From a2a8afa58360cd655f1b60c3de3b369a03f9be80 Mon Sep 17 00:00:00 2001 From: rabuzarus <> Date: Thu, 28 May 2015 19:54:23 +0200 Subject: [PATCH 01/10] block local directory for public access --- htconfig.php | 4 ++++ mod/directory.php | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/htconfig.php b/htconfig.php index 4208924cfd..4c88b6e742 100644 --- a/htconfig.php +++ b/htconfig.php @@ -94,3 +94,7 @@ $a->config['system']['lockpath'] = ""; // Use the old style "share" // $a->config['system']['old_share'] = false; + +//Deny public access to the local directory +//$a->config['system']['block_local_dir'] = false; + diff --git a/mod/directory.php b/mod/directory.php index 7fab53b680..81f3c52c7c 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -29,7 +29,7 @@ function directory_content(&$a) { require_once("mod/proxy.php"); - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { + if((get_config('system','block_public')) && (! local_user()) && (! remote_user()) || (get_config('system','block_local_dir'))) { notice( t('Public access denied.') . EOL); return; } From 3e0635992fbf66593fceb428162d27dc2124c613 Mon Sep 17 00:00:00 2001 From: rabuzarus <> Date: Fri, 29 May 2015 04:05:41 +0200 Subject: [PATCH 02/10] change the conditions --- mod/directory.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mod/directory.php b/mod/directory.php index 81f3c52c7c..b13e17627a 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -29,7 +29,8 @@ function directory_content(&$a) { require_once("mod/proxy.php"); - if((get_config('system','block_public')) && (! local_user()) && (! remote_user()) || (get_config('system','block_local_dir'))) { + if((get_config('system','block_public')) && (! local_user()) && (! remote_user()) || + (get_config('system','block_local_dir')) && (! local_user()) && (! remote_user())) { notice( t('Public access denied.') . EOL); return; } From 8257e7e1e518760ddbdf62263826b7e2ca54df54 Mon Sep 17 00:00:00 2001 From: rabuzarus <> Date: Mon, 1 Jun 2015 01:50:27 +0200 Subject: [PATCH 03/10] block poco if block_local_dir is true --- mod/poco.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod/poco.php b/mod/poco.php index 86b43d651d..89f2f879a0 100644 --- a/mod/poco.php +++ b/mod/poco.php @@ -5,7 +5,7 @@ function poco_init(&$a) { $system_mode = false; - if(intval(get_config('system','block_public'))) + if(intval(get_config('system','block_public')) || (get_config('system','block_local_dir'))) http_status_exit(401); From 939e5abfeea9f0e393bdcdae2be6c3a44bc7ce15 Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Tue, 2 Jun 2015 16:16:40 +0200 Subject: [PATCH 04/10] BBCode: In [url] the removing of unknown protocols is disabled --- include/bbcode.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/bbcode.php b/include/bbcode.php index 01a1419567..6c7f39a9ff 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1180,13 +1180,13 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal $Text = preg_replace("/\[event\-summary\](.*?)\[\/event\-summary\]/ism",'',$Text); $Text = preg_replace("/\[event\-description\](.*?)\[\/event\-description\]/ism",'',$Text); - $Text = preg_replace("/\[event\-start\](.*?)\[\/event\-start\]/ism",$sub,$Text); + $Text = preg_replace("/\[event\-start\](.*?)\[\/event\-start\]/ism",$sub,$Text); $Text = preg_replace("/\[event\-finish\](.*?)\[\/event\-finish\]/ism",'',$Text); $Text = preg_replace("/\[event\-location\](.*?)\[\/event\-location\]/ism",'',$Text); $Text = preg_replace("/\[event\-adjust\](.*?)