From 4791e5b24545ce5b25f577051eeb2248f1c2de61 Mon Sep 17 00:00:00 2001
From: Fabrixxm <fabrix.xm@gmail.com>
Date: Fri, 1 Mar 2013 04:43:04 -0500
Subject: [PATCH 1/6] install: add check for php-cli Check won't pass if $php
 -v won't return "(cli)"

---
 mod/install.php | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/mod/install.php b/mod/install.php
index 7247ebb2c..eda6b137f 100755
--- a/mod/install.php
+++ b/mod/install.php
@@ -309,6 +309,7 @@ function check_add(&$checks, $title, $status, $required, $help){
 }
 
 function check_php(&$phpath, &$checks) {
+	$passed = $passed2 = $passed3 = false;
 	if (strlen($phpath)){
 		$passed = file_exists($phpath);
 	} else {
@@ -330,16 +331,30 @@ function check_php(&$phpath, &$checks) {
 	check_add($checks, t('Command line PHP').($passed?" (<tt>$phpath</tt>)":""), $passed, false, $help);
 	
 	if($passed) {
+		$cmd = "$phpath -v";
+		$result = trim(shell_exec($cmd));
+		$passed2 = ( strpos($result, "(cli)") !== false );
+		list($result) = explode("\n", $result);
+		$help = "";
+		if(!$passed2) {
+			$help .= t('PHP executable is not the php cli binary (could be cgi-fgci version)'). EOL;
+			$help .= t('Found PHP version: ')."<tt>$result</tt>";
+		}
+		check_add($checks, t('PHP cli binary'), $passed2, true, $help);
+	}
+	
+	
+	if($passed2) {
 		$str = autoname(8);
 		$cmd = "$phpath testargs.php $str";
 		$result = trim(shell_exec($cmd));
-		$passed2 = $result == $str;
+		$passed3 = $result == $str;
 		$help = "";
-		if(!$passed2) {
+		if(!$passed3) {
 			$help .= t('The command line version of PHP on your system does not have "register_argc_argv" enabled.'). EOL;
 			$help .= t('This is required for message delivery to work.');
 		}
-		check_add($checks, t('PHP register_argc_argv'), $passed, true, $help);
+		check_add($checks, t('PHP register_argc_argv'), $passed3, true, $help);
 	}
 	
 

From 0b925899d421168b149f2703ac2673337f18cd07 Mon Sep 17 00:00:00 2001
From: Tobias Diekershoff <tobias.diekershoff@gmx.net>
Date: Sun, 3 Mar 2013 11:47:01 +0100
Subject: [PATCH 2/6] put edited meta info in item object to give theme
 developers the chance to display this in a fancy way

---
 object/Item.php | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/object/Item.php b/object/Item.php
index 139a81f71..781d21f9c 100644
--- a/object/Item.php
+++ b/object/Item.php
@@ -86,7 +86,14 @@ class Item extends BaseObject {
 		$a = $this->get_app();
 
 		$item = $this->get_data();
-
+                $edited = false;
+                if (strcmp($item['created'], $item['edited'])<>0) {
+                      $edited = array(
+                          'label' => t('This entry was edited'),
+                          'date' => datetime_convert('UTC', date_default_timezone_get(), $item['edited'], 'r'),,
+                          'relative' => relative_date($item['edited'])
+                      );
+                }
 		$commentww = '';
 		$sparkle = '';
 		$buttons = '';
@@ -325,13 +332,14 @@ class Item extends BaseObject {
 			'drop' => $drop,
 			'vote' => $buttons,
 			'like' => $like,
-			'dislike'   => $dislike,
+                        'dislike'   => $dislike,
 			'switchcomment' => t('Comment'),
 			'comment' => $this->get_comment_box($indent),
 			'previewing' => ($conv->is_preview() ? ' preview ' : ''),
 			'wait' => t('Please wait'),
 			'thread_level' => $thread_level,
-			'postopts' => $langstr
+                        'postopts' => $langstr,
+                        'edited' => $edited
 		);
 
 		$arr = array('item' => $item, 'output' => $tmp_item);

