initially these abook structures are created with a 'pending' flag, so that no reverse permissions are + * implied until this is approved by the owner channel. A channel can also auto-populate permissions in + * return and send back a refresh packet of its own. This is used by forum and group communication channels + * so that friending and membership in the channel's "club" is automatic. + * + * @param array $them => xchan structure of sender + * @param array $channel => local channel structure of target recipient, required for "friending" operations * + * @returns boolean true if successful, else false */ function zot_refresh($them,$channel = null) { -- cgit v1.2.3 From d1ab865ccf8a9200236e310c93ad56b8a7f93aad Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 28 Nov 2013 19:17:20 -0800 Subject: make the template processor (e.g. replace_macros) pluggable --- include/text.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 54626a772..3d15a5c6b 100755 --- a/include/text.php +++ b/include/text.php @@ -15,8 +15,11 @@ require_once("include/friendica_smarty.php"); function replace_macros($s,$r) { $a = get_app(); + $arr = array('template' => $s, 'params' => $r); + call_hooks('replace_macros', $arr); + $t = $a->template_engine(); - $output = $t->replace_macros($s,$r); + $output = $t->replace_macros($arr['template'],$arr['params']); return $output; } -- cgit v1.2.3 From 7536ed6e449e0d405394155b50f5e1ce96fd7776 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 28 Nov 2013 20:17:07 -0800 Subject: allow themes to mess with the navbar contents without a custom template. It's done as a callback using a transient plugin hook. For instance to get rid of the notifications link: insert_hook('nav','strip_notify'); function strip_notify($a,&$b) { unset($b['nav']['notifications']); } --- include/nav.php | 7 +++++-- include/plugin.php | 37 +++++++++++++++++++++++++++++++++++-- 2 files changed, 40 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 51c1cc583..56644f6fd 100644 --- a/include/nav.php +++ b/include/nav.php @@ -201,16 +201,19 @@ EOT; if($banner === false) $banner = 'red'; + $x = array('nav' => $nav, 'usermenu' => $userinfo ); + call_hooks('nav', $x); + $tpl = get_markup_template('nav.tpl'); $a->page['nav'] .= replace_macros($tpl, array( '$baseurl' => $a->get_baseurl(), '$langselector' => ((get_config('system','select_language')) ? lang_selector() : ''), '$sitelocation' => $sitelocation, - '$nav' => $nav, + '$nav' => $x['nav'], '$banner' => $banner, '$emptynotifications' => t('Nothing new here'), - '$userinfo' => $userinfo, + '$userinfo' => $x['usermenu'], '$localuser' => local_user(), '$sel' => $a->nav_sel, '$apps' => $a->get_apps(), diff --git a/include/plugin.php b/include/plugin.php index d90434b3a..fd58fb7dd 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -181,12 +181,14 @@ function unregister_hook($hook,$file,$function) { // // It might not be obvious but themes can manually add hooks to the $a->hooks // array in their theme_init() and use this to customise the app behaviour. +// UPDATE: use insert_hook($hookname,$function_name) to do this // function load_hooks() { $a = get_app(); - $a->hooks = array(); + if(! is_array($a->hooks)) + $a->hooks = array(); $r = q("SELECT * FROM hook WHERE true ORDER BY priority DESC"); if($r) { foreach($r as $rr) { @@ -197,6 +199,36 @@ function load_hooks() { } } +/** + * + * @function insert_hook($hook,$fn) + * + * Insert a short-lived hook into the running page request. + * Hooks are normally persistent so that they can be called + * across asynchronous processes such as delivery and poll + * processes. + * + * insert_hook lets you attach a hook callback immediately + * which will not persist beyond the life of this page request + * or the current process. + * + * @param string $hook; + * name of hook to attach callback + * @param string $fn; + * function name of callback handler + * + */ + +function insert_hook($hook,$fn) { + $a = get_app(); + if(! is_array($a->hooks)) + $a->hooks = array(); + if(! array_key_exists($hook,$a->hooks)) + $a->hooks[$hook] = array(); + $a->hooks[$hook][] = array('',$fn); +} + + function call_hooks($name, &$data = null) { @@ -204,7 +236,8 @@ function call_hooks($name, &$data = null) { if((is_array($a->hooks)) && (array_key_exists($name,$a->hooks))) { foreach($a->hooks[$name] as $hook) { - @include_once($hook[0]); + if($hook[0]) + @include_once($hook[0]); if(function_exists($hook[1])) { $func = $hook[1]; $func($a,$data); -- cgit v1.2.3 From 1c5f98440da1b4713d0f5b9f8f6a2d3ca39e23af Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 29 Nov 2013 14:08:37 -0800 Subject: quite a bit of work on default acl permissions and various acl quirks --- include/acl_selectors.php | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'include') diff --git a/include/acl_selectors.php b/include/acl_selectors.php index 033186151..930f9967a 100644 --- a/include/acl_selectors.php +++ b/include/acl_selectors.php @@ -208,22 +208,22 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p function fixacl(&$item) { - $item = intval(str_replace(array('<','>'),array('',''),$item)); + $item = str_replace(array('<','>'),array('',''),$item); } -function populate_acl($user = null,$celeb = false) { +function populate_acl($defaults = null,$unused = false) { $allow_cid = $allow_gid = $deny_cid = $deny_gid = false; - if(is_array($user)) { - $allow_cid = ((strlen($user['allow_cid'])) - ? explode('><', $user['allow_cid']) : array() ); - $allow_gid = ((strlen($user['allow_gid'])) - ? explode('><', $user['allow_gid']) : array() ); - $deny_cid = ((strlen($user['deny_cid'])) - ? explode('><', $user['deny_cid']) : array() ); - $deny_gid = ((strlen($user['deny_gid'])) - ? explode('><', $user['deny_gid']) : array() ); + if(is_array($defaults)) { + $allow_cid = ((strlen($defaults['allow_cid'])) + ? explode('><', $defaults['allow_cid']) : array() ); + $allow_gid = ((strlen($defaults['allow_gid'])) + ? explode('><', $defaults['allow_gid']) : array() ); + $deny_cid = ((strlen($defaults['deny_cid'])) + ? explode('><', $defaults['deny_cid']) : array() ); + $deny_gid = ((strlen($defaults['deny_gid'])) + ? explode('><', $defaults['deny_gid']) : array() ); array_walk($allow_cid,'fixacl'); array_walk($allow_gid,'fixacl'); array_walk($deny_cid,'fixacl'); -- cgit v1.2.3 From 3163731a3d5705dcdd5373c197f7ab9257d9cf17 Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 30 Nov 2013 03:40:25 -0800 Subject: hooks getting called twice --- include/plugin.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/plugin.php b/include/plugin.php index fd58fb7dd..4d28909d2 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -187,7 +187,7 @@ function unregister_hook($hook,$file,$function) { function load_hooks() { $a = get_app(); - if(! is_array($a->hooks)) +// if(! is_array($a->hooks)) $a->hooks = array(); $r = q("SELECT * FROM hook WHERE true ORDER BY priority DESC"); if($r) { @@ -197,6 +197,8 @@ function load_hooks() { $a->hooks[$rr['hook']][] = array($rr['file'],$rr['function']); } } +logger('hooks: ' . print_r($a->hooks,true)); + } /** -- cgit v1.2.3 From bd33e0486d992eb8904f84862c052ee2f9d01d55 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 00:16:02 -0800 Subject: deprecate a->get_curl_code() and $a->get_curl_headers() --- include/items.php | 192 ----------------------------------------- include/network.php | 192 +++-------------------------------------- include/photo/photo_driver.php | 14 +-- 3 files changed, 19 insertions(+), 379 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index e380be488..fa46b62a1 100755 --- a/include/items.php +++ b/include/items.php @@ -2579,198 +2579,6 @@ function mail_store($arr) { - - - -function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { - - $a = get_app(); - - $idtosend = $orig_id = (($contact['dfrn_id']) ? $contact['dfrn_id'] : $contact['issued_id']); - - if($contact['duplex'] && $contact['dfrn_id']) - $idtosend = '0:' . $orig_id; - if($contact['duplex'] && $contact['issued_id']) - $idtosend = '1:' . $orig_id; - - $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0); - - $rino_enable = get_config('system','rino_encrypt'); - - if(! $rino_enable) - $rino = 0; - -// $ssl_val = intval(get_config('system','ssl_policy')); -// $ssl_policy = ''; - -// switch($ssl_val){ -// case SSL_POLICY_FULL: -// $ssl_policy = 'full'; -// break; -// case SSL_POLICY_SELFSIGN: -// $ssl_policy = 'self'; -// break; -// case SSL_POLICY_NONE: -// default: -// $ssl_policy = 'none'; -// break; -// } - - $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : ''); - - logger('dfrn_deliver: ' . $url); - - $xml = fetch_url($url); - - $curl_stat = $a->get_curl_code(); - if(! $curl_stat) - return(-1); // timed out - - logger('dfrn_deliver: ' . $xml, LOGGER_DATA); - - if(! $xml) - return 3; - - if(strpos($xml,'status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id))) - return (($res->status) ? $res->status : 3); - - $postvars = array(); - $sent_dfrn_id = hex2bin((string) $res->dfrn_id); - $challenge = hex2bin((string) $res->challenge); - $perm = (($res->perm) ? $res->perm : null); - $dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0); - $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); - $page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0); - - if($owner['page-flags'] == PAGE_PRVGROUP) - $page = 2; - - $final_dfrn_id = ''; - - if($perm) { - if((($perm == 'rw') && (! intval($contact['writable']))) - || (($perm == 'r') && (intval($contact['writable'])))) { - q("update contact set writable = %d where id = %d limit 1", - intval(($perm == 'rw') ? 1 : 0), - intval($contact['id']) - ); - $contact['writable'] = (string) 1 - intval($contact['writable']); - } - } - - if(($contact['duplex'] && strlen($contact['pubkey'])) - || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey'])) - || ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey']))) { - openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']); - openssl_public_decrypt($challenge,$postvars['challenge'],$contact['pubkey']); - } - else { - openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']); - openssl_private_decrypt($challenge,$postvars['challenge'],$contact['prvkey']); - } - - $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); - - if(strpos($final_dfrn_id,':') == 1) - $final_dfrn_id = substr($final_dfrn_id,2); - - if($final_dfrn_id != $orig_id) { - logger('dfrn_deliver: wrong dfrn_id.'); - // did not decode properly - cannot trust this site - return 3; - } - - $postvars['dfrn_id'] = $idtosend; - $postvars['dfrn_version'] = DFRN_PROTOCOL_VERSION; - if($dissolve) - $postvars['dissolve'] = '1'; - - - if((($contact['rel']) && ($contact['rel'] != CONTACT_IS_SHARING) && (! $contact['blocked'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { - $postvars['data'] = $atom; - $postvars['perm'] = 'rw'; - } - else { - $postvars['data'] = str_replace('1','0',$atom); - $postvars['perm'] = 'r'; - } - -// $postvars['ssl_policy'] = $ssl_policy; - - if($page) - $postvars['page'] = $page; - - if($rino && $rino_allowed && (! $dissolve)) { - $key = substr(random_string(),0,16); - $data = bin2hex(aes_encrypt($postvars['data'],$key)); - $postvars['data'] = $data; - logger('rino: sent key = ' . $key, LOGGER_DEBUG); - - - if($dfrn_version >= 2.1) { - if(($contact['duplex'] && strlen($contact['pubkey'])) - || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey'])) - || ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey']))) { - - openssl_public_encrypt($key,$postvars['key'],$contact['pubkey']); - } - else { - openssl_private_encrypt($key,$postvars['key'],$contact['prvkey']); - } - } - else { - if(($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { - openssl_private_encrypt($key,$postvars['key'],$contact['prvkey']); - } - else { - openssl_public_encrypt($key,$postvars['key'],$contact['pubkey']); - } - } - - logger('md5 rawkey ' . md5($postvars['key'])); - - $postvars['key'] = bin2hex($postvars['key']); - } - - logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA); - - $xml = post_url($contact['notify'],$postvars); - - logger('dfrn_deliver: ' . "RECEIVED: " . $xml, LOGGER_DATA); - - $curl_stat = $a->get_curl_code(); - if((! $curl_stat) || (! strlen($xml))) - return(-1); // timed out - - if(($curl_stat == 503) && (stristr($a->get_curl_headers(),'retry-after'))) - return(-1); - - if(strpos($xml,'status; -} - - /** * * consume_feed - process atom feed and update anything/everything we might need to update diff --git a/include/network.php b/include/network.php index 99a0a8e2b..367e0df56 100644 --- a/include/network.php +++ b/include/network.php @@ -65,7 +65,7 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_ if($binary) @curl_setopt($ch, CURLOPT_BINARYTRANSFER,1); - $a->set_curl_code(0); +// $a->set_curl_code(0); // don't let curl abort the entire application // if it throws any errors. @@ -101,10 +101,10 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_ } } - $a->set_curl_code($http_code); +// $a->set_curl_code($http_code); $body = substr($s,strlen($header)); - $a->set_curl_headers($header); +// $a->set_curl_headers($header); @curl_close($ch); return($body); } @@ -156,7 +156,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); } - $a->set_curl_code(0); +// $a->set_curl_code(0); // don't let curl abort the entire application // if it throws any errors. @@ -195,10 +195,10 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) } } } - $a->set_curl_code($http_code); +// $a->set_curl_code($http_code); $body = substr($s,strlen($header)); - $a->set_curl_headers($header); +// $a->set_curl_headers($header); curl_close($ch); return($body); @@ -586,175 +586,6 @@ function webfinger($s, $debug = false) { } -function lrdd($uri, $debug = false) { - - $a = get_app(); - - // default priority is host priority, host-meta first - - $priority = 'host'; - - // All we have is an email address. Resource-priority is irrelevant - // because our URI isn't directly resolvable. - - if(strstr($uri,'@')) { - return(webfinger($uri)); - } - - // get the host meta file - - $host = @parse_url($uri); - - if($host) { - $url = ((x($host,'scheme')) ? $host['scheme'] : 'http') . '://'; - $url .= $host['host'] . '/.well-known/host-meta' ; - } - else - return array(); - - logger('lrdd: constructed url: ' . $url); - - $xml = fetch_url($url); - $headers = $a->get_curl_headers(); - - if (! $xml) - return array(); - - logger('lrdd: host_meta: ' . $xml, LOGGER_DATA); - - if(! stristr($xml,'].*)>.*rel\=[\'\"]lrdd[\'\"]/',$line,$matches)) { - return(fetch_xrd_links($matches[1])); - break; - } - } - } - } - - - // priority 'resource' - - - $html = fetch_url($uri); - $headers = $a->get_curl_headers(); - logger('lrdd: headers=' . $headers, LOGGER_DEBUG); - - // don't try and parse raw xml as html - if(! strstr($html,'getElementsByTagName('link'); - foreach($items as $item) { - $x = $item->getAttribute('rel'); - if($x == "lrdd") { - $pagelink = $item->getAttribute('href'); - break; - } - } - } - } - - if(isset($pagelink)) - return(fetch_xrd_links($pagelink)); - - // next look in HTTP headers - - $lines = explode("\n",$headers); - if(count($lines)) { - foreach($lines as $line) { - // TODO alter the following regex to support multiple relations (space separated) - if((stristr($line,'link:')) && preg_match('/<([^>].*)>.*rel\=[\'\"]lrdd[\'\"]/',$line,$matches)) { - $pagelink = $matches[1]; - break; - } - // don't try and run feeds through the html5 parser - if(stristr($line,'content-type:') && ((stristr($line,'application/atom+xml')) || (stristr($line,'application/rss+xml')))) - return array(); - if(stristr($html,'is_valid()) { $orig_width = $ph->getWidth(); $orig_height = $ph->getHeight(); diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 38210ba26..ba95266f9 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -473,19 +473,19 @@ abstract class photo_driver { * @arg $fromcurl boolean Check Content-Type header from curl request */ -function guess_image_type($filename, $fromcurl=false) { +function guess_image_type($filename, $headers = '') { logger('Photo: guess_image_type: '.$filename . ($fromcurl?' from curl headers':''), LOGGER_DEBUG); $type = null; - if ($fromcurl) { + if ($headers) { $a = get_app(); - $headers=array(); - $h = explode("\n",$a->get_curl_headers()); + $hdrs=array(); + $h = explode("\n",$headers); foreach ($h as $l) { list($k,$v) = array_map("trim", explode(":", trim($l), 2)); - $headers[$k] = $v; + $hdrs[$k] = $v; } - if (array_key_exists('Content-Type', $headers)) - $type = $headers['Content-Type']; + if (array_key_exists('Content-Type', $hdrs)) + $type = $hdrs['Content-Type']; } if (is_null($type)){ // FIXME!!!! -- cgit v1.2.3 From d43118fdcfe1d4f89698ead0d3324ca81695cf4a Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 00:35:35 -0800 Subject: get rid of fetch_url - post_url will be a bit harder as several plugins need to be updated --- include/network.php | 158 ++-------------------------------------------------- include/oembed.php | 3 +- 2 files changed, 7 insertions(+), 154 deletions(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index 367e0df56..a15b89c67 100644 --- a/include/network.php +++ b/include/network.php @@ -18,97 +18,6 @@ function get_capath() { * remove this function and perhaps rename z_fetch_url back to fetch_url */ - - -function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_content=Null) { - - $a = get_app(); - - $ch = @curl_init($url); - if(($redirects > 8) || (! $ch)) - return false; - - @curl_setopt($ch, CURLOPT_HEADER, true); - @curl_setopt($ch, CURLOPT_CAINFO, get_capath()); - - if (!is_null($accept_content)){ - curl_setopt($ch,CURLOPT_HTTPHEADER, array ( - "Accept: " . $accept_content - )); - } - - @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); - @curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Red)"); - - - if(intval($timeout)) { - @curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); - } - else { - $curl_time = intval(get_config('system','curl_timeout')); - @curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); - } - // by default we will allow self-signed certs - // but you can override this - - $check_cert = get_config('system','verifyssl'); - @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); - - $prx = get_config('system','proxy'); - if(strlen($prx)) { - @curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - @curl_setopt($ch, CURLOPT_PROXY, $prx); - $prxusr = @get_config('system','proxyuser'); - if(strlen($prxusr)) - @curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); - } - if($binary) - @curl_setopt($ch, CURLOPT_BINARYTRANSFER,1); - -// $a->set_curl_code(0); - - // don't let curl abort the entire application - // if it throws any errors. - - $s = @curl_exec($ch); - - $base = $s; - $curl_info = @curl_getinfo($ch); - $http_code = $curl_info['http_code']; -// logger('fetch_url:' . $http_code . ' data: ' . $s); - $header = ''; - - // Pull out multiple headers, e.g. proxy and continuation headers - // allow for HTTP/2.x without fixing code - - while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) { - $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4); - $header .= $chunk; - $base = substr($base,strlen($chunk)); - } - - if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307 || $http_code == 308) { - $matches = array(); - preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); - $newurl = trim(array_pop($matches)); - if(strpos($newurl,'/') === 0) - $newurl = $url . $newurl; - $url_parsed = @parse_url($newurl); - if (isset($url_parsed)) { - $redirects++; - @curl_close($ch); - return fetch_url($newurl,$binary,$redirects,$timeout); - } - } - -// $a->set_curl_code($http_code); - - $body = substr($s,strlen($header)); -// $a->set_curl_headers($header); - @curl_close($ch); - return($body); -} - // post request to $url. $params is an array of post variables. @@ -156,7 +65,6 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); } -// $a->set_curl_code(0); // don't let curl abort the entire application // if it throws any errors. @@ -188,22 +96,18 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) if (isset($url_parsed)) { $redirects++; @curl_close($ch); - if($http_code == 303) { - return fetch_url($newurl,false,$redirects,$timeout); - } else { - return post_url($newurl,$params,$redirects,$timeout); - } + return post_url($newurl,$params,$redirects,$timeout); } } -// $a->set_curl_code($http_code); - $body = substr($s,strlen($header)); - -// $a->set_curl_headers($header); + $body = substr($s,strlen($header)); curl_close($ch); return($body); } + + + /** * @function z_fetch_url * @param string $url @@ -616,58 +520,6 @@ function fetch_lrdd_template($host) { return $tpl; } -// Given a URL, retrieve the page as an XRD document. -// Return an array of links. -// on error/failure return empty array. - - -function fetch_xrd_links($url) { - - $xrd_timeout = intval(get_config('system','xrd_timeout')); - $redirects = 0; - $xml = fetch_url($url,false,$redirects,(($xrd_timeout) ? $xrd_timeout : 30)); - - logger('fetch_xrd_links: ' . $xml, LOGGER_DATA); - - if ((! $xml) || (! stristr($xml,''),array('href="','"/>'),$xml); - - $arr = xml2array($xml); - - logger('fetch_xrd_links: ' . print_r($arr,true), LOGGER_DATA); - - $links = array(); - - if(isset($arr['xrd']['link'])) { - $link = $arr['xrd']['link']; - if(! isset($link[0])) - $links = array($link); - else - $links = $link; - } - if(isset($arr['xrd']['alias'])) { - $alias = $arr['xrd']['alias']; - if(! isset($alias[0])) - $aliases = array($alias); - else - $aliases = $alias; - if(is_array($aliases) && count($aliases)) { - foreach($aliases as $alias) { - $links[]['@attributes'] = array('rel' => 'alias' , 'href' => $alias); - } - } - } - - logger('fetch_xrd_links: ' . print_r($links,true), LOGGER_DATA); - - return $links; - -} - - // Take a URL from the wild, prepend http:// if necessary // and check DNS to see if it's real (or check if is a valid IP address) // return true if it's OK, false if something is wrong with it diff --git a/include/oembed.php b/include/oembed.php index 5da842170..520b69892 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -44,7 +44,8 @@ function oembed_fetch_url($embedurl){ $entries = $xpath->query("//link[@type='application/json+oembed']"); foreach($entries as $e){ $href = $e->getAttributeNode("href")->nodeValue; - $txt = fetch_url($href . '&maxwidth=' . $a->videowidth); + $x = z_fetch_url($href . '&maxwidth=' . $a->videowidth); + $txt = $x['body']; break; } } -- cgit v1.2.3 From fefc44660f0fe75dbdaa61df73fd5eca18d68fb0 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 13:41:51 -0800 Subject: remove hook logging - too noisy --- include/plugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/plugin.php b/include/plugin.php index 4d28909d2..5ed2a1736 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -197,7 +197,7 @@ function load_hooks() { $a->hooks[$rr['hook']][] = array($rr['file'],$rr['function']); } } -logger('hooks: ' . print_r($a->hooks,true)); +//logger('hooks: ' . print_r($a->hooks,true)); } -- cgit v1.2.3 From 92f60ef51fc8c85f632a245847c75ab27980d0de Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 19:52:18 -0800 Subject: get rid of deprecated post_url() function --- include/network.php | 104 +--------------------------------------------------- 1 file changed, 2 insertions(+), 102 deletions(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index a15b89c67..77ba7b176 100644 --- a/include/network.php +++ b/include/network.php @@ -6,108 +6,6 @@ function get_capath() { return appdirpath() . '/library/cacert.pem'; } - - -// curl wrapper. If binary flag is true, return binary -// results. - -/** - * fetch_url is deprecated and being replaced by the more capable z_fetch_url - * please use that function instead. - * Once all occurrences of fetch_url are removed from the codebase we will - * remove this function and perhaps rename z_fetch_url back to fetch_url - */ - -// post request to $url. $params is an array of post variables. - - -function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) { - $a = get_app(); - $ch = curl_init($url); - if(($redirects > 8) || (! $ch)) - return false; - - curl_setopt($ch, CURLOPT_HEADER, true); - @curl_setopt($ch, CURLOPT_CAINFO, get_capath()); - curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); - curl_setopt($ch, CURLOPT_POST,1); - curl_setopt($ch, CURLOPT_POSTFIELDS,$params); - curl_setopt($ch, CURLOPT_USERAGENT, "Red"); - - if(intval($timeout)) { - curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); - } - else { - $curl_time = intval(get_config('system','curl_timeout')); - curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); - } - - if(defined('LIGHTTPD')) { - if(!is_array($headers)) { - $headers = array('Expect:'); - } else { - if(!in_array('Expect:', $headers)) { - array_push($headers, 'Expect:'); - } - } - } - if($headers) - curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); - - $check_cert = get_config('system','verifyssl'); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); - $prx = get_config('system','proxy'); - if(strlen($prx)) { - curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - curl_setopt($ch, CURLOPT_PROXY, $prx); - $prxusr = get_config('system','proxyuser'); - if(strlen($prxusr)) - curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); - } - - - // don't let curl abort the entire application - // if it throws any errors. - - $s = @curl_exec($ch); - - $base = $s; - $curl_info = curl_getinfo($ch); - $http_code = $curl_info['http_code']; - - $header = ''; - - // Pull out multiple headers, e.g. proxy and continuation headers - // allow for HTTP/2.x without fixing code - - while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) { - $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4); - $header .