From f9200027d0c5ccbffa9b406eca3e72ab2a071f05 Mon Sep 17 00:00:00 2001 From: marijus Date: Thu, 9 Oct 2014 11:31:48 +0200 Subject: fix userinfo icon size --- include/nav.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 7c9abce49..4f7d609aa 100644 --- a/include/nav.php +++ b/include/nav.php @@ -130,7 +130,7 @@ EOT; if($observer) { $userinfo = array( - 'icon' => $observer['xchan_photo_m'], + 'icon' => $observer['xchan_photo_s'], 'name' => $observer['xchan_addr'], ); } -- cgit v1.2.3 From 6806888fa41a88df698d834e6edafde383ef03ad Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 9 Oct 2014 03:36:50 -0700 Subject: return of the missing diaspora wall-to-wall attribution --- include/bb2diaspora.php | 12 ++++++++++++ include/items.php | 12 ------------ 2 files changed, 12 insertions(+), 12 deletions(-) (limited to 'include') diff --git a/include/bb2diaspora.php b/include/bb2diaspora.php index 65f4311a0..a80b3343b 100644 --- a/include/bb2diaspora.php +++ b/include/bb2diaspora.php @@ -263,8 +263,15 @@ function bb2dmention_callback($match) { function bb2diaspora_itemwallwall(&$item) { + $author_exists = true; if(! array_key_exists('author',$item)) { + $author_exists = false; logger('bb2diaspora_itemwallwall: no author'); + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($item['author_xchan']) + ); + if($r) + $item['author'] = $r[0]; } if(($item['mid'] == $item['parent_mid']) && ($item['author_xchan'] != $item['owner_xchan']) && (is_array($item['author']))) { @@ -279,6 +286,11 @@ function bb2diaspora_itemwallwall(&$item) { . '[url=' . $item['author']['xchan_url'] . ']' . $item['author']['xchan_name'] . '[/url]' . "\n\n" . $item['body']; } + // $item['author'] might cause a surprise further down the line if it wasn't expected to be here. + + if(! $author_exists) + $unset($item['author']); + } diff --git a/include/items.php b/include/items.php index c9810bb7c..a930a7c3e 100755 --- a/include/items.php +++ b/include/items.php @@ -2522,12 +2522,6 @@ function store_diaspora_comment_sig($datarray, $channel, $parent_item, $post_id) // since Diaspora doesn't handle edits we can only do this for the original text and not update it. - $enabled = intval(get_config('system','diaspora_enabled')); - if(! $enabled) { - logger('mod_item: diaspora support disabled, not storing comment signature', LOGGER_DEBUG); - return; - } - require_once('include/bb2diaspora.php'); $signed_body = bb2diaspora_itembody($datarray); @@ -2552,12 +2546,6 @@ function store_diaspora_comment_sig($datarray, $channel, $parent_item, $post_id) intval($post_id) ); - $r = q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", - intval($post_id), - dbesc($signed_text), - dbesc(base64_encode($authorsig)), - dbesc($diaspora_handle) - ); if(! $r) logger('store_diaspora_comment_sig: DB write failed'); -- cgit v1.2.3 From 1adb7a2eefd55b95644997f87a64608f69672cab Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 9 Oct 2014 15:22:21 -0700 Subject: allow a site to over-ride the system app list without causing git issues --- include/apps.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/apps.php b/include/apps.php index 91012b0ef..cd0c2984e 100644 --- a/include/apps.php +++ b/include/apps.php @@ -11,7 +11,10 @@ require_once('include/identity.php'); function get_system_apps() { $ret = array(); - $files = glob('app/*.apd'); + if(is_dir('apps')) + $files = glob('apps/*.apd'); + else + $files = glob('app/*.apd'); if($files) { foreach($files as $f) { $x = parse_app_description($f); -- cgit v1.2.3 From effc8960c3f55f687806b890fdf6252852b08011 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 9 Oct 2014 18:12:53 -0700 Subject: OK this is important. So read it carefully. This checkin implements route matching of comments so that they are only accepted from the same route as the top-level post they are attached to. This way there should be no mis-match of permissions between any posts in the thread. It may not be completely compatible with comments posted in the past (though I've tried to be, there may be some minor issues). In addition it seems that relaying was invoked more often than necessary - especially when a duplicate post arrived which was not processed because the edited time hadn't changed - it still invoked relaying. This fix should improve site performance considerably for comments cross-posted to forums; which got bounced around a bit and delivered redundantly for no reason. Roll this back *only* if it causes a meltdown or comment loss is "serious" (as in OMG people are dying, make it stop!). If we