rework the way private photos are embedded to avoid url differences and also check the permissions if possible to make sure that nothing sneaks by.

This commit is contained in:
friendica 2012-05-27 21:01:58 -07:00
parent 08941d4285
commit 2bd1004587
6 changed files with 142 additions and 69 deletions

View file

@ -9,7 +9,7 @@ require_once('include/nav.php');
require_once('include/cache.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica');
define ( 'FRIENDICA_VERSION', '3.0.1355' );
define ( 'FRIENDICA_VERSION', '3.0.1356' );
define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
define ( 'DB_UPDATE_VERSION', 1144 );

View file

@ -288,7 +288,7 @@ function delivery_run($argv, $argc){
if($normal_mode) {
if($item_id == $item['id'] || $item['id'] == $item['parent'])
$atom .= atom_entry($item,'text',null,$owner,true);
$atom .= atom_entry($item,'text',null,$owner,true,(($top_level) ? $contact['id'] : 0));
}
else
$atom .= atom_entry($item,'text',null,$owner,true);

View file

@ -2832,7 +2832,7 @@ function atom_author($tag,$name,$uri,$h,$w,$photo) {
return $o;
}
function atom_entry($item,$type,$author,$owner,$comment = false) {
function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) {
$a = get_app();
@ -2844,7 +2844,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false) {
if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid'])
$body = fix_private_photos($item['body'],$owner['uid']);
$body = fix_private_photos($item['body'],$owner['uid'],$item,$cid);
else
$body = $item['body'];
@ -2927,14 +2927,17 @@ function atom_entry($item,$type,$author,$owner,$comment = false) {
return $o;
}
function fix_private_photos($s,$uid) {
function fix_private_photos($s,$uid, $item = null, $cid = 0) {
$a = get_app();
logger('fix_private_photos');
logger('fix_private_photos', LOGGER_DEBUG);
$site = substr($a->get_baseurl(),strpos($a->get_baseurl,'://'));
if(preg_match("/\[img\](.*?)\[\/img\]/is",$s,$matches)) {
$image = $matches[1];
logger('fix_private_photos: found photo ' . $image);
if(stristr($image ,$a->get_baseurl() . '/photo/')) {
logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG);
if(stristr($image , $site . '/photo/')) {
$replace = false;
$i = basename($image);
$i = str_replace('.jpg','',$i);
$x = strpos($i,'-');
@ -2947,8 +2950,39 @@ function fix_private_photos($s,$uid) {
intval($uid)
);
if(count($r)) {
logger('replacing photo');
$s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s);
// Check to see if we should replace this photo link with an embedded image
// 1. No need to do so if the photo is public
// 2. If there's a contact-id provided, see if they're in the access list
// for the photo. If so, embed it.
// 3. Otherwise, if we have an item, see if the item permissions match the photo
// permissions, regardless of order but first check to see if they're an exact
// match to save some processing overhead.
// Currently we only embed one private photo per message so as not to hit import
// size limits at the receiving end.
// To embed multiples, we would need to parse out the embedded photos on message
// receipt and limit size based only on the text component. Would also need to
// ignore all photos during bbcode translation and item localisation, as these
// will hit internal regex backtrace limits.
if(has_permissions($r[0])) {
if($cid) {
$recips = enumerate_permissions($r[0]);
if(in_array($cid, $recips)) {
$replace = true;
}
}
elseif($item) {
if(compare_permissions($item,$r[0]))
$replace = true;
}
}
if($replace) {
logger('replacing photo');
$s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s);
}
}
}
logger('fix_private_photos: replaced: ' . $s, LOGGER_DATA);
@ -2958,6 +2992,44 @@ function fix_private_photos($s,$uid) {
}
function has_permissions($obj) {
if(($obj['allow_cid'] != '') || ($obj['allow_gid'] != '') || ($obj['deny_cid'] != '') || ($obj['deny_gid'] != ''))
return true;
return false;
}
function compare_permissions($obj1,$obj2) {
// first part is easy. Check that these are exactly the same.
if(($obj1['allow_cid'] == $obj2['allow_cid'])
&& ($obj1['allow_gid'] == $obj2['allow_gid'])
&& ($obj1['deny_cid'] == $obj2['deny_cid'])
&& ($obj1['deny_gid'] == $obj2['deny_gid']))
return true;
// This is harder. Parse all the permissions and compare the resulting set.
$recipients1 = enumerate_permissions($obj1);
$recipients2 = enumerate_permissions($obj2);
sort($recipients1);
sort($recipients2);
if($recipients1 == $recipients2)
return true;
return false;
}
// returns an array of contact-ids that are allowed to see this object
function enumerate_permissions($obj) {
require_once('include/group.php');
$allow_people = expand_acl($obj['allow_cid']);
$allow_groups = expand_groups(expand_acl($obj['allow_gid']));
$deny_people = expand_acl($obj['deny_cid']);
$deny_groups = expand_groups(expand_acl($obj['deny_gid']));
$recipients = array_unique(array_merge($allow_people,$allow_groups));
$deny = array_unique(array_merge($deny_people,$deny_groups));
$recipients = array_diff($recipients,$deny);
return $recipients;
}
function item_getfeedtags($item) {
$ret = array();

