From ec66553032820d6fff718a716e5cfdb2c38cd6cd Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 25 Sep 2019 22:24:17 +0000 Subject: [PATCH 01/17] Reworked "remote" cookie handling --- boot.php | 11 +++------ include/items.php | 10 ++------ mod/cal.php | 9 ++----- mod/dfrn_poll.php | 5 ++-- mod/item.php | 14 ++--------- mod/photos.php | 57 ++++++++++++------------------------------- mod/redir.php | 19 ++++----------- mod/videos.php | 42 +++++++++---------------------- mod/wall_attach.php | 34 ++++++++------------------ mod/wall_upload.php | 35 +++++++++----------------- src/Core/Session.php | 36 ++++++++++++++++++++++++--- src/Model/Profile.php | 15 ++++-------- src/Object/Post.php | 11 +++------ 13 files changed, 106 insertions(+), 192 deletions(-) diff --git a/boot.php b/boot.php index 224eba1f45..6d09c647e9 100644 --- a/boot.php +++ b/boot.php @@ -23,6 +23,7 @@ use Friendica\Core\Config; use Friendica\Core\PConfig; use Friendica\Core\Protocol; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Term; @@ -426,14 +427,8 @@ function remote_user($uid = null) return false; } - if (!is_null($uid) && !empty($_SESSION['remote'])) { - /// @todo replace it with this: - // if (!empty($_SESSION['remote'][$uid])) ... - foreach ($_SESSION['remote'] as $visitor) { - if ($visitor['uid'] == $uid) { - return $visitor['cid']; - } - } + if (!is_null($uid)) { + return Session::getVisitorContactIDForUserID($uid); } elseif (is_null($uid) && !empty($_SESSION['visitor_id'])) { return intval($_SESSION['visitor_id']); } diff --git a/include/items.php b/include/items.php index 25c857f115..c5d8fc023d 100644 --- a/include/items.php +++ b/include/items.php @@ -362,14 +362,8 @@ function drop_item($id, $return = '') $contact_id = 0; // check if logged in user is either the author or owner of this item - - if (!empty($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $visitor) { - if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) { - $contact_id = $visitor['cid']; - break; - } - } + if (remote_user($item['uid']) == $item['contact-id']) { + $contact_id = $item['contact-id']; } if ((local_user() == $item['uid']) || $contact_id) { diff --git a/mod/cal.php b/mod/cal.php index 05ad314b03..b77abaa828 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -113,13 +113,8 @@ function cal_content(App $a) $owner_uid = intval($a->data['user']['uid']); $nick = $a->data['user']['nickname']; - if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $a->profile['profile_uid']) { - $contact_id = $v['cid']; - break; - } - } + if (!empty(remote_user($a->profile['profile_uid']))) { + $contact_id = remote_user($a->profile['profile_uid']); } $groups = []; diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index d805bcfd49..fa0cf1037e 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -114,7 +114,7 @@ function dfrn_poll_init(App $a) $_SESSION['remote'] = []; } - $_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']]; + $_SESSION['remote'][$r[0]['uid']] = $r[0]['id']; $_SESSION['visitor_id'] = $r[0]['id']; $_SESSION['visitor_home'] = $r[0]['url']; @@ -521,7 +521,8 @@ function dfrn_poll_content(App $a) $_SESSION['remote'] = []; } - $_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']]; + $_SESSION['remote'][$r[0]['uid']] = $r[0]['id']; + $_SESSION['visitor_id'] = $r[0]['id']; $_SESSION['visitor_home'] = $r[0]['url']; $_SESSION['visitor_visiting'] = $r[0]['uid']; diff --git a/mod/item.php b/mod/item.php index 8bc394bcb9..5ffee86a06 100644 --- a/mod/item.php +++ b/mod/item.php @@ -348,18 +348,8 @@ function item_post(App $a) { if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) { $self = true; $author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]); - } elseif (remote_user()) { - if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $profile_uid) { - $contact_id = $v['cid']; - break; - } - } - } - if ($contact_id) { - $author = DBA::selectFirst('contact', [], ['id' => $contact_id]); - } + } elseif (!empty(remote_user($profile_uid))) { + $author = DBA::selectFirst('contact', [], ['id' => remote_user($profile_uid)]); } if (DBA::isResult($author)) { diff --git a/mod/photos.php b/mod/photos.php index 50f40b248c..06abade5e9 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -154,14 +154,12 @@ function photos_post(App $a) if (local_user() && (local_user() == $page_owner_uid)) { $can_post = true; - } elseif ($community_page && remote_user($page_owner_uid)) { + } elseif ($community_page && !empty(remote_user($page_owner_uid))) { $contact_id = remote_user($page_owner_uid); - if ($contact_id > 0) { - if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) { - $can_post = true; - $visitor = $contact_id; - } + if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) { + $can_post = true; + $visitor = $contact_id; } } @@ -883,50 +881,27 @@ function photos_content(App $a) if (local_user() && (local_user() == $owner_uid)) { $can_post = true; - } else { - if ($community_page && remote_user()) { - if (is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } + } elseif ($community_page && !empty(remote_user($owner_uid))) { + $contact_id = remote_user($owner_uid); + $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); - if ($contact_id) { - $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); - - if (DBA::isResult($contact)) { - $can_post = true; - $remote_contact = true; - $visitor = $contact_id; - } - } + if (DBA::isResult($contact)) { + $can_post = true; + $remote_contact = true; + $visitor = $contact_id; } } $groups = []; // perhaps they're visiting - but not a community page, so they wouldn't have write access - if (remote_user() && !$visitor) { - $contact_id = 0; - if (is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } + if (!empty(remote_user($owner_uid)) && !$visitor) { + $contact_id = remote_user($owner_uid); + $groups = Group::getIdsByContactId($contact_id); - if ($contact_id) { - $groups = Group::getIdsByContactId($contact_id); + $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); - $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); - - $remote_contact = DBA::isResult($contact); - } + $remote_contact = DBA::isResult($contact); } if (!$remote_contact && local_user()) { diff --git a/mod/redir.php b/mod/redir.php index 1df7060fa6..6b492473a0 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -66,20 +66,11 @@ function redir_init(App $a) { // with the local contact. Otherwise the local user would ask the local contact // for authentification everytime he/she is visiting a profile page of the local // contact. - if ($host == $remotehost - && !empty($_SESSION['remote']) - && is_array($_SESSION['remote'])) - { - foreach ($_SESSION['remote'] as $v) { - if (!empty($v['uid']) && !empty($v['cid']) && - $v['uid'] == Session::get('visitor_visiting') && - $v['cid'] == Session::get('visitor_id')) { - // Remote user is already authenticated. - $target_url = defaults($url, $contact_url); - Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG); - $a->redirect($target_url); - } - } + if (($host == $remotehost) && (remote_user(Session::get('visitor_visiting')) == Session::get('visitor_id'))) { + // Remote user is already authenticated. + $target_url = defaults($url, $contact_url); + Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG); + $a->redirect($target_url); } } diff --git a/mod/videos.php b/mod/videos.php index 9e19ecf117..62ecd0c378 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -154,44 +154,26 @@ function videos_content(App $a) if ((local_user()) && (local_user() == $owner_uid)) { $can_post = true; - } elseif ($community_page && remote_user()) { - if (!empty($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } + } elseif ($community_page && !empty(remote_user($owner_uid))) { + $contact_id = remote_user($owner_uid); - if ($contact_id > 0) { - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($owner_uid) - ); + $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval($owner_uid) + ); - if (DBA::isResult($r)) { - $can_post = true; - $remote_contact = true; - $visitor = $contact_id; - } + if (DBA::isResult($r)) { + $can_post = true; + $remote_contact = true; + $visitor = $contact_id; } } $groups = []; // perhaps they're visiting - but not a community page, so they wouldn't have write access - if (remote_user() && (!$visitor)) { - $contact_id = 0; - - if (!empty($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $v) { - if($v['uid'] == $owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } + if (!empty(remote_user($owner_uid)) && !$visitor) { + $contact_id = remote_user($owner_uid); if ($contact_id > 0) { $groups = Group::getIdsByContactId($contact_id); diff --git a/mod/wall_attach.php b/mod/wall_attach.php index c4ee33bd18..096439fa74 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -43,35 +43,21 @@ function wall_attach_post(App $a) { $page_owner_cid = $r[0]['id']; $community_page = (($r[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false); - if ((local_user()) && (local_user() == $page_owner_uid)) { + if (local_user() && (local_user() == $page_owner_uid)) { $can_post = true; - } else { - if ($community_page && remote_user()) { - $contact_id = 0; + } elseif ($community_page && !empty(remote_user($page_owner_uid))) { + $contact_id = remote_user($page_owner_uid); + $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval($page_owner_uid) + ); - if (is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $page_owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } - - if ($contact_id > 0) { - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($page_owner_uid) - ); - - if (DBA::isResult($r)) { - $can_post = true; - } - } + if (DBA::isResult($r)) { + $can_post = true; } } - if (! $can_post) { + if (!$can_post) { if ($r_json) { echo json_encode(['error' => L10n::t('Permission denied.')]); exit(); diff --git a/mod/wall_upload.php b/mod/wall_upload.php index a245ca739c..0848c05906 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -74,34 +74,21 @@ function wall_upload_post(App $a, $desktopmode = true) if ((local_user()) && (local_user() == $page_owner_uid)) { $can_post = true; - } else { - if ($community_page && remote_user()) { - $contact_id = 0; - if (is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $page_owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } + } elseif ($community_page && !empty(remote_user($page_owner_uid))) { + $contact_id = remote_user($page_owner_uid); - if ($contact_id) { - $r = q("SELECT `uid` FROM `contact` - WHERE `blocked` = 0 AND `pending` = 0 - AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($page_owner_uid) - ); - if (DBA::isResult($r)) { - $can_post = true; - $visitor = $contact_id; - } - } + $r = q("SELECT `uid` FROM `contact` + WHERE `blocked` = 0 AND `pending` = 0 + AND `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval($page_owner_uid) + ); + if (DBA::isResult($r)) { + $can_post = true; + $visitor = $contact_id; } } - if (!