diff --git a/include/text.php b/include/text.php index 26de709e3..658c2cdd6 100644 --- a/include/text.php +++ b/include/text.php @@ -6,8 +6,8 @@ require_once("include/friendica_smarty.php"); if(! function_exists('replace_macros')) { /** * This is our template processor - * - * @param string|FriendicaSmarty $s the string requiring macro substitution, + * + * @param string|FriendicaSmarty $s the string requiring macro substitution, * or an instance of FriendicaSmarty * @param array $r key value pairs (search => replace) * @return string substituted string @@ -52,13 +52,13 @@ if(! function_exists('notags')) { * The high bit hack only involved some old IE browser, forget which (IE5/Mac?) * that had an XSS attack vector due to stripping the high-bit on an 8-bit character * after cleansing, and angle chars with the high bit set could get through as markup. - * - * This is now disabled because it was interfering with some legitimate unicode sequences - * and hopefully there aren't a lot of those browsers left. + * + * This is now disabled because it was interfering with some legitimate unicode sequences + * and hopefully there aren't a lot of those browsers left. * * Use this on any text input where angle chars are not valid or permitted * They will be replaced with safer brackets. This may be filtered further - * if these are not allowed either. + * if these are not allowed either. * * @param string $string Input string * @return string Filtered string @@ -86,12 +86,12 @@ function escape_tags($string) { }} -// generate a string that's random, but usually pronounceable. +// generate a string that's random, but usually pronounceable. // used to generate initial passwords if(! function_exists('autoname')) { /** - * generate a string that's random, but usually pronounceable. + * generate a string that's random, but usually pronounceable. * used to generate initial passwords * @param int $len * @return string @@ -101,7 +101,7 @@ function autoname($len) { if($len <= 0) return ''; - $vowels = array('a','a','ai','au','e','e','e','ee','ea','i','ie','o','ou','u'); + $vowels = array('a','a','ai','au','e','e','e','ee','ea','i','ie','o','ou','u'); if(mt_rand(0,5) == 4) $vowels[] = 'y'; @@ -145,7 +145,7 @@ function autoname($len) { for ($x = 0; $x < $len; $x ++) { $r = mt_rand(0,count($table) - 1); $word .= $table[$r]; - + if($table == $vowels) $table = array_merge($cons,$midcons); else @@ -162,7 +162,7 @@ function autoname($len) { } } if(substr($word,-1) == 'q') - $word = substr($word,0,-1); + $word = substr($word,0,-1); return $word; }} @@ -178,11 +178,11 @@ if(! function_exists('xmlify')) { */ function xmlify($str) { /* $buffer = ''; - + $len = mb_strlen($str); for($x = 0; $x < $len; $x ++) { $char = mb_substr($str,$x,1); - + switch( $char ) { case "\r" : @@ -208,7 +208,7 @@ function xmlify($str) { default : $buffer .= $char; break; - } + } }*/ /* $buffer = mb_ereg_replace("&", "&", $str); @@ -219,7 +219,7 @@ function xmlify($str) { */ $buffer = htmlspecialchars($str, ENT_QUOTES); $buffer = trim($buffer); - + return($buffer); }} @@ -239,7 +239,7 @@ function unxmlify($s) { $ret = mb_ereg_replace('>', ">", $ret); */ $ret = htmlspecialchars_decode($s, ENT_QUOTES); - return $ret; + return $ret; }} if(! function_exists('hex2bin')) { @@ -287,7 +287,7 @@ function paginate_data(&$a, $count=null) { $data = array(); function _l(&$d, $name, $url, $text, $class="") { - $d[$name] = array('url'=>$url, 'text'=>$text, 'class'=>$class); + $d[$name] = array('url'=>$url, 'text'=>$text, 'class'=>$class); } if (!is_null($count)){ @@ -355,9 +355,9 @@ if(! function_exists('paginate')) { * Then call paginate($a) after the end of the display loop to insert the pager block on the page * (assuming there are enough items to paginate). * When using with SQL, the setting LIMIT %d, %d => $a->pager['start'],$a->pager['itemspage'] - * will limit the results to the correct items for the current page. - * The actual page handling is then accomplished at the application layer. - * + * will limit the results to the correct items for the current page. + * The actual page handling is then accomplished at the application layer. + * * @param App $a App instance * @return string html for pagination #FIXME remove html */ @@ -406,11 +406,11 @@ function expand_acl($s) { } } return $ret; -}} +}} if(! function_exists('sanitise_acl')) { /** - * Wrap ACL elements in angle brackets for storage + * Wrap ACL elements in angle brackets for storage * @param string $item */ function sanitise_acl(&$item) { @@ -424,10 +424,10 @@ function sanitise_acl(&$item) { if(! function_exists('perms2str')) { /** * Convert an ACL array to a storable string - * + * * Normally ACL permissions will be an array. * We'll also allow a comma-separated string. - * + * * @param string|array $p * @return string */ @@ -450,7 +450,7 @@ if(! function_exists('item_new_uri')) { /** * generate a guaranteed unique (for this domain) item ID for ATOM * safe from birthday paradox - * + * * @param string $hostname * @param int $uid * @return string @@ -506,7 +506,7 @@ if(! function_exists('load_view_file')) { * @global App $a * @param string $s view name * @return string - */ + */ function load_view_file($s) { global $lang, $a; if(! isset($lang)) @@ -539,7 +539,7 @@ if(! function_exists('get_intltext_template')) { /** * load a view template, checking for alternate * languages before falling back to the default - * + * * @global string $lang * @param string $s view path * @return string @@ -576,7 +576,7 @@ function get_intltext_template($s) { if(! function_exists('get_markup_template')) { /** * load template $s - * + * * @param string $s * @param string $root * @return string @@ -591,15 +591,15 @@ function get_markup_template($s, $root = '') { } catch (Exception $e) { echo "
".__function__.": ".$e->getMessage()."
"; killme(); } - + $a->save_timestamp($stamp1, "file"); - + return $template; }} if(! function_exists("get_template_file")) { /** - * + * * @param App $a * @param string $filename * @param string $root @@ -636,11 +636,11 @@ if(! function_exists('attribute_contains')) { * an attribute foobar="class1 class2 class3" * and you want to find out if it contains 'class3'. * you can't use a normal sub string search because you - * might match 'notclass3' and a regex to do the job is - * possible but a bit complicated. - * pass the attribute string as $attr and the attribute you + * might match 'notclass3' and a regex to do the job is + * possible but a bit complicated. + * pass the attribute string as $attr and the attribute you * are looking for as $s - returns true if found, otherwise false - * + * * @param string $attr attribute value * @param string $s string to search * @return boolean True if found, False otherwise @@ -691,9 +691,9 @@ function logger($msg,$level = 0) { if((! $debugging) || (! $logfile) || ($level > $loglevel)) return; - $callers = debug_backtrace(); - $logline = sprintf("%s@%s\t[%s]:%s:%s:%s\t%s\n", - datetime_convert(), + $callers = debug_backtrace(); + $logline = sprintf("%s@%s\t[%s]:%s:%s:%s\t%s\n", + datetime_convert(), session_id(), $LOGGER_LEVELS[$level], basename($callers[0]['file']), @@ -701,7 +701,7 @@ function logger($msg,$level = 0) { $callers[1]['function'], $msg ); - + $stamp1 = microtime(true); @file_put_contents($logfile, $logline, FILE_APPEND); $a->save_timestamp($stamp1, "file"); @@ -712,7 +712,7 @@ function logger($msg,$level = 0) { if(! function_exists('activity_match')) { /** * Compare activity uri. Knows about activity namespace. - * + * * @param string $haystack * @param string $needle * @return boolean @@ -727,12 +727,12 @@ function activity_match($haystack,$needle) { if(! function_exists('get_tags')) { /** * Pull out all #hashtags and @person tags from $s; - * We also get @person@domain.com - which would make + * We also get @person@domain.com - which would make * the regex quite complicated as tags can also * end a sentence. So we'll run through our results * and strip the period from any tags which end with one. * Returns array of tags found, or empty array. - * + * * @param string $s * @return array */ @@ -788,18 +788,18 @@ function get_tags($s) { }} -// +// if(! function_exists('qp')) { /** * quick and dirty quoted_printable encoding - * + * * @param string $s * @return string - */ + */ function qp($s) { return str_replace ("%","=",rawurlencode($s)); -}} +}} @@ -827,7 +827,7 @@ function get_mentions($item) { if(! function_exists('contact_block')) { /** * Get html for contact block. - * + * * @template contact_block.tpl * @hook contact_block_end (contacts=>array, output=>string) * @return string @@ -853,7 +853,7 @@ function contact_block() { if(! $total) { $contacts = t('No contacts'); $micropro = Null; - + } else { $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 and `pending` = 0 AND `hidden` = 0 AND `archive` = 0 ORDER BY RAND() LIMIT %d", intval($a->profile['uid']), @@ -867,7 +867,7 @@ function contact_block() { } } } - + $tpl = get_markup_template('contact_block.tpl'); $o = replace_macros($tpl, array( '$contacts' => $contacts, @@ -885,7 +885,7 @@ function contact_block() { if(! function_exists('micropro')) { /** - * + * * @param array $contact * @param boolean $redirect * @param string $class @@ -916,19 +916,19 @@ function micropro($contact, $redirect = false, $class = '', $textmode = false) { if($click) $url = ''; if($textmode) { - return '
'. $contact['name'] . '
' . "\r\n"; } else { - return '
' . $contact['name'] 
+			. (($url) ? ' href=' . $contact['name']
 			. '
' . "\r\n"; } }} @@ -938,7 +938,7 @@ function micropro($contact, $redirect = false, $class = '', $textmode = false) { if(! function_exists('search')) { /** * search box - * + * * @param string $s search query * @param string $id html id * @param string $url search url @@ -950,9 +950,9 @@ function search($s,$id='search-box',$url='/search',$save = false) { $o = '
'; $o .= '
'; $o .= ''; - $o .= ''; + $o .= ''; if($save) - $o .= ''; + $o .= ''; $o .= '
'; return $o; }} @@ -960,7 +960,7 @@ function search($s,$id='search-box',$url='/search',$save = false) { if(! function_exists('valid_email')) { /** * Check if $x is a valid email string - * + * * @param string $x * @return boolean */ @@ -996,7 +996,7 @@ function linkify($s) { * @hook poke_verbs pokes array */ function get_poke_verbs() { - + // index is present tense verb // value is array containing past tense verb, translation of present, translation of past @@ -1018,7 +1018,7 @@ function get_poke_verbs() { * @hook mood_verbs moods array */ function get_mood_verbs() { - + $arr = array( 'happy' => t('happy'), 'sad' => t('sad'), @@ -1053,10 +1053,10 @@ if(! function_exists('smilies')) { * Replaces text emoticons with graphical images * * It is expected that this function will be called using HTML text. - * We will escape text between HTML pre and code blocks from being - * processed. - * - * At a higher level, the bbcode [nosmile] tag can be used to prevent this + * We will escape text between HTML pre and code blocks from being + * processed. + * + * At a higher level, the bbcode [nosmile] tag can be used to prevent this * function from being executed by the prepare_text() routine when preparing * bbcode source for HTML display * @@ -1068,43 +1068,43 @@ if(! function_exists('smilies')) { function smilies($s, $sample = false) { $a = get_app(); - if(intval(get_config('system','no_smilies')) + if(intval(get_config('system','no_smilies')) || (local_user() && intval(get_pconfig(local_user(),'system','no_smilies')))) return $s; $s = preg_replace_callback('/
(.*?)<\/pre>/ism','smile_encode',$s);
 	$s = preg_replace_callback('/(.*?)<\/code>/ism','smile_encode',$s);
 
