From 70f35565e1245b5ab91837930dc118e6a7c05a59 Mon Sep 17 00:00:00 2001 From: nupplaPhil Date: Sun, 8 Mar 2020 08:26:21 +0100 Subject: [PATCH 1/5] Fix & align mail text ... again --- view/templates/email/html.tpl | 8 ++-- view/templates/email/notify/html.tpl | 56 +++++++++++++++++++++------- view/templates/email/system/html.tpl | 29 ++++++++++++-- 3 files changed, 73 insertions(+), 20 deletions(-) diff --git a/view/templates/email/html.tpl b/view/templates/email/html.tpl index 103572eaed..08de50a54f 100644 --- a/view/templates/email/html.tpl +++ b/view/templates/email/html.tpl @@ -14,10 +14,12 @@
+ + + {{$htmlversion nofilter}} + + -

- {{$htmlversion nofilter}} -

diff --git a/view/templates/email/notify/html.tpl b/view/templates/email/notify/html.tpl index f7c3f7d8f9..1be8c9eafa 100644 --- a/view/templates/email/notify/html.tpl +++ b/view/templates/email/notify/html.tpl @@ -1,20 +1,48 @@ - - - + + + + + {{if $content_allowed}} + {{if $source_photo}} - - - - + + + + {{/if}} - - + + + + + + {{/if}} - - - - - + + + + + + + + + + + + + + +
{{$preamble nofilter}}
+ {{$preamble nofilter}} +
{{$source_name}}
{{$source_name}}
{{$title}}
{{$htmlversion nofilter}}
{{$title}}
{{$htmlversion nofilter}} +
{{$hsitelink nofilter}}
{{$hitemlink nofilter}}
{{$thanks}}
{{$site_admin}}
+ {{$hsitelink nofilter}} +
+ {{$hitemlink nofilter}} +
+ {{$thanks}} +
+ {{$site_admin}} +
diff --git a/view/templates/email/system/html.tpl b/view/templates/email/system/html.tpl index f32825d3ee..8f4e1573f3 100644 --- a/view/templates/email/system/html.tpl +++ b/view/templates/email/system/html.tpl @@ -1,5 +1,28 @@ - - - + + + + + + + + + + + + + + + + + +
{{$htmlversion nofilter}}
{{$thanks}}
{{$site_admin}}
+ {{$preamble nofilter}} +
+ {{$htmlversion nofilter}} +
+ {{$thanks}} +
+ {{$site_admin}} +
From bcf943082221384b6a21bbf4b608f491a64a7fea Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 8 Mar 2020 08:30:19 +0000 Subject: [PATCH 2/5] Only perform OAuth when no login data are provided --- include/api.php | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/include/api.php b/include/api.php index ef73889126..bcfd5af246 100644 --- a/include/api.php +++ b/include/api.php @@ -186,23 +186,6 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY */ function api_login(App $a) { - $oauth1 = new FKOAuth1(); - // login with oauth - try { - $request = OAuthRequest::from_request(); - list($consumer, $token) = $oauth1->verify_request($request); - if (!is_null($token)) { - $oauth1->loginUser($token->uid); - Session::set('allow_api', true); - return; - } - echo __FILE__.__LINE__.__FUNCTION__ . "
";
-		var_dump($consumer, $token);
-		die();
-	} catch (Exception $e) {
-		Logger::warning(API_LOG_PREFIX . 'error', ['module' => 'api', 'action' => 'login', 'exception' => $e->getMessage()]);
-	}
-
 	// workaround for HTTP-auth in CGI mode
 	if (!empty($_SERVER['REDIRECT_REMOTE_USER'])) {
 		$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
@@ -214,6 +197,24 @@ function api_login(App $a)
 	}
 