\[\/event\-adjust\]/ism",'',$Text); } - // Unhide all [noparse] contained bbtags unspacefying them + // Unhide all [noparse] contained bbtags unspacefying them // and triming the [noparse] tag. $Text = preg_replace_callback("/\[noparse\](.*?)\[\/noparse\]/ism", 'bb_unspacefy_and_trim',$Text); @@ -1200,7 +1200,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal // fix any escaped ampersands that may have been converted into links $Text = preg_replace("/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text); - $Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|cid)(.*?)\>/ism",'<$1$2="">',$Text); +// $Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|cid)(.*?)\>/ism",'<$1$2="">',$Text); if($saved_image) $Text = bb_replace_images($Text, $saved_image); From 896cb6ebf09595f7249003da6d7ab8dfa13373b8 Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Tue, 2 Jun 2015 16:19:40 +0200 Subject: [PATCH 05/10] Small change in the API (some new Twitter fields - but without function) --- include/api.php | 52 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 41 insertions(+), 11 deletions(-) diff --git a/include/api.php b/include/api.php index a9e0edc808..d1132635d3 100644 --- a/include/api.php +++ b/include/api.php @@ -395,19 +395,27 @@ 'screen_name' => (($r[0]['nick']) ? $r[0]['nick'] : $r[0]['name']), 'location' => NULL, 'description' => NULL, - 'profile_image_url' => $r[0]["avatar"], - 'profile_image_url_https' => $r[0]["avatar"], 'url' => $r[0]["url"], 'protected' => false, 'followers_count' => 0, 'friends_count' => 0, + 'listed_count' => 0, 'created_at' => api_date(0), 'favourites_count' => 0, 'utc_offset' => 0, 'time_zone' => 'UTC', - 'statuses_count' => 0, - 'following' => false, + 'geo_enabled' => false, 'verified' => false, + 'statuses_count' => 0, + 'lang' => '', + 'contributors_enabled' => false, + 'is_translator' => false, + 'is_translation_enabled' => false, + 'profile_image_url' => $r[0]["avatar"], + 'profile_image_url_https' => $r[0]["avatar"], + 'following' => false, + 'follow_request_sent' => false, + 'notifications' => false, 'statusnet_blocking' => false, 'notifications' => false, 'statusnet_profile_url' => $r[0]["url"], @@ -954,20 +962,29 @@ $converted = api_convert_item($item); $status_info = array( - 'text' => $converted["text"], - 'truncated' => false, 'created_at' => api_date($lastwall['created']), - 'in_reply_to_status_id' => $in_reply_to_status_id, - 'in_reply_to_status_id_str' => $in_reply_to_status_id_str, - 'source' => (($lastwall['app']) ? $lastwall['app'] : 'web'), 'id' => intval($lastwall['id']), 'id_str' => (string) $lastwall['id'], + 'text' => $converted["text"], + 'source' => (($lastwall['app']) ? $lastwall['app'] : 'web'), + 'truncated' => false, + 'in_reply_to_status_id' => $in_reply_to_status_id, + 'in_reply_to_status_id_str' => $in_reply_to_status_id_str, 'in_reply_to_user_id' => $in_reply_to_user_id, 'in_reply_to_user_id_str' => $in_reply_to_user_id_str, 'in_reply_to_screen_name' => $in_reply_to_screen_name, - 'geo' => NULL, - 'favorited' => $lastwall['starred'] ? true : false, 'user' => $user_info, + 'geo' => NULL, + 'coordinates' => "", + 'place' => "", + 'contributors' => "", + 'is_quote_status' => false, + 'retweet_count' => 0, + 'favorite_count' => 0, + 'favorited' => $lastwall['starred'] ? true : false, + 'retweeted' => false, + 'possibly_sensitive' => false, + 'lang' => "", 'statusnet_html' => $converted["html"], 'statusnet_conversation_id' => $lastwall['parent'], ); @@ -2957,6 +2974,19 @@ function api_best_nickname(&$contacts) { /* +To.Do: + [pagename] => api/1.1/statuses/lookup.json + [id] => 605138389168451584 + [include_cards] => true + [cards_platform] => Android-12 + [include_entities] => true + [include_my_retweet] => 1 + [include_rts] => 1 + [include_reply_count] => true + [include_descendent_reply_count] => true + + + Not implemented by now: statuses/retweets_of_me friendships/create From e028263ca8e1585ead2ba5ac87168fda607af0a9 Mon Sep 17 00:00:00 2001 From: fabrixxm Date: Tue, 2 Jun 2015 18:38:16 +0200 Subject: [PATCH 06/10] close correctly `span` tag in `oembed_format_object()` fix issue #1612 --- include/oembed.