-	$texts =  array( 
-		'<3', 
-		'</3', 
-		'<\\3', 
-		':-)', 
-		';-)', 
-		':-(', 
-		':-P', 
-		':-p', 
-		':-"', 
-		':-"', 
-		':-x', 
-		':-X', 
-		':-D', 
-		'8-|', 
-		'8-O', 
-		':-O', 
-		'\\o/', 
-		'o.O', 
-		'O.o', 
-		'o_O', 
-		'O_o', 
-		":'(", 
-		":-!", 
-		":-/", 
-		":-[", 
+	$texts =  array(
+		'<3',
+		'</3',
+		'<\\3',
+		':-)',
+		';-)',
+		':-(',
+		':-P',
+		':-p',
+		':-"',
+		':-"',
+		':-x',
+		':-X',
+		':-D',
+		'8-|',
+		'8-O',
+		':-O',
+		'\\o/',
+		'o.O',
+		'O.o',
+		'o_O',
+		'O_o',
+		":'(",
+		":-!",
+		":-/",
+		":-[",
 		"8-)",
-		':beer', 
-		':homebrew', 
-		':coffee', 
+		':beer',
+		':homebrew',
+		':coffee',
 		':facepalm',
 		':like',
 		':dislike',
@@ -1129,7 +1129,7 @@ function smilies($s, $sample = false) {
 		':-D',
 		'8-|',
 		'8-O',
-		':-O',                
+		':-O',
 		'\\o/',
 		'o.O',
 		'O.o',
@@ -1182,7 +1182,7 @@ function smile_decode($m) {
 
