Removed obsolete code

This commit is contained in:
Michael 2019-09-28 05:37:24 +00:00
parent 3dd94355b7
commit 1ddd2df4b8
9 changed files with 28 additions and 219 deletions

View file

@ -26,10 +26,6 @@ use Friendica\Util\Temporal;
function cal_init(App $a) function cal_init(App $a)
{ {
if ($a->argc > 1) {
DFRN::autoRedir($a, $a->argv[1]);
}
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.')); throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.'));
} }
@ -117,9 +113,7 @@ function cal_content(App $a)
$contact_id = remote_user($a->profile['profile_uid']); $contact_id = remote_user($a->profile['profile_uid']);
} }
$groups = [];
if ($contact_id) { if ($contact_id) {
$groups = Group::getIdsByContactId($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id), intval($contact_id),
intval($a->profile['profile_uid']) intval($a->profile['profile_uid'])
@ -137,7 +131,7 @@ function cal_content(App $a)
} }
// get the permissions // get the permissions
$sql_perms = Item::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups); $sql_perms = Item::getPermissionsSQLByUserId($owner_uid);
// we only want to have the events of the profile owner // we only want to have the events of the profile owner
$sql_extra = " AND `event`.`cid` = 0 " . $sql_perms; $sql_extra = " AND `event`.`cid` = 0 " . $sql_perms;

View file

@ -53,14 +53,10 @@ function display_init(App $a)
$nick = $a->user["nickname"]; $nick = $a->user["nickname"];
} }
// Is this item private but could be visible to the remove visitor? // Is this item private but could be visible to the remove visitor?
} elseif (remote_user()) { } elseif (remote_user($item['uid'])) {
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
if (DBA::isResult($item)) { if (DBA::isResult($item)) {
if (!Contact::isFollower(remote_user(), $item['uid'])) { $item_user = $item['uid'];
$item = null;
} else {
$item_user = $item['uid'];
}
} }
} }
@ -229,9 +225,9 @@ function display_content(App $a, $update = false, $update_uid = 0)
$item_parent = $item["parent"]; $item_parent = $item["parent"];
$item_parent_uri = $item['parent-uri']; $item_parent_uri = $item['parent-uri'];
} }
} elseif (remote_user()) { } elseif (remote_user($item['uid'])) {
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]); $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
if (DBA::isResult($item) && Contact::isFollower(remote_user(), $item['uid'])) { if (DBA::isResult($item)) {
$item_id = $item["id"]; $item_id = $item["id"];
$item_parent = $item["parent"]; $item_parent = $item["parent"];
$item_parent_uri = $item['parent-uri']; $item_parent_uri = $item['parent-uri'];
@ -269,8 +265,6 @@ function display_content(App $a, $update = false, $update_uid = 0)
['$alternate' => $alternate, ['$alternate' => $alternate,
'$conversation' => $conversation]); '$conversation' => $conversation]);
$groups = [];
$remote_cid = null;
$is_remote_contact = false; $is_remote_contact = false;
$item_uid = local_user(); $item_uid = local_user();
@ -279,15 +273,9 @@ function display_content(App $a, $update = false, $update_uid = 0)
if (DBA::isResult($parent)) { if (DBA::isResult($parent)) {
$a->profile['uid'] = defaults($a->profile, 'uid', $parent['uid']); $a->profile['uid'] = defaults($a->profile, 'uid', $parent['uid']);
$a->profile['profile_uid'] = defaults($a->profile, 'profile_uid', $parent['uid']); $a->profile['profile_uid'] = defaults($a->profile, 'profile_uid', $parent['uid']);
$is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']); $is_remote_contact = remote_user($a->profile['profile_uid']);
if ($is_remote_contact) { if ($is_remote_contact) {
$cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']); $item_uid = $parent['uid'];
if (!empty($cdata['user'])) {
$groups = Group::getIdsByContactId($cdata['user']);
$remote_cid = $cdata['user'];
$item_uid = $parent['uid'];
}
} }
} }
} }
@ -297,6 +285,7 @@ function display_content(App $a, $update = false, $update_uid = 0)
if (DBA::isResult($page_contact)) { if (DBA::isResult($page_contact)) {
$a->page_contact = $page_contact; $a->page_contact = $page_contact;
} }
$is_owner = (local_user() && (in_array($a->profile['profile_uid'], [local_user(), 0])) ? true : false); $is_owner = (local_user() && (in_array($a->profile['profile_uid'], [local_user(), 0])) ? true : false);
if (!empty($a->profile['hidewall']) && !$is_owner && !$is_remote_contact) { if (!empty($a->profile['hidewall']) && !$is_owner && !$is_remote_contact) {
@ -318,7 +307,7 @@ function display_content(App $a, $update = false, $update_uid = 0)
]; ];
$o .= status_editor($a, $x, 0, true); $o .= status_editor($a, $x, 0, true);
} }
$sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $is_remote_contact, $groups, $remote_cid); $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']);
if (local_user() && (local_user() == $a->profile['profile_uid'])) { if (local_user() && (local_user() == $a->profile['profile_uid'])) {
$condition = ['parent-uri' => $item_parent_uri, 'uid' => local_user(), 'unseen' => true]; $condition = ['parent-uri' => $item_parent_uri, 'uid' => local_user(), 'unseen' => true];