= $chunk; - $base = substr($base,strlen($chunk)); - } - - if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307 || $http_code == 308) { - $matches = array(); - preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); - $newurl = trim(array_pop($matches)); - if(strpos($newurl,'/') === 0) - $newurl = $url . $newurl; - $url_parsed = @parse_url($newurl); - if (isset($url_parsed)) { - $redirects++; - @curl_close($ch); - return post_url($newurl,$params,$redirects,$timeout); - } - } - - $body = substr($s,strlen($header)); - curl_close($ch); - return($body); -} - - - - /** * @function z_fetch_url * @param string $url @@ -251,6 +149,8 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { "Accept: " . $opts['accept_content'] )); } + if(x($opts,'headers')) + curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); if(x($opts,'timeout') && intval($opts['timeout'])) { @curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']); -- cgit v1.2.3 From 55d8ed17a776dce059b861ee43eeea82138b48ce Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 21:11:47 -0800 Subject: trimmed style.css by a few hundred lines. Needs many more such efforts --- include/network.php | 103 ---------------------------------------------------- 1 file changed, 103 deletions(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index 77ba7b176..dac039230 100644 --- a/include/network.php +++ b/include/network.php @@ -576,63 +576,6 @@ function parse_xml_string($s,$strict = true) { return $x; } -function add_fcontact($arr,$update = false) { - - if($update) { - $r = q("UPDATE `fcontact` SET - `name` = '%s', - `photo` = '%s', - `request` = '%s', - `nick` = '%s', - `addr` = '%s', - `batch` = '%s', - `notify` = '%s', - `poll` = '%s', - `confirm` = '%s', - `alias` = '%s', - `pubkey` = '%s', - `updated` = '%s' - WHERE `url` = '%s' AND `network` = '%s' LIMIT 1", - dbesc($arr['name']), - dbesc($arr['photo']), - dbesc($arr['request']), - dbesc($arr['nick']), - dbesc($arr['addr']), - dbesc($arr['batch']), - dbesc($arr['notify']), - dbesc($arr['poll']), - dbesc($arr['confirm']), - dbesc($arr['alias']), - dbesc($arr['pubkey']), - dbesc(datetime_convert()), - dbesc($arr['url']), - dbesc($arr['network']) - ); - } - else { - $r = q("insert into fcontact ( `url`,`name`,`photo`,`request`,`nick`,`addr`, - `batch`, `notify`,`poll`,`confirm`,`network`,`alias`,`pubkey`,`updated` ) - values('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", - dbesc($arr['url']), - dbesc($arr['name']), - dbesc($arr['photo']), - dbesc($arr['request']), - dbesc($arr['nick']), - dbesc($arr['addr']), - dbesc($arr['batch']), - dbesc($arr['notify']), - dbesc($arr['poll']), - dbesc($arr['confirm']), - dbesc($arr['network']), - dbesc($arr['alias']), - dbesc($arr['pubkey']), - dbesc(datetime_convert()) - ); - } - - return $r; -} - function scale_external_images($s, $include_link = true, $scale_replace = false) { @@ -710,52 +653,6 @@ function scale_external_images($s, $include_link = true, $scale_replace = false) return $s; } - -function fix_contact_ssl_policy(&$contact,$new_policy) { - - $ssl_changed = false; - if((intval($new_policy) == SSL_POLICY_SELFSIGN || $new_policy === 'self') && strstr($contact['url'],'https:')) { - $ssl_changed = true; - $contact['url'] = str_replace('https:','http:',$contact['url']); - $contact['request'] = str_replace('https:','http:',$contact['request']); - $contact['notify'] = str_replace('https:','http:',$contact['notify']); - $contact['poll'] = str_replace('https:','http:',$contact['poll']); - $contact['confirm'] = str_replace('https:','http:',$contact['confirm']); - $contact['poco'] = str_replace('https:','http:',$contact['poco']); - } - - if((intval($new_policy) == SSL_POLICY_FULL || $new_policy === 'full') && strstr($contact['url'],'http:')) { - $ssl_changed = true; - $contact['url'] = str_replace('http:','https:',$contact['url']); - $contact['request'] = str_replace('http:','https:',$contact['request']); - $contact['notify'] = str_replace('http:','https:',$contact['notify']); - $contact['poll'] = str_replace('http:','https:',$contact['poll']); - $contact['confirm'] = str_replace('http:','https:',$contact['confirm']); - $contact['poco'] = str_replace('http:','https:',$contact['poco']); - } - - if($ssl_changed) { - q("update contact set - url = '%s', - request = '%s', - notify = '%s', - poll = '%s', - confirm = '%s', - poco = '%s' - where id = %d limit 1", - dbesc($contact['url']), - dbesc($contact['request']), - dbesc($contact['notify']), - dbesc($contact['poll']), - dbesc($contact['confirm']), - dbesc($contact['poco']), - intval($contact['id']) - ); - } -} - - - /** * xml2array() will convert the given XML text to an array in the XML structure. * Link: http://www.bin-co.com/php/scripts/xml2array/ -- cgit v1.2.3 From d9f67876dce5da9ed056726f792e087d142699cb Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 2 Dec 2013 15:15:02 -0800 Subject: refactor magic-auth --- include/Contact.php | 79 ----------------------------------------------------- include/text.php | 2 +- 2 files changed, 1 insertion(+), 80 deletions(-) (limited to 'include') diff --git a/include/Contact.php b/include/Contact.php index fcc5019e7..5725e06f0 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -489,62 +489,6 @@ function unmark_for_death($contact) { ); }} -if(! function_exists('contact_photo_menu')){ -function contact_photo_menu($contact) { - - $a = get_app(); - - $contact_url=""; - $pm_url=""; - $status_link=""; - $photos_link=""; - $posts_link=""; - $poke_link=""; - - $sparkle = false; - if($contact['xchan_network'] === NETWORK_ZOT) { - $sparkle = true; - $profile_link = $a->get_baseurl() . '/magic?f=&id=' . $contact['abook_id']; - } - else - $profile_link = $contact['xchan_url']; - - if($sparkle) { - $status_link = $profile_link . "&url=status"; - $photos_link = $profile_link . "&url=photos"; - $profile_link = $profile_link . "&url=profile"; - $pm_url = $a->get_baseurl() . '/message/new/' . $contact['xchan_hash']; - } - - $poke_link = $a->get_baseurl() . '/poke/?f=&c=' . $contact['abook_id']; - $contact_url = $a->get_baseurl() . '/connections/' . $contact['abook_id']; - $posts_link = $a->get_baseurl() . '/network/?cid=' . $contact['abook_id']; - - $menu = Array( - t("Poke") => $poke_link, - t("View Status") => $status_link, - t("View Profile") => $profile_link, - t("View Photos") => $photos_link, - t("Network Posts") => $posts_link, - t("Edit Contact") => $contact_url, - t("Send PM") => $pm_url, - ); - - - $args = array('contact' => $contact, 'menu' => &$menu); - - call_hooks('contact_photo_menu', $args); - - $o = ""; - foreach($menu as $k=>$v){ - if ($v!="") { - $o .= "
  • $k
    • \n"; - } - } - return $o; -}} - - function random_profile() { $r = q("select xchan_url from xchan where 1 order by rand() limit 1"); if($r) @@ -553,26 +497,3 @@ function random_profile() { } -function contacts_not_grouped($uid,$start = 0,$count = 0) { - - if(! $count) { - $r = q("select count(*) as total from contact where uid = %d and self = 0 and id not in (select distinct(`contact-id`) from group_member where uid = %d) ", - intval($uid), - intval($uid) - ); - - return $r; - - - } - - $r = q("select * from contact where uid = %d and self = 0 and id not in (select distinct(`contact-id`) from group_member where uid = %d) and blocked = 0 and pending = 0 limit %d, %d", - intval($uid), - intval($uid), - intval($start), - intval($count) - ); - - return $r; -} - diff --git a/include/text.php b/include/text.php index 3d15a5c6b..ff695062f 100755 --- a/include/text.php +++ b/include/text.php @@ -1084,7 +1084,7 @@ function format_categories(&$item,$writeable) { if(! trim($term)) continue; $removelink = (($writeable) ? z_root() . '/filerm/' . $item['id'] . '?f=&cat=' . urlencode($t['term']) : ''); - $categories[] = array('term' => $term, 'writeable' => $writeable, 'removelink' => $removelink, 'url' => $t['url']); + $categories[] = array('term' => $term, 'writeable' => $writeable, 'removelink' => $removelink, 'url' => zid($t['url'])); } } $s = replace_macros(get_markup_template('item_categories.tpl'),array( -- cgit v1.2.3 From 9f2efb0291e18ed9c042e8c018b8481c69179f26 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 2 Dec 2013 23:55:57 -0800 Subject: ensure that every imported channel has a primary hubloc --- include/zot.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 9777f7ae4..124fe7fd6 100644 --- a/include/zot.php +++ b/include/zot.php @@ -691,6 +691,16 @@ function import_xchan($arr,$ud_flags = 1) { dbesc($xchan_hash) ); + // See if a primary is specified + + $has_primary = false; + foreach($arr['locations'] as $location) { + if($location['primary']) { + $has_primary = true; + break; + } + } + foreach($arr['locations'] as $location) { if(! rsa_verify($location['url'],base64url_decode($location['url_sig']),$arr['key'])) { logger('import_xchan: Unable to verify site signature for ' . $location['url']); @@ -698,6 +708,12 @@ function import_xchan($arr,$ud_flags = 1) { continue; } + // Ensure that they have one primary hub + + if(! $has_primary) + $location['primary'] = true; + + for($x = 0; $x < count($xisting); $x ++) { if(($xisting[$x]['hubloc_url'] === $location['url']) && ($xisting[$x]['hubloc_sitekey'] === $location['sitekey'])) { $xisting[$x]['updated'] = true; -- cgit v1.2.3 From 6c321be03c8edd062866b1775bca560beec9d602 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 3 Dec 2013 15:35:13 -0800 Subject: reorganise a few included functions - notably identity related functions --- include/datetime.php | 21 ++ include/identity.php | 747 +++++++++++++++++++++++++++++++++++++++++++ include/profile_advanced.php | 125 -------- 3 files changed, 768 insertions(+), 125 deletions(-) delete mode 100644 include/profile_advanced.php (limited to 'include') diff --git a/include/datetime.php b/include/datetime.php index 94c2e4f1c..c0503fc7d 100644 --- a/include/datetime.php +++ b/include/datetime.php @@ -443,3 +443,24 @@ function cal($y = 0,$m = 0, $links = false, $class='') { } + + +function z_birthday($dob,$tz,$format="Y-m-d H:i:s") { + + if(! strlen($tz)) + $tz = 'UTC'; + + $tmp_dob = substr($dob,5); + if(intval($tmp_dob)) { + $y = datetime_convert($tz,$tz,'now','Y'); + $bd = $y . '-' . $tmp_dob . ' 00:00'; + $t_dob = strtotime($bd); + $now = strtotime(datetime_convert($tz,$tz,'now')); + if($t_dob < $now) + $bd = $y + 1 . '-' . $tmp_dob . ' 00:00'; + $birthday = datetime_convert($tz,'UTC',$bd,$format); + } + + return $birthday; + +} diff --git a/include/identity.php b/include/identity.php index e26d2b29f..23fc85830 100644 --- a/include/identity.php +++ b/include/identity.php @@ -395,3 +395,750 @@ function identity_basic_import($arr, $seize_primary = false) { } + + + +/** + * + * Function : profile_load + * @parameter App $a + * @parameter string $nickname + * @parameter string $profile + * + * Summary: Loads a profile into the page sidebar. + * The function requires a writeable copy of the main App structure, and the nickname + * of a registered local account. + * + * If the viewer is an authenticated remote viewer, the profile displayed is the + * one that has been configured for his/her viewing in the Contact manager. + * Passing a non-zero profile ID can also allow a preview of a selected profile + * by the owner. + * + * Profile information is placed in the App structure for later retrieval. + * Honours the owner's chosen theme for display. + * + */ + + +function profile_load(&$a, $nickname, $profile = '') { + + logger('profile_load: ' . $nickname . (($profile) ? ' profile: ' . $profile : '')); + + $user = q("select channel_id from channel where channel_address = '%s' limit 1", + dbesc($nickname) + ); + + if(! $user) { + logger('profile error: ' . $a->query_string, LOGGER_DEBUG); + notice( t('Requested channel is not available.') . EOL ); + $a->error = 404; + return; + } + + // get the current observer + $observer = $a->get_observer(); + + // Can the observer see our profile? + require_once('include/permissions.php'); + if(! perm_is_allowed($user[0]['channel_id'],$observer['xchan_hash'],'view_profile')) { + // permission denied + notice( t(' Sorry, you don\'t have the permission to view this profile. ') . EOL); + return; + } + + if(! $profile) { + $r = q("SELECT abook_profile FROM abook WHERE abook_xchan = '%s' and abook_channel = '%d' limit 1", + dbesc($observer['xchan_hash']), + intval($user[0]['channel_id']) + ); + if($r) + $profile = $r[0]['abook_profile']; + } + $r = null; + + if($profile) { + $r = q("SELECT profile.uid AS profile_uid, profile.*, channel.* FROM profile + LEFT JOIN channel ON profile.uid = channel.channel_id + WHERE channel.channel_address = '%s' AND profile.profile_guid = '%s' LIMIT 1", + dbesc($nickname), + dbesc($profile) + ); + } + + if(! $r) { + $r = q("SELECT profile.uid AS profile_uid, profile.*, channel.* FROM profile + LEFT JOIN channel ON profile.uid = channel.channel_id + WHERE channel.channel_address = '%s' and not ( channel_pageflags & %d ) + AND profile.is_default = 1 LIMIT 1", + dbesc($nickname), + intval(PAGE_REMOVED) + ); + } + + if(! $r) { + logger('profile error: ' . $a->query_string, LOGGER_DEBUG); + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + // fetch user tags if this isn't the default profile + + if(! $r[0]['is_default']) { + $x = q("select `keywords` from `profile` where uid = %d and `is_default` = 1 limit 1", + intval($profile_uid) + ); + if($x) + $r[0]['keywords'] = $x[0]['keywords']; + } + + if($r[0]['keywords']) { + $keywords = str_replace(array('#',',',' ',',,'),array('',' ',',',','),$r[0]['keywords']); + if(strlen($keywords)) + $a->page['htmlhead'] .= '' . "\r\n" ; + + } + + $a->profile = $r[0]; + $a->profile_uid = $r[0]['profile_uid']; + + $a->page['title'] = $a->profile['channel_name'] . " - " . $a->profile['channel_address'] . "@" . $a->get_hostname(); + + $a->profile['channel_mobile_theme'] = get_pconfig(local_user(),'system', 'mobile_theme'); + $_SESSION['theme'] = $a->profile['channel_theme']; + $_SESSION['mobile_theme'] = $a->profile['channel_mobile_theme']; + + /** + * load/reload current theme info + */ + + $a->set_template_engine(); // reset the template engine to the default in case the user's theme doesn't specify one + + $theme_info_file = "view/theme/".current_theme()."/php/theme.php"; + if (file_exists($theme_info_file)){ + require_once($theme_info_file); + } + + return; +} + +function profile_create_sidebar(&$a,$connect = true) { + + $block = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false); + + $a->set_widget('profile',profile_sidebar($a->profile, $block, $connect)); + return; +} + + +/** + * + * Function: profile_sidebar + * + * Formats a profile for display in the sidebar. + * It is very difficult to templatise the HTML completely + * because of all the conditional logic. + * + * @parameter: array $profile + * + * Returns HTML string stuitable for sidebar inclusion + * Exceptions: Returns empty string if passed $profile is wrong type or not populated + * + */ + + + +function profile_sidebar($profile, $block = 0, $show_connect = true) { + + $a = get_app(); + + $observer = $a->get_observer(); + + $o = ''; + $location = false; + $address = false; + $pdesc = true; + + if((! is_array($profile)) && (! count($profile))) + return $o; + + + head_set_icon($profile['thumb']); + + $is_owner = (($profile['uid'] == local_user()) ? true : false); + + $profile['picdate'] = urlencode($profile['picdate']); + + call_hooks('profile_sidebar_enter', $profile); + + require_once('include/Contact.php'); + + if($show_connect) { + + // This will return an empty string if we're already connected. + + $connect_url = rconnect_url($profile['uid'],get_observer_hash()); + $connect = (($connect_url) ? t('Connect') : ''); + if($connect_url) + $connect_url = sprintf($connect_url,urlencode($profile['channel_address'] . '@' . $a->get_hostname())); + + // premium channel - over-ride + + if($profile['channel_pageflags'] & PAGE_PREMIUM) + $connect_url = z_root() . '/connect/' . $profile['channel_address']; + } + + // show edit profile to yourself + if($is_owner) { + + $profile['menu'] = array( + 'chg_photo' => t('Change profile photo'), + 'entries' => array(), + ); + + + if(feature_enabled(local_user(),'multi_profiles')) { + $profile['edit'] = array($a->get_baseurl(). '/profiles', t('Profiles'),"", t('Manage/edit profiles')); + $profile['menu']['cr_new'] = t('Create New Profile'); + } + else + $profile['edit'] = array($a->get_baseurl() . '/profiles/' . $profile['id'], t('Edit Profile'),'',t('Edit Profile')); + + $r = q("SELECT * FROM `profile` WHERE `uid` = %d", + local_user()); + + + if($r) { + foreach($r as $rr) { + $profile['menu']['entries'][] = array( + 'photo' => $rr['thumb'], + 'id' => $rr['id'], + 'alt' => t('Profile Image'), + 'profile_name' => $rr['profile_name'], + 'isdefault' => $rr['is_default'], + 'visible_to_everybody' => t('visible to everybody'), + 'edit_visibility' => t('Edit visibility'), + ); + } + } + } + + if((x($profile,'address') == 1) + || (x($profile,'locality') == 1) + || (x($profile,'region') == 1) + || (x($profile,'postal_code') == 1) + || (x($profile,'country_name') == 1)) + $location = t('Location:'); + + $gender = ((x($profile,'gender') == 1) ? t('Gender:') : False); + $marital = ((x($profile,'marital') == 1) ? t('Status:') : False); + $homepage = ((x($profile,'homepage') == 1) ? t('Homepage:') : False); + + if(($profile['hidewall'] || $block) && (! local_user()) && (! remote_user())) { + $location = $pdesc = $gender = $marital = $homepage = False; + } + + $firstname = ((strpos($profile['name'],' ')) + ? trim(substr($profile['name'],0,strpos($profile['name'],' '))) : $profile['name']); + $lastname = (($firstname === $profile['name']) ? '' : trim(substr($profile['name'],strlen($firstname)))); + + if(is_array($observer) + && perm_is_allowed($profile['uid'],$observer['xchan_hash'],'view_contacts')) { + $contact_block = contact_block(); + } + + $channel_menu = false; + $menu = get_pconfig($profile['uid'],'system','channel_menu'); + if($menu) { + require_once('include/menu.php'); + $m = menu_fetch($menu,$profile['uid'],$observer['xchan_hash']); + if($m) + $channel_menu = menu_render($m); + } + $menublock = get_pconfig($profile['uid'],'system','channel_menublock'); + if ($menublock) { + require_once('include/comanche.php'); + $channel_menu .= comanche_block($menublock); + } + + $tpl = get_markup_template('profile_vcard.tpl'); + + $o .= replace_macros($tpl, array( + '$profile' => $profile, + '$connect' => $connect, + '$connect_url' => $connect_url, + '$location' => $location, + '$gender' => $gender, + '$pdesc' => $pdesc, + '$marital' => $marital, + '$homepage' => $homepage, + '$chanmenu' => $channel_menu, + '$contact_block' => $contact_block, + )); + + $arr = array('profile' => &$profile, 'entry' => &$o); + + call_hooks('profile_sidebar', $arr); + + return $o; +} + + +// FIXME or remove + + + function get_birthdays() { + + $a = get_app(); + $o = ''; + + if(! local_user()) + return $o; + + $bd_format = t('g A l F d') ; // 8 AM Friday January 18 + $bd_short = t('F d'); + + $r = q("SELECT `event`.*, `event`.`id` AS `eid`, `contact`.* FROM `event` + LEFT JOIN `contact` ON `contact`.`id` = `event`.`cid` + WHERE `event`.`uid` = %d AND `type` = 'birthday' AND `start` < '%s' AND `finish` > '%s' + ORDER BY `start` ASC ", + intval(local_user()), + dbesc(datetime_convert('UTC','UTC','now + 6 days')), + dbesc(datetime_convert('UTC','UTC','now')) + ); + + if($r && count($r)) { + $total = 0; + $now = strtotime('now'); + $cids = array(); + + $istoday = false; + foreach($r as $rr) { + if(strlen($rr['name'])) + $total ++; + if((strtotime($rr['start'] . ' +00:00') < $now) && (strtotime($rr['finish'] . ' +00:00') > $now)) + $istoday = true; + } + $classtoday = $istoday ? ' birthday-today ' : ''; + if($total) { + foreach($r as &$rr) { + if(! strlen($rr['name'])) + continue; + + // avoid duplicates + + if(in_array($rr['cid'],$cids)) + continue; + $cids[] = $rr['cid']; + + $today = (((strtotime($rr['start'] . ' +00:00') < $now) && (strtotime($rr['finish'] . ' +00:00') > $now)) ? true : false); + $sparkle = ''; + $url = $rr['url']; + if($rr['network'] === NETWORK_DFRN) { + $sparkle = " sparkle"; + $url = $a->get_baseurl() . '/redir/' . $rr['cid']; + } + + $rr['link'] = $url; + $rr['title'] = $rr['name']; + $rr['date'] = day_translate(datetime_convert('UTC', $a->timezone, $rr['start'], $rr['adjust'] ? $bd_format : $bd_short)) . (($today) ? ' ' . t('[today]') : ''); + $rr['startime'] = Null; + $rr['today'] = $today; + + } + } + } + $tpl = get_markup_template("birthdays_reminder.tpl"); + return replace_macros($tpl, array( + '$baseurl' => $a->get_baseurl(), + '$classtoday' => $classtoday, + '$count' => $total, + '$event_reminders' => t('Birthday Reminders'), + '$event_title' => t('Birthdays this week:'), + '$events' => $r, + '$lbr' => '{', // raw brackets mess up if/endif macro processing + '$rbr' => '}' + + )); + } + + +// FIXME + + + function get_events() { + + require_once('include/bbcode.php'); + + $a = get_app(); + + if(! local_user()) + return $o; + + $bd_format = t('g A l F d') ; // 8 AM Friday January 18 + $bd_short = t('F d'); + + $r = q("SELECT `event`.* FROM `event` + WHERE `event`.`uid` = %d AND `type` != 'birthday' AND `start` < '%s' AND `start` > '%s' + ORDER BY `start` ASC ", + intval(local_user()), + dbesc(datetime_convert('UTC','UTC','now + 6 days')), + dbesc(datetime_convert('UTC','UTC','now - 1 days')) + ); + + if($r && count($r)) { + $now = strtotime('now'); + $istoday = false; + foreach($r as $rr) { + if(strlen($rr['name'])) + $total ++; + + $strt = datetime_convert('UTC',$rr['convert'] ? $a->timezone : 'UTC',$rr['start'],'Y-m-d'); + if($strt === datetime_convert('UTC',$a->timezone,'now','Y-m-d')) + $istoday = true; + } + $classtoday = (($istoday) ? 'event-today' : ''); + + + foreach($r as &$rr) { + if($rr['adjust']) + $md = datetime_convert('UTC',$a->timezone,$rr['start'],'Y/m'); + else + $md = datetime_convert('UTC','UTC',$rr['start'],'Y/m'); + $md .= "/#link-".$rr['id']; + + $title = substr(strip_tags(bbcode($rr['desc'])),0,32) . '... '; + if(! $title) + $title = t('[No description]'); + + $strt = datetime_convert('UTC',$rr['convert'] ? $a->timezone : 'UTC',$rr['start']); + $today = ((substr($strt,0,10) === datetime_convert('UTC',$a->timezone,'now','Y-m-d')) ? true : false); + + $rr['link'] = $md; + $rr['title'] = $title; + $rr['date'] = day_translate(datetime_convert('UTC', $rr['adjust'] ? $a->timezone : 'UTC', $rr['start'], $bd_format)) . (($today) ? ' ' . t('[today]') : ''); + $rr['startime'] = $strt; + $rr['today'] = $today; + } + } + + $tpl = get_markup_template("events_reminder.tpl"); + return replace_macros($tpl, array( + '$baseurl' => $a->get_baseurl(), + '$classtoday' => $classtoday, + '$count' => count($r), + '$event_reminders' => t('Event Reminders'), + '$event_title' => t('Events this week:'), + '$events' => $r, + )); + } + + +function advanced_profile(&$a) { + + $o = ''; + + $o .= '