 /**
  * expand <3333 to the correct number of hearts
- * 
+ *
  * @param string $x
  * @return string
  */
@@ -1201,7 +1201,7 @@ function preg_heart($x) {
 if(! function_exists('day_translate')) {
 /**
  * Translate days and months names
- * 
+ *
  * @param string $s
  * @return string
  */
@@ -1221,7 +1221,7 @@ function day_translate($s) {
 if(! function_exists('normalise_link')) {
 /**
  * Normalize url
- * 
+ *
  * @param string $url
  * @return string
  */
@@ -1235,15 +1235,15 @@ function normalise_link($url) {
 if(! function_exists('link_compare')) {
 /**
  * Compare two URLs to see if they are the same, but ignore
- * slight but hopefully insignificant differences such as if one 
- * is https and the other isn't, or if one is www.something and 
+ * slight but hopefully insignificant differences such as if one
+ * is https and the other isn't, or if one is www.something and
  * the other isn't - and also ignore case differences.
  *
  * @param string $a first url
  * @param string $b second url
  * @return boolean True if the URLs match, otherwise False
  *
- */	
+ */
 function link_compare($a,$b) {
 	if(strcasecmp(normalise_link($a),normalise_link($b)) === 0)
 		return true;
@@ -1254,7 +1254,7 @@ function link_compare($a,$b) {
 if(! function_exists('redir_private_images')) {
 /**
  * Find any non-embedded images in private items and add redir links to them
- * 
+ *
  * @param App $a
  * @param array $item
  */
@@ -1286,7 +1286,7 @@ if(! function_exists('prepare_body')) {
 /**
  * Given an item array, convert the body element from bbcode to html and add smilie icons.
  * If attach is true, also add icons for item attachments
- * 
+ *
  * @param array $item
  * @param boolean $attach
  * @return string item body html
@@ -1471,6 +1471,13 @@ function prepare_body(&$item,$attach = false, $preview = false) {
 		$s = substr($s, 0, $pos).$authorreplace.substr($s, $pos+strlen($authorsearch));
 	}
 