$can_post) { if ($r_json) { echo json_encode(['error' => L10n::t('Permission denied.')]); diff --git a/src/Core/Session.php b/src/Core/Session.php index 9927fca189..8e6e4c4577 100644 --- a/src/Core/Session.php +++ b/src/Core/Session.php @@ -120,7 +120,7 @@ class Session 'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'], 'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3), 'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'), - 'remote' => [] + 'remote' => [], ]); $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]); @@ -129,9 +129,7 @@ class Session continue; } - /// @todo Change it to this format to save space - // $_SESSION['remote'][$contact['uid']] = $contact['id']; - $_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']]; + $_SESSION['remote'][$contact['uid']] = $contact['id']; } DBA::close($remote_contacts); @@ -216,4 +214,34 @@ class Session } } } + + /** + * Returns contact ID for given user ID + * + * @param integer $uid User ID + * @return integer Contact ID of visitor for given user ID + */ + public static function getVisitorContactIDForUserID($uid) + { + if (empty($_SESSION['remote'][$uid])) { + return false; + } + + return $_SESSION['remote'][$uid]; + } + + /** + * Returns User ID for given contact ID of the visitor + * + * @param integer $cid Contact ID + * @return integer User ID for given contact ID of the visitor + */ + public static function getUserIDForVisitorContactID($cid) + { + if (empty($_SESSION['remote'])) { + return false; + } + + return array_search($cid, $_SESSION['remote']); + } } diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 290b6d3490..69e73fc80b 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -248,15 +248,10 @@ class Profile */ public static function getByNickname($nickname, $uid = 0, $profile_id = 0) { - if (remote_user($uid) && !empty($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $visitor) { - if ($visitor['uid'] == $uid) { - $contact = DBA::selectFirst('contact', ['profile-id'], ['id' => $visitor['cid']]); - if (DBA::isResult($contact)) { - $profile_id = $contact['profile-id']; - } - break; - } + if (!empty(remote_user($uid))) { + $contact = DBA::selectFirst('contact', ['profile-id'], ['id' => remote_user($uid)]); + if (DBA::isResult($contact)) { + $profile_id = $contact['profile-id']; } } @@ -1130,7 +1125,7 @@ class Profile continue; } - $_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']]; + $_SESSION['remote'][$contact['uid']] = $contact['id']; } $a->contact = $visitor; diff --git a/src/Object/Post.php b/src/Object/Post.php index 36be9c4e6b..afb55a0212 100644 --- a/src/Object/Post.php +++ b/src/Object/Post.php @@ -14,8 +14,8 @@ use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\PConfig; use Friendica\Core\Protocol; -use Friendica\Core\Renderer; use Friendica\Core\Session; +use Friendica\Core\Renderer; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Item; @@ -71,13 +71,8 @@ class Post extends BaseObject $this->setTemplate('wall'); $this->toplevel = $this->getId() == $this->getDataValue('parent'); - if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $visitor) { - if ($visitor['cid'] == $this->getDataValue('contact-id')) { - $this->visiting = true; - break; - } - } + if (!empty(Session::getUserIDForVisitorContactID($this->getDataValue('contact-id')))) { + $this->visiting = true; } $this->writable = $this->getDataValue('writable') || $this->getDataValue('self'); From 704cdf1b5a7f5f6f7c60c2d79792658de9cb6555 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 26 Sep 2019 04:47:42 +0000 Subject: [PATCH 02/17] New function to store the "remote" session value / making the changes work --- src/Core/Session.php | 33 ++++++++++++++++++++++----------- src/Model/Profile.php | 12 +----------- src/Module/Profile.php | 12 ++++++------ src/Protocol/DFRN.php | 8 +++----- src/Util/Security.php | 9 +-------- 5 files changed, 33 insertions(+), 41 deletions(-) diff --git a/src/Core/Session.php b/src/Core/Session.php index 8e6e4c4577..55d8e550de 100644 --- a/src/Core/Session.php +++ b/src/Core/Session.php @@ -119,19 +119,10 @@ class Session 'page_flags' => $user_record['page-flags'], 'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'], 'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3), - 'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'), - 'remote' => [], + 'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0') ]); - $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]); - while ($contact = DBA::fetch($remote_contacts)) { - if (($contact['uid'] == 0) || Contact::isBlockedByUser($contact['id'], $contact['uid'])) { - continue; - } - - $_SESSION['remote'][$contact['uid']] = $contact['id']; - } - DBA::close($remote_contacts); + self::setVisitorsContacts(); $member_since = strtotime($user_record['register_date']); self::set('new_member', time() < ($member_since + ( 60 * 60 * 24 * 14))); @@ -244,4 +235,24 @@ class Session return array_search($cid, $_SESSION['remote']); } + + /** + * Set the session variable that contains the contact IDs for the visitor's contact URL + * + * @param string $url Contact URL + */ + public static function setVisitorsContacts() + { + $_SESSION['remote'] = []; + + $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]); + while ($contact = DBA::fetch($remote_contacts)) { + if (($contact['uid'] == 0) || Contact::isBlockedByUser($contact['id'], $contact['uid'])) { + continue; + } + + $_SESSION['remote'][$contact['uid']] = $contact['id']; + } + DBA::close($remote_contacts); + } } diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 69e73fc80b..1aaa1907ce 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -1116,17 +1116,7 @@ class Profile $_SESSION['visitor_home'] = $visitor['url']; $_SESSION['my_url'] = $visitor['url']; - /// @todo replace this and the query for this variable with some cleaner functionality - $_SESSION['remote'] = []; - - $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => $visitor['nurl'], 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]); - while ($contact = DBA::fetch($remote_contacts)) { - if (($contact['uid'] == 0) || Contact::isBlockedByUser($visitor['id'], $contact['uid'])) { - continue; - } - - $_SESSION['remote'][$contact['uid']] = $contact['id']; - } + Session::setVisitorsContacts(); $a->contact = $visitor; diff --git a/src/Module/Profile.php b/src/Module/Profile.php index d103c614e6..98c504425b 100644 --- a/src/Module/Profile.php +++ b/src/Module/Profile.php @@ -86,8 +86,8 @@ class Profile extends BaseModule $a->page['htmlhead'] .= "\n"; - $blocked = !local_user() && !remote_user() && Config::get('system', 'block_public'); - $userblock = !local_user() && !remote_user() && $a->profile['hidewall']; + $blocked = !local_user() && !remote_user($a->profile['profile_uid']) && Config::get('system', 'block_public'); + $userblock = !local_user() && !remote_user($a->profile['profile_uid']) && $a->profile['hidewall']; if (!empty($a->profile['page-flags']) && $a->profile['page-flags'] == User::PAGE_FLAGS_COMMUNITY) { $a->page['htmlhead'] .= '' . "\n"; @@ -153,7 +153,7 @@ class Profile extends BaseModule $hashtags = defaults($_GET, 'tag', ''); - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !local_user() && !remote_user($a->profile['profile_uid'])) { return Login::form(); } @@ -169,12 +169,12 @@ class Profile extends BaseModule Nav::setSelected('home'); } - $remote_contact = ContactModel::isFollower(remote_user(), $a->profile['profile_uid']); + $remote_contact = remote_user($a->profile['profile_uid']); $is_owner = local_user() == $a->profile['profile_uid']; - $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . remote_user(); + $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . $remote_contact; if ($remote_contact) { - $cdata = ContactModel::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']); + $cdata = ContactModel::getPublicAndUserContacID($remote_contact, $a->profile['profile_uid']); if (!empty($cdata['user'])) { $groups = Group::getIdsByContactId($cdata['user']); $remote_cid = $cdata['user']; diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index f55a80a6fd..60f4b43c0e 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -2863,7 +2863,7 @@ class DFRN // because browser may have multiple connections open and load an image on a connection // whose session wasn't updated when a previous redirect authenticated // Leaving commented in case looping reappears - //return; + // return; } if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) { @@ -2906,10 +2906,8 @@ class DFRN // and the sense in the $remote[]["cid"] in the session are opposite. // In the session variable the user currently fetching is the contact // while $contact_nick is the nick of tho user who owns the stuff being fetched. - foreach (Session::get('remote', []) as $visitor) { - if ($visitor['uid'] == $contact_uid && $visitor['cid'] == $r[0]['id']) { - return; - } + if (Session::getVisitorContactIDForUserID($contact_uid) == $r[0]['id']) { + return; } $r = q("SELECT * FROM contact WHERE nick = '%s' diff --git a/src/Util/Security.php b/src/Util/Security.php index 0c09b745d8..5fc38c9409 100644 --- a/src/Util/Security.php +++ b/src/Util/Security.php @@ -110,14 +110,7 @@ class Security extends BaseObject */ if (!$remote_verified) { - $cid = 0; - - foreach (\Friendica\Core\Session::get('remote', []) as $visitor) { - if ($visitor['uid'] == $owner_id) { - $cid = $visitor['cid']; - break; - } - } + $cid = \Friendica\Core\Session::getVisitorContactIDForUserID($owner_id); if ($cid && DBA::exists('contact', ['id' => $cid, 'uid' => $owner_id, 'blocked' => false])) { $remote_verified = true; From 3dd94355b7f073c810235c1413a6918383b1ef02 Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 27 Sep 2019 05:49:23 +0000 Subject: [PATCH 03/17] Fix permissions when viewing photos, applying same fix to items as well --- mod/photos.php | 4 ++-- src/Model/Item.php | 6 +++++- src/Util/Security.php | 22 +++++++++------------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mod/photos.php b/mod/photos.php index 06abade5e9..88e237ab09 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -88,7 +88,7 @@ function photos_init(App $a) { $ret['albums'] = []; foreach ($albums as $k => $album) { //hide profile photos to others - if (!$is_owner && !remote_user() && ($album['album'] == L10n::t('Profile Photos'))) + if (!$is_owner && !remote_user($a->profile_uid) && ($album['album'] == L10n::t('Profile Photos'))) continue; $entry = [ 'text' => $album['album'], @@ -1573,7 +1573,7 @@ function photos_content(App $a) $twist = false; foreach ($r as $rr) { //hide profile photos to others - if (!$is_owner && !remote_user() && ($rr['album'] == L10n::t('Profile Photos'))) { + if (!$is_owner && !remote_user($owner_uid) && ($rr['album'] == L10n::t('Profile Photos'))) { continue; } diff --git a/src/Model/Item.php b/src/Model/Item.php index b5c68d9ab7..5c571ff1e0 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -3263,7 +3263,11 @@ class Item extends BaseObject public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null, $remote_cid = null) { $local_user = local_user(); - $remote_user = remote_user(); + $remote_user = remote_user($owner_id); + + if (is_null($remote_cid)) { + $remote_cid = $remote_user; + } /* * Construct permissions diff --git a/src/Util/Security.php b/src/Util/Security.php index 5fc38c9409..aa6209f324 100644 --- a/src/Util/Security.php +++ b/src/Util/Security.php @@ -51,7 +51,7 @@ class Security extends BaseObject $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` INNER JOIN `user` on `user`.`uid` = `contact`.`uid` WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", + AND `user`.`blockwall` = 0 AND `readonly` = 0 AND (`contact`.`rel` IN (%d , %d) OR `user`.`page-flags` = %d) LIMIT 1", intval($owner), intval($cid), intval(Contact::SHARING), @@ -75,7 +75,7 @@ class Security extends BaseObject public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null) { $local_user = local_user(); - $remote_user = remote_user(); + $remote_user = remote_user($owner_id); /* * Construct permissions @@ -83,10 +83,9 @@ class Security extends BaseObject * default permissions - anonymous user */ $sql = " AND allow_cid = '' - AND allow_gid = '' - AND deny_cid = '' - AND deny_gid = '' - "; + AND allow_gid = '' + AND deny_cid = '' + AND deny_gid = '' "; /* * Profile owner - everything is visible @@ -101,6 +100,8 @@ class Security extends BaseObject * done this and passed the groups into this function. */ } elseif ($remote_user) { + $cid = \Friendica\Core\Session::getVisitorContactIDForUserID($owner_id); + /* * Authenticated visitor. Unless pre-verified, * check that the contact belongs to this $owner_id @@ -110,8 +111,6 @@ class Security extends BaseObject */ if (!