From 4f796c68d2db16813b0115f8b7f983326b9a072d Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 2 Jan 2011 14:12:22 -0800 Subject: [PATCH 01/10] declare key size/algorithm to ensure key gets generated --- mod/register.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/mod/register.php b/mod/register.php index bd169fbb..68c7297c 100644 --- a/mod/register.php +++ b/mod/register.php @@ -123,7 +123,20 @@ function register_post(&$a) { $pkey = openssl_pkey_get_details($res); $pubkey = $pkey["key"]; + /** + * + * Create another keypair for signing/verifying + * salmon protocol messages. We have to use a slightly + * less robust key because this won't be using openssl + * but the phpseclib. Since it is PHP interpreted code + * it is not nearly as efficient, and the larger keys + * will take several minutes each to process. + * + */ + $sres=openssl_pkey_new(array( + 'digest_alg' => 'sha1', + 'private_key_bits' => 512, 'encrypt_key' => false )); // Get private key From c907c22edac95552958c7c070cd77420b032e9d0 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 2 Jan 2011 14:26:23 -0800 Subject: [PATCH 02/10] missing thumbnail in new profiles --- mod/profiles.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mod/profiles.php b/mod/profiles.php index e99e0f28..1c75dc0e 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -265,13 +265,14 @@ function profiles_content(&$a) { dbesc($name), dbesc($r1[0]['name']), dbesc($r1[0]['photo']), - dbesc($ra[0]['thumb']) + dbesc($r1[0]['thumb']) ); $r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1", intval(local_user()), dbesc($name) ); + notice( t('New profile created.') . EOL); if(count($r3) == 1) goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']); From b3f39aa2b09f025c3eb3ecb269b86681e775bc43 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 2 Jan 2011 14:30:17 -0800 Subject: [PATCH 03/10] alt profiles not clickable --- view/profile_entry.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/view/profile_entry.tpl b/view/profile_entry.tpl index db28c0a8..5c6952af 100644 --- a/view/profile_entry.tpl +++ b/view/profile_entry.tpl @@ -4,7 +4,7 @@ Profile Image
-
$profile_name
+
From b381dfa6c64719099c9f07c746f2ce9370d3a37a Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 2 Jan 2011 14:36:30 -0800 Subject: [PATCH 04/10] typo slipped through --- mod/install.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod/install.php b/mod/install.php index 643f9a55..dc91f848 100644 --- a/mod/install.php +++ b/mod/install.php @@ -19,7 +19,7 @@ function install_post(&$a) { if(mysqli_connect_errno()) { $db = new dba($dbhost, $dbuser, $dbpass, '', true); - if(! mysql_connect_errno()) { + if(! mysqli_connect_errno()) { $r = q("CREATE DATABASE '%s'", dbesc($dbdata) ); From 0fb3aa1b57dc2a1d58a839bc99d2098003778d33 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 2 Jan 2011 19:05:11 -0800 Subject: [PATCH 05/10] valid host checks were returning true on TXT records and other useless garbage --- boot.php | 4 ++-- index.php | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/boot.php b/boot.php index 197b6d23..e4a13ce9 100644 --- a/boot.php +++ b/boot.php @@ -1481,7 +1481,7 @@ function validate_url(&$url) { $url = 'http://' . $url; $h = parse_url($url); - if(($h) && (checkdnsrr($h['host'], 'ANY'))) { + if(($h) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR))) { return true; } return false; @@ -1496,7 +1496,7 @@ function validate_email($addr) { return false; $h = substr($addr,strpos($addr,'@') + 1); - if(($h) && (checkdnsrr($h, 'ANY'))) { + if(($h) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR + DNS_MX))) { return true; } return false; diff --git a/index.php b/index.php index f6ea0c9a..abc02521 100644 --- a/index.php +++ b/index.php @@ -127,6 +127,7 @@ else * further processing. */ + if(strlen($a->module)) { if(file_exists("mod/{$a->module}.php")) { include("mod/{$a->module}.php"); From 0a485e66647fb58e58e1a4bcab350109ff28cb22 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 2 Jan 2011 21:01:07 -0800 Subject: [PATCH 06/10] don't use openid CURL wrapper if open_basedir is set (even if safe_mode isn't) --- library/openid.php | 2 +- mod/directory.php | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/library/openid.php b/library/openid.php index eec652bb..3c58beb8 100644 --- a/library/openid.php +++ b/library/openid.php @@ -276,7 +276,7 @@ class LightOpenID protected function request($url, $method='GET', $params=array()) { - if(function_exists('curl_init') && !ini_get('safe_mode')) { + if(function_exists('curl_init') && !ini_get('safe_mode') && (! strlen(ini_get('open_basedir')))) { return $this->request_curl($url, $method, $params); } return $this->request_streams($url, $method, $params); diff --git a/mod/directory.php b/mod/directory.php index 062aae51..e1c83f05 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -40,6 +40,8 @@ function directory_content(&$a) { $sql_extra = ((strlen($search)) ? " AND MATCH (`profile`.`name`, `user`.`nickname`, `locality`,`region`,`country-name`,`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`keywords` ) AGAINST ('$search' IN BOOLEAN MODE) " : ""); + + $r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 AND `publish` = 1 AND `user`.`blocked` = 0 $sql_extra "); if(count($r)) $a->set_pager_total($r[0]['total']); From 03e15bd22f41ad24eba2b97442e2dc1920efb149 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 2 Jan 2011 21:20:17 -0800 Subject: [PATCH 07/10] don't update openidserver if openid is empty --- mod/settings.