rework the way private photos are embedded to avoid url differences and also check the permissions if possible to make sure that nothing sneaks by.

2012-05-27 21:01:58 -07:00 · 2012-05-27 21:01:58 -07:00 · 2bd1004587
parent 08941d4285
commit 2bd1004587
6 changed files with 142 additions and 69 deletions
--- a/boot.php
+++ b/boot.php
@ -9,7 +9,7 @@ require_once('include/nav.php');
 require_once('include/cache.php');
 define ( 'FRIENDICA_PLATFORM',     'Friendica');
-define ( 'FRIENDICA_VERSION',      '3.0.1355' );
+define ( 'FRIENDICA_VERSION',      '3.0.1356' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.23'    );
 define ( 'DB_UPDATE_VERSION',      1144      );
--- a/include/delivery.php
+++ b/include/delivery.php
@ -288,7 +288,7 @@ function delivery_run($argv, $argc){
 					if($normal_mode) {
 						if($item_id == $item['id'] || $item['id'] == $item['parent'])
-							$atom .= atom_entry($item,'text',null,$owner,true);
+							$atom .= atom_entry($item,'text',null,$owner,true,(($top_level) ? $contact['id'] : 0));
 					}
 					else
 						$atom .= atom_entry($item,'text',null,$owner,true);
--- a/include/items.php
+++ b/include/items.php
@ -2832,7 +2832,7 @@ function atom_author($tag,$name,$uri,$h,$w,$photo) {
 	return $o;
 }
-function atom_entry($item,$type,$author,$owner,$comment = false) {
+function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) {
 	$a = get_app();
@ -2844,7 +2844,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false) {
 	if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid'])
-		$body = fix_private_photos($item['body'],$owner['uid']);
+		$body = fix_private_photos($item['body'],$owner['uid'],$item,$cid);
 	else
 		$body = $item['body'];
@ -2927,14 +2927,17 @@ function atom_entry($item,$type,$author,$owner,$comment = false) {
 	return $o;
 }
-function fix_private_photos($s,$uid) {
+function fix_private_photos($s,$uid, $item = null, $cid = 0) {
 	$a = get_app();
-	logger('fix_private_photos');
+
 	logger('fix_private_photos', LOGGER_DEBUG);
 	$site = substr($a->get_baseurl(),strpos($a->get_baseurl,'://'));
 	if(preg_match("/\[img\](.*?)\[\/img\]/is",$s,$matches)) {
 		$image = $matches[1];
-		logger('fix_private_photos: found photo ' . $image);
+		logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG);
-		if(stristr($image ,$a->get_baseurl() . '/photo/')) {
+		if(stristr($image , $site . '/photo/')) {
 			$replace = false;
 			$i = basename($image);
 			$i = str_replace('.jpg','',$i);
 			$x = strpos($i,'-');
@ -2947,8 +2950,39 @@ function fix_private_photos($s,$uid) {
 					intval($uid)
 				);
 				if(count($r)) {
-					logger('replacing photo');
+
-					$s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s);
+					// Check to see if we should replace this photo link with an embedded image
 					// 1. No need to do so if the photo is public
 					// 2. If there's a contact-id provided, see if they're in the access list
 					//    for the photo. If so, embed it. 
 					// 3. Otherwise, if we have an item, see if the item permissions match the photo
 					//    permissions, regardless of order but first check to see if they're an exact
 					//    match to save some processing overhead.
 					// Currently we only embed one private photo per message so as not to hit import 
 					// size limits at the receiving end.