$remote_verified) { - $cid = \Friendica\Core\Session::getVisitorContactIDForUserID($owner_id); - if ($cid && DBA::exists('contact', ['id' => $cid, 'uid' => $owner_id, 'blocked' => false])) { $remote_verified = true; $groups = Group::getIdsByContactId($cid); @@ -128,10 +127,8 @@ class Security extends BaseObject } $sql = sprintf( - " AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s') - AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) - ) - ", + " AND (NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s') + AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR (allow_cid = '' AND allow_gid = ''))) ", intval($cid), DBA::escape($gs), intval($cid), @@ -141,5 +138,4 @@ class Security extends BaseObject } return $sql; } - } From 1ddd2df4b89f397657cfe38b1154086d900cffa5 Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 28 Sep 2019 05:37:24 +0000 Subject: [PATCH 04/17] Removed obsolete code --- mod/cal.php | 8 +-- mod/display.php | 27 +++------ mod/photos.php | 16 +----- mod/videos.php | 37 ++----------- src/Model/Item.php | 8 +-- src/Model/PermissionSet.php | 7 +-- src/Model/Photo.php | 22 ++------ src/Module/Profile.php | 15 +---- src/Protocol/DFRN.php | 107 ------------------------------------ 9 files changed, 28 insertions(+), 219 deletions(-) diff --git a/mod/cal.php b/mod/cal.php index b77abaa828..158856d21e 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -26,10 +26,6 @@ use Friendica\Util\Temporal; function cal_init(App $a) { - if ($a->argc > 1) { - DFRN::autoRedir($a, $a->argv[1]); - } - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.')); } @@ -117,9 +113,7 @@ function cal_content(App $a) $contact_id = remote_user($a->profile['profile_uid']); } - $groups = []; if ($contact_id) { - $groups = Group::getIdsByContactId($contact_id); $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($a->profile['profile_uid']) @@ -137,7 +131,7 @@ function cal_content(App $a) } // get the permissions - $sql_perms = Item::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups); + $sql_perms = Item::getPermissionsSQLByUserId($owner_uid); // we only want to have the events of the profile owner $sql_extra = " AND `event`.`cid` = 0 " . $sql_perms; diff --git a/mod/display.php b/mod/display.php index 6b5edd987c..7f77be37ef 100644 --- a/mod/display.php +++ b/mod/display.php @@ -53,14 +53,10 @@ function display_init(App $a) $nick = $a->user["nickname"]; } // Is this item private but could be visible to the remove visitor? - } elseif (remote_user()) { + } elseif (remote_user($item['uid'])) { $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); if (DBA::isResult($item)) { - if (!Contact::isFollower(remote_user(), $item['uid'])) { - $item = null; - } else { - $item_user = $item['uid']; - } + $item_user = $item['uid']; } } @@ -229,9 +225,9 @@ function display_content(App $a, $update = false, $update_uid = 0) $item_parent = $item["parent"]; $item_parent_uri = $item['parent-uri']; } - } elseif (remote_user()) { + } elseif (remote_user($item['uid'])) { $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); - if (DBA::isResult($item) && Contact::isFollower(remote_user(), $item['uid'])) { + if (DBA::isResult($item)) { $item_id = $item["id"]; $item_parent = $item["parent"]; $item_parent_uri = $item['parent-uri']; @@ -269,8 +265,6 @@ function display_content(App $a, $update = false, $update_uid = 0) ['$alternate' => $alternate, '$conversation' => $conversation]); - $groups = []; - $remote_cid = null; $is_remote_contact = false; $item_uid = local_user(); @@ -279,15 +273,9 @@ function display_content(App $a, $update = false, $update_uid = 0) if (DBA::isResult($parent)) { $a->profile['uid'] = defaults($a->profile, 'uid', $parent['uid']); $a->profile['profile_uid'] = defaults($a->profile, 'profile_uid', $parent['uid']); - $is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']); - + $is_remote_contact = remote_user($a->profile['profile_uid']); if ($is_remote_contact) { - $cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']); - if (!empty($cdata['user'])) { - $groups = Group::getIdsByContactId($cdata['user']); - $remote_cid = $cdata['user']; - $item_uid = $parent['uid']; - } + $item_uid = $parent['uid']; } } } @@ -297,6 +285,7 @@ function display_content(App $a, $update = false, $update_uid = 0) if (DBA::isResult($page_contact)) { $a->page_contact = $page_contact; } + $is_owner = (local_user() && (in_array($a->profile['profile_uid'], [local_user(), 0])) ? true : false); if (!empty($a->profile['hidewall']) && !$is_owner && !$is_remote_contact) { @@ -318,7 +307,7 @@ function display_content(App $a, $update = false, $update_uid = 0) ]; $o .= status_editor($a, $x, 0, true); } - $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $is_remote_contact, $groups, $remote_cid); + $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']); if (local_user() && (local_user() == $a->profile['profile_uid'])) { $condition = ['parent-uri' => $item_parent_uri, 'uid' => local_user(), 'unseen' => true]; diff --git a/mod/photos.php b/mod/photos.php index 88e237ab09..daa31276f0 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -35,10 +35,6 @@ use Friendica\Util\XML; function photos_init(App $a) { - if ($a->argc > 1) { - DFRN::autoRedir($a, $a->argv[1]); - } - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { return; } @@ -156,11 +152,8 @@ function photos_post(App $a) $can_post = true; } elseif ($community_page && !empty(remote_user($page_owner_uid))) { $contact_id = remote_user($page_owner_uid); - - if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) { - $can_post = true; - $visitor = $contact_id; - } + $can_post = true; + $visitor = $contact_id; } if (!$can_post) { @@ -892,12 +885,9 @@ function photos_content(App $a) } } - $groups = []; - // perhaps they're visiting - but not a community page, so they wouldn't have write access if (!empty(remote_user($owner_uid)) && !$visitor) { $contact_id = remote_user($owner_uid); - $groups = Group::getIdsByContactId($contact_id); $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); @@ -914,7 +904,7 @@ function photos_content(App $a) return; } - $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups); + $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact); $o = ""; diff --git a/mod/videos.php b/mod/videos.php index 62ecd0c378..6ff4236a1b 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -22,10 +22,6 @@ use Friendica\Util\Security; function videos_init(App $a) { - if ($a->argc > 1) { - DFRN::autoRedir($a, $a->argv[1]); - } - if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) { return; } @@ -156,44 +152,23 @@ function videos_content(App $a) $can_post = true; } elseif ($community_page && !empty(remote_user($owner_uid))) { $contact_id = remote_user($owner_uid); - - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($owner_uid) - ); - - if (DBA::isResult($r)) { - $can_post = true; - $remote_contact = true; - $visitor = $contact_id; - } + $can_post = true; + $remote_contact = true; + $visitor = $contact_id; } - $groups = []; - // perhaps they're visiting - but not a community page, so they wouldn't have write access if (!empty(remote_user($owner_uid)) && !$visitor) { $contact_id = remote_user($owner_uid); - - if ($contact_id > 0) { - $groups = Group::getIdsByContactId($contact_id); - $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($owner_uid) - ); - - if (DBA::isResult($r)) { - $remote_contact = true; - } - } + $remote_contact = true; } - if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (!$remote_contact)) { + if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && !$remote_contact) { notice(L10n::t('Access to this item is restricted.') . EOL); return; } - $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups); + $sql_extra = Security::getPermissionsSQLByUserId($owner_uid); $o = ""; diff --git a/src/Model/Item.php b/src/Model/Item.php index 5c571ff1e0..b5245acb56 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -3260,15 +3260,11 @@ class Item extends BaseObject } } - public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null, $remote_cid = null) + public static function getPermissionsSQLByUserId($owner_id) { $local_user = local_user(); $remote_user = remote_user($owner_id); - if (is_null($remote_cid)) { - $remote_cid = $remote_user; - } - /* * Construct permissions * @@ -3287,7 +3283,7 @@ class Item extends BaseObject * If pre-verified, the caller is expected to have already * done this and passed the groups into this function. */ - $set = PermissionSet::get($owner_id, $remote_cid, $groups); + $set = PermissionSet::get($owner_id, $remote_user); if (!empty($set)) { $sql_set = " OR (`item`.`private` IN (1,2) AND `item`.`wall` AND `item`.`psid` IN (" . implode(',', $set) . "))"; diff --git a/src/Model/PermissionSet.php b/src/Model/PermissionSet.php index 3148d4da03..c9b2b17b67 100644 --- a/src/Model/PermissionSet.php +++ b/src/Model/PermissionSet.php @@ -67,21 +67,20 @@ class PermissionSet extends BaseObject * * @param integer $uid User id whom the items belong * @param integer $contact_id Contact id of the visitor - * @param array $groups Possibly previously fetched group ids for that contact * * @return array of permission set ids. * @throws \Exception */ - - static public function get($uid, $contact_id, $groups = null) + static public function get($uid, $contact_id) { - if (empty($groups) && DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) { + if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) { $groups = Group::getIdsByContactId($contact_id); } if (empty($groups) || !is_array($groups)) { return []; } + $group_str = '<<>>'; // should be impossible to match foreach ($groups as $g) { diff --git a/src/Model/Photo.php b/src/Model/Photo.php index 11721c81fd..34a5acfc9f 100644 --- a/src/Model/Photo.php +++ b/src/Model/Photo.php @@ -131,31 +131,17 @@ class Photo extends BaseObject */ public static function getPhoto($resourceid, $scale = 0) { - $r = self::selectFirst(["uid", "allow_cid", "allow_gid", "deny_cid", "deny_gid"], ["resource-id" => $resourceid]); - if ($r === false) { + $r = self::selectFirst(["uid"], ["resource-id" => $resourceid]); + if (!DBA::isResult($r)) { return false; } - $uid = $r["uid"]; - // This is the first place, when retrieving just a photo, that we know who owns the photo. - // Check if the photo is public (empty allow and deny means public), if so, skip auth attempt, if not - // make sure that the requester's session is appropriately authenticated to that user - // otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly - if (!empty($r["allow_cid"]) || !empty($r["allow_gid"]) || !empty($r["deny_cid"]) || !empty($r["deny_gid"])) { - $r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []); - // this will either just return (if auth all ok) or will redirect and exit (starting over) - DFRN::autoRedir(self::getApp(), $r["nickname"]); - } + $uid = $r["uid"]; $sql_acl = Security::getPermissionsSQLByUserId($uid); - $conditions = [ - "`resource-id` = ? AND `scale` <= ? " . $sql_acl, - $resourceid, $scale - ]; - + $conditions = ["`resource-id` = ? AND `scale` <= ? " . $sql_acl, $resourceid, $scale]; $params = ["order" => ["scale" => true]]; - $photo = self::selectFirst([], $conditions, $params); return $photo; diff --git a/src/Module/Profile.php b/src/Module/Profile.php index 98c504425b..d1e76bf01a 100644 --- a/src/Module/Profile.php +++ b/src/Module/Profile.php @@ -48,8 +48,6 @@ class Profile extends BaseModule if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') { self::$which = $a->user['nickname']; self::$profile = filter_var($a->argv[1], FILTER_SANITIZE_NUMBER_INT); - } else { - DFRN::autoRedir($a, self::$which); } } @@ -157,9 +155,6 @@ class Profile extends BaseModule return Login::form(); } - $groups = []; - $remote_cid = null; - $o = ''; if ($update) { @@ -173,14 +168,6 @@ class Profile extends BaseModule $is_owner = local_user() == $a->profile['profile_uid']; $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . $remote_contact; - if ($remote_contact) { - $cdata = ContactModel::getPublicAndUserContacID($remote_contact, $a->profile['profile_uid']); - if (!empty($cdata['user'])) { - $groups = Group::getIdsByContactId($cdata['user']); - $remote_cid = $cdata['user']; - } - } - if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) { notice(L10n::t('Access to this profile has been restricted.') . EOL); return ''; @@ -229,7 +216,7 @@ class Profile extends BaseModule } // Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups - $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $remote_contact, $groups, $remote_cid); + $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']); $sql_extra2 = ''; $last_updated_array = Session::get('last_updated', []); diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index 60f4b43c0e..7dee12b56c 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -2849,113 +2849,6 @@ class DFRN return 200; } - /** - * @param App $a App - * @param string $contact_nick contact nickname - * @throws \Friendica\Network\HTTPException\InternalServerErrorException - */ - public static function autoRedir(App $a, $contact_nick) - { - // prevent looping - if (!empty($_REQUEST['redir'])) { - Logger::log('autoRedir might be looping because redirect has been redirected', Logger::DEBUG); - // looping prevention also appears to sometimes prevent authentication for images - // because browser may have multiple connections open and load an image on a connection - // whose session wasn't updated when a previous redirect authenticated - // Leaving commented in case looping reappears - // return; - } - - if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) { - return; - } - - if (local_user()) { - // We need to find out if $contact_nick is a user on this hub, and if so, if I - // am a contact of that user. However, that user may have other contacts with the - // same nickname as me on other hubs or other networks. Exclude these by requiring - // that the contact have a local URL. I will be the only person with my nickname at - // this URL, so if a result is found, then I am a contact of the $contact_nick user. - // - // We also have to make sure that I'm a legitimate contact--I'm not blocked or pending. - - $baseurl = System::baseUrl(); - $domain_st = strpos($baseurl, "://"); - if ($domain_st === false) { - return; - } - $baseurl = substr($baseurl, $domain_st + 3); - $nurl = Strings::normaliseLink($baseurl); - - $r = User::getByNickname($contact_nick, ["uid"]); - $contact_uid = $r["uid"]; - - /// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange. - $r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1) - AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1", - DBA::escape($contact_nick), - DBA::escape($a->user['nickname']), - DBA::escape($baseurl), - DBA::escape($nurl) - ); - if ((! DBA::isResult($r))) { - return; - } - // test if redirect authentication already succeeded - // Note that "contact" in the sense used in the $contact_nick argument to this function - // and the sense in the $remote[]["cid"] in the session are opposite. - // In the session variable the user currently fetching is the contact - // while $contact_nick is the nick of tho user who owns the stuff being fetched. - if (Session::getVisitorContactIDForUserID($contact_uid) == $r[0]['id']) { - return; - } - - $r = q("SELECT * FROM contact WHERE nick = '%s' - AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1", - DBA::escape($contact_nick), - DBA::escape(Protocol::DFRN), - intval(local_user()), - DBA::escape($baseurl) - ); - if (! DBA::isResult($r)) { - return; - } - - $cid = $r[0]['id']; - - $dfrn_id = (($r[0]['issued-id']) ? $r[0]['issued-id'] : $r[0]['dfrn-id']); - - if ($r[0]['duplex'] && $r[0]['issued-id']) { - $orig_id = $r[0]['issued-id']; - $dfrn_id = '1:' . $orig_id; - } - if ($r[0]['duplex'] && $r[0]['dfrn-id']) { - $orig_id = $r[0]['dfrn-id']; - $dfrn_id = '0:' . $orig_id; - } - - // ensure that we've got a valid ID. There may be some edge cases with forums and non-duplex mode - // that may have triggered some of the "went to {profile/intro} and got an RSS feed" issues - - if (strlen($dfrn_id) < 3) { - return; - } - - $sec = Strings::getRandomHex(); - - DBA::insert('profile_check', ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]); - - $url = curPageURL(); - - Logger::log('auto_redir: ' . $r[0]['name'] . ' ' . $sec, Logger::DEBUG); - $dest = (($url) ? '&destination_url=' . $url : ''); - System::externalRedirect($r[0]['poll'] . '?dfrn_id=' . $dfrn_id - . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest); - } - - return; - } - /** * @brief Returns the activity verb * From 6e9026e033130f5d46ec65cbe9fb2c32c81c490a Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 28 Sep 2019 09:36:41 +0000 Subject: [PATCH 05/17] Renamed function, beginning to replace the "remote_user" function --- boot.php | 9 +------ include/items.php | 3 ++- mod/photos.php | 2 +- src/Content/Widget.php | 3 ++- src/Core/Session.php | 2 +- src/Model/Item.php | 3 ++- src/Util/Security.php | 61 ++++++++++++++---------------------------- 7 files changed, 29 insertions(+), 54 deletions(-) diff --git a/boot.php b/boot.php index 6d09c647e9..3aca931492 100644 --- a/boot.php +++ b/boot.php @@ -416,19 +416,12 @@ function public_contact() */ function remote_user($uid = null) { - // You cannot be both local and remote. - // Unncommented by rabuzarus because remote authentication to local - // profiles wasn't possible anymore (2018-04-12). -// if (local_user()) { -// return false; -// } - if (empty($_SESSION['authenticated'])) { return false; } if (!is_null($uid)) { - return Session::getVisitorContactIDForUserID($uid); + return Session::getRemoteContactID($uid); } elseif (is_null($uid) && !empty($_SESSION['visitor_id'])) { return intval($_SESSION['visitor_id']); } diff --git a/include/items.php b/include/items.php index c5d8fc023d..ae686a32d9 100644 --- a/include/items.php +++ b/include/items.php @@ -13,6 +13,7 @@ use Friendica\Core\PConfig; use Friendica\Core\Protocol; use Friendica\Core\Renderer; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Model\Item; use Friendica\Protocol\DFRN; @@ -362,7 +363,7 @@ function drop_item($id, $return = '') $contact_id = 0; // check if logged in user is either the author or owner of this item - if (remote_user($item['uid']) == $item['contact-id']) { + if (Session::getRemoteContactID($item['uid']) == $item['contact-id']) { $contact_id = $item['contact-id']; } diff --git a/mod/photos.php b/mod/photos.php index daa31276f0..3bf49f37be 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -904,7 +904,7 @@ function photos_content(App $a) return; } - $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact); + $sql_extra = Security::getPermissionsSQLByUserId($owner_uid); $o = ""; diff --git a/src/Content/Widget.php b/src/Content/Widget.php index 9097442796..09a5fc6345 100644 --- a/src/Content/Widget.php +++ b/src/Content/Widget.php @@ -11,6 +11,7 @@ use Friendica\Core\PConfig; use Friendica\Core\Protocol; use Friendica\Core\Renderer; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\FileTag; @@ -339,7 +340,7 @@ class Widget $zcid = 0; - $cid = remote_user($profile_uid); + $cid = Session::getRemoteContactID($profile_uid); if (!$cid) { if (Profile::getMyURL()) { diff --git a/src/Core/Session.php b/src/Core/Session.php index 55d8e550de..db455d3a25 100644 --- a/src/Core/Session.php +++ b/src/Core/Session.php @@ -212,7 +212,7 @@ class Session * @param integer $uid User ID * @return integer Contact ID of visitor for given user ID */ - public static function getVisitorContactIDForUserID($uid) + public static function getRemoteContactID($uid) { if (empty($_SESSION['remote'][$uid])) { return false; diff --git a/src/Model/Item.php b/src/Model/Item.php index b5245acb56..8e138c0cb3 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -18,6 +18,7 @@ use Friendica\Core\PConfig; use Friendica\Core\Protocol; use Friendica\Core\Renderer; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Core\Worker; use Friendica\Database\DBA; use Friendica\Protocol\ActivityPub; @@ -3263,7 +3264,7 @@ class Item extends BaseObject public static function getPermissionsSQLByUserId($owner_id) { $local_user = local_user(); - $remote_user = remote_user($owner_id); + $remote_user = Session::getRemoteContactID($owner_id); /* * Construct permissions diff --git a/src/Util/Security.php b/src/Util/Security.php index aa6209f324..1d7162ab8e 100644 --- a/src/Util/Security.php +++ b/src/Util/Security.php @@ -10,6 +10,7 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Group; use Friendica\Model\User; +use Friendica\Core\Session; /** * Secures that User is allow to do requests @@ -33,7 +34,7 @@ class Security extends BaseObject return true; } - if (remote_user($owner)) { + if (!empty(Session::getRemoteContactID($owner))) { // use remembered decision and avoid a DB lookup for each and every display item // DO NOT use this function if there are going to be multiple owners // We have a contact-id for an authenticated remote user, this block determines if the contact @@ -44,7 +45,7 @@ class Security extends BaseObject } elseif ($verified === 1) { return false; } else { - $cid = remote_user($owner); + $cid = Session::getRemoteContactID($owner); if (!$cid) { return false; } @@ -71,11 +72,10 @@ class Security extends BaseObject return false; } - /// @TODO $groups should be array - public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null) + public static function getPermissionsSQLByUserId($owner_id) { $local_user = local_user(); - $remote_user = remote_user($owner_id); + $remote_contact = Session::getRemoteContactID($owner_id); /* * Construct permissions @@ -93,48 +93,27 @@ class Security extends BaseObject if ($local_user && $local_user == $owner_id) { $sql = ''; /* - * Authenticated visitor. Unless pre-verified, - * check that the contact belongs to this $owner_id - * and load the groups the visitor belongs to. - * If pre-verified, the caller is expected to have already - * done this and passed the groups into this function. + * Authenticated visitor. Load the groups the visitor belongs to. */ - } elseif ($remote_user) { - $cid = \Friendica\Core\Session::getVisitorContactIDForUserID($owner_id); + } elseif ($remote_contact) { + $gs = '<<>>'; // should be impossible to match - /* - * Authenticated visitor. Unless pre-verified, - * check that the contact belongs to this $owner_id - * and load the groups the visitor belongs to. - * If pre-verified, the caller is expected to have already - * done this and passed the groups into this function. - */ + $groups = Group::getIdsByContactId($remote_contact); - if (!$remote_verified) { - if ($cid && DBA::exists('contact', ['id' => $cid, 'uid' => $owner_id, 'blocked' => false])) { - $remote_verified = true; - $groups = Group::getIdsByContactId($cid); + if (is_array($groups)) { + foreach ($groups as $g) { + $gs .= '|<' . intval($g) . '>'; } } - if ($remote_verified) { - $gs = '<<>>'; // should be impossible to match - - if (is_array($groups)) { - foreach ($groups as $g) { - $gs .