bitPickups/friendica_2021.01_tupambae_shared_hosting
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Yeah, and again notices ... (#5536)

Browse source 
* Yeah, and again notices ...

* And some more

* Block access without given user name

* Reformatting
This commit is contained in:
Michael Vogel 2018-08-01 07:29:58 +02:00 committed by Tobias Diekershoff
parent 71b1638d9a
commit 9d0f18c0b3
8 changed files with 82 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/security.php
View file

@ -179,7 +179,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
* The cookie will be renewed automatically. * The cookie will be renewed automatically.
* The week ensures that sessions will expire after some inactivity. * The week ensures that sessions will expire after some inactivity.
*/ */
if ($_SESSION['remember']) { if (!empty($_SESSION['remember'])) {
logger('Injecting cookie for remembered user ' . $a->user['nickname']); logger('Injecting cookie for remembered user ' . $a->user['nickname']);
new_cookie(604800, $user_record); new_cookie(604800, $user_record);
unset($_SESSION['remember']); unset($_SESSION['remember']);
@ -225,7 +225,7 @@ function can_write_wall($owner)
} else { } else {
$cid = 0; $cid = 0;
if (is_array($_SESSION['remote'])) { if (!empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) { foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $owner) { if ($visitor['uid'] == $owner) {
$cid = $visitor['cid']; $cid = $visitor['cid'];

2
index.php
View file

@ -100,7 +100,7 @@ if (x($_SESSION, 'authenticated') && !x($_SESSION, 'language')) {
} }
} }
if ((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) { if (x($_SESSION, 'language') && ($_SESSION['language'] !== $lang)) {
$lang = $_SESSION['language']; $lang = $_SESSION['language'];
L10n::loadTranslationTable($lang); L10n::loadTranslationTable($lang);
} }

