From c214692f661488df30eaf00ca85da94a5ecc1e14 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 28 Jan 2016 17:06:13 -0800 Subject: add peer filtering to all .well-known services --- mod/_well_known.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'mod') diff --git a/mod/_well_known.php b/mod/_well_known.php index 58ed13ece..47cfe1512 100644 --- a/mod/_well_known.php +++ b/mod/_well_known.php @@ -7,6 +7,22 @@ function _well_known_init(&$a){ $arr = array('server' => $_SERVER, 'request' => $_REQUEST); call_hooks('well_known', $arr); + + if(! check_siteallowed($_SERVER['REMOTE_ADDR'])) { + logger('well_known: site not allowed. ' . $_SERVER['REMOTE_ADDR']); + killme(); + } + + // from php.net re: REMOTE_HOST: + // Note: Your web server must be configured to create this variable. For example in Apache + // you'll need HostnameLookups On inside httpd.conf for it to exist. See also gethostbyaddr(). + + if(get_config('system','siteallowed_remote_host') && (! check_siteallowed($_SERVER['REMOTE_HOST']))) { + logger('well_known: site not allowed. ' . $_SERVER['REMOTE_HOST']); + killme(); + } + + switch(argv(1)) { case 'zot-info': $a->argc -= 1; -- cgit v1.2.3 From a341c889b751055e90eba9b7a14da5b7cd0e8032 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 31 Jan 2016 15:55:27 -0800 Subject: add oembed provider for photos --- mod/oep.php | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ mod/photos.php | 2 ++ 2 files changed, 95 insertions(+) create mode 100644 mod/oep.php (limited to 'mod') diff --git a/mod/oep.php b/mod/oep.php new file mode 100644 index 000000000..d0f4bd193 --- /dev/null +++ b/mod/oep.php @@ -0,0 +1,93 @@ + $maxheight) + continue; + if($maxwidth && $rr['width'] > $maxwidth) + continue; + $foundres = true; + break; + } + + if($foundres) { + $ret['type'] = 'link'; + $ret['thumbnail_url'] = z_root() . '/photo/' . '/' . $rr['resource_id'] . '-' . $rr['scale']; + $ret['thumbnail_width'] = $rr['width']; + $ret['thumbnail_height'] = $rr['height']; + } + + + } + return $ret; + +} \ No newline at end of file diff --git a/mod/photos.php b/mod/photos.php index f1b7aceed..d187e1d45 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -804,6 +804,8 @@ function photos_content(&$a) { if($datatype === 'image') { + $a->page['htmlhead'] .= "\r\n" . '' . "\r\n"; + // fetch image, item containing image, then comments $ph = q("SELECT id,aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' -- cgit v1.2.3 From fd9f792f90c2aa173627d38685829ac94909763e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 31 Jan 2016 20:05:47 -0800 Subject: add album embed (embed the most recent photo with link to album) --- mod/oep.php | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- mod/photos.php | 4 ++++ 2 files changed, 62 insertions(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/oep.php b/mod/oep.php index d0f4bd193..1cea83e95 100644 --- a/mod/oep.php +++ b/mod/oep.php @@ -35,7 +35,64 @@ function oep_init(&$a) { } -function oep_album_reply() { +function oep_album_reply($args) { + + $ret = array(); + $url = $args['url']; + $maxwidth = intval($args['maxwidth']); + $maxheight = intval($args['maxheight']); + + if(preg_match('|//(.*?)/(.*?)/(.*?)/album/|',$url,$matches)) { + $chn = $matches[3]; + $res = hex2bin(basename($url)); + } + + if(! ($chn && $res)) + return; + $c = q("select * from channel where channel_address = '%s' limit 1", + dbesc($chn) + ); + + if(! $c) + return; + + $sql_extra = permissions_sql($c[0]['channel_id']); + + $p = q("select resource_id from photo where album = '%s' and uid = %d group by resource_id $sql_extra order by created desc", + dbesc($res), + intval($c[0]['channel_id']) + ); + if(! $p) + return; + + $res = $p[0]['resource_id']; + + $r = q("select height, width, scale, resource_id from photo where uid = %d and resource_id = '%s' $sql_extra order by scale asc", + intval($c[0]['channel_id']), + dbesc($res) + ); + + if($r) { + foreach($r as $rr) { + $foundres = false; + if($maxheight && $rr['height'] > $maxheight) + continue; + if($maxwidth && $rr['width'] > $maxwidth) + continue; + $foundres = true; + break; + } + + if($foundres) { + $ret['type'] = 'link'; + $ret['thumbnail_url'] = z_root() . '/photo/' . '/' . $rr['resource_id'] . '-' . $rr['scale']; + $ret['thumbnail_width'] = $rr['width']; + $ret['thumbnail_height'] = $rr['height']; + } + + + } + return $ret; } diff --git a/mod/photos.php b/mod/photos.php index d187e1d45..7864b9a18 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -660,6 +660,10 @@ function photos_content(&$a) { $album = (($datum) ? hex2bin($datum) : ''); + + $a->page['htmlhead'] .= "\r\n" . '' . "\r\n"; + + $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' AND `scale` <= 4 and photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY `resource_id`", intval($owner_uid), -- cgit v1.2.3 From 01b5b1347521951ca78b1718b03c45897800bf5e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 31 Jan 2016 20:44:54 -0800 Subject: oep for the photo top page --- mod/oep.php | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- mod/photos.php | 3 +++ 2 files changed, 68 insertions(+), 3 deletions(-) (limited to 'mod') diff --git a/mod/oep.php b/mod/oep.php index 1cea83e95..9bc0de98f 100644 --- a/mod/oep.php +++ b/mod/oep.php @@ -20,9 +20,10 @@ function oep_init(&$a) { if(fnmatch('*/photos/*/album/*',$url)) $arr = oep_album_reply($_REQUEST); - elseif(fnmatch('*/photos/*',$url)) + elseif(fnmatch('*/photos/*/image/*',$url)) $arr = oep_photo_reply($_REQUEST); - + elseif(fnmatch('*/photos*',$url)) + $arr = oep_phototop_reply($_REQUEST); if($arr) { header('Content-Type: application/json+oembed'); @@ -58,7 +59,7 @@ function oep_album_reply($args) { $sql_extra = permissions_sql($c[0]['channel_id']); - $p = q("select resource_id from photo where album = '%s' and uid = %d group by resource_id $sql_extra order by created desc", + $p = q("select resource_id from photo where album = '%s' and uid = %d and scale = 0 $sql_extra order by created desc limit 1", dbesc($res), intval($c[0]['channel_id']) ); @@ -96,6 +97,67 @@ function oep_album_reply($args) { } + +function oep_phototop_reply($args) { + + $ret = array(); + $url = $args['url']; + $maxwidth = intval($args['maxwidth']); + $maxheight = intval($args['maxheight']); + + if(preg_match('|//(.*?)/(.*?)/(.*?)$|',$url,$matches)) { + $chn = $matches[3]; + } + + if(! $chn) + return; + $c = q("select * from channel where channel_address = '%s' limit 1", + dbesc($chn) + ); + + if(! $c) + return; + + $sql_extra = permissions_sql($c[0]['channel_id']); + + $p = q("select resource_id from photo where uid = %d and scale = 0 $sql_extra order by created desc limit 1", + intval($c[0]['channel_id']) + ); + if(! $p) + return; + + $res = $p[0]['resource_id']; + + $r = q("select height, width, scale, resource_id from photo where uid = %d and resource_id = '%s' $sql_extra order by scale asc", + intval($c[0]['channel_id']), + dbesc($res) + ); + + if($r) { + foreach($r as $rr) { + $foundres = false; + if($maxheight && $rr['height'] > $maxheight) + continue; + if($maxwidth && $rr['width'] > $maxwidth) + continue; + $foundres = true; + break; + } + + if($foundres) { + $ret['type'] = 'link'; + $ret['thumbnail_url'] = z_root() . '/photo/' . '/' . $rr['resource_id'] . '-' . $rr['scale']; + $ret['thumbnail_width'] = $rr['width']; + $ret['thumbnail_height'] = $rr['height']; + } + + + } + return $ret; + +} + + function oep_photo_reply($args) { $ret = array(); diff --git a/mod/photos.php b/mod/photos.php index 7864b9a18..d6105c580 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -1232,6 +1232,9 @@ function photos_content(&$a) { // Default - show recent photos with upload link (if applicable) //$o = ''; + $a->page['htmlhead'] .= "\r\n" . '' . "\r\n"; + + $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' and photo_usage in ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY `resource_id`", intval($a->data['channel']['channel_id']), -- cgit v1.2.3