From fbc017cdba81fa7b159bca5fd0b3a4fb4885c5ad Mon Sep 17 00:00:00 2001 From: Alexander Kampmann Date: Mon, 5 Mar 2012 22:22:10 +0100 Subject: [PATCH 01/20] added test blueprints, fixed? encoding issues --- tests/xss_filter_tests.php | 140 +++++++++++++++++++++++++++++++++++++ view/de/strings.php | 20 +++--- 2 files changed, 150 insertions(+), 10 deletions(-) create mode 100644 tests/xss_filter_tests.php diff --git a/tests/xss_filter_tests.php b/tests/xss_filter_tests.php new file mode 100644 index 0000000000..2d29e390a2 --- /dev/null +++ b/tests/xss_filter_tests.php @@ -0,0 +1,140 @@ +' + +$validstring=notags($invalidstring); +$escapedString=escape_tags($invalidstring); + +assert("[submit type="button" onclick="alert(\'failed!\');" /]", $validstring); +assert("what ever", $escapedString); + +/** +*autonames should be random, even length +*/ +$autoname1=autoname(10); +$autoname2=autoname(10); + +assertNotEquals($autoname1, $autoname2); + +/** +*autonames should be random, odd length +*/ +$autoname1=autoname(9); +$autoname2=autoname(9); + +assertNotEquals($autoname1, $autoname2); + +/** +* try to fail autonames +*/ +$autoname1=autoname(0); +$autoname2=autoname(MAX_VALUE); +$autoname3=autoname(1); +assert(count($autoname1), 0); +assert(count($autoname2), MAX_VALUE); +assert(count($autoname3), 1); + +/** +*xmlify and unxmlify +*/ +$text="I want to break\n this!11!" +$xml=xmlify($text); //test whether it actually may be part of a xml document +$retext=unxmlify($text); + +assert($text, $retext); + +/** +* test hex2bin and reverse +*/ + +assert(-3, hex2bin(bin2hex(-3))); +assert(0, hex2bin(bin2hex(0))); +assert(12, hex2bin(bin2hex(12))); +assert(MAX_INT, hex2bin(bin2hex(MAX_INT))); + +/** +* test expand_acl +*/ +$text="<1><2><3>"; +assert(array(1, 2, 3), $text); + +$text="<1><279012><15>"; +assert(array(1, 279012, 15), $text); + +$text="<1><279012>"; //maybe that's invalid +assert(array(1, 279012, "tt"), $text); + +$text="<1><279 012>"; //maybe that's invalid +assert(array(1, "279 012", "tt"), $text); + +$text=""; //maybe that's invalid +assert(array(), $text); + +$text="According to documentation, that's invalid. "; //should be invalid +assert(array(), $text); + +$text=" diff --git a/view/de/strings.php b/view/de/strings.php index 284c87f2fa..2d29f69e28 100755 --- a/view/de/strings.php +++ b/view/de/strings.php @@ -4,7 +4,7 @@ function string_plural_select_de($n){ return ($n != 1); } ; -$a->strings["Post successful."] = "Beitrag erfolgreich veröffentlicht."; +$a->strings["Post successful."] = "Beitrag erfolgreich veröffentlicht."; $a->strings["[Embedded content - reload page to view]"] = "[Eingebetteter Inhalt - Seite neu laden zum Betrachten]"; $a->strings["Contact settings applied."] = "Einstellungen zum Kontakt angewandt."; $a->strings["Contact update failed."] = "Konnte den Kontakt nicht aktualisieren."; @@ -12,15 +12,15 @@ $a->strings["Permission denied."] = "Zugriff verweigert."; $a->strings["Contact not found."] = "Kontakt nicht gefunden."; $a->strings["Repair Contact Settings"] = "Kontakt-Einstellungen reparieren"; $a->strings["WARNING: This is highly advanced and if you enter incorrect information your communications with this contact may stop working."] = "ACHTUNG: Das sind Experten-Einstellungen! Wenn Du etwas falsches eingibst, funktioniert die Kommunikation mit diesem Kontakt evtl. nicht mehr."; -$a->strings["Please use your browser 'Back' button now if you are uncertain what to do on this page."] = "Bitte nutze den Zurück-Button deines Browsers jetzt, wenn du dir unsicher bist, was auf dieser Seite gemacht wird."; -$a->strings["Return to contact editor"] = "Zurück zum Kontakteditor"; +$a->strings["Please use your browser 'Back' button now if you are uncertain what to do on this page."] = "Bitte nutze den Zurück-Button deines Browsers jetzt, wenn du dir unsicher bist, was auf dieser Seite gemacht wird."; +$a->strings["Return to contact editor"] = "Zurück zum Kontakteditor"; $a->strings["Name"] = "Name"; $a->strings["Account Nickname"] = "Account-Spitzname"; -$a->strings["@Tagname - overrides Name/Nickname"] = "@Tagname - überschreibt Name/Spitzname"; +$a->strings["@Tagname - overrides Name/Nickname"] = "@Tagname - überschreibt Name/Spitzname"; $a->strings["Account URL"] = "Account-URL"; -$a->strings["Friend Request URL"] = "URL für Freundschaftsanfragen"; -$a->strings["Friend Confirm URL"] = "URL für Bestätigungen von Freundschaftsanfragen"; -$a->strings["Notification Endpoint URL"] = "URL-Endpunkt für Benachrichtigungen"; +$a->strings["Friend Request URL"] = "URL für Freundschaftsanfragen"; +$a->strings["Friend Confirm URL"] = "URL für Bestätigungen von Freundschaftsanfragen"; +$a->strings["Notification Endpoint URL"] = "URL-Endpunkt für Benachrichtigungen"; $a->strings["Poll/Feed URL"] = "Pull/Feed-URL"; $a->strings["New photo from this URL"] = "Neues Foto von dieser URL"; $a->strings["Submit"] = "Senden"; @@ -28,7 +28,7 @@ $a->strings["Help:"] = "Hilfe:"; $a->strings["Help"] = "Hilfe"; $a->strings["Not Found"] = "Nicht gefunden"; $a->strings["Page not found."] = "Seite nicht gefunden."; -$a->strings["File exceeds size limit of %d"] = "Die Datei ist größer als das erlaubte Limit von %d"; +$a->strings["File exceeds size limit of %d"] = "Die Datei ist größer als das erlaubte Limit von %d"; $a->strings["File upload failed."] = "Hochladen der Datei fehlgeschlagen."; $a->strings["Friend suggestion sent."] = "Kontaktvorschlag gesendet."; $a->strings["Suggest Friends"] = "Kontakte vorschlagen"; @@ -40,7 +40,7 @@ $a->strings["link to source"] = "Link zum Originalbeitrag"; $a->strings["Events"] = "Veranstaltungen"; $a->strings["Create New Event"] = "Neue Veranstaltung erstellen"; $a->strings["Previous"] = "Vorherige"; -$a->strings["Next"] = "Nächste"; +$a->strings["Next"] = "Nächste"; $a->strings["hour:minute"] = "Stunde:Minute"; $a->strings["Event details"] = "Veranstaltungsdetails"; $a->strings["Format is %s %s. Starting date and Description are required."] = "Format ist %s %s. Anfangsdatum und Beschreibung sind notwendig."; @@ -643,7 +643,7 @@ $a->strings["Site name"] = "Seitenname"; $a->strings["Banner/Logo"] = "Banner/Logo"; $a->strings["System language"] = "Systemsprache"; $a->strings["System theme"] = "Systemweites Thema"; -$a->strings["Maximum image size"] = "Maximale Größe von Bildern"; +$a->strings["Maximum image size"] = "Maximale Größe von Bildern"; $a->strings["Register policy"] = "Registrierungsmethode"; $a->strings["Register text"] = "Registrierungstext"; $a->strings["Accounts abandoned after x days"] = "Accounts gelten nach x Tagen als unbenutzt"; From 185fcd0701946babf61066b49582225286061563 Mon Sep 17 00:00:00 2001 From: Alexander Kampmann Date: Thu, 8 Mar 2012 17:43:12 +0100 Subject: [PATCH 02/20] better tests --- build.xml | 52 ++++++++- tests/xss_filter_test.php | 217 +++++++++++++++++++++++++++++++++++++ tests/xss_filter_tests.php | 140 ------------------------ 3 files changed, 265 insertions(+), 144 deletions(-) create mode 100644 tests/xss_filter_test.php delete mode 100644 tests/xss_filter_tests.php diff --git a/build.xml b/build.xml index 83c5300264..0f57450726 100644 --- a/build.xml +++ b/build.xml @@ -1,14 +1,58 @@ - + + + set_include_path( + get_include_path() . PATH_SEPARATOR + . 'include' . PATH_SEPARATOR + . 'library' . PATH_SEPARATOR + . 'library/phpsec' . PATH_SEPARATOR + . '.' ); + + + + + + + + + + + + + + + + + + - - - + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/xss_filter_test.php b/tests/xss_filter_test.php new file mode 100644 index 0000000000..e480ef7ec0 --- /dev/null +++ b/tests/xss_filter_test.php @@ -0,0 +1,217 @@ +'; + + $validstring=notags($invalidstring); + $escapedString=escape_tags($invalidstring); + + $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring); + $this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString); + } + + /** + *autonames should be random, even length + */ + public function testAutonameEven() { + $autoname1=autoname(10); + $autoname2=autoname(10); + + $this->assertNotEquals($autoname1, $autoname2); + } + + /** + *autonames should be random, odd length + */ + public function testAutonameOdd() { + $autoname1=autoname(9); + $autoname2=autoname(9); + + $this->assertNotEquals($autoname1, $autoname2); + } + + /** + * try to fail autonames + */ + public function