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/oembed.php b/include/oembed.php index 6fc9817299..26746af51c 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -193,8 +193,9 @@ function oembed_format_object($j){ } else { // add for html2bbcode conversion $ret .= "$embedurl"; - $ret.="
"; + $ret .= "
"; } + $ret.=""; return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret)); } From 20b14b053a75c6d49c74925827b5943bc416f16f Mon Sep 17 00:00:00 2001 From: fabrixxm Date: Tue, 2 Jun 2015 18:59:46 +0200 Subject: [PATCH 07/10] mask '#' in `[url]` url fix #1514 --- include/items.php | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/include/items.php b/include/items.php index 87a7daea0b..67dbbfeaf9 100644 --- a/include/items.php +++ b/include/items.php @@ -1697,12 +1697,12 @@ function item_body_set_hashtags(&$item) { // mask hashtags inside of url, bookmarks and attachments to avoid urls in urls $item["body"] = preg_replace_callback("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", function ($match){ - return("[url=".$match[1]."]".str_replace("#", "#", $match[2])."[/url]"); + return("[url=".str_replace("#", "#", $match[1])."]".str_replace("#", "#", $match[2])."[/url]"); },$item["body"]); $item["body"] = preg_replace_callback("/\[bookmark\=([$URLSearchString]*)\](.*?)\[\/bookmark\]/ism", function ($match){ - return("[bookmark=".$match[1]."]".str_replace("#", "#", $match[2])."[/bookmark]"); + return("[bookmark=".str_replace("#", "#", $match[1])."]".str_replace("#", "#", $match[2])."[/bookmark]"); },$item["body"]); $item["body"] = preg_replace_callback("/\[attachment (.*)\](.*?)\[\/attachment\]/ism", @@ -1714,6 +1714,7 @@ function item_body_set_hashtags(&$item) { $item["body"] = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", "#$2", $item["body"]); + foreach($tags as $tag) { if(strpos($tag,'#') !== 0) continue; @@ -4956,17 +4957,17 @@ function first_post_date($uid,$wall = false) { /* modified posted_dates() {below} to arrange the list in years */ function list_post_dates($uid, $wall) { $dnow = datetime_convert('',date_default_timezone_get(),'now','Y-m-d'); - - $dthen = first_post_date($uid, $wall); + + $dthen = first_post_date($uid, $wall); if(! $dthen) return array(); - + // Set the start and end date to the beginning of the month $dnow = substr($dnow,0,8).'01'; $dthen = substr($dthen,0,8).'01'; - + $ret = array(); - + // Starting with the current month, get the first and last days of every // month down to and including the month of the first post while(substr($dnow, 0, 7) >= substr($dthen, 0, 7)) { @@ -5021,19 +5022,19 @@ function posted_date_widget($url,$uid,$wall) { /* if($wall && intval(get_pconfig($uid,'system','no_wall_archive_widget'))) return $o;*/ - + $visible_years = get_pconfig($uid,'system','archive_visible_years'); if(! $visible_years) - $visible_years = 5; - + $visible_years = 5; + $ret = list_post_dates($uid,$wall); - + if(! count($ret)) return $o; $cutoff_year = intval(datetime_convert('',date_default_timezone_get(),'now','Y')) - $visible_years; $cutoff = ((array_key_exists($cutoff_year,$ret))? true : false); - + $o = replace_macros(get_markup_template('posted_date_widget.tpl'),array( '$title' => t('Archives'), '$size' => $visible_years, From dd069124934e2e577e353f7202148517f8f74751 Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Tue, 2 Jun 2015 20:34:48 +0200 Subject: [PATCH 08/10] Avoiding performance problems. --- include/items.