From def10df816ec7ca25fe463bf029e84ba7dfdba61 Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Mon, 1 Dec 2014 19:09:50 +0000 Subject: Somewhat subtle process_delivery() bug - $public was not being reset if a sys channel is reached but then the loop iterated over another channel. --- include/zot.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 3b8584509..a7c6e32ac 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1419,6 +1419,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque } foreach($deliveries as $d) { + $public = false; $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']) ); -- cgit v1.2.3 From 8e4e56b56647351d12fe6853bc6c208fc2d018cd Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 1 Dec 2014 18:58:27 -0800 Subject: can't reset public to false because it may have been passed in as true and this would be wrong and cause even more subtle bugs. Reset to whatever value was passed in. --- include/zot.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index a7c6e32ac..44c36ebb4 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1417,9 +1417,9 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque return; } } - + foreach($deliveries as $d) { - $public = false; + $local_public = $public; $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']) ); @@ -1434,7 +1434,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque // allow public postings to the sys channel regardless of permissions if(($channel['channel_pageflags'] & PAGE_SYSTEM) && (! $arr['item_private'])) - $public = true; + $local_public = true; $tag_delivery = tgroup_check($channel['channel_id'],$arr); @@ -1453,7 +1453,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque } } - if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $public)) { + if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $local_public)) { logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}"); $result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); continue; @@ -1488,7 +1488,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque // the top level post is unlikely to be imported and // this is just an exercise in futility. - if((! $relay) && (! $request) && (! $public) + if((! $relay) && (! $request) && (! $local_public) && perm_is_allowed($channel['channel_id'],$sender['hash'],'send_stream')) { proc_run('php', 'include/notifier.php', 'request', $channel['channel_id'], $sender['hash'], $arr['parent_mid']); } -- cgit v1.2.3 From f1367cb9f9b86379fe5a80c69691414483e58bad Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Thu, 4 Dec 2014 21:52:22 +0000 Subject: Missing include if photo album widget called from not-the-photos page. --- include/widgets.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/widgets.php b/include/widgets.php index f7b8a20bd..e686fd5bd 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -606,6 +606,7 @@ function widget_photo_albums($arr) { $channelx = channelx_by_n($a->profile['profile_uid']); if((! $channelx) || (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_photos'))) return ''; + require_once('include/photos.php'); return photos_album_widget($channelx,$a->get_observer()); } @@ -918,4 +919,4 @@ function widget_random_block($arr) { } return $o; -} \ No newline at end of file +} -- cgit v1.2.3 From 647311db3eab87cfe15747765485df782abfa657 Mon Sep 17 00:00:00 2001 From: Stefan Parviainen Date: Sat, 6 Dec 2014 14:55:23 +0100 Subject: Directory sorting as a dropdown, forum filter as checkbox, option to sort oldest first --- include/dir_fns.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'include') diff --git a/include/dir_fns.php b/include/dir_fns.php index 909005bbb..8bec974fb 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -51,13 +51,30 @@ function check_upstream_directory() { } function dir_sort_links() { + // Build urls without order and pubforums so it's easy to tack on the changed value + // Probably there's an easier way to do this + $url = 'directory?'; + $tmp = $_REQUEST; + unset($tmp['order']); + $sorturl = $url . http_build_query($tmp); + $tmp = $_REQUEST; + + unset($tmp['pubforums']); + $forumsurl = $url . http_build_query($tmp); $o = replace_macros(get_markup_template('dir_sort_links.tpl'), array( '$header' => t('Directory Options'), '$normal' => t('Alphabetic'), '$reverse' => t('Reverse Alphabetic'), '$date' => t('Newest to Oldest'), + '$reversedate' => t('Oldest to Newest'), '$pubforums' => t('Public Forums Only'), + '$pubforumsonly' => x($_REQUEST,'pubforums') ? $_REQUEST['pubforums'] : '', + '$sort' => t('Sort'), + '$selected_sort' => x($_REQUEST,'order') ? $_REQUEST['order'] : 'normal', + '$sorturl' => $sorturl, + '$forumsurl' => $forumsurl, + )); return $o; } -- cgit v1.2.3 From 62dabecf97611925d4d47f62c9968eafb56ae64b Mon Sep 17 00:00:00 2001 From: Stefan Parviainen Date: Sun, 7 Dec 2014 16:17:45 +0100 Subject: Show tags in other channels profile field to make it easier to navigate to the channels --- include/identity.php | 17 +++- include/text.php | 256 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 270 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/identity.php b/include/identity.php index 11da745da..7ae8e48f6 100644 --- a/include/identity.php +++ b/include/identity.php @@ -1113,7 +1113,7 @@ logger('online: ' . $profile['online']); function advanced_profile(&$a) { - + require_once('include/text.php'); if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_profile')) return ''; @@ -1205,7 +1205,18 @@ function advanced_profile(&$a) { if($txt = prepare_text($a->profile['contact'])) $profile['contact'] = array( t('Contact information and Social Networks:'), $txt); - if($txt = prepare_text($a->profile['channels'])) $profile['channels'] = array( t('My other channels:'), $txt); + // Support tags in the other channels field (probably want to restrict it to channels only?) + $txt = $a->profile['channels']; + $matches = get_tags($txt); + $access_tag = ''; + $str_tags = ''; + foreach($matches as $m) { + $success = handle_tag($a, $txt, $access_tag, $str_tags, $a->profile_uid, $m); // Use uid of the profile maker + } + + if($txt = prepare_text($txt)) { + $profile['channels'] = array( t('My other channels:'), $txt); + } if($txt = prepare_text($a->profile['music'])) $profile['music'] = array( t('Musical interests:'), $txt); @@ -1580,4 +1591,4 @@ function get_channel_default_perms($uid) { if($r) return $r[0]['abook_my_perms']; return 0; -} \ No newline at end of file +} diff --git a/include/text.php b/include/text.php index ce729ac1b..70a8f1179 100644 --- a/include/text.php +++ b/include/text.php @@ -2087,3 +2087,259 @@ function extra_query_args() { } return $s; } + +/** + * This function removes the tag $tag from the text $body and replaces it with + * the appropiate link. + * + * @param unknown_type $body the text to replace the tag in + * @param unknown_type $access_tag - used to return tag ACL exclusions e.g. @!foo + * @param unknown_type $str_tags string to add the tag to + * @param unknown_type $profile_uid + * @param unknown_type $tag the tag to replace + * + * @return boolean true if replaced, false if not replaced + */ +function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) { + + $replaced = false; + $r = null; + + + $termtype = ((strpos($tag,'#') === 0) ? TERM_HASHTAG : TERM_UNKNOWN); + $termtype = ((strpos($tag,'@') === 0) ? TERM_MENTION : $termtype); + $termtype = ((strpos($tag,'#^[') === 0) ? TERM_BOOKMARK : $termtype); + + + //is it a hash tag? + if(strpos($tag,'#') === 0) { + if(strpos($tag,'#^[') === 0) { + if(preg_match('/#\^\[(url|zrl)(.*?)\](.*?)\[\/(url|zrl)\]/',$tag,$match)) { + $basetag = $match[3]; + $url = ((substr($match[2],0,1) === '=') ? substr($match[2],1) : $match[3]); + $replaced = true; + + } + } + // if the tag is already replaced... + elseif((strpos($tag,'[zrl=')) || (strpos($tag,'[url='))) { + //...do nothing + return $replaced; + } + if($tag == '#getzot') { + $basetag = 'getzot'; + $url = 'https://redmatrix.me'; + $newtag = '#[zrl=' . $url . ']' . $basetag . '[/zrl]'; + $body = str_replace($tag,$newtag,$body); + $replaced = true; + } + if(! $replaced) { + + //base tag has the tags name only + + if((substr($tag,0,7) === '#"') && (substr($tag,-6,6) === '"')) { + $basetag = substr($tag,7); + $basetag = substr($basetag,0,-6); + } + else + $basetag = str_replace('_',' ',substr($tag,1)); + + //create text for link + $url = $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag); + $newtag = '#[zrl=' . $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/zrl]'; + //replace tag by the link + $body = str_replace($tag, $newtag, $body); + $replaced = true; + } + //is the link already in str_tags? + if(! stristr($str_tags,$newtag)) { + //append or set str_tags + if(strlen($str_tags)) + $str_tags .= ','; + $str_tags .= $newtag; + } + return array('replaced' => $replaced, 'termtype' => $termtype, 'term' => $basetag, 'url' => $url, 'contact' => $r[0]); + } + + //is it a person tag? + + if(strpos($tag,'@') === 0) { + + // The @! tag will alter permissions + $exclusive = ((strpos($tag,'!') === 1) ? true : false); + + //is it already replaced? + if(strpos($tag,'[zrl=')) + return $replaced; + + //get the person's name + + $name = substr($tag,(($exclusive) ? 