diff --git a/mod/cal.php b/mod/cal.php index b77abaa828..158856d21e 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -26,10 +26,6 @@ use Friendica\Util\Temporal; function cal_init(App $a) { - if ($a->argc > 1) { - DFRN::autoRedir($a, $a->argv[1]); - } - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.')); } @@ -117,9 +113,7 @@ function cal_content(App $a) $contact_id = remote_user($a->profile['profile_uid']); } - $groups = []; if ($contact_id) { - $groups = Group::getIdsByContactId($contact_id); $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($a->profile['profile_uid']) @@ -137,7 +131,7 @@ function cal_content(App $a) } // get the permissions - $sql_perms = Item::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups); + $sql_perms = Item::getPermissionsSQLByUserId($owner_uid); // we only want to have the events of the profile owner $sql_extra = " AND `event`.`cid` = 0 " . $sql_perms; diff --git a/mod/display.php b/mod/display.php index 6b5edd987c..7f77be37ef 100644 --- a/mod/display.php +++ b/mod/display.php @@ -53,14 +53,10 @@ function display_init(App $a) $nick = $a->user["nickname"]; } // Is this item private but could be visible to the remove visitor? - } elseif (remote_user()) { + } elseif (remote_user($item['uid'])) { $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); if (DBA::isResult($item)) { - if (!Contact::isFollower(remote_user(), $item['uid'])) { - $item = null; - } else { - $item_user = $item['uid']; - } + $item_user = $item['uid']; } } @@ -229,9 +225,9 @@ function display_content(App $a, $update = false, $update_uid = 0) $item_parent = $item["parent"]; $item_parent_uri = $item['parent-uri']; } - } elseif (remote_user()) { + } elseif (remote_user($item['uid'])) { $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); - if (DBA::isResult($item) && Contact::isFollower(remote_user(), $item['uid'])) { + if (DBA::isResult($item)) { $item_id = $item["id"]; $item_parent = $item["parent"]; $item_parent_uri = $item['parent-uri']; @@ -269,8 +265,6 @@ function display_content(App $a, $update = false, $update_uid = 0) ['$alternate' => $alternate, '$conversation' => $conversation]); - $groups = []; - $remote_cid = null; $is_remote_contact = false; $item_uid = local_user(); @@ -279,15 +273,9 @@ function display_content(App $a, $update = false, $update_uid = 0) if (DBA::isResult($parent)) { $a->profile['uid'] = defaults($a->profile, 'uid', $parent['uid']); $a->profile['profile_uid'] = defaults($a->profile, 'profile_uid', $parent['uid']); - $is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']); - + $is_remote_contact = remote_user($a->profile['profile_uid']); if ($is_remote_contact) { - $cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']); - if (!empty($cdata['user'])) { - $groups = Group::getIdsByContactId($cdata['user']); - $remote_cid = $cdata['user']; - $item_uid = $parent['uid']; - } + $item_uid = $parent['uid']; } } } @@ -297,6 +285,7 @@ function display_content(App $a, $update = false, $update_uid = 0) if (DBA::isResult($page_contact)) { $a->page_contact = $page_contact; } + $is_owner = (local_user() && (in_array($a->profile['profile_uid'], [local_user(), 0])) ? true : false); if (!empty($a->profile['hidewall']) && !$is_owner && !$is_remote_contact) { @@ -318,7 +307,7 @@ function display_content(App $a, $update = false, $update_uid = 0) ]; $o .= status_editor($a, $x, 0, true); } - $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $is_remote_contact, $groups, $remote_cid); + $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']); if (local_user() && (local_user() == $a->profile['profile_uid'])) { $condition = ['parent-uri' => $item_parent_uri, 'uid' => local_user(), 'unseen' => true]; diff --git a/mod/photos.php b/mod/photos.php index 88e237ab09..daa31276f0 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -35,10 +35,6 @@ use Friendica\Util\XML; function photos_init(App $a) { - if ($a->argc > 1) { - DFRN::autoRedir($a, $a->argv[1]); - } - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { return; } @@ -156,11 +152,8 @@ function photos_post(App $a) $can_post = true; } elseif ($community_page && !empty(remote_user($page_owner_uid))) { $contact_id = remote_user($page_owner_uid); - - if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) { - $can_post = true; - $visitor = $contact_id; - } + $can_post = true; + $visitor = $contact_id; } if (!$can_post) { @@ -892,12 +885,9 @@ function photos_content(App $a) } } - $groups = []; - // perhaps they're visiting - but not a community page, so they wouldn't have write access if (!empty(remote_user($owner_uid)) && !