= '|<' . intval($g) . '>'; - } - } - - $sql = sprintf( - " AND (NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s') - AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR (allow_cid = '' AND allow_gid = ''))) ", - intval($cid), - DBA::escape($gs), - intval($cid), - DBA::escape($gs) - ); - } + $sql = sprintf( + " AND (NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s') + AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR (allow_cid = '' AND allow_gid = ''))) ", + intval($remote_contact), + DBA::escape($gs), + intval($remote_contact), + DBA::escape($gs) + ); } return $sql; } From 1c26baec466171e6d4d8bbefb5924eb9ba775c63 Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 28 Sep 2019 09:59:08 +0000 Subject: [PATCH 06/17] remote_user is replaced --- boot.php | 6 ++---- mod/cal.php | 5 +++-- mod/display.php | 7 ++++--- mod/item.php | 4 ++-- mod/photos.php | 17 +++++++++-------- mod/redir.php | 19 +------------------ mod/videos.php | 13 +++++++------ mod/wall_attach.php | 5 +++-- mod/wall_upload.php | 5 +++-- src/Model/Profile.php | 4 ++-- src/Module/Profile.php | 8 ++++---- 11 files changed, 40 insertions(+), 53 deletions(-) diff --git a/boot.php b/boot.php index 3aca931492..6aada42cbe 100644 --- a/boot.php +++ b/boot.php @@ -414,15 +414,13 @@ function public_contact() * * @return int|bool visitor_id or false */ -function remote_user($uid = null) +function remote_user() { if (empty($_SESSION['authenticated'])) { return false; } - if (!is_null($uid)) { - return Session::getRemoteContactID($uid); - } elseif (is_null($uid) && !empty($_SESSION['visitor_id'])) { + if (!empty($_SESSION['visitor_id'])) { return intval($_SESSION['visitor_id']); } diff --git a/mod/cal.php b/mod/cal.php index 158856d21e..7066770703 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -14,6 +14,7 @@ use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\Renderer; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Event; @@ -109,8 +110,8 @@ function cal_content(App $a) $owner_uid = intval($a->data['user']['uid']); $nick = $a->data['user']['nickname']; - if (!empty(remote_user($a->profile['profile_uid']))) { - $contact_id = remote_user($a->profile['profile_uid']); + if (!empty(Session::getRemoteContactID($a->profile['profile_uid']))) { + $contact_id = Session::getRemoteContactID($a->profile['profile_uid']); } if ($contact_id) { diff --git a/mod/display.php b/mod/display.php index 7f77be37ef..874e2e8bf3 100644 --- a/mod/display.php +++ b/mod/display.php @@ -14,6 +14,7 @@ use Friendica\Core\Logger; use Friendica\Core\Protocol; use Friendica\Core\Renderer; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Group; @@ -53,7 +54,7 @@ function display_init(App $a) $nick = $a->user["nickname"]; } // Is this item private but could be visible to the remove visitor? - } elseif (remote_user($item['uid'])) { + } elseif (Session::getRemoteContactID($item['uid'])) { $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); if (DBA::isResult($item)) { $item_user = $item['uid']; @@ -225,7 +226,7 @@ function display_content(App $a, $update = false, $update_uid = 0) $item_parent = $item["parent"]; $item_parent_uri = $item['parent-uri']; } - } elseif (remote_user($item['uid'])) { + } elseif (Session::getRemoteContactID($item['uid'])) { $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); if (DBA::isResult($item)) { $item_id = $item["id"]; @@ -273,7 +274,7 @@ function display_content(App $a, $update = false, $update_uid = 0) if (DBA::isResult($parent)) { $a->profile['uid'] = defaults($a->profile, 'uid', $parent['uid']); $a->profile['profile_uid'] = defaults($a->profile, 'profile_uid', $parent['uid']); - $is_remote_contact = remote_user($a->profile['profile_uid']); + $is_remote_contact = Session::getRemoteContactID($a->profile['profile_uid']); if ($is_remote_contact) { $item_uid = $parent['uid']; } diff --git a/mod/item.php b/mod/item.php index 5ffee86a06..b059f63d1f 100644 --- a/mod/item.php +++ b/mod/item.php @@ -348,8 +348,8 @@ function item_post(App $a) { if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) { $self = true; $author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]); - } elseif (!empty(remote_user($profile_uid))) { - $author = DBA::selectFirst('contact', [], ['id' => remote_user($profile_uid)]); + } elseif (!empty(Session::getRemoteContactID($profile_uid))) { + $author = DBA::selectFirst('contact', [], ['id' => Session::getRemoteContactID($profile_uid)]); } if (DBA::isResult($author)) { diff --git a/mod/photos.php b/mod/photos.php index 3bf49f37be..1514458717 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -15,6 +15,7 @@ use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\Renderer; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Group; @@ -84,7 +85,7 @@ function photos_init(App $a) { $ret['albums'] = []; foreach ($albums as $k => $album) { //hide profile photos to others - if (!$is_owner && !remote_user($a->profile_uid) && ($album['album'] == L10n::t('Profile Photos'))) + if (!$is_owner && !Session::getRemoteContactID($a->profile_uid) && ($album['album'] == L10n::t('Profile Photos'))) continue; $entry = [ 'text' => $album['album'], @@ -150,8 +151,8 @@ function photos_post(App $a) if (local_user() && (local_user() == $page_owner_uid)) { $can_post = true; - } elseif ($community_page && !empty(remote_user($page_owner_uid))) { - $contact_id = remote_user($page_owner_uid); + } elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) { + $contact_id = Session::getRemoteContactID($page_owner_uid); $can_post = true; $visitor = $contact_id; } @@ -874,8 +875,8 @@ function photos_content(App $a) if (local_user() && (local_user() == $owner_uid)) { $can_post = true; - } elseif ($community_page && !empty(remote_user($owner_uid))) { - $contact_id = remote_user($owner_uid); + } elseif ($community_page && !empty(Session::getRemoteContactID($owner_uid))) { + $contact_id = Session::getRemoteContactID($owner_uid); $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); if (DBA::isResult($contact)) { @@ -886,8 +887,8 @@ function photos_content(App $a) } // perhaps they're visiting - but not a community page, so they wouldn't have write access - if (!empty(remote_user($owner_uid)) && !$visitor) { - $contact_id = remote_user($owner_uid); + if (!empty(Session::getRemoteContactID($owner_uid)) && !$visitor) { + $contact_id = Session::getRemoteContactID($owner_uid); $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); @@ -1563,7 +1564,7 @@ function photos_content(App $a) $twist = false; foreach ($r as $rr) { //hide profile photos to others - if (!$is_owner && !remote_user($owner_uid) && ($rr['album'] == L10n::t('Profile Photos'))) { + if (!$is_owner && !Session::getRemoteContactID($owner_uid) && ($rr['album'] == L10n::t('Profile Photos'))) { continue; } diff --git a/mod/redir.php b/mod/redir.php index 6b492473a0..5345b1d81b 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -66,7 +66,7 @@ function redir_init(App $a) { // with the local contact. Otherwise the local user would ask the local contact // for authentification everytime he/she is visiting a profile page of the local // contact. - if (($host == $remotehost) && (remote_user(Session::get('visitor_visiting')) == Session::get('visitor_id'))) { + if (($host == $remotehost) && (Session::getRemoteContactID(Session::get('visitor_visiting')) == Session::get('visitor_id'))) { // Remote user is already authenticated. $target_url = defaults($url, $contact_url); Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG); @@ -139,23 +139,6 @@ function redir_magic($a, $cid, $url) Logger::info('Got my url', ['visitor' => $visitor]); } - /// @todo Most likely these lines are superfluous. We will remove them in the next version - if (empty($visitor) && remote_user()) { - $contact = DBA::selectFirst('contact', ['url'], ['id' => remote_user()]); - if (!empty($contact['url'])) { - $visitor = $contact['url']; - Logger::info('Got remote user', ['visitor' => $visitor]); - } - } - - if (empty($visitor) && local_user()) { - $contact = DBA::selectFirst('contact', ['url'], ['id' => local_user()]); - if (!empty($contact['url'])) { - $visitor = $contact['url']; - Logger::info('Got local user', ['visitor' => $visitor]); - } - } - $contact = DBA::selectFirst('contact', ['url'], ['id' => $cid]); if (!DBA::isResult($contact)) { Logger::info('Contact not found', ['id' => $cid]); diff --git a/mod/videos.php b/mod/videos.php index 6ff4236a1b..fd40e79c90 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -10,6 +10,7 @@ use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\Renderer; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Model\Attach; use Friendica\Model\Contact; @@ -22,7 +23,7 @@ use Friendica\Util\Security; function videos_init(App $a) { - if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) { + if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { return; } @@ -110,7 +111,7 @@ function videos_content(App $a) // videos/name/video/xxxxx/edit - if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) { + if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { notice(L10n::t('Public access denied.') . EOL); return; } @@ -150,16 +151,16 @@ function videos_content(App $a) if ((local_user()) && (local_user() == $owner_uid)) { $can_post = true; - } elseif ($community_page && !empty(remote_user($owner_uid))) { - $contact_id = remote_user($owner_uid); + } elseif ($community_page && !empty(Session::getRemoteContactID($owner_uid))) { + $contact_id = Session::getRemoteContactID($owner_uid); $can_post = true; $remote_contact = true; $visitor = $contact_id; } // perhaps they're visiting - but not a community page, so they wouldn't have write access - if (!empty(remote_user($owner_uid)) && !$visitor) { - $contact_id = remote_user($owner_uid); + if (!empty(Session::getRemoteContactID($owner_uid)) && !$visitor) { + $contact_id = Session::getRemoteContactID($owner_uid); $remote_contact = true; } diff --git a/mod/wall_attach.php b/mod/wall_attach.php index 096439fa74..0324a5581c 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -6,6 +6,7 @@ use Friendica\App; use Friendica\Core\Config; use Friendica\Core\L10n; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Model\Attach; use Friendica\Model\User; @@ -45,8 +46,8 @@ function wall_attach_post(App $a) { if (local_user() && (local_user() == $page_owner_uid)) { $can_post = true; - } elseif ($community_page && !empty(remote_user($page_owner_uid))) { - $contact_id = remote_user($page_owner_uid); + } elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) { + $contact_id = Session::getRemoteContactID($page_owner_uid); $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($page_owner_uid) diff --git a/mod/wall_upload.php b/mod/wall_upload.php index 0848c05906..1224b6dab0 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -12,6 +12,7 @@ use Friendica\App; use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Core\Config; use Friendica\Database\DBA; use Friendica\Model\Contact; @@ -74,8 +75,8 @@ function wall_upload_post(App $a, $desktopmode = true) if ((local_user()) && (local_user() == $page_owner_uid)) { $can_post = true; - } elseif ($community_page && !empty(remote_user($page_owner_uid))) { - $contact_id = remote_user($page_owner_uid); + } elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) { + $contact_id = Session::getRemoteContactID($page_owner_uid); $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 1aaa1907ce..bdb69750dc 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -248,8 +248,8 @@ class Profile */ public static function getByNickname($nickname, $uid = 0, $profile_id = 0) { - if (!empty(remote_user($uid))) { - $contact = DBA::selectFirst('contact', ['profile-id'], ['id' => remote_user($uid)]); + if (!empty(Session::getRemoteContactID($uid))) { + $contact = DBA::selectFirst('contact', ['profile-id'], ['id' => Session::getRemoteContactID($uid)]); if (DBA::isResult($contact)) { $profile_id = $contact['profile-id']; } diff --git a/src/Module/Profile.php b/src/Module/Profile.php index d1e76bf01a..cb710b10ba 100644 --- a/src/Module/Profile.php +++ b/src/Module/Profile.php @@ -84,8 +84,8 @@ class Profile extends BaseModule $a->page['htmlhead'] .= "\n"; - $blocked = !local_user() && !remote_user($a->profile['profile_uid']) && Config::get('system', 'block_public'); - $userblock = !local_user() && !remote_user($a->profile['profile_uid']) && $a->profile['hidewall']; + $blocked = !local_user() && !Session::getRemoteContactID($a->profile['profile_uid']) && Config::get('system', 'block_public'); + $userblock = !local_user() && !Session::getRemoteContactID($a->profile['profile_uid']) && $a->profile['hidewall']; if (!empty($a->profile['page-flags']) && $a->profile['page-flags'] == User::PAGE_FLAGS_COMMUNITY) { $a->page['htmlhead'] .