 					// To embed multiples, we would need to parse out the embedded photos on message
 					// receipt and limit size based only on the text component. Would also need to
 					// ignore all photos during bbcode translation and item localisation, as these
 					// will hit internal regex backtrace limits.  
 					if(has_permissions($r[0])) {
 						if($cid) {
 							$recips = enumerate_permissions($r[0]);
 							if(in_array($cid, $recips)) {
 								$replace = true;	
 							}
 						}
 						elseif($item) {
 							if(compare_permissions($item,$r[0]))
 								$replace = true;
 						}
 					}
 					if($replace) {
 						logger('replacing photo');
 						$s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s);
 					}
 				}
 			}
 			logger('fix_private_photos: replaced: ' . $s, LOGGER_DATA);
@ -2958,6 +2992,44 @@ function fix_private_photos($s,$uid) {
 }
 function has_permissions($obj) {
 	if(($obj['allow_cid'] != '') || ($obj['allow_gid'] != '') || ($obj['deny_cid'] != '') || ($obj['deny_gid'] != ''))
 		return true;
 	return false;
 }
 function compare_permissions($obj1,$obj2) {
 	// first part is easy. Check that these are exactly the same. 
 	if(($obj1['allow_cid'] == $obj2['allow_cid'])
 		&& ($obj1['allow_gid'] == $obj2['allow_gid'])
 		&& ($obj1['deny_cid'] == $obj2['deny_cid'])
 		&& ($obj1['deny_gid'] == $obj2['deny_gid']))
 		return true;
 	// This is harder. Parse all the permissions and compare the resulting set.
 	$recipients1 = enumerate_permissions($obj1);
 	$recipients2 = enumerate_permissions($obj2);
 	sort($recipients1);
 	sort($recipients2);
 	if($recipients1 == $recipients2)
 		return true;
 	return false;
 }
 // returns an array of contact-ids that are allowed to see this object
 function enumerate_permissions($obj) {
 	require_once('include/group.php');
 	$allow_people = expand_acl($obj['allow_cid']);
 	$allow_groups = expand_groups(expand_acl($obj['allow_gid']));
 	$deny_people  = expand_acl($obj['deny_cid']);
 	$deny_groups  = expand_groups(expand_acl($obj['deny_gid']));
 	$recipients   = array_unique(array_merge($allow_people,$allow_groups));
 	$deny         = array_unique(array_merge($deny_people,$deny_groups));
 	$recipients   = array_diff($recipients,$deny);
 	return $recipients;
 }
 function item_getfeedtags($item) {
 	$ret = array();
--- a/include/notifier.php
+++ b/include/notifier.php
@ -345,7 +345,7 @@ function notifier_run($argv, $argc){
 	if($mail) {
 		$public_message = false;  // mail is  not public
-		$body = fix_private_photos($item['body'],$owner['uid']);
+		$body = fix_private_photos($item['body'],$owner['uid'],null,$message[0]['contact-id']);
 		$atom .= replace_macros($mail_template, array(
 			'$name'         => xmlify($owner['name']),
--- a/mod/settings.php
+++ b/mod/settings.php
@ -15,6 +15,7 @@ function get_theme_config_file($theme){
 }
 function settings_init(&$a) {
 	// These lines provide the javascript needed by the acl selector
 	$a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "';" ;
--- a/util/messages.po
+++ b/util/messages.po
@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: 3.0.1355\n"
+"Project-Id-Version: 3.0.1356\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2012-05-26 10:00-0700\n"
+"POT-Creation-Date: 2012-05-27 10:00-0700\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -221,7 +221,7 @@ msgid "link to source"
