Merge remote-tracking branch 'upstream/develop' into manage

mod/community.php

@@ -227,6 +227,7 @@ function community_getitems($start, $itemspage, $content, $accounttype)
 			$values = [$start, $itemspage];
 		}
 
+		/// @todo Use "unsearchable" here as well (instead of "hidewall")
 		$r = DBA::p("SELECT `item`.`uri`, `author`.`url` AS `author-link` FROM `thread`
 			STRAIGHT_JOIN `user` ON `user`.`uid` = `thread`.`uid` AND NOT `user`.`hidewall`
 			STRAIGHT_JOIN `item` ON `item`.`id` = `thread`.`iid`
@@ -237,9 +238,9 @@ function community_getitems($start, $itemspage, $content, $accounttype)
 		return DBA::toArray($r);
 	} elseif ($content == 'global') {
 		if (!is_null($accounttype)) {
-			$condition = ["`uid` = ? AND `owner`.`contact-type` = ?", 0, $accounttype];
+			$condition = ["`uid` = ? AND NOT `author`.`unsearchable` AND NOT `owner`.`unsearchable` AND `owner`.`contact-type` = ?", 0, $accounttype];
 		} else {
-			$condition = ['uid' => 0];
+			$condition = ["`uid` = ? AND NOT `author`.`unsearchable` AND NOT `owner`.`unsearchable`", 0];
 		}
 
 		$r = Item::selectThreadForUser(0, ['uri'], $condition, ['order' => ['commented' => true], 'limit' => [$start, $itemspage]]);

mod/dfrn_poll.php

@@ -114,7 +114,7 @@ function dfrn_poll_init(App $a)
 						$_SESSION['remote'] = [];
 					}
 
-					$_SESSION['remote'][] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid'], 'url' => $r[0]['url']];
+					$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
 
 					$_SESSION['visitor_id'] = $r[0]['id'];
 					$_SESSION['visitor_home'] = $r[0]['url'];
@@ -521,7 +521,7 @@ function dfrn_poll_content(App $a)
 						$_SESSION['remote'] = [];
 					}
 
-					$_SESSION['remote'][] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid'], 'url' => $r[0]['url']];
+					$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
 					$_SESSION['visitor_id'] = $r[0]['id'];
 					$_SESSION['visitor_home'] = $r[0]['url'];
 					$_SESSION['visitor_visiting'] = $r[0]['uid'];

mod/item.php

@@ -284,10 +284,6 @@ function item_post(App $a) {
 
 		$private = ((strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) ? 1 : 0);
 
-		if ($user['hidewall']) {
-			$private = 2;
-		}
-
 		// If this is a comment, set the permissions from the parent.
 
 		if ($toplevel_item) {

mod/notifications.php

@@ -49,11 +49,15 @@ function notifications_post(App $a)
 		if ($_POST['submit'] == L10n::t('Discard')) {
 			DBA::delete('intro', ['id' => $intro_id]);
 			if (!$fid) {
-				// The check for pending is in case the friendship was already approved
-				// and we just want to get rid of the pending contact
+				// When the contact entry had been created just for that intro, we want to get rid of it now
 				$condition = ['id' => $contact_id, 'uid' => local_user(),
 					'self' => false, 'pending' => true, 'rel' => [0, Contact::FOLLOWER]];
-				if (DBA::exists('contact', $condition)) {
+				$contact_pending = DBA::exists('contact', $condition);
+
+				// Remove the "pending" to stop the reappearing in any case
+				DBA::update('contact', ['pending' => false], ['id' => $contact_id]);
+
+				if ($contact_pending) {
 					Contact::remove($contact_id);
 				}
 			}

mod/photos.php

@@ -154,17 +154,8 @@ function photos_post(App $a)
 
 	if (local_user() && (local_user() == $page_owner_uid)) {
 		$can_post = true;
-	} elseif ($community_page && remote_user()) {
-		$contact_id = 0;
-
-		if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
-			foreach ($_SESSION['remote'] as $v) {
-				if ($v['uid'] == $page_owner_uid) {
-					$contact_id = $v['cid'];
-					break;
-				}
-			}
-		}
+	} elseif ($community_page && remote_user($page_owner_uid)) {
+		$contact_id = remote_user($page_owner_uid);
 
 		if ($contact_id > 0) {
 			if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {

mod/profiles.php

@@ -594,7 +594,7 @@ function profiles_content(App $a) {
 			'$default' => (($is_default) ? '<p id="profile-edit-default-desc">' . L10n::t('This is your <strong>public</strong> profile.<br />It <strong>may</strong> be visible to anybody using the internet.') . '</p>' : ""),
 			'$name' => ['name', L10n::t('Your Full Name:'), $r[0]['name']],
 			'$pdesc' => ['pdesc', L10n::t('Title/Description:'), $r[0]['pdesc']],
-			'$dob' => Temporal::getDateofBirthField($r[0]['dob']),
+			'$dob' => Temporal::getDateofBirthField($r[0]['dob'], $a->user['timezone']),
 			'$hide_friends' => $hide_friends,
 			'$address' => ['address', L10n::t('Street Address:'), $r[0]['address']],
 			'$locality' => ['locality', L10n::t('Locality/City:'), $r[0]['locality']],

mod/redir.php

@@ -15,16 +15,16 @@ function redir_init(App $a) {
 
 	$url = defaults($_GET, 'url', '');
 	$quiet = !empty($_GET['quiet']) ? '&quiet=1' : '';
-	$con_url = defaults($_GET, 'conurl', '');
 
 	if ($a->argc > 1 && intval($a->argv[1])) {
 		$cid = intval($a->argv[1]);
-	} elseif (local_user() && !empty($con_url)) {
-		$cid = Contact::getIdForURL($con_url, local_user());
 	} else {
 		$cid = 0;
 	}
 
+	// Try magic auth before the legacy stuff
+	redir_magic($a, $cid, $url);
+
 	if (!empty($cid)) {
 		$fields = ['id', 'uid', 'nurl', 'url', 'addr', 'name', 'network', 'poll', 'issued-id', 'dfrn-id', 'duplex', 'pending'];
 		$contact = DBA::selectFirst('contact', $fields, ['id' => $cid, 'uid' => [0, local_user()]]);
@@ -140,3 +140,63 @@ function redir_init(App $a) {
 	notice(L10n::t('Contact not found.'));
 	$a->internalRedirect();
 }
+
+function redir_magic($a, $cid, $url)
+{
+	$visitor = Profile::getMyURL();
+	if (!empty($visitor)) {
+		Logger::info('Got my url', ['visitor' => $visitor]);
+	}
+
+	/// @todo Most likely these lines are superfluous. We will remove them in the next version
+	if (empty($visitor) && remote_user()) {
+		$contact = DBA::selectFirst('contact', ['url'], ['id' => remote_user()]);
+		if (!empty($contact['url'])) {
+			$visitor = $contact['url'];
+			Logger::info('Got remote user', ['visitor' => $visitor]);
+		}
+	}
+
+	if (empty($visitor) && local_user()) {
+		$contact = DBA::selectFirst('contact', ['url'], ['id' => local_user()]);
+		if (!empty($contact['url'])) {
+			$visitor = $contact['url'];
+			Logger::info('Got local user', ['visitor' => $visitor]);
+		}
+	}
+
+	$contact = DBA::selectFirst('contact', ['url'], ['id' => $cid]);
+	if (!DBA::isResult($contact)) {
+		Logger::info('Contact not found', ['id' => $cid]);
+		// Shouldn't happen under normal conditions
+		notice(L10n::t('Contact not found.'));
+		if (!empty($url)) {
+			$a->redirect($url);
+		} else {
+			$a->internalRedirect();
+		}
+	} else {
+		$contact_url = $contact['url'];
+		$target_url = defaults($url, $contact_url);
+	}
+
+	$basepath = Contact::getBasepath($contact_url);
+
+	// We don't use magic auth when there is no visitor, we are on the same system or we visit our own stuff
+	if (empty($visitor) || Strings::compareLink($basepath, System::baseUrl()) || Strings::compareLink($contact_url, $visitor)) {
+		Logger::info('Redirecting without magic', ['target' => $target_url, 'visitor' => $visitor, 'contact' => $contact_url]);
+		$a->redirect($target_url);
+	}
+
+	// Test for magic auth on the target system
+	$serverret = Network::curl($basepath . '/magic');
+	if ($serverret->isSuccess()) {
+		$separator = strpos($target_url, '?') ? '&' : '?';
+		$target_url .= $separator . 'zrl=' . urlencode($visitor) . '&addr=' . urlencode($contact_url);
+
+		Logger::info('Redirecting with magic', ['target' => $target_url, 'visitor' => $visitor, 'contact' => $contact_url]);
+		$a->redirect($target_url);
+	} else {
+		Logger::info('No magic for contact', ['contact' => $contact_url]);
+	}
+}