View file

@ -35,10 +35,6 @@ use Friendica\Util\XML;
function photos_init(App $a) { function photos_init(App $a) {
if ($a->argc > 1) {
DFRN::autoRedir($a, $a->argv[1]);
}
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
return; return;
} }
@ -156,11 +152,8 @@ function photos_post(App $a)
$can_post = true; $can_post = true;
} elseif ($community_page && !empty(remote_user($page_owner_uid))) { } elseif ($community_page && !empty(remote_user($page_owner_uid))) {
$contact_id = remote_user($page_owner_uid); $contact_id = remote_user($page_owner_uid);
$can_post = true;
if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) { $visitor = $contact_id;
$can_post = true;
$visitor = $contact_id;
}
} }
if (!$can_post) { if (!$can_post) {
@ -892,12 +885,9 @@ function photos_content(App $a)
} }
} }
$groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access // perhaps they're visiting - but not a community page, so they wouldn't have write access
if (!empty(remote_user($owner_uid)) && !$visitor) { if (!empty(remote_user($owner_uid)) && !$visitor) {
$contact_id = remote_user($owner_uid); $contact_id = remote_user($owner_uid);
$groups = Group::getIdsByContactId($contact_id);
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
@ -914,7 +904,7 @@ function photos_content(App $a)
return; return;
} }
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups); $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact);
$o = ""; $o = "";

View file

@ -22,10 +22,6 @@ use Friendica\Util\Security;
function videos_init(App $a) function videos_init(App $a)
{ {
if ($a->argc > 1) {
DFRN::autoRedir($a, $a->argv[1]);
}
if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) { if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
return; return;
} }
@ -156,44 +152,23 @@ function videos_content(App $a)
$can_post = true; $can_post = true;
} elseif ($community_page && !empty(remote_user($owner_uid))) { } elseif ($community_page && !empty(remote_user($owner_uid))) {
$contact_id = remote_user($owner_uid); $contact_id = remote_user($owner_uid);
$can_post = true;
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", $remote_contact = true;
intval($contact_id), $visitor = $contact_id;
intval($owner_uid)
);
if (DBA::isResult($r)) {
$can_post = true;
$remote_contact = true;
$visitor = $contact_id;
}
} }
$groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access // perhaps they're visiting - but not a community page, so they wouldn't have write access
if (!empty(remote_user($owner_uid)) && !$visitor) { if (!empty(remote_user($owner_uid)) && !$visitor) {
$contact_id = remote_user($owner_uid); $contact_id = remote_user($owner_uid);
$remote_contact = true;
if ($contact_id > 0) {
$groups = Group::getIdsByContactId($contact_id);
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($owner_uid)
);
if (DBA::isResult($r)) {
$remote_contact = true;
}
}
} }
if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (!$remote_contact)) { if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && !$remote_contact) {
notice(L10n::t('Access to this item is restricted.') . EOL); notice(L10n::t('Access to this item is restricted.') . EOL);
return; return;
} }
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups); $sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
$o = ""; $o = "";