2 : 1)); // The name or name fragment we are going to replace + $newname = $name; // a copy that we can mess with + $tagcid = 0; + + $r = null; + + // is it some generated name? + + $forum = false; + $trailing_plus_name = false; + + // @channel+ is a forum or network delivery tag + + if(substr($newname,-1,1) === '+') { + $forum = true; + $newname = substr($newname,0,-1); + } + + // Here we're looking for an address book entry as provided by the auto-completer + // of the form something+nnn where nnn is an abook_id or the first chars of xchan_hash + + if(strrpos($newname,'+')) { + //get the id + + if(strrpos($tagcid,' ')) + $tagcid = substr($tagcid,0,strrpos($tagcid,' ')); + + $tagcid = substr($newname,strrpos($newname,'+') + 1); + + if(strlen($tagcid) < 16) + $abook_id = intval($tagcid); + //remove the next word from tag's name + if(strpos($name,' ')) { + $name = substr($name,0,strpos($name,' ')); + } + + if($abook_id) { // if there was an id + // select channel with that id from the logged in user's address book + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + intval($abook_id), + intval($profile_uid) + ); + } + else { + $r = q("SELECT * FROM xchan + WHERE xchan_hash like '%s%%' LIMIT 1", + dbesc($tagcid) + ); + } + } + + if(! $r) { + + // look for matching names in the address book + + // Two ways to deal with spaces - double quote the name or use underscores + // we see this after input filtering so quotes have been html entity encoded + + if((substr($name,0,6) === '"') && (substr($name,-6,6) === '"')) { + $newname = substr($name,6); + $newname = substr($newname,0,-6); + } + else + $newname = str_replace('_',' ',$name); + + // do this bit over since we started over with $name + + if(substr($newname,-1,1) === '+') { + $forum = true; + $newname = substr($newname,0,-1); + } + + //select someone from this user's contacts by name + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash + WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", + dbesc($newname), + intval($profile_uid) + ); + + if(! $r) { + //select someone by attag or nick and the name passed in + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash + WHERE xchan_addr like ('%s') AND abook_channel = %d LIMIT 1", + dbesc(((strpos($newname,'@')) ? $newname : $newname . '@%')), + intval($profile_uid) + ); + } + + if(! $r) { + + // it's possible somebody has a name ending with '+', which we stripped off as a forum indicator + // This is very rare but we want to get it right. + + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash + WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", + dbesc($newname . '+'), + intval($profile_uid) + ); + if($r) + $trailing_plus_name = true; + } + } + + // $r is set if we found something + + $channel = get_app()->get_channel(); + + if($r) { + $profile = $r[0]['xchan_url']; + $newname = $r[0]['xchan_name']; + // add the channel's xchan_hash to $access_tag if exclusive + if($exclusive) { + $access_tag .= 'cid:' . $r[0]['xchan_hash']; + } + } + else { + // check for a group/collection exclusion tag + + // note that we aren't setting $replaced even though we're replacing text. + // This tag isn't going to get a term attached to it. It's only used for + // access control. The link points to out own channel just so it doesn't look + // weird - as all the other tags are linked to something. + + if(local_user() && local_user() == $profile_uid) { + require_once('include/group.php'); + $grp = group_byname($profile_uid,$name); + + if($grp) { + $g = q("select hash from groups where id = %d and visible = 1 limit 1", + intval($grp) + ); + if($g && $exclusive) { + $access_tag .= 'gid:' . $g[0]['hash']; + } + $channel = get_app()->get_channel(); + if($channel) { + $newtag = '@' . (($exclusive) ? '!' : '') . '[zrl=' . z_root() . '/channel/' . $channel['channel_address'] . ']' . $newname . '[/zrl]'; + $body = str_replace('@' . (($exclusive) ? '!' : '') . $name, $newtag, $body); + } + } + } + } + + if(($exclusive) && (! $access_tag)) { + $access_tag .= 'cid:' . $channel['channel_hash']; + } + + // if there is an url for this channel + + if(isset($profile)) { + $replaced = true; + //create profile link + $profile = str_replace(',','%2c',$profile); + $url = $profile; + $newtag = '@' . (($exclusive) ? '!' : '') . '[zrl=' . $profile . ']' . $newname . (($forum && ! $trailing_plus_name) ? '+' : '') . '[/zrl]'; + $body = str_replace('@' . (($exclusive) ? '!' : '') . $name, $newtag, $body); + //append tag to str_tags + if(! stristr($str_tags,$newtag)) { + if(strlen($str_tags)) + $str_tags .= ','; + $str_tags .= $newtag; + } + } + } + + + return array('replaced' => $replaced, 'termtype' => $termtype, 'term' => $newname, 'url' => $url, 'contact' => $r[0]); +} -- cgit v1.2.3 From 63646a144015d788634db974f144a1993b0465cc Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Sun, 7 Dec 2014 19:27:14 +0100 Subject: Some Doxygen comments and small cleanups. --- include/Import/Importer.php | 38 ++++------ include/Import/refimport.php | 2 - include/permissions.php | 166 +++++++++++++++++++++++++------------------ include/security.php | 117 +++++++++++++++++++----------- include/widgets.php | 158 ++++++++++++++++++---------------------- 5 files changed, 259 insertions(+), 222 deletions(-) (limited to 'include') diff --git a/include/Import/Importer.php b/include/Import/Importer.php index c42344236..5e684cd8e 100644 --- a/include/Import/Importer.php +++ b/include/Import/Importer.php @@ -1,26 +1,28 @@ credentials; } function get_itemlist() { - - + return $this->itemlist; } - function get_item_ident($item) { } @@ -43,19 +45,17 @@ class Import { function convert_taxonomy($item_ident) { - } function convert_child($child) { } - function store($item,$update = false) { + function store($item, $update = false) { } function run() { - $this->credentials = $this->get_credentials(); $this->itemlist = $this->get_itemlist(); if($this->itemlist) { @@ -77,18 +77,6 @@ class Import { } $cnt ++; } - - - - } - - - - - - } - - } \ No newline at end of file diff --git a/include/Import/refimport.php b/include/Import/refimport.php index 4f2572660..181b2b398 100644 --- a/include/Import/refimport.php +++ b/include/Import/refimport.php @@ -13,8 +13,6 @@ require_once('include/hubloc.php'); // with a browser until all the posts had been imported. - - define('REDMATRIX_IMPORTCHANNEL','mike'); define('REFLECT_EXPORTUSERNAME','mike'); define('REFLECT_BLOGNAME','Diary and Other Rantings'); diff --git a/include/permissions.php b/include/permissions.php index b078de4d5..563d574db 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -1,6 +1,19 @@ -hook + * global_permissions. + * + * @return array associative array containing all permissions + */ function get_perms() { // thinking about making element[2] a bitmask instead of boolean so that we can provide a list of applicable selections @@ -14,8 +27,8 @@ function get_perms() { 'view_profile' => array('channel_r_profile', intval(PERMS_R_PROFILE), true, t('Can view my default channel profile'), ''), 'view_photos' => array('channel_r_photos', intval(PERMS_R_PHOTOS), true, t('Can view my photo albums'), ''), 'view_contacts' => array('channel_r_abook', intval(PERMS_R_ABOOK), true, t('Can view my connections'), ''), - 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my file storage'), ''), - 'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my webpages'), ''), + 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my file storage'), ''), + 'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my webpages'), ''), // Write permissions 'send_stream' => array('channel_w_stream', intval(PERMS_W_STREAM), false, t('Can send me their channel stream and posts'), ''), @@ -23,19 +36,20 @@ function get_perms() { 'post_comments' => array('channel_w_comment', intval(PERMS_W_COMMENT), false, t('Can comment on or like my posts'), ''), 'post_mail' => array('channel_w_mail', intval(PERMS_W_MAIL), false, t('Can send me private mail messages'), ''), 'post_photos' => array('channel_w_photos', intval(PERMS_W_PHOTOS), false, t('Can post photos to my photo albums'), ''), - 'post_like' => array('channel_w_like', intval(PERMS_W_LIKE), false, t('Can like/dislike stuff'), t('Profiles and things other than posts/comments')), + 'post_like' => array('channel_w_like', intval(PERMS_W_LIKE), false, t('Can like/dislike stuff'), t('Profiles and things other than posts/comments')), 'tag_deliver' => array('channel_w_tagwall', intval(PERMS_W_TAGWALL), false, t('Can forward to all my channel contacts via post @mentions'), t('Advanced - useful for creating group forum channels')), 'chat' => array('channel_w_chat', intval(PERMS_W_CHAT), false, t('Can chat with me (when available)'), t('')), - 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my file storage'), ''), - 'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my webpages'), ''), + 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my file storage'), ''), + 'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my webpages'), ''), - 'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my public posts in derived channels'), t('Somewhat advanced - very useful in open communities')), + 'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my public posts in derived channels'), t('Somewhat advanced - very useful in open communities')), - 'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')), + 'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')), ); $ret = array('global_permissions' => $global_perms); - call_hooks('global_permissions',$ret); + call_hooks('global_permissions', $ret); + return $ret['global_permissions']; } @@ -43,13 +57,13 @@ function get_perms() { /** * get_all_perms($uid,$observer_xchan) * - * @param $uid : The channel_id associated with the resource owner - * @param $observer_xchan: The xchan_hash representing the observer + * @param int $uid The channel_id associated with the resource owner + * @param string $observer_xchan The xchan_hash representing the observer + * @param bool $internal_use (default true) * - * @returns: array of all permissions, key is permission name, value is true or false + * @returns array of all permissions, key is permission name, value is true or false */ - -function get_all_perms($uid,$observer_xchan,$internal_use = true) { +function get_all_perms($uid, $observer_xchan, $internal_use = true) { $global_perms = get_perms(); @@ -85,7 +99,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { continue; } - // Next we're going to check for blocked or ignored contacts. // These take priority over all other settings. @@ -94,7 +107,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { $ret[$perm_name] = true; continue; } - + if(! $abook_checked) { $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d )>0 limit 1", @@ -105,7 +118,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { if(! $x) { // not in address book, see if they've got an xchan $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) + dbesc($observer_xchan) ); } @@ -113,7 +126,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { } // If they're blocked - they can't read or write - + if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED)) { $ret[$perm_name] = false; continue; @@ -130,7 +143,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { // system is blocked to anybody who is not authenticated - if((! $observer_xchan) && intval(get_config('system','block_public'))) { + if((! $observer_xchan) && intval(get_config('system', 'block_public'))) { $ret[$perm_name] = false; continue; } @@ -177,14 +190,14 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { $onsite_checked = true; } - + if($c) $ret[$perm_name] = true; else $ret[$perm_name] = false; continue; - } + } // From here on we require that the observer be a connection and // handle whether we're allowing any, approved or specific ones @@ -226,7 +239,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { $ret[$perm_name] = false; continue; - } $arr = array( @@ -235,11 +247,23 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { 'permissions' => $ret); call_hooks('get_all_perms',$arr); + return $arr['permissions']; } - -function perm_is_allowed($uid,$observer_xchan,$permission) { +/** + * @brief Checks if given permission is allowed for given observer on a channel. + * + * Checks if the given observer with the hash $observer_xchan has permission + * $permission on channel_id $uid. + * $permission is one defined in get_perms(); + * + * @param int $uid The channel_id associated with the resource owner + * @param string $observer_xchan The xchan_hash representing the observer + * @param string $permission + * @return bool true if permission is allowed for observer on channel + */ +function perm_is_allowed($uid, $observer_xchan, $permission) { $arr = array( 'channel_id' => $uid, @@ -247,7 +271,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { 'permission' => $permission, 'result' => false); - call_hooks('perm_is_allowed',$arr); + call_hooks('perm_is_allowed', $arr); if($arr['result']) return true; @@ -279,21 +303,21 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED)) return false; - + if(($x) && (! $global_perms[$permission][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED)) return false; if(! $x) { // not in address book, see if they've got an xchan $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) + dbesc($observer_xchan) ); } } // system is blocked to anybody who is not authenticated - if((! $observer_xchan) && intval(get_config('system','block_public'))) + if((! $observer_xchan) && intval(get_config('system', 'block_public'))) return false; // Check if this $uid is actually the $observer_xchan @@ -301,7 +325,6 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { if($r[0]['channel_hash'] === $observer_xchan) return true; - if($r[0][$channel_perm] & PERMS_PUBLIC) return true; @@ -326,6 +349,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { ); if($c) return true; + return false; } @@ -361,25 +385,32 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { // No permissions allowed. - return false; + return false; } // Check a simple array of observers against a permissions // return a simple array of those with permission -function check_list_permissions($uid,$arr,$perm) { +function check_list_permissions($uid, $arr, $perm) { $result = array(); if($arr) foreach($arr as $x) - if(perm_is_allowed($uid,$x,$perm)) + if(perm_is_allowed($uid, $x, $perm)) $result[] = $x; + return($result); } - +/** + * @brief Sets site wide default permissions. + * + * @return array + */ function site_default_perms() { + $ret = array(); + $typical = array( 'view_stream' => PERMS_PUBLIC, 'view_profile' => PERMS_PUBLIC, @@ -401,14 +432,14 @@ function site_default_perms() { ); $global_perms = get_perms(); - $ret = array(); foreach($global_perms as $perm => $v) { - $x = get_config('default_perms',$perm); + $x = get_config('default_perms', $perm); if($x === false) $x = $typical[$perm]; $ret[$perm] = $x; } + return $ret; } @@ -449,7 +480,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = PERMS_CONTACTS; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -465,9 +496,8 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - - break; + break; case 'social_restricted': $ret['perms_auto'] = false; @@ -482,7 +512,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = PERMS_CONTACTS; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -498,9 +528,8 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_CONTACTS; - - break; + break; case 'social_private': $ret['perms_auto'] = false; @@ -515,7 +544,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_CONTACTS; $ret['channel_w_stream'] = PERMS_CONTACTS; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -531,7 +560,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_CONTACTS; - + break; case 'forum': @@ -547,7 +576,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = 0; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -563,7 +592,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'forum_restricted': @@ -579,7 +608,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = 0; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -595,9 +624,8 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_CONTACTS; - - break; + break; case 'forum_private': $ret['perms_auto'] = false; @@ -612,7 +640,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_CONTACTS; - $ret['channel_r_photos'] = PERMS_CONTACTS; + $ret['channel_r_photos'] = PERMS_CONTACTS; $ret['channel_r_abook'] = PERMS_CONTACTS; $ret['channel_w_stream'] = 0; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -628,7 +656,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_CONTACTS; - + break; case 'feed': @@ -644,7 +672,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = PERMS_CONTACTS; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -660,11 +688,10 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_NETWORK; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'feed_restricted': - $ret['perms_auto'] = false; $ret['default_collection'] = true; $ret['directory_publish'] = false; @@ -677,7 +704,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = PERMS_CONTACTS; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -693,7 +720,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'soapbox': @@ -707,7 +734,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = 0; $ret['channel_w_wall'] = 0; @@ -723,7 +750,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'repository': @@ -755,14 +782,11 @@ function get_role_perms($role) { $ret['channel_w_pages'] = PERMS_CONTACTS; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - - break; - + break; default: break; - } $x = get_config('system','role_perms'); @@ -775,7 +799,12 @@ function get_role_perms($role) { return $ret; } - +/** + * @brief Creates a HTML select field with all available roles. + * + * @param string $current The current role + * @return string Returns the complete HTML code for this privacy-role-select field. + */ function role_selector($current) { if(! $current) @@ -792,16 +821,17 @@ function role_selector($current) { array('soapbox' => t('Celebrity/Soapbox'), 'repository' => t('Group Repository'))), 'other' => array( t('Other'), array('custom' => t('Custom/Expert Mode')))); + $o = ''; - return $o; -} + return $o; +} diff --git a/include/security.php b/include/security.php index 8066a76f6..ca5411bde 100644 --- a/include/security.php +++ b/include/security.php @@ -1,12 +1,24 @@ -account = $user_record; $_SESSION['account_id'] = $user_record['account_id']; $_SESSION['authenticated'] = 1; @@ -39,7 +51,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive // might want to log success here } - if($return || x($_SESSION,'workflow')) { + if($return || x($_SESSION, 'workflow')) { unset($_SESSION['workflow']); return; } @@ -70,7 +82,13 @@ function authenticate_success($user_record, $login_initial = false, $interactive /* else just return */ } - +/** + * @brief Change to another channel with current logged-in account. + * + * @param int $change_channel The channel_id of the channel you want to change to + * + * @return bool|array false or channel record of the new channel + */ function change_channel($change_channel) { $ret = false; @@ -83,17 +101,17 @@ function change_channel($change_channel) { ); // It's not there. Is this an administrator, and is this the sys channel? - if (is_developer()) { - if (! $r) { - if (is_site_admin()) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d )>0 limit 1", - intval($change_channel), - intval(PAGE_SYSTEM), - intval(PAGE_REMOVED) - ); + if (is_developer()) { + if (! $r) { + if (is_site_admin()) { + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d )>0 limit 1", + intval($change_channel), + intval(PAGE_SYSTEM), + intval(PAGE_REMOVED) + ); + } } } - } if($r) { $hash = $r[0]['channel_hash']; @@ -109,23 +127,28 @@ function change_channel($change_channel) { ); if($x) { $_SESSION['my_url'] = $x[0]['xchan_url']; - $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(),strpos(get_app()->get_baseurl(),'://')+3); + $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(), strpos(get_app()->get_baseurl(), '://') + 3); get_app()->set_observer($x[0]); - get_app()->set_perms(get_all_perms(local_user(),$hash)); + get_app()->set_perms(get_all_perms(local_user(), $hash)); } if(! is_dir('store/' . $r[0]['channel_address'])) @os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS,true); - } return $ret; - } - - -function permissions_sql($owner_id,$remote_verified = false,$groups = null) { +/** + * @brief Creates an addiontal SQL where statement to check permissions. + * + * @param int $owner_id + * @param bool $remote_verified default false, not used at all + * @param string $groups this param is not used at all + * + * @return string additional SQL where statement + */ +function permissions_sql($owner_id, $remote_verified = false, $groups = null) { if(defined('STATUSNET_PRIVACY_COMPATIBILITY')) return ''; @@ -142,8 +165,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { $sql = " AND allow_cid = '' AND allow_gid = '' AND deny_cid = '' - AND deny_gid = '' - + AND deny_gid = '' "; /** @@ -162,7 +184,6 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { * done this and passed the groups into this function. */ - else { $observer = get_observer_hash(); if($observer) { @@ -191,7 +212,16 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { return $sql; } -function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) { +/** + * @brief Creates an addiontal SQL where statement to check permissions for an item. + * + * @param int $owner_id + * @param bool $remote_verified default false, not used at all + * @param string $groups this param is not used at all + * + * @return string additional SQL where statement + */ +function item_permissions_sql($owner_id, $remote_verified = false, $groups = null) { if(defined('STATUSNET_PRIVACY_COMPATIBILITY')) return ''; @@ -206,7 +236,6 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) */ $sql = " AND item_private=0 "; - /** * Profile owner - everything is visible @@ -224,7 +253,6 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * done this and passed the groups into this function. */ - else { $observer = get_observer_hash(); @@ -250,12 +278,18 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) ); } } + return $sql; } +/** + * @param string $observer_hash + * + * @return string additional SQL where statement + */ function public_permissions_sql($observer_hash) { - $observer = get_app()->get_observer(); + //$observer = get_app()->get_observer(); $groups = init_groups_visitor($observer_hash); $gs = '<<>>'; // should be impossible to match @@ -263,7 +297,7 @@ function public_permissions_sql($observer_hash) { if(is_array($groups) && count($groups)) { foreach($groups as $g) $gs .