 	if (empty($_SERVER['PHP_AUTH_USER'])) {
+		// Try OAuth when no user is provided
+		$oauth1 = new FKOAuth1();
+		// login with oauth
+		try {
+			$request = OAuthRequest::from_request();
+			list($consumer, $token) = $oauth1->verify_request($request);
+			if (!is_null($token)) {
+				$oauth1->loginUser($token->uid);
+				Session::set('allow_api', true);
+				return;
+			}
+			echo __FILE__.__LINE__.__FUNCTION__ . "
";
+			var_dump($consumer, $token);
+			die();
+		} catch (Exception $e) {
+			Logger::warning(API_LOG_PREFIX . 'OAuth error', ['module' => 'api', 'action' => 'login', 'exception' => $e->getMessage()]);
+		}
+
 		Logger::debug(API_LOG_PREFIX . 'failed', ['module' => 'api', 'action' => 'login', 'parameters' => $_SERVER]);
 		header('WWW-Authenticate: Basic realm="Friendica"');
 		throw new UnauthorizedException("This API requires login");

From 37376fa71553fcadd00206a963356511789ce70b Mon Sep 17 00:00:00 2001
From: Michael 
Date: Sun, 8 Mar 2020 13:16:59 +0000
Subject: [PATCH 3/5] Issue 8371: Improvements for picture permissions

---
 database.sql                                  |  3 ++-
 mod/settings.php                              |  7 +++++
 src/Model/Photo.php                           | 27 ++++++++++++++-----
 src/Module/Photo.php                          |  4 +--
 src/Util/Security.php                         | 21 ++++++++++++---
 static/dbstructure.config.php                 |  3 ++-
 view/templates/settings/settings.tpl          |  2 ++
 .../frio/templates/settings/settings.tpl      |  2 ++
 8 files changed, 54 insertions(+), 15 deletions(-)

diff --git a/database.sql b/database.sql
index b4c65fb89a..f33f892118 100644
--- a/database.sql
+++ b/database.sql
@@ -1,6 +1,6 @@
 -- ------------------------------------------
 -- Friendica 2020.03-dev (Dalmatian Bellflower)
--- DB_UPDATE_VERSION 1336
+-- DB_UPDATE_VERSION 1337
 -- ------------------------------------------
 
 
@@ -948,6 +948,7 @@ CREATE TABLE IF NOT EXISTS `photo` (
 	`allow_gid` mediumtext COMMENT 'Access Control - list of allowed groups',
 	`deny_cid` mediumtext COMMENT 'Access Control - list of denied contact.id',
 	`deny_gid` mediumtext COMMENT 'Access Control - list of denied groups',
+	`accessible` boolean NOT NULL DEFAULT '0' COMMENT 'Make photo publicly accessible, ignoring permissions',
 	`backend-class` tinytext COMMENT 'Storage backend class',
 	`backend-ref` text COMMENT 'Storage backend data reference',
 	`updated` datetime NOT NULL DEFAULT '0001-01-01 00:00:00' COMMENT '',
diff --git a/mod/settings.php b/mod/settings.php
index 9a73b83e6b..79bf16d78c 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -319,6 +319,7 @@ function settings_post(App $a)
 	$hide_friends     = (($_POST['hide-friends'] == 1) ? 1: 0);
 	$hidewall         = (($_POST['hidewall'] == 1) ? 1: 0);
 	$unlisted         = (($_POST['unlisted'] == 1) ? 1: 0);
+	$accessiblephotos = (($_POST['accessible-photos'] == 1) ? 1: 0);
 
 	$email_textonly   = (($_POST['email_textonly'] == 1) ? 1 : 0);
 	$detailed_notif   = (($_POST['detailed_notif'] == 1) ? 1 : 0);
@@ -417,6 +418,7 @@ function settings_post(App $a)
 	DI::pConfig()->set(local_user(), 'system', 'email_textonly', $email_textonly);
 	DI::pConfig()->set(local_user(), 'system', 'detailed_notif', $detailed_notif);
 	DI::pConfig()->set(local_user(), 'system', 'unlisted', $unlisted);
+	DI::pConfig()->set(local_user(), 'system', 'accessible-photos', $accessiblephotos);
 
 	if ($page_flags == User::PAGE_FLAGS_PRVGROUP) {
 		$hidewall = 1;
@@ -843,6 +845,10 @@ function settings_content(App $a)
 		'$field' => ['unlisted', DI::l10n()->t('Make public posts unlisted'), DI::pConfig()->get(local_user(), 'system', 'unlisted'), DI::l10n()->t('Your public posts will not appear on the community pages or in search results, nor be sent to relay servers. However they can still appear on public feeds on remote servers.')],
 	]);
 