= '' . "\n"; @@ -151,7 +151,7 @@ class Profile extends BaseModule $hashtags = defaults($_GET, 'tag', ''); - if (Config::get('system', 'block_public') && !local_user() && !remote_user($a->profile['profile_uid'])) { + if (Config::get('system', 'block_public') && !local_user() && !Session::getRemoteContactID($a->profile['profile_uid'])) { return Login::form(); } @@ -164,7 +164,7 @@ class Profile extends BaseModule Nav::setSelected('home'); } - $remote_contact = remote_user($a->profile['profile_uid']); + $remote_contact = Session::getRemoteContactID($a->profile['profile_uid']); $is_owner = local_user() == $a->profile['profile_uid']; $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . $remote_contact; From 89f02a1125593d2562bcbcb5f03241f6bc1ce77b Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 28 Sep 2019 15:31:36 +0000 Subject: [PATCH 07/17] Fix warnings --- mod/display.php | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/mod/display.php b/mod/display.php index 874e2e8bf3..8d13db46ff 100644 --- a/mod/display.php +++ b/mod/display.php @@ -53,11 +53,17 @@ function display_init(App $a) if (DBA::isResult($item)) { $nick = $a->user["nickname"]; } + } + // Is this item private but could be visible to the remove visitor? - } elseif (Session::getRemoteContactID($item['uid'])) { + if (!DBA::isResult($item) && remote_user()) { $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); if (DBA::isResult($item)) { - $item_user = $item['uid']; + if (!Contact::isFollower(remote_user(), $item['uid'])) { + $item = null; + } else { + $item_user = $item['uid']; + } } } @@ -81,10 +87,6 @@ function display_init(App $a) displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom'); } - if ($a->argc >= 3 && $nick == 'feed-item') { - displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom'); - } - if (!empty($_SERVER['HTTP_ACCEPT']) && strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) { Logger::log('Directly serving XML for id '.$item["id"], Logger::DEBUG); displayShowFeed($item["id"], false); @@ -226,9 +228,11 @@ function display_content(App $a, $update = false, $update_uid = 0) $item_parent = $item["parent"]; $item_parent_uri = $item['parent-uri']; } - } elseif (Session::getRemoteContactID($item['uid'])) { + } + + if (($item_parent == 0) && remote_user()) { $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); - if (DBA::isResult($item)) { + if (DBA::isResult($item) && Contact::isFollower(remote_user(), $item['uid'])) { $item_id = $item["id"]; $item_parent = $item["parent"]; $item_parent_uri = $item['parent-uri']; From 83b00ef3081618dca2a17537289f55a485f70b00 Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 28 Sep 2019 18:09:11 +0000 Subject: [PATCH 08/17] New function "isAuthenticated" --- include/conversation.php | 2 +- include/items.php | 2 +- mod/cal.php | 2 +- mod/community.php | 2 +- mod/dfrn_poll.php | 3 ++- mod/dfrn_request.php | 3 ++- mod/display.php | 4 ++-- mod/hcard.php | 3 ++- mod/item.php | 5 +++-- mod/photos.php | 6 +++--- mod/redir.php | 13 ++----------- mod/search.php | 7 ++++--- mod/subthread.php | 2 +- mod/tagger.php | 3 ++- mod/videos.php | 4 ++-- src/Content/Nav.php | 4 ++-- src/Core/ACL.php | 3 ++- src/Core/Session.php | 16 +++++++++++++++- src/Model/Contact.php | 5 +++-- src/Model/Item.php | 4 ++-- src/Model/Profile.php | 4 ++-- src/Module/Directory.php | 5 +++-- src/Module/Like.php | 3 ++- src/Module/Profile/Contacts.php | 3 ++- src/Object/Post.php | 2 +- src/Util/Security.php | 2 +- 26 files changed, 64 insertions(+), 48 deletions(-) diff --git a/include/conversation.php b/include/conversation.php index 66b6d2a11c..74c8a6d272 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -365,7 +365,7 @@ function localize_item(&$item) 'network' => $item['author-network'], 'url' => $item['author-link']]; // Only create a redirection to a magic link when logged in - if (!empty($item['plink']) && (local_user() || remote_user())) { + if (!empty($item['plink']) && Session::isAuthenticated()) { $item['plink'] = Contact::magicLinkByContact($author, $item['plink']); } } diff --git a/include/items.php b/include/items.php index ae686a32d9..4cc10e628c 100644 --- a/include/items.php +++ b/include/items.php @@ -327,7 +327,7 @@ function drop_items(array $items) { $uid = 0; - if (!local_user() && !remote_user()) { + if (!Session::isAuthenticated()) { return; } diff --git a/mod/cal.php b/mod/cal.php index 7066770703..eba8d97586 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -27,7 +27,7 @@ use Friendica\Util\Temporal; function cal_init(App $a) { - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !Session::isAuthenticated()) { throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.')); } diff --git a/mod/community.php b/mod/community.php index 3cafced542..d29fa729dd 100644 --- a/mod/community.php +++ b/mod/community.php @@ -29,7 +29,7 @@ function community_content(App $a, $update = 0) { $o = ''; - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !Session::isAuthenticated()) { notice(L10n::t('Public access denied.') . EOL); return; } diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index fa0cf1037e..031fdb2838 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -9,6 +9,7 @@ use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Module\Login; use Friendica\Protocol\DFRN; @@ -49,7 +50,7 @@ function dfrn_poll_init(App $a) $hidewall = false; if (($dfrn_id === '') && empty($_POST['dfrn_id'])) { - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !Session::isAuthenticated()) { throw new \Friendica\Network\HTTPException\ForbiddenException(); } diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 19879c21bb..f78da7fb04 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -19,6 +19,7 @@ use Friendica\Core\Logger; use Friendica\Core\Protocol; use Friendica\Core\Renderer; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Group; @@ -592,7 +593,7 @@ function dfrn_request_content(App $a) exit(); } else { // Normal web request. Display our user's introduction form. - if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) { + if (Config::get('system', 'block_public') && !Session::isAuthenticated()) { if (!Config::get('system', 'local_block')) { notice(L10n::t('Public access denied.') . EOL); return; diff --git a/mod/display.php b/mod/display.php index 8d13db46ff..0cb00434b0 100644 --- a/mod/display.php +++ b/mod/display.php @@ -32,7 +32,7 @@ function display_init(App $a) Objects::rawContent(); } - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !Session::isAuthenticated()) { return; } @@ -196,7 +196,7 @@ function display_fetchauthor($a, $item) function display_content(App $a, $update = false, $update_uid = 0) { - if (Config::get('system','block_public') && !local_user() && !remote_user()) { + if (Config::get('system','block_public') && !Session::isAuthenticated()) { throw new HTTPException\ForbiddenException(L10n::t('Public access denied.')); } diff --git a/mod/hcard.php b/mod/hcard.php index 828eeaf091..ad84e24e54 100644 --- a/mod/hcard.php +++ b/mod/hcard.php @@ -6,13 +6,14 @@ use Friendica\App; use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Model\Contact; use Friendica\Model\Profile; use Friendica\Model\User; function hcard_init(App $a) { - $blocked = Config::get('system', 'block_public') && !local_user() && !remote_user(); + $blocked = Config::get('system', 'block_public') && !Session::isAuthenticated(); if ($a->argc > 1) { $which = $a->argv[1]; diff --git a/mod/item.php b/mod/item.php index b059f63d1f..28f393ac60 100644 --- a/mod/item.php +++ b/mod/item.php @@ -25,6 +25,7 @@ use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\Protocol; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Core\Worker; use Friendica\Database\DBA; use Friendica\Model\Attach; @@ -45,7 +46,7 @@ use Friendica\Worker\Delivery; require_once 'include/items.php'; function item_post(App $a) { - if (!local_user() && !remote_user()) { + if (!Session::isAuthenticated()) { return 0; } @@ -860,7 +861,7 @@ function item_post_return($baseurl, $api_source, $return_path) function item_content(App $a) { - if (!local_user() && !remote_user()) { + if (!Session::isAuthenticated()) { return; } diff --git a/mod/photos.php b/mod/photos.php index 1514458717..84be1c8285 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -36,7 +36,7 @@ use Friendica\Util\XML; function photos_init(App $a) { - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !Session::isAuthenticated()) { return; } @@ -70,7 +70,7 @@ function photos_init(App $a) { $albums = Photo::getAlbums($a->data['user']['uid']); - $albums_visible = ((intval($a->data['user']['hidewall']) && !local_user() && !remote_user()) ? false : true); + $albums_visible = ((intval($a->data['user']['hidewall']) && !Session::isAuthenticated()) ? false : true); // add various encodings to the array so we can just loop through and pick them out in a template $ret = ['success' => false]; @@ -829,7 +829,7 @@ function photos_content(App $a) // photos/name/image/xxxxx/edit // photos/name/image/xxxxx/drop - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !Session::isAuthenticated()) { notice(L10n::t('Public access denied.') . EOL); return; } diff --git a/mod/redir.php b/mod/redir.php index 5345b1d81b..5eeeaa681c 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -35,7 +35,7 @@ function redir_init(App $a) { $contact_url = $contact['url']; - if ((!local_user() && !remote_user()) // Visitors (not logged in or not remotes) can't authenticate. + if (!Session::isAuthenticated() // Visitors (not logged in or not remotes) can't authenticate. || (!empty($a->contact['id']) && $a->contact['id'] == $cid)) // Local user is already authenticated. { $a->redirect(defaults($url, $contact_url)); @@ -74,17 +74,8 @@ function redir_init(App $a) { } } - // When the remote page does support OWA, then we enforce the use of it - $basepath = Contact::getBasepath($contact_url); - if (Strings::compareLink($basepath, System::baseUrl())) { - $use_magic = true; - } else { - $serverret = Network::curl($basepath . '/magic'); - $use_magic = $serverret->isSuccess(); - } - // Doing remote auth with dfrn. - if (local_user() && !