From 4e68a6b3e0ae115fd29a5bcac2a98af0e719094f Mon Sep 17 00:00:00 2001
From: Tobias Diekershoff <tobias.diekershoff@gmx.net>
Date: Sun, 3 Mar 2013 12:02:45 +0100
Subject: [PATCH 3/6] typo

---
 object/Item.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/object/Item.php b/object/Item.php
index 781d21f9c..06b3683c6 100644
--- a/object/Item.php
+++ b/object/Item.php
@@ -90,7 +90,7 @@ class Item extends BaseObject {
                 if (strcmp($item['created'], $item['edited'])<>0) {
                       $edited = array(
                           'label' => t('This entry was edited'),
-                          'date' => datetime_convert('UTC', date_default_timezone_get(), $item['edited'], 'r'),,
+                          'date' => datetime_convert('UTC', date_default_timezone_get(), $item['edited'], 'r'),
                           'relative' => relative_date($item['edited'])
                       );
                 }

From 018728370966f703e504e2b3bdeeea62a549ac65 Mon Sep 17 00:00:00 2001
From: Zach Prezkuta <fermion@gmx.com>
Date: Sun, 3 Mar 2013 09:44:41 -0700
Subject: [PATCH 4/6] allow admin to prevent private image embedding on hub

---
 include/items.php                             |  6 +++-
 include/text.php                              | 33 +++++++++++++++++--
 mod/admin.php                                 |  5 ++-
 view/admin_site.tpl                           |  1 +
 view/smarty3/admin_site.tpl                   |  1 +
 view/theme/decaf-mobile/admin_site.tpl        |  3 +-
 .../theme/decaf-mobile/smarty3/admin_site.tpl |  3 +-
 view/theme/frost-mobile/admin_site.tpl        |  3 +-
 .../theme/frost-mobile/smarty3/admin_site.tpl |  3 +-
 view/theme/frost/admin_site.tpl               |  3 +-
 view/theme/frost/smarty3/admin_site.tpl       |  3 +-
 11 files changed, 54 insertions(+), 10 deletions(-)

diff --git a/include/items.php b/include/items.php
index b7be27932..29f4d7256 100755
--- a/include/items.php
+++ b/include/items.php
@@ -3644,9 +3644,13 @@ function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) {
 }
 
 function fix_private_photos($s, $uid, $item = null, $cid = 0) {
+
+	if(get_config('system','disable_embedded'))
+		return $s;
+
 	$a = get_app();
 
-	logger('fix_private_photos', LOGGER_DEBUG);
+	logger('fix_private_photos: check for photos', LOGGER_DEBUG);
 	$site = substr($a->get_baseurl(),strpos($a->get_baseurl(),'://'));
 
 	$orig_body = $s;
diff --git a/include/text.php b/include/text.php
index 97cf6ac20..9dc90ac50 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1047,10 +1047,34 @@ function link_compare($a,$b) {
 	return false;
 }}
 
+
+// Find any non-embedded images in private items and add redir links to them
+
+if(! function_exists('redir_private_images')) {
+function redir_private_images($a, &$item) {
+
+	$matches = false;
+	$cnt = preg_match_all('|\[img\](http[^\[]*?/photo/[a-fA-F0-9]+?(-[0-9]\.[\w]+?)?)\[\/img\]|', $item['body'], $matches, PREG_SET_ORDER);
+	if($cnt) {
+		//logger("redir_private_images: matches = " . print_r($matches, true));
+		foreach($matches as $mtch) {
+			if(strpos($mtch[1], '/redir') !== false)
+				continue;
+
+			if((local_user() == $item['uid']) && ($item['private'] != 0) && ($item['contact-id'] != $a->contact['id']) && ($item['network'] == NETWORK_DFRN)) {
+				//logger("redir_private_images: redir");
+				$img_url = $a->get_baseurl() . '/redir?f=1&quiet=1&url=' . $mtch[1] . '&conurl=' . $item['author-link'];
+				$item['body'] = str_replace($mtch[0], "[img]".$img_url."[/img]", $item['body']);
+			}
+		}
+	}
+
+}}
+
+
 // Given an item array, convert the body element from bbcode to html and add smilie icons.
 // If attach is true, also add icons for item attachments
 
-
 if(! function_exists('prepare_body')) {
 function prepare_body($item,$attach = false) {
 