= '|<' . $g . '>'; - } + } $sql = ''; if($observer_hash) { $regexop = db_getfunc('REGEXP'); @@ -341,11 +375,11 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f } } + // Returns an array of group id's this contact is a member of. // This array will only contain group id's related to the uid of this // DFRN contact. They are *not* neccessarily unique across the entire site. - if(! function_exists('init_groups_visitor')) { function init_groups_visitor($contact_id) { $groups = array(); @@ -361,8 +395,6 @@ function init_groups_visitor($contact_id) { - - // This is used to determine which uid have posts which are visible to the logged in user (from the API) for the // public_timeline, and we can use this in a community page by making // $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in. @@ -382,19 +414,22 @@ function stream_perms_api_uids($perms = NULL ) { intval($perms), intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) ); - if($r) + if($r) { foreach($r as $rr) - if(! in_array($rr['channel_id'],$ret)) + if(! in_array($rr['channel_id'], $ret)) $ret[] = $rr['channel_id']; + } $str = ''; - if($ret) + if($ret) { foreach($ret as $rr) { if($str) $str .= ','; $str .= intval($rr); } + } logger('stream_perms_api_uids: ' . $str, LOGGER_DEBUG); + return $str; } @@ -409,19 +444,21 @@ function stream_perms_xchans($perms = NULL ) { intval($perms), intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED) ); - if($r) + if($r) { foreach($r as $rr) - if(! in_array($rr['channel_hash'],$ret)) + if(! in_array($rr['channel_hash'], $ret)) $ret[] = $rr['channel_hash']; + } $str = ''; - if($ret) + if($ret) { foreach($ret as $rr) { if($str) $str .= ','; $str .= "'" . dbesc($rr) . "'"; } + } logger('stream_perms_xchans: ' . $str, LOGGER_DEBUG); + return $str; } - diff --git a/include/widgets.php b/include/widgets.php index e686fd5bd..b13be4922 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -1,4 +1,9 @@ -profile, $block, true); } @@ -16,14 +21,15 @@ function widget_profile($args) { function widget_tagcloud($args) { $o = ''; - $tab = 0; + //$tab = 0; $a = get_app(); $uid = $a->profile_uid; $count = ((x($args,'count')) ? intval($args['count']) : 24); $flags = 0; $type = TERM_CATEGORY; - $r = tagadelic($uid,$count,$authors,$flags,ITEM_WEBPAGE,$type); + // FIXME there exists no $authors variable + $r = tagadelic($uid, $count, $authors, $flags, ITEM_WEBPAGE, $type); if($r) { $o = '

' . t('Categories') . '

'; @@ -75,9 +81,8 @@ function widget_collections($args) { return ''; break; } - - return group_side($every, $each, $edit, $current, $abook_id, $wmode); + return group_side($every, $each, $edit, $current, $abook_id, $wmode); } @@ -93,7 +98,6 @@ function widget_appselect($arr) { } - function widget_suggestions($arr) { if((! local_user()) || (! feature_enabled(local_user(),'suggest'))) @@ -114,16 +118,13 @@ function widget_suggestions($arr) { // This will throw some entropy intot he situation so you won't // be looking at the same two mug shots every time the widget runs - $index = ((count($r) > 2) ? mt_rand(0,count($r) - 2) : 0); - for($x = $index; $x <= ($index+1); $x ++) { - $rr = $r[$x]; if(! $rr['xchan_url']) break; - + $connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr']; $arr[] = array( @@ -138,7 +139,6 @@ function widget_suggestions($arr) { ); } - $o = replace_macros(get_markup_template('suggest_widget.tpl'),array( '$title' => t('Suggestions'), '$more' => t('See more...'), @@ -146,13 +146,13 @@ function widget_suggestions($arr) { )); return $o; - } function widget_follow($args) { if(! local_user()) return ''; + $a = get_app(); $uid =$a->channel['channel_id']; $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d)>0 ", @@ -163,10 +163,10 @@ function widget_follow($args) { $total_channels = $r[0]['total']; $limit = service_class_fetch($uid,'total_channels'); if($limit !== false) { - $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit); + $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit); } else { - $abook_usage_message = ''; + $abook_usage_message = ''; } return replace_macros(get_markup_template('follow.tpl'),array( '$connect' => t('Add New Connection'), @@ -175,7 +175,6 @@ function widget_follow($args) { '$follow' => t('Connect'), '$abook_usage_message' => $abook_usage_message )); - } @@ -192,6 +191,7 @@ function widget_notes($arr) { '$text' => $text, '$save' => t('Save'), )); + return $o; } @@ -228,8 +228,6 @@ function widget_savedsearch($arr) { $search = ''; } - - $srchurl = $a->query_string; $srchurl = rtrim(preg_replace('/searchsave\=[^\&].*?(\&|$)/is','',$srchurl),'&'); @@ -240,7 +238,7 @@ function widget_savedsearch($arr) { $srchurl = rtrim(preg_replace('/search\=[^\&].*?(\&|$)/is','',$srchurl),'&'); $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); $hasq = ((strpos($srchurl,'?') !== false) ? true : false); - + $o = ''; $r = q("select `tid`,`term` from `term` WHERE `uid` = %d and `type` = %d ", @@ -252,31 +250,28 @@ function widget_savedsearch($arr) { if(count($r)) { foreach($r as $rr) { - $saved[] = array( 'id' => $rr['tid'], - 'term' => $rr['term'], + 'term' => $rr['term'], 'dellink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&searchremove=1&search=' . urlencode($rr['term']), 'srchlink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&search=' . urlencode($rr['term']), 'displayterm' => htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8'), - 'encodedterm' => urlencode($rr['term']), - 'delete' => t('Remove term'), - 'selected' => ($search==$rr['term']), + 'encodedterm' => urlencode($rr['term']), + 'delete' => t('Remove term'), + 'selected' => ($search==$rr['term']), ); } - } + } - $tpl = get_markup_template("saved_searches.tpl"); $o = replace_macros($tpl, array( '$title' => t('Saved Searches'), '$add' => t('add'), - '$searchbox' => searchbox($search,'netsearch-box',$srchurl . (($hasq) ? '' : '?f='),true), + '$searchbox' => searchbox($search, 'netsearch-box', $srchurl . (($hasq) ? '' : '?f='), true), '$saved' => $saved, )); return $o; - } @@ -306,7 +301,6 @@ function widget_filer($arr) { '$all' => t('Everything'), '$terms' => $terms, '$base' => z_root() . '/' . $a->cmd - )); } @@ -327,7 +321,6 @@ function widget_archive($arr) { if(! perm_is_allowed($uid,get_observer_hash(),'view_stream')) return ''; - $wall = ((array_key_exists('wall', $arr)) ? intval($arr['wall']) : 0); $style = ((array_key_exists('style', $arr)) ? $arr['style'] : 'select'); $showend = ((get_pconfig($uid,'system','archive_show_end_date')) ? true : false); @@ -336,10 +329,8 @@ function widget_archive($arr) { if(! $visible_years) $visible_years = 5; - $url = z_root() . '/' . $a->cmd; - $ret = list_post_dates($uid,$wall,$mindate); if(! count($ret)) @@ -367,7 +358,7 @@ function widget_fullprofile($arr) { if(! $a->profile['profile_uid']) return; - $block = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false); + $block = (((get_config('system', 'block_public')) && (! local_user()) && (! remote_user())) ? true : false); return profile_sidebar($a->profile, $block); } @@ -375,41 +366,43 @@ function widget_fullprofile($arr) { function widget_categories($arr) { $a = get_app(); - if($a->profile['profile_uid'] && (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream'))) return ''; - $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : ''); $srchurl = $a->query_string; $srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&'); $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); - return categories_widget($srchurl,$cat); + return categories_widget($srchurl, $cat); } function widget_tagcloud_wall($arr) { $a = get_app(); + if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash'])) return ''; - if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream')) + if(! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_stream')) return ''; - $limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50); - if(feature_enabled($a->profile['profile_uid'],'tagadelic')) - return tagblock('search',$a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL); + $limit = ((array_key_exists('limit', $arr)) ? intval($arr['limit']) : 50); + if(feature_enabled($a->profile['profile_uid'], 'tagadelic')) + return tagblock('search', $a->profile['profile_uid'], $limit, $a->profile['channel_hash'], ITEM_WALL); + return ''; } + function widget_catcloud_wall($arr) { $a = get_app(); + if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash'])) return ''; - if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream')) + if(! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_stream')) return ''; $limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50); - return catblock($a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL); - return ''; + + return catblock($a->profile['profile_uid'], $limit, $a->profile['channel_hash'], ITEM_WALL); } @@ -438,6 +431,7 @@ function widget_affinity($arr) { call_hooks('main_slider',$arr); return $arr['html']; } + return ''; } @@ -463,20 +457,19 @@ function widget_settings_menu($arr) { if($abk) $abook_self_id = $abk[0]['abook_id']; - $tabs = array( array( 'label' => t('Account settings'), 'url' => $a->get_baseurl(true).'/settings/account', 'selected' => ((argv(1) === 'account') ? 'active' : ''), ), - + array( 'label' => t('Channel settings'), 'url' => $a->get_baseurl(true).'/settings/channel', 'selected' => ((argv(1) === 'channel') ? 'active' : ''), ), - + array( 'label' => t('Additional features'), 'url' => $a->get_baseurl(true).'