$visitor) { $contact_id = remote_user($owner_uid); - $groups = Group::getIdsByContactId($contact_id); $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); @@ -914,7 +904,7 @@ function photos_content(App $a) return; } - $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups); + $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact); $o = ""; diff --git a/mod/videos.php b/mod/videos.php index 62ecd0c378..6ff4236a1b 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -22,10 +22,6 @@ use Friendica\Util\Security; function videos_init(App $a) { - if ($a->argc > 1) { - DFRN::autoRedir($a, $a->argv[1]); - } - if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) { return; } @@ -156,44 +152,23 @@ function videos_content(App $a) $can_post = true; } elseif ($community_page && !empty(remote_user($owner_uid))) { $contact_id = remote_user($owner_uid); - - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($owner_uid) - ); - - if (DBA::isResult($r)) { - $can_post = true; - $remote_contact = true; - $visitor = $contact_id; - } + $can_post = true; + $remote_contact = true; + $visitor = $contact_id; } - $groups = []; - // perhaps they're visiting - but not a community page, so they wouldn't have write access if (!empty(remote_user($owner_uid)) && !$visitor) { $contact_id = remote_user($owner_uid); - - if ($contact_id > 0) { - $groups = Group::getIdsByContactId($contact_id); - $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($owner_uid) - ); - - if (DBA::isResult($r)) { - $remote_contact = true; - } - } + $remote_contact = true; } - if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (!$remote_contact)) { + if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && !$remote_contact) { notice(L10n::t('Access to this item is restricted.') . EOL); return; } - $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups); + $sql_extra = Security::getPermissionsSQLByUserId($owner_uid); $o = ""; diff --git a/src/Model/Item.php b/src/Model/Item.php index 5c571ff1e0..b5245acb56 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -3260,15 +3260,11 @@ class Item extends BaseObject } } - public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null, $remote_cid = null) + public static function getPermissionsSQLByUserId($owner_id) { $local_user = local_user(); $remote_user = remote_user($owner_id); - if (is_null($remote_cid)) { - $remote_cid = $remote_user; - } - /* * Construct permissions * @@ -3287,7 +3283,7 @@ class Item extends BaseObject * If pre-verified, the caller is expected to have already * done this and passed the groups into this function. */ - $set = PermissionSet::get($owner_id, $remote_cid, $groups); + $set = PermissionSet::get($owner_id, $remote_user); if (!empty($set)) { $sql_set = " OR (`item`.`private` IN (1,2) AND `item`.`wall` AND `item`.`psid` IN (" . implode(',', $set) . "))"; diff --git a/src/Model/PermissionSet.php b/src/Model/PermissionSet.php index 3148d4da03..c9b2b17b67 100644 --- a/src/Model/PermissionSet.php +++ b/src/Model/PermissionSet.php @@ -67,21 +67,20 @@ class PermissionSet extends BaseObject * * @param integer $uid User id whom the items belong * @param integer $contact_id Contact id of the visitor - * @param array $groups Possibly previously fetched group ids for that contact * * @return array of permission set ids. * @throws \Exception */ - - static public function get($uid, $contact_id, $groups = null) + static public function get($uid, $contact_id) { - if (empty($groups) && DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) { + if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) { $groups = Group::getIdsByContactId($contact_id); } if (empty($groups) || !is_array($groups)) { return []; } + $group_str = '<<>>'; // should be impossible to match foreach ($groups as $g) { diff --git a/src/Model/Photo.php b/src/Model/Photo.php index 11721c81fd..34a5acfc9f 100644 --- a/src/Model/Photo.php +++ b/src/Model/Photo.php @@ -131,31 +131,17 @@ class Photo extends BaseObject */ public static function getPhoto($resourceid, $scale = 0) { - $r = self::selectFirst(["uid", "allow_cid", "allow_gid", "deny_cid", "deny_gid"], ["resource-id" => $resourceid]); - if ($r === false) { + $r = self::selectFirst(["uid"], ["resource-id" => $resourceid]); + if (!DBA::isResult($r)) { return false; } - $uid = $r["uid"]; - // This is the first place, when retrieving just a photo, that we know who owns the photo. - // Check if the photo is public (empty allow and deny means public), if so, skip auth attempt, if not - // make sure that the requester's session is appropriately authenticated to that user - // otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly - if (!empty($r["allow_cid"]) || !empty($r["allow_gid"]) || !empty($r["deny_cid"]) || !empty($r["deny_gid"])) { - $r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []); - // this will either just return (if auth all ok) or will redirect and exit (starting over) - DFRN::autoRedir(self::getApp(), $r["nickname"]); - } + $uid = $r["uid"]; $sql_acl = Security::getPermissionsSQLByUserId($uid); - $conditions = [ - "`resource-id` = ? AND `scale` <= ? " . $sql_acl, - $resourceid, $scale - ]; - + $conditions = ["`resource-id` = ? AND `scale` <= ? " . $sql_acl, $resourceid, $scale]; $params = ["order" => ["scale" => true]]; - $photo = self::selectFirst([], $conditions, $params); return $photo; diff --git a/src/Module/Profile.php b/src/Module/Profile.php index 98c504425b..d1e76bf01a 100644 --- a/src/Module/Profile.php +++ b/src/Module/Profile.php @@ -48,8 +48,6 @@ class Profile extends BaseModule if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') { self::$which = $a->user['nickname']; self::$profile = filter_var($a->argv[1], FILTER_SANITIZE_NUMBER_INT); - } else { - DFRN::autoRedir($a, self::$which); } } @@ -157,9 +155,6 @@ class Profile extends BaseModule return Login::form(); } - $groups = []; - $remote_cid = null; - $o = ''; if ($update) { @@ -173,14 +168,6 @@ class Profile extends BaseModule $is_owner = local_user() == $a->profile['profile_uid']; $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . $remote_contact; - if ($remote_contact) { - $cdata = ContactModel::getPublicAndUserContacID($remote_contact, $a->profile['profile_uid']); - if (!empty($cdata['user'])) { - $groups = Group::getIdsByContactId($cdata['user']); - $remote_cid = $cdata['user']; - } - } - if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) { notice(L10n::t('Access to this profile has been restricted.') . EOL); return ''; @@ -229,7 +216,7 @@ class Profile extends BaseModule } // Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups - $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $remote_contact, $groups, $remote_cid); + $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']); $sql_extra2 = ''; $last_updated_array = Session::get('last_updated', []); diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index 60f4b43c0e..7dee12b56c 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -2849,113 +2849,6 @@ class DFRN return 200; } - /** - * @param App $a App - * @param string $contact_nick contact nickname - * @throws \Friendica\Network\HTTPException\InternalServerErrorException - */ - public static function autoRedir(App $a, $contact_nick) - { - // prevent looping - if (!empty($_REQUEST['redir'])) { - Logger::log('autoRedir might be looping because redirect has been redirected', Logger::DEBUG); - // looping prevention also appears to sometimes prevent authentication for images - // because browser may have multiple connections open and load an image on a connection - // whose session wasn't updated when a previous redirect authenticated - // Leaving commented in case looping reappears - // return; - } - - if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) { - return; - } - - if (local_user()) { - // We need to find out if $contact_nick is a user on this hub, and if so, if I - // am a contact of that user. However, that user may have other contacts with the - // same nickname as me on other hubs or other networks. Exclude these by requiring - // that the contact have a local URL. I will be the only person with my nickname at - // this URL, so if a result is found, then I am a contact of the $contact_nick user. - // - // We also have to make sure that I'm a legitimate contact--I'm not blocked or pending. - - $baseurl = System::baseUrl(); - $domain_st = strpos($baseurl, "://"); - if ($domain_st === false) { - return; - } - $baseurl = substr($baseurl, $domain_st + 3); - $nurl = Strings::normaliseLink($baseurl); - - $r = User::getByNickname($contact_nick, ["uid"]); - $contact_uid = $r["uid"]; - - /// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange. - $r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1) - AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1", - DBA::escape($contact_nick), - DBA::escape($a->user['nickname']), - DBA::escape($baseurl), - DBA::escape($nurl) - ); - if ((! DBA::isResult($r))) { - return; - } - // test if redirect authentication already succeeded - // Note that "contact" in the sense used in the $contact_nick argument to this function - // and the sense in the $remote[]["cid"] in the session are opposite. - // In the session variable the user currently fetching is the contact - // while $contact_nick is the nick of tho user who owns the stuff being fetched. - if (Session::getVisitorContactIDForUserID($contact_uid) == $r[0]['id']) { - return; - } - - $r = q("SELECT * FROM contact WHERE nick = '%s' - AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1", - DBA::escape($contact_nick), - DBA::escape(Protocol::DFRN), - intval(local_user()), - DBA::escape($baseurl) - ); - if (! DBA::isResult($r)) { - return; - } - - $cid = $r[0]['id']; - - $dfrn_id = (($r[0]['issued-id']) ? $r[0]['issued-id'] : $r[0]['dfrn-id']); - - if ($r[0]['duplex'] && $r[0]['issued-id']) { - $orig_id = $r[0]['issued-id']; - $dfrn_id = '1:' . $orig_id; - } - if ($r[0]['duplex'] && $r[0]['dfrn-id']) { - $orig_id = $r[0]['dfrn-id']; - $dfrn_id = '0:' . $orig_id; - } - - // ensure that we've got a valid ID. There may be some edge cases with forums and non-duplex mode - // that may have triggered some of the "went to {profile/intro} and got an RSS feed" issues - - if (strlen($dfrn_id) < 3) { - return; - } - - $sec = Strings::getRandomHex(); - - DBA::insert('profile_check', ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]); - - $url = curPageURL(); - - Logger::log('auto_redir: ' . $r[0]['name'] . ' ' . $sec, Logger::DEBUG); - $dest = (($url) ? '&destination_url=' . $url : ''); - System::externalRedirect($r[0]['poll'] . '?dfrn_id=' . $dfrn_id - . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest); - } - - return; - } - /** * @brief Returns the activity verb *