$use_magic && (!empty($contact['dfrn-id']) || !empty($contact['issued-id'])) && empty($contact['pending'])) { + if (local_user() && (!empty($contact['dfrn-id']) || !empty($contact['issued-id'])) && empty($contact['pending'])) { $dfrn_id = $orig_id = (($contact['issued-id']) ? $contact['issued-id'] : $contact['dfrn-id']); if ($contact['duplex'] && $contact['issued-id']) { diff --git a/mod/search.php b/mod/search.php index 4a911b4fd9..9ac5950224 100644 --- a/mod/search.php +++ b/mod/search.php @@ -11,6 +11,7 @@ use Friendica\Core\Cache; use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\Logger; +use Friendica\Core\Session; use Friendica\Core\Renderer; use Friendica\Database\DBA; use Friendica\Model\Item; @@ -83,18 +84,18 @@ function search_init(App $a) { } function search_content(App $a) { - if (Config::get('system','block_public') && !local_user() && !remote_user()) { + if (Config::get('system','block_public') && !Session::isAuthenticated()) { notice(L10n::t('Public access denied.') . EOL); return; } - if (Config::get('system','local_search') && !local_user() && !remote_user()) { + if (Config::get('system','local_search') && !Session::isAuthenticated()) { $e = new \Friendica\Network\HTTPException\ForbiddenException(L10n::t("Only logged in users are permitted to perform a search.")); $e->httpdesc = L10n::t("Public access denied."); throw $e; } - if (Config::get('system','permit_crawling') && !local_user() && !remote_user()) { + if (Config::get('system','permit_crawling') && !Session::isAuthenticated()) { // Default values: // 10 requests are "free", after the 11th only a call per minute is allowed diff --git a/mod/subthread.php b/mod/subthread.php index 9fa1a410d3..29d3f5e06e 100644 --- a/mod/subthread.php +++ b/mod/subthread.php @@ -15,7 +15,7 @@ use Friendica\Util\XML; function subthread_content(App $a) { - if (!local_user() && !remote_user()) { + if (!Session::isAuthenticated()) { return; } diff --git a/mod/tagger.php b/mod/tagger.php index 2c15cdd28c..bc8b712970 100644 --- a/mod/tagger.php +++ b/mod/tagger.php @@ -7,6 +7,7 @@ use Friendica\Core\Hook; use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Core\Worker; use Friendica\Database\DBA; use Friendica\Model\Item; @@ -16,7 +17,7 @@ use Friendica\Worker\Delivery; function tagger_content(App $a) { - if (!local_user() && !remote_user()) { + if (!Session::isAuthenticated()) { return; } diff --git a/mod/videos.php b/mod/videos.php index fd40e79c90..48027a603e 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -23,7 +23,7 @@ use Friendica\Util\Security; function videos_init(App $a) { - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !Session::isAuthenticated()) { return; } @@ -111,7 +111,7 @@ function videos_content(App $a) // videos/name/video/xxxxx/edit - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !Session::isAuthenticated()) { notice(L10n::t('Public access denied.') . EOL); return; } diff --git a/src/Content/Nav.php b/src/Content/Nav.php index ea5c0bbc05..8140c5f3c1 100644 --- a/src/Content/Nav.php +++ b/src/Content/Nav.php @@ -149,7 +149,7 @@ class Nav $nav['usermenu'] = []; $userinfo = null; - if (local_user() || remote_user()) { + if (Session::isAuthenticated()) { $nav['logout'] = ['logout', L10n::t('Logout'), '', L10n::t('End this session')]; } else { $nav['login'] = ['login', L10n::t('Login'), ($a->module == 'login' ? 'selected' : ''), L10n::t('Sign in')]; @@ -182,7 +182,7 @@ class Nav $nav['home'] = [$homelink, L10n::t('Home'), '', L10n::t('Home Page')]; } - if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::OPEN && !local_user() && !remote_user()) { + if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::OPEN && !Session::isAuthenticated()) { $nav['register'] = ['register', L10n::t('Register'), '', L10n::t('Create an account')]; } diff --git a/src/Core/ACL.php b/src/Core/ACL.php index 6d9a95a725..55c174d96b 100644 --- a/src/Core/ACL.php +++ b/src/Core/ACL.php @@ -11,6 +11,7 @@ use Friendica\Content\Feature; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\GContact; +use Friendica\Core\Session; use Friendica\Util\Network; /** @@ -333,7 +334,7 @@ class ACL extends BaseObject */ public static function contactAutocomplete($search, $mode, int $page = 1) { - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !Session::isAuthenticated()) { return []; } diff --git a/src/Core/Session.php b/src/Core/Session.php index db455d3a25..b44ff3e2ea 100644 --- a/src/Core/Session.php +++ b/src/Core/Session.php @@ -53,7 +53,7 @@ class Session /** * Retrieves a key from the session super global or the defaults if the key is missing or the value is falsy. - * + * * Handle the case where session_start() hasn't been called and the super global isn't available. * * @param string $name @@ -255,4 +255,18 @@ class Session } DBA::close($remote_contacts); } + + /** + * Returns if the current visitor is authenticated + * + * @return boolean "true" when visitor is either a local or remote user + */ + public static function isAuthenticated() + { + if (empty($_SESSION['authenticated'])) { + return false; + } + + return $_SESSION['authenticated']; + } } diff --git a/src/Model/Contact.php b/src/Model/Contact.php index 1e3d0b9154..816c2a1864 100644 --- a/src/Model/Contact.php +++ b/src/Model/Contact.php @@ -13,6 +13,7 @@ use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\Protocol; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Core\Worker; use Friendica\Database\DBA; use Friendica\Network\Probe; @@ -2679,7 +2680,7 @@ class Contact extends BaseObject */ public static function magicLink($contact_url, $url = '') { - if (!local_user() && !remote_user()) { + if (!Session::isAuthenticated()) { return $url ?: $contact_url; // Equivalent to: ($url != '') ? $url : $contact_url; } @@ -2725,7 +2726,7 @@ class Contact extends BaseObject { $destination = $url ?: $contact['url']; // Equivalent to ($url != '') ? $url : $contact['url']; - if ((!local_user() && !remote_user()) || ($contact['network'] != Protocol::DFRN)) { + if (!Session::isAuthenticated() || ($contact['network'] != Protocol::DFRN)) { return $destination; } diff --git a/src/Model/Item.php b/src/Model/Item.php index 8e138c0cb3..c73ea99b1b 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -3029,7 +3029,7 @@ class Item extends BaseObject */ public static function performLike($item_id, $verb) { - if (!local_user() && !remote_user()) { + if (!Session::isAuthenticated()) { return false; } @@ -3428,7 +3428,7 @@ class Item extends BaseObject } // Update the cached values if there is no "zrl=..." on the links. - $update = (!local_user() && !remote_user() && ($item["uid"] == 0)); + $update = (!Session::isAuthenticated() && ($item["uid"] == 0)); // Or update it if the current viewer is the intented viewer. if (($item["uid"] == local_user()) && ($item["uid"] != 0)) { diff --git a/src/Model/Profile.php b/src/Model/Profile.php index bdb69750dc..01c5851392 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -215,7 +215,7 @@ class Profile ); } - $block = ((Config::get('system', 'block_public') && !local_user() && !remote_user()) ? true : false); + $block = ((Config::get('system', 'block_public') && !Session::isAuthenticated()) ? true : false); /** * @todo @@ -448,7 +448,7 @@ class Profile $about = !empty($profile['about']) ? L10n::t('About:') : false; $xmpp = !empty($profile['xmpp']) ? L10n::t('XMPP:') : false; - if ((!empty($profile['hidewall']) || $block) && !local_user() && !remote_user()) { + if ((!empty($profile['hidewall']) || $block) && !Session::isAuthenticated()) { $location = $gender = $marital = $homepage = $about = false; } diff --git a/src/Module/Directory.php b/src/Module/Directory.php index 4674a9f857..7d75e4d477 100644 --- a/src/Module/Directory.php +++ b/src/Module/Directory.php @@ -8,6 +8,7 @@ use Friendica\Content\Pager; use Friendica\Content\Widget; use Friendica\Core\Hook; use Friendica\Core\L10n; +use Friendica\Core\Session; use Friendica\Core\Renderer; use Friendica\Model\Contact; use Friendica\Model\Profile; @@ -25,8 +26,8 @@ class Directory extends BaseModule $app = self::getApp(); $config = $app->getConfig(); - if (($config->get('system', 'block_public') && !local_user() && !remote_user()) || - ($config->get('system', 'block_local_dir') && !local_user() && !remote_user())) { + if (($config->get('system', 'block_public') && !Session::isAuthenticated()) || + ($config->get('system', 'block_local_dir') && !Session::isAuthenticated())) { throw new HTTPException\ForbiddenException(L10n::t('Public access denied.')); } diff --git a/src/Module/Like.php b/src/Module/Like.php index f57cbadfd3..a43e38045c 100644 --- a/src/Module/Like.php +++ b/src/Module/Like.php @@ -4,6 +4,7 @@ namespace Friendica\Module; use Friendica\BaseModule; use Friendica\Model\Item; +use Friendica\Core\Session; use Friendica\Network\HTTPException; use Friendica\Util\Strings; @@ -14,7 +15,7 @@ class Like extends BaseModule { public static function rawContent() { - if (!local_user() && !remote_user()) { + if (!Session::isAuthenticated()) { throw new HTTPException\ForbiddenException(); } diff --git a/src/Module/Profile/Contacts.php b/src/Module/Profile/Contacts.php index 7463d4043f..ed41f421b1 100644 --- a/src/Module/Profile/Contacts.php +++ b/src/Module/Profile/Contacts.php @@ -10,6 +10,7 @@ use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\Protocol; use Friendica\Core\Renderer; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Profile; @@ -19,7 +20,7 @@ class Contacts extends BaseModule { public static function content() { - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !Session::isAuthenticated()) { throw new \Friendica\Network\HTTPException\NotFoundException(L10n::t('User not found.')); } diff --git a/src/Object/Post.php b/src/Object/Post.php index afb55a0212..2ef53d075c 100644 --- a/src/Object/Post.php +++ b/src/Object/Post.php @@ -219,7 +219,7 @@ class Post extends BaseObject $author = ['uid' => 0, 'id' => $item['author-id'], 'network' => $item['author-network'], 'url' => $item['author-link']]; - if (local_user() || remote_user()) { + if (Session::isAuthenticated()) { $profile_link = Contact::magicLinkByContact($author); } else { $profile_link = $item['author-link']; diff --git a/src/Util/Security.php b/src/Util/Security.php index 1d7162ab8e..043c59d84f 100644 --- a/src/Util/Security.php +++ b/src/Util/Security.php @@ -21,7 +21,7 @@ class Security extends BaseObject { static $verified = 0; - if (!local_user() && !remote_user()) { + if (!Session::isAuthenticated()) { return false; } From 7704758f9c67a43fc0b6793cbaace38000c3ee5e Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 28 Sep 2019 20:42:33 +0000 Subject: [PATCH 09/17] Fix permissionset query --- src/Model/PermissionSet.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/Model/PermissionSet.php b/src/Model/PermissionSet.php index c9b2b17b67..90448806d8 100644 --- a/src/Model/PermissionSet.php +++ b/src/Model/PermissionSet.php @@ -89,11 +89,9 @@ class PermissionSet extends BaseObject $contact_str = '<' . $contact_id . '>'; - $condition = ["`uid` = ? AND (`allow_cid` = '' OR`allow_cid` REGEXP ?) - AND (`deny_cid` = '' OR NOT `deny_cid` REGEXP ?) - AND (`allow_gid` = '' OR `allow_gid` REGEXP ?) - AND (`deny_gid` = '' OR NOT `deny_gid` REGEXP ?)", - $uid, $contact_str, $contact_str, $group_str, $group_str]; + $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?) + AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))", + $uid, $contact_str, $group_str, $contact_str, $group_str]; $ret = DBA::select('permissionset', ['id'], $condition); $set = []; From 23bad85847a12d706b26c834ad158ebab7723ddb Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 28 Sep 2019 20:43:45 +0000 Subject: [PATCH 10/17] Ensure to fetch the correct item --- mod/display.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/mod/display.php b/mod/display.php index 0cb00434b0..8513788dfc 100644 --- a/mod/display.php +++ b/mod/display.php @@ -57,7 +57,7 @@ function display_init(App $a) // Is this item private but could be visible to the remove visitor? if (!DBA::isResult($item) && remote_user()) { - $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); + $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1, 'origin' => true]); if (DBA::isResult($item)) { if (!Contact::isFollower(remote_user(), $item['uid'])) { $item = null; @@ -101,7 +101,7 @@ function display_init(App $a) if (strstr(Strings::normaliseLink($profiledata["url"]), Strings::normaliseLink(System::baseUrl()))) { $nickname = str_replace(Strings::normaliseLink(System::baseUrl())."/profile/", "", Strings::normaliseLink($profiledata["url"])); - if (($nickname != $a->user["nickname"])) { + if ($nickname != $a->user["nickname"]) { $profile = DBA::fetchFirst("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `contact`.`avatar-date` AS picdate, `user`.* FROM `profile` INNER JOIN `contact` on `contact`.`uid` = `profile`.`uid` INNER JOIN `user` ON `profile`.`uid` = `user`.`uid` WHERE `user`.`nickname` = ? AND `profile`.`is-default` AND `contact`.