/settings/features', @@ -494,7 +487,7 @@ function widget_settings_menu($arr) { 'url' => $a->get_baseurl(true).'/settings/display', 'selected' => ((argv(1) === 'display') ? 'active' : ''), ), - + array( 'label' => t('Connected apps'), 'url' => $a->get_baseurl(true) . '/settings/oauth', @@ -512,7 +505,6 @@ function widget_settings_menu($arr) { 'url' => $a->get_baseurl(true) . '/uexport/complete', 'selected' => '' ), - ); if($role === false || $role === 'custom') { @@ -529,7 +521,6 @@ function widget_settings_menu($arr) { 'url' => $a->get_baseurl(true) . '/connect/' . $channel['channel_address'], 'selected' => '' ); - } if(feature_enabled(local_user(),'channel_sources')) { @@ -538,18 +529,14 @@ function widget_settings_menu($arr) { 'url' => $a->get_baseurl(true) . '/sources', 'selected' => '' ); - } - - $tabtpl = get_markup_template("generic_links_widget.tpl"); return replace_macros($tabtpl, array( '$title' => t('Settings'), '$class' => 'settings-widget', '$items' => $tabs, )); - } @@ -560,9 +547,7 @@ function widget_mailmenu($arr) { $a = get_app(); return replace_macros(get_markup_template('message_side.tpl'), array( '$title' => t('Messages'), - '$tabs'=> array(), - '$check'=>array( 'label' => t('Check Mail'), 'url' => $a->get_baseurl(true) . '/message', @@ -573,9 +558,7 @@ function widget_mailmenu($arr) { 'url' => $a->get_baseurl(true) . '/mail/new', 'sel'=> (argv(1) == 'new'), ) - )); - } function widget_design_tools($arr) { @@ -586,7 +569,7 @@ function widget_design_tools($arr) { if($a->profile['profile_uid']) if(($a->profile['profile_uid'] != local_user()) && (! $a->is_sys)) - return ''; + return ''; if(! local_user()) return ''; @@ -601,24 +584,25 @@ function widget_findpeople($arr) { function widget_photo_albums($arr) { $a = get_app(); + if(! $a->profile['profile_uid']) return ''; $channelx = channelx_by_n($a->profile['profile_uid']); - if((! $channelx) || (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_photos'))) + if((! $channelx) || (! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_photos'))) return ''; require_once('include/photos.php'); - return photos_album_widget($channelx,$a->get_observer()); + return photos_album_widget($channelx, $a->get_observer()); } function widget_vcard($arr) { require_once ('include/Contact.php'); - return vcard_from_xchan('',get_app()->get_observer()); + return vcard_from_xchan('', get_app()->get_observer()); } -/** +/* * The following directory widgets are only useful on the directory page */ @@ -631,21 +615,23 @@ function widget_dirsort($arr) { } function widget_dirtags($arr) { - return dir_tagblock(z_root() . '/directory',null); + return dir_tagblock(z_root() . '/directory', null); } function widget_menu_preview($arr) { if(! get_app()->data['menu_item']) return; require_once('include/menu.php'); + return menu_render(get_app()->data['menu_item']); } function widget_chatroom_list($arr) { $a = get_app(); + require_once("include/chat.php"); $r = chatroom_list($a->profile['profile_uid']); - return replace_macros(get_markup_template('chatroomlist.tpl'),array( + return replace_macros(get_markup_template('chatroomlist.tpl'), array( '$header' => t('Chat Rooms'), '$baseurl' => z_root(), '$nickname' => $a->profile['channel_address'], @@ -658,7 +644,7 @@ function widget_bookmarkedchats($arr) { if(! $h) return; $r = q("select * from xchat where xchat_xchan = '%s' group by xchat_url order by xchat_desc", - dbesc($h) + dbesc($h) ); if($r) { for($x = 0; $x < count($r); $x ++) { @@ -692,17 +678,17 @@ function widget_suggestedchats($arr) { } function widget_item($arr) { + // FIXME there is no $a here $uid = $a->profile['profile_uid']; if((! $uid) || (! $arr['mid'])) return ''; - if(! perm_is_allowed($uid,get_observer_hash(),'view_pages')) + if(! perm_is_allowed($uid, get_observer_hash(), 'view_pages')) return ''; require_once('include/security.php'); $sql_extra = item_permissions_sql($uid); - $r = q("select * from item where mid = '%s' and uid = %d and item_restrict = " . intval(ITEM_WEBPAGE) . " $sql_extra limit 1", dbesc($arr['mid']), intval($uid) @@ -712,11 +698,10 @@ function widget_item($arr) { return ''; xchan_query($r); - $r = fetch_post_tags($r,true); + $r = fetch_post_tags($r, true); - $o .= prepare_page($r[0]); + $o = prepare_page($r[0]); return $o; - } function widget_clock($arr) { @@ -786,18 +771,17 @@ return $o; * URL must be an http or https URL */ - function widget_photo($arr) { $style = $zrl = false; - $params = ''; - if(array_key_exists('src',$arr) && isset($arr['src'])) + + if(array_key_exists('src', $arr) && isset($arr['src'])) $url = $arr['src']; if(strpos($url,'http') !== 0) return ''; - if(array_key_exists('style',$arr) && isset($arr['style'])) + if(array_key_exists('style', $arr) && isset($arr['style'])) $style = $arr['style']; // ensure they can't sneak in an eval(js) function @@ -805,7 +789,7 @@ function widget_photo($arr) { if(strpos($style,'(') !== false) return ''; - if(array_key_exists('zrl',$arr) && isset($arr['zrl'])) + if(array_key_exists('zrl', $arr) && isset($arr['zrl'])) $zrl = (($arr['zrl']) ? true : false); if($zrl) @@ -815,7 +799,7 @@ function widget_photo($arr) { $o .= '' . t('photo/image') . ''; + . ' src="' . $url . '" alt="' . t('photo/image') . '">'; $o .= '
'; @@ -826,15 +810,15 @@ function widget_photo($arr) { function widget_photo_rand($arr) { require_once('include/photos.php'); - $style = $zrl = false; - $params = ''; - if(array_key_exists('album',$arr) && isset($arr['album'])) + $style = false; + + if(array_key_exists('album', $arr) && isset($arr['album'])) $album = $arr['album']; else $album = ''; $channel_id = 0; - if(array_key_exists('channel_id',$arr) && intval($arr['channel_id'])) + if(array_key_exists('channel_id', $arr) && intval($arr['channel_id'])) $channel_id = intval($arr['channel_id']); if(! $channel_id) $channel_id = get_app()->profile_uid; @@ -844,7 +828,7 @@ function widget_photo_rand($arr) { $scale = ((array_key_exists('scale',$arr)) ? intval($arr['scale']) : 0); $ret = photos_list_photos(array('channel_id' => $channel_id),get_app()->get_observer(),$album); - + $filtered = array(); if($ret['success'] && $ret['photos']) foreach($ret['photos'] as $p) @@ -852,14 +836,14 @@ function widget_photo_rand($arr) { $filtered[] = $p['src']; if($filtered) { - $e = mt_rand(0,count($filtered)-1); + $e = mt_rand(0, count($filtered) - 1); $url = $filtered[$e]; } - if(strpos($url,'http') !== 0) + if(strpos($url, 'http') !== 0) return ''; - if(array_key_exists('style',$arr) && isset($arr['style'])) + if(array_key_exists('style', $arr) && isset($arr['style'])) $style = $arr['style']; // ensure they can't sneak in an eval(js) function @@ -873,7 +857,7 @@ function widget_photo_rand($arr) { $o .= '' . t('photo/image') . ''; + . ' src="' . $url . '" alt="' . t('photo/image') . '">'; $o .= '
'; @@ -913,10 +897,10 @@ function widget_random_block($arr) { $o = '
'; if($r[0]['title']) $o .= '

' . $r[0]['title'] . '

'; + $o .= prepare_text($r[0]['body'],$r[0]['mimetype']); $o .= '
'; - } - return $o; + return $o; } -- cgit v1.2.3 From 406e97c9ad76975011f639a415b8139352cb23da Mon Sep 17 00:00:00 2001 From: Christian Vogeley Date: Sun, 7 Dec 2014 21:20:52 +0100 Subject: Remove channel cloud files from file system when the channel is removed --- include/Contact.php | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'include') diff --git a/include/Contact.php b/include/Contact.php index 64779d45f..9a3b91dc4 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -207,6 +207,7 @@ function account_remove($account_id,$local = true,$unset_session=true) { intval($account_id) ); + if ($unset_session) { unset($_SESSION['authenticated']); unset($_SESSION['uid']); @@ -216,6 +217,28 @@ function account_remove($account_id,$local = true,$unset_session=true) { return $r; } +// recursively delete a directory +function rrmdir($path) +{ + if (is_dir($path) === true) + { + $files = array_diff(scandir($path), array('.', '..')); + + foreach ($files as $file) + { + rrmdir(realpath($path) . '/' . $file); + } + + return rmdir($path); + } + + else if (is_file($path) === true) + { + return unlink($path); + } + + return false; +} function channel_remove($channel_id, $local = true, $unset_session=true) { @@ -311,6 +334,19 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { dbesc($channel['channel_hash']) ); } + + //remove from file system + $r = q("select channel_address from channel where channel_id = %d", + intval($channel_id) + ); + if($r) + $channel_address = $r[0]['channel_address'] ; + if ($channel_address !== '') { + $f = 'store/' . $channel_address.'/'; + logger ('delete '. $f); + if(is_dir($f)) + @rrmdir($f); + } proc_run('php','include/directory.php',$channel_id); -- cgit v1.2.3 From 10d5f0eed7d3708ca5a33f426baddfdfc138ba4f Mon Sep 17 00:00:00 2001 From: Christian Vogeley Date: Sun, 7 Dec 2014 23:29:23 +0100 Subject: small change --- include/Contact.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/Contact.php b/include/Contact.php index 9a3b91dc4..4fd43db44 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -336,7 +336,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { } //remove from file system - $r = q("select channel_address from channel where channel_id = %d", + $r = q("select channel_address from channel where channel_id = %d limit 1", intval($channel_id) ); if($r) -- cgit v1.2.3 From 97d1072f9bc39b47769576e5885c04a5f1bacd9a Mon Sep 17 00:00:00 2001 From: Stefan Parviainen Date: Mon, 8 Dec 2014 16:49:48 +0100 Subject: Make it clear that title and categories are optional --- include/conversation.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 6b3e278f0..c8336900f 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1131,10 +1131,10 @@ function status_editor($a,$x,$popup=false) { '$noloc' => t('Clear browser location'), '$shortnoloc' => t('clear location'), '$title' => ((x($x,'title')) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8') : ''), - '$placeholdertitle' => t('Set title'), + '$placeholdertitle' => t('Title (optional)'), '$catsenabled' => ((feature_enabled($x['profile_uid'],'categories') && (! $webpage)) ? 