    ' . t('Profile') . '

    '; + + if($a->profile['name']) { + + $tpl = get_markup_template('profile_advanced.tpl'); + + $profile = array(); + + $profile['fullname'] = array( t('Full Name:'), $a->profile['name'] ) ; + + if($a->profile['gender']) $profile['gender'] = array( t('Gender:'), $a->profile['gender'] ); + + + if(($a->profile['dob']) && ($a->profile['dob'] != '0000-00-00')) { + + $year_bd_format = t('j F, Y'); + $short_bd_format = t('j F'); + + + $val = ((intval($a->profile['dob'])) + ? day_translate(datetime_convert('UTC','UTC',$a->profile['dob'] . ' 00:00 +00:00',$year_bd_format)) + : day_translate(datetime_convert('UTC','UTC','2001-' . substr($a->profile['dob'],5) . ' 00:00 +00:00',$short_bd_format))); + + $profile['birthday'] = array( t('Birthday:'), $val); + + } + + if($age = age($a->profile['dob'],$a->profile['timezone'],'')) $profile['age'] = array( t('Age:'), $age ); + + + if($a->profile['marital']) $profile['marital'] = array( t('Status:'), $a->profile['marital']); + + + if($a->profile['with']) $profile['marital']['with'] = $a->profile['with']; + + if(strlen($a->profile['howlong']) && $a->profile['howlong'] !== '0000-00-00 00:00:00') { + $profile['howlong'] = relative_date($a->profile['howlong'], t('for %1$d %2$s')); + } + + if($a->profile['sexual']) $profile['sexual'] = array( t('Sexual Preference:'), $a->profile['sexual'] ); + + if($a->profile['homepage']) $profile['homepage'] = array( t('Homepage:'), linkify($a->profile['homepage']) ); + + if($a->profile['hometown']) $profile['hometown'] = array( t('Hometown:'), linkify($a->profile['hometown']) ); + + if($a->profile['keywords']) $profile['keywords'] = array( t('Tags:'), $a->profile['keywords']); + + if($a->profile['politic']) $profile['politic'] = array( t('Political Views:'), $a->profile['politic']); + + if($a->profile['religion']) $profile['religion'] = array( t('Religion:'), $a->profile['religion']); + + if($txt = prepare_text($a->profile['about'])) $profile['about'] = array( t('About:'), $txt ); + + if($txt = prepare_text($a->profile['interest'])) $profile['interest'] = array( t('Hobbies/Interests:'), $txt); + + if($txt = prepare_text($a->profile['likes'])) $profile['likes'] = array( t('Likes:'), $txt); + + if($txt = prepare_text($a->profile['dislikes'])) $profile['dislikes'] = array( t('Dislikes:'), $txt); + + + if($txt = prepare_text($a->profile['contact'])) $profile['contact'] = array( t('Contact information and Social Networks:'), $txt); + + if($txt = prepare_text($a->profile['music'])) $profile['music'] = array( t('Musical interests:'), $txt); + + if($txt = prepare_text($a->profile['book'])) $profile['book'] = array( t('Books, literature:'), $txt); + + if($txt = prepare_text($a->profile['tv'])) $profile['tv'] = array( t('Television:'), $txt); + + if($txt = prepare_text($a->profile['film'])) $profile['film'] = array( t('Film/dance/culture/entertainment:'), $txt); + + if($txt = prepare_text($a->profile['romance'])) $profile['romance'] = array( t('Love/Romance:'), $txt); + + if($txt = prepare_text($a->profile['work'])) $profile['work'] = array( t('Work/employment:'), $txt); + + if($txt = prepare_text($a->profile['education'])) $profile['education'] = array( t('School/education:'), $txt ); + + $r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_page = '%s' and uid = %d and obj_type = %d + order by obj_verb, term", + dbesc($a->profile['profile_guid']), + intval($a->profile['profile_uid']), + intval(TERM_OBJ_THING) + ); + + $things = null; + + if($r) { + $things = array(); + + // Use the system obj_verbs array as a sort key, since we don't really + // want an alphabetic sort. To change the order, use a plugin to + // alter the obj_verbs() array or alter it in code. Unknown verbs come + // after the known ones - in no particular order. + + $v = obj_verbs(); + foreach($v as $k => $foo) + $things[$k] = null; + foreach($r as $rr) { + if(! $things[$rr['obj_verb']]) + $things[$rr['obj_verb']] = array(); + $things[$rr['obj_verb']][] = array('term' => $rr['term'],'url' => $rr['url'],'img' => $rr['imgurl']); + } + $sorted_things = array(); + if($things) + foreach($things as $k => $v) + if(is_array($things[$k])) + $sorted_things[$k] = $v; + } + + logger('mod_profile: things: ' . print_r($sorted_things,true), LOGGER_DATA); + + return replace_macros($tpl, array( + '$title' => t('Profile'), + '$profile' => $profile, + '$things' => $sorted_things + )); + } + + return ''; +} + + + +function profile_tabs($a, $is_owner=False, $nickname=Null){ + //echo "
    "; var_dump($a->user); killme();
+	
+	$channel = $a->get_channel();
+
+	if (is_null($nickname))
+		$nickname  = $channel['channel_address'];
+		
+	if(x($_GET,'tab'))
+		$tab = notags(trim($_GET['tab']));
+	
+	$url = $a->get_baseurl() . '/channel/' . $nickname;
+	$pr  = $a->get_baseurl() . '/profile/' . $nickname;
+
+	$tabs = array(
+		array(
+			'label' => t('Channel'),
+			'url'   => $url,
+			'sel'   => ((argv(0) == 'channel') ? 'active' : ''),
+			'title' => t('Status Messages and Posts'),
+			'id'    => 'status-tab',
+		),
+		array(
+			'label' => t('About'),
+			'url' 	=> $pr,
+			'sel'	=> ((argv(0) == 'profile') ? 'active' : ''),
+			'title' => t('Profile Details'),
+			'id'    => 'profile-tab',
+		),
+		array(
+			'label' => t('Photos'),
+			'url'	=> $a->get_baseurl() . '/photos/' . $nickname,
+			'sel'	=> ((argv(0) == 'photos') ? 'active' : ''),
+			'title' => t('Photo Albums'),
+			'id'    => 'photo-tab',
+		),
+	);
+
+
+	if ($is_owner){
+		$tabs[] = array(
+			'label' => t('Events'),
+			'url'	=> $a->get_baseurl() . '/events',
+			'sel' 	=> ((argv(0) == 'events') ? 'active' : ''),
+			'title' => t('Events and Calendar'),
+			'id'    => 'events-tab',
+		);
+		if(feature_enabled(local_user(),'webpages')){
+		$tabs[] = array(
+			'label' => t('Webpages'),
+			'url'	=> $a->get_baseurl() . '/webpages/' . $nickname,
+			'sel' 	=> ((argv(0) == 'webpages') ? 'active' : ''),
+			'title' => t('Manage Webpages'),
+			'id'    => 'webpages-tab',
+		);}
+	}
+	else {
+		// FIXME
+		// we probably need a listing of events that were created by 
+		// this channel and are visible to the observer
+
+
+	}
+
+
+	$arr = array('is_owner' => $is_owner, 'nickname' => $nickname, 'tab' => (($tab) ? $tab : false), 'tabs' => $tabs);
+	call_hooks('profile_tabs', $arr);
+	
+	$tpl = get_markup_template('common_tabs.tpl');
+
+	return replace_macros($tpl,array('$tabs' => $arr['tabs']));
+}
+
+
+function get_my_url() {
+	if(x($_SESSION,'zrl_override'))
+		return $_SESSION['zrl_override'];
+	if(x($_SESSION,'my_url'))
+		return $_SESSION['my_url'];
+	return false;
+}
+
+function get_my_address() {
+	if(x($_SESSION,'zid_override'))
+		return $_SESSION['zid_override'];
+	if(x($_SESSION,'my_address'))
+		return $_SESSION['my_address'];
+	return false;
+}
+
+/**
+ * @function zid_init(&$a)
+ *   If somebody arrives at our site using a zid, add their xchan to our DB if we don't have it already.
+ *   And if they aren't already authenticated here, attempt reverse magic auth.
+ *
+ * @hooks 'zid_init'
+ *      string 'zid' - their zid
+ *      string 'url' - the destination url
+ *
+ */
+
+function zid_init(&$a) {
+	$tmp_str = get_my_address();
+	if(validate_email($tmp_str)) {
+		proc_run('php','include/gprobe.php',bin2hex($tmp_str));
+		$arr = array('zid' => $tmp_str, 'url' => $a->cmd);
+		call_hooks('zid_init',$arr);
+		if((! local_user()) && (! remote_user())) {
+			logger('zid_init: not authenticated. Invoking reverse magic-auth for ' . $tmp_str);
+			$r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_id desc limit 1",
+				dbesc($tmp_str)
+			);
+			// try to avoid recursion - but send them home to do a proper magic auth
+			$dest = '/' . $a->query_string;
+			$dest = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$dest);
+			if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
+				goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&dest=' . z_root() . $dest);
+			}
+			else
+				logger('zid_init: no hubloc found.');
+		}
+	}
+}
+
+/**
+ * @function zid($s,$address = '')
+ *   Adds a zid parameter to a url
+ * @param string $s
+ *   The url to accept the zid
+ * @param boolean $address
+ *   $address to use instead of session environment
+ * @return string
+ *
+ * @hooks 'zid'
+ *      string url - url to accept zid
+ *      string zid - urlencoded zid
+ *      string result - the return string we calculated, change it if you want to return something else
+ */
+
+
+function zid($s,$address = '') {
+	if(! strlen($s) || strpos($s,'zid='))
+		return $s;
+	$has_params = ((strpos($s,'?')) ? true : false);
+	$num_slashes = substr_count($s,'/');
+	if(! $has_params)
+		$has_params = ((strpos($s,'&')) ? true : false);
+	$achar = strpos($s,'?') ? '&' : '?';
+
+	$mine = get_my_url();
+	$myaddr = (($address) ? $address : get_my_address());
+
+	// FIXME checking against our own channel url is no longer reliable. We may have a lot
+	// of urls attached to out channel. Should probably match against our site, since we
+	// will not need to remote authenticate on our own site anyway.
+
+	if($mine && $myaddr && (! link_compare($mine,$s)))
+		$zurl = $s . (($num_slashes >= 3) ? '' : '/') . $achar . 'zid=' . urlencode($myaddr);
+	else
+		$zurl = $s;
+
+	$arr = array('url' => $s, 'zid' => urlencode($myaddr), 'result' => $zurl);
+	call_hooks('zid', $arr);
+	return $arr['result'];
+}
+
+// Used from within PCSS themes to set theme parameters. If there's a
+// puid request variable, that is the "page owner" and normally their theme
+// settings take precedence; unless a local user sets the "always_my_theme" 
+// system pconfig, which means they don't want to see anybody else's theme 
+// settings except their own while on this site.
+
+function get_theme_uid() {
+	$uid = (($_REQUEST['puid']) ? intval($_REQUEST['puid']) : 0);
+	if(local_user()) {
+		if((get_pconfig(local_user(),'system','always_my_theme')) || (! $uid))
+			return local_user();
+		if(! $uid)
+			return local_user();
+	}
+	return $uid;
+}
diff --git a/include/profile_advanced.php b/include/profile_advanced.php
deleted file mode 100644
index 21606185d..000000000
--- a/include/profile_advanced.php
+++ /dev/null
@@ -1,125 +0,0 @@
-' . t('Profile') . '';
-
-	if($a->profile['name']) {
-
-		$tpl = get_markup_template('profile_advanced.tpl');
-		
-		$profile = array();
-		
-		$profile['fullname'] = array( t('Full Name:'), $a->profile['name'] ) ;
-		
-		if($a->profile['gender']) $profile['gender'] = array( t('Gender:'),  $a->profile['gender'] );
-		
-
-		if(($a->profile['dob']) && ($a->profile['dob'] != '0000-00-00')) {
-		
-			$year_bd_format = t('j F, Y');
-			$short_bd_format = t('j F');
-
-		
-			$val = ((intval($a->profile['dob'])) 
-				? day_translate(datetime_convert('UTC','UTC',$a->profile['dob'] . ' 00:00 +00:00',$year_bd_format))
-				: day_translate(datetime_convert('UTC','UTC','2001-' . substr($a->profile['dob'],5) . ' 00:00 +00:00',$short_bd_format)));
-
-			$profile['birthday'] = array( t('Birthday:'), $val);
-
-		}
-
-		if($age = age($a->profile['dob'],$a->profile['timezone'],''))  $profile['age'] = array( t('Age:'), $age );
-			
-
-		if($a->profile['marital']) $profile['marital'] = array( t('Status:'), $a->profile['marital']);
-
-
-		if($a->profile['with']) $profile['marital']['with'] = $a->profile['with'];
-
-		if(strlen($a->profile['howlong']) && $a->profile['howlong'] !== '0000-00-00 00:00:00') {
-				$profile['howlong'] = relative_date($a->profile['howlong'], t('for %1$d %2$s'));
-		}
-
-		if($a->profile['sexual']) $profile['sexual'] = array( t('Sexual Preference:'), $a->profile['sexual'] );
-
-		if($a->profile['homepage']) $profile['homepage'] = array( t('Homepage:'), linkify($a->profile['homepage']) );
-
-		if($a->profile['hometown']) $profile['hometown'] = array( t('Hometown:'), linkify($a->profile['hometown']) );
-
-		if($a->profile['keywords']) $profile['keywords'] = array( t('Tags:'), $a->profile['keywords']);
-
-		if($a->profile['politic']) $profile['politic'] = array( t('Political Views:'), $a->profile['politic']);
-
-		if($a->profile['religion']) $profile['religion'] = array( t('Religion:'), $a->profile['religion']);
-
-		if($txt = prepare_text($a->profile['about'])) $profile['about'] = array( t('About:'), $txt );
-
-		if($txt = prepare_text($a->profile['interest'])) $profile['interest'] = array( t('Hobbies/Interests:'), $txt);
-
-		if($txt = prepare_text($a->profile['likes'])) $profile['likes'] = array( t('Likes:'), $txt);
-
-		if($txt = prepare_text($a->profile['dislikes'])) $profile['dislikes'] = array( t('Dislikes:'), $txt);
-
-
-		if($txt = prepare_text($a->profile['contact'])) $profile['contact'] = array( t('Contact information and Social Networks:'), $txt);
-
-		if($txt = prepare_text($a->profile['music'])) $profile['music'] = array( t('Musical interests:'), $txt);
-		
-		if($txt = prepare_text($a->profile['book'])) $profile['book'] = array( t('Books, literature:'), $txt);
-
-		if($txt = prepare_text($a->profile['tv'])) $profile['tv'] = array( t('Television:'), $txt);
-
-		if($txt = prepare_text($a->profile['film'])) $profile['film'] = array( t('Film/dance/culture/entertainment:'), $txt);
-
-		if($txt = prepare_text($a->profile['romance'])) $profile['romance'] = array( t('Love/Romance:'), $txt);
-		
-		if($txt = prepare_text($a->profile['work'])) $profile['work'] = array( t('Work/employment:'), $txt);
-
-		if($txt = prepare_text($a->profile['education'])) $profile['education'] = array( t('School/education:'), $txt );
-
-		$r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_page = '%s' and uid = %d and obj_type = %d 
-			order by obj_verb, term",
-				dbesc($a->profile['profile_guid']),
-				intval($a->profile['profile_uid']),
-				intval(TERM_OBJ_THING)
-		);
-
-		$things = null;
-
-		if($r) {
-			$things = array();
-
-			// Use the system obj_verbs array as a sort key, since we don't really
-			// want an alphabetic sort. To change the order, use a plugin to
-			// alter the obj_verbs() array or alter it in code. Unknown verbs come
-			// after the known ones - in no particular order. 
-
-			$v = obj_verbs();
-			foreach($v as $k => $foo)
-				$things[$k] = null;
-			foreach($r as $rr) {
-				if(! $things[$rr['obj_verb']])
-					$things[$rr['obj_verb']] = array();
-				$things[$rr['obj_verb']][] = array('term' => $rr['term'],'url' => $rr['url'],'img' => $rr['imgurl']);
-			} 
-			$sorted_things = array();
-			if($things)
-				foreach($things as $k => $v)
-					if(is_array($things[$k]))
-						$sorted_things[$k] = $v;
-		}
-
-		logger('mod_profile: things: ' . print_r($sorted_things,true), LOGGER_DATA); 
-
-        return replace_macros($tpl, array(
-            '$title' => t('Profile'),
-            '$profile' => $profile,
-			'$things' => $sorted_things
-        ));
-    }
-
-	return '';
-}
-- 
cgit v1.2.3


From f57909d19075ffe74358ce2cb48c4be66e964a7c Mon Sep 17 00:00:00 2001
From: friendica 
Date: Tue, 3 Dec 2013 16:31:05 -0800
Subject: on successful magic-auth, put remote_service_class and remote_hub
 into the session

---
 include/auth.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include')

diff --git a/include/auth.php b/include/auth.php
index 8eb8bf333..c0002e6c1 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -22,6 +22,8 @@ function nuke_session() {
 	unset($_SESSION['my_address']);
 	unset($_SESSION['addr']);
 	unset($_SESSION['return_url']);
+	unset($_SESSION['remote_service_class']);
+	unset($_SESSION['remote_hub']);
 }
 
 /**
-- 
cgit v1.2.3


From 657b842d645bab65a9279925a9ae095dd561375d Mon Sep 17 00:00:00 2001
From: friendica 
Date: Tue, 3 Dec 2013 17:33:48 -0800
Subject: more documentation work

---
 include/identity.php | 181 ++++++++++++++++++++++++++++++---------------------
 1 file changed, 106 insertions(+), 75 deletions(-)

(limited to 'include')

diff --git a/include/identity.php b/include/identity.php
index 23fc85830..f8717b1f6 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -4,6 +4,21 @@ require_once('include/zot.php');
 require_once('include/crypto.php');
 
 
+/**
+ * @function identity_check_service_class($account_id)
+ *     Called when creating a new channel. Checks the account's service class and number
+ * of current channels to determine whether creating a new channel is within the current
+ * service class constraints.
+ *
+ * @param int $account_id
+ *     Account_id used for this request
+ *
+ * @returns array
+ *       'success' => boolean true if creating a new channel is allowed for this account
+ *       'message' => if success is false, optional error text
+ */
+ 
+
 function identity_check_service_class($account_id) {
 	$ret = array('success' => false, $message => '');
 	