View file

@ -3260,15 +3260,11 @@ class Item extends BaseObject
} }
} }
public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null, $remote_cid = null) public static function getPermissionsSQLByUserId($owner_id)
{ {
$local_user = local_user(); $local_user = local_user();
$remote_user = remote_user($owner_id); $remote_user = remote_user($owner_id);
if (is_null($remote_cid)) {
$remote_cid = $remote_user;
}
/* /*
* Construct permissions * Construct permissions
* *
@ -3287,7 +3283,7 @@ class Item extends BaseObject
* If pre-verified, the caller is expected to have already * If pre-verified, the caller is expected to have already
* done this and passed the groups into this function. * done this and passed the groups into this function.
*/ */
$set = PermissionSet::get($owner_id, $remote_cid, $groups); $set = PermissionSet::get($owner_id, $remote_user);
if (!empty($set)) { if (!empty($set)) {
$sql_set = " OR (`item`.`private` IN (1,2) AND `item`.`wall` AND `item`.`psid` IN (" . implode(',', $set) . "))"; $sql_set = " OR (`item`.`private` IN (1,2) AND `item`.`wall` AND `item`.`psid` IN (" . implode(',', $set) . "))";

View file

@ -67,21 +67,20 @@ class PermissionSet extends BaseObject
* *
* @param integer $uid User id whom the items belong * @param integer $uid User id whom the items belong
* @param integer $contact_id Contact id of the visitor * @param integer $contact_id Contact id of the visitor
* @param array $groups Possibly previously fetched group ids for that contact
* *
* @return array of permission set ids. * @return array of permission set ids.
* @throws \Exception * @throws \Exception
*/ */
static public function get($uid, $contact_id)
static public function get($uid, $contact_id, $groups = null)
{ {
if (empty($groups) && DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) { if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
$groups = Group::getIdsByContactId($contact_id); $groups = Group::getIdsByContactId($contact_id);
} }
if (empty($groups) || !is_array($groups)) { if (empty($groups) || !is_array($groups)) {
return []; return [];
} }
$group_str = '<<>>'; // should be impossible to match $group_str = '<<>>'; // should be impossible to match
foreach ($groups as $g) { foreach ($groups as $g) {

View file

@ -131,31 +131,17 @@ class Photo extends BaseObject
*/ */
public static function getPhoto($resourceid, $scale = 0) public static function getPhoto($resourceid, $scale = 0)
{ {
$r = self::selectFirst(["uid", "allow_cid", "allow_gid", "deny_cid", "deny_gid"], ["resource-id" => $resourceid]); $r = self::selectFirst(["uid"], ["resource-id" => $resourceid]);
if ($r === false) { if (!DBA::isResult($r)) {
return false; return false;
} }
$uid = $r["uid"];
// This is the first place, when retrieving just a photo, that we know who owns the photo. $uid = $r["uid"];
// Check if the photo is public (empty allow and deny means public), if so, skip auth attempt, if not
// make sure that the requester's session is appropriately authenticated to that user
// otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
if (!empty($r["allow_cid"]) || !empty($r["allow_gid"]) || !empty($r["deny_cid"]) || !empty($r["deny_gid"])) {
$r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
// this will either just return (if auth all ok) or will redirect and exit (starting over)
DFRN::autoRedir(self::getApp(), $r["nickname"]);
}
$sql_acl = Security::getPermissionsSQLByUserId($uid); $sql_acl = Security::getPermissionsSQLByUserId($uid);
$conditions = [ $conditions = ["`resource-id` = ? AND `scale` <= ? " . $sql_acl, $resourceid, $scale];
"`resource-id` = ? AND `scale` <= ? " . $sql_acl,
$resourceid, $scale
];
$params = ["order" => ["scale" => true]]; $params = ["order" => ["scale" => true]];
$photo = self::selectFirst([], $conditions, $params); $photo = self::selectFirst([], $conditions, $params);
return $photo; return $photo;

View file

@ -48,8 +48,6 @@ class Profile extends BaseModule
if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') { if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') {
self::$which = $a->user['nickname']; self::$which = $a->user['nickname'];
self::$profile = filter_var($a->argv[1], FILTER_SANITIZE_NUMBER_INT); self::$profile = filter_var($a->argv[1], FILTER_SANITIZE_NUMBER_INT);
} else {
DFRN::autoRedir($a, self::$which);
} }
} }
@ -157,9 +155,6 @@ class Profile extends BaseModule
return Login::form(); return Login::form();
} }
$groups = [];
$remote_cid = null;
$o = ''; $o = '';
if ($update) { if ($update) {
@ -173,14 +168,6 @@ class Profile extends BaseModule
$is_owner = local_user() == $a->profile['profile_uid']; $is_owner = local_user() == $a->profile['profile_uid'];
$last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . $remote_contact; $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . $remote_contact;
if ($remote_contact) {
$cdata = ContactModel::getPublicAndUserContacID($remote_contact, $a->profile['profile_uid']);
if (!empty($cdata['user'])) {
$groups = Group::getIdsByContactId($cdata['user']);
$remote_cid = $cdata['user'];
}
}
if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) { if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) {
notice(L10n::t('Access to this profile has been restricted.') . EOL); notice(L10n::t('Access to this profile has been restricted.') . EOL);
return ''; return '';
@ -229,7 +216,7 @@ class Profile extends BaseModule
} }
// Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups // Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
$sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $remote_contact, $groups, $remote_cid); $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']);
$sql_extra2 = ''; $sql_extra2 = '';
$last_updated_array = Session::get('last_updated', []); $last_updated_array = Session::get('last_updated', []);