'categories' : ''), '$category' => "", - '$placeholdercategory' => t('Categories (comma-separated list)'), + '$placeholdercategory' => t('Categories (optional, comma-separated list)'), '$wait' => t('Please wait'), '$permset' => t('Permission settings'), '$shortpermset' => t('permissions'), -- cgit v1.2.3 From 242713ebef71e0e2b6b1666f7c2400b26772ba2d Mon Sep 17 00:00:00 2001 From: marijus Date: Tue, 9 Dec 2014 15:09:19 +0100 Subject: show clear browser location button only if use browser location option is set and minor css fixes --- include/conversation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index c8336900f..d0cd81c4a 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1128,7 +1128,7 @@ function status_editor($a,$x,$popup=false) { '$shortaudio' => t('audio link'), '$setloc' => t('Set your location'), '$shortsetloc' => t('set location'), - '$noloc' => t('Clear browser location'), + '$noloc' => ((get_pconfig($x['profile_uid'],'system','use_browser_location')) ? t('Clear browser location') : ''), '$shortnoloc' => t('clear location'), '$title' => ((x($x,'title')) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8') : ''), '$placeholdertitle' => t('Title (optional)'), -- cgit v1.2.3 From ad2c8a4cb76d727cc6c22fb42f87ffa1fd32edb3 Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Wed, 10 Dec 2014 15:34:18 +0000 Subject: Provide censorship. --- include/conversation.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index d0cd81c4a..b9419acde 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -431,13 +431,18 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ $arr_blocked = null; - if(local_user()) { + if(local_user()) $str_blocked = get_pconfig(local_user(),'system','blocked'); - if($str_blocked) { + if(! local_user() && ($mode == 'network')) { + $sys = get_sys_channel(); + $id = $sys['channel_id']; + $str_blocked = get_pconfig($id,'system','blocked'); + } + + if($str_blocked) { $arr_blocked = explode(',',$str_blocked); for($x = 0; $x < count($arr_blocked); $x ++) - $arr_blocked[$x] = trim($arr_blocked[$x]); - } + $arr_blocked[$x] = trim($arr_blocked[$x]); } -- cgit v1.2.3 From 58067c24fc5200993539af6d7f7254877662c3c9 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 10 Dec 2014 16:24:31 -0800 Subject: block adult channels from inclusion in public content feeds --- include/security.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/security.php b/include/security.php index 8066a76f6..e3915f4a8 100644 --- a/include/security.php +++ b/include/security.php @@ -380,7 +380,7 @@ function stream_perms_api_uids($perms = NULL ) { $ret[] = local_user(); $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0", intval($perms), - intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) + intval(PAGE_ADULT|PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) ); if($r) foreach($r as $rr) @@ -407,7 +407,7 @@ function stream_perms_xchans($perms = NULL ) { $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0", intval($perms), - intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED) + intval(PAGE_ADULT|PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) ); if($r) foreach($r as $rr) -- cgit v1.2.3 From 452d275b5ee4575e6c763076b397e1cd2320c4bc Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 12 Dec 2014 00:26:07 -0800 Subject: don't import to sys channel from self-censored authors --- include/zot.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 44c36ebb4..c88b2a369 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1433,9 +1433,19 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque $channel = $r[0]; // allow public postings to the sys channel regardless of permissions - if(($channel['channel_pageflags'] & PAGE_SYSTEM) && (! $arr['item_private'])) + if(($channel['channel_pageflags'] & PAGE_SYSTEM) && (! $arr['item_private'])) { $local_public = true; + $r = q("select xchan_flags from xchan where xchan_hash = '%s' limit 1", + dbesc($sender['hash']) + ); + // don't import sys channel posts from selfcensored authors + if($r && ($r[0]['xchan_flags'] & XCHAN_FLAGS_SELFCENSORED)) { + $local_public = false; + continue; + } + } + $tag_delivery = tgroup_check($channel['channel_id'],$arr); $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); -- cgit v1.2.3 From 513efc8928b52d0a24ed588f9a3bd49eae3ffe9e Mon Sep 17 00:00:00 2001 From: Stefan Parviainen Date: Fri, 12 Dec 2014 16:27:45 +0100 Subject: Add some ids to nav elements --- include/nav.php | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index b4aa0f14a..9a9dfd6d6 100644 --- a/include/nav.php +++ b/include/nav.php @@ -92,40 +92,40 @@ EOT; if($chans && count($chans) > 1 && feature_enabled(local_user(),'nav_channel_select')) $nav['channels'] = $chans; - $nav['logout'] = Array('logout',t('Logout'), "", t('End this session')); + $nav['logout'] = Array('logout',t('Logout'), "", t('End this session'),'logout_nav_btn'); // user menu - $nav['usermenu'][] = Array('channel/' . $channel['channel_address'], t('Home'), "", t('Your posts and conversations')); - $nav['usermenu'][] = Array('profile/' . $channel['channel_address'], t('View Profile'), "", t('Your profile page')); + $nav['usermenu'][] = Array('channel/' . $channel['channel_address'], t('Home'), "", t('Your posts and conversations'),'channel_nav_btn'); + $nav['usermenu'][] = Array('profile/' . $channel['channel_address'], t('View Profile'), "", t('Your profile page'),'profile_nav_btn'); if(feature_enabled(local_user(),'multi_profiles')) - $nav['usermenu'][] = Array('profiles', t('Edit Profiles'),"", t('Manage/Edit profiles')); + $nav['usermenu'][] = Array('profiles', t('Edit Profiles'),"", t('Manage/Edit profiles'),'profiles_nav_btn'); else - $nav['usermenu'][] = Array('profiles/' . $prof[0]['id'], t('Edit Profile'),"", t('Edit your profile')); + $nav['usermenu'][] = Array('profiles/' . $prof[0]['id'], t('Edit Profile'),"", t('Edit your profile'),'profiles_nav_btn'); - $nav['usermenu'][] = Array('photos/' . $channel['channel_address'], t('Photos'), "", t('Your photos')); - $nav['usermenu'][] = Array('cloud/' . $channel['channel_address'],t('Files'),"",t('Your files')); + $nav['usermenu'][] = Array('photos/' . $channel['channel_address'], t('Photos'), "", t('Your photos'),'photos_nav_btn'); + $nav['usermenu'][] = Array('cloud/' . $channel['channel_address'],t('Files'),"",t('Your files'),'cloud_nav_btn'); require_once('include/chat.php'); $has_chats = chatroom_list_count(local_user()); if($has_chats) { - $nav['usermenu'][] = Array('chat/' . $channel['channel_address'],t('Chat'),"",t('Your chatrooms')); + $nav['usermenu'][] = Array('chat/' . $channel['channel_address'],t('Chat'),"",t('Your chatrooms'),'chat_nav_btn'); } require_once('include/menu.php'); $has_bookmarks = menu_list_count(local_user(),'',MENU_BOOKMARK) + menu_list_count(local_user(),'',MENU_SYSTEM|MENU_BOOKMARK); if($has_bookmarks) { - $nav['usermenu'][] = Array('bookmarks', t('Bookmarks'), "", t('Your bookmarks')); + $nav['usermenu'][] = Array('bookmarks', t('Bookmarks'), "", t('Your bookmarks'),'bookmarks_nav_btn'); } if(feature_enabled($channel['channel_id'],'webpages')) - $nav['usermenu'][] = Array('webpages/' . $channel['channel_address'],t('Webpages'),"",t('Your webpages')); + $nav['usermenu'][] = Array('webpages/' . $channel['channel_address'],t('Webpages'),"",t('Your webpages'),'webpages_nav_btn'); } else { if(! get_account_id()) { - $nav['loginmenu'][] = Array('login',t('Login'),'',t('Sign in')); + $nav['loginmenu'][] = Array('login',t('Login'),'',t('Sign in'),'login_nav_btn'); } else - $nav['alogout'] = Array('logout',t('Logout'), "", t('End this session')); + $nav['alogout'] = Array('logout',t('Logout'), "", t('End this session'),'logout_nav_btn'); } @@ -142,7 +142,7 @@ EOT; sprintf( t('%s - click to logout'), $observer['xchan_addr'])); } else { - $nav['loginmenu'][] = Array('rmagic',t('Remote authentication'),'',t('Click to authenticate to your home hub')); + $nav['loginmenu'][] = Array('rmagic',t('Remote authentication'),'',t('Click to authenticate to your home hub'),'rmagic_nav_btn'); } /** @@ -156,24 +156,24 @@ EOT; } if(($a->module != 'home') && (! (local_user()))) - $nav['home'] = array($homelink, t('Home'), "", t('Home Page')); + $nav['home'] = array($homelink, t('Home'), "", t('Home Page'),'home_nav_btn'); if(($a->config['system']['register_policy'] == REGISTER_OPEN) && (! local_user()) && (! remote_user())) - $nav['register'] = array('register',t('Register'), "", t('Create an account')); + $nav['register'] = array('register',t('Register'), "", t('Create an account'),'register_nav_btn'); $help_url = z_root() . '/help?f=&cmd=' . $a->cmd; if(! get_config('system','hide_help')) - $nav['help'] = array($help_url, t('Help'), "", t('Help and documentation')); + $nav['help'] = array($help_url, t('Help'), "", t('Help and documentation'),'help_nav_btn'); - $nav['apps'] = array('apps', t('Apps'), "", t('Applications, utilities, links, games')); + $nav['apps'] = array('apps', t('Apps'), "", t('Applications, utilities, links, games'),'apps_nav_btn'); $nav['search'] = array('search', t('Search'), "", t('Search site content')); - $nav['directory'] = array('directory', t('Directory'), "", t('Channel Directory')); + $nav['directory'] = array('directory', t('Directory'), "", t('Channel Directory'),'directory_nav_btn'); /** @@ -187,21 +187,21 @@ EOT; $network_options = get_pconfig(local_user(),'system','network_page_default'); $nav['network'] = array('network' . (($network_options) ? '?f=&' . $network_options : ''), - t('Matrix'), "", t('Your matrix')); + t('Matrix'), "", t('Your matrix'),'network_nav_btn'); $nav['network']['mark'] = array('', t('Mark all matrix notifications seen'), '',''); - $nav['home'] = array('channel/' . $channel['channel_address'], t('Channel Home'), "", t('Channel home')); + $nav['home'] = array('channel/' . $channel['channel_address'], t('Channel Home'), "", t('Channel home'),'home_nav_btn'); $nav['home']['mark'] = array('', t('Mark all channel notifications seen'), '',''); - $nav['intros'] = array('connections/ifpending', t('Connections'), "", t('Connections')); + $nav['intros'] = array('connections/ifpending', t('Connections'), "", t('Connections'),'connections_nav_btn'); - $nav['notifications'] = array('notifications/system', t('Notices'), "", t('Notifications')); + $nav['notifications'] = array('notifications/system', t('Notices'), "", t('Notifications'),'notifications_nav_btn'); $nav['notifications']['all']=array('notifications/system', t('See all notifications'), "", ""); $nav['notifications']['mark'] = array('', t('Mark all system notifications seen'), '',''); - $nav['messages'] = array('message', t('Mail'), "", t('Private