can get past 24 hours without serious issue we need to get everybody onto this code. There may be some minor comment loss (mostly affecting new comments to older posts or likes of older comments) until the majority of sites have moved to the new code. It may be difficult or impossible to deliver comments to posts that pre-date the addition of source routes (April 1, 2014) to anybody but the top-level post author at his/her primary hub. We may wish to close comments on these posts, but let's see how we go before doing that. --- include/zot.php | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 3d59f00f3..9ea92aed8 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1402,6 +1402,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); + // This is our own post, possibly coming from a channel clone if($arr['owner_xchan'] == $d['hash']) { @@ -1420,6 +1421,30 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { continue; } + if(($arr['mid'] != $arr['parent_mid']) && (! $relay)) { + + // check source route. + // We are only going to accept comments from this sender if the comment has the same route as the top-level-post, + // this is so that permissions mismatches between senders apply to the entire conversation + // As a side effect we will also do a preliminary check that we have the top-level-post, otherwise + // processing it is pointless. + + $r = q("select route from item where mid = '%s' and uid = %d limit 1", + dbesc($arr['parent_mid']), + intval($channel['channel_id']) + ); + if(! $r) { + $result[] = array($d['hash'],'comment parent not found',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + continue; + } + $current_route = (($arr['route']) ? $arr['route'] . ',' : '') . $sender['hash']; + + if($r[0]['route'] != $current_route) { + $result[] = array($d['hash'],'comment route mismatch',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + continue; + } + } + if($arr['item_restrict'] & ITEM_DELETED) { // remove_community_tag is a no-op if this isn't a community tag activity @@ -1446,8 +1471,11 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $arr['id'] = $r[0]['id']; $arr['uid'] = $channel['channel_id']; update_imported_item($sender,$arr,$channel['channel_id']); - } - $result[] = array($d['hash'],'updated',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + $result[] = array($d['hash'],'updated',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + } + else { + $result[] = array($d['hash'],'update ignored',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + } $item_id = $r[0]['id']; } else { @@ -1459,7 +1487,9 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $item_id = $item_result['item_id']; $parr = array('item_id' => $item_id,'item' => $arr,'sender' => $sender,'channel' => $channel); call_hooks('activity_received',$parr); - add_source_route($item_id,$sender['hash']); + // don't add a source route if it's a relay or later recipients will get a route mismatch + if(! $relay) + add_source_route($item_id,$sender['hash']); } $result[] = array($d['hash'],(($item_id) ? 'posted' : 'storage failed:' . $item_result['message']),$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); } -- cgit v1.2.3 From 4634049549fb0ee7350bb6328f24b36c21a19855 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 9 Oct 2014 20:59:33 -0700 Subject: allow (our own) ajax urls to pass through bbcode intact. --- include/bbcode.php | 4 ++-- include/items.php | 1 + include/zot.php | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/bbcode.php b/include/bbcode.php index d7a5ac457..6b7217f91 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -162,7 +162,7 @@ function bb_parse_app($match) { function bb_parse_element($match) { $j = json_decode(base64url_decode($match[1]),true); if($j) { - $o = EOL . '' . t('Install design element: ') . $j['pagetitle'] . '' . EOL; + $o = EOL . '' . t('Install design element: ') . $j['pagetitle'] . '' . EOL; } return $o; } @@ -823,7 +823,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { // fix any escaped ampersands that may have been converted into links $Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text); - $Text = preg_replace("/\<(.*?)(src|href)=\"[^hfm](.*?)\>/ism",'<$1$2="">',$Text); + $Text = preg_replace("/\<(.*?)(src|href)=\"[^hfm#](.*?)