From d6a75a0391bfe2021cca0bba9f054044ef79cab7 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 25 Dec 2010 13:51:39 -0800 Subject: [PATCH 1/5] secure profile redirect failed with duplex relationship --- mod/dfrn_poll.php | 10 +++++----- mod/redir.php | 5 +++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index 22d2ee40fb..52272efade 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -99,18 +99,18 @@ function dfrn_poll_init(&$a) { dbesc($sec) ); if(! count($r)) { - xml_status(3); + xml_status(3, 'No ticket'); // NOTREACHED } $orig_id = $r[0]['dfrn_id']; - if(strpos(':',$orig_id)) + if(strpos($orig_id, ':')) $orig_id = substr($orig_id,2); $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($r[0]['cid']) ); if(! count($c)) { - xml_status(3); + xml_status(3, 'No profile'); } $contact = $c[0]; @@ -134,9 +134,9 @@ function dfrn_poll_init(&$a) { $final_dfrn_id = substr($final_dfrn_id,2); if($final_dfrn_id != $orig_id) { - + logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG); // did not decode properly - cannot trust this site - xml_status(3); + xml_status(3, 'Bad decryption'); } header("Content-type: text/xml"); diff --git a/mod/redir.php b/mod/redir.php index cc58b9cd12..ac21aa17eb 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -6,7 +6,7 @@ function redir_init(&$a) { goaway($a->get_baseurl()); $cid = $a->argv[1]; - $r = q("SELECT `network`, `issued-id`, `dfrn-id`, `duplex`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval(local_user()) ); @@ -36,8 +36,9 @@ function redir_init(&$a) { intval(time() + 45) ); + logger('mod_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); + goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id -// . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile'); . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec); } From f6556e0a720bb3de29107520464aa4de242e1631 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 25 Dec 2010 15:01:02 -0800 Subject: [PATCH 2/5] more plugin hooks --- include/items.php | 4 +++- mod/directory.php | 9 ++++++++- mod/parse_url.php | 11 +++++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/include/items.php b/include/items.php index c00ec93ae3..22d47d44fe 100644 --- a/include/items.php +++ b/include/items.php @@ -499,7 +499,9 @@ function get_atom_elements($feed,$item) { $res['target'] .= '' . "\n"; } -// call_hooks('parse_atom', array('feed' => $feed, 'item' => $item, 'result' => $res)); + $arr = array('feed' => $feed, 'item' => $item, 'result' => $res); + + call_hooks('parse_atom', $arr); return $res; } diff --git a/mod/directory.php b/mod/directory.php index 49aac657ce..062aae516f 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -83,7 +83,7 @@ function directory_content(&$a) { if(strlen($rr['gender'])) $details .= '
Gender: ' . $rr['gender']; - $o .= replace_macros($tpl,array( + $entry = replace_macros($tpl,array( '$id' => $rr['id'], '$profile-link' => $profile_link, '$photo' => $rr[$photo], @@ -94,7 +94,14 @@ function directory_content(&$a) { )); + $arr = array('contact' => $rr, 'entry' => $entry); + + call_hooks('directory_item', $arr); + + $o .= $entry; + } + $o .= "
\r\n"; $o .= paginate($a); diff --git a/mod/parse_url.php b/mod/parse_url.php index 1561eb8a3b..b3b42b6cb6 100644 --- a/mod/parse_url.php +++ b/mod/parse_url.php @@ -11,6 +11,16 @@ function parse_url_content(&$a) { $template = "%s%s"; + + $arr = array('url' => $url, 'text' => ''); + + call_hooks('parse_link', $arr); + + if(strlen($arr['text'])) { + echo $arr['text']; + killme(); + } + if($url) $s = fetch_url($url); else { @@ -18,6 +28,7 @@ function parse_url_content(&$a) { killme(); } + if(! $s) { echo sprintf($template,$url,$url,''); killme(); From 38574789554b1e2737359b62b2350c7300d83888 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 25 Dec 2010 16:07:37 -0800 Subject: [PATCH 3/5] updated LICENSE --- LICENSE | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/LICENSE b/LICENSE index 38b32db225..807f7bbce2 100644 --- a/LICENSE +++ b/LICENSE @@ -23,3 +23,14 @@ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Friendika incorporates other software which may be licensed under different +terms and conditions. Some system libraries which are supplied with Friendika +are provided under the LGPL and may result in legal encumberance if you make +any code changes to these libraries. + +Addon or "plugin" modules (within the 'addon' directory) are licensed under +terms provided by the respective software author or authors, and MAY include +copyleft licenses such as GPLv3, AGPL, and/or commercial licenses. For the +purposes of licensing, addon modules are considered separate standalone works. + \ No newline at end of file From b211adfb1290913e11cc77bdd86b733b1f772519 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 25 Dec 2010 17:46:25 -0800 Subject: [PATCH 4/5] more hooks --- mod/display.php | 8 +++++++- mod/network.php | 8 +++++++- mod/profile.php | 7 ++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/mod/display.php b/mod/display.php index 990d0b431b..fd845e608e 100644 --- a/mod/display.php +++ b/mod/display.php @@ -241,7 +241,7 @@ function display_content(&$a) { $indent .