+    // replace friendica image url size with theme preference
+    if (x($a->theme_info,'item_image_size')){
+        $ps = $a->theme_info['item_image_size'];
+
+        $s = preg_replace('|(]+src="[^"]+/photo/[0-9a-f]+)-[0-9]|',"$1-".$ps, $s);
+    }
+
 	$prep_arr = array('item' => $item, 'html' => $s);
 	call_hooks('prepare_body_final', $prep_arr);
 
@@ -1481,7 +1488,7 @@ function prepare_body(&$item,$attach = false, $preview = false) {
 if(! function_exists('prepare_text')) {
 /**
  * Given a text string, convert from bbcode to html and add smilie icons.
- * 
+ *
  * @param string $text
  * @return string
  */
@@ -1501,10 +1508,10 @@ function prepare_text($text) {
 
 /**
  * return array with details for categories and folders for an item
- * 
+ *
  * @param array $item
  * @return array
- * 
+ *
   * [
  *      [ // categories array
  *          {
@@ -1522,7 +1529,7 @@ function prepare_text($text) {
  *               'first': 'is the first in this array? true/false',
  *               'last': 'is the last in this array? true/false',
  *           } ,
- *           ....       
+ *           ....
  *       ]
  *  ]
  */
@@ -1547,7 +1554,7 @@ function get_cats_and_terms($item) {
         }
     }
     if (count($categories)) $categories[count($categories)-1]['last'] = true;
-    
+
 
 	if(local_user() == $item['uid']) {
 	    $matches = false; $first = true;
@@ -1612,10 +1619,10 @@ function feed_salmonlinks($nick) {
 
 	$salmon  = '' . "\n" ;
 
-	// old style links that status.net still needed as of 12/2010 
+	// old style links that status.net still needed as of 12/2010
 
-	$salmon .= '  ' . "\n" ; 
-	$salmon .= '  ' . "\n" ; 
+	$salmon .= '  ' . "\n" ;
+	$salmon .= '  ' . "\n" ;
 	return $salmon;
 }}
 
