From 4944070e79d4914ba0503e6e90c194cbd766dc38 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 20 Feb 2014 02:30:37 -0800
Subject: vsprintf error on update

---
 include/Contact.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/Contact.php b/include/Contact.php
index 2dab62fd8..09f7925cb 100644
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -81,7 +81,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
 		if($a->poi) {
 			$xchan = $a->poi;
 		}
-		elseif($a->profile['channel_hash']) {
+		elseif(is_array($a->profile) && $a->profile['channel_hash']) {
 			$r = q("select * from xchan where xchan_hash = '%s' limit 1",
 				dbesc($a->profile['channel_hash'])
 			);
@@ -114,7 +114,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
 					
 	return replace_macros(get_markup_template('xchan_vcard.tpl'),array(
 		'$name'    => $xchan['xchan_name'],
-		'$photo'   => ((array_key_exists('photo',$a->profile)) ? $a->profile['photo'] : $xchan['xchan_photo_l']),
+		'$photo'   => ((is_array($a->profile) && array_key_exists('photo',$a->profile)) ? $a->profile['photo'] : $xchan['xchan_photo_l']),
 		'$follow'  => $xchan['xchan_addr'],
 		'$connect' => $connect,
 		'$newwin'  => (($mode === 'chanview') ? t('New window') : ''),
-- 
cgit v1.2.3


From 3bddaa9e0467de602be062c08dbb40eca65e9d1d Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 20 Feb 2014 15:00:29 -0800
Subject: title missing in private mention posts

---
 include/items.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'include')

diff --git a/include/items.php b/include/items.php
index 7e15e9411..1217616d7 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1585,7 +1585,7 @@ function item_store($arr,$allow_exec = false) {
 	}
 
 
-	$arr['title']         = ((x($arr,'title'))         ? notags(trim($arr['title']))         : '');
+	$arr['title']         = ((x($arr,'title'))         ? trim($arr['title'])                 : '');
 	$arr['body']          = ((x($arr,'body'))          ? trim($arr['body'])                  : '');
 
 	$arr['allow_cid']     = ((x($arr,'allow_cid'))     ? trim($arr['allow_cid'])             : '');
@@ -1595,7 +1595,6 @@ function item_store($arr,$allow_exec = false) {
 	$arr['item_private']  = ((x($arr,'item_private'))  ? intval($arr['item_private'])        : 0 );
 	$arr['item_flags']    = ((x($arr,'item_flags'))    ? intval($arr['item_flags'])          : 0 );
 
-	$arr['title'] = escape_tags($arr['title']);
 
 
 	// only detect language if we have text content, and if the post is private but not yet
@@ -1639,7 +1638,6 @@ function item_store($arr,$allow_exec = false) {
 
 	}
 
-
 	if((x($arr,'object')) && is_array($arr['object'])) {
 		activity_sanitise($arr['object']);
 		$arr['object'] = json_encode($arr['object']);
-- 
cgit v1.2.3


From e55170c00a74675cc9654e3485e29372867e402f Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 20 Feb 2014 17:07:43 -0800
Subject: code cleanup

---
 include/identity.php | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'include')

diff --git a/include/identity.php b/include/identity.php
index d83498a69..82fc5fbea 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -1206,3 +1206,12 @@ function remote_online_status($webbie) {
 	return $result;
 
 }
+
+
+function get_channel_by_nick($nick) {
+	$r = q("select * from channel where channel_address = '%s' limit 1",
+		dbesc($nick)
+	);
+	return(($r) ? $r[0] : false);
+
+}
\ No newline at end of file
-- 
cgit v1.2.3


From e12f6f1bd93bb42bf0fe9fc9d9a1ff08cd162a0d Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 20 Feb 2014 17:20:24 -0800
Subject: small changes to a couple of lookup functions which we need to use a
 bit more

---
 include/Contact.php | 9 ++++++---
 include/widgets.php | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