88
mod/cal.php
View file

@ -28,52 +28,54 @@ function cal_init(App $a)
DFRN::autoRedir($a, $a->argv[1]); DFRN::autoRedir($a, $a->argv[1]);
} }
if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) { if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
return; return;
} }
if ($a->argc < 2) {
System::httpExit(403, ["title" => L10n::t('Access denied.')]);
}
Nav::setSelected('events'); Nav::setSelected('events');
if ($a->argc > 1) { $nick = $a->argv[1];
$nick = $a->argv[1]; $user = DBA::selectFirst('user', [], ['nickname' => $nick, 'blocked' => false]);
$user = DBA::selectFirst('user', [], ['nickname' => $nick, 'blocked' => false]); if (!DBA::isResult($user)) {
if (!DBA::isResult($user)) { return;
return;
}
$a->data['user'] = $user;
$a->profile_uid = $user['uid'];
// if it's a json request abort here becaus we don't
// need the widget data
if (!empty($a->argv[2]) && ($a->argv[2] === 'json')) {
return;
}
$profile = Profile::getByNickname($nick, $a->profile_uid);
$account_type = Contact::getAccountType($profile);
$tpl = get_markup_template("vcard-widget.tpl");
$vcard_widget = replace_macros($tpl, [
'$name' => $profile['name'],
'$photo' => $profile['photo'],
'$addr' => (($profile['addr'] != "") ? $profile['addr'] : ""),
'$account_type' => $account_type,
'$pdesc' => (($profile['pdesc'] != "") ? $profile['pdesc'] : ""),
]);
$cal_widget = Widget\CalendarExport::getHTML();
if (!x($a->page, 'aside')) {
$a->page['aside'] = '';
}
$a->page['aside'] .= $vcard_widget;
$a->page['aside'] .= $cal_widget;
} }
$a->data['user'] = $user;
$a->profile_uid = $user['uid'];
// if it's a json request abort here becaus we don't
// need the widget data
if (!empty($a->argv[2]) && ($a->argv[2] === 'json')) {
return;
}
$profile = Profile::getByNickname($nick, $a->profile_uid);
$account_type = Contact::getAccountType($profile);
$tpl = get_markup_template("vcard-widget.tpl");
$vcard_widget = replace_macros($tpl, [
'$name' => $profile['name'],
'$photo' => $profile['photo'],
'$addr' => (($profile['addr'] != "") ? $profile['addr'] : ""),
'$account_type' => $account_type,
'$pdesc' => (($profile['pdesc'] != "") ? $profile['pdesc'] : ""),
]);
$cal_widget = Widget\CalendarExport::getHTML();
if (!x($a->page, 'aside')) {
$a->page['aside'] = '';
}
$a->page['aside'] .= $vcard_widget;
$a->page['aside'] .= $cal_widget;
return; return;
} }
@ -100,7 +102,7 @@ function cal_content(App $a)
$mode = 'view'; $mode = 'view';
$y = 0; $y = 0;
$m = 0; $m = 0;
$ignored = ((x($_REQUEST, 'ignored')) ? intval($_REQUEST['ignored']) : 0); $ignored = (x($_REQUEST, 'ignored') ? intval($_REQUEST['ignored']) : 0);
$format = 'ical'; $format = 'ical';
if ($a->argc == 4 && $a->argv[2] == 'export') { if ($a->argc == 4 && $a->argv[2] == 'export') {
@ -138,7 +140,7 @@ function cal_content(App $a)
$is_owner = local_user() == $a->profile['profile_uid']; $is_owner = local_user() == $a->profile['profile_uid'];
if ($a->profile['hidewall'] && (!$is_owner) && (!$remote_contact)) { if ($a->profile['hidewall'] && !$is_owner && !$remote_contact) {
notice(L10n::t('Access to this profile has been restricted.') . EOL); notice(L10n::t('Access to this profile has been restricted.') . EOL);
return; return;
} }
@ -293,14 +295,14 @@ function cal_content(App $a)
} }
if ($mode == 'export') { if ($mode == 'export') {
if (!(intval($owner_uid))) { if (!intval($owner_uid)) {
notice(L10n::t('User not found')); notice(L10n::t('User not found'));
return; return;
} }
// Test permissions // Test permissions
// Respect the export feature setting for all other /cal pages if it's not the own profile // Respect the export feature setting for all other /cal pages if it's not the own profile
if (((local_user() !== intval($owner_uid))) && !Feature::isEnabled($owner_uid, "export_calendar")) { if ((local_user() !== intval($owner_uid)) && !Feature::isEnabled($owner_uid, "export_calendar")) {
notice(L10n::t('Permission denied.') . EOL); notice(L10n::t('Permission denied.') . EOL);
goaway('cal/' . $nick); goaway('cal/' . $nick);
} }

2
mod/manage.php
View file

@ -132,7 +132,7 @@ function manage_content(App $a) {
return; return;
} }
if ($_GET['identity']) { if (!empty($_GET['identity'])) {
$_POST['identity'] = $_GET['identity']; $_POST['identity'] = $_GET['identity'];
manage_post($a); manage_post($a);
return; return;

38
mod/viewcontacts.php
View file

@ -11,36 +11,39 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact; use Friendica\Model\Contact;
use Friendica\Model\Profile; use Friendica\Model\Profile;
use Friendica\Util\Proxy as ProxyUtils; use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Core\System;
function viewcontacts_init(App $a) function viewcontacts_init(App $a)
{ {
if ((Config::get('system', 'block_public')) && (! local_user()) && (! remote_user())) { if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
return; return;
} }
if ($a->argc < 2) {
System::httpExit(403, ["title" => L10n::t('Access denied.')]);
}
Nav::setSelected('home'); Nav::setSelected('home');
if ($a->argc > 1) { $nick = $a->argv[1];
$nick = $a->argv[1]; $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1", DBA::escape($nick)
DBA::escape($nick) );
);
if (! DBA::isResult($r)) { if (!DBA::isResult($r)) {
return; return;
}
$a->data['user'] = $r[0];
$a->profile_uid = $r[0]['uid'];
$is_owner = (local_user() && (local_user() == $a->profile_uid));
Profile::load($a, $a->argv[1]);
} }
$a->data['user'] = $r[0];
$a->profile_uid = $r[0]['uid'];
$is_owner = (local_user() && (local_user() == $a->profile_uid));
Profile::load($a, $a->argv[1]);
} }
function viewcontacts_content(App $a) function viewcontacts_content(App $a)
{ {
if ((Config::get('system', 'block_public')) && (! local_user()) && (! remote_user())) { if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
notice(L10n::t('Public access denied.') . EOL); notice(L10n::t('Public access denied.') . EOL);
return; return;
} }
@ -52,7 +55,7 @@ function viewcontacts_content(App $a)
// tabs // tabs
$o .= Profile::getTabs($a, $is_owner, $a->data['user']['nickname']); $o .= Profile::getTabs($a, $is_owner, $a->data['user']['nickname']);
if (((! count($a->profile)) || ($a->profile['hide-friends']))) { if (!count($a->profile) || $a->profile['hide-friends']) {
notice(L10n::t('Permission denied.') . EOL); notice(L10n::t('Permission denied.') . EOL);
return $o; return $o;
} }
@ -123,6 +126,5 @@ function viewcontacts_content(App $a)
'$paginate' => paginate($a), '$paginate' => paginate($a),
]); ]);
return $o; return $o;
} }

