From 3cab53a7efbc58cdf1d81740cf00136c016e2863 Mon Sep 17 00:00:00 2001 From: toclimb <toclimb@misanthrozot.com> Date: Wed, 29 Jan 2014 00:43:54 +0100 Subject: Don't look for text emoticons inside the matching angle brackets of a HTML tag --- include/text.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/text.php b/include/text.php index f5c440e4a..4cb7a1d5e 100755 --- a/include/text.php +++ b/include/text.php @@ -891,6 +891,7 @@ function smilies($s, $sample = false) { $s = preg_replace_callback('/<pre>(.*?)<\/pre>/ism','smile_encode',$s); $s = preg_replace_callback('/<code>(.*?)<\/code>/ism','smile_encode',$s); + $s = preg_replace_callback('/<(.*?)>/s','smile_encode',$s); $texts = array( '<3', @@ -983,6 +984,7 @@ function smilies($s, $sample = false) { $s = preg_replace_callback('/<pre>(.*?)<\/pre>/ism','smile_decode',$s); $s = preg_replace_callback('/<code>(.*?)<\/code>/ism','smile_decode',$s); + $s = preg_replace_callback('/<(.*?)>/s','smile_decode',$s); return $s; -- cgit v1.2.3 From d79a2e3b55c7cf6c775b8ecf7fbf708248aa16c8 Mon Sep 17 00:00:00 2001 From: friendica <info@friendica.com> Date: Tue, 28 Jan 2014 16:32:47 -0800 Subject: undo pull request #287 --- include/text.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 4cb7a1d5e..a459296cb 100755 --- a/include/text.php +++ b/include/text.php @@ -891,7 +891,7 @@ function smilies($s, $sample = false) { $s = preg_replace_callback('/<pre>(.*?)<\/pre>/ism','smile_encode',$s); $s = preg_replace_callback('/<code>(.*?)<\/code>/ism','smile_encode',$s); - $s = preg_replace_callback('/<(.*?)>/s','smile_encode',$s); +// $s = preg_replace_callback('/<(.*?)>/ism','smile_encode',$s); $texts = array( '<3', @@ -984,7 +984,7 @@ function smilies($s, $sample = false) { $s = preg_replace_callback('/<pre>(.*?)<\/pre>/ism','smile_decode',$s); $s = preg_replace_callback('/<code>(.*?)<\/code>/ism','smile_decode',$s); - $s = preg_replace_callback('/<(.*?)>/s','smile_decode',$s); +// $s = preg_replace_callback('/<(.*?)>/s','smile_decode',$s); return $s; -- cgit v1.2.3 From 3dfd38021f193d16d3c6ed4824fa24e42a62238f Mon Sep 17 00:00:00 2001 From: friendica <info@friendica.com> Date: Tue, 28 Jan 2014 16:35:10 -0800 Subject: SECURITY: remove style and class bbcodes --- include/bbcode.php | 8 -------- 1 file changed, 8 deletions(-) (limited to 'include') diff --git a/include/bbcode.php b/include/bbcode.php index 084c02125..fec8750e9 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -442,14 +442,6 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { // Check for list text $Text = str_replace("[*]", "<li>", $Text); - // Check for style sheet commands - if (strpos($Text,'[/style]') !== false) { - $Text = preg_replace("(\[style=(.*?)\](.*?)\[\/style\])ism","<span style=\"$1;\">$2</span>",$Text); - } - // Check for CSS classes - if (strpos($Text,'[/class]') !== false) { - $Text = preg_replace("(\[class=(.*?)\](.*?)\[\/class\])ism","<span class=\"$1\">$2</span>",$Text); - } // handle nested lists $endlessloop = 0; -- cgit v1.2.3 From cc11535e34f1cc91251d7ca3f38ef38997774857 Mon Sep 17 00:00:00 2001 From: friendica <info@friendica.com> Date: Tue, 28 Jan 2014 17:07:25 -0800 Subject: online indication on profile sidebar --- include/identity.php | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/identity.php b/include/identity.php index a99474d42..ee289495d 100644 --- a/include/identity.php +++ b/include/identity.php @@ -544,6 +544,9 @@ function profile_load(&$a, $nickname, $profile = '') { } $a->profile = $r[0]; + $online = get_online_status($nickname); + $a->profile['online_status'] = $online['result']; + $a->profile_uid = $r[0]['profile_uid']; $a->page['title'] = $a->profile['channel_name'] . " - " . $a->profile['channel_address'] . "@" . $a->get_hostname(); @@ -678,13 +681,15 @@ function profile_sidebar($profile, $block = 0, $show_connect = true) { $gender = ((x($profile,'gender') == 1) ? t('Gender:') : False); $marital = ((x($profile,'marital') == 1) ? t('Status:') : False); $homepage = ((x($profile,'homepage') == 1) ? t('Homepage:') : False); + $profile['online'] = (($profile['online_status'] === 'online') ? t('Online Now') : False); +logger('online: ' . $profile['online']); if(! perm_is_allowed($profile['uid'],((is_array($observer)) ? $observer['xchan_hash'] : ''),'view_profile')) { $block = true; } if(($profile['hidewall'] || $block) && (! local_user()) && (! remote_user())) { - $location = $pdesc = $gender = $marital = $homepage = False; + $location = $pdesc = $gender = $marital = $homepage = $online = False; } $firstname = ((strpos($profile['name'],' ')) @@ -1144,3 +1149,24 @@ function is_foreigner($s) { function is_member($s) { return((is_foreigner($s)) ? false : true); } + +function get_online_status($nick) { + + $ret = array('result' => false); + + $r = q("select channel_id, channel_hash from channel where channel_address = '%s' limit 1", + dbesc(argv(1)) + ); + if($r) { + $hide = get_pconfig($r[0]['channel_id'],'system','hide_online_status'); + if($hide) + return $ret; + $x = q("select cp_status from chatpresence where cp_xchan = '%s' and cp_room = 0 limit 1", + dbesc($r[0]['channel_hash']) + ); + if($x) + $ret['result'] = $x[0]['cp_status']; + } + + return $ret; +} -- cgit v1.2.3 From d970c69f91b96b3ef40752a95ecec8ca8b11b62a Mon Sep 17 00:00:00 2001 From: friendica <info@friendica.com> Date: Tue, 28 Jan 2014 19:49:56 -0800 Subject: online indication to the directory popup --- include/identity.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'include') diff --git a/include/identity.php b/include/identity.php index ee289495d..2db5d8ece 100644 --- a/include/identity.php +++ b/include/identity.php @@ -1170,3 +1170,25 @@ function get_online_status($nick) { return $ret; } + + +function remote_online_status($webbie) { + + $result = false; + $r = q("select * from hubloc where hubloc_addr = '%s' limit 1", + dbesc($webbie) + ); + if(! $r) + return $result; + + $url = $r[0]['hubloc_url'] . '/online/' . substr($webbie,0,strpos($webbie,'@')); + + $x = z_fetch_url($url); + if($x['success']) { + $j = json_decode($x['body'],true); + if($j) + $result = (($j['result']) ? $j['result'] : false); + } + return $result; + +} -- cgit v1.2.3 From 9261a170eb45f0b189afb4c1a30603d0cbb8f31c Mon Sep 17 00:00:00 2001 From: friendica <info@friendica.com> Date: Wed, 29 Jan 2014 00:08:29 -0800 Subject: basic chatroom management backend --- include/chat.php | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 include/chat.php (limited to 'include') diff --git a/include/chat.php b/include/chat.php new file mode 100644 index 000000000..4df419294 --- /dev/null +++ b/include/chat.php @@ -0,0 +1,117 @@ +<?php /** @file */ + + +function chatroom_create($channel,$arr) { + + $ret = array('success' => false); + + $name = trim($arr['name']); + if(! $name) { + $ret['message'] = t('Missing room name'); + return $ret; + } + + $r = q("select cr_id from chatroom where cr_uid = %d and cr_name = '%s' limit 1", + intval($channel['channel_id']), + dbesc($name) + ); + if($r) { + $ret['message'] = t('Duplicate room name'); + return $ret; + } + + $created = datetime_convert(); + + $x = q("insert into chatroom ( cr_aid, cr_uid, cr_name, cr_created, cr_edited, allow_cid, allow_gid, deny_cid, deny_gid ) + values ( %d, %d , '%s' '%s', '%s', '%s', '%s', '%s', '%s' ) ", + intval($channel['account_id']), + intval($channel['channel_id']), + dbesc($name), + dbesc($created), + dbesc($created), + dbesc($arr['allow_cid']), + dbesc($arr['allow_gid']), + dbesc($arr['deny_cid']), + dbesc($arr['deny_gid']) + ); + if($x) + $ret['success'] = true; + + return $ret; +} + + +function chatroom_destroy($channel,$arr) { + + $ret = array('success' => false); + if(intval($arr['cr_id'])) + $sql_extra = " and cr_id = " . intval($arr['cr_id']) . " "; + elseif(trim($arr['cr_name'])) + $sql_extra = " and cr_name = '" . protect_sprintf(dbesc(trim($arr['cr_name']))) . "' "; + else { + $ret['message'] = t('Invalid room specifier.'); + return $ret; + } + + $r = q("select * from chatroom where cr_uid = %d $sql_extra limit 1", + intval($channel['channel_id']) + ); + if(! $r) { + $ret['message'] = t('Invalid room specifier.'); + return $ret; + } + + q("delete from chatroom where cr_id = %d limit 1", + intval($r[0]['cr_id']) + ); + if($r[0]['cr_id']) { + q("delete from chatpresence where cp_room = %d", + intval($r[0]['cr_id']) + ); + } + $ret['success'] = true; + return $ret; +} + + +function chatroom_enter($observer_xchan,$room_id,$status) { + if(! $room_id || ! $observer) + return; + $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", + dbesc($observer_xchan), + intval($room_id) + ); + if($r) { + q("update chatpresence set cp_status = %d and cp_last = '%s' where cp_id = %d limit 1", + dbesc($status), + dbesc(datetime_convert()), + intval($r[0]['cp_id']) + ); + return true; + } + + $r = q("insert into chatpresence ( cp_room, cp_xchan, cp_last, cp_status ) + values ( %d, '%s', '%s', '%s' )", + intval($room_id), + dbesc($observer_xchan), + dbesc(datetime_convert()), + dbesc($status) + ); + return $r; +} + + +function chatroom_leave($observer_xchan,$room_id,$status) { + if(! $room_id || ! $observer) + return; + $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", + dbesc($observer_xchan), + intval($room_id) + ); + if($r) { + q("delete from chatpresence where cp_id = %d limit 1", + intval($r[0]['cp_id']) + ); + } + return true; +} \ No newline at end of file -- cgit v1.2.3 From 9f546757021305b6cfe924f38ca1af5fd5d3e69b Mon Sep 17 00:00:00 2001 From: friendica <info@friendica.com> Date: Wed, 29 Jan 2014 01:52:23 -0800 Subject: chatroom list widget backend --- include/chat.php | 9 +++++++++ include/widgets.php | 9 +++++++++ 2 files changed, 18 insertions(+) (limited to 'include') diff --git a/include/chat.php b/include/chat.php index 4df419294..cb910bd62 100644 --- a/include/chat.php +++ b/include/chat.php @@ -114,4 +114,13 @@ function chatroom_leave($observer_xchan,$room_id,$status) { ); } return true; +} + + +function chatroom_list($uid) { + + $r = q("select cr_name, cr_id, count(cp_id) as cr_inroom from chatroom left join chatpresence on cr_id = cp_room where cr_uid = %d order by cr_name group by cp_id", + intval($uid) + ); + return $r; } \ No newline at end of file diff --git a/include/widgets.php b/include/widgets.php index efa350785..8b22515b1 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -576,3 +576,12 @@ function widget_menu_preview($arr) { require_once('include/menu.php'); return menu_render(get_app()->data['menu_item']); } + +function widget_chatroom_list($arr) { + require_once("include/chat.php"); + $r = chatroom_list(local_user()); + return replace_macros(get_markup_template('chatroomlist.tpl'),array( + '$header' => t('Chat Rooms'), + '$items' => $r, + )); +} \ No newline at end of file -- cgit v1.2.3 From 10b51a9471bba2a1b058eee2d362d3d2189627be Mon Sep 17 00:00:00 2001 From: friendica <info@friendica.com> Date: Wed, 29 Jan 2014 02:25:21 -0800 Subject: issues uncovered whilst testing the chatroom API --- include/chat.php | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/chat.php b/include/chat.php index cb910bd62..8011fdb5b 100644 --- a/include/chat.php +++ b/include/chat.php @@ -23,8 +23,8 @@ function chatroom_create($channel,$arr) { $created = datetime_convert(); $x = q("insert into chatroom ( cr_aid, cr_uid, cr_name, cr_created, cr_edited, allow_cid, allow_gid, deny_cid, deny_gid ) - values ( %d, %d , '%s' '%s', '%s', '%s', '%s', '%s', '%s' ) ", - intval($channel['account_id']), + values ( %d, %d , '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + intval($channel['channel_account_id']), intval($channel['channel_id']), dbesc($name), dbesc($created), @@ -34,6 +34,7 @@ function chatroom_create($channel,$arr) { dbesc($arr['deny_cid']), dbesc($arr['deny_gid']) ); + if($x) $ret['success'] = true; @@ -74,8 +75,8 @@ function chatroom_destroy($channel,$arr) { } -function chatroom_enter($observer_xchan,$room_id,$status) { - if(! $room_id || ! $observer) +function chatroom_enter($observer_xchan,$room_id,$status,$client) { + if(! $room_id || ! $observer_xchan) return; $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", dbesc($observer_xchan), @@ -90,19 +91,20 @@ function chatroom_enter($observer_xchan,$room_id,$status) { return true; } - $r = q("insert into chatpresence ( cp_room, cp_xchan, cp_last, cp_status ) - values ( %d, '%s', '%s', '%s' )", + $r = q("insert into chatpresence ( cp_room, cp_xchan, cp_last, cp_status, cp_client ) + values ( %d, '%s', '%s', '%s', '%s' )", intval($room_id), dbesc($observer_xchan), dbesc(datetime_convert()), - dbesc($status) + dbesc($status), + dbesc($client) ); return $r; } function chatroom_leave($observer_xchan,$room_id,$status) { - if(! $room_id || ! $observer) + if(! $room_id || ! $observer_xchan) return; $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", dbesc($observer_xchan), -- cgit v1.2.3 From 6a9d43bcbe167ff3a8f9bd8a2ce93d9fc298fcdf Mon Sep 17 00:00:00 2001 From: friendica <info@friendica.com> Date: Wed, 29 Jan 2014 03:16:07 -0800 Subject: debug chatroom_list widget --- include/chat.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/chat.php b/include/chat.php index 8011fdb5b..9d90f7970 100644 --- a/include/chat.php +++ b/include/chat.php @@ -121,8 +121,9 @@ function chatroom_leave($observer_xchan,$room_id,$status) { function chatroom_list($uid) { - $r = q("select cr_name, cr_id, count(cp_id) as cr_inroom from chatroom left join chatpresence on cr_id = cp_room where cr_uid = %d order by cr_name group by cp_id", + $r = q("select cr_name, cr_id, count(cp_id) as cr_inroom from chatroom left join chatpresence on cr_id = cp_room where cr_uid = %d group by cp_id order by cr_name", intval($uid) ); + return $r; } \ No newline at end of file -- cgit v1.2.3 From a1e7c65d51a6472cf7fe95686883f77953d7dfd7 Mon Sep 17 00:00:00 2001 From: friendica <info@friendica.com> Date: Wed, 29 Jan 2014 03:39:32 -0800 Subject: chatroom permissions enforcement --- include/chat.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'include') diff --git a/include/chat.php b/include/chat.php index 9d90f7970..6bcb003ff 100644 --- a/include/chat.php +++ b/include/chat.php @@ -76,8 +76,27 @@ function chatroom_destroy($channel,$arr) { function chatroom_enter($observer_xchan,$room_id,$status,$client) { + if(! $room_id || ! $observer_xchan) return; + + $r = q("select * from chatroom where cr_id = %d limit 1", + intval($room_id) + ); + if(! $r) + return; + require_once('include/security.php'); + $sql_extra = permissions_sql($r[0]['cr_uid']); + + $x = q("select * from chatroom where cr_id = %d and uid = %d $sql_extra limit 1", + intval($room_id) + intval($r[0]['cr_uid']) + ); + if(! $x) { + notice( t('Permission denied.') . EOL); + return; + } + $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", dbesc($observer_xchan), intval($room_id) -- cgit v1.2.3