+	$accessiblephotos = Renderer::replaceMacros($opt_tpl, [
+		'$field' => ['accessible-photos', DI::l10n()->t('Make all posted pictures accessible'), DI::pConfig()->get(local_user(), 'system', 'accessible-photos'), DI::l10n()->t("This option makes every posted picture accessible via the direct link. This is a workaround for the problem that most other networks can't handle permissions on pictures. Non public pictures still won't be visible for the public on your photo albums though.")],
+	]);
+
 	$blockwall = Renderer::replaceMacros($opt_tpl, [
 		'$field' => ['blockwall', DI::l10n()->t('Allow friends to post to your profile page?'), (intval($a->user['blockwall']) ? '0' : '1'), DI::l10n()->t('Your contacts may write posts on your profile wall. These posts will be distributed to your contacts')],
 	]);
@@ -957,6 +963,7 @@ function settings_content(App $a)
 		'$hide_friends' => $hide_friends,
 		'$hide_wall' => $hide_wall,
 		'$unlisted' => $unlisted,
+		'$accessiblephotos' => $accessiblephotos,
 		'$unkmail' => $unkmail,
 		'$cntunkmail' 	=> ['cntunkmail', DI::l10n()->t('Maximum private messages per day from unknown people:'), $cntunkmail , DI::l10n()->t("\x28to prevent spam abuse\x29")],
 
diff --git a/src/Model/Photo.php b/src/Model/Photo.php
index ccb0f2add4..301231f6bd 100644
--- a/src/Model/Photo.php
+++ b/src/Model/Photo.php
@@ -141,7 +141,7 @@ class Photo
 	 * @return boolean|array
 	 * @throws \Exception
 	 */
-	public static function getPhoto($resourceid, $scale = 0)
+	public static function getPhoto(string $resourceid, int $scale = 0)
 	{
 		$r = self::selectFirst(["uid"], ["resource-id" => $resourceid]);
 		if (!DBA::isResult($r)) {
@@ -150,7 +150,9 @@ class Photo
 
 		$uid = $r["uid"];
 
-		$sql_acl = Security::getPermissionsSQLByUserId($uid);
+		$accessible = $uid ? DI::pConfig()->get($uid, 'system', 'accessible-photos') : false;
+
+		$sql_acl = Security::getPermissionsSQLByUserId($uid, $accessible);
 
 		$conditions = ["`resource-id` = ? AND `scale` <= ? " . $sql_acl, $resourceid, $scale];
 		$params = ["order" => ["scale" => true]];
@@ -656,18 +658,29 @@ class Photo
 			// Ensure to only modify photos that you own
 			$srch = '<' . intval($original_contact_id) . '>';
 
-			$condition = [
-				'allow_cid' => $srch, 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '',
-				'resource-id' => $image_rid, 'uid' => $uid
-			];
+			$condition = ["(`allow_cid` = ? OR `allow_cid` IS NULL) AND
+				(`allow_gid` = ? OR `allow_gid` IS NULL) AND
+				(`deny_cid` = ? OR `deny_cid` IS NULL) AND
+				(`deny_gid` = ? OR `deny_gid` IS NULL) AND
+				`resource-id` = ? AND `uid` =?", $srch, '', '', '', $image_rid, $uid];
 			if (!Photo::exists($condition)) {
 				continue;
 			}
 