View file

@ -345,7 +345,7 @@ function notifier_run($argv, $argc){
if($mail) {
$public_message = false; // mail is not public
$body = fix_private_photos($item['body'],$owner['uid']);
$body = fix_private_photos($item['body'],$owner['uid'],null,$message[0]['contact-id']);
$atom .= replace_macros($mail_template, array(
'$name' => xmlify($owner['name']),

View file

@ -15,6 +15,7 @@ function get_theme_config_file($theme){
}
function settings_init(&$a) {
// These lines provide the javascript needed by the acl selector
$a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "';" ;

View file

@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: 3.0.1355\n"
"Project-Id-Version: 3.0.1356\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2012-05-26 10:00-0700\n"
"POT-Creation-Date: 2012-05-27 10:00-0700\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -221,7 +221,7 @@ msgid "link to source"
msgstr ""
#: ../../mod/events.php:324 ../../view/theme/diabook/theme.php:126
#: ../../include/nav.php:52 ../../boot.php:1523
#: ../../include/nav.php:52 ../../boot.php:1520
msgid "Events"
msgstr ""
@ -271,7 +271,7 @@ msgid "Description:"
msgstr ""
#: ../../mod/events.php:423 ../../include/event.php:37
#: ../../include/bb2diaspora.php:260 ../../boot.php:1103
#: ../../include/bb2diaspora.php:265 ../../boot.php:1100
msgid "Location:"
msgstr ""
@ -346,7 +346,7 @@ msgstr ""
msgid "No"
msgstr ""
#: ../../mod/photos.php:43 ../../boot.php:1517
#: ../../mod/photos.php:43 ../../boot.php:1514
msgid "Photo Albums"
msgstr ""
@ -551,7 +551,7 @@ msgstr ""
#: ../../mod/photos.php:1295 ../../mod/photos.php:1335
#: ../../mod/photos.php:1366 ../../include/conversation.php:558
#: ../../boot.php:517
#: ../../boot.php:514
msgid "Comment"
msgstr ""
@ -1135,7 +1135,7 @@ msgid ""
msgstr ""
#: ../../mod/localtime.php:12 ../../include/event.php:11
#: ../../include/bb2diaspora.php:238
#: ../../include/bb2diaspora.php:243
msgid "l F d, Y \\@ g:i A"
msgstr ""
@ -1181,7 +1181,7 @@ msgid "is interested in:"
msgstr ""
#: ../../mod/match.php:58 ../../mod/suggest.php:59
#: ../../include/contact_widgets.php:9 ../../boot.php:1047
#: ../../include/contact_widgets.php:9 ../../boot.php:1044
msgid "Connect"
msgstr ""
@ -1708,7 +1708,7 @@ msgstr ""
#: ../../addon/facebook/facebook.php:1178
#: ../../addon/public_server/public_server.php:62
#: ../../addon/testdrive/testdrive.php:67 ../../include/items.php:2738
#: ../../boot.php:697
#: ../../boot.php:694
msgid "Administrator"
msgstr ""
@ -1718,7 +1718,7 @@ msgid ""
"Password reset failed."
msgstr ""
#: ../../mod/lostpass.php:83 ../../boot.php:829
#: ../../mod/lostpass.php:83 ../../boot.php:826
msgid "Password Reset"
msgstr ""
@ -2384,7 +2384,7 @@ msgstr ""
msgid "Invalid contact."
msgstr ""
#: ../../mod/notes.php:44 ../../boot.php:1529
#: ../../mod/notes.php:44 ../../boot.php:1526
msgid "Personal Notes"
msgstr ""
@ -2635,7 +2635,7 @@ msgstr ""
#: ../../mod/profperm.php:103 ../../view/theme/diabook/theme.php:123
#: ../../include/profile_advanced.php:7 ../../include/profile_advanced.php:74
#: ../../include/nav.php:50 ../../boot.php:1508
#: ../../include/nav.php:50 ../../boot.php:1505
msgid "Profile"
msgstr ""
@ -2807,7 +2807,7 @@ msgstr ""