mail')); + $nav['messages'] = array('message', t('Mail'), "", t('Private mail'),'mail_nav_btn'); $nav['messages']['all']=array('message', t('See all private messages'), "", ""); $nav['messages']['mark'] = array('', t('Mark all private messages seen'), '',''); $nav['messages']['inbox'] = array('message', t('Inbox'), "", t('Inbox')); @@ -209,13 +209,13 @@ EOT; $nav['messages']['new'] = array('mail/new', t('New Message'), "", t('New Message')); - $nav['all_events'] = array('events', t('Events'), "", t('Event Calendar')); + $nav['all_events'] = array('events', t('Events'), "", t('Event Calendar'),'events_nav_btn'); $nav['all_events']['all']=array('events', t('See all events'), "", ""); $nav['all_events']['mark'] = array('', t('Mark all events seen'), '',''); - $nav['manage'] = array('manage', t('Channel Manager'), "", t('Manage Your Channels')); + $nav['manage'] = array('manage', t('Channel Manager'), "", t('Manage Your Channels'),'manage_nav_btn'); - $nav['settings'] = array('settings', t('Settings'),"", t('Account/Channel Settings')); + $nav['settings'] = array('settings', t('Settings'),"", t('Account/Channel Settings'),'settings_nav_btn'); } @@ -223,7 +223,7 @@ EOT; * Admin page */ if (is_site_admin()){ - $nav['admin'] = array('admin/', t('Admin'), "", t('Site Setup and Configuration')); + $nav['admin'] = array('admin/', t('Admin'), "", t('Site Setup and Configuration'),'admin_nav_btn'); } -- cgit v1.2.3 From 38670815039741b31bbd75647f81096810ddaadb Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Sat, 13 Dec 2014 20:20:55 +0000 Subject: Let Diaspora hublocs come back by allowing discover_by_webbie() to carry on if and look for a hubloc even if an xchan is found. You'll probably need to loop through the missing ones manually. --- include/network.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index ee2a6a59b..db48caf37 100644 --- a/include/network.php +++ b/include/network.php @@ -1092,9 +1092,7 @@ function discover_by_webbie($webbie) { $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($webbie) ); - if($r) - return true; - + if(! $r) { $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_pubkey, xchan_addr, xchan_url, xchan_name, xchan_network, xchan_instance_url, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", dbesc($addr), dbesc($guid), @@ -1106,6 +1104,7 @@ function discover_by_webbie($webbie) { dbesc(z_root()), dbescdate(datetime_convert()) ); + } $r = q("select * from hubloc where hubloc_hash = '%s' limit 1", dbesc($webbie) -- cgit v1.2.3 From 233903c84428b9322eaea94bf22f6ae972e44332 Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Sun, 14 Dec 2014 01:22:52 +0100 Subject: Add security logger to RedDAV. Some smaller clean ups whitepsaces and tabs, use PHP_EOL, Doxygen, etc. --- include/RedDAV/RedBasicAuth.php | 7 +- include/RedDAV/RedBrowser.php | 9 +- include/auth.php | 22 ++- include/text.php | 409 +++++++++++++++++++--------------------- 4 files changed, 221 insertions(+), 226 deletions(-) (limited to 'include') diff --git a/include/RedDAV/RedBasicAuth.php b/include/RedDAV/RedBasicAuth.php index 2f86d4f82..19dd9a5f0 100644 --- a/include/RedDAV/RedBasicAuth.php +++ b/include/RedDAV/RedBasicAuth.php @@ -118,8 +118,11 @@ class RedBasicAuth extends DAV\Auth\Backend\AbstractBasic { } } } - logger('password failed for ' . $username); - // @TODO add security logger + + $error = 'password failed for ' . $username; + logger($error); + log_failed_login($error); + return false; } diff --git a/include/RedDAV/RedBrowser.php b/include/RedDAV/RedBrowser.php index 21ea76aed..eb08fd79f 100644 --- a/include/RedDAV/RedBrowser.php +++ b/include/RedDAV/RedBrowser.php @@ -182,10 +182,10 @@ class RedBrowser extends DAV\Browser\Plugin { } } } - - $parentHash = ""; + + $parentHash = ''; $owner = $this->auth->owner_id; - $splitPath = split("/", $fullPath); + $splitPath = split('/', $fullPath); if (count($splitPath) > 3) { for ($i = 3; $i < count($splitPath); $i++) { $attachName = urldecode($splitPath[$i]); @@ -233,6 +233,7 @@ class RedBrowser extends DAV\Browser\Plugin { } // prepare quota for template + $quota = array(); $quota['used'] = $used; $quota['limit'] = $limit; $quota['desc'] = $quotaDesc; @@ -257,7 +258,7 @@ class RedBrowser extends DAV\Browser\Plugin { $this->server->broadcastEvent('onHTMLActionsPanel', array($parent, &$output)); } $html .= $output; - + get_app()->page['content'] = $html; load_pdl(get_app()); construct_page(get_app()); diff --git a/include/auth.php b/include/auth.php index 94c64e58d..545fbe8c9 100644 --- a/include/auth.php +++ b/include/auth.php @@ -41,6 +41,9 @@ function nuke_session() { /** * @brief Verify login credentials. * + * If system authlog is set a log entry will be added for failed login + * attempts. + * * @param string $email * The email address to verify. * @param string $pass @@ -88,14 +91,25 @@ function account_verify_password($email, $pass) { if($record['account_flags'] & ACCOUNT_PENDING) logger('Account is pending. account_flags = ' . $record['account_flags']); - // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention - $authlog = get_config('system', 'authlog'); - if ($authlog) - @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); + log_failed_login($error); return null; } +/** + * @brief Log failed logins to a separate auth log. + * + * Can be used to reduce overhead for server side intrusion prevention, like + * parse the authlog file with something like fail2ban, OSSEC, etc. + * + * @param string $errormsg + * Error message to display for failed login. + */ +function log_failed_login($errormsg) { + $authlog = get_config('system', 'authlog'); + if ($authlog) + @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $errormsg . PHP_EOL, FILE_APPEND); +} /** * Inline - not a function diff --git a/include/text.php b/include/text.php index 70a8f1179..3a7c02362 100644 --- a/include/text.php +++ b/include/text.php @@ -181,34 +181,34 @@ function autoname($len) { 'kh', 'kl','kr','mn','pl','pr','rh','tr','qu','wh'); $start = mt_rand(0,2); - if($start == 0) - $table = $vowels; - else - $table = $cons; + if($start == 0) + $table = $vowels; + else + $table = $cons; $word = ''; for ($x = 0; $x < $len; $x ++) { - $r = mt_rand(0,count($table) - 1); - $word .= $table[$r]; - - if($table == $vowels) - $table = array_merge($cons,$midcons); - else - $table = $vowels; + $r = mt_rand(0,count($table) - 1); + $word .= $table[$r]; + + if($table == $vowels) + $table = array_merge($cons,$midcons); + else + $table = $vowels; } $word = substr($word,0,$len); foreach($noend as $noe) { - if((strlen($word) > 2) && (substr($word,-2) == $noe)) { - $word = substr($word,0,-1); - break; - } + if((strlen($word) > 2) && (substr($word,-2) == $noe)) { + $word = substr($word,0,-1); + break; + } } if(substr($word,-1) == 'q') - $word = substr($word,0,-1); + $word = substr($word,0,-1); return $word; } @@ -224,11 +224,11 @@ function autoname($len) { */ function xmlify($str) { $buffer = ''; - + $len = mb_strlen($str); for($x = 0; $x < $len; $x ++) { $char = mb_substr($str,$x,1); - + switch( $char ) { case "\r" : @@ -267,7 +267,7 @@ function xmlify($str) { function unxmlify($s) { $ret = str_replace('&','&', $s); $ret = str_replace(array('<','>','"','''),array('<','>','"',"'"),$ret); - return $ret; + return $ret; } // convenience wrapper, reverse the operation "bin2hex" @@ -314,8 +314,7 @@ function paginate(&$a) { $pagenum = $a->pager['page']; $url = $a->get_baseurl() . '/' . $stripped; - - if($a->pager['total'] > $a->pager['itemspage']) { + if($a->pager['total'] > $a->pager['itemspage']) { $o .= '
'; if($a->pager['page'] != 1) $o .= ''."pager['page'] - 1).'">' . t('prev') . ' '; @@ -331,7 +330,7 @@ function paginate(&$a) { $numstart = (($pagenum > 7) ? ($pagenum - 7) : 1); $numstop = (($pagenum > ($numpages - 7)) ? $numpages : ($numstart + 14)); } - + for($i = $numstart; $i <= $numstop; $i++){ if($i == $a->pager['page']) $o .= ''.(($i < 10) ? ' '.$i : $i); @@ -405,7 +404,7 @@ function expand_acl($s) { } } return $ret; -} +} // Used to wrap ACL elements in angle brackets for storage @@ -420,7 +419,6 @@ function sanitise_acl(&$item) { // Convert an ACL array to a storable string - function perms2str($p) { $ret = ''; @@ -436,16 +434,17 @@ function perms2str($p) { return $ret; } -// generate a guaranteed unique (for this domain) item ID for ATOM -// safe from birthday paradox - - +/** + * @brief Generate a guaranteed unique (for this domain) item ID for ATOM. + * + * Safe from birthday paradox. + * + * @return string a unique id + */ function item_message_id() { - do { $dups = false; $hash = random_string(); - $mid = $hash . '@' . get_app()->get_hostname(); $r = q("SELECT id FROM item WHERE mid = '%s' LIMIT 1", @@ -453,31 +452,33 @@ function item_message_id() { if(count($r)) $dups = true; } while($dups == true); + return $mid; } -// Generate a guaranteed unique photo ID. -// safe from birthday paradox - - +/** + * @brief Generate a guaranteed unique photo ID. + * + * Safe from birthday paradox. + * + * @return string a uniqe hash + */ function photo_new_resource() { - do { $found = false; - $resource = hash('md5',uniqid(mt_rand(),true)); + $resource = hash('md5', uniqid(mt_rand(), true)); + $r = q("SELECT id FROM photo WHERE resource_id = '%s' LIMIT 1", - dbesc($resource) - ); + dbesc($resource)); if(count($r)) $found = true; - } while($found == true); + } while($found === true); + return $resource; } - - // for html,xml parsing - let's say you've got // an attribute foobar="class1 class2 class3" // and you want to find out if it contains 'class3'. @@ -487,52 +488,76 @@ function photo_new_resource() { // pass the attribute string as $attr and the attribute you // are looking for as $s - returns true if found, otherwise false -function attribute_contains($attr,$s) { +function attribute_contains($attr, $s) { $a = explode(' ', $attr); - if(count($a) && in_array($s,$a)) + if(count($a) && in_array($s, $a)) return true; + return false; } - -function logger($msg,$level = 0) { +/** + * @brief Logging function for RedMatrix. + * + * Logging output is configured through RedMatrix's system config. The log file + * is set in system logfile, log level in system loglevel and to enable logging + * set system debugging. + * + * Available constants for log level are LOGGER_NORMAL, LOGGER_TRACE, LOGGER_DEBUG, + * LOGGER_DATA and LOGGER_ALL. + * + * Since PHP5.4 we get the file, function and line automatically