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/items.php b/include/items.php index 87a7daea0b..9346d9f16d 100644 --- a/include/items.php +++ b/include/items.php @@ -1166,7 +1166,7 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa } } } - +/* // If there is no guid then take the same guid that was taken before for the same uri if ((trim($arr['guid']) == "") AND (trim($arr['uri']) != "")) { logger('item_store: checking for an existing guid for uri '.$arr['uri'], LOGGER_DEBUG); @@ -1192,7 +1192,7 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa logger('item_store: found guid '.$arr['guid'].' for plink '.$arr['plink'], LOGGER_DEBUG); } } - +*/ // Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin. // Deactivated, since the bbcode parser can handle with it - and it destroys posts with some smileys that contain "<" //if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) From bea70296bf31f7ba60f96f89cbda28f8c7582fb6 Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Tue, 2 Jun 2015 22:07:39 +0200 Subject: [PATCH 09/10] Fixes slow performance after one of the last pull requests. --- boot.php | 2 +- database.sql | 10 ++++++++-- include/dbstructure.php | 5 +++++ include/items.php | 30 ++++++++++++++++++++---------- update.php | 2 +- 5 files changed, 35 insertions(+), 14 deletions(-) diff --git a/boot.php b/boot.php index 5994b2030a..465bec6775 100644 --- a/boot.php +++ b/boot.php @@ -18,7 +18,7 @@ define ( 'FRIENDICA_PLATFORM', 'Friendica'); define ( 'FRIENDICA_CODENAME', 'Lily of the valley'); define ( 'FRIENDICA_VERSION', '3.4.0' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); -define ( 'DB_UPDATE_VERSION', 1184 ); +define ( 'DB_UPDATE_VERSION', 1185 ); define ( 'EOL', "
\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); diff --git a/database.sql b/database.sql index ab597825cd..b65dee657b 100644 --- a/database.sql +++ b/database.sql @@ -1,6 +1,6 @@ -- ------------------------------------------ -- Friendica 3.4.0 (Lily of the valley) --- DB_UPDATE_VERSION 1183 +-- DB_UPDATE_VERSION 1185 -- ------------------------------------------ @@ -358,7 +358,12 @@ CREATE TABLE IF NOT EXISTS `group_member` ( CREATE TABLE IF NOT EXISTS `guid` ( `id` int(10) unsigned NOT NULL auto_increment PRIMARY KEY, `guid` varchar(255) NOT NULL DEFAULT '', - INDEX `guid` (`guid`) + `plink` varchar(255) NOT NULL DEFAULT '', + `uri` varchar(255) NOT NULL DEFAULT '', + `network` varchar(32) NOT NULL DEFAULT '', + INDEX `guid` (`guid`), + INDEX `plink` (`plink`), + INDEX `uri` (`uri`) ) DEFAULT CHARSET=utf8; -- @@ -587,6 +592,7 @@ CREATE TABLE IF NOT EXISTS `notify` ( `msg` mediumtext NOT NULL, `uid` int(11) NOT NULL DEFAULT 0, `link` varchar(255) NOT NULL DEFAULT '', + `iid` int(11) NOT NULL DEFAULT 0, `parent` int(11) NOT NULL DEFAULT 0, `seen` tinyint(1) NOT NULL DEFAULT 0, `verb` varchar(255) NOT NULL DEFAULT '', diff --git a/include/dbstructure.php b/include/dbstructure.php index 3a6e0705d0..0f81ee6249 100644 --- a/include/dbstructure.php +++ b/include/dbstructure.php @@ -687,10 +687,15 @@ function db_definition() { "fields" => array( "id" => array("type" => "int(10) unsigned", "not null" => "1", "extra" => "auto_increment", "primary" => "1"), "guid" => array("type" => "varchar(255)", "not null" => "1", "default" => ""), + "plink" => array("type" => "varchar(255)", "not