From e3c7200b6f75e169b516c78b1f6ae383fd886ae0 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 25 Jan 2018 16:16:55 -0800 Subject: don't do any bbcode translation within code blocks (except baseurl, observer, and linefeeds) --- include/bbcode.php | 42 ++++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-) (limited to 'include') diff --git a/include/bbcode.php b/include/bbcode.php index de32bd57a..2b8274c0f 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -610,11 +610,23 @@ function bb_observer($Text) { return $Text; } +function bb_code_protect($s) { + return 'b64.^9e%.' . base64_encode($s) . '.b64.$9e%'; +} + +function bb_code_unprotect($s) { + return preg_replace_callback('|b64\.\^9e\%\.(.*?)\.b64\.\$9e\%|ism','bb_code_unprotect_sub',$s); +} + +function bb_code_unprotect_sub($match) { + return base64_decode($match[1]); +} + function bb_code($match) { if(strpos($match[0], "
")) - return '' . trim($match[1]) . ''; + return '' . bb_code_protect(trim($match[1])) . ''; else - return '' . trim($match[1]) . ''; + return '' . bb_code_protect(trim($match[1])) . ''; } function bb_code_options($match) { @@ -628,11 +640,11 @@ function bb_code_options($match) { } else { $style = ""; } - return '' . trim($match[2]) . ''; + return '' . bb_code_protect(trim($match[2])) . ''; } function bb_highlight($match) { - return text_highlight($match[2],strtolower($match[1])); + return bb_code_protect(text_highlight($match[2],strtolower($match[1]))); } function bb_fixtable_lf($match) { @@ -822,6 +834,17 @@ function bbcode($Text, $options = []) { $Text = str_replace(array("\t", " "), array("    ", "  "), $Text); + + // Check for [code] text + if (strpos($Text,'[code]') !== false) { + $Text = preg_replace_callback("/\[code\](.*?)\[\/code\]/ism", 'bb_code', $Text); + } + + // Check for [code options] text + if (strpos($Text,'[code ') !== false) { + $Text = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", 'bb_code_options', $Text); + } + // Set up the parameters for a URL search string $URLSearchString = "^\[\]"; // Set up the parameters for a MAIL search string @@ -1062,16 +1085,6 @@ function bbcode($Text, $options = []) { $Text = preg_replace("/\[font=(.*?)\](.*?)\[\/font\]/sm", "$2", $Text); } - // Check for [code] text - if (strpos($Text,'[code]') !== false) { - $Text = preg_replace_callback("/\[code\](.*?)\[\/code\]/ism", 'bb_code', $Text); - } - - // Check for [code options] text - if (strpos($Text,'[code ') !== false) { - $Text = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", 'bb_code_options', $Text); - } - if(strpos($Text,'[/summary]') !== false) { $Text = preg_replace_callback("/^(.*?)\[summary\](.*?)\[\/summary\](.*?)$/ism", 'bb_summary', $Text); @@ -1288,6 +1301,7 @@ function bbcode($Text, $options = []) { // replace escaped links in code= blocks $Text = str_replace('%eY9-!','http', $Text); + $Text = bb_code_unprotect($Text); $Text = preg_replace('/\[\&\;([#a-z0-9]+)\;\]/', '&$1;', $Text); -- cgit v1.2.3 From 660079bd2a4a6dcb54390a4c2f22bbc7a0633fd4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 26 Jan 2018 12:16:47 -0800 Subject: Issue with configurable site age limit, vagueness when informing about email validation policy; added email validation resend ability and the option to input a verification code at a webpage though both require additional work to provide these abilities. --- include/account.php | 44 +++++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 11 deletions(-) (limited to 'include') diff --git a/include/account.php b/include/account.php index 6c6fdece4..3a7b677be 100644 --- a/include/account.php +++ b/include/account.php @@ -262,24 +262,46 @@ function create_account($arr) { function verify_email_address($arr) { - $hash = random_string(); - - $r = q("INSERT INTO register ( hash, created, uid, password, lang ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ", - dbesc($hash), - dbesc(datetime_convert()), - intval($arr['account']['account_id']), - dbesc('verify'), - dbesc($arr['account']['account_language']) - ); + if(array_key_exists('resend',$arr)) { + $email = $arr['email']; + $a = q("select * from account where account_email = '%s' limit 1", + dbesc($arr['email']) + } + if(! ($a && ($a[0]['account_flags'] & ACCOUNT_UNVERIFIED))) { + return false; + } + $account = $a[0]; + $v = q("select * from register where uid = %d and password = 'verify' limit 1", + intval($account['account_id']) + ); + if($v) { + $hash = $v[0]['hash']; + } + else { + return false; + } + } + else { + $hash = random_string(24); + + $r = q("INSERT INTO register ( hash, created, uid, password, lang ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ", + dbesc($hash), + dbesc(datetime_convert()), + intval($arr['account']['account_id']), + dbesc('verify'), + dbesc($arr['account']['account_language']) + ); + $account = $arr['account']; + } - push_lang(($arr['account']['account_language']) ? $arr['account']['account_language'] : 'en'); + push_lang(($account['account_language']) ? $account['account_language'] : 'en'); $email_msg = replace_macros(get_intltext_template('register_verify_member.tpl'), [ '$sitename' => get_config('system','sitename'), '$siteurl' => z_root(), '$email' => $arr['email'], - '$uid' => $arr['account']['account_id'], + '$uid' => $account['account_id'], '$hash' => $hash, '$details' => $details ] -- cgit v1.2.3 From 4eead1c688f57bdf04091675fa38c5eed9f6acde Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 26 Jan 2018 13:42:53 -0800 Subject: typo from previous checkin and partial fix to hubzilla #965 - show any connection without comment permission as archived in contact_block(). --- include/account.php | 2 +- include/text.php | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/account.php b/include/account.php index 3a7b677be..3ac485974 100644 --- a/include/account.php +++ b/include/account.php @@ -266,7 +266,7 @@ function verify_email_address($arr) { $email = $arr['email']; $a = q("select * from account where account_email = '%s' limit 1", dbesc($arr['email']) - } + ); if(! ($a && ($a[0]['account_flags'] & ACCOUNT_UNVERIFIED))) { return false; } diff --git a/include/text.php b/include/text.php index 956f42f7d..8ec6ebace 100644 --- a/include/text.php +++ b/include/text.php @@ -973,7 +973,14 @@ function contact_block() { $contacts = t('Connections'); $micropro = Array(); foreach($r as $rr) { - $rr['archived'] = (intval($rr['abook_archived']) ? true : false); + + // There is no setting to discover if you are bi-directionally connected + // Use the ability to post comments as an indication that this relationship is more + // than wishful thinking; even though soapbox channels and feeds will disable it. + + if(! intval(get_abconfig(App::$profile['uid'],$rr['xchan_hash'],'their_perms','post_comments'))) { + $rr['archived'] = true; + } $micropro[] = micropro($rr,true,'mpfriend'); } } -- cgit v1.2.3 From a86b260f736cd7298d5d160c658bb9405ad3f69f Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sun, 28 Jan 2018 12:09:47 +0100 Subject: query optimisations for notifications - use a specific index only --- include/dba/dba_driver.php | 4 ++++ include/dba/dba_pdo.php | 9 +++++++++ 2 files changed, 13 insertions(+) (limited to 'include') diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php index 7e925a106..deec9adfd 100755 --- a/include/dba/dba_driver.php +++ b/include/dba/dba_driver.php @@ -321,6 +321,10 @@ function db_concat($fld, $sep) { return \DBA::$dba->concat($fld, $sep); } +function db_use_index($str) { + return \DBA::$dba->use_index($str); +} + /** * @brief Execute a SQL query with printf style args. * diff --git a/include/dba/dba_pdo.php b/include/dba/dba_pdo.php index 7b58561a7..a9d824a50 100755 --- a/include/dba/dba_pdo.php +++ b/include/dba/dba_pdo.php @@ -111,6 +111,15 @@ class dba_pdo extends dba_driver { } } + function use_index($str) { + if($this->driver_dbtype === 'pgsql') { + return ''; + } + else { + return 'USE INDEX( ' . $str . ')'; + } + } + function quote_interval($txt) { if($this->driver_dbtype === 'pgsql') { return "'$txt'"; -- cgit v1.2.3 From 56d1614ea6ddfd72df1241a7f2cbe927e38e2a8b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 28 Jan 2018 20:35:05 -0800 Subject: provide a default video image if nothing else is available. Allow sites to change it. --- include/bbcode.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/bbcode.php b/include/bbcode.php index 2b8274c0f..0c85a0a4e 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -108,7 +108,11 @@ function tryzrlvideo($match) { if($zrl) $link = zid($link); - return ''; + $static_link = get_config('system','video_default_poster','images/video_poster.jpg'); + if($static_link) + $poster = 'poster="' . escape_tags($static_link) . '" ' ; + + return ''; } // [noparse][i]italic[/i][/noparse] turns into -- cgit v1.2.3 From 8d479aa1c74169e5b39d6409582c87e59a82d692 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 29 Jan 2018 16:58:55 -0800 Subject: redirect to the email_validation page if login was attempted after account creation but prior to successful verification. This presents the link to resend the verification email and/or allows you to enter it. --- include/auth.php | 1 + include/items.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/auth.php b/include/auth.php index 78be32bf4..6f5e58361 100644 --- a/include/auth.php +++ b/include/auth.php @@ -261,6 +261,7 @@ else { $verify = account_verify_password($_POST['username'], $_POST['password']); if($verify && array_key_exists('reason',$verify) && $verify['reason'] === 'unvalidated') { notice( t('Email validation is incomplete. Please check your email.')); + goaway(z_root() . '/email_validation/' . bin2hex(trim(escape_tags($_POST['username'])))); } elseif($verify) { $atoken = $verify['xchan']; diff --git a/include/items.php b/include/items.php index b12ad1d85..c7206458e 100755 --- a/include/items.php +++ b/include/items.php @@ -390,7 +390,7 @@ function post_activity_item($arr, $allow_code = false, $deliver = true) { $arr['comment_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments')); if ((! $arr['plink']) && (intval($arr['item_thread_top']))) { - $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . urlencode($arr['mid']); + $arr['plink'] = substr(z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . urlencode($arr['mid']),0,190); } -- cgit v1.2.3