@@ -24,11 +39,22 @@ function identity_check_service_class($account_id) {
 	return $ret;
 }
 
-// Return an error message if the name is not valid. We're currently only checking
-// for an empty name or one that exceeds our storage limit (255 chars).
-// 255 chars is probably going to create a mess on some pages. 
-// Plugins can set additional policies such as full name requirements, character sets, multi-byte
-// length, etc. 
+
+/**
+ * @function validate_channelname($name)
+ *     Determine if the channel name is allowed when creating a new channel.
+ * This action is pluggable.
+ *
+ * @param string $name
+ *
+ * @returns nil return if name is valid, or string describing the error state.
+ *
+ * We're currently only checking for an empty name or one that exceeds our storage limit (255 chars).
+ * 255 chars is probably going to create a mess on some pages. 
+ * Plugins can set additional policies such as full name requirements, character sets, multi-byte
+ * length, etc. 
+ *
+ */
 
 function validate_channelname($name) {
 
@@ -44,8 +70,13 @@ function validate_channelname($name) {
 }
 
 
-// Create the system channel for directory synchronisation - this has no account attached
-
+/**
+ * @function create_dir_account()
+ *     Create a system channel - which has no account attached
+ *
+ * Currently unused. 
+ *
+ */
 
 function create_dir_account() {
 	create_identity(array(
@@ -57,6 +88,14 @@ function create_dir_account() {
 	));
 }
 
+/**
+ * @channel_total()
+ *   Return the total number of channels on this site. No filtering is performed.
+ *
+ * @returns int 
+ *   on error returns boolean false
+ *
+ */
 
 function channel_total() {
 	$r = q("select channel_id from channel where true");
@@ -66,11 +105,24 @@ function channel_total() {
 }
 
 
-
-// Required: name, nickname, account_id
-
-// optional: pageflags
-
+/**
+ * @function create_identity($arr)
+ *     Create a new channel
+ * Also creates the related xchan, hubloc, profile, and "self" abook records, and an 
+ * empty "Friends" group/collection for the new channel
+ *
+ * @param array $arr
+ *       'name'       => full name of channel
+ *       'nickname'   => "email/url-compliant" nickname
+ *       'account_id' => account_id to attach with this channel
+ *       [other identity fields as desired]
+ *
+ * @returns array
+ *     'success' => boolean true or false
+ *     'message' => optional error text if success is false
+ *     'channel' => if successful the created channel array
+ */
+ 
 function create_identity($arr) {
 
 	$a = get_app();
@@ -254,8 +306,21 @@ function create_identity($arr) {
 
 }
 
-// set default identity for account_id to channel_id
-// if $force is false only do this if there is no current default
+
+/**
+ * @function set_default_login_identity($account_id, $channel_id, $force = true)
+ *       Set default channel to be used on login
+ *
+ * @param int $account_id
+ *       login account
+ * @param int $channel_id
+ *       channel id to set as default for this account
+ * @param boolean force
+ *       if true, set this default unconditionally
+ *       if $force is false only do this if there is no existing default
+ * 
+ * @returns nil
+ */
 
 function set_default_login_identity($account_id,$channel_id,$force = true) {
 	$r = q("select account_default_channel from account where account_id = %d limit 1",
@@ -271,6 +336,21 @@ function set_default_login_identity($account_id,$channel_id,$force = true) {
 	}
 }
 
+/**
+ * @function identity_basic_export($channel_id)
+ *     Create an array representing the important channel information
+ * which would be necessary to create a nomadic identity clone. This includes
+ * most channel resources and connection information with the exception of content.
+ *
+ * @param int $channel_id
+ *     Channel_id to export
+ *
+ *
+ * @returns array
+ *     See function for details
+ *
+ */
+
 function identity_basic_export($channel_id) {
 
 	/*
@@ -349,73 +429,24 @@ function identity_basic_export($channel_id) {
 
 
 
-function identity_basic_import($arr, $seize_primary = false) {
-
-	$ret = array('result' => false );
-
-	if($arr['channel']) {
-		// import channel		
-
-		// create a new xchan (if necessary)
-
-		// create a new hubloc and seize control if applicable
-
-
-	}
-	if($arr['profile']) {
-		// FIXME - change profile assignment to a hash instead of an id we have to fix
-
-
-	}
-
-	if($arr['xchan']) {
-
-		// import any xchan and hubloc which are not yet available on this site
-		// Unset primary for all other hubloc on our own record if $seize_primary
-
-
-	}
-
-	if($arr['abook']) {
-		// import the abook entries
-
-
-	}
-
-
-	if($seize_primary) {
-
-		// send a refresh message to all our friends, telling them we've moved
-
-	}
-
-
-	$ret['result'] = true ;
-	return $ret;
-
-
-}
-
-
-
 /**
  *
- * Function : profile_load
- * @parameter App    $a
- * @parameter string $nickname
- * @parameter string $profile
+ * @function : profile_load(&$a, $nickname, $profile)
+ *     Generate
+ * @param App $a
+ * @param string $nickname
+ * @param string $profile
  *
- * Summary: Loads a profile into the page sidebar.
+ * Summary: Loads a profile into the App structure.
  * The function requires a writeable copy of the main App structure, and the nickname
- * of a registered local account.
+ * of a valid channel.
  *
- * If the viewer is an authenticated remote viewer, the profile displayed is the
- * one that has been configured for his/her viewing in the Contact manager.
- * Passing a non-zero profile ID can also allow a preview of a selected profile
- * by the owner.
+ * Permissions of the current observer are checked. If a restricted profile is available
+ * to the current observer, that will be loaded instead of the channel default profile.
+ * 
+ * The channel owner can set $profile to a valid profile_guid to preview that profile.
  *
- * Profile information is placed in the App structure for later retrieval.
- * Honours the owner's chosen theme for display.
+ * The channel default theme is also selected for use, unless over-riden elsewhere.
  *
  */
 
-- 
cgit v1.2.3


From 7187c493e16abc98a8e1ed53d63a3d93e63db4af Mon Sep 17 00:00:00 2001
From: friendica 
Date: Tue, 3 Dec 2013 17:55:10 -0800
Subject: add hooks to zot-finger and import_xchan

---
 include/zot.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'include')

diff --git a/include/zot.php b/include/zot.php
index 124fe7fd6..e365435e9 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -531,6 +531,9 @@ function zot_register_hub($arr) {
 
 function import_xchan($arr,$ud_flags = 1) {
 
+
+	call_hooks('import_xchan', $arr);
+
 	$ret = array('success' => false);
 	$dirmode = intval(get_config('system','directory_mode')); 
 
-- 
cgit v1.2.3


From d8903f09f5a6d637b4258632eee16859373e1893 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Wed, 4 Dec 2013 00:19:29 -0800
Subject: include re-organisation and more doco, post_to_red fix ampersands in
 categories

---
 include/items.php | 42 +++++++++++++++++++-----------------------
 include/zot.php   | 23 +++++++++++++++++++++--
 2 files changed, 40 insertions(+), 25 deletions(-)

(limited to 'include')

diff --git a/include/items.php b/include/items.php
index fa46b62a1..b6a196f4a 100755
--- a/include/items.php
+++ b/include/items.php
@@ -609,8 +609,8 @@ function get_item_elements($x) {
 	// once, and after that your hub knows them. Sure some info is in the post, but it's only a transit identifier
 	// and not enough info to be able to look you up from your hash - which is the only thing stored with the post.
 
-	if(import_author_xchan($x['author']))
-		$arr['author_xchan'] = base64url_encode(hash('whirlpool',$x['author']['guid'] . $x['author']['guid_sig'], true));
+	if(($xchan_hash = import_author_xchan($x['author'])) !== false)
+		$arr['author_xchan'] = $xchan_hash;
 	else
 		return array();
 
@@ -618,8 +618,8 @@ function get_item_elements($x) {
 	if($arr['author_xchan'] === base64url_encode(hash('whirlpool',$x['owner']['guid'] . $x['owner']['guid_sig'], true)))
 		$arr['owner_xchan'] = $arr['author_xchan'];
 	else {
-		if(import_author_xchan($x['owner']))
-			$arr['owner_xchan']  = base64url_encode(hash('whirlpool',$x['owner']['guid'] . $x['owner']['guid_sig'], true));
+		if(($xchan_hash = import_author_xchan($x['owner'])) !== false)
+			$arr['owner_xchan'] = $xchan_hash;
 		else
 			return array();
 	}
@@ -657,21 +657,18 @@ function get_item_elements($x) {
 
 function import_author_xchan($x) {
 
-	$r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d) limit 1",
-		dbesc($x['guid']),
-		dbesc($x['guid_sig']),
-		intval(HUBLOC_FLAGS_PRIMARY)
-	);
+	$arr = array('xchan' => $x, 'xchan_hash' => '');
+	call_hooks('import_author_xchan',$arr);
+	if($arr['xchan_hash'])
+		return $arr['xchan_hash'];
 
-	if($r) {
-		logger('import_author_xchan: in cache', LOGGER_DEBUG);
-		return true;
+	if((! array_key_exists('network', $x)) || ($x['network'] === 'zot')) {
+		return import_author_zot($x);
 	}
 
-	logger('import_author_xchan: entry not in cache - probing: ' . print_r($x,true), LOGGER_DEBUG);
+	// TODO: create xchans for other common and/or aligned networks
 
-	$them = array('hubloc_url' => $x['url'],'xchan_guid' => $x['guid'], 'xchan_guid_sig' => $x['guid_sig']);
-	return zot_refresh($them);
+	return false;
 }
 
 function encode_item($item) {
@@ -785,6 +782,7 @@ function encode_item_xchan($xchan) {
 	$ret['name']     = $xchan['xchan_name'];
 	$ret['address']  = $xchan['xchan_addr'];
 	$ret['url']      = $xchan['hubloc_url'];
+	$ret['network']  = $xchan['xchan_network'];
 	$ret['photo']    = array('mimetype' => $xchan['xchan_photo_mimetype'], 'src' => $xchan['xchan_photo_m']);
 	$ret['guid']     = $xchan['xchan_guid'];
 	$ret['guid_sig'] = $xchan['xchan_guid_sig'];
@@ -977,18 +975,16 @@ function get_mail_elements($x) {
 	if($x['attach'])
 		$arr['attach'] = activity_sanitise($x['attach']);
 
-
-	if(import_author_xchan($x['from']))
-		$arr['from_xchan'] = base64url_encode(hash('whirlpool',$x['from']['guid'] . $x['from']['guid_sig'], true));
+	if(($xchan_hash = import_author_xchan($x['from'])) !== false)
+		$arr['from_xchan'] = $xchan_hash;
 	else
 		return array();
 
-	if(import_author_xchan($x['to']))
-		$arr['to_xchan']  = base64url_encode(hash('whirlpool',$x['to']['guid'] . $x['to']['guid_sig'], true));
+	if(($xchan_hash = import_author_xchan($x['to'])) !== false)
+		$arr['to_xchan'] = $xchan_hash;
 	else
 		return array();
 
-
 	return $arr;
 
 }
@@ -998,8 +994,8 @@ function get_profile_elements($x) {
 
 	$arr = array();
 
-	if(import_author_xchan($x['from']))
-		$arr['xprof_hash'] = base64url_encode(hash('whirlpool',$x['from']['guid'] . $x['from']['guid_sig'], true));
+	if(($xchan_hash = import_author_xchan($x['from'])) !== false)
+		$arr['xprof_hash'] = $xchan_hash;
 	else
 		return array();
 
diff --git a/include/zot.php b/include/zot.php
index e365435e9..37373e7ad 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -863,8 +863,6 @@ function import_xchan($arr,$ud_flags = 1) {
 		}
 	}
 	
-
-
 	if($changed) {
 		$guid = random_string() . '@' . get_app()->get_hostname();		
 		update_modtime($xchan_hash,$guid,$arr['address'],$ud_flags);
@@ -2103,3 +2101,24 @@ function get_rpost_path($observer) {
 
 }
 
+function import_author_zot($x) {
+	$hash = base64url_encode(hash('whirlpool',$x['guid'] . $x['guid_sig'], true));
+	$r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d) limit 1",
+		dbesc($x['guid']),
+		dbesc($x['guid_sig']),
+		intval(HUBLOC_FLAGS_PRIMARY)
+	);
+
+	if($r) {
+		logger('import_author_zot: in cache', LOGGER_DEBUG);
+		return $hash;
+	}
+
+	logger('import_author_zot: entry not in cache - probing: ' . print_r($x,true), LOGGER_DEBUG);
+	
+	$them = array('hubloc_url' => $x['url'],'xchan_guid' => $x['guid'], 'xchan_guid_sig' => $x['guid_sig']);
+	if(zot_refresh($them))
+		return $hash;
+	return false;
+}
+
-- 
cgit v1.2.3


From 13feafce17059f95ab00c8a84af27bc16c97d442 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Wed, 4 Dec 2013 18:30:14 -0800
Subject: add poco and follow to default xchan creation

---
 include/identity.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/identity.php b/include/identity.php
index f8717b1f6..0856add44 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -243,7 +243,7 @@ function create_identity($arr) {
 
 	$newuid = $ret['channel']['channel_id'];
 
-	$r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_follow, xchan_name, xchan_network, xchan_photo_date, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
+	$r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_follow, xchan_connurl, xchan_name, xchan_network, xchan_photo_date, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
 		dbesc($hash),
 		dbesc($guid),
 		dbesc($sig),
@@ -254,6 +254,7 @@ function create_identity($arr) {
 		dbesc($ret['channel']['channel_address'] . '@' . get_app()->get_hostname()),
 		dbesc(z_root() . '/channel/' . $ret['channel']['channel_address']),
 		dbesc(z_root() . '/follow?f=&url=%s'),
+		dbesc(z_root() . '/poco/' . $ret['channel']['channel_address']),
 		dbesc($ret['channel']['channel_name']),
 		dbesc('zot'),
 		dbesc(datetime_convert()),
-- 
cgit v1.2.3


From 04f61dd4a1e2d44291265855df68521933bedb04 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Wed, 4 Dec 2013 21:10:03 -0800
Subject: add icon_trnalsate

---
 include/text.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'include')

diff --git a/include/text.php b/include/text.php
index ff695062f..bd4376ce4 100755
--- a/include/text.php
+++ b/include/text.php
@@ -128,6 +128,9 @@ function purify_html($s) {
 }
 
 
+
+
+
 // generate a string that's random, but usually pronounceable. 
 // used to generate initial passwords
 
-- 
cgit v1.2.3


From cc1e906825dd30f74d0a30190a7dd2a26d6b1642 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Wed, 4 Dec 2013 23:54:46 -0800
Subject: generate a small amount of entropy to avoid duplicate notifications
 from essentially simultaneous deliveries.

---
 include/enotify.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'include')

diff --git a/include/enotify.php b/include/enotify.php
index 808efef51..011a1cde2 100644
--- a/include/enotify.php
+++ b/include/enotify.php
@@ -4,6 +4,10 @@ function notification($params) {
 
 	logger('notification: entry', LOGGER_DEBUG);
 
+	// throw a small amount of entropy into the system to breakup duplicates arriving at the same precise instant.
+	usleep(mt_rand(0,10000));
+	
+
 	$a = get_app();
 
 
-- 
cgit v1.2.3


From 38577cf26cc241245731f786704ac773bfc52952 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Thu, 5 Dec 2013 18:17:16 -0800
Subject: issue #225

---
 include/zot.php | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

(limited to 'include')

diff --git a/include/zot.php b/include/zot.php
index 37373e7ad..77d82f110 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -670,19 +670,41 @@ function import_xchan($arr,$ud_flags = 1) {
 
 		require_once('include/photo/photo_driver.php');
 
-		$photos = import_profile_photo($arr['photo'],$xchan_hash);
-		$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
+		// see if this is a channel clone that's hosted locally - which we treat different from other xchans/connections
+
+		$local = q("select channel_account_id, channel_id from channel where channel_hash = '%s' limit 1",
+			dbesc($xchan_hash)
+		);
+		if($local) {
+			$ph = z_fetch_url($arr['photo'],true);
+			if($ph['success']) {
+				import_channel_photo($ph['body'], $arr['photo_mimetype'], $local[0]['channel_account_id'],$local[0]['channel_id']);
+				// reset the names in case they got messed up when we had a bug in this function
+				$photos = array(
+					z_root() . '/photo/profile/l/' . $local[0]['channel_id'],
+					z_root() . '/photo/profile/m/' . $local[0]['channel_id'],
+					z_root() . '/photo/profile/s/' . $local[0]['channel_id'],
+					$arr['photo_mimetype']
+				);
+			}
+		}
+		else {
+			$photos = import_profile_photo($arr['photo'],$xchan_hash);
+		}
+		if($photos) {
+			$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
 				where xchan_hash = '%s' limit 1",
-				dbesc($arr['photo_updated']),
+				dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])),
 				dbesc($photos[0]),
 				dbesc($photos[1]),
 				dbesc($photos[2]),
 				dbesc($photos[3]),
 				dbesc($xchan_hash)
-		);
+			);
 
-		$what .= 'photo ';
-		$changed = true;
+			$what .= 'photo ';
+			$changed = true;
+		}
 	}
 
 	// what we are missing for true hub independence is for any changes in the primary hub to 
-- 
cgit v1.2.3


From 78d19f3395e8fd0660e58498c15850e1323ec4b3 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Thu, 5 Dec 2013 21:00:14 -0800
Subject: move profile tabs and network/matrix tabs to include/conversation

---
 include/conversation.php | 184 +++++++++++++++++++++++++++++++++++++++++++++++
 include/identity.php     |  73 -------------------
 2 files changed, 184 insertions(+), 73 deletions(-)

(limited to 'include')

diff --git a/include/conversation.php b/include/conversation.php
index e20fef9f6..13990e89b 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1305,3 +1305,187 @@ function prepare_page($item) {
 	));
 }
 
+
+function network_tabs() {
+	$a = get_app();
+	$no_active='';
+	$starred_active = '';
+	$new_active = '';
+	$all_active = '';
+	$search_active = '';
+	$conv_active = '';
+	$spam_active = '';
+	$postord_active = '';
+
+	if(x($_GET,'new')) {
+		$new_active = 'active';
+	}
+	
+	if(x($_GET,'search')) {
+		$search_active = 'active';
+	}
+	
+	if(x($_GET,'star')) {
+		$starred_active = 'active';
+	}
+	
+	if(x($_GET,'conv')) {
+		$conv_active = 'active';
+	}
+
+	if(x($_GET,'spam')) {
+		$spam_active = 'active';
+	}
+
+	
+	
+	if (($new_active == '') 
+		&& ($starred_active == '') 
+		&& ($conv_active == '')
+		&& ($search_active == '')
+		&& ($spam_active == '')) {
+			$no_active = 'active';
+	}
+
+	if ($no_active=='active' && x($_GET,'order')) {
+		switch($_GET['order']){
+		 case 'post': $postord_active = 'active'; $no_active=''; break;
+		 case 'comment' : $all_active = 'active'; $no_active=''; break;
+		}
+	}
+	
+	if ($no_active=='active') $all_active='active';
+
+	$cmd = $a->cmd;
+
+	// tabs
+	$tabs = array(
+		array(
+			'label' => t('Commented Order'),
+			'url'=>$a->get_baseurl(true) . '/' . $cmd . '?f=&order=comment' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), 
+			'sel'=>$all_active,
+			'title'=> t('Sort by Comment Date'),
+		),
+		array(
+			'label' => t('Posted Order'),
+			'url'=>$a->get_baseurl(true) . '/' . $cmd . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), 
+			'sel'=>$postord_active,
+			'title' => t('Sort by Post Date'),
+		),
+
+		array(
+			'label' => t('Personal'),
+			'url' => $a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1',
+			'sel' => $conv_active,
+			'title' => t('Posts that mention or involve you'),
+		),
+		array(
+			'label' => t('New'),
+			'url' => $a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&new=1',
+			'sel' => $new_active,
+			'title' => t('Activity Stream - by date'),
+		),
+
+	);
+
+	if(feature_enabled(local_user(),'star_posts')) 
+		$tabs[] = array(
+			'label' => t('Starred'),
+			'url'=>$a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1',
+			'sel'=>$starred_active,
+			'title' => t('Favourite Posts'),
+		);
+
+	// Not yet implemented
+
+	if(feature_enabled(local_user(),'spam_filter')) 
+		$tabs[] = array(
+			'label' => t('Spam'),
+			'url'=>$a->get_baseurl(true) . '/network?f=&spam=1',
+			'sel'=> $spam_active,
+			'title' => t('Posts flagged as SPAM'),
+		);	
+
+	$arr = array('tabs' => $tabs);
+	call_hooks('network_tabs', $arr);
+
+	$tpl = get_markup_template('common_tabs.tpl');
+
+	return replace_macros($tpl,array('$tabs' => $arr['tabs']));
+
+}
+
+
+
+function profile_tabs($a, $is_owner=False, $nickname=Null){
+	//echo "
    "; var_dump($a->user); killme();
+	
+	$channel = $a->get_channel();
+
+	if (is_null($nickname))
+		$nickname  = $channel['channel_address'];
+		
+	if(x($_GET,'tab'))
+		$tab = notags(trim($_GET['tab']));
+	
+	$url = $a->get_baseurl() . '/channel/' . $nickname;
+	$pr  = $a->get_baseurl() . '/profile/' . $nickname;
+
+	$tabs = array(
+		array(
+			'label' => t('Channel'),
+			'url'   => $url,
+			'sel'   => ((argv(0) == 'channel') ? 'active' : ''),
+			'title' => t('Status Messages and Posts'),
+			'id'    => 'status-tab',
+		),
+		array(
+			'label' => t('About'),
+			'url' 	=> $pr,
+			'sel'	=> ((argv(0) == 'profile') ? 'active' : ''),
+			'title' => t('Profile Details'),
+			'id'    => 'profile-tab',
+		),
+		array(
+			'label' => t('Photos'),
+			'url'	=> $a->get_baseurl() . '/photos/' . $nickname,
+			'sel'	=> ((argv(0) == 'photos') ? 'active' : ''),
+			'title' => t('Photo Albums'),
+			'id'    => 'photo-tab',
+		),
+	);
+
+
+	if ($is_owner){
+		$tabs[] = array(
+			'label' => t('Events'),
+			'url'	=> $a->get_baseurl() . '/events',
+			'sel' 	=> ((argv(0) == 'events') ? 'active' : ''),
+			'title' => t('Events and Calendar'),
+			'id'    => 'events-tab',
+		);
+		if(feature_enabled(local_user(),'webpages')){
+		$tabs[] = array(
+			'label' => t('Webpages'),
+			'url'	=> $a->get_baseurl() . '/webpages/' . $nickname,
+			'sel' 	=> ((argv(0) == 'webpages') ? 'active' : ''),
+			'title' => t('Manage Webpages'),
+			'id'    => 'webpages-tab',
+		);}
+	}
+	else {
+		// FIXME
+		// we probably need a listing of events that were created by 
+		// this channel and are visible to the observer
+
+
+	}
+
+
+	$arr = array('is_owner' => $is_owner, 'nickname' => $nickname, 'tab' => (($tab) ? $tab : false), 'tabs' => $tabs);
+	call_hooks('profile_tabs', $arr);
+	
+	$tpl = get_markup_template('common_tabs.tpl');
+
+	return replace_macros($tpl,array('$tabs' => $arr['tabs']));
+}
diff --git a/include/identity.php b/include/identity.php
index 0856add44..e22bb8645 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -992,79 +992,6 @@ function advanced_profile(&$a) {
 