testAutonameNoLength() { + $autoname1=autoname(0); + $this->assertEquals(0, count($autoname1)); + } + + public function testAutonameNegativeLength() { + $autoname1=autoname(-23); + $this->assertEquals(0, count($autoname1)); + } + +// public function testAutonameMaxLength() { +// $autoname2=autoname(PHP_INT_MAX); +// $this->assertEquals(PHP_INT_MAX, count($autoname2)); +// } + + public function testAutonameLength1() { + $autoname3=autoname(1); + $this->assertEquals(1, count($autoname3)); + } + + /** + *xmlify and unxmlify + */ + public function testXmlify() { + $text="I want to break\n this!11!"; + $xml=xmlify($text); //test whether it actually may be part of a xml document + $retext=unxmlify($text); + + $this->assertEquals($text, $retext); + } + + /** + * test hex2bin and reverse + */ + + public function testHex2Bin() { + $this->assertEquals(-3, hex2bin(bin2hex(-3))); + $this->assertEquals(0, hex2bin(bin2hex(0))); + $this->assertEquals(12, hex2bin(bin2hex(12))); + $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX))); + } + + /** + * test expand_acl + */ + public function testExpandAclNormal() { + $text="<1><2><3>"; + $this->assertEquals(array(1, 2, 3), expand_acl($text)); + } + + public function testExpandAclBigNumber() { + $text="<1><279012><15>"; + $this->assertEquals(array(1, 279012, 15), expand_acl($text)); + } + + public function testExpandAclString() { + $text="<1><279012>"; //maybe that's invalid + $this->assertEquals(array(1, 279012, 'tt'), expand_acl($text)); + } + + public function testExpandAclSpace() { + $text="<1><279 012><32>"; //maybe that's invalid + $this->assertEquals(array(1, "279 012", "32"), expand_acl($text)); + } + + public function testExpandAclEmpty() { + $text=""; //maybe that's invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclNoBrackets() { + $text="According to documentation, that's invalid. "; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclJustOneBracket1() { + $text="assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclJustOneBracket2() { + $text="Another invalid> string"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclCloseOnly() { + $text="Another> invalid> string>"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclOpenOnly() { + $text="assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclNoMatching1() { + $text=" invalid "; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclNoMatching2() { + $text="<1>2><3>"; + $this->assertEquals(array(), expand_acl($text)); + } + + /** + * test attribute contains + */ + public function testAttributeContains1() { + $testAttr="class1 notclass2 class3"; + $this->assertTrue(attribute_contains($testAttr, "class3")); + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + /** + * test attribute contains + */ + public function testAttributeContains2() { + $testAttr="class1 not-class2 class3"; + $this->assertTrue(attribute_contains($testAttr, "class3")); + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + public function testAttributeContainsEmpty() { + $testAttr=""; + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + public function testAttributeContainsSpecialChars() { + $testAttr="--... %\$ä() /(=?}"; + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + /** + * test get_tags + */ + public function testGetTags() { + $text="hi @Mike, I'm just writing #test_cases, " + ." so @somebody@friendica.com may change #things. Of course I " + ."look for a lot of #pitfalls, like #tags at the end of a sentence " + ."@comment. I hope noone forgets about @fullstops.because that might" + ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? " + ."Now, add a @first_last tag. "; + //check whether this are all variants (no, auto-stuff is missing). + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals("#test_cases", $tags[1]); + $this->assertEquals("@somebody@friendica.com", $tags[2]); + $this->assertEquals("#things", $tags[3]); + $this->assertEquals("#pitfalls", $tags[4]); + $this->assertEquals("#tags", $tags[5]); + $this->assertEquals("@comment", $tags[6]); + $this->assertEquals("@fullstops", $tags[7]); + $this->assertEquals("#things", $tags[8]); + $this->assertEquals("@Mike", $tags[9]); + $this->assertEquals("@campino@friendica.eu", $tags[10]); + $this->assertEquals("#nice", $tags[11]); + $this->assertEquals("@first_last", $tags[12]); + } + + public function testGetTagsEmpty() { + $tags=get_tags(""); + $this->assertEquals(0, count($tags)); + } +//function qp, quick and dirty?? +//get_mentions +//get_contact_block, bis Zeile 538 +} +?