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/mod/settings.php b/mod/settings.php index 273e8baa..079c835b 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -117,11 +117,15 @@ function settings_post(&$a) { // If openid has changed or if there's an openid but no openidserver, try and discover it. if($openid != $a->user['openid'] || (strlen($openid) && (! strlen($openidserver)))) { - logger('updating openidserver'); - require_once('library/openid.php'); - $open_id_obj = new LightOpenID; - $open_id_obj->identity = $openid; - $openidserver = $open_id_obj->discover($open_id_obj->identity); + if(strlen($openid)) { + logger('updating openidserver'); + require_once('library/openid.php'); + $open_id_obj = new LightOpenID; + $open_id_obj->identity = $openid; + $openidserver = $open_id_obj->discover($open_id_obj->identity); + } + else + $openidserver = ''; } $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d, `openidserver` = '%s' WHERE `uid` = %d LIMIT 1", From 527ff13f77af4a392e93b92e51774938a5ce9885 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 2 Jan 2011 21:25:38 -0800 Subject: [PATCH 08/10] validate the openid url as well. We won't change it if it's bogus, but we won't use it either. --- mod/settings.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mod/settings.php b/mod/settings.php index 079c835b..eb27de06 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -117,7 +117,8 @@ function settings_post(&$a) { // If openid has changed or if there's an openid but no openidserver, try and discover it. if($openid != $a->user['openid'] || (strlen($openid) && (! strlen($openidserver)))) { - if(strlen($openid)) { + $tmp_str = $openid; + if(strlen($tmp_str) && validate_url($tmp_str)) { logger('updating openidserver'); require_once('library/openid.php'); $open_id_obj = new LightOpenID; From de5495f90b0327f565888d6cae9b9ae9cfa2664f Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 2 Jan 2011 21:53:00 -0800 Subject: [PATCH 09/10] don't process empty or non-existent group array --- mod/group.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mod/group.php b/mod/group.php index 01875d01..fcdc6a75 100644 --- a/mod/group.php +++ b/mod/group.php @@ -56,13 +56,14 @@ function group_post(&$a) { notice( t('Group name changed.') . EOL ); } $members = $_POST['group_members_select']; - array_walk($members,'validate_members'); + if(is_array($members)) + array_walk($members,'validate_members'); $r = q("DELETE FROM `group_member` WHERE `gid` = %d AND `uid` = %d", intval($a->argv[1]), intval(local_user()) ); $result = true; - if(count($members)) { + if(is_array($members) && count($members)) { foreach($members as $member) { $r = q("INSERT INTO `group_member` ( `uid`, `gid`, `contact-id`) VALUES ( %d, %d, %d )", From d92659560b8edd0594b587103b43ad5bd5012639 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 2 Jan 2011 22:09:54 -0800 Subject: [PATCH 10/10] site config to force publish in site directory --- mod/directory.php | 6 +++--- mod/settings.php | 17 ++++++++++------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/mod/directory.php b/mod/directory.php index e1c83f05..b0cee76c 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -39,16 +39,16 @@ function directory_content(&$a) { $search = dbesc($search); $sql_extra = ((strlen($search)) ? " AND MATCH (`profile`.`name`, `user`.`nickname`, `locality`,`region`,`country-name`,`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`keywords` ) AGAINST ('$search' IN BOOLEAN MODE) " : ""); + $publish = ((get_config('system','publish_all')) ? '' : " AND `publish` = 1 " ); - - $r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 AND `publish` = 1 AND `user`.`blocked` = 0 $sql_extra "); + $r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 $publish AND `user`.`blocked` = 0 $sql_extra "); if(count($r)) $a->set_pager_total($r[0]['total']); - $r = q("SELECT `profile`.*, `profile`.`uid` AS `profile_uid`, `user`.`nickname`, `user`.`timezone` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 AND `publish` = 1 AND `user`.`blocked` = 0 $sql_extra ORDER BY `name` ASC LIMIT %d , %d ", + $r = q("SELECT `profile`.*, `profile`.`uid` AS `profile_uid`, `user`.`nickname`, `user`.`timezone` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 $publish AND `user`.`blocked` = 0 $sql_extra ORDER BY `name` ASC LIMIT %d , %d ", intval($a->pager['start']), intval($a->pager['itemspage']) ); diff --git a/mod/settings.php b/mod/settings.php index eb27de06..0f01807a 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -247,13 +247,16 @@ function settings_content(&$a) { } - - - $opt_tpl = load_view_file("view/profile-in-directory.tpl"); - $profile_in_dir = replace_macros($opt_tpl,array( - '$yes_selected' => (($profile['publish']) ? " checked=\"checked\" " : ""), - '$no_selected' => (($profile['publish'] == 0) ? " checked=\"checked\" " : "") - )); + if(get_config('system','publish_all')) { + $profile_in_dir = ''; + } + else { + $opt_tpl = load_view_file("view/profile-in-directory.tpl"); + $profile_in_dir = replace_macros($opt_tpl,array( + '$yes_selected' => (($profile['publish']) ? " checked=\"checked\" " : ""), + '$no_selected' => (($profile['publish'] == 0) ? " checked=\"checked\" " : "") + )); + } if(strlen(get_config('system','directory_submit_url'))) { $opt_tpl = load_view_file("view/profile-in-netdir.tpl");