From 8f0f644295ba292ebcc44edb1d8679bfb6a1d3a6 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 23 Apr 2012 05:16:57 -0700 Subject: protect jappixmini/proxy from typo check, more work on email2 connector --- mod/dfrn_request.php | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 77a3124f7..74d25adbf 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -314,7 +314,7 @@ function dfrn_request_post(&$a) { if($email_follow) { - if(! strpos($url,'@')) { + if(! validate_email($url)) { notice( t('Invalid email address.') . EOL); return; } @@ -346,11 +346,59 @@ function dfrn_request_post(&$a) { } } + $r = q("insert into contact ( uid, created, addr, name, nick, url, nurl, poll, notify, blocked, pending, network, rel ) + values( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d ) ", + intval($uid), + dbesc(datetime_convert()), + dbesc($addr), + dbesc($name), + dbesc($nick), + dbesc($url), + dbesc($nurl), + dbesc($poll), + dbesc($notify), + intval($blocked), + intval($pending), + dbesc($network), + intval($rel) + ); + + $r = q("select id from contact where poll = '%s' and uid = %d limit 1", + dbesc($poll), + intval($uid) + ); + if(count($r)) { + $contact_id = $r[0]['id']; + + $photo = avatar_img($addr); + + $r = q("UPDATE `contact` SET + `photo` = '%s', + `thumb` = '%s', + `micro` = '%s', + `name-date` = '%s', + `uri-date` = '%s', + `avatar-date` = '%s', + `hidden` = 0, + WHERE `id` = %d LIMIT 1 + ", + dbesc($photos[0]), + dbesc($photos[1]), + dbesc($photos[2]), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + intval($contact_id) + ); + } + // contact is created. Now send an email verify form to the requestor. + // } + else { // Canonicalise email-style profile locator -- cgit v1.2.3 From f265863435b15ab08e3312343672ef8d43aea76e Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 23 Apr 2012 18:28:33 -0700 Subject: more work on mail2 (introductions), added 'm' (mail) flag to ACL backend for autocomplete of PM recips --- mod/acl.php | 39 +++++++++++++++++++++++++++++++++++---- mod/dfrn_request.php | 16 ++++++++++++++-- 2 files changed, 49 insertions(+), 6 deletions(-) (limited to 'mod') diff --git a/mod/acl.php b/mod/acl.php index fe353d1eb..c23ee1a67 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -38,6 +38,22 @@ function acl_init(&$a){ intval(local_user()) ); $contact_count = (int)$r[0]['c']; + } + elseif ($type == 'm') { + + // autocomplete for Private Messages + + $r = q("SELECT COUNT(`id`) AS c FROM `contact` + WHERE `uid` = %d AND `self` = 0 + AND `blocked` = 0 AND `pending` = 0 + AND `network` IN ('%s','%s','%s') $sql_extra2" , + intval(local_user()), + dbesc(NETWORK_DFRN), + dbesc(NETWORK_ZOT), + dbesc(NETWORK_DIASPORA) + ); + $contact_count = (int)$r[0]['c']; + } else { $contact_count = 0; } @@ -83,6 +99,23 @@ function acl_init(&$a){ ORDER BY `name` ASC ", intval(local_user()) ); + } + elseif($type == 'm') { + $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag` FROM `contact` + WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 + AND `network` IN ('%s','%s','%s') + $sql_extra2 + ORDER BY `name` ASC ", + intval(local_user()), + dbesc(NETWORK_DFRN), + dbesc(NETWORK_ZOT), + dbesc(NETWORK_DIASPORA) + ); + } + else + $r = array(); + + if(count($r)) { foreach($r as $g){ $contacts[] = array( "type" => "c", @@ -93,11 +126,9 @@ function acl_init(&$a){ "link" => $g['url'], "nick" => ($g['attag']) ? $g['attag'] : $g['nick'], ); - } - + } } - - + $items = array_merge($groups, $contacts); $o = array( diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 74d25adbf..79583ea18 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -392,10 +392,22 @@ function dfrn_request_post(&$a) { ); } - // contact is created. Now send an email verify form to the requestor. - // + // contact is created. Now create an introduction + $hash = random_string(); + $r = q("insert into intro ( uid, `contact-id`, knowyou, note, hash, datetime, blocked ) + values( %d , %d, %d, '%s', '%s', '%s', %d ) ", + intval($uid), + intval($contact_id), + ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0), + dbesc(notags(trim($_POST['dfrn-request-message']))), + dbesc($hash), + dbesc(datetime_convert()), + 1 + ); + + // Next send an email verify form to the requestor. } -- cgit v1.2.3 From 363753411914ab9d2678c5b47f432e5357ad7a04 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 23 Apr 2012 19:42:57 -0700 Subject: move unfriend to standalone function for use in account removal --- mod/contacts.php | 37 ++++--------------------------------- 1 file changed, 4 insertions(+), 33 deletions(-) (limited to 'mod') diff --git a/mod/contacts.php b/mod/contacts.php index 9d29d4bd1..8670c0c80 100644 --- a/mod/contacts.php +++ b/mod/contacts.php @@ -144,7 +144,7 @@ function contacts_content(&$a) { goaway($a->get_baseurl(true) . '/contacts'); return; // NOTREACHED } - + if($cmd === 'update') { // pull feed and consume it, which should subscribe to the hub. @@ -184,38 +184,9 @@ function contacts_content(&$a) { if($cmd === 'drop') { - // create an unfollow slap - - if($orig_record[0]['network'] === NETWORK_OSTATUS) { - $tpl = get_markup_template('follow_slap.tpl'); - $slap = replace_macros($tpl, array( - '$name' => $a->user['username'], - '$profile_page' => $a->get_baseurl() . '/profile/' . $a->user['nickname'], - '$photo' => $a->contact['photo'], - '$thumb' => $a->contact['thumb'], - '$published' => datetime_convert('UTC','UTC', 'now', ATOM_TIME), - '$item_id' => 'urn:X-dfrn:' . $a->get_hostname() . ':unfollow:' . random_string(), - '$title' => '', - '$type' => 'text', - '$content' => t('stopped following'), - '$nick' => $a->user['nickname'], - '$verb' => 'http://ostatus.org/schema/1.0/unfollow', // ACTIVITY_UNFOLLOW, - '$ostat_follow' => '' // 'http://ostatus.org/schema/1.0/unfollow' . "\r\n" - )); - - if((x($orig_record[0],'notify')) && (strlen($orig_record[0]['notify']))) { - require_once('include/salmon.php'); - slapper($a->user,$orig_record[0]['notify'],$slap); - } - } - elseif($orig_record[0]['network'] === NETWORK_DIASPORA) { - require_once('include/diaspora.php'); - diaspora_unshare($a->user,$orig_record[0]); - } - elseif($orig_record[0]['network'] === NETWORK_DFRN) { - require_once('include/items.php'); - dfrn_deliver($a->user,$orig_record[0],'placeholder', 1); - } + require_once('include/Contact.php'); + + terminate_friendship($a->user,$a->contact,$orig_record[0]); contact_remove($orig_record[0]['id']); info( t('Contact has been removed.') . EOL ); -- cgit v1.2.3 From 2064d86cb39c20b738ba5f8ca35d4102216a5c30 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 23 Apr 2012 22:41:32 -0700 Subject: separate tag search from body search --- mod/item.php | 2 +- mod/search.php | 30 ++++++++++++++++++++++-------- mod/tagger.php | 8 ++++---- 3 files changed, 27 insertions(+), 13 deletions(-) (limited to 'mod') diff --git a/mod/item.php b/mod/item.php index 642a6758a..1436f7ffc 100644 --- a/mod/item.php +++ b/mod/item.php @@ -872,7 +872,7 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { //base tag has the tags name only $basetag = str_replace('_',' ',substr($tag,1)); //create text for link - $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; + $newtag = '#[url=' . $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; //replace tag by the link $body = str_replace($tag, $newtag, $body); diff --git a/mod/search.php b/mod/search.php index 4ca7db9bb..d467764b0 100644 --- a/mod/search.php +++ b/mod/search.php @@ -87,11 +87,26 @@ function search_content(&$a) { else $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); + $tag = false; + if(x($_GET,'tag')) { + $tag = true; + $search = ((x($_GET,'tag')) ? notags(trim(rawurldecode($_GET['tag']))) : ''); + } + + $o .= search($search,'search-box','/search',((local_user()) ? true : false)); if(! $search) return $o; + if($tag) + $sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . preg_quote($search) . '\\[')); + else + $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(preg_quote($search))); + + + + // Here is the way permissions work in the search module... // Only public posts can be shown // OR your own posts if you are a logged in member @@ -103,10 +118,8 @@ function search_content(&$a) { AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0) OR `item`.`uid` = %d ) AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' ) group by `item`.`uri` ", - intval(local_user()), - dbesc(preg_quote($search)), - dbesc('\\]' . preg_quote($search) . '\\[') + $sql_extra group by `item`.`uri` ", + intval(local_user()) ); if(count($r)) @@ -127,18 +140,19 @@ function search_content(&$a) { AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) OR `item`.`uid` = %d ) AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' ) + $sql_extra group by `item`.`uri` ORDER BY `received` DESC LIMIT %d , %d ", intval(local_user()), - dbesc(preg_quote($search)), - dbesc('\\]' . preg_quote($search) . '\\['), intval($a->pager['start']), intval($a->pager['itemspage']) ); - $o .= '