> diff --git a/tests/xss_filter_tests.php b/tests/xss_filter_tests.php deleted file mode 100644 index 2d29e390a2..0000000000 --- a/tests/xss_filter_tests.php +++ /dev/null @@ -1,140 +0,0 @@ -' - -$validstring=notags($invalidstring); -$escapedString=escape_tags($invalidstring); - -assert("[submit type="button" onclick="alert(\'failed!\');" /]", $validstring); -assert("what ever", $escapedString); - -/** -*autonames should be random, even length -*/ -$autoname1=autoname(10); -$autoname2=autoname(10); - -assertNotEquals($autoname1, $autoname2); - -/** -*autonames should be random, odd length -*/ -$autoname1=autoname(9); -$autoname2=autoname(9); - -assertNotEquals($autoname1, $autoname2); - -/** -* try to fail autonames -*/ -$autoname1=autoname(0); -$autoname2=autoname(MAX_VALUE); -$autoname3=autoname(1); -assert(count($autoname1), 0); -assert(count($autoname2), MAX_VALUE); -assert(count($autoname3), 1); - -/** -*xmlify and unxmlify -*/ -$text="I want to break\n this!11!" -$xml=xmlify($text); //test whether it actually may be part of a xml document -$retext=unxmlify($text); - -assert($text, $retext); - -/** -* test hex2bin and reverse -*/ - -assert(-3, hex2bin(bin2hex(-3))); -assert(0, hex2bin(bin2hex(0))); -assert(12, hex2bin(bin2hex(12))); -assert(MAX_INT, hex2bin(bin2hex(MAX_INT))); - -/** -* test expand_acl -*/ -$text="<1><2><3>"; -assert(array(1, 2, 3), $text); - -$text="<1><279012><15>"; -assert(array(1, 279012, 15), $text); - -$text="<1><279012>"; //maybe that's invalid -assert(array(1, 279012, "tt"), $text); - -$text="<1><279 012>"; //maybe that's invalid -assert(array(1, "279 012", "tt"), $text); - -$text=""; //maybe that's invalid -assert(array(), $text); - -$text="According to documentation, that's invalid. "; //should be invalid -assert(array(), $text); - -$text=" From fbd7e8f8ba4a2736b231ee254e205b36e28d17cc Mon Sep 17 00:00:00 2001 From: Alexander Kampmann Date: Thu, 8 Mar 2012 17:44:57 +0100 Subject: [PATCH 03/20] excludes reports from git --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 6302bc1c8b..2531fe4cdd 100755 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,9 @@ addon #ignore documentation, it should be newly built doc/api +#ignore reports, should be generted with every build +report/ + #ignore config files from eclipse, we don't want IDE files in our repository .project .buildpath From 2e3116a11e020cd1f2bbe00b03c77210aad33fe5 Mon Sep 17 00:00:00 2001 From: Alexander Kampmann Date: Thu, 8 Mar 2012 17:46:40 +0100 Subject: [PATCH 04/20] added library and include to .htaccess --- .htaccess | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.htaccess b/.htaccess index 1df5096702..5f9531a7eb 100755 --- a/.htaccess +++ b/.htaccess @@ -5,6 +5,9 @@ AddType audio/ogg .oga Deny from all + +Deny from all + RewriteEngine on From f84c191f8df126b95d8a41f70e785a9592018390 Mon Sep 17 00:00:00 2001 From: Alexander Kampmann Date: Fri, 9 Mar 2012 12:16:58 +0100 Subject: [PATCH 05/20] added some tests --- build.xml | 28 ++++----- tests/xss_filter_test.php | 116 +++++++++++++++++++++++++++++--------- util/db_update.php | 2 +- 3 files changed, 102 insertions(+), 44 deletions(-) diff --git a/build.xml b/build.xml index 0f57450726..a61a5123d7 100644 --- a/build.xml +++ b/build.xml @@ -1,16 +1,6 @@ - - - set_include_path( - get_include_path() . PATH_SEPARATOR - . 'include' . PATH_SEPARATOR - . 'library' . PATH_SEPARATOR - . 