 
 
-function profile_tabs($a, $is_owner=False, $nickname=Null){
-	//echo "
    "; var_dump($a->user); killme();
-	
-	$channel = $a->get_channel();
-
-	if (is_null($nickname))
-		$nickname  = $channel['channel_address'];
-		
-	if(x($_GET,'tab'))
-		$tab = notags(trim($_GET['tab']));
-	
-	$url = $a->get_baseurl() . '/channel/' . $nickname;
-	$pr  = $a->get_baseurl() . '/profile/' . $nickname;
-
-	$tabs = array(
-		array(
-			'label' => t('Channel'),
-			'url'   => $url,
-			'sel'   => ((argv(0) == 'channel') ? 'active' : ''),
-			'title' => t('Status Messages and Posts'),
-			'id'    => 'status-tab',
-		),
-		array(
-			'label' => t('About'),
-			'url' 	=> $pr,
-			'sel'	=> ((argv(0) == 'profile') ? 'active' : ''),
-			'title' => t('Profile Details'),
-			'id'    => 'profile-tab',
-		),
-		array(
-			'label' => t('Photos'),
-			'url'	=> $a->get_baseurl() . '/photos/' . $nickname,
-			'sel'	=> ((argv(0) == 'photos') ? 'active' : ''),
-			'title' => t('Photo Albums'),
-			'id'    => 'photo-tab',
-		),
-	);
-
-
-	if ($is_owner){
-		$tabs[] = array(
-			'label' => t('Events'),
-			'url'	=> $a->get_baseurl() . '/events',
-			'sel' 	=> ((argv(0) == 'events') ? 'active' : ''),
-			'title' => t('Events and Calendar'),
-			'id'    => 'events-tab',
-		);
-		if(feature_enabled(local_user(),'webpages')){
-		$tabs[] = array(
-			'label' => t('Webpages'),
-			'url'	=> $a->get_baseurl() . '/webpages/' . $nickname,
-			'sel' 	=> ((argv(0) == 'webpages') ? 'active' : ''),
-			'title' => t('Manage Webpages'),
-			'id'    => 'webpages-tab',
-		);}
-	}
-	else {
-		// FIXME
-		// we probably need a listing of events that were created by 
-		// this channel and are visible to the observer
-
-
-	}
-
-
-	$arr = array('is_owner' => $is_owner, 'nickname' => $nickname, 'tab' => (($tab) ? $tab : false), 'tabs' => $tabs);
-	call_hooks('profile_tabs', $arr);
-	
-	$tpl = get_markup_template('common_tabs.tpl');
-
-	return replace_macros($tpl,array('$tabs' => $arr['tabs']));
-}
-
 
 function get_my_url() {
 	if(x($_SESSION,'zrl_override'))
-- 
cgit v1.2.3


From 1aa79d9ee69bbb7afb2c9b87579aad252ef66730 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Fri, 6 Dec 2013 00:02:39 -0800
Subject: some code cleanup - gad I forgot what a mess the "other"
 notifications tabs (everything but system) were in. Maybe I'll just remove
 them so we can start over.

---
 include/nav.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/nav.php b/include/nav.php
index 56644f6fd..f0dd20c6b 100644
--- a/include/nav.php
+++ b/include/nav.php
@@ -156,7 +156,7 @@ EOT;
 
 
 		$nav['intros'] = array('connections/pending',	t('Intros'), "", t('New Connections'));
-		$nav['intros']['all']=array('intro', t('See all channel introductions'), "", "");
+		$nav['intros']['all']=array('notifications/intros', t('See all channel introductions'), "", "");
 
 
 		$nav['notifications'] = array('notifications/system',	t('Notices'), "", t('Notifications'));
-- 
cgit v1.2.3


From 5382f607d9d67951fe50ed88e87875086276b4d3 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Fri, 6 Dec 2013 00:11:15 -0800
Subject: yeah - that's what I'm going to do. we'll just keep system
 notifications. If somebody wants web pages for the others we'll start fresh.
 It's easier than starting with curfty friendica code that doesn't work
 anymore and will never work without starting over.

---
 include/nav.php | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'include')

diff --git a/include/nav.php b/include/nav.php
index f0dd20c6b..f89de2de0 100644
--- a/include/nav.php
+++ b/include/nav.php
@@ -147,16 +147,13 @@ EOT;
 	if(local_user()) {
 
 		$nav['network'] = array('network', t('Matrix'), "", t('Your matrix'));
-		$nav['network']['all']=array('notifications/network', t('See all matrix notifications'), "", "");
 		$nav['network']['mark'] = array('', t('Mark all matrix notifications seen'), '','');
 
 		$nav['home'] = array('channel/' . $channel['channel_address'], t('Channel Home'), "", t('Channel home'));
-		$nav['home']['all']=array('notifications/channel', t('See all channel notifications'), "", "");
 		$nav['home']['mark'] = array('', t('Mark all channel notifications seen'), '','');
 
 
 		$nav['intros'] = array('connections/pending',	t('Intros'), "", t('New Connections'));
-		$nav['intros']['all']=array('notifications/intros', t('See all channel introductions'), "", "");
 
 
 		$nav['notifications'] = array('notifications/system',	t('Notices'), "", t('Notifications'));
-- 
cgit v1.2.3


From f45b06ffa004c6e6920214b64efe18e3cfe2d667 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Fri, 6 Dec 2013 21:40:01 -0800
Subject: suggestion widget

---
 include/contact_widgets.php | 43 ++++++++++++++++++++++++++++++++++++++++++-
 include/socgraph.php        |  4 ++++
 2 files changed, 46 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index af05f8c9f..a6e66eb17 100644
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -1,5 +1,6 @@
 channel['channel_id'];
@@ -149,4 +150,44 @@ function common_friends_visitor_widget($profile_uid) {
 		'$items' => $r
 	)); 
 
-};
\ No newline at end of file
+};
+
+
+function suggest_widget() {
+
+	require_once('include/socgraph.php');
+
+	$r = suggestion_query(local_user(),get_observer_hash(),0,2);
+
+	if(! $r) {
+		return;
+	}
+
+	$arr = array();
+
+	foreach($r as $rr) {
+
+		$connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr'];
+
+		$arr[] = array(
+			'url' => chanlink_url($rr['xchan_url']),
+			'name' => $rr['xchan_name'],
+			'photo' => $rr['xchan_photo_m'],
+			'ignlnk' => z_root() . '/suggest?ignore=' . $rr['xchan_hash'],
+			'conntxt' => t('Connect'),
+			'connlnk' => $connlnk,
+			'ignore' => t('Ignore/Hide')
+		);
+	}
+
+
+	$o = replace_macros(get_markup_template('suggest_widget.tpl'),array(
+		'$title' => t('Suggestions'),
+		'$more' => t('See more...'),
+		'$entries' => $arr
+	));
+
+	return $o;
+
+}
+
diff --git a/include/socgraph.php b/include/socgraph.php
index b34d5142c..0e91eba60 100644
--- a/include/socgraph.php
+++ b/include/socgraph.php
@@ -287,11 +287,13 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) {
 		and not xlink_link in ( select xchan from xign where uid = %d )
 		and xlink_xchan != ''
 		and not ( xchan_flags & %d )
+		and not ( xchan_flags & %d )
 		group by xchan_hash order by total desc limit %d, %d ",
 		intval($uid),
 		intval($uid),
 		intval($uid),
 		intval(XCHAN_FLAGS_HIDDEN),
+		intval(XCHAN_FLAGS_DELETED),
 		intval($start),
 		intval($limit)
 	);
@@ -305,10 +307,12 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) {
 		and not xlink_link in ( select abook_xchan from abook where abook_channel = %d )
 		and not xlink_link in ( select xchan from xign where uid = %d )
 		and not ( xchan_flags & %d )
+		and not ( xchan_flags & %d )
 		group by xchan_hash order by total desc limit %d, %d ",
 		intval($uid),
 		intval($uid),
 		intval(XCHAN_FLAGS_HIDDEN),
+		intval(XCHAN_FLAGS_DELETED),
 		intval($start),
 		intval($limit)
 	);
-- 
cgit v1.2.3


From 39536f6b7d7e7484c560b0584d2fb58e9925737d Mon Sep 17 00:00:00 2001
From: friendica 
Date: Fri, 6 Dec 2013 22:48:06 -0800
Subject: add some entropy

---
 include/contact_widgets.php | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index a6e66eb17..6d90abb01 100644
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -157,7 +157,7 @@ function suggest_widget() {
 
 	require_once('include/socgraph.php');
 
-	$r = suggestion_query(local_user(),get_observer_hash(),0,2);
+	$r = suggestion_query(local_user(),get_observer_hash(),0,20);
 
 	if(! $r) {
 		return;
@@ -165,7 +165,18 @@ function suggest_widget() {
 
 	$arr = array();
 
-	foreach($r as $rr) {
+	// Get two random entries from the top 20 returned.
+	// We'll grab the first one and the one immediately following.
+	// This will throw some entropy intot he situation so you won't 
+	// be looking at the same two mug shots every time the widget runs
+
+	$index = mt_rand(0,count($r) - 2);
+	
+	
+
+	for($x = $index; $x <= ($index+1); $x ++) {
+
+		$rr = $r[$x];
 
 		$connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr'];
 
-- 
cgit v1.2.3


From 08bbab9a06e56e2305ec3d48f5507ce3b909d286 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Fri, 6 Dec 2013 22:54:21 -0800
Subject: show a clean url in the hovertip for suggested friends

---
 include/contact_widgets.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include')

diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index 6d90abb01..ddc89346a 100644
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -182,6 +182,7 @@ function suggest_widget() {
 
 		$arr[] = array(
 			'url' => chanlink_url($rr['xchan_url']),
+			'profile' => $rr['xchan_url'],
 			'name' => $rr['xchan_name'],
 			'photo' => $rr['xchan_photo_m'],
 			'ignlnk' => z_root() . '/suggest?ignore=' . $rr['xchan_hash'],
-- 
cgit v1.2.3


From 6dc157a9f9f46dbb4fe694d32e733eb1a2f5444f Mon Sep 17 00:00:00 2001
From: friendica 
Date: Sat, 7 Dec 2013 13:05:17 -0800
Subject: finish ACL's in personal menus

---
 include/contact_widgets.php | 10 ++++---
 include/menu.php            | 70 +++++++++++++++++++++++++++++++++++++--------
 2 files changed, 64 insertions(+), 16 deletions(-)

(limited to 'include')

diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index ddc89346a..2fa5dee0b 100644
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -170,14 +170,16 @@ function suggest_widget() {
 	// This will throw some entropy intot he situation so you won't 
 	// be looking at the same two mug shots every time the widget runs
 
-	$index = mt_rand(0,count($r) - 2);
-	
-	
+
+	$index = ((count($r) > 2) ? mt_rand(0,count($r) - 2) : 0);
+		
 
 	for($x = $index; $x <= ($index+1); $x ++) {
 
 		$rr = $r[$x];
-
+		if(! $rr['xchan_url'])
+			break;
+		
 		$connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr'];
 
 		$arr[] = array(
diff --git a/include/menu.php b/include/menu.php
index 900b48e65..c10a669b3 100644
--- a/include/menu.php
+++ b/include/menu.php
@@ -196,6 +196,31 @@ function menu_add_item($menu_id, $uid, $arr) {
 	$mitem_desc = escape_tags($arr['mitem_desc']);
 	$mitem_order = intval($arr['mitem_order']);	
 	$mitem_flags = intval($arr['mitem_flags']);
+
+	if(local_user() == $uid) {
+		$channel = get_app()->get_channel();	
+	}
+
+	if ((! $arr['contact_allow'])
+		&& (! $arr['group_allow'])
+		&& (! $arr['contact_deny'])
+		&& (! $arr['group_deny'])) {
+		$str_group_allow   = $channel['channel_allow_gid'];
+		$str_contact_allow = $channel['channel_allow_cid'];
+		$str_group_deny    = $channel['channel_deny_gid'];
+		$str_contact_deny  = $channel['channel_deny_cid'];
+	}
+	else {
+
+		// use the posted permissions
+
+		$str_group_allow   = perms2str($arr['group_allow']);
+		$str_contact_allow = perms2str($arr['contact_allow']);
+		$str_group_deny    = perms2str($arr['group_deny']);
+		$str_contact_deny  = perms2str($arr['contact_deny']);
+	}
+
+
 	$allow_cid = perms2str($arr['allow_cid']);
 	$allow_gid = perms2str($arr['allow_gid']);
 	$deny_cid = perms2str($arr['deny_cid']);
@@ -205,10 +230,10 @@ function menu_add_item($menu_id, $uid, $arr) {
 		dbesc($mitem_link),
 		dbesc($mitem_desc),
 		intval($mitem_flags),
-		dbesc($allow_cid),
-		dbesc($allow_gid),
-		dbesc($deny_cid),
-		dbesc($deny_gid),
+		dbesc($str_contact_allow),
+		dbesc($str_group_allow),
+		dbesc($str_contact_deny),
+		dbesc($str_group_deny),
 		intval($uid),
 		intval($menu_id),
 		intval($mitem_order)
@@ -225,19 +250,40 @@ function menu_edit_item($menu_id, $uid, $arr) {
 	$mitem_desc = escape_tags($arr['mitem_desc']);
 	$mitem_order = intval($arr['mitem_order']);	
 	$mitem_flags = intval($arr['mitem_flags']);
-	$allow_cid = perms2str($arr['allow_cid']);
-	$allow_gid = perms2str($arr['allow_gid']);
-	$deny_cid = perms2str($arr['deny_cid']);
-	$deny_gid = perms2str($arr['deny_gid']);
+
+
+	if(local_user() == $uid) {
+		$channel = get_app()->get_channel();	
+	}
+
+	if ((! $arr['contact_allow'])
+		&& (! $arr['group_allow'])
+		&& (! $arr['contact_deny'])
+		&& (! $arr['group_deny'])) {
+		$str_group_allow   = $channel['channel_allow_gid'];
+		$str_contact_allow = $channel['channel_allow_cid'];
+		$str_group_deny    = $channel['channel_deny_gid'];
+		$str_contact_deny  = $channel['channel_deny_cid'];
+	}
+	else {
+
+		// use the posted permissions
+
+		$str_group_allow   = perms2str($arr['group_allow']);
+		$str_contact_allow = perms2str($arr['contact_allow']);
+		$str_group_deny    = perms2str($arr['group_deny']);
+		$str_contact_deny  = perms2str($arr['contact_deny']);
+	}
+
 
 	$r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d  where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d limit 1",
 		dbesc($mitem_link),
 		dbesc($mitem_desc),
 		intval($mitem_flags),
-		dbesc($allow_cid),
-		dbesc($allow_gid),
-		dbesc($deny_cid),
-		dbesc($deny_gid),
+		dbesc($str_contact_allow),
+		dbesc($str_group_allow),
+		dbesc($str_contact_deny),
+		dbesc($str_group_deny),
 		intval($mitem_order),
 		intval($uid),
 		intval($menu_id),
-- 
cgit v1.2.3


From b8454cbd1df76bb96af6a6d65ff40f08f6919dc5 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Sat, 7 Dec 2013 23:29:26 -0800
Subject: post_activity_item issues

---
 include/conversation.php |  4 ++++
 include/crypto.php       |  2 ++
 include/items.php        | 28 +++++++++++++++++++++++-----
 3 files changed, 29 insertions(+), 5 deletions(-)

(limited to 'include')

diff --git a/include/conversation.php b/include/conversation.php
index 13990e89b..f5fc9da93 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -203,6 +203,10 @@ function localize_item(&$item){
 	}
 
 	if (stristr($item['verb'],ACTIVITY_POKE)) {
+
+		// FIXME for obscured private posts, until then leave untranslated
+		return;
+
 		$verb = urldecode(substr($item['verb'],strpos($item['verb'],'#')+1));
 		if(! $verb)
 			return;
diff --git a/include/crypto.php b/include/crypto.php
index ca01814da..e9372fbb4 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -75,6 +75,8 @@ function aes_encapsulate($data,$pubkey) {
 }
 
 function crypto_unencapsulate($data,$prvkey) {
+	if(! $data)
+		return;
 	$alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc');
 	if($alg === 'aes256cbc')
 		return aes_unencapsulate($data,$prvkey);
diff --git a/include/items.php b/include/items.php
index b6a196f4a..4af544de1 100755
--- a/include/items.php
+++ b/include/items.php
@@ -202,11 +202,29 @@ function post_activity_item($arr) {
 		return $ret;
 	}
 
-	if(array_key_exists('content_type',$arr) && $arr['content_type'] == 'text/html')
-		$arr['body'] = purify_html($arr['body']);
-	else
-		$arr['body'] = escape_tags($arr['body']);
 
+	if(! array_key_exists('mimetype',$arr))
+		$arr['mimetype'] = 'text/bbcode';
+
+	if(array_key_exists('item_private',$arr) && $arr['item_private']) {
+
+		$arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']);
+
+		if($channel) {
+			if($channel['channel_hash'] === $arr['author_xchan']) {
+				$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
+				$arr['item_flags'] = $arr['item_flags'] | ITEM_VERIFIED;
+			}
+		}
+
+		logger('Encrypting local storage');
+		$key = get_config('system','pubkey');
+		$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
+		if($arr['title'])
+			$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
+		if($arr['body'])
+			$arr['body']  = json_encode(aes_encapsulate($arr['body'],$key));
+	}
 
 	$arr['mid']          = 	((x($arr,'mid')) ? $arr['mid'] : item_message_id());
 	$arr['parent_mid']   =  ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']);
@@ -238,7 +256,7 @@ function post_activity_item($arr) {
 
 
 	$post = item_store($arr);	
-	if($post['result'])
+	if($post['success'])
 		$post_id = $post['item_id'];
 
 	if($post_id) {
-- 
cgit v1.2.3


From d32e05fb5e30dc634754e9d2e55cc7702a883ede Mon Sep 17 00:00:00 2001
From: friendica 
Date: Sun, 8 Dec 2013 16:04:28 -0800
Subject: starting on the journey to comanche everywhere - beginning with
 widget conversions. There are approximately 20 which need to be wrapped for
 accessibility to comanche.

---
 include/group.php   | 4 ++--
 include/widgets.php | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/group.php b/include/group.php
index d339301b4..8f690785d 100644
--- a/include/group.php
+++ b/include/group.php
@@ -229,7 +229,7 @@ function mini_group_select($uid,$group = '') {
 
 
 
-function group_side($every="contacts",$each="group",$edit = false, $group_id = 0, $cid = '') {
+function group_side($every="contacts",$each="group",$edit = false, $group_id = 0, $cid = '',$mode = 1) {
 
 	$o = '';
 
@@ -272,7 +272,7 @@ function group_side($every="contacts",$each="group",$edit = false, $group_id = 0
 				'cid'		=> $cid,
 				'text' 		=> $rr['name'],
 				'selected' 	=> $selected,
-				'href'		=> (($each === 'network') ? $each.'?f=&gid='.$rr['id'] : $each."/".$rr['id']),
+				'href'		=> (($mode == 0) ? $each.'?f=&gid='.$rr['id'] : $each."/".$rr['id']),
 				'edit'		=> $groupedit,
 				'ismember'	=> in_array($rr['id'],$member_of),
 			);
diff --git a/include/widgets.php b/include/widgets.php
index 87941f40f..5be77498c 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -32,3 +32,11 @@ function widget_tagcloud($args) {
 	return $o;
 }
 
+function widget_collections($args) {
+	require_once('include/group.php');
+	$page = argv(0);
+	$gid = $_REQUEST['gid'];
+
+	return group_side($page,$page,true,$_REQUEST['gid'],'',0);
+
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 082ac6777829c98ded48c271f4210ac5d6e1a68f Mon Sep 17 00:00:00 2001
From: friendica 
Date: Sun, 8 Dec 2013 20:08:50 -0800
Subject: suggestion widget tweaked to make it comanche capable. Remove old
 versions of specs that are so obsolete it isn't funny. Zot protocol reference
 is in red's github wiki, and in the code. We should move the github copy to
 /doc once it is updated to match the code. There's no point in documenting
 dfrn in the red code base.