@@ -1066,14 +1090,19 @@ function prepare_body($item,$attach = false) {
 			$s = file_get_contents($cachefile);
 			$a->save_timestamp($stamp1, "file");
 		} else {
+			redir_private_images($a, $item);
 			$s = prepare_text($item['body']);
+
 			$stamp1 = microtime(true);
 			file_put_contents($cachefile, $s);
 			$a->save_timestamp($stamp1, "file");
+
 			logger('prepare_body: put item '.$item["id"].' into cachefile '.$cachefile);
 		}
-	} else
+	} else {
+		redir_private_images($a, $item);
 		$s = prepare_text($item['body']);
+	}
 
 
 	$prep_arr = array('item' => $item, 'html' => $s);
diff --git a/mod/admin.php b/mod/admin.php
index 48cc4b151..e4677b29c 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -256,7 +256,8 @@ function admin_page_site_post(&$a){
 	$thread_allow		=	((x($_POST,'thread_allow'))		? True						: False);
 	$newuser_private		=	((x($_POST,'newuser_private'))		? True						: False);
 	$enotify_no_content		=	((x($_POST,'enotify_no_content'))	? True						: False);
-	$private_addons		=	((x($_POST,'private_addons'))		? True						: False);
+	$private_addons			=	((x($_POST,'private_addons'))		? True						: False);
+	$disable_embedded		=	((x($_POST,'disable_embedded'))		? True						: False);
 	
 	$no_multi_reg		=	((x($_POST,'no_multi_reg'))		? True						: False);
 	$no_openid		=	!((x($_POST,'no_openid'))		? True						: False);
@@ -374,6 +375,7 @@ function admin_page_site_post(&$a){
 	set_config('system','thread_allow', $thread_allow);
 	set_config('system','newuser_private', $newuser_private);
 	set_config('system','enotify_no_content', $enotify_no_content);
+	set_config('system','disable_embedded', $disable_embedded);
 
 	set_config('system','block_extended_register', $no_multi_reg);
 	set_config('system','no_openid', $no_openid);
@@ -510,6 +512,7 @@ function admin_page_site(&$a) {
 		'$newuser_private'	=> array('newuser_private', t("Private posts by default for new users"), get_config('system','newuser_private'), t("Set default post permissions for all new members to the default privacy group rather than public.")),
 		'$enotify_no_content'	=> array('enotify_no_content', t("Don't include post content in email notifications"), get_config('system','enotify_no_content'), t("Don't include the content of a post/comment/private message/etc. in the email notifications that are sent out from this site, as a privacy measure.")),
 		'$private_addons'	=> array('private_addons', t("Disallow public access to addons listed in the apps menu."), get_config('config','private_addons'), t("Checking this box will restrict addons listed in the apps menu to members only.")),
+		'$disable_embedded'	=> array('disable_embedded', t("Don't embed private images in posts"), get_config('system','disable_embedded'), t("Don't replace locally-hosted private photos in posts with an embedded copy of the image. This means that contacts who receive posts containing private photos won't be able to see them unless they first visit the owner's profile page, or unless they have the redir_private_img plugin enabled.")),
 		
 		'$no_multi_reg'		=> array('no_multi_reg', t("Block multiple registrations"),  get_config('system','block_extended_register'), t("Disallow users to register additional accounts for use as pages.")),
 		'$no_openid'		=> array('no_openid', t("OpenID support"), !get_config('system','no_openid'), t("OpenID support for registration and logins.")),
diff --git a/view/admin_site.tpl b/view/admin_site.tpl
index 0d3d451b1..f66d31cdc 100644
--- a/view/admin_site.tpl
+++ b/view/admin_site.tpl
@@ -86,6 +86,7 @@
 	{{ inc field_checkbox.tpl with $field=$newuser_private }}{{ endinc }}
 	{{ inc field_checkbox.tpl with $field=$enotify_no_content }}{{ endinc }}
 	{{ inc field_checkbox.tpl with $field=$private_addons }}{{ endinc }}	
+	{{ inc field_checkbox.tpl with $field=$disable_embedded }}{{ endinc }}
 	<div class="submit"><input type="submit" name="page_site" value="$submit" /></div>
 	