 msgstr ""
 #: ../../mod/events.php:324 ../../view/theme/diabook/theme.php:126
-#: ../../include/nav.php:52 ../../boot.php:1523
+#: ../../include/nav.php:52 ../../boot.php:1520
 msgid "Events"
 msgstr ""
@ -271,7 +271,7 @@ msgid "Description:"
 msgstr ""
 #: ../../mod/events.php:423 ../../include/event.php:37
-#: ../../include/bb2diaspora.php:260 ../../boot.php:1103
+#: ../../include/bb2diaspora.php:265 ../../boot.php:1100
 msgid "Location:"
 msgstr ""
@ -346,7 +346,7 @@ msgstr ""
 msgid "No"
 msgstr ""
-#: ../../mod/photos.php:43 ../../boot.php:1517
+#: ../../mod/photos.php:43 ../../boot.php:1514
 msgid "Photo Albums"
 msgstr ""
@ -551,7 +551,7 @@ msgstr ""
 #: ../../mod/photos.php:1295 ../../mod/photos.php:1335
 #: ../../mod/photos.php:1366 ../../include/conversation.php:558
-#: ../../boot.php:517
+#: ../../boot.php:514
 msgid "Comment"
 msgstr ""
@ -1135,7 +1135,7 @@ msgid ""
 msgstr ""
 #: ../../mod/localtime.php:12 ../../include/event.php:11
-#: ../../include/bb2diaspora.php:238
+#: ../../include/bb2diaspora.php:243
 msgid "l F d, Y \\@ g:i A"
 msgstr ""
@ -1181,7 +1181,7 @@ msgid "is interested in:"
 msgstr ""
 #: ../../mod/match.php:58 ../../mod/suggest.php:59
-#: ../../include/contact_widgets.php:9 ../../boot.php:1047
+#: ../../include/contact_widgets.php:9 ../../boot.php:1044
 msgid "Connect"
 msgstr ""
@ -1708,7 +1708,7 @@ msgstr ""
 #: ../../addon/facebook/facebook.php:1178
 #: ../../addon/public_server/public_server.php:62
 #: ../../addon/testdrive/testdrive.php:67 ../../include/items.php:2738
-#: ../../boot.php:697
+#: ../../boot.php:694
 msgid "Administrator"
 msgstr ""
@ -1718,7 +1718,7 @@ msgid ""
 "Password reset failed."
 msgstr ""
-#: ../../mod/lostpass.php:83 ../../boot.php:829
+#: ../../mod/lostpass.php:83 ../../boot.php:826
 msgid "Password Reset"
 msgstr ""
@ -2384,7 +2384,7 @@ msgstr ""
 msgid "Invalid contact."
 msgstr ""
-#: ../../mod/notes.php:44 ../../boot.php:1529
+#: ../../mod/notes.php:44 ../../boot.php:1526
 msgid "Personal Notes"
 msgstr ""
@ -2635,7 +2635,7 @@ msgstr ""
 #: ../../mod/profperm.php:103 ../../view/theme/diabook/theme.php:123
 #: ../../include/profile_advanced.php:7 ../../include/profile_advanced.php:74
-#: ../../include/nav.php:50 ../../boot.php:1508
+#: ../../include/nav.php:50 ../../boot.php:1505
 msgid "Profile"
 msgstr ""
@ -2807,7 +2807,7 @@ msgstr ""
 msgid "Choose a nickname: "
 msgstr ""
-#: ../../mod/register.php:546 ../../include/nav.php:81 ../../boot.php:795
+#: ../../mod/register.php:546 ../../include/nav.php:81 ../../boot.php:792
 msgid "Register"
 msgstr ""
@ -2850,7 +2850,7 @@ msgid "Access denied."
 msgstr ""
 #: ../../mod/fbrowser.php:23 ../../view/theme/diabook/theme.php:125
-#: ../../include/nav.php:51 ../../boot.php:1514
+#: ../../include/nav.php:51 ../../boot.php:1511
 msgid "Photos"
 msgstr ""
@ -3633,7 +3633,7 @@ msgstr ""
 msgid "FTP Password"
 msgstr ""
-#: ../../mod/profile.php:21 ../../boot.php:960
+#: ../../mod/profile.php:21 ../../boot.php:957
 msgid "Requested profile is not available."
 msgstr ""
@ -3703,8 +3703,8 @@ msgid ""
 "Account not found and OpenID registration is not permitted on this site."
 msgstr ""
-#: ../../mod/openid.php:93 ../../include/auth.php:97
+#: ../../mod/openid.php:93 ../../include/auth.php:99
-#: ../../include/auth.php:160
+#: ../../include/auth.php:162
 msgid "Login failed."