`self` LIMIT 1", @@ -231,7 +231,7 @@ function display_content(App $a, $update = false, $update_uid = 0) } if (($item_parent == 0) && remote_user()) { - $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); + $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1, 'origin' => true]); if (DBA::isResult($item) && Contact::isFollower(remote_user(), $item['uid'])) { $item_id = $item["id"]; $item_parent = $item["parent"]; @@ -285,7 +285,6 @@ function display_content(App $a, $update = false, $update_uid = 0) } } - $page_contact = DBA::selectFirst('contact', [], ['self' => true, 'uid' => $a->profile['uid']]); if (DBA::isResult($page_contact)) { $a->page_contact = $page_contact; @@ -327,7 +326,7 @@ function display_content(App $a, $update = false, $update_uid = 0) $condition = ["`id` = ? AND `item`.`uid` IN (0, ?) " . $sql_extra, $item_id, $item_uid]; $fields = ['parent-uri', 'body', 'title', 'author-name', 'author-avatar', 'plink', 'author-id', 'owner-id', 'contact-id']; - $item = Item::selectFirstForUser(local_user(), $fields, $condition); + $item = Item::selectFirstForUser($a->profile['profile_uid'], $fields, $condition); if (!DBA::isResult($item)) { throw new HTTPException\NotFoundException(L10n::t('The requested item doesn\'t exist or has been deleted.')); From 58fb0beaa3b518e9e72e0610aad514bd6bc8ab8f Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 29 Sep 2019 06:26:02 +0000 Subject: [PATCH 11/17] Delete the cache entry allowing direct login again --- src/Model/Profile.php | 4 +--- src/Module/Logout.php | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 01c5851392..b275d31add 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -1074,9 +1074,7 @@ class Profile // We need to extract the basebath from the profile url // to redirect the visitors '/magic' module. - // Note: We should have the basepath of a contact also in the contact table. - $urlarr = explode('/profile/', $contact['url']); - $basepath = $urlarr[0]; + $basepath = Contact::getBasepath($contact['url']); if ($basepath != $a->getBaseURL() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) { $magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest; diff --git a/src/Module/Logout.php b/src/Module/Logout.php index 1f60e6dc19..bf6a39e19f 100644 --- a/src/Module/Logout.php +++ b/src/Module/Logout.php @@ -7,6 +7,7 @@ namespace Friendica\Module; use Friendica\BaseModule; use Friendica\Core\Authentication; +use Friendica\Core\Cache; use Friendica\Core\Hook; use Friendica\Core\L10n; use Friendica\Core\System; @@ -27,6 +28,7 @@ class Logout extends BaseModule $visitor_home = null; if (remote_user()) { $visitor_home = Profile::getMyURL(); + Cache::delete('zrlInit:' . $visitor_home); } Hook::callAll("logging_out"); From c2c1b317e035a1a381b26ab6640a80e8ba55c1f3 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 29 Sep 2019 10:20:53 +0000 Subject: [PATCH 12/17] Transferring the "addr" value on magic auth --- src/Model/Profile.php | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/Model/Profile.php b/src/Model/Profile.php index b275d31add..4ca6ca66bd 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -1024,6 +1024,12 @@ class Profile * * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/channel.php * + * The implementation for Friendica sadly differs in some points from the one for Hubzilla: + * - Hubzilla uses the "zid" parameter, while for Friendica it had been replaced with "zrl" + * - There seem to be some reverse authentication (rmagic) that isn't implemented in Friendica at all + * + * It would be favourable to harmonize the two implementations. + * * @param App $a Application instance. * @throws \Friendica\Network\HTTPException\InternalServerErrorException * @throws \ImagickException @@ -1037,6 +1043,8 @@ class Profile return; } + $addr = $_GET['addr'] ?? $my_url; + $arr = ['zrl' => $my_url, 'url' => $a->cmd]; Hook::callAll('zrl_init', $arr); @@ -1067,8 +1075,10 @@ class Profile Worker::add(PRIORITY_LOW, 'GProbe', $my_url); - // Try to avoid recursion - but send them home to do a proper magic auth. - $query = str_replace(array('?zrl=', '&zid='), array('?rzrl=', '&rzrl='), $a->query_string); + // Remove the "addr" parameter from the destination. It is later added as separate parameter again. + $addr_request = 'addr=' . urlencode($addr); + $query = rtrim(str_replace($addr_request, '', $a->query_string), '?&'); + // The other instance needs to know where to redirect. $dest = urlencode($a->getBaseURL() . '/' . $query); @@ -1076,8 +1086,8 @@ class Profile // to redirect the visitors '/magic' module. $basepath = Contact::getBasepath($contact['url']); - if ($basepath != $a->getBaseURL() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) { - $magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest; + if ($basepath != $a->getBaseURL() && !strstr($dest, '/magic')) { + $magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest . '&' . $addr_request; // We have to check if the remote server does understand /magic without invoking something $serverret = Network::curl($basepath . '/magic'); From 32ea610559f497bb5f1fcdeb5c08ba1a64b35a57 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 29 Sep 2019 10:23:36 +0000 Subject: [PATCH 13/17] Avoid a contact lookup for empty URL --- src/Module/Magic.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Module/Magic.php b/src/Module/Magic.php index 4510d8d934..7cbc4794b3 100644 --- a/src/Module/Magic.php +++ b/src/Module/Magic.php @@ -32,15 +32,16 @@ class Magic extends BaseModule $dest = defaults($_REQUEST, 'dest', ''); $test = (!empty($_REQUEST['test']) ? intval($_REQUEST['test']) : 0); $owa = (!empty($_REQUEST['owa']) ? intval($_REQUEST['owa']) : 0); + $cid = 0; if (!empty($addr)) { $cid = Contact::getIdForURL($addr); - } else { + } elseif (!empty($dest)) { $cid = Contact::getIdForURL($dest); } if (!$cid) { - Logger::log('No contact record found: ' . json_encode($_REQUEST), Logger::DEBUG); + Logger::info('No contact record found', $_REQUEST); // @TODO Finding a more elegant possibility to redirect to either internal or external URL $a->redirect($dest); } From 51e55bca18ed3f73f474e203e3f3d1e2caba339f Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 29 Sep 2019 10:58:07 +0000 Subject: [PATCH 14/17] Added some logging --- src/Module/Magic.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Module/Magic.php b/src/Module/Magic.php index 7cbc4794b3..0722da3cd7 100644 --- a/src/Module/Magic.php +++ b/src/Module/Magic.php @@ -100,6 +100,7 @@ class Magic extends BaseModule $x = strpbrk($dest, '?&'); $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token); + Logger::info('Redirecting', ['path' => $dest . $args]); System::externalRedirect($dest . $args); } } From 5eeca432fe3f2f069689df3b4778213f11707055 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 29 Sep 2019 18:59:03 +0000 Subject: [PATCH 15/17] removed unused "f" parameter --- src/Model/Contact.php | 2 +- src/Model/Profile.php | 2 +- src/Module/Debug/Localtime.php | 2 +- src/Module/Magic.php | 3 +-- src/Protocol/Diaspora.php | 2 +- 5 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/Model/Contact.php b/src/Model/Contact.php index 816c2a1864..74534fc371 100644 --- a/src/Model/Contact.php +++ b/src/Model/Contact.php @@ -1214,7 +1214,7 @@ class Contact extends BaseObject } if (($contact['network'] == Protocol::DFRN) && !$contact['self'] && empty($contact['pending'])) { - $poke_link = System::baseUrl() . '/poke/?f=&c=' . $contact['id']; + $poke_link = System::baseUrl() . '/poke/?c=' . $contact['id']; } $contact_url = System::baseUrl() . '/contact/' . $contact['id']; diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 4ca6ca66bd..4261d62e7a 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -1087,7 +1087,7 @@ class Profile $basepath = Contact::getBasepath($contact['url']); if ($basepath != $a->getBaseURL() && !strstr($dest, '/magic')) { - $magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest . '&' . $addr_request; + $magic_path = $basepath . '/magic' . '?owa=1&dest=' . $dest . '&' . $addr_request; // We have to check if the remote server does understand /magic without invoking something $serverret = Network::curl($basepath . '/magic'); diff --git a/src/Module/Debug/Localtime.php b/src/Module/Debug/Localtime.php index 36eaa17ac8..7af9cb8dad 100644 --- a/src/Module/Debug/Localtime.php +++ b/src/Module/Debug/Localtime.php @@ -39,7 +39,7 @@ class Localtime extends BaseModule $output .= '

' . L10n::t('Converted localtime: %s', $app->data['mod-localtime']) . '

'; } - $output .= '
'; + $output .= ''; $output .= '

' . L10n::t('Please select your timezone:') . '

'; $output .= Temporal::getTimezoneSelect(defaults($_REQUEST, 'timezone', Installer::DEFAULT_TZ)); $output .= '
'; diff --git a/src/Module/Magic.php b/src/Module/Magic.php index 0722da3cd7..4cb3dc7328 100644 --- a/src/Module/Magic.php +++ b/src/Module/Magic.php @@ -97,8 +97,7 @@ class Magic extends BaseModule } else { $token = $j['token']; } - $x = strpbrk($dest, '?&'); - $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token); + $args = (strpbrk($dest, '?&') ? '&' : '?') . 'owt=' . $token; Logger::info('Redirecting', ['path' => $dest . $args]); System::externalRedirect($dest . $args); diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php index 9e074e8a9a..587b34c3fe 100644 --- a/src/Protocol/Diaspora.php +++ b/src/Protocol/Diaspora.php @@ -1608,7 +1608,7 @@ class Diaspora } if (self::isRedmatrix($contact["url"])) { - return $contact["url"] . "/?f=&mid=" . $guid; + return $contact["url"] . "/?mid=" . $guid; } if ($parent_guid != '') { From 520c250a415d883cb038789824c03938166c608c Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 29 Sep 2019 19:21:05 +0000 Subject: [PATCH 16/17] Some small code adjustments --- src/Model/Profile.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 4261d62e7a..cf39a02a91 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -1186,7 +1186,7 @@ class Profile if (!strlen($s)) { return $s; } - if ((!strpos($s, '/profile/')) && (!$force)) { + if (!strpos($s, '/profile/') && !$force) { return $s; } if ($force && substr($s, -1, 1) !== '/') { @@ -1243,7 +1243,7 @@ class Profile if (!empty($search)) { $searchTerm = '%' . $search . '%'; - $cnt = DBA::fetchFirst("SELECT COUNT(*) AS `total` + $cnt = DBA::fetchFirst("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` $publish AND NOT `user`.`blocked` AND NOT `user`.`account_removed` @@ -1265,7 +1265,7 @@ class Profile $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm); } else { - $cnt = DBA::fetchFirst("SELECT COUNT(*) AS `total` + $cnt = DBA::fetchFirst("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` $publish AND NOT `user`.`blocked` AND NOT `user`.`account_removed`"); From 0d7c79d05149bcc0e872eaadd807b304718c2690 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 30 Sep 2019 06:29:00 +0000 Subject: [PATCH 17/17] Using central function to set the "remote" session value --- mod/dfrn_poll.php | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index 031fdb2838..c6134bb45d 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -111,17 +111,14 @@ function dfrn_poll_init(App $a) if ((int)$xml->status === 1) { $_SESSION['authenticated'] = 1; - if (empty($_SESSION['remote'])) { - $_SESSION['remote'] = []; - } - - $_SESSION['remote'][$r[0]['uid']] = $r[0]['id']; - $_SESSION['visitor_id'] = $r[0]['id']; $_SESSION['visitor_home'] = $r[0]['url']; $_SESSION['visitor_handle'] = $r[0]['addr']; $_SESSION['visitor_visiting'] = $r[0]['uid']; $_SESSION['my_url'] = $r[0]['url']; + + Session::setVisitorsContacts(); + if (!$quiet) { info(L10n::t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL); } @@ -518,16 +515,13 @@ function dfrn_poll_content(App $a) if (((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) { $_SESSION['authenticated'] = 1; - if (empty($_SESSION['remote'])) { - $_SESSION['remote'] = []; - } - - $_SESSION['remote'][$r[0]['uid']] = $r[0]['id']; - $_SESSION['visitor_id'] = $r[0]['id']; $_SESSION['visitor_home'] = $r[0]['url']; $_SESSION['visitor_visiting'] = $r[0]['uid']; $_SESSION['my_url'] = $r[0]['url']; + + Session::setVisitorsContacts(); + if (!$quiet) { info(L10n::t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL); }