@@ -1670,17 +1677,17 @@ if(! function_exists('lang_selector')) {
 /**
  * get html for language selector
  * @global string $lang
- * @return string 
+ * @return string
  * @template lang_selector.tpl
  */
 function lang_selector() {
 	global $lang;
-	
+
 	$langs = glob('view/*/strings.php');
-	
+
 	$lang_options = array();
 	$selected = "";
-	
+
 	if(is_array($langs) && count($langs)) {
 		$langs[] = '';
 		if(! in_array('view/en/strings.php',$langs))
@@ -1698,11 +1705,11 @@ function lang_selector() {
 		}
 	}
 
-	$tpl = get_markup_template("lang_selector.tpl");	
+	$tpl = get_markup_template("lang_selector.tpl");
 	$o = replace_macros($tpl, array(
 		'$title' => t('Select an alternate language'),
 		'$langs' => array($lang_options, $selected),
-		
+
 	));
 	return $o;
 }}
@@ -1790,7 +1797,7 @@ function base64url_decode($s) {
 if (!function_exists('str_getcsv')) {
 	/**
 	 * Parse csv string
-	 * 
+	 *
 	 * @param string $input
 	 * @param string $delimiter
 	 * @param string $enclosure
@@ -1835,13 +1842,13 @@ if (!function_exists('str_getcsv')) {
                         }
                     } else {
                         $line = preg_split("/".$delimiter."/",$line);
-   
+
                         /*
                          * Validating against pesky extra line breaks creating false rows.
                          */
                         if (is_array($line) && !empty($line[0])) {
                             $output[$line_num] = $line;
-                        } 
+                        }
                     }
                 }
                 return $output;
@@ -1852,7 +1859,7 @@ if (!function_exists('str_getcsv')) {
             return false;
         }
     }
-} 
+}
 
 /**
  * return div element with class 'clear'
@@ -1876,7 +1883,7 @@ function bb_translate_video($s) {
 				$s = str_replace($mtch[0],'[vimeo]' . $mtch[1] . '[/vimeo]',$s);
 		}
 	}
-	return $s;	
+	return $s;
 }
 
 function html2bb_video($s) {
@@ -1907,7 +1914,7 @@ function array_xmlify($val){
 
 /**
  * transorm link href and img src from relative to absolute
- * 
+ *
  * @param string $text
  * @param string $base base url
  * @return string
@@ -1920,7 +1927,7 @@ function reltoabs($text, $base)
   $base = rtrim($base,'/');
 
   $base2 = $base . "/";
- 	
+
   // Replace links
   $pattern = "/]*) href=\"(?!http|https|\/)([^\"]*)\"/";
   $replace = "','[',']'),array('%3c','%3e','%5b','%5d'),$s);
diff --git a/mod/photo.php b/mod/photo.php
index 434193f71..7783b6a25 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -101,7 +101,8 @@ function photo_init(&$a) {
 			$photo = substr($photo,0,-2);
 		}
 
-		$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
+        // check if the photo exists and get the owner of the photo
+		$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1",
 			dbesc($photo),
 			intval($resolution)
 		);
@@ -111,7 +112,7 @@ function photo_init(&$a) {
 
 			// Now we'll see if we can access the photo
 
-			$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d $sql_extra LIMIT 1",
+			$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` <= %d $sql_extra ORDER BY scale DESC LIMIT 1",
 				dbesc($photo),
 				intval($resolution)
 			);
@@ -119,28 +120,16 @@ function photo_init(&$a) {
 			$public = ($r[0]['allow_cid'] == '') AND ($r[0]['allow_gid'] == '') AND ($r[0]['deny_cid']  == '') AND ($r[0]['deny_gid']  == '');
 
 			if(count($r)) {
+                $resolution = $r[0]['scale'];
 				$data = $r[0]['data'];
 				$mimetype = $r[0]['type'];
 			}
 			else {
-
-				// Does the picture exist? It may be a remote person with no credentials,
-				// but who should otherwise be able to view it. Show a default image to let 
-				// them know permissions was denied. It may be possible to view the image 
-				// through an authenticated profile visit.
-				// There won't be many completely unauthorised people seeing this because
-				// they won't have the photo link, so there's a reasonable chance that the person
-				// might be able to obtain permission to view it.
- 
-				$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
-					dbesc($photo),
-					intval($resolution)
-				);
-				if(count($r)) {
-					$data = file_get_contents('images/nosign.jpg');
-					$mimetype = 'image/jpeg';
-					$prvcachecontrol = true;
-				}
+                // The picure exists. We already checked with the first query.
+                // obviously, this is not an authorized viev!
+                $data = file_get_contents('images/nosign.jpg');
+                $mimetype = 'image/jpeg';
+                $prvcachecontrol = true;
 			}
 		}
 	}