(limited to 'include')

diff --git a/include/Contact.php b/include/Contact.php
index 09f7925cb..9883c598d 100644
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -52,24 +52,27 @@ function abook_self($channel_id) {
 }	
 
 function channelx_by_nick($nick) {
-	return q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s'  and not ( channel_pageflags & %d ) LIMIT 1",
+	$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s'  and not ( channel_pageflags & %d ) LIMIT 1",
 		dbesc($nick),
 		intval(PAGE_REMOVED)
 	);
+	return(($r) ? $r[0] : false);
 }
 
 function channelx_by_hash($hash) {
-	return q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s'  and not ( channel_pageflags & %d ) LIMIT 1",
+	$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s'  and not ( channel_pageflags & %d ) LIMIT 1",
 		dbesc($hash),
 		intval(PAGE_REMOVED)
 	);
+	return(($r) ? $r[0] : false);
 }
 
 function channelx_by_n($id) {
-	return q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d  and not ( channel_pageflags & %d ) LIMIT 1",
+	$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d  and not ( channel_pageflags & %d ) LIMIT 1",
 		dbesc($id),
 		intval(PAGE_REMOVED)
 	);
+	return(($r) ? $r[0] : false);
 }
 
 
diff --git a/include/widgets.php b/include/widgets.php
index 3c2333323..4a5ae9de7 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -543,7 +543,7 @@ function widget_photo_albums($arr) {
 	$channelx = channelx_by_n($a->profile['profile_uid']);
 	if((! $channelx) || (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_photos')))
 		return '';
-	return photos_album_widget($channelx[0],$a->get_observer());	
+	return photos_album_widget($channelx,$a->get_observer());	
 
 }
 
-- 
cgit v1.2.3


From 8367a922144f0aeafb084300427959e4f254f27a Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 20 Feb 2014 18:38:52 -0800
Subject: fix login weirdness for accounts that need to be approved

---
 include/security.php | 11 +++++++++++
 include/zot.php      |  5 -----
 2 files changed, 11 insertions(+), 5 deletions(-)

(limited to 'include')

diff --git a/include/security.php b/include/security.php
index 5e86cf790..68dd573f7 100644
--- a/include/security.php
+++ b/include/security.php
@@ -47,6 +47,17 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 		goaway($a->get_baseurl() . '/' . $return_url);
 	}
 
+	/* This account has never created a channel. Send them to new_channel by default */
+
+	if($a->module === 'login') {
+		$r = q("select count(channel_id) as total from channel where channel_account_id = %d",
+			intval($a->account['account_id'])
+		);
+		if(($r) && (! $r[0]['total']))
+			goaway(z_root() . '/new_channel');
+	}
+
+	/* else just return */
 }
 
 
diff --git a/include/zot.php b/include/zot.php
index a7094b2ad..298abb178 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1279,11 +1279,6 @@ function allowed_public_recips($msg) {
 	if(array_key_exists('public_scope',$msg['message']))
 		$scope = $msg['message']['public_scope'];
 
-	// we can pull out these two lines once everybody has upgraded to >= 2013-02-15.225
-
-	else
-		$scope = 'public';
-
 	$hash = base64url_encode(hash('whirlpool',$msg['notify']['sender']['guid'] . $msg['notify']['sender']['guid_sig'], true));
 
 	if($scope === 'public' || $scope === 'network: red')
-- 
cgit v1.2.3


From 44d7047fce57085fe63ad5e1088911e9fc07a32e Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 20 Feb 2014 21:15:35 -0800
Subject: SECURITY: do not automatically open an iframe which points into the
 local website.

---
 include/bbcode.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/bbcode.php b/include/bbcode.php
index 1969f8444..8bbf7ae01 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -227,6 +227,13 @@ function bb_location($match) {
 	// not yet implemented
 }
 
+function bbiframe($match) {
+	$a = get_app();
+	if(strpos($match[1],get_app()->get_hostname()))
+		return '<a href="' . $match[1] . '">' . $match[1] . '</a>';
+	return '<iframe src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
+}
+
 function bb_ShareAttributesSimple($match) {
 
 	$attributes = $match[1];
@@ -677,7 +684,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) {
 
 	if ($tryoembed){
 		if (strpos($Text,'[/iframe]') !== false) {
-			$Text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '<iframe src="$1" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="$1">$1</a></iframe>', $Text);
+			$Text = preg_replace_callback("/\[iframe\](.*?)\[\/iframe\]/ism", 'bbiframe', $Text);
 		}
 	}
 	else {
-- 
cgit v1.2.3