null" => "1", "default" => ""), + "uri" => array("type" => "varchar(255)", "not null" => "1", "default" => ""), + "network" => array("type" => "varchar(32)", "not null" => "1", "default" => ""), ), "indexes" => array( "PRIMARY" => array("id"), "guid" => array("guid"), + "plink" => array("plink"), + "uri" => array("uri"), ) ); $database["hook"] = array( diff --git a/include/items.php b/include/items.php index 9346d9f16d..bd353c5bf3 100644 --- a/include/items.php +++ b/include/items.php @@ -1099,7 +1099,15 @@ function encode_rel_links($links) { return xmlify($o); } +function add_guid($item) { + $r = q("SELECT `guid` FROM `guid` WHERE `guid` = '%s' LIMIT 1", dbesc($item["guid"])); + if ($r) + return; + q("INSERT INTO `guid` (`guid`,`plink`,`uri`,`network`) VALUES ('%s','%s','%s','%s')", + dbesc($item["guid"]), dbesc($item["plink"]), + dbesc($item["uri"]), dbesc($item["network"])); +} function item_store($arr,$force_parent = false, $notify = false, $dontcache = false) { @@ -1166,13 +1174,12 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa } } } -/* + // If there is no guid then take the same guid that was taken before for the same uri - if ((trim($arr['guid']) == "") AND (trim($arr['uri']) != "")) { + if ((trim($arr['guid']) == "") AND (trim($arr['uri']) != "") AND (trim($arr['network']) != "")) { logger('item_store: checking for an existing guid for uri '.$arr['uri'], LOGGER_DEBUG); - $r = q("SELECT `guid` FROM `item` WHERE `uri` = '%s' AND `guid` != '' LIMIT 1", - dbesc(trim($arr['uri'])) - ); + $r = q("SELECT `guid` FROM `guid` WHERE `uri` = '%s' AND `network` = '%s' LIMIT 1", + dbesc(trim($arr['uri'])), dbesc(trim($arr['network']))); if(count($r)) { $arr['guid'] = $r[0]["guid"]; @@ -1181,18 +1188,17 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa } // If there is no guid then take the same guid that was taken before for the same plink - if ((trim($arr['guid']) == "") AND (trim($arr['plink']) != "")) { + if ((trim($arr['guid']) == "") AND (trim($arr['plink']) != "") AND (trim($arr['network']) != "")) { logger('item_store: checking for an existing guid for plink '.$arr['plink'], LOGGER_DEBUG); - $r = q("SELECT `guid` FROM `item` WHERE `plink` = '%s' AND `guid` != '' LIMIT 1", - dbesc(trim($arr['plink'])) - ); + $r = q("SELECT `guid` FROM `guid` WHERE `plink` = '%s' AND `network` = '%s' LIMIT 1", + dbesc(trim($arr['plink'])), dbesc(trim($arr['network']))); if(count($r)) { $arr['guid'] = $r[0]["guid"]; logger('item_store: found guid '.$arr['guid'].' for plink '.$arr['plink'], LOGGER_DEBUG); } } -*/ + // Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin. // Deactivated, since the bbcode parser can handle with it - and it destroys posts with some smileys that contain "<" //if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) @@ -1476,6 +1482,10 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa ); if(count($r)) { + + // Store the guid and other relevant data + add_guid($arr); + $current_post = $r[0]['id']; logger('item_store: created item ' . $current_post); diff --git a/update.php b/update.php index ca86c8557e..c182eb590e 100644 --- a/update.php +++ b/update.php @@ -1,6 +1,6 @@ Date: Tue, 2 Jun 2015 22:10:28 +0200 Subject: [PATCH 10/10] Store the GUID from here as well. --- mod/item.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mod/item.php b/mod/item.php index 27bd5108d2..b104663e9e 100644 --- a/mod/item.php +++ b/mod/item.php @@ -864,6 +864,9 @@ function item_post(&$a) { // NOTREACHED } + // Store the guid and other relevant data + add_guid($datarray); + $post_id = $r[0]['id']; logger('mod_item: saved item ' . $post_id);