10
src/Model/Contact.php
View file

@ -339,6 +339,11 @@ class Contact extends BaseObject
$item = []; $item = [];
$item['verb'] = NAMESPACE_OSTATUS . "/unfollow"; $item['verb'] = NAMESPACE_OSTATUS . "/unfollow";
$item['follow'] = $contact["url"]; $item['follow'] = $contact["url"];
$item['body'] = '';
$item['title'] = '';
$item['guid'] = '';
$item['tag'] = '';
$item['attach'] = '';
$slap = OStatus::salmon($item, $user); $slap = OStatus::salmon($item, $user);
if (!empty($contact['notify'])) { if (!empty($contact['notify'])) {
@ -1505,6 +1510,11 @@ class Contact extends BaseObject
$item = []; $item = [];
$item['verb'] = ACTIVITY_FOLLOW; $item['verb'] = ACTIVITY_FOLLOW;
$item['follow'] = $contact["url"]; $item['follow'] = $contact["url"];
$item['body'] = '';
$item['title'] = '';
$item['guid'] = '';
$item['tag'] = '';
$item['attach'] = '';
$slap = OStatus::salmon($item, $r[0]); $slap = OStatus::salmon($item, $r[0]);
if (!empty($contact['notify'])) { if (!empty($contact['notify'])) {
Salmon::slapper($r[0], $contact['notify'], $slap); Salmon::slapper($r[0], $contact['notify'], $slap);

4
src/Model/Profile.php
View file

@ -199,7 +199,7 @@ class Profile
*/ */
public static function getByNickname($nickname, $uid = 0, $profile_id = 0) public static function getByNickname($nickname, $uid = 0, $profile_id = 0)
{ {
if (remote_user() && count($_SESSION['remote'])) { if (remote_user() && !empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) { foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $uid) { if ($visitor['uid'] == $uid) {
$contact = DBA::selectFirst('contact', ['profile-id'], ['id' => $visitor['cid']]); $contact = DBA::selectFirst('contact', ['profile-id'], ['id' => $visitor['cid']]);
@ -293,7 +293,7 @@ class Profile
$connect = $profile['uid'] != local_user() ? L10n::t('Connect') : false; $connect = $profile['uid'] != local_user() ? L10n::t('Connect') : false;
// don't show connect link to authenticated visitors either // don't show connect link to authenticated visitors either
if (remote_user() && count($_SESSION['remote'])) { if (remote_user() && !empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) { foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $profile['uid']) { if ($visitor['uid'] == $profile['uid']) {
$connect = false; $connect = false;

2
src/Protocol/Diaspora.php
View file

@ -4089,7 +4089,7 @@ class Diaspora
$arr = explode(' ', $profile['pub_keywords']); $arr = explode(' ', $profile['pub_keywords']);
if (count($arr)) { if (count($arr)) {
for ($x = 0; $x < 5; $x ++) { for ($x = 0; $x < 5; $x ++) {
if (trim($arr[$x])) { if (!empty($arr[$x])) {
$tags .= '#'. trim($arr[$x]) .' '; $tags .= '#'. trim($arr[$x]) .' ';
} }
} }