 	<h3>$advanced</h3>
diff --git a/view/smarty3/admin_site.tpl b/view/smarty3/admin_site.tpl
index 30678f1bf..8d5b72a46 100644
--- a/view/smarty3/admin_site.tpl
+++ b/view/smarty3/admin_site.tpl
@@ -91,6 +91,7 @@
 	{{include file="field_checkbox.tpl" field=$newuser_private}}
 	{{include file="field_checkbox.tpl" field=$enotify_no_content}}
 	{{include file="field_checkbox.tpl" field=$private_addons}}	
+	{{include file="field_checkbox.tpl" field=$disable_embedded}}
 	<div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
 	
 	<h3>{{$advanced}}</h3>
diff --git a/view/theme/decaf-mobile/admin_site.tpl b/view/theme/decaf-mobile/admin_site.tpl
index a419cd9a5..349c8e5a9 100644
--- a/view/theme/decaf-mobile/admin_site.tpl
+++ b/view/theme/decaf-mobile/admin_site.tpl
@@ -42,7 +42,8 @@
 	{{ inc field_checkbox.tpl with $field=$thread_allow }}{{ endinc }}
 	{{ inc field_checkbox.tpl with $field=$newuser_private }}{{ endinc }}
 	{{ inc field_checkbox.tpl with $field=$enotify_no_content }}{{ endinc }}
-	
+	{{ inc field_checkbox.tpl with $field=$private_addons }}{{ endinc }}	
+	{{ inc field_checkbox.tpl with $field=$disable_embedded }}{{ endinc }}	
 	<div class="submit"><input type="submit" name="page_site" value="$submit" /></div>
 	
 	<h3>$advanced</h3>
diff --git a/view/theme/decaf-mobile/smarty3/admin_site.tpl b/view/theme/decaf-mobile/smarty3/admin_site.tpl
index 40580c486..5856d9792 100644
--- a/view/theme/decaf-mobile/smarty3/admin_site.tpl
+++ b/view/theme/decaf-mobile/smarty3/admin_site.tpl
@@ -47,7 +47,8 @@
 	{{include file="field_checkbox.tpl" field=$thread_allow}}
 	{{include file="field_checkbox.tpl" field=$newuser_private}}
 	{{include file="field_checkbox.tpl" field=$enotify_no_content}}
-	
+	{{include file="field_checkbox.tpl" field=$private_addons}}	
+	{{include file="field_checkbox.tpl" field=$disable_embedded}}	
 	<div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
 	
 	<h3>{{$advanced}}</h3>
diff --git a/view/theme/frost-mobile/admin_site.tpl b/view/theme/frost-mobile/admin_site.tpl
index a419cd9a5..349c8e5a9 100644
--- a/view/theme/frost-mobile/admin_site.tpl
+++ b/view/theme/frost-mobile/admin_site.tpl
@@ -42,7 +42,8 @@
 	{{ inc field_checkbox.tpl with $field=$thread_allow }}{{ endinc }}
 	{{ inc field_checkbox.tpl with $field=$newuser_private }}{{ endinc }}
 	{{ inc field_checkbox.tpl with $field=$enotify_no_content }}{{ endinc }}
-	
+	{{ inc field_checkbox.tpl with $field=$private_addons }}{{ endinc }}	
+	{{ inc field_checkbox.tpl with $field=$disable_embedded }}{{ endinc }}	
 	<div class="submit"><input type="submit" name="page_site" value="$submit" /></div>
 	
 	<h3>$advanced</h3>
diff --git a/view/theme/frost-mobile/smarty3/admin_site.tpl b/view/theme/frost-mobile/smarty3/admin_site.tpl
index 40580c486..5856d9792 100644
--- a/view/theme/frost-mobile/smarty3/admin_site.tpl
+++ b/view/theme/frost-mobile/smarty3/admin_site.tpl
@@ -47,7 +47,8 @@
 	{{include file="field_checkbox.tpl" field=$thread_allow}}
 	{{include file="field_checkbox.tpl" field=$newuser_private}}
 	{{include file="field_checkbox.tpl" field=$enotify_no_content}}
-	
+	{{include file="field_checkbox.tpl" field=$private_addons}}	
+	{{include file="field_checkbox.tpl" field=$disable_embedded}}	
 	<div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
 	