Search results for: ' . $search . '

'; + if($tag) + $o .= '

Items tagged with: ' . $search . '

'; + else + $o .= '

Search results for: ' . $search . '

'; $o .= conversation($a,$r,'search',false); diff --git a/mod/tagger.php b/mod/tagger.php index 3ff5d57aa..8ee499f5f 100644 --- a/mod/tagger.php +++ b/mod/tagger.php @@ -86,7 +86,7 @@ function tagger_content(&$a) { EOT; - $tagid = $a->get_baseurl() . '/search?search=' . $term; + $tagid = $a->get_baseurl() . '/search?tag=' . $term; $objtype = ACTIVITY_OBJ_TAGTERM; $obj = <<< EOT @@ -105,7 +105,7 @@ EOT; if(! isset($bodyverb)) return; - $termlink = html_entity_decode('⌗') . '[url=' . $a->get_baseurl() . '/search?search=' . urlencode($term) . ']'. $term . '[/url]'; + $termlink = html_entity_decode('⌗') . '[url=' . $a->get_baseurl() . '/search?tag=' . urlencode($term) . ']'. $term . '[/url]'; $arr = array(); @@ -161,7 +161,7 @@ EOT; if((! $blocktags) && (! stristr($item['tag'], ']' . $term . '[' ))) { q("update item set tag = '%s' where id = %d limit 1", - dbesc($item['tag'] . (strlen($item['tag']) ? ',' : '') . '#[url=' . $a->get_baseurl() . '/search?search=' . $term . ']'. $term . '[/url]'), + dbesc($item['tag'] . (strlen($item['tag']) ? ',' : '') . '#[url=' . $a->get_baseurl() . '/search?tag=' . $term . ']'. $term . '[/url]'), intval($item['id']) ); } @@ -177,7 +177,7 @@ EOT; ); if(count($x) && !$x[0]['blocktags'] && (! stristr($r[0]['tag'], ']' . $term . '['))) { q("update item set tag = '%s' where id = %d limit 1", - dbesc($r[0]['tag'] . (strlen($r[0]['tag']) ? ',' : '') . '#[url=' . $a->get_baseurl() . '/search?search=' . $term . ']'. $term . '[/url]'), + dbesc($r[0]['tag'] . (strlen($r[0]['tag']) ? ',' : '') . '#[url=' . $a->get_baseurl() . '/search?tag=' . $term . ']'. $term . '[/url]'), intval($r[0]['id']) ); } -- cgit v1.2.3