-			/// @todo Check if $str_contact_allow does contain a public forum. Then set the permissions to public.
+			/**
+			 * @todo Existing permissions need to be mixed with the new ones.
+			 * Otherwise this creates problems with sharing the same picture multiple times
+			 * Also check if $str_contact_allow does contain a public forum.
+			 * Then set the permissions to public.
+			 */
 
 			$fields = ['allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow,
 					'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny];
+
+			if (DI::pConfig()->get($uid, 'system', 'accessible-photos')) {
+				$fields['accessible'] = true;
+			}
+
 			$condition = ['resource-id' => $image_rid, 'uid' => $uid];
 			Logger::info('Set permissions', ['condition' => $condition, 'permissions' => $fields]);
 			Photo::update($fields, $condition);
diff --git a/src/Module/Photo.php b/src/Module/Photo.php
index 2cb29af5f6..826d86bdd5 100644
--- a/src/Module/Photo.php
+++ b/src/Module/Photo.php
@@ -84,13 +84,13 @@ class Photo extends BaseModule
 				}
 				$photo = MPhoto::getPhoto($photoid, $scale);
 				if ($photo === false) {
-					$photo = MPhoto::createPhotoForSystemResource("images/nosign.jpg");
+					throw new \Friendica\Network\HTTPException\NotFoundException(DI::l10n()->t('The Photo with id %s is not available.', $photoid));
 				}
 				break;
 		}
 
 		if ($photo === false) {
-			System::httpExit('404', 'Not Found');
+			throw new \Friendica\Network\HTTPException\NotFoundException();
 		}
 
 		$cacheable = ($photo["allow_cid"] . $photo["allow_gid"] . $photo["deny_cid"] . $photo["deny_gid"] === "") && (isset($photo["cacheable"]) ? $photo["cacheable"] : true);
diff --git a/src/Util/Security.php b/src/Util/Security.php
index 929853c2f0..4233382160 100644
--- a/src/Util/Security.php
+++ b/src/Util/Security.php
@@ -87,20 +87,32 @@ class Security
 		return false;
 	}
 
-	public static function getPermissionsSQLByUserId($owner_id)
+	/**
+	 * Create a permission string for an element based on the visitor
+	 *
+	 * @param integer $owner_id   User ID of the owner of the element
+	 * @param boolean $accessible Should the element be accessible anyway?
+	 * @return string SQL permissions
+	 */
+	public static function getPermissionsSQLByUserId(int $owner_id, bool $accessible = false)
 	{
 		$local_user = local_user();
 		$remote_contact = Session::getRemoteContactID($owner_id);
+		$acc_sql = '';
+
+		if ($accessible) {
+			$acc_sql = ' OR `accessible`';
+		}
 
 		/*
 		 * Construct permissions
 		 *
 		 * default permissions - anonymous user
 		 */
-		$sql = " AND allow_cid = ''
+		$sql = " AND (allow_cid = ''
 			 AND allow_gid = ''
 			 AND deny_cid  = ''
-			 AND deny_gid  = '' ";
+			 AND deny_gid  = ''" . $acc_sql . ") ";
 
 		/*
 		 * Profile owner - everything is visible
@@ -123,7 +135,8 @@ class Security
 
 			$sql = sprintf(
 				" AND (NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
-				  AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR (allow_cid = '' AND allow_gid = ''))) ",
+				  AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s'
+				  OR (allow_cid = '' AND allow_gid = ''))" . $acc_sql . ") ",
 				intval($remote_contact),
 				DBA::escape($gs),
 				intval($remote_contact),
diff --git a/static/dbstructure.config.php b/static/dbstructure.config.php
index 8cd01b4aeb..cfbee73fbd 100755
--- a/static/dbstructure.config.php
+++ b/static/dbstructure.config.php
@@ -51,7 +51,7 @@
 use Friendica\Database\DBA;
 
 if (!defined('DB_UPDATE_VERSION')) {
-	define('DB_UPDATE_VERSION', 1336);
+	define('DB_UPDATE_VERSION', 1337);
 }
 