msgid "Choose a nickname: "
msgstr ""
#: ../../mod/register.php:546 ../../include/nav.php:81 ../../boot.php:795
#: ../../mod/register.php:546 ../../include/nav.php:81 ../../boot.php:792
msgid "Register"
msgstr ""
@ -2850,7 +2850,7 @@ msgid "Access denied."
msgstr ""
#: ../../mod/fbrowser.php:23 ../../view/theme/diabook/theme.php:125
#: ../../include/nav.php:51 ../../boot.php:1514
#: ../../include/nav.php:51 ../../boot.php:1511
msgid "Photos"
msgstr ""
@ -3633,7 +3633,7 @@ msgstr ""
msgid "FTP Password"
msgstr ""
#: ../../mod/profile.php:21 ../../boot.php:960
#: ../../mod/profile.php:21 ../../boot.php:957
msgid "Requested profile is not available."
msgstr ""
@ -3703,8 +3703,8 @@ msgid ""
"Account not found and OpenID registration is not permitted on this site."
msgstr ""
#: ../../mod/openid.php:93 ../../include/auth.php:97
#: ../../include/auth.php:160
#: ../../mod/openid.php:93 ../../include/auth.php:99
#: ../../include/auth.php:162
msgid "Login failed."
msgstr ""
@ -4051,23 +4051,23 @@ msgstr ""
msgid "Edit/Manage Profiles"
msgstr ""
#: ../../mod/profiles.php:630 ../../boot.php:1069
#: ../../mod/profiles.php:630 ../../boot.php:1066
msgid "Change profile photo"
msgstr ""
#: ../../mod/profiles.php:631 ../../boot.php:1070
#: ../../mod/profiles.php:631 ../../boot.php:1067
msgid "Create New Profile"
msgstr ""
#: ../../mod/profiles.php:642 ../../boot.php:1080
#: ../../mod/profiles.php:642 ../../boot.php:1077
msgid "Profile Image"
msgstr ""
#: ../../mod/profiles.php:644 ../../boot.php:1083
#: ../../mod/profiles.php:644 ../../boot.php:1080
msgid "visible to everybody"
msgstr ""
#: ../../mod/profiles.php:645 ../../boot.php:1084
#: ../../mod/profiles.php:645 ../../boot.php:1081
msgid "Edit visibility"
msgstr ""
@ -4675,7 +4675,7 @@ msgstr ""
#: ../../addon/page/page.php:63 ../../addon/showmore/showmore.php:87
#: ../../include/contact_widgets.php:188 ../../include/conversation.php:470
#: ../../boot.php:518
#: ../../boot.php:515
msgid "show more"
msgstr ""
@ -4691,7 +4691,7 @@ msgstr ""
#: ../../addon/communityhome/communityhome.php:34
#: ../../addon/communityhome/twillingham/communityhome.php:28
#: ../../addon/communityhome/twillingham/communityhome.php:34
#: ../../include/nav.php:64 ../../boot.php:816
#: ../../include/nav.php:64 ../../boot.php:813
msgid "Login"
msgstr ""
@ -5868,7 +5868,7 @@ msgstr ""
msgid "Set colour scheme"
msgstr ""
#: ../../include/profile_advanced.php:17 ../../boot.php:1105
#: ../../include/profile_advanced.php:17 ../../boot.php:1102
msgid "Gender:"
msgstr ""
@ -5889,11 +5889,11 @@ msgstr ""
msgid "Age:"
msgstr ""
#: ../../include/profile_advanced.php:37 ../../boot.php:1108
#: ../../include/profile_advanced.php:37 ../../boot.php:1105
msgid "Status:"
msgstr ""
#: ../../include/profile_advanced.php:45 ../../boot.php:1110
#: ../../include/profile_advanced.php:45 ../../boot.php:1107
msgid "Homepage:"
msgstr ""
@ -6249,11 +6249,11 @@ msgstr ""
msgid "Ask me"
msgstr ""
#: ../../include/event.php:17 ../../include/bb2diaspora.php:244
#: ../../include/event.php:17 ../../include/bb2diaspora.php:249
msgid "Starts:"
msgstr ""
#: ../../include/event.php:27 ../../include/bb2diaspora.php:252
#: ../../include/event.php:27 ../../include/bb2diaspora.php:257