\>/ism",'<$1$2="">',$Text); call_hooks('bbcode',$Text); diff --git a/include/items.php b/include/items.php index a930a7c3e..e64e91dc3 100755 --- a/include/items.php +++ b/include/items.php @@ -2072,6 +2072,7 @@ function item_store($arr,$allow_exec = false) { return $ret; } + // is the new message multi-level threaded? // even though we don't support it now, preserve the info // and re-attach to the conversation parent. diff --git a/include/zot.php b/include/zot.php index 9ea92aed8..63a5645d3 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1472,11 +1472,12 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $arr['uid'] = $channel['channel_id']; update_imported_item($sender,$arr,$channel['channel_id']); $result[] = array($d['hash'],'updated',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + $item_id = $r[0]['id']; } else { $result[] = array($d['hash'],'update ignored',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + continue; } - $item_id = $r[0]['id']; } else { $arr['aid'] = $channel['channel_account_id']; -- cgit v1.2.3 From cde244ef74eba47749f910b09b23f92862907eda Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Oct 2014 00:13:46 -0700 Subject: improvement in source route checking when handling complex *upstream* delivery chains, which were not adequately accounted for in the earlier checkin. --- include/zot.php | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 63a5645d3..1706153dd 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1420,8 +1420,8 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); continue; } - - if(($arr['mid'] != $arr['parent_mid']) && (! $relay)) { + + if($arr['mid'] != $arr['parent_mid']) { // check source route. // We are only going to accept comments from this sender if the comment has the same route as the top-level-post, @@ -1437,11 +1437,24 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $result[] = array($d['hash'],'comment parent not found',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); continue; } - $current_route = (($arr['route']) ? $arr['route'] . ',' : '') . $sender['hash']; + if($relay) { + // reset the route in case it travelled a great distance upstream + // use our parent's route so when we go back downstream we'll match + // with whatever route our parent has. + $arr['route'] = $r[0]['route']; + } + else { - if($r[0]['route'] != $current_route) { - $result[] = array($d['hash'],'comment route mismatch',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); - continue; + // going downstream check that we have the same upstream provider that + // sent it to us originally. Ignore it if it came from another source + // (with potentially different permissions) + + $current_route = (($arr['route']) ? $arr['route'] . ',' : '') . $sender['hash']; + + if($r[0]['route'] != $current_route) { + $result[] = array($d['hash'],'comment route mismatch',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + continue; + } } } -- cgit v1.2.3 From 5bfde822584b5432a75497afea55af6d0a74472a Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Oct 2014 13:56:31 -0700 Subject: make sure diaspora comments get the correct route --- include/diaspora.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index d288e1435..a16c4e0ae 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -2446,6 +2446,10 @@ function diaspora_send_followup($item,$owner,$contact,$public_batch = false) { else return; + // set the route to that of the parent so downstream hubs won't reject it. + + $item['route'] = $parent['route']; + if(($item['verb'] === ACTIVITY_LIKE) && ($parent['mid'] === $parent['parent_mid'])) { $tpl = get_markup_template('diaspora_like.tpl'); $like = true; -- cgit v1.2.3 From aae1d11de8c6a30c72c6d1362739f3eb13b2696d Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Oct 2014 14:04:05 -0700 Subject: reset route to parent route on Diaspora comments flowing upstream so they won't be rejected going downstream --- include/diaspora.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index a16c4e0ae..028e2674f 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -1379,6 +1379,8 @@ function diaspora_comment($importer,$xml,$msg) { $datarray['mid'] = $guid; $datarray['parent_mid'] = $parent_item['mid']; + // set the route to that of the parent so downstream hubs won't reject it. + $datarray['route'] = $parent_item['route']; // No timestamps for comments? OK, we'll the use current time. $datarray['changed'] = $datarray['created'] = $datarray['edited'] = datetime_convert(); @@ -1968,6 +1970,9 @@ function diaspora_like($importer,$xml,$msg) { $arr['app'] = 'Diaspora'; + // set the route to that of the parent so downstream hubs won't reject it. + $arr['route'] = $parent_item['route']; + $arr['item_private'] = $parent_item['item_private']; $arr['verb'] = $activity; $arr['obj_type'] = $objtype; @@ -2446,9 +2451,6 @@ function diaspora_send_followup($item,$owner,$contact,$public_batch = false) { else return; - // set the route to that of the parent so downstream hubs won't reject it. - - $item['route'] = $parent['route']; if(($item['verb'] === ACTIVITY_LIKE) && ($parent['mid'] === $parent['parent_mid'])) { $tpl = get_markup_template('diaspora_like.tpl'); -- cgit v1.2.3 From 0991a5a494efcd1357e37a1144feb30b586ad891 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Oct 2014 14:11:13 -0700 Subject: remove remnants of old signing structure - now using diaspora_meta --- include/diaspora.php | 7 ------- 1 file changed, 7 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 028e2674f..fb321a813 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -1406,13 +1406,6 @@ function diaspora_comment($importer,$xml,$msg) { $message_id = $result['item_id']; if(($parent_item['item_flags'] & ITEM_ORIGIN) && (! $parent_author_signature)) { - q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", - intval($message_id), - dbesc($signed_data), - dbesc(base64_encode($author_signature)), - dbesc($diaspora_handle) - ); - // if the message isn't already being relayed, notify others // the existence of parent_author_signature means the parent_author or owner // is already relaying. -- cgit v1.2.3 From b5f91d7b4016831f3b62c77450c365d872bba169 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Oct 2014 14:45:18 -0700 Subject: missing source route after edit --- include/items.php | 2 +- include/zot.php | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index e64e91dc3..c4ae948b8 100755 --- a/include/items.php +++ b/include/items.php @@ -2415,7 +2415,7 @@ function item_store_update($arr,$allow_exec = false) { $arr['commented'] = $orig[0]['commented']; $arr['received'] = datetime_convert(); $arr['changed'] = datetime_convert(); - + $arr['route'] = ((array_key_exists('route',$arr)) ? trim($arr['route']) : $orig[0]['route']); $arr['diaspora_meta'] = ((x($arr,'diaspora_meta')) ? $arr['diaspora_meta'] : $orig[0]['diaspora_meta']); $arr['location'] = ((x($arr,'location')) ? notags(trim($arr['location'])) : $orig[0]['location']); $arr['coord'] = ((x($arr,'coord')) ? notags(trim($arr['coord'])) : $orig[0]['coord']); diff --git a/include/zot.php b/include/zot.php index 1706153dd..21e284c77 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1486,6 +1486,8 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { update_imported_item($sender,$arr,$channel['channel_id']); $result[] = array($d['hash'],'updated',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); $item_id = $r[0]['id']; + if(! $relay) + add_source_route($item_id,$sender['hash']); } else { $result[] = array($d['hash'],'update ignored',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); -- cgit v1.2.3 From f26cd5a636d0a1de4cef66d26da505e8a29b1b40 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Oct 2014 15:17:32 -0700 Subject: ah yes, the redundant relay run was for the benefit of wall-to-wall posts issue #633 --- include/zot.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 21e284c77..fda2a2bea 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1480,18 +1480,17 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { intval($channel['channel_id']) ); if($r) { + $item_id = $r[0]['id']; if($arr['edited'] > $r[0]['edited']) { $arr['id'] = $r[0]['id']; $arr['uid'] = $channel['channel_id']; update_imported_item($sender,$arr,$channel['channel_id']); $result[] = array($d['hash'],'updated',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); - $item_id = $r[0]['id']; if(! $relay) add_source_route($item_id,$sender['hash']); } else { $result[] = array($d['hash'],'update ignored',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); - continue; } } else { -- cgit v1.2.3 From 3d0d36b2bc6d134e1140b9fc8c40206be5bd7d2d Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Oct 2014 19:14:37 -0700 Subject: fix diaspora reshare tags --- include/externals.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/externals.php b/include/externals.php index acfaae3b6..280daf4a4 100644 --- a/include/externals.php +++ b/include/externals.php @@ -85,6 +85,8 @@ function externals_run($argv, $argc){ if($j['success'] && $j['messages']) { $sys = get_sys_channel(); foreach($j['messages'] as $message) { + // on these posts, clear any route info. + $message['route'] = ''; $results = process_delivery(array('hash' => 'undefined'), get_item_elements($message), array(array('hash' => $sys['xchan_hash'])), false, true); $total ++; -- cgit v1.2.3