 return [
@@ -1051,6 +1051,7 @@ return [
 			"allow_gid" => ["type" => "mediumtext", "comment" => "Access Control - list of allowed groups"],
 			"deny_cid" => ["type" => "mediumtext", "comment" => "Access Control - list of denied contact.id"],
 			"deny_gid" => ["type" => "mediumtext", "comment" => "Access Control - list of denied groups"],
+			"accessible" => ["type" => "boolean", "not null" => "1", "default" => "0", "comment" => "Make photo publicly accessible, ignoring permissions"],
 			"backend-class" => ["type" => "tinytext", "comment" => "Storage backend class"],
 			"backend-ref" => ["type" => "text", "comment" => "Storage backend data reference"],
 			"updated" => ["type" => "datetime", "not null" => "1", "default" => DBA::NULL_DATETIME, "comment" => ""]
diff --git a/view/templates/settings/settings.tpl b/view/templates/settings/settings.tpl
index f8b1991805..fd0de22da4 100644
--- a/view/templates/settings/settings.tpl
+++ b/view/templates/settings/settings.tpl
@@ -55,6 +55,8 @@
 
 {{$unlisted nofilter}}
 
+{{$accessiblephotos nofilter}}
+
 {{$blockwall nofilter}}
 
 {{$blocktags nofilter}}
diff --git a/view/theme/frio/templates/settings/settings.tpl b/view/theme/frio/templates/settings/settings.tpl
index dc9c27b89d..11e697b30b 100644
--- a/view/theme/frio/templates/settings/settings.tpl
+++ b/view/theme/frio/templates/settings/settings.tpl
@@ -91,6 +91,8 @@
 
 						{{$unlisted nofilter}}
 
+						{{$accessiblephotos nofilter}}
+
 						{{$blockwall nofilter}}
 
 						{{$blocktags nofilter}}

From 06b0df8e462508b73c48542416402ddcd4e1ccd5 Mon Sep 17 00:00:00 2001
From: nupplaPhil 
Date: Sun, 8 Mar 2020 20:24:17 +0100
Subject: [PATCH 4/5] Fix mail text ... again

---
 view/templates/email/notify/html.tpl | 2 ++
 view/templates/email/system/html.tpl | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/view/templates/email/notify/html.tpl b/view/templates/email/notify/html.tpl
index 1be8c9eafa..7237fad832 100644
--- a/view/templates/email/notify/html.tpl
+++ b/view/templates/email/notify/html.tpl
@@ -35,11 +35,13 @@
 			
 		
 		
+			
 			
 				{{$thanks}}
 			
 		
 		
+			
 			
 				{{$site_admin}}
 			
diff --git a/view/templates/email/system/html.tpl b/view/templates/email/system/html.tpl
index 8f4e1573f3..313a066273 100644
--- a/view/templates/email/system/html.tpl
+++ b/view/templates/email/system/html.tpl
@@ -18,7 +18,7 @@
 			
 				{{$thanks}}
 			
-	
+		
 	
 		
 			{{$site_admin}}

From 03e8609e4ec9940d70eacb9290b599cfd964557d Mon Sep 17 00:00:00 2001
From: Michael 
Date: Sun, 8 Mar 2020 19:48:26 +0000
Subject: [PATCH 5/5] Performance changes to the gcontact discovery

---
 src/Model/GContact.php        | 35 ++++++++++++-----------------------
 src/Worker/UpdateGContact.php |  8 +++-----
 2 files changed, 15 insertions(+), 28 deletions(-)

diff --git a/src/Model/GContact.php b/src/Model/GContact.php
index a13b719a9c..19ab87ca45 100644
--- a/src/Model/GContact.php
+++ b/src/Model/GContact.php
@@ -1282,7 +1282,7 @@ class GContact
 	 * @param string $url URL of a profile
 	 * @return void
 	 */
-	public static function discoverFollowers(string $url, int $following_gcid = 0, int $follower_gcid = 0)
+	public static function discoverFollowers(string $url)
 	{
 		$gcontact = DBA::selectFirst('gcontact', ['id', 'last_discovery'], ['nurl' => Strings::normaliseLink(($url))]);
 		if (!DBA::isResult($gcontact)) {
@@ -1296,16 +1296,6 @@ class GContact
 