---
 include/contact_widgets.php | 52 --------------------------------------------
 include/items.php           | 12 +++++++---
 include/widgets.php         | 53 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+), 55 deletions(-)

(limited to 'include')

diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index 2fa5dee0b..ac5382862 100644
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -153,55 +153,3 @@ function common_friends_visitor_widget($profile_uid) {
 };
 
 
-function suggest_widget() {
-
-	require_once('include/socgraph.php');
-
-	$r = suggestion_query(local_user(),get_observer_hash(),0,20);
-
-	if(! $r) {
-		return;
-	}
-
-	$arr = array();
-
-	// Get two random entries from the top 20 returned.
-	// We'll grab the first one and the one immediately following.
-	// This will throw some entropy intot he situation so you won't 
-	// be looking at the same two mug shots every time the widget runs
-
-
-	$index = ((count($r) > 2) ? mt_rand(0,count($r) - 2) : 0);
-		
-
-	for($x = $index; $x <= ($index+1); $x ++) {
-
-		$rr = $r[$x];
-		if(! $rr['xchan_url'])
-			break;
-		
-		$connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr'];
-
-		$arr[] = array(
-			'url' => chanlink_url($rr['xchan_url']),
-			'profile' => $rr['xchan_url'],
-			'name' => $rr['xchan_name'],
-			'photo' => $rr['xchan_photo_m'],
-			'ignlnk' => z_root() . '/suggest?ignore=' . $rr['xchan_hash'],
-			'conntxt' => t('Connect'),
-			'connlnk' => $connlnk,
-			'ignore' => t('Ignore/Hide')
-		);
-	}
-
-
-	$o = replace_macros(get_markup_template('suggest_widget.tpl'),array(
-		'$title' => t('Suggestions'),
-		'$more' => t('See more...'),
-		'$entries' => $arr
-	));
-
-	return $o;
-
-}
-
diff --git a/include/items.php b/include/items.php
index 4af544de1..dd3cf7644 100755
--- a/include/items.php
+++ b/include/items.php
@@ -3692,6 +3692,8 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 	$sql_options = '';
 	$sql_extra2 = '';
     $sql_extra3 = '';
+	$def_acl = '';
+
 	$item_uids = ' true ';
 
 	if($channel) {
@@ -3708,7 +3710,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 
 	$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) ";
 
-    if($arr['group'] && $uid) {
+    if($arr['gid'] && $uid) {
         $r = q("SELECT * FROM `group` WHERE id = %d AND uid = %d LIMIT 1",
             intval($arr['group']),
             intval($uid)
@@ -3718,7 +3720,6 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 			return $result;
         }
 
-
 		$contact_str = '';
         $contacts = group_get_members($group);
         if($contacts) {
@@ -3730,11 +3731,15 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
         }
         else {
 			$contact_str = ' 0 ';	
-			info( t('Group is empty'));
+			$result['message'] = t('Collection is empty.');
+			return $result;
         }
 
         $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str)) or allow_gid like '" . protect_sprintf('%<' . dbesc($r[0]['hash']) . '>%') . "' ) and id = parent and item_restrict = 0 ) ";
 
+		$x = group_rec_byhash($uid,$r[0]['hash']);
+		$result['headline'] = sprintf( t('Collection: %s'),$x['name']);
+
     }
     elseif($arr['cid'] && $uid) {
 
@@ -3744,6 +3749,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
         );
         if($r) {
             $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval($arr['uid']) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) and item_restrict = 0 ) ";
+			$result['headline'] = sprintf( t('Connection: %s'),$r[0]['xchan_name']);
         }
         else {
 			$result['message'] = t('Connection not found.');
diff --git a/include/widgets.php b/include/widgets.php
index 5be77498c..f152e8ee1 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -39,4 +39,57 @@ function widget_collections($args) {
 
 	return group_side($page,$page,true,$_REQUEST['gid'],'',0);
 
+}
+
+
+function widget_suggestions($arr) {
+
+	require_once('include/socgraph.php');
+
+	$r = suggestion_query(local_user(),get_observer_hash(),0,20);
+
+	if(! $r) {
+		return;
+	}
+
+	$arr = array();
+
+	// Get two random entries from the top 20 returned.
+	// We'll grab the first one and the one immediately following.
+	// This will throw some entropy intot he situation so you won't 
+	// be looking at the same two mug shots every time the widget runs
+
+
+	$index = ((count($r) > 2) ? mt_rand(0,count($r) - 2) : 0);
+		
+
+	for($x = $index; $x <= ($index+1); $x ++) {
+
+		$rr = $r[$x];
+		if(! $rr['xchan_url'])
+			break;
+		
+		$connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr'];
+
+		$arr[] = array(
+			'url' => chanlink_url($rr['xchan_url']),
+			'profile' => $rr['xchan_url'],
+			'name' => $rr['xchan_name'],
+			'photo' => $rr['xchan_photo_m'],
+			'ignlnk' => z_root() . '/suggest?ignore=' . $rr['xchan_hash'],
+			'conntxt' => t('Connect'),
+			'connlnk' => $connlnk,
+			'ignore' => t('Ignore/Hide')
+		);
+	}
+
+
+	$o = replace_macros(get_markup_template('suggest_widget.tpl'),array(
+		'$title' => t('Suggestions'),
+		'$more' => t('See more...'),
+		'$entries' => $arr
+	));
+
+	return $o;
+
 }
\ No newline at end of file
-- 
cgit v1.2.3


From 00f4ee271789b61393edd384f12cda1c14af4b94 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Mon, 9 Dec 2013 00:12:44 -0800
Subject: migrate follow widget to comanche and remove obsolete mod/intro.php

---
 include/contact_widgets.php | 25 -------------------------
 include/widgets.php         | 31 ++++++++++++++++++++++++++++++-
 2 files changed, 30 insertions(+), 26 deletions(-)

(limited to 'include')

diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index ac5382862..cc0a3d617 100644
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -1,31 +1,6 @@
 channel['channel_id'];
-	$r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ",
-		intval($uid),
-		intval(ABOOK_FLAG_SELF)
-	);
-	if($r)
-		$total_channels = $r[0]['total'];	
-	$limit = service_class_fetch($uid,'total_channels');
-	if($limit !== false) {
-			$abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit);
-	}
-	else {
-			$abook_usage_message = '';
- 	}
-	return replace_macros(get_markup_template('follow.tpl'),array(
-		'$connect' => t('Add New Connection'),
-		'$desc' => t('Enter the channel address'),
-		'$hint' => t('Example: bob@example.com, http://example.com/barbara'),
-		'$follow' => t('Connect'),
-		'$abook_usage_message' => $abook_usage_message
-	));
-
-}
 
 function findpeople_widget() {
 	require_once('include/Contact.php');
diff --git a/include/widgets.php b/include/widgets.php
index f152e8ee1..6e3452ac6 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -92,4 +92,33 @@ function widget_suggestions($arr) {
 
 	return $o;
 
-}
\ No newline at end of file
+}
+
+
+function widget_follow($args) {
+	if(! local_user())
+		return '';
+	$a = get_app();
+	$uid =$a->channel['channel_id'];
+	$r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ",
+		intval($uid),
+		intval(ABOOK_FLAG_SELF)
+	);
+	if($r)
+		$total_channels = $r[0]['total'];	
+	$limit = service_class_fetch($uid,'total_channels');
+	if($limit !== false) {
+			$abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit);
+	}
+	else {
+			$abook_usage_message = '';
+ 	}
+	return replace_macros(get_markup_template('follow.tpl'),array(
+		'$connect' => t('Add New Connection'),
+		'$desc' => t('Enter the channel address'),
+		'$hint' => t('Example: bob@example.com, http://example.com/barbara'),
+		'$follow' => t('Connect'),
+		'$abook_usage_message' => $abook_usage_message
+	));
+
+}
-- 
cgit v1.2.3


From d8c632ada202f4552e85796008837c293a323a31 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Mon, 9 Dec 2013 00:41:49 -0800
Subject: more comanchisation (I declare this to be a word)

---
 include/widgets.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'include')

diff --git a/include/widgets.php b/include/widgets.php
index 6e3452ac6..632f85436 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -1,5 +1,18 @@
  t('Displays a full channel profile'),
+		'tagcloud'     => t('Tag cloud of webpage categories'), 		
+		'collections'  => t('List and filter by collection'),
+		'suggestions'  => t('Show a couple of channel suggestion'),
+		'follow'       => t('Provide a channel follow form')
+	);
+	$arr = array('widgets' => $widgets);
+	call_hooks('list_widgets',$arr);
+	return $arr['widgets'];
+}
+
 
 function widget_profile($args) {
 	$a = get_app();
-- 
cgit v1.2.3


From 75ebf06131e935795b7072acc012c9e37669eade Mon Sep 17 00:00:00 2001
From: friendica 
Date: Mon, 9 Dec 2013 14:05:52 -0800
Subject: some work on modularising the default profile photo so we can make
 them site selectable. Also red != friendica so we don't need all these
 friendica logos taking up space

---
 include/network.php            | 2 +-
 include/photo/photo_driver.php | 6 +++---
 include/text.php               | 8 +++-----
 3 files changed, 7 insertions(+), 9 deletions(-)

(limited to 'include')

diff --git a/include/network.php b/include/network.php
index dac039230..50f853ca0 100644
--- a/include/network.php
+++ b/include/network.php
@@ -548,7 +548,7 @@ function avatar_img($email) {
 	call_hooks('avatar_lookup', $avatar);
 
 	if(! $avatar['success'])
-		$avatar['url'] = $a->get_baseurl() . '/images/person-175.jpg';
+		$avatar['url'] = $a->get_baseurl() . '/images/default_profile_photos/rainbow_man/175.jpg';
 
 	logger('Avatar: ' . $avatar['email'] . ' ' . $avatar['url'], LOGGER_DEBUG);
 	return $avatar['url'];
diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php
index ba95266f9..8730b4298 100644
--- a/include/photo/photo_driver.php
+++ b/include/photo/photo_driver.php
@@ -576,9 +576,9 @@ function import_profile_photo($photo,$xchan) {
 		$photo_failure = true;
 	}
 	if($photo_failure) {
-		$photo = $a->get_baseurl() . '/images/person-175.jpg';
-		$thumb = $a->get_baseurl() . '/images/person-80.jpg';
-		$micro = $a->get_baseurl() . '/images/person-48.jpg';
+		$photo = $a->get_baseurl() . '/images/default_profile_photos/rainbow_man/175.jpg';
+		$thumb = $a->get_baseurl() . '/images/default_profile_photos/rainbow_man/80.jpg';
+		$micro = $a->get_baseurl() . '/images/default_profile_photos/rainbow_man/48.jpg';
 		$type = 'image/jpeg';
 	}
 
diff --git a/include/text.php b/include/text.php
index bd4376ce4..9254508a4 100755
--- a/include/text.php
+++ b/include/text.php
@@ -884,9 +884,7 @@ function smilies($s, $sample = false) {
 		':like',
 		':dislike',
 		'red#',
-		'r#',
-		'~friendica'
-
+		'r#'
 	);
 
 	$icons = array(
@@ -923,8 +921,8 @@ function smilies($s, $sample = false) {
 		':like',
 		':dislike',
 		'redred#matrix',
-		'redr#matrix',
-		'~friendica ~friendica'
+		'redr#matrix'
+
 	);
 
 	$params = array('texts' => $texts, 'icons' => $icons, 'string' => $s);
-- 
cgit v1.2.3


From f85cba10eb3d976d715c7a80fe69fe15d9dc468c Mon Sep 17 00:00:00 2001
From: friendica 
Date: Mon, 9 Dec 2013 15:27:46 -0800
Subject: notes widget

---
 include/widgets.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'include')

diff --git a/include/widgets.php b/include/widgets.php
index 632f85436..2e8169bd7 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -135,3 +135,17 @@ function widget_follow($args) {
 	));
 
 }
+
+
+function widget_notes($arr) {
+	if(! local_user())
+		return '';
+	$text = htmlspecialchars(get_pconfig(local_user(),'notes','text'));
+
+	$o = replace_macros(get_markup_template('notes.tpl'), array(
+		'$banner' => t('Notes'),
+		'$text' => $text,
+		'$save' => t('Save'),
+	));
+	return $o;
+}
-- 
cgit v1.2.3


From 76d8501d671ae7d4234f1a905cd0e506c7f9b23e Mon Sep 17 00:00:00 2001
From: marijus 
Date: Tue, 10 Dec 2013 00:32:49 +0100
Subject: saved search icon work and bugfixes for #tags not beeing deletable
 and save button showing if saved search is disabled

---
 include/text.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/text.php b/include/text.php
index 9254508a4..f425690ba 100755
--- a/include/text.php
+++ b/include/text.php
@@ -734,7 +734,7 @@ function search($s,$id='search-box',$url='/search',$save = false) {
 	$o .= '
    ';
 	$o .= '';
 	$o .= ''; 
-	if($save)
+	if(feature_enabled(local_user(),'savedsearch'))
 		$o .= ''; 
 	$o .= '
    ';
 	return $o;
-- 
cgit v1.2.3


From 251720bfd32541901b9e845651dbc037b34065e2 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Mon, 9 Dec 2013 18:54:50 -0800
Subject: turn private notes into a feature

---
 include/features.php | 1 +
 include/widgets.php  | 3 +++
 2 files changed, 4 insertions(+)

(limited to 'include')

diff --git a/include/features.php b/include/features.php
index c5ab95a34..05206106a 100644
--- a/include/features.php
+++ b/include/features.php
@@ -23,6 +23,7 @@ function get_features() {
 			array('content_expire',         t('Content Expiration'),		t('Remove posts/comments and/or private messages at a future time')),
 			array('multi_profiles', t('Multiple Profiles'),			t('Ability to create multiple profiles')),
 			array('webpages',       t('Web Pages'),                 t('Provide managed web pages on your channel')),
+			array('private_notes',  t('Private Notes'),             t('Enables a tool to store notes and reminders')),
 			array('prettyphoto',       t('Enhanced Photo Albums'),                 t('Enable photo album with enhanced features')),
 			//FIXME - needs a description, but how the hell do we explain this to normals?
 			array('sendzid',		t('Extended Identity Sharing'),	t(' ')),
diff --git a/include/widgets.php b/include/widgets.php
index 2e8169bd7..3534c3978 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -140,6 +140,9 @@ function widget_follow($args) {
 function widget_notes($arr) {
 	if(! local_user())
 		return '';
+	if(! feature_enabled(local_user(),'private_notes'))
+		return '';
+
 	$text = htmlspecialchars(get_pconfig(local_user(),'notes','text'));
 
 	$o = replace_macros(get_markup_template('notes.tpl'), array(
-- 
cgit v1.2.3


From ed9f10872240231125007cf32b95007281558cac Mon Sep 17 00:00:00 2001
From: friendica 
Date: Mon, 9 Dec 2013 21:20:55 -0800
Subject: comanchify the savedsearch widget

---
 include/text.php    | 14 +++++++++
 include/widgets.php | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+)

(limited to 'include')

diff --git a/include/text.php b/include/text.php
index f425690ba..aa23f96b0 100755
--- a/include/text.php
+++ b/include/text.php
@@ -741,6 +741,20 @@ function search($s,$id='search-box',$url='/search',$save = false) {
 }
 
 
+function searchbox($s,$id='search-box',$url='/search',$save = false) {
+	$a = get_app();
+	$o  = '
    ';
+	$o .= '
    ';
+	$o .= '';
+	$o .= '';
+	$o .= ''; 
+	if(feature_enabled(local_user(),'savedsearch'))
+		$o .= ''; 
+	$o .= '
    ';
+	return $o;
+}
+
+
 function valid_email($x){
 
 	if(get_config('system','disable_email_validation'))
diff --git a/include/widgets.php b/include/widgets.php
index 3534c3978..e64920cdc 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -152,3 +152,86 @@ function widget_notes($arr) {
 	));
 	return $o;
 }
+
+
+function widget_savedsearch($arr) {
+	if((! local_user()) || (! feature_enabled(local_user(),'savedsearch')))
+		return '';
+
+	$a = get_app();
+
+	$search = ((x($_GET,'search')) ? $_GET['search'] : '');
+
+	if(x($_GET,'searchsave') && $search) {
+		$r = q("select * from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1",
+			intval(local_user()),
+			intval(TERM_SAVEDSEARCH),
+			dbesc($search)
+		);
+		if(! $r) {
+			q("insert into `term` ( `uid`,`type`,`term` ) values ( %d, %d, '%s') ",
+				intval(local_user()),
+				intval(TERM_SAVEDSEARCH),
+				dbesc($search)
+			);
+		}
+	}
+
+	if(x($_GET,'searchremove') && $search) {
+		q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1",
+			intval(local_user()),
+			intval(TERM_SAVEDSEARCH),
+			dbesc($search)
+		);
+		$search = '';
+	}
+
+
+
+	$srchurl = $a->query_string;
+
+	$srchurl =  rtrim(preg_replace('/searchsave\=[^\&].*?(\&|$)/is','',$srchurl),'&');
+	$hasq = ((strpos($srchurl,'?') !== false) ? true : false);
+	$srchurl =  rtrim(preg_replace('/searchremove\=[^\&].*?(\&|$)/is','',$srchurl),'&');
+	$hasq = ((strpos($srchurl,'?') !== false) ? true : false);
+
+	$srchurl =  rtrim(preg_replace('/search\=[^\&].*?(\&|$)/is','',$srchurl),'&');
+	$hasq = ((strpos($srchurl,'?') !== false) ? true : false);
+	
+	$o = '';
+
+	$r = q("select `tid`,`term` from `term` WHERE `uid` = %d and `type` = %d ",
+		intval(local_user()),
+		intval(TERM_SAVEDSEARCH)
+	);
+
+	$saved = array();
+
+	if(count($r)) {
+		foreach($r as $rr) {
+
+			$saved[] = array(
+				'id'            => $rr['tid'],
+				'term'			=> $rr['term'],
+				'dellink'       => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&searchremove=1&search=' . urlencode($rr['term']),
+				'srchlink'      => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&search=' . urlencode($rr['term']),
+				'displayterm'   => htmlspecialchars($rr['term']),
+				'encodedterm' 	=> urlencode($rr['term']),
+				'delete'		=> t('Remove term'),
+				'selected'		=> ($search==$rr['term']),
+			);
+		}
+	}		
+
+	
+	$tpl = get_markup_template("saved_searches.tpl");
+	$o = replace_macros($tpl, array(
+		'$title'	 => t('Saved Searches'),
+		'$add'		 => t('add'),
+		'$searchbox' => searchbox('','netsearch-box',$srchurl . (($hasq) ? '' : '?f='),true),
+		'$saved' 	 => $saved,
+	));
+	
+	return $o;
+
+}
-- 
cgit v1.2.3


From e873f6e95ed167e48a557365089ec97abee473cc Mon Sep 17 00:00:00 2001
From: friendica 
Date: Tue, 10 Dec 2013 00:05:31 -0800
Subject: we're almost ready to turn on comanche for mod_network. All the
 widgets are done.

---
 include/widgets.php | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 66 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/widgets.php b/include/widgets.php
index e64920cdc..e0fc94e18 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -231,7 +231,72 @@ function widget_savedsearch($arr) {
 		'$searchbox' => searchbox('','netsearch-box',$srchurl . (($hasq) ? '' : '?f='),true),
 		'$saved' 	 => $saved,
 	));
-	
+
 	return $o;
 
 }
+
+
+function widget_filer($arr) {
+	if(! local_user())
+		return '';
+
+	$a = get_app();
+
+	$selected = ((x($_REQUEST,'file')) ? $_REQUEST['file'] : '');
+
+	$terms = array();
+	$r = q("select distinct(term) from term where uid = %d and type = %d order by term asc",
+		intval(local_user()),
+		intval(TERM_FILE)
+	);
+	if(! $r)
+		return;
+
+	foreach($r as $rr)
+		$terms[] = array('name' => $rr['term'], 'selected' => (($selected == $rr['term']) ? 'selected' : ''));
+
+	return replace_macros(get_markup_template('fileas_widget.tpl'),array(
+		'$title' => t('Saved Folders'),
+		'$desc' => '',
+		'$sel_all' => (($selected == '') ? 'selected' : ''),
+		'$all' => t('Everything'),
+		'$terms' => $terms,
+		'$base' => z_root() . '/' . $a->cmd
+
+	));
+}
+
+function widget_archive($arr) {
+
+	$o = '';
+	$a = get_app();
+
+	if(! $a->profile_uid) {
+		return '';
+	}
+
+	$uid = $a->profile_uid;
+
+	if(! feature_enabled($uid,'archives'))
+		return '';
+
+
+	$wall = ((array_key_exists('wall', $arr)) ? intval($arr['wall']) : 0);
+	$url = z_root() . '/' . $a->cmd;
+
+	$ret = posted_dates($uid,$wall);
+
+	if(! count($ret))
+		return '';
+
+	$o = replace_macros(get_markup_template('posted_date_widget.tpl'),array(
+		'$title' => t('Archives'),
+		'$size' => ((count($ret) > 6) ? 6 : count($ret)),
+		'$url' => $url,
+		'$dates' => $ret
+	));
+	return $o;
+}
+
+
-- 
cgit v1.2.3


From e5ea4a009b81c7f3fa987ba34d20a996055775d6 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Tue, 10 Dec 2013 20:36:11 -0800
Subject: mod channel is now Comanchified

---
 include/widgets.php | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'include')

diff --git a/include/widgets.php b/include/widgets.php
index e0fc94e18..cea5a6ce2 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -196,6 +196,7 @@ function widget_savedsearch($arr) {
 	$hasq = ((strpos($srchurl,'?') !== false) ? true : false);
 
 	$srchurl =  rtrim(preg_replace('/search\=[^\&].*?(\&|$)/is','',$srchurl),'&');
+	$srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl);
 	$hasq = ((strpos($srchurl,'?') !== false) ? true : false);
 	
 	$o = '';
@@ -285,6 +286,7 @@ function widget_archive($arr) {
 	$wall = ((array_key_exists('wall', $arr)) ? intval($arr['wall']) : 0);
 	$url = z_root() . '/' . $a->cmd;
 
+
 	$ret = posted_dates($uid,$wall);
 
 	if(! count($ret))
@@ -300,3 +302,32 @@ function widget_archive($arr) {
 }
 
 
+function widget_fullprofile($arr) {
+	$a = get_app();
+	if(! $a->profile['profile_uid'])
+		return;
+
+	$block = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false);
+
+	return profile_sidebar($a->profile, $block);
+}
+
+function widget_categories($arr) {
+	$a = get_app();
+	$cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat']) : '');
+	$srchurl = $a->query_string;
+	$srchurl =  rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&');
+	$srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl);
+	return categories_widget($srchurl,$cat);
+
+}
+
+function widget_tagcloud_wall($arr) {
+	$a = get_app();
+	if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash']))
+		return '';
+	$limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50);
+	if(feature_enabled($a->profile['profile_uid'],'tagadelic'))
+		return tagblock('search',$a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL);
+	return '';
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 652959678f47b84830123df4fac8add31657b4c9 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Tue, 10 Dec 2013 23:27:17 -0800
Subject: cleanup and Comanchification of mod_profile

---
 include/identity.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'include')

diff --git a/include/identity.php b/include/identity.php
index e22bb8645..b25594c87 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -868,6 +868,9 @@ function profile_sidebar($profile, $block = 0, $show_connect = true) {
 
 function advanced_profile(&$a) {
 
+	if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_profile'))
+		return '';
+
 	$o = '';
 
 	$o .= '
    ' . t('Profile') . '
    ';
-- 
cgit v1.2.3


From 1d8c15f2df45387993624a8217b648ac10491344 Mon Sep 17 00:00:00 2001
From: marijus 
Date: Wed, 11 Dec 2013 12:01:28 +0100
Subject: make suggest channels a feature

---
 include/features.php | 1 +
 include/widgets.php  | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/features.php b/include/features.php
index 05206106a..978d7af8a 100644
--- a/include/features.php
+++ b/include/features.php
@@ -49,6 +49,7 @@ function get_features() {
 			array('personal_tab',   t('Network Personal Tab'),		t('Enable tab to display only Network posts that you\'ve interacted on')),
 			array('new_tab',   		t('Network New Tab'),			t('Enable tab to display all new Network activity')),
 			array('affinity',       t('Affinity Tool'),			    t('Filter stream activity by depth of relationships')),
+			array('suggest',    	t('Suggest Channels'),			t('Show channel suggestions')),
 		),
 
 		// Item tools
diff --git a/include/widgets.php b/include/widgets.php
index cea5a6ce2..6d258d101 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -57,6 +57,9 @@ function widget_collections($args) {
 
 function widget_suggestions($arr) {
 
+	if((! local_user()) || (! feature_enabled(local_user(),'suggest')))
+		return '';
+
 	require_once('include/socgraph.php');
 
 	$r = suggestion_query(local_user(),get_observer_hash(),0,20);
@@ -330,4 +333,4 @@ function widget_tagcloud_wall($arr) {
 	if(feature_enabled($a->profile['profile_uid'],'tagadelic'))
 		return tagblock('search',$a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL);
 	return '';
-}
\ No newline at end of file
+}
-- 
cgit v1.2.3


From d93ba783f54cf862bd91b231b7a9f7a19c657675 Mon Sep 17 00:00:00 2001
From: Thomas Willingham 
Date: Wed, 11 Dec 2013 15:35:19 +0000
Subject: Don't let nobody set an xconfig in safe search.