'library/phpsec' . PATH_SEPARATOR - . '.' ); - - @@ -32,16 +22,17 @@ - + + @@ -50,9 +41,9 @@ - + @@ -75,6 +66,9 @@ + + + diff --git a/tests/xss_filter_test.php b/tests/xss_filter_test.php index e480ef7ec0..00e97cf98e 100644 --- a/tests/xss_filter_test.php +++ b/tests/xss_filter_test.php @@ -1,16 +1,26 @@ '; @@ -53,12 +63,12 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $autoname1=autoname(-23); $this->assertEquals(0, count($autoname1)); } - -// public function testAutonameMaxLength() { -// $autoname2=autoname(PHP_INT_MAX); -// $this->assertEquals(PHP_INT_MAX, count($autoname2)); -// } - + + // public function testAutonameMaxLength() { + // $autoname2=autoname(PHP_INT_MAX); + // $this->assertEquals(PHP_INT_MAX, count($autoname2)); + // } + public function testAutonameLength1() { $autoname3=autoname(1); $this->assertEquals(1, count($autoname3)); @@ -68,7 +78,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { *xmlify and unxmlify */ public function testXmlify() { - $text="I want to break\n this!11!"; + $text="I want to break\n this!11!"; $xml=xmlify($text); //test whether it actually may be part of a xml document $retext=unxmlify($text); @@ -85,7 +95,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $this->assertEquals(12, hex2bin(bin2hex(12))); $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX))); } - + /** * test expand_acl */ @@ -93,7 +103,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $text="<1><2><3>"; $this->assertEquals(array(1, 2, 3), expand_acl($text)); } - + public function testExpandAclBigNumber() { $text="<1><279012><15>"; $this->assertEquals(array(1, 279012, 15), expand_acl($text)); @@ -133,19 +143,19 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $text="Another> invalid> string>"; //should be invalid $this->assertEquals(array(), expand_acl($text)); } - + public function testExpandAclOpenOnly() { $text="assertEquals(array(), expand_acl($text)); } - + public function testExpandAclNoMatching1() { $text=" invalid "; //should be invalid $this->assertEquals(array(), expand_acl($text)); } - + public function testExpandAclNoMatching2() { - $text="<1>2><3>"; + $text="<1>2><3>"; $this->assertEquals(array(), expand_acl($text)); } @@ -166,7 +176,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $this->assertTrue(attribute_contains($testAttr, "class3")); $this->assertFalse(attribute_contains($testAttr, "class2")); } - + public function testAttributeContainsEmpty() { $testAttr=""; $this->assertFalse(attribute_contains($testAttr, "class2")); @@ -176,17 +186,71 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $testAttr="--... %\$ä() /(=?}"; $this->assertFalse(attribute_contains($testAttr, "class2")); } - + /** * test get_tags */ + public function testGetTagsShortPerson() { + $text="hi @Mike"; + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + } + + public function testGetTagsShortTag() { + $text="This is a #test_case"; + + $tags=get_tags($text); + + $this->assertEquals("#test_case", $tags[0]); + } + + public function testGetTagsShortTagAndPerson() { + $text="hi @Mike This is a #test_case"; + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals("#test_case", $tags[1]); + } + + public function testGetTagsShortTagAndPersonSpecialChars() { + $text="hi @Mike, This is a #test_case."; + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals("#test_case", $tags[1]); + } + + public function testGetTagsPersonOnly() { + $text="@Mike I saw the Theme Dev group was created."; + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + } + + public function testGetTags2Persons1TagSpecialChars() { + $text="hi @Mike, I'm just writing #test_cases, so" + ." so @somebody@friendica.com may change #things."; + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals("#test_cases", $tags[1]); + $this->assertEquals("@somebody@friendica.com", $tags[2]); + $this->assertEquals("#things", $tags[3]); + } + public function testGetTags() { $text="hi @Mike, I'm just writing #test_cases, " ." so @somebody@friendica.com may change #things. Of course I " ."look for a lot of #pitfalls, like #tags at the end of a sentence " ."@comment. I hope noone forgets about @fullstops.because that might" ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? " - ."Now, add a @first_last tag. "; + ."Now, add a @first_last tag. "; //check whether this are all variants (no, auto-stuff is missing). $tags=get_tags($text); @@ -210,8 +274,8 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $tags=get_tags(""); $this->assertEquals(0, count($tags)); } -//function qp, quick and dirty?? -//get_mentions -