 		$gcid = $gcontact['id'];
 
-		if (!empty($following_gcid)) {
-			$fields = ['gcid' => $following_gcid, 'follower-gcid' => $gcid];
-			Logger::info('Set relation for followed gcontact', $fields);
-			DBA::update('gfollower', ['deleted' => false], $fields, true);
-		} elseif (!empty($follower_gcid)) {
-			$fields = ['gcid' => $gcid, 'follower-gcid' => $follower_gcid];
-			Logger::info('Set relation for following gcontact', $fields);
-			DBA::update('gfollower', ['deleted' => false], $fields, true);
-		}
-
 		$apcontact = APContact::getByURL($url);
 
 		if (!empty($apcontact['followers']) && is_string($apcontact['followers'])) {
@@ -1350,17 +1340,12 @@ class GContact
 					continue;
 				}
 
-				$follower_gcid = 0;
-				$following_gcid = 0;
-
-				if (in_array($contact, $followers)) {
-					$following_gcid = $gcid;
-				} elseif (in_array($contact, $followings)) {
-					$follower_gcid = $gcid;
+				if (!Network::isUrlBlocked($contact)) {
+					Logger::info('Discover new AP contact', ['url' => $contact]);
+					Worker::add(PRIORITY_LOW, 'UpdateGContact', $contact);
+				} else {
+					Logger::info('No discovery, the URL is blocked.', ['url' => $contact]);
 				}
-
-				Logger::info('Discover new AP contact', ['url' => $contact]);
-				Worker::add(PRIORITY_LOW, 'UpdateGContact', $contact, '', $following_gcid, $follower_gcid);
 			}
 			if (!empty($followers)) {
 				// Delete all followers that aren't undeleted
@@ -1395,8 +1380,12 @@ class GContact
 						if (DBA::exists('gcontact', ['nurl' => Strings::normaliseLink(($entry['value']))])) {
 							continue;
 						}
-						Logger::info('Discover new PoCo contact', ['url' => $entry['value']]);
-						Worker::add(PRIORITY_LOW, 'UpdateGContact', $entry['value']);
+						if (!Network::isUrlBlocked($entry['value'])) {
+							Logger::info('Discover new PoCo contact', ['url' => $entry['value']]);
+							Worker::add(PRIORITY_LOW, 'UpdateGContact', $entry['value']);
+						} else {
+							Logger::info('No discovery, the URL is blocked.', ['url' => $entry['value']]);
+						}
 					}
 				}
 			}
diff --git a/src/Worker/UpdateGContact.php b/src/Worker/UpdateGContact.php
index fda1a650b4..b88e0899e9 100644
--- a/src/Worker/UpdateGContact.php
+++ b/src/Worker/UpdateGContact.php
@@ -29,12 +29,10 @@ class UpdateGContact
 {
 	/**
 	 * Update global contact via probe
-	 * @param string  $url            Global contact url
+	 * @param string  $url     Global contact url
 	 * @param string  $command
-	 * @param integer $following_gcid gcontact ID of the contact that is followed by this one
-	 * @param integer $follower_gcid  gcontact ID of the contact that is following this one
 	 */
-	public static function execute(string $url, string $command = '', int $following_gcid = 0, int $follower_gcid = 0)
+	public static function execute(string $url, string $command = '')
 	{
 		$force = ($command == "force");
 
@@ -43,7 +41,7 @@ class UpdateGContact
 		Logger::info('Updated from probe', ['url' => $url, 'force' => $force, 'success' => $success]);
 
 		if ($success && DI::config()->get('system', 'gcontact_discovery')) {
-			GContact::discoverFollowers($url, $following_gcid, $follower_gcid);
+			GContact::discoverFollowers($url);
 		}
 	}
 }