msgid "Finishes:"
msgstr ""
@ -6477,7 +6477,7 @@ msgstr ""
msgid "Contacts not in any group"
msgstr ""
#: ../../include/nav.php:46 ../../boot.php:815
#: ../../include/nav.php:46 ../../boot.php:812
msgid "Logout"
msgstr ""
@ -6485,7 +6485,7 @@ msgstr ""
msgid "End this session"
msgstr ""
#: ../../include/nav.php:49 ../../boot.php:1502
#: ../../include/nav.php:49 ../../boot.php:1499
msgid "Status"
msgstr ""
@ -6565,11 +6565,11 @@ msgstr ""
msgid "Manage other pages"
msgstr ""
#: ../../include/nav.php:138 ../../boot.php:1063
#: ../../include/nav.php:138 ../../boot.php:1060
msgid "Profiles"
msgstr ""
#: ../../include/nav.php:138 ../../boot.php:1063
#: ../../include/nav.php:138 ../../boot.php:1060
msgid "Manage/edit profiles"
msgstr ""
@ -6652,13 +6652,13 @@ msgstr ""
msgid "Logged out."
msgstr ""
#: ../../include/auth.php:113
#: ../../include/auth.php:115
msgid ""
"We encountered a problem while logging in with the OpenID you provided. "
"Please check the correct spelling of the ID."
msgstr ""
#: ../../include/auth.php:113
#: ../../include/auth.php:115
msgid "The error message was:"
msgstr ""
@ -7236,96 +7236,96 @@ msgstr ""
msgid "permissions"
msgstr ""
#: ../../boot.php:516
#: ../../boot.php:513
msgid "Delete this item?"
msgstr ""
#: ../../boot.php:519
#: ../../boot.php:516
msgid "show fewer"
msgstr ""
#: ../../boot.php:692
#: ../../boot.php:689
#, php-format
msgid "Update %s failed. See error logs."
msgstr ""
#: ../../boot.php:694
#: ../../boot.php:691
#, php-format
msgid "Update Error at %s"
msgstr ""
#: ../../boot.php:794
#: ../../boot.php:791
msgid "Create a New Account"
msgstr ""
#: ../../boot.php:818
#: ../../boot.php:815
msgid "Nickname or Email address: "
msgstr ""
#: ../../boot.php:819
#: ../../boot.php:816
msgid "Password: "
msgstr ""
#: ../../boot.php:822
#: ../../boot.php:819
msgid "Or login using OpenID: "
msgstr ""
#: ../../boot.php:828
#: ../../boot.php:825
msgid "Forgot your password?"
msgstr ""
#: ../../boot.php:995
#: ../../boot.php:992
msgid "Edit profile"
msgstr ""
#: ../../boot.php:1055
#: ../../boot.php:1052
msgid "Message"
msgstr ""
#: ../../boot.php:1171 ../../boot.php:1247
#: ../../boot.php:1168 ../../boot.php:1244
msgid "g A l F d"
msgstr ""
#: ../../boot.php:1172 ../../boot.php:1248
#: ../../boot.php:1169 ../../boot.php:1245
msgid "F d"
msgstr ""
#: ../../boot.php:1217 ../../boot.php:1288
#: ../../boot.php:1214 ../../boot.php:1285
msgid "[today]"
msgstr ""
#: ../../boot.php:1229
#: ../../boot.php:1226
msgid "Birthday Reminders"
msgstr ""
#: ../../boot.php:1230
#: ../../boot.php:1227
msgid "Birthdays this week:"
msgstr ""
#: ../../boot.php:1281
#: ../../boot.php:1278
msgid "[No description]"
msgstr ""
#: ../../boot.php:1299
#: ../../boot.php:1296
msgid "Event Reminders"
msgstr ""
#: ../../boot.php:1300
#: ../../boot.php:1297
msgid "Events this week:"
msgstr ""
#: ../../boot.php:1505
#: ../../boot.php:1502
msgid "Status Messages and Posts"
msgstr ""
#: ../../boot.php:1511
#: ../../boot.php:1508
msgid "Profile Details"
msgstr ""
#: ../../boot.php:1526
#: ../../boot.php:1523
msgid "Events and Calendar"
msgstr ""
#: ../../boot.php:1532
#: ../../boot.php:1529
msgid "Only You Can See This"
msgstr ""