where the logger + * was caleld, so no need to add it to the message anymore. + * + * @param string $msg Message to log + * @param int $level A log level. + */ +function logger($msg, $level = 0) { // turn off logger in install mode global $a; global $db; - if(($a->module == 'install') || (! ($db && $db->connected))) return; + if(($a->module == 'install') || (! ($db && $db->connected))) + return; - $debugging = get_config('system','debugging'); - $loglevel = intval(get_config('system','loglevel')); - $logfile = get_config('system','logfile'); + $debugging = get_config('system', 'debugging'); + $loglevel = intval(get_config('system', 'loglevel')); + $logfile = get_config('system', 'logfile'); if((! $debugging) || (! $logfile) || ($level > $loglevel)) return; $where = ''; - if(version_compare(PHP_VERSION,'5.4.0') >= 0) { - $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS,2); + if(version_compare(PHP_VERSION, '5.4.0') >= 0) { + $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; } - @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $where . $msg . "\n", FILE_APPEND); - return; + @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $where . $msg . PHP_EOL, FILE_APPEND); } - -// This is a special logging facility for developers. It allows one to target specific things to trace/debug -// and is identical to logger() with the exception of the log filename. This allows one to isolate specific -// calls while allowing logger() to paint a bigger picture of overall activity and capture more detail. -// If you find dlogger() calls in checked in code, you are free to remove them - so as to provide a noise-free -// development environment which responds to events you are targetting personally. - - -function dlogger($msg,$level = 0) { +/** + * @brief This is a special logging facility for developers. + * + * It allows one to target specific things to trace/debug and is identical to + * logger() with the exception of the log filename. This allows one to isolate + * specific calls while allowing logger() to paint a bigger picture of overall + * activity and capture more detail. + * + * If you find dlogger() calls in checked in code, you are free to remove them - + * so as to provide a noise-free development environment which responds to events + * you are targetting personally. + * + * @param string $msg Message to log + * @param int $level A log level. + */ +function dlogger($msg, $level = 0) { // turn off logger in install mode global $a; global $db; - if(($a->module == 'install') || (! ($db && $db->connected))) return; + if(($a->module == 'install') || (! ($db && $db->connected))) + return; $debugging = get_config('system','debugging'); $loglevel = intval(get_config('system','loglevel')); @@ -540,19 +565,23 @@ function dlogger($msg,$level = 0) { if((! $debugging) || (! $logfile) || ($level > $loglevel)) return; - - @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $msg . "\n", FILE_APPEND); - return; + + $where = ''; + if(version_compare(PHP_VERSION, '5.4.0') >= 0) { + $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); + $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; + } + + @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $where . $msg . PHP_EOL, FILE_APPEND); } function profiler($t1,$t2,$label) { if(file_exists('profiler.out') && $t1 && t2) - @file_put_contents('profiler.out', sprintf('%01.4f %s',$t2 - $t1,$label) . "\n", FILE_APPEND); + @file_put_contents('profiler.out', sprintf('%01.4f %s',$t2 - $t1,$label) . PHP_EOL, FILE_APPEND); } - function activity_match($haystack,$needle) { if(($haystack === $needle) || ((basename($needle) === $haystack) && strstr($needle,NAMESPACE_ACTIVITY_SCHEMA))) return true; @@ -569,7 +598,6 @@ function activity_match($haystack,$needle) { // Returns array of tags found, or empty array. - function get_tags($s) { $ret = array(); @@ -592,9 +620,6 @@ function get_tags($s) { // Match full names against @tags including the space between first and last // We will look these up afterward to see if they are full names or not recognisable. - - - if(preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A@,:?]+)([ \x0D\x0A@,:?]|$)/',$s,$match)) { foreach($match[1] as $mtch) { if(strstr($mtch,"]")) { @@ -648,7 +673,6 @@ function get_tags($s) { usort($ret,'tag_sort_length'); - // logger('get_tags: ' . print_r($ret,true)); return $ret; @@ -657,13 +681,12 @@ function get_tags($s) { function tag_sort_length($a,$b) { if(mb_strlen($a) == mb_strlen($b)) return 0; + return((mb_strlen($b) < mb_strlen($a)) ? (-1) : 1); } - - function strip_zids($s) { return preg_replace('/[\?&]zid=(.*?)(&|$)/ism','$2',$s); } @@ -673,12 +696,10 @@ function strip_zids($s) { function qp($s) { -return str_replace ("%","=",rawurlencode($s)); + return str_replace ("%","=",rawurlencode($s)); } - - function get_mentions($item,$tags) { $o = ''; @@ -712,7 +733,6 @@ function contact_block() { if($shown == 0) return; - $is_owner = ((local_user() && local_user() == $a->profile['uid']) ? true : false); $abook_flags = ABOOK_FLAG_PENDING|ABOOK_FLAG_SELF; @@ -734,8 +754,7 @@ function contact_block() { } if(! $total) { $contacts = t('No connections'); - $micropro = Null; - + $micropro = null; } else { if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) { $randfunc = 'RANDOM()'; @@ -758,7 +777,7 @@ function contact_block() { } } } - + $tpl = get_markup_template('contact_block.tpl'); $o = replace_macros($tpl, array( '$contacts' => $contacts, @@ -771,7 +790,6 @@ function contact_block() { call_hooks('contact_block_end', $arr); return $o; - } @@ -815,8 +833,6 @@ function micropro($contact, $redirect = false, $class = '', $textmode = false) { } - - function search($s,$id='search-box',$url='/search',$save = false) { $a = get_app(); return replace_macros(get_markup_template('searchbox.tpl'),array( @@ -843,12 +859,12 @@ function searchbox($s,$id='search-box',$url='/search',$save = false) { function valid_email($x){ - if(get_config('system','disable_email_validation')) return true; if(preg_match('/^[_a-zA-Z0-9\-\+]+(\.[_a-zA-Z0-9\-\+]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/',$x)) return true; + return false; } @@ -879,11 +895,10 @@ function linkify($s) { * * @returns string */ - - function sslify($s) { if(strpos(z_root(),'https:') === false) return $s; + $matches = null; $cnt = preg_match_all("/\<(.*?)src=\"(http\:.*?)\"(.*?)\>/",$s,$matches,PREG_SET_ORDER); if($cnt) { @@ -897,7 +912,6 @@ function sslify($s) { function get_poke_verbs() { - // index is present tense verb // value is array containing past tense verb, translation of present, translation of past @@ -909,12 +923,13 @@ function get_poke_verbs() { 'finger' => array( 'fingered', t('finger'), t('fingered')), 'rebuff' => array( 'rebuffed', t('rebuff'), t('rebuffed')), ); + call_hooks('poke_verbs', $arr); return $arr; } function get_mood_verbs() { - + $arr = array( 'happy' => t('happy'), 'sad' => t('sad'), @@ -964,17 +979,13 @@ function get_mood_verbs() { * bbcode source for HTML display * */ - - function smilies($s, $sample = false) { - $a = get_app(); if(intval(get_config('system','no_smilies')) || (local_user() && intval(get_pconfig(local_user(),'system','no_smilies')))) return $s; - $s = preg_replace_callback('{<(pre|code)>.*?}ism','smile_shield',$s); $s = preg_replace_callback('/<[a-z]+ .*?>/ism','smile_shield',$s); @@ -1072,7 +1083,6 @@ function smilies($s, $sample = false) { $s = preg_replace_callback('//ism', 'smile_unshield', $s); return $s; - } function smile_shield($m) { @@ -1132,6 +1142,7 @@ function normalise_link($url) { function link_compare($a,$b) { if(strcasecmp(normalise_link($a),normalise_link($b)) === 0) return true; + return false; } @@ -1147,7 +1158,6 @@ function unobscure(&$item) { if($item['body']) $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); } - } function theme_attachments(&$item) { @@ -1190,12 +1200,10 @@ function theme_attachments(&$item) { $url = $r['href']; else $url = z_root() . '/magic?f=&hash=' . $item['author_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision']; + $s .= '' . $icon . ''; $attaches[] = array('title' => $title, 'url' => $url, 'icon' => $icon ); - } - - } $s = replace_macros(get_markup_template('item_attach.tpl'), array( @@ -1203,13 +1211,12 @@ function theme_attachments(&$item) { )); return $s; - } function format_categories(&$item,$writeable) { - $s = ''; + $terms = get_terms_oftype($item['term'],TERM_CATEGORY); if($terms) { $categories = array(); @@ -1225,6 +1232,7 @@ function format_categories(&$item,$writeable) { '$remove' => t('remove category'), '$categories' => $categories )); + return $s; } @@ -1235,7 +1243,6 @@ function format_hashtags(&$item) { $s = ''; $terms = get_terms_oftype($item['term'],TERM_HASHTAG); if($terms) { - $categories = array(); foreach($terms as $t) { $term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8',false) ; if(! trim($term)) @@ -1255,11 +1262,10 @@ function format_hashtags(&$item) { function format_mentions(&$item) { - $s = ''; + $terms = get_terms_oftype($item['term'],TERM_MENTION); if($terms) { - $categories = array(); foreach($terms as $t) { $term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8',false) ; if(! trim($term)) @@ -1278,8 +1284,8 @@ function format_mentions(&$item) { function format_filer(&$item) { - $s = ''; + $terms = get_terms_oftype($item['term'],TERM_FILE); if($terms) { $categories = array(); @@ -1295,19 +1301,14 @@ function format_filer(&$item) { '$remove' => t('remove from file'), '$categories' => $categories )); + return $s; } - - function prepare_body(&$item,$attach = false) { - $a = get_app(); - - - call_hooks('prepare_body_init', $item); unobscure($item); @@ -1322,28 +1323,22 @@ function prepare_body(&$item,$attach = false) { return $s; } - $s .= theme_attachments($item); - - $writeable = ((get_observer_hash() == $item['owner_xchan']) ? true : false); - + $writeable = ((get_observer_hash() == $item['owner_xchan']) ? true : false); $s .= format_hashtags($item); if($item['resource_type']) $s .= format_mentions($item); - $s .= format_categories($item,$writeable); if(local_user() == $item['uid']) $s .= format_filer($item); - $s = sslify($s); - // Look for spoiler $spoilersearch = '
'; @@ -1358,7 +1353,7 @@ function prepare_body(&$item,$attach = false) { $pos = strpos($s, $spoilersearch); $rnd = random_string(8); $spoilerreplace = '
'.sprintf(t('Click to open/close')).''. - '