View file

@ -2849,113 +2849,6 @@ class DFRN
return 200; return 200;
} }
/**
* @param App $a App
* @param string $contact_nick contact nickname
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
public static function autoRedir(App $a, $contact_nick)
{
// prevent looping
if (!empty($_REQUEST['redir'])) {
Logger::log('autoRedir might be looping because redirect has been redirected', Logger::DEBUG);
// looping prevention also appears to sometimes prevent authentication for images
// because browser may have multiple connections open and load an image on a connection
// whose session wasn't updated when a previous redirect authenticated
// Leaving commented in case looping reappears
// return;
}
if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) {
return;
}
if (local_user()) {
// We need to find out if $contact_nick is a user on this hub, and if so, if I
// am a contact of that user. However, that user may have other contacts with the
// same nickname as me on other hubs or other networks. Exclude these by requiring
// that the contact have a local URL. I will be the only person with my nickname at
// this URL, so if a result is found, then I am a contact of the $contact_nick user.
//
// We also have to make sure that I'm a legitimate contact--I'm not blocked or pending.
$baseurl = System::baseUrl();
$domain_st = strpos($baseurl, "://");
if ($domain_st === false) {
return;
}
$baseurl = substr($baseurl, $domain_st + 3);
$nurl = Strings::normaliseLink($baseurl);
$r = User::getByNickname($contact_nick, ["uid"]);
$contact_uid = $r["uid"];
/// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange.
$r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1)
AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1",
DBA::escape($contact_nick),
DBA::escape($a->user['nickname']),
DBA::escape($baseurl),
DBA::escape($nurl)
);
if ((! DBA::isResult($r))) {
return;
}
// test if redirect authentication already succeeded
// Note that "contact" in the sense used in the $contact_nick argument to this function
// and the sense in the $remote[]["cid"] in the session are opposite.
// In the session variable the user currently fetching is the contact
// while $contact_nick is the nick of tho user who owns the stuff being fetched.
if (Session::getVisitorContactIDForUserID($contact_uid) == $r[0]['id']) {
return;
}
$r = q("SELECT * FROM contact WHERE nick = '%s'
AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1",
DBA::escape($contact_nick),
DBA::escape(Protocol::DFRN),
intval(local_user()),
DBA::escape($baseurl)
);
if (! DBA::isResult($r)) {
return;
}
$cid = $r[0]['id'];
$dfrn_id = (($r[0]['issued-id']) ? $r[0]['issued-id'] : $r[0]['dfrn-id']);
if ($r[0]['duplex'] && $r[0]['issued-id']) {
$orig_id = $r[0]['issued-id'];
$dfrn_id = '1:' . $orig_id;
}
if ($r[0]['duplex'] && $r[0]['dfrn-id']) {
$orig_id = $r[0]['dfrn-id'];
$dfrn_id = '0:' . $orig_id;
}
// ensure that we've got a valid ID. There may be some edge cases with forums and non-duplex mode
// that may have triggered some of the "went to {profile/intro} and got an RSS feed" issues
if (strlen($dfrn_id) < 3) {
return;
}
$sec = Strings::getRandomHex();
DBA::insert('profile_check', ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]);
$url = curPageURL();
Logger::log('auto_redir: ' . $r[0]['name'] . ' ' . $sec, Logger::DEBUG);
$dest = (($url) ? '&destination_url=' . $url : '');
System::externalRedirect($r[0]['poll'] . '?dfrn_id=' . $dfrn_id
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest);
}
return;
}
/** /**
* @brief Returns the activity verb * @brief Returns the activity verb
* *