 msgstr ""
@ -4051,23 +4051,23 @@ msgstr ""
 msgid "Edit/Manage Profiles"
 msgstr ""
-#: ../../mod/profiles.php:630 ../../boot.php:1069
+#: ../../mod/profiles.php:630 ../../boot.php:1066
 msgid "Change profile photo"
 msgstr ""
-#: ../../mod/profiles.php:631 ../../boot.php:1070
+#: ../../mod/profiles.php:631 ../../boot.php:1067
 msgid "Create New Profile"
 msgstr ""
-#: ../../mod/profiles.php:642 ../../boot.php:1080
+#: ../../mod/profiles.php:642 ../../boot.php:1077
 msgid "Profile Image"
 msgstr ""
-#: ../../mod/profiles.php:644 ../../boot.php:1083
+#: ../../mod/profiles.php:644 ../../boot.php:1080
 msgid "visible to everybody"
 msgstr ""
-#: ../../mod/profiles.php:645 ../../boot.php:1084
+#: ../../mod/profiles.php:645 ../../boot.php:1081
 msgid "Edit visibility"
 msgstr ""
@ -4675,7 +4675,7 @@ msgstr ""
 #: ../../addon/page/page.php:63 ../../addon/showmore/showmore.php:87
 #: ../../include/contact_widgets.php:188 ../../include/conversation.php:470
-#: ../../boot.php:518
+#: ../../boot.php:515
 msgid "show more"
 msgstr ""
@ -4691,7 +4691,7 @@ msgstr ""
 #: ../../addon/communityhome/communityhome.php:34
 #: ../../addon/communityhome/twillingham/communityhome.php:28
 #: ../../addon/communityhome/twillingham/communityhome.php:34
-#: ../../include/nav.php:64 ../../boot.php:816
+#: ../../include/nav.php:64 ../../boot.php:813
 msgid "Login"
 msgstr ""
@ -5868,7 +5868,7 @@ msgstr ""
 msgid "Set colour scheme"
 msgstr ""
-#: ../../include/profile_advanced.php:17 ../../boot.php:1105
+#: ../../include/profile_advanced.php:17 ../../boot.php:1102
 msgid "Gender:"
 msgstr ""
@ -5889,11 +5889,11 @@ msgstr ""
 msgid "Age:"
 msgstr ""
-#: ../../include/profile_advanced.php:37 ../../boot.php:1108
+#: ../../include/profile_advanced.php:37 ../../boot.php:1105
 msgid "Status:"
 msgstr ""
-#: ../../include/profile_advanced.php:45 ../../boot.php:1110
+#: ../../include/profile_advanced.php:45 ../../boot.php:1107
 msgid "Homepage:"
 msgstr ""
@ -6249,11 +6249,11 @@ msgstr ""
 msgid "Ask me"
 msgstr ""
-#: ../../include/event.php:17 ../../include/bb2diaspora.php:244
+#: ../../include/event.php:17 ../../include/bb2diaspora.php:249
 msgid "Starts:"
 msgstr ""
-#: ../../include/event.php:27 ../../include/bb2diaspora.php:252
+#: ../../include/event.php:27 ../../include/bb2diaspora.php:257
 msgid "Finishes:"
 msgstr ""
@ -6477,7 +6477,7 @@ msgstr ""
 msgid "Contacts not in any group"
 msgstr ""
-#: ../../include/nav.php:46 ../../boot.php:815
+#: ../../include/nav.php:46 ../../boot.php:812
 msgid "Logout"
 msgstr ""
@ -6485,7 +6485,7 @@ msgstr ""
 msgid "End this session"
 msgstr ""
-#: ../../include/nav.php:49 ../../boot.php:1502
+#: ../../include/nav.php:49 ../../boot.php:1499
 msgid "Status"
 msgstr ""
@ -6565,11 +6565,11 @@ msgstr ""
 msgid "Manage other pages"
 msgstr ""
-#: ../../include/nav.php:138 ../../boot.php:1063
+#: ../../include/nav.php:138 ../../boot.php:1060
 msgid "Profiles"
 msgstr ""
-#: ../../include/nav.php:138 ../../boot.php:1063
+#: ../../include/nav.php:138 ../../boot.php:1060
 msgid "Manage/edit profiles"
 msgstr ""
@ -6652,13 +6652,13 @@ msgstr ""
 msgid "Logged out."