---
 include/dir_fns.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/dir_fns.php b/include/dir_fns.php
index 0c9a6bd9f..02e8186b7 100644
--- a/include/dir_fns.php
+++ b/include/dir_fns.php
@@ -22,7 +22,8 @@ function dir_sort_links() {
 
 function dir_safe_mode() {
 	$observer = get_observer_hash();
-	
+if (! $observer)
+	return;
 	if ($observer)
 		$safe_mode = get_xconfig($observer,'directory','safe_mode');		
 	if($safe_mode === '0')
-- 
cgit v1.2.3


From aea1e1af82ab2f76f0d8a421ff101316421cbd84 Mon Sep 17 00:00:00 2001
From: marijus 
Date: Wed, 11 Dec 2013 18:57:42 +0100
Subject: this makes quotes appear as quotes in notes once page is reloaded. i
 guess thats fine since we use escape_tags() in notes.php

---
 include/widgets.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/widgets.php b/include/widgets.php
index 6d258d101..abbe1e2e0 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -146,7 +146,7 @@ function widget_notes($arr) {
 	if(! feature_enabled(local_user(),'private_notes'))
 		return '';
 
-	$text = htmlspecialchars(get_pconfig(local_user(),'notes','text'));
+	$text = get_pconfig(local_user(),'notes','text');
 
 	$o = replace_macros(get_markup_template('notes.tpl'), array(
 		'$banner' => t('Notes'),
-- 
cgit v1.2.3


From 40e2900326a25ba0e2feedb802d38b7052b194cc Mon Sep 17 00:00:00 2001
From: friendica 
Date: Wed, 11 Dec 2013 14:54:36 -0800
Subject: comanchify all the simple cases - those that only load a profile.
 Rework permission checks for the profile sidebar so that it is all done
 internally. Remove crepair which we aren't using.

---
 include/identity.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/identity.php b/include/identity.php
index b25594c87..6bbf193c1 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -655,6 +655,7 @@ function profile_sidebar($profile, $block = 0, $show_connect = true) {
 		}
 	}
 
+
 	if((x($profile,'address') == 1)
 		|| (x($profile,'locality') == 1)
 		|| (x($profile,'region') == 1)
@@ -666,6 +667,10 @@ function profile_sidebar($profile, $block = 0, $show_connect = true) {
 	$marital  = ((x($profile,'marital')  == 1) ? t('Status:')   : False);
 	$homepage = ((x($profile,'homepage') == 1) ? t('Homepage:') : False);
 
+	if(! perm_is_allowed($profile['uid'],((is_array($observer)) ? $observer['xchan_hash'] : ''),'view_profile')) {
+		$block = true;
+	}
+
 	if(($profile['hidewall'] || $block) && (! local_user()) && (! remote_user())) {
 		$location = $pdesc = $gender = $marital = $homepage = False;
 	}
@@ -688,7 +693,7 @@ function profile_sidebar($profile, $block = 0, $show_connect = true) {
 			$channel_menu = menu_render($m);
 	}
 	$menublock = get_pconfig($profile['uid'],'system','channel_menublock');
-	if ($menublock) {
+	if ($menublock && (! $block)) {
 		require_once('include/comanche.php');
 		$channel_menu .= comanche_block($menublock);
 	}
-- 
cgit v1.2.3


From 2f46bacded409c86514bc7542a01337c3cbf642a Mon Sep 17 00:00:00 2001
From: friendica 
Date: Wed, 11 Dec 2013 18:29:56 -0800
Subject: head_remove_css, head_remove_js

---
 include/plugin.php | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/plugin.php b/include/plugin.php
index 5ed2a1736..5ad467f98 100755
--- a/include/plugin.php
+++ b/include/plugin.php
@@ -494,6 +494,15 @@ function head_add_css($src,$media = 'screen') {
 	get_app()->css_sources[] = array($src,$media);
 }
 
+
+function head_remove_css($src,$media = 'screen') {
+	$a = get_app();
+	$index = array_search(array($src,$media),$a->css_sources);
+	if($index !== false)
+		unset($a->css_sources[$index]);
+
+}
+
 function head_get_css() {
 	$str = '';
 	$sources = get_app()->css_sources;
@@ -515,11 +524,18 @@ function format_css_if_exists($source) {
 		
 }
 
-
 function head_add_js($src) {
 	get_app()->js_sources[] = $src;
 }
 
+function head_remove_js($src) {
+	$a = get_app();
+	$index = array_search($src,$a->js_sources);
+	if($index !== false)
+		unset($a->js_sources[$index]);
+
+}
+
 function head_get_js() {
 	$str = '';
 	$sources = get_app()->js_sources;
-- 
cgit v1.2.3


From b4e1e8a4a43721d0134e41944afaa9f45bcd8aa8 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Wed, 11 Dec 2013 19:43:41 -0800
Subject: The affinity tool is not a "traditional" widget. But it is
 nevertheless a widget. It just makes fewer page layout decisions which are
 hard-coded. If you want to shrink it down and put it on the sidebar in your
 theme, go for it.

---
 include/widgets.php | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'include')

diff --git a/include/widgets.php b/include/widgets.php
index abbe1e2e0..680c00df2 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -334,3 +334,29 @@ function widget_tagcloud_wall($arr) {
 		return tagblock('search',$a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL);
 	return '';
 }
+
+
+function widget_affinity($arr) {
+
+	if(! local_user())
+		return '';
+
+	if(feature_enabled(local_user(),'affinity')) {
+		$tpl = get_markup_template('main_slider.tpl');
+		$x = replace_macros($tpl,array(
+			'$val' => intval($_REQUEST['cmin']) . ';' . intval($_REQUEST['cmax']),
+			'$refresh' => t('Refresh'),
+			'$me' => t('Me'),
+			'$intimate' => t('Best Friends'),
+			'$friends' => t('Friends'),
+			'$coworkers' => t('Co-workers'),
+			'$oldfriends' => t('Former Friends'),
+			'$acquaintances' => t('Acquaintances'),
+			'$world' => t('Everybody')
+		));
+		$arr = array('html' => $x);
+		call_hooks('main_slider',$arr);
+		return $arr['html']; 
+	}
+ 	return '';
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 18f0ab2605790f616ffd9b7a988e8dbdb10a0157 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Wed, 11 Dec 2013 19:56:57 -0800
Subject: cmax wasn't defaulting correctly

---
 include/widgets.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/widgets.php b/include/widgets.php
index 680c00df2..495ce74aa 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -341,10 +341,13 @@ function widget_affinity($arr) {
 	if(! local_user())
 		return '';
 
+	$cmin = ((x($_REQUEST,'cmin')) ? intval($_REQUEST['cmin']) : 0);
+	$cmax = ((x($_REQUEST,'cmax')) ? intval($_REQUEST['cmax']) : 99);
+
 	if(feature_enabled(local_user(),'affinity')) {
 		$tpl = get_markup_template('main_slider.tpl');
 		$x = replace_macros($tpl,array(
-			'$val' => intval($_REQUEST['cmin']) . ';' . intval($_REQUEST['cmax']),
+			'$val' => $cmin . ';' . $cmax,
 			'$refresh' => t('Refresh'),
 			'$me' => t('Me'),
 			'$intimate' => t('Best Friends'),
-- 
cgit v1.2.3


From b3fe221b7fe9c6ecc151d9c00f36d3913526f6a3 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Wed, 11 Dec 2013 23:13:36 -0800
Subject: issue #240 - we were using htmlentities instead of htmlspecialchars
 in several places, and this was a bit greedy in the set of characters which
 were converted from utf-8 to HTML entities. Also brought mail attachments up
 to date so they are rendered identically to item attachments.

---
 include/deliver.php |  1 +
 include/items.php   | 71 ++++++++++++++++++++++++++---------------------------
 include/text.php    |  2 +-
 include/zot.php     | 28 ++++++++++-----------
 4 files changed, 51 insertions(+), 51 deletions(-)

(limited to 'include')

diff --git a/include/deliver.php b/include/deliver.php
index b1314ce39..b0d15e1ef 100644
--- a/include/deliver.php
+++ b/include/deliver.php
@@ -26,6 +26,7 @@ function deliver_run($argv, $argc) {
 				// If there is no outq_msg, this is a refresh_all message which does not require local handling
 				if($r[0]['outq_msg']) {
 					$msg = array('body' => json_encode(array('pickup' => array(array('notify' => json_decode($r[0]['outq_notify'],true),'message' => json_decode($r[0]['outq_msg'],true))))));
+
 					zot_import($msg,z_root());
 					$r = q("delete from outq where outq_hash = '%s' limit 1",
 						dbesc($argv[$x])
diff --git a/include/items.php b/include/items.php
index dd3cf7644..2cec6bc36 100755
--- a/include/items.php
+++ b/include/items.php
@@ -564,9 +564,9 @@ function title_is_body($title, $body) {
 
 function get_item_elements($x) {
 
-//	logger('get_item_elements');
+
 	$arr = array();
-	$arr['body']         = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : '');
+	$arr['body']         = (($x['body']) ? htmlspecialchars($x['body'],ENT_COMPAT,'UTF-8',false) : '');
 
 	$arr['created']      = datetime_convert('UTC','UTC',$x['created']);
 	$arr['edited']       = datetime_convert('UTC','UTC',$x['edited']);
@@ -584,27 +584,27 @@ function get_item_elements($x) {
 								? datetime_convert('UTC','UTC',$x['commented']) 
 								: $arr['created']);
 
-	$arr['title']        = (($x['title'])          ? htmlentities($x['title'],          ENT_COMPAT,'UTF-8',false) : '');
+	$arr['title']        = (($x['title'])          ? htmlspecialchars($x['title'],          ENT_COMPAT,'UTF-8',false) : '');
 
 	if(mb_strlen($arr['title']) > 255)
 		$arr['title'] = mb_substr($arr['title'],0,255);
 
 
-	$arr['app']          = (($x['app'])            ? htmlentities($x['app'],            ENT_COMPAT,'UTF-8',false) : '');
-	$arr['mid']          = (($x['message_id'])     ? htmlentities($x['message_id'],     ENT_COMPAT,'UTF-8',false) : '');
-	$arr['parent_mid']   = (($x['message_top'])    ? htmlentities($x['message_top'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['thr_parent']   = (($x['message_parent']) ? htmlentities($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
+	$arr['app']          = (($x['app'])            ? htmlspecialchars($x['app'],            ENT_COMPAT,'UTF-8',false) : '');
+	$arr['mid']          = (($x['message_id'])     ? htmlspecialchars($x['message_id'],     ENT_COMPAT,'UTF-8',false) : '');
+	$arr['parent_mid']   = (($x['message_top'])    ? htmlspecialchars($x['message_top'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['thr_parent']   = (($x['message_parent']) ? htmlspecialchars($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
 
-	$arr['plink']        = (($x['permalink'])      ? htmlentities($x['permalink'],      ENT_COMPAT,'UTF-8',false) : '');
-	$arr['location']     = (($x['location'])       ? htmlentities($x['location'],       ENT_COMPAT,'UTF-8',false) : '');
-	$arr['coord']        = (($x['longlat'])        ? htmlentities($x['longlat'],        ENT_COMPAT,'UTF-8',false) : '');
-	$arr['verb']         = (($x['verb'])           ? htmlentities($x['verb'],           ENT_COMPAT,'UTF-8',false) : '');
-	$arr['mimetype']     = (($x['mimetype'])       ? htmlentities($x['mimetype'],       ENT_COMPAT,'UTF-8',false) : '');
-	$arr['obj_type']     = (($x['object_type'])    ? htmlentities($x['object_type'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['tgt_type']     = (($x['target_type'])    ? htmlentities($x['target_type'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['comment_policy'] = (($x['comment_scope']) ? htmlentities($x['comment_scope'],  ENT_COMPAT,'UTF-8',false) : 'contacts');
+	$arr['plink']        = (($x['permalink'])      ? htmlspecialchars($x['permalink'],      ENT_COMPAT,'UTF-8',false) : '');
+	$arr['location']     = (($x['location'])       ? htmlspecialchars($x['location'],       ENT_COMPAT,'UTF-8',false) : '');
+	$arr['coord']        = (($x['longlat'])        ? htmlspecialchars($x['longlat'],        ENT_COMPAT,'UTF-8',false) : '');
+	$arr['verb']         = (($x['verb'])           ? htmlspecialchars($x['verb'],           ENT_COMPAT,'UTF-8',false) : '');
+	$arr['mimetype']     = (($x['mimetype'])       ? htmlspecialchars($x['mimetype'],       ENT_COMPAT,'UTF-8',false) : '');
+	$arr['obj_type']     = (($x['object_type'])    ? htmlspecialchars($x['object_type'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['tgt_type']     = (($x['target_type'])    ? htmlspecialchars($x['target_type'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['comment_policy'] = (($x['comment_scope']) ? htmlspecialchars($x['comment_scope'],  ENT_COMPAT,'UTF-8',false) : 'contacts');
 
-	$arr['sig']          = (($x['signature']) ? htmlentities($x['signature'],  ENT_COMPAT,'UTF-8',false) : '');
+	$arr['sig']          = (($x['signature']) ? htmlspecialchars($x['signature'],  ENT_COMPAT,'UTF-8',false) : '');
 
 	
 	$arr['object']       = activity_sanitise($x['object']);
@@ -667,7 +667,6 @@ function get_item_elements($x) {
 			$arr['body']  = json_encode(crypto_encapsulate($arr['body'],$key));
 	}
 
-
 	return $arr;
 
 }
@@ -832,8 +831,8 @@ function decode_tags($t) {
 		$ret = array();
 		foreach($t as $x) {
 			$tag = array();
-			$tag['term'] = htmlentities($x['tag'],  ENT_COMPAT,'UTF-8',false);
-			$tag['url']  = htmlentities($x['url'],  ENT_COMPAT,'UTF-8',false);
+			$tag['term'] = htmlspecialchars($x['tag'],  ENT_COMPAT,'UTF-8',false);
+			$tag['url']  = htmlspecialchars($x['url'],  ENT_COMPAT,'UTF-8',false);
 			switch($x['type']) {
 				case 'hashtag':
 					$tag['type'] = TERM_HASHTAG;
@@ -876,12 +875,12 @@ function activity_sanitise($arr) {
 				if(is_array($x))
 					$ret[$k] = activity_sanitise($x);
 				else
-					$ret[$k] = htmlentities($x, ENT_COMPAT,'UTF-8',false);
+					$ret[$k] = htmlspecialchars($x, ENT_COMPAT,'UTF-8',false);
 			}
 			return $ret;
 		}
 		else {
-			return htmlentities($arr, ENT_COMPAT,'UTF-8', false);
+			return htmlspecialchars($arr, ENT_COMPAT,'UTF-8', false);
 		}
 	}
 	return '';
@@ -893,7 +892,7 @@ function array_sanitise($arr) {
 	if($arr) {
 		$ret = array();
 		foreach($arr as $x) {
-			$ret[] = htmlentities($x, ENT_COMPAT,'UTF-8',false);
+			$ret[] = htmlspecialchars($x, ENT_COMPAT,'UTF-8',false);
 		}
 		return $ret;
 	}
@@ -958,8 +957,8 @@ function get_mail_elements($x) {
 
 	$arr = array();
 
-	$arr['body']         = (($x['body']) ? htmlentities($x['body'], ENT_COMPAT,'UTF-8',false) : '');
-	$arr['title']        = (($x['title'])? htmlentities($x['title'],ENT_COMPAT,'UTF-8',false) : '');
+	$arr['body']         = (($x['body']) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8',false) : '');
+	$arr['title']        = (($x['title'])? htmlspecialchars($x['title'],ENT_COMPAT,'UTF-8',false) : '');
 
 	$arr['created']      = datetime_convert('UTC','UTC',$x['created']);
 	if((! array_key_exists('expires',$x)) || ($x['expires'] === '0000-00-00 00:00:00'))
@@ -977,18 +976,18 @@ function get_mail_elements($x) {
 
 	$key = get_config('system','pubkey');
 	$arr['mail_flags'] |= MAIL_OBSCURED;
-	$arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
+	$arr['body'] = htmlspecialchars($arr['body'],ENT_COMPAT,'UTF-8',false);
 	if($arr['body'])
 		$arr['body']  = json_encode(crypto_encapsulate($arr['body'],$key));
-	$arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
+	$arr['title'] = htmlspecialchars($arr['title'],ENT_COMPAT,'UTF-8',false);
 	if($arr['title'])
 		$arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key));
 
 	if($arr['created'] > datetime_convert())
 		$arr['created']  = datetime_convert();
 
-	$arr['mid']          = (($x['message_id'])     ? htmlentities($x['message_id'],     ENT_COMPAT,'UTF-8',false) : '');
-	$arr['parent_mid']   = (($x['message_parent']) ? htmlentities($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
+	$arr['mid']          = (($x['message_id'])     ? htmlspecialchars($x['message_id'],     ENT_COMPAT,'UTF-8',false) : '');
+	$arr['parent_mid']   = (($x['message_parent']) ? htmlspecialchars($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
 
 	if($x['attach'])
 		$arr['attach'] = activity_sanitise($x['attach']);
@@ -1017,18 +1016,18 @@ function get_profile_elements($x) {
 	else
 		return array();
 
-	$arr['desc']         = (($x['title']) ? htmlentities($x['title'],ENT_COMPAT,'UTF-8',false) : '');
+	$arr['desc']         = (($x['title']) ? htmlspecialchars($x['title'],ENT_COMPAT,'UTF-8',false) : '');
 
 	$arr['dob']          = datetime_convert('UTC','UTC',$x['birthday'],'Y-m-d');
 	$arr['age']          = (($x['age']) ? intval($x['age']) : 0);
 
-	$arr['gender']       = (($x['gender'])    ? htmlentities($x['gender'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['marital']      = (($x['marital'])   ? htmlentities($x['marital'],   ENT_COMPAT,'UTF-8',false) : '');
-	$arr['sexual']       = (($x['sexual'])    ? htmlentities($x['sexual'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['locale']       = (($x['locale'])    ? htmlentities($x['locale'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['region']       = (($x['region'])    ? htmlentities($x['region'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['postcode']     = (($x['postcode'])  ? htmlentities($x['postcode'],  ENT_COMPAT,'UTF-8',false) : '');
-	$arr['country']      = (($x['country'])   ? htmlentities($x['country'],   ENT_COMPAT,'UTF-8',false) : '');
+	$arr['gender']       = (($x['gender'])    ? htmlspecialchars($x['gender'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['marital']      = (($x['marital'])   ? htmlspecialchars($x['marital'],   ENT_COMPAT,'UTF-8',false) : '');
+	$arr['sexual']       = (($x['sexual'])    ? htmlspecialchars($x['sexual'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['locale']       = (($x['locale'])    ? htmlspecialchars($x['locale'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['region']       = (($x['region'])    ? htmlspecialchars($x['region'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['postcode']     = (($x['postcode'])  ? htmlspecialchars($x['postcode'],  ENT_COMPAT,'UTF-8',false) : '');
+	$arr['country']      = (($x['country'])   ? htmlspecialchars($x['country'],   ENT_COMPAT,'UTF-8',false) : '');
 
 	$arr['keywords']     = (($x['keywords'] && is_array($x['keywords'])) ? array_sanitise($x['keywords']) : array()); 
 
diff --git a/include/text.php b/include/text.php
index aa23f96b0..042a972d1 100755
--- a/include/text.php
+++ b/include/text.php
@@ -1065,7 +1065,7 @@ function theme_attachments(&$item) {
 					break;
 			}
 
-			$title = htmlentities($r['title'], ENT_COMPAT,'UTF-8');
+			$title = htmlspecialchars($r['title'], ENT_COMPAT,'UTF-8');
 			if(! $title)
 				$title = t('unknown.???');
 			$title .= ' ' . $r['length'] . ' ' . t('bytes');
diff --git a/include/zot.php b/include/zot.php
index 77d82f110..b0d87cea9 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1633,22 +1633,22 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = 1, $suppress_
 	$arr = array();
 
 	$arr['xprof_hash']         = $hash;
-	$arr['xprof_desc']         = (($profile['description'])    ? htmlentities($profile['description'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['xprof_desc']         = (($profile['description'])    ? htmlspecialchars($profile['description'],    ENT_COMPAT,'UTF-8',false) : '');
 	$arr['xprof_dob']          = datetime_convert('','',$profile['birthday'],'Y-m-d'); // !!!! check this for 0000 year
 	$arr['xprof_age']          = (($profile['age']) ? intval($profile['age']) : 0);
-	$arr['xprof_gender']       = (($profile['gender'])    ? htmlentities($profile['gender'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['xprof_marital']      = (($profile['marital'])    ? htmlentities($profile['marital'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['xprof_sexual']       = (($profile['sexual'])    ? htmlentities($profile['sexual'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['xprof_locale']       = (($profile['locale'])    ? htmlentities($profile['locale'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['xprof_region']       = (($profile['region'])    ? htmlentities($profile['region'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['xprof_postcode']     = (($profile['postcode'])    ? htmlentities($profile['postcode'],    ENT_COMPAT,'UTF-8',false) : '');
-	$arr['xprof_country']      = (($profile['country'])    ? htmlentities($profile['country'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['xprof_gender']       = (($profile['gender'])    ? htmlspecialchars($profile['gender'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['xprof_marital']      = (($profile['marital'])    ? htmlspecialchars($profile['marital'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['xprof_sexual']       = (($profile['sexual'])    ? htmlspecialchars($profile['sexual'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['xprof_locale']       = (($profile['locale'])    ? htmlspecialchars($profile['locale'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['xprof_region']       = (($profile['region'])    ? htmlspecialchars($profile['region'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['xprof_postcode']     = (($profile['postcode'])    ? htmlspecialchars($profile['postcode'],    ENT_COMPAT,'UTF-8',false) : '');
+	$arr['xprof_country']      = (($profile['country'])    ? htmlspecialchars($profile['country'],    ENT_COMPAT,'UTF-8',false) : '');
 