= ' shiny'; - $o .= replace_macros($template,array( + $tmp_item = replace_macros($template,array( '$id' => $item['item_id'], '$profile_url' => $profile_link, '$name' => $profile_name, @@ -264,6 +264,12 @@ function display_content(&$a) { '$comment' => $comment )); + $arr = array('item' => $item, 'output' => $tmp_item); + call_hooks('display_item', $arr); + + $o .= $arr['output']; + + } } else { diff --git a/mod/network.php b/mod/network.php index 43c55b8e3f..ad6db2d1e1 100644 --- a/mod/network.php +++ b/mod/network.php @@ -284,7 +284,7 @@ function network_content(&$a, $update = 0) { // Build the HTML - $o .= replace_macros($template,array( + $tmp_item = replace_macros($template,array( '$id' => $item['item_id'], '$profile_url' => $profile_link, '$name' => $profile_name, @@ -306,6 +306,12 @@ function network_content(&$a, $update = 0) { '$dislike' => $dislike, '$comment' => $comment )); + + $arr = array('item' => $item, 'output' => $tmp_item); + call_hooks('display_item', $arr); + + $o .= $arr['output']; + } } diff --git a/mod/profile.php b/mod/profile.php index ffc4128056..cc0debd992 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -342,7 +342,7 @@ function profile_content(&$a, $update = 0) { if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0) $indent .= ' shiny'; - $o .= replace_macros($template,array( + $tmp_item = replace_macros($template,array( '$id' => $item['item_id'], '$profile_url' => $profile_link, '$name' => $profile_name, @@ -360,6 +360,11 @@ function profile_content(&$a, $update = 0) { '$dislike' => $dislike, '$comment' => $comment )); + + $arr = array('item' => $item, 'output' => $tmp_item); + call_hooks('display_item', $arr); + + $o .= $arr['output']; } } From 10dda88684331366b10967981e661acf5b229ac6 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 25 Dec 2010 18:16:17 -0800 Subject: [PATCH 5/5] if sub-projects cannot mandate any terms to our license, we should not force any conditions or license terms on them either. --- LICENSE | 16 +++++++++------- addon/LICENSE | 5 ----- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/LICENSE b/LICENSE index 807f7bbce2..01fe880bdd 100644 --- a/LICENSE +++ b/LICENSE @@ -25,12 +25,14 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Friendika incorporates other software which may be licensed under different -terms and conditions. Some system libraries which are supplied with Friendika -are provided under the LGPL and may result in legal encumberance if you make -any code changes to these libraries. +terms and conditions. Some system libraries which are supplied with and +incorporated into Friendika were provided by their respective authors under +the LGPL (Lesser GNU Public License) and may result in legal encumberance if +you make any code changes to these libraries. Addon or "plugin" modules (within the 'addon' directory) are licensed under -terms provided by the respective software author or authors, and MAY include -copyleft licenses such as GPLv3, AGPL, and/or commercial licenses. For the -purposes of licensing, addon modules are considered separate standalone works. - \ No newline at end of file +terms provided by the respective software author or authors of those works, +and MAY include copyleft licenses such as GPLv3, AGPL, and/or commercial +licenses. For the purposes of licensing, addon modules are considered separate +standalone works. + diff --git a/addon/LICENSE b/addon/LICENSE index 7dd931e307..2e6e056e8c 100644 --- a/addon/LICENSE +++ b/addon/LICENSE @@ -10,8 +10,3 @@ plugin. Addons/plugins may be licensed under copyleft or other license terms. Although these projects may require Friendika to operate, no addon or plugin may mandate any changes to the Friendika project license. - -If no license terms are set on an addon/plugin project, the Friendika BSD -project license will apply to the work, but with the project author as the -license owner and copyright holder. -