 	<h3>{{$advanced}}</h3>
diff --git a/view/theme/frost/admin_site.tpl b/view/theme/frost/admin_site.tpl
index c57c14569..38cbdb3ce 100644
--- a/view/theme/frost/admin_site.tpl
+++ b/view/theme/frost/admin_site.tpl
@@ -44,7 +44,8 @@
 	{{ inc field_checkbox.tpl with $field=$thread_allow }}{{ endinc }}
 	{{ inc field_checkbox.tpl with $field=$newuser_private }}{{ endinc }}
 	{{ inc field_checkbox.tpl with $field=$enotify_no_content }}{{ endinc }}
-	
+	{{ inc field_checkbox.tpl with $field=$private_addons }}{{ endinc }}	
+	{{ inc field_checkbox.tpl with $field=$disable_embedded }}{{ endinc }}	
 	<div class="submit"><input type="submit" name="page_site" value="$submit" /></div>
 	
 	<h3>$advanced</h3>
diff --git a/view/theme/frost/smarty3/admin_site.tpl b/view/theme/frost/smarty3/admin_site.tpl
index 2f5117359..247972712 100644
--- a/view/theme/frost/smarty3/admin_site.tpl
+++ b/view/theme/frost/smarty3/admin_site.tpl
@@ -49,7 +49,8 @@
 	{{include file="field_checkbox.tpl" field=$thread_allow}}
 	{{include file="field_checkbox.tpl" field=$newuser_private}}
 	{{include file="field_checkbox.tpl" field=$enotify_no_content}}
-	
+	{{include file="field_checkbox.tpl" field=$private_addons}}	
+	{{include file="field_checkbox.tpl" field=$disable_embedded}}	
 	<div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>
 	
 	<h3>{{$advanced}}</h3>

From aa7aa59def3be7687be9ae18dd6599deabddeb39 Mon Sep 17 00:00:00 2001
From: Olaf Conradi <olaf@conradi.org>
Date: Sun, 3 Mar 2013 20:44:52 +0100
Subject: [PATCH 5/6] Fix SQL error for missing AND operator

AND operator was missing from WHERE clause
---
 mod/notifications.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mod/notifications.php b/mod/notifications.php
index 9c14737f7..c7f8e1bbd 100644
--- a/mod/notifications.php
+++ b/mod/notifications.php
@@ -233,7 +233,7 @@ function notifications_content(&$a) {
 				`item`.`author-link`, `item`.`author-avatar`, `item`.`created`, `item`.`object` as `object`, 
 				`pitem`.`author-name` as `pname`, `pitem`.`author-link` as `plink` 
 				FROM `item` INNER JOIN `item` as `pitem` ON  `pitem`.`id`=`item`.`parent`
-				WHERE `item`.`unseen` = 1 AND `item`.`visible` = 1 AND `pitem`.`parent` != 0
+				WHERE `item`.`unseen` = 1 AND `item`.`visible` = 1 AND `pitem`.`parent` != 0 AND
 				 `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 0 ORDER BY `item`.`created` DESC" ,
 			intval(local_user())
 		);

From 77f4a36d9095dbdf08e5a8a58f2d5be0740dfe6c Mon Sep 17 00:00:00 2001
From: Olaf Conradi <olaf@conradi.org>
Date: Sun, 3 Mar 2013 21:41:27 +0100
Subject: [PATCH 6/6] Ignore invalid tokens when scraping an URL

---
 library/HTML5/TreeBuilder.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/library/HTML5/TreeBuilder.php b/library/HTML5/TreeBuilder.php
index 2a789f4df..cdea5373f 100644
--- a/library/HTML5/TreeBuilder.php
+++ b/library/HTML5/TreeBuilder.php
@@ -3039,7 +3039,11 @@ class HTML5_TreeBuilder {
         }
 
     private function insertElement($token, $append = true) {
-        $el = $this->dom->createElementNS(self::NS_HTML, $token['name']);
+	$el = $this->dom->createElementNS(self::NS_HTML, $token['name']);
+	if ($el == false) {
+		logger('insertElement(): ignoring invalid token='.$token['name']);
+		return false;
+	}
 		
         if (!empty($token['attr'])) {
             foreach($token['attr'] as $attr) {