 	$clean = array();
 	if(array_key_exists('keywords',$profile) and is_array($profile['keywords'])) {
 		import_directory_keywords($hash,$profile['keywords']);
 		foreach($profile['keywords'] as $kw) {
-			$kw = trim(htmlentities($kw,ENT_COMPAT,'UTF-8',false));
+			$kw = trim(htmlspecialchars($kw,ENT_COMPAT,'UTF-8',false));
 			$kw = trim($kw,',');
 			$clean[] = $kw;
 		}
@@ -1750,7 +1750,7 @@ function import_directory_keywords($hash,$keywords) {
 
 	$clean = array();
 	foreach($keywords as $kw) {
-		$kw = trim(htmlentities($kw,ENT_COMPAT,'UTF-8',false));
+		$kw = trim(htmlspecialchars($kw,ENT_COMPAT,'UTF-8',false));
 		$kw = trim($kw,',');
 		$clean[] = $kw;
 	}
@@ -1849,10 +1849,10 @@ function import_site($arr,$pubkey) {
 			$access_policy = ACCESS_TIERED;
 	}
 
-	$directory_url = htmlentities($arr['directory_url'],ENT_COMPAT,'UTF-8',false);
-	$url = htmlentities($arr['url'],ENT_COMPAT,'UTF-8',false);
-	$sellpage = htmlentities($arr['sellpage'],ENT_COMPAT,'UTF-8',false);
-	$site_location = htmlentities($arr['location'],ENT_COMPAT,'UTF-8',false);
+	$directory_url = htmlspecialchars($arr['directory_url'],ENT_COMPAT,'UTF-8',false);
+	$url = htmlspecialchars($arr['url'],ENT_COMPAT,'UTF-8',false);
+	$sellpage = htmlspecialchars($arr['sellpage'],ENT_COMPAT,'UTF-8',false);
+	$site_location = htmlspecialchars($arr['location'],ENT_COMPAT,'UTF-8',false);
 
 	if($exists) {
 		if(($siterecord['site_flags'] != $site_directory)
-- 
cgit v1.2.3


From 303324cdff3f7c8bc83fae89256a2133939944b2 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Thu, 12 Dec 2013 02:15:02 -0800
Subject: more htmlspecialchars sanitisation

---
 include/conversation.php | 4 ++--
 include/network.php      | 2 +-
 include/taxonomy.php     | 4 ++--
 include/widgets.php      | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'include')

diff --git a/include/conversation.php b/include/conversation.php
index f5fc9da93..29fb8a163 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1108,7 +1108,7 @@ function status_editor($a,$x,$popup=false) {
 		'$shortsetloc' => t('set location'),
 		'$noloc' => t('Clear browser location'),
 		'$shortnoloc' => t('clear location'),
-		'$title' => ((x($x,'title')) ? htmlspecialchars($x['title']) : ''),
+		'$title' => ((x($x,'title')) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8') : ''),
 		'$placeholdertitle' => t('Set title'),
 		'$catsenabled' => ((feature_enabled($x['profile_uid'],'categories') && (! $webpage)) ? 'categories' : ''),
 		'$category' => "",
@@ -1117,7 +1117,7 @@ function status_editor($a,$x,$popup=false) {
 		'$permset' => t('Permission settings'),
 		'$shortpermset' => t('permissions'),
 		'$ptyp' => (($notes_cid) ? 'note' : 'wall'),
-		'$content' => ((x($x,'body')) ? htmlspecialchars($x['body']) : ''),
+		'$content' => ((x($x,'body')) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8') : ''),
 		'$post_id' => '',
 		'$baseurl' => $a->get_baseurl(true),
 		'$defloc' => $x['default_location'],
diff --git a/include/network.php b/include/network.php
index 50f853ca0..225b215fe 100644
--- a/include/network.php
+++ b/include/network.php
@@ -582,7 +582,7 @@ function scale_external_images($s, $include_link = true, $scale_replace = false)
 	$a = get_app();
 
 	// Picture addresses can contain special characters
-	$s = htmlspecialchars_decode($s);
+	$s = htmlspecialchars_decode($s, ENT_COMPAT,'UTF-8');
 
 	$matches = null;
 	$c = preg_match_all('/\[img(.*?)\](.*?)\[\/img\]/ism',$s,$matches,PREG_SET_ORDER);
diff --git a/include/taxonomy.php b/include/taxonomy.php
index 5159dad02..65d082bb0 100644
--- a/include/taxonomy.php
+++ b/include/taxonomy.php
@@ -87,9 +87,9 @@ function format_term_for_display($term) {
 		return $s;
 
 	if($term['url']) 
-		$s .= '' . htmlspecialchars($term['term']) . '';
+		$s .= '' . htmlspecialchars($term['term'], ENT_COMPAT,'UTF-8') . '';
 	else 
-		$s .= htmlspecialchars($term['term']);
+		$s .= htmlspecialchars($term['term'], ENT_COMPAT,'UTF-8');
 	return $s;
 }
 
diff --git a/include/widgets.php b/include/widgets.php
index 495ce74aa..f53998b23 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -219,7 +219,7 @@ function widget_savedsearch($arr) {
 				'term'			=> $rr['term'],
 				'dellink'       => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&searchremove=1&search=' . urlencode($rr['term']),
 				'srchlink'      => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&search=' . urlencode($rr['term']),
-				'displayterm'   => htmlspecialchars($rr['term']),
+				'displayterm'   => htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8'),
 				'encodedterm' 	=> urlencode($rr['term']),
 				'delete'		=> t('Remove term'),
 				'selected'		=> ($search==$rr['term']),
@@ -317,7 +317,7 @@ function widget_fullprofile($arr) {
 
 function widget_categories($arr) {
 	$a = get_app();
-	$cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat']) : '');
+	$cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : '');
 	$srchurl = $a->query_string;
 	$srchurl =  rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&');
 	$srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl);
-- 
cgit v1.2.3


From 3a11980e495fc42c9fbf178480d16380f6cca69a Mon Sep 17 00:00:00 2001
From: zottel 
Date: Thu, 12 Dec 2013 13:32:11 +0100
Subject: htmspecialchars_decode only takes one argument.

---
 include/network.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/network.php b/include/network.php
index 225b215fe..7446c2384 100644
--- a/include/network.php
+++ b/include/network.php
@@ -582,7 +582,7 @@ function scale_external_images($s, $include_link = true, $scale_replace = false)
 	$a = get_app();
 
 	// Picture addresses can contain special characters
-	$s = htmlspecialchars_decode($s, ENT_COMPAT,'UTF-8');
+	$s = htmlspecialchars_decode($s, ENT_COMPAT);
 
 	$matches = null;
 	$c = preg_match_all('/\[img(.*?)\](.*?)\[\/img\]/ism',$s,$matches,PREG_SET_ORDER);
-- 
cgit v1.2.3


From 65c0b84313ed3c08e4512968e0030631c55bcbb4 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Thu, 12 Dec 2013 18:13:52 -0800
Subject: always load css and js sources using the same url as the page that is
 being visited so there is no http/https mismatch.

---
 include/plugin.php | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/plugin.php b/include/plugin.php
index 5ad467f98..9982a48a2 100755
--- a/include/plugin.php
+++ b/include/plugin.php
@@ -520,10 +520,32 @@ function format_css_if_exists($source) {
 		$path = theme_include($source[0]);
 
 	if($path)
-		return '' . "\r\n";
+		return '' . "\r\n";
 		
 }
 
+function script_path() {
+	if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS'])
+		$scheme = 'https';
+	elseif(x($_SERVER,'SERVER_PORT') && (intval($_SERVER['SERVER_PORT']) == 443))
+		$scheme = 'https';
+	else
+		$scheme = 'http';
+
+	if(x($_SERVER,'SERVER_NAME')) {
+			$hostname = $_SERVER['SERVER_NAME'];
+	}
+	else {
+		return z_root();
+	}
+
+	if(x($_SERVER,'SERVER_PORT') && $_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) {
+		$hostname .= ':' . $_SERVER['SERVER_PORT'];
+	}
+
+	return $scheme . '://' . $hostname;
+}
+
 function head_add_js($src) {
 	get_app()->js_sources[] = $src;
 }
@@ -552,7 +574,7 @@ function format_js_if_exists($source) {
 	else
 		$path = theme_include($source);
 	if($path)
-		return '' . "\r\n" ;
+		return '' . "\r\n" ;
 
 }
 
-- 
cgit v1.2.3


From 94975f8d3081051df48b6fdd73be3f4be5484cf6 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Fri, 13 Dec 2013 12:30:44 -0800
Subject: categories should already be html encoded - ensure this is the case
 but don't double encode

---
 include/text.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/text.php b/include/text.php
index 042a972d1..f808fb0a0 100755
--- a/include/text.php
+++ b/include/text.php
@@ -1095,7 +1095,7 @@ function format_categories(&$item,$writeable) {
 	if($terms) {
 		$categories = array();
 		foreach($terms as $t) {
-			$term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8') ;
+			$term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8',false) ;
 			if(! trim($term))
 				continue;
 			$removelink = (($writeable) ?  z_root() . '/filerm/' . $item['id'] . '?f=&cat=' . urlencode($t['term']) : '');
@@ -1117,7 +1117,7 @@ function format_filer(&$item) {
 	if($terms) {
 		$categories = array();
 		foreach($terms as $t) {
-			$term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8') ;
+			$term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8',false) ;
 			if(! trim($term))
 				continue;
 			$removelink = z_root() . '/filerm/' . $item['id'] . '?f=&term=' . urlencode($t['term']);
-- 
cgit v1.2.3


From 0215043826c2c036c3a2c88fa6e42089138c7c52 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Fri, 13 Dec 2013 13:30:33 -0800
Subject: prepare for Comanchification of mod_photos

---
 include/Contact.php | 13 +++++++++++++
 include/photos.php  | 12 ++++++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/Contact.php b/include/Contact.php
index 5725e06f0..20dd04d17 100644
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -77,6 +77,19 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
 
 	$a = get_app();
 
+	if(! $xchan) {
+		if($a->profile['channel_hash'])
+			$r = q("select * from xchan where xchan_hash = '%s' limit 1",
+				dbesc($a->profile['channel_hash'])
+			);
+			if($r)
+				$xchan = $r[0];
+	}
+
+	if(! $xchan)
+		return;
+
+// FIXME - show connect button to observer if appropriate
 	$connect = false;
 	if(local_user()) {
 		$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
diff --git a/include/photos.php b/include/photos.php
index ea4b494e0..9828140b8 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -279,8 +279,16 @@ function photos_album_widget($channelx,$observer,$albums = null) {
 
 	$o = '';
 
-	if(! $albums)
-		$albums = photos_albums_list($channelx,$observer);
+	// If we weren't passed an album list, see if the photos module
+	// dropped one for us to find in $a->data['albums']. 
+	// If all else fails, load it.
+
+	if(! $albums) {
+		if(array_key_exists('albums', get_app()->data))
+			$albums = get_app()->data['albums'];
+		else
+			$albums = photos_albums_list($channelx,$observer);
+	}
 
 	if($albums) {
 		$o = replace_macros(get_markup_template('photo_albums.tpl'),array(
-- 
cgit v1.2.3


From c00f0d4b282f2242b9c2e154a5381029cf0dc812 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Sat, 14 Dec 2013 13:26:40 -0800
Subject: a couple more comanche conversions

---
 include/widgets.php | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 132 insertions(+)

(limited to 'include')

diff --git a/include/widgets.php b/include/widgets.php
index f53998b23..888da37a2 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -362,4 +362,136 @@ function widget_affinity($arr) {
 		return $arr['html']; 
 	}
  	return '';
+}
+
+
+function widget_settings_menu($arr) {
+
+	if(! local_user())
+		return;
+
+	$a = get_app();
+	$channel = $a->get_channel();
+
+	$abook_self_id = 0;
+
+	// Retrieve the 'self' address book entry for use in the auto-permissions link
+
+	$abk = q("select abook_id from abook where abook_channel = %d and ( abook_flags & %d ) limit 1",
+		intval(local_user()),
+		intval(ABOOK_FLAG_SELF)
+	);
+	if($abk)
+		$abook_self_id = $abk[0]['abook_id'];
+
+
+	$tabs = array(
+		array(
+			'label'	=> t('Account settings'),
+			'url' 	=> $a->get_baseurl(true).'/settings/account',
+			'selected'	=> ((argv(1) === 'account') ? 'active' : ''),
+		),
+	
+		array(
+			'label'	=> t('Channel settings'),
+			'url' 	=> $a->get_baseurl(true).'/settings/channel',
+			'selected'	=> ((argv(1) === 'channel') ? 'active' : ''),
+		),
+	
+		array(
+			'label'	=> t('Additional features'),
+			'url' 	=> $a->get_baseurl(true).'/settings/features',
+			'selected'	=> ((argv(1) === 'features') ? 'active' : ''),
+		),
+
+		array(
+			'label'	=> t('Feature settings'),
+			'url' 	=> $a->get_baseurl(true).'/settings/featured',
+			'selected'	=> ((argv(1) === 'featured') ? 'active' : ''),
+		),
+
+		array(
+			'label'	=> t('Display settings'),
+			'url' 	=> $a->get_baseurl(true).'/settings/display',
+			'selected'	=> ((argv(1) === 'display') ? 'active' : ''),
+		),	
+		
+		array(
+			'label' => t('Connected apps'),
+			'url' => $a->get_baseurl(true) . '/settings/oauth',
+			'selected' => ((argv(1) === 'oauth') ? 'active' : ''),
+		),
+
+		array(
+			'label' => t('Export channel'),
+			'url' => $a->get_baseurl(true) . '/uexport/basic',
+			'selected' => ''
+		),
+
+//		array(
+//			'label' => t('Export account'),
+//			'url' => $a->get_baseurl(true) . '/uexport/complete',
+//			'selected' => ''
+//		),
+
+		array(
+			'label' => t('Automatic Permissions (Advanced)'),
+			'url' => $a->get_baseurl(true) . '/connections/' . $abook_self_id,
+			'selected' => ''
+		),
+
+
+	);
+
+	if(feature_enabled(local_user(),'premium_channel')) {
+		$tabs[] = array(
+			'label' => t('Premium Channel Settings'),
+			'url' => $a->get_baseurl(true) . '/connect/' . $channel['channel_address'],
+			'selected' => ''
+		);
+
+	}
+
+	if(feature_enabled(local_user(),'channel_sources')) {
+		$tabs[] = array(
+			'label' => t('Channel Sources'),
+			'url' => $a->get_baseurl(true) . '/sources',
+			'selected' => ''
+		);
+
+	}
+
+
+	
+	$tabtpl = get_markup_template("generic_links_widget.tpl");
+	return replace_macros($tabtpl, array(
+		'$title' => t('Settings'),
+		'$class' => 'settings-widget',
+		'$items' => $tabs,
+	));
+
+}
+
+
+function widget_mailmenu($arr) {
+	if (! local_user())
+		return;
+
+	$a = get_app();
+	return replace_macros(get_markup_template('message_side.tpl'), array(
+		'$tabs'=> array(),
+
+		'$check'=>array(
+			'label' => t('Check Mail'),
+			'url' => $a->get_baseurl(true) . '/message',
+			'sel' => (argv(1) == ''),
+		),
+		'$new'=>array(
+			'label' => t('New Message'),
+			'url' => $a->get_baseurl(true) . '/message/new',
+			'sel'=> (argv(1) == 'new'),
+		)
+
+	));
+
 }
\ No newline at end of file
-- 
cgit v1.2.3


From d14e2db6b436b3190db0c506cf5f907bd1a7fcc9 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Sat, 14 Dec 2013 17:03:37 -0800
Subject: make home.html fullpage mode - make directory search work for
 non-logged in, but leave off suggest and invite

---
 include/contact_widgets.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index cc0a3d617..482bbed78 100644
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -25,7 +25,8 @@ function findpeople_widget() {
 		'$suggest' => t('Channel Suggestions'),
 		'$similar' => '', // FIXME and uncomment when mod/match working // t('Similar Interests'),
 		'$random' => t('Random Profile'),
-		'$inv' => t('Invite Friends')
+		'$inv' => t('Invite Friends'),
+		'$loggedin' => local_user()
 	));
 
 }
-- 
cgit v1.2.3


From 950bd72e020daf887ac487c95d6f4f2e42b1dee9 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Sat, 14 Dec 2013 21:37:37 -0800
Subject: use sitename for the banner if nothing else has been set

---
 include/nav.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/nav.php b/include/nav.php
index f89de2de0..7e99c782e 100644
--- a/include/nav.php
+++ b/include/nav.php
@@ -196,7 +196,7 @@ EOT;
 	$banner = get_config('system','banner');
 
 	if($banner === false) 
-		$banner = 'red';
+		$banner = get_config('system','sitename');
 
 	$x = array('nav' => $nav, 'usermenu' => $userinfo );
 	call_hooks('nav', $x);
-- 
cgit v1.2.3


From 817d1461236acf9067ab7ff79d116832f18c282b Mon Sep 17 00:00:00 2001
From: friendica 
Date: Sun, 15 Dec 2013 18:30:10 -0800
Subject: bloody hell... php version incompatibility with openssl - openssl no
 longer accepts a string as an algorithm. Earlier versions didn't recognise
 sha256. So we'll look to see if the algorithm constant for sha256 is defined
 and if so we'll use that instead of the string.

---
 include/crypto.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'include')

diff --git a/include/crypto.php b/include/crypto.php
index e9372fbb4..339d5fe17 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -4,6 +4,8 @@ function rsa_sign($data,$key,$alg = 'sha256') {
 	if(! $key)
 		return 'no key';
 	$sig = '';
+	if(defined(OPENSSL_ALGO_SHA256) && $alg === 'sha256')
+		$alg = OPENSSL_ALGO_SHA256;
 	openssl_sign($data,$sig,$key,$alg);
 	return $sig;
 }
@@ -13,6 +15,8 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') {
 	if(! $key)
 		return false;
 
+	if(defined(OPENSSL_ALGO_SHA256) && $alg === 'sha256')
+		$alg = OPENSSL_ALGO_SHA256;
 	$verify = openssl_verify($data,$sig,$key,$alg);
 	return $verify;
 }
-- 
cgit v1.2.3


From 065300f7c352dc74e52a09804b7aeb858df1db0a Mon Sep 17 00:00:00 2001
From: friendica 
Date: Sun, 15 Dec 2013 18:43:54 -0800
Subject: bloody hell - it isn't defined either.

---
 include/crypto.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/crypto.php b/include/crypto.php
index 339d5fe17..33cdc10c0 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -4,7 +4,7 @@ function rsa_sign($data,$key,$alg = 'sha256') {
 	if(! $key)
 		return 'no key';
 	$sig = '';
-	if(defined(OPENSSL_ALGO_SHA256) && $alg === 'sha256')
+	if(intval(OPENSSL_ALGO_SHA256) && $alg === 'sha256')
 		$alg = OPENSSL_ALGO_SHA256;
 	openssl_sign($data,$sig,$key,$alg);
 	return $sig;
@@ -15,7 +15,7 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') {
 	if(! $key)
 		return false;
 
-	if(defined(OPENSSL_ALGO_SHA256) && $alg === 'sha256')
+	if(intval(OPENSSL_ALGO_SHA256) && $alg === 'sha256')
 		$alg = OPENSSL_ALGO_SHA256;
 	$verify = openssl_verify($data,$sig,$key,$alg);
 	return $verify;
-- 
cgit v1.2.3


From 7b5a42568a7f4cf90e81036b4ed5d93ec3f6e3e2 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Mon, 16 Dec 2013 18:07:41 -0800
Subject: Tricky little bug. Allowed somebody to bypass comment permissions.
 Hopefully the fix will have no undesired side effects.

---
 include/items.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'include')

diff --git a/include/items.php b/include/items.php
index 2cec6bc36..b328ca2d1 100755
--- a/include/items.php
+++ b/include/items.php
@@ -2362,12 +2362,13 @@ function tgroup_check($uid,$item) {
 	$mention = false;
 
 	// check that the message originated elsewhere and is a top-level post
-	// or is a followup and we have already accepted the top level post
+	// or is a followup and we have already accepted the top level post as an uplink
 
 	if($item['mid'] != $item['parent_mid']) {
-		$r = q("select id from item where mid = '%s' and uid = %d limit 1",
+		$r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d ) limit 1",
 			dbesc($item['parent_mid']),
-			intval($uid)
+			intval($uid),
+			intval(ITEM_UPLINK)
 		);
 		if($r)
 			return true;
-- 
cgit v1.2.3


From 38fd8410eb5c66928cb24bb87ad38657f53aec3a Mon Sep 17 00:00:00 2001
From: friendica 
Date: Wed, 18 Dec 2013 01:00:08 -0800
Subject: split off mod_connections into mod_connections & mod_connedit - lots
 of links to fix

---
 include/api.php          | 3 ++-
 include/conversation.php | 2 +-
 include/widgets.php      | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

(limited to 'include')

diff --git a/include/api.php b/include/api.php
index 093839875..463d29cf8 100644
--- a/include/api.php
+++ b/include/api.php
@@ -362,7 +362,8 @@ require_once('include/photos.php');
 			'location' => ($usr) ? $usr[0]['channel_location'] : '',
 			'profile_image_url' => $uinfo[0]['xchan_photo_l'],
 			'url' => $uinfo[0]['xchan_url'],
-			'contact_url' => $a->get_baseurl()."/connections/".$uinfo[0]['abook_id'],
+//FIXME
+			'contact_url' => $a->get_baseurl() . "/connections/".$uinfo[0]['abook_id'],
 			'protected' => false,	
 			'friends_count' => intval($countfriends),
 			'created_at' => api_date($uinfo[0]['abook_created']),
diff --git a/include/conversation.php b/include/conversation.php
index 29fb8a163..2ba3948bf 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -915,7 +915,7 @@ function item_photo_menu($item){
 
 	if($contact) {
 		$poke_link = $a->get_baseurl($ssl_state) . '/poke/?f=&c=' . $contact['abook_id'];
-		$contact_url = $a->get_baseurl($ssl_state) . '/connections/' . $contact['abook_id'];
+		$contact_url = $a->get_baseurl($ssl_state) . '/connedit/' . $contact['abook_id'];
 		$posts_link = $a->get_baseurl($ssl_state) . '/network/?cid=' . $contact['abook_id'];
 
 		$clean_url = normalise_link($item['author-link']);
diff --git a/include/widgets.php b/include/widgets.php
index 888da37a2..9d6617aa2 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -436,7 +436,7 @@ function widget_settings_menu($arr) {
 
 		array(
 			'label' => t('Automatic Permissions (Advanced)'),
-			'url' => $a->get_baseurl(true) . '/connections/' . $abook_self_id,
+			'url' => $a->get_baseurl(true) . '/connedit/' . $abook_self_id,
 			'selected' => ''
 		),
 
-- 
cgit v1.2.3