 msgstr ""
-#: ../../include/auth.php:113
+#: ../../include/auth.php:115
 msgid ""
 "We encountered a problem while logging in with the OpenID you provided. "
 "Please check the correct spelling of the ID."
 msgstr ""
-#: ../../include/auth.php:113
+#: ../../include/auth.php:115
 msgid "The error message was:"
 msgstr ""
@ -7236,96 +7236,96 @@ msgstr ""
 msgid "permissions"
 msgstr ""
-#: ../../boot.php:516
+#: ../../boot.php:513
 msgid "Delete this item?"
 msgstr ""
-#: ../../boot.php:519
+#: ../../boot.php:516
 msgid "show fewer"
 msgstr ""
-#: ../../boot.php:692
+#: ../../boot.php:689
 #, php-format
 msgid "Update %s failed. See error logs."
 msgstr ""
-#: ../../boot.php:694
+#: ../../boot.php:691
 #, php-format
 msgid "Update Error at %s"
 msgstr ""
-#: ../../boot.php:794
+#: ../../boot.php:791
 msgid "Create a New Account"
 msgstr ""
-#: ../../boot.php:818
+#: ../../boot.php:815
 msgid "Nickname or Email address: "
 msgstr ""
-#: ../../boot.php:819
+#: ../../boot.php:816
 msgid "Password: "
 msgstr ""
-#: ../../boot.php:822
+#: ../../boot.php:819
 msgid "Or login using OpenID: "
 msgstr ""
-#: ../../boot.php:828
+#: ../../boot.php:825
 msgid "Forgot your password?"
 msgstr ""
-#: ../../boot.php:995
+#: ../../boot.php:992
 msgid "Edit profile"
 msgstr ""
-#: ../../boot.php:1055
+#: ../../boot.php:1052
 msgid "Message"
 msgstr ""
-#: ../../boot.php:1171 ../../boot.php:1247
+#: ../../boot.php:1168 ../../boot.php:1244
 msgid "g A l F d"
 msgstr ""
-#: ../../boot.php:1172 ../../boot.php:1248
+#: ../../boot.php:1169 ../../boot.php:1245
 msgid "F d"
 msgstr ""
-#: ../../boot.php:1217 ../../boot.php:1288
+#: ../../boot.php:1214 ../../boot.php:1285
 msgid "[today]"
 msgstr ""
-#: ../../boot.php:1229
+#: ../../boot.php:1226
 msgid "Birthday Reminders"
 msgstr ""
-#: ../../boot.php:1230
+#: ../../boot.php:1227
 msgid "Birthdays this week:"
 msgstr ""
-#: ../../boot.php:1281
+#: ../../boot.php:1278
 msgid "[No description]"
 msgstr ""
-#: ../../boot.php:1299
+#: ../../boot.php:1296
 msgid "Event Reminders"
 msgstr ""
-#: ../../boot.php:1300
+#: ../../boot.php:1297
 msgid "Events this week:"
 msgstr ""
-#: ../../boot.php:1505
+#: ../../boot.php:1502
 msgid "Status Messages and Posts"
 msgstr ""
-#: ../../boot.php:1511
+#: ../../boot.php:1508
 msgid "Profile Details"
 msgstr ""
-#: ../../boot.php:1526
+#: ../../boot.php:1523
 msgid "Events and Calendar"
 msgstr ""
-#: ../../boot.php:1532
+#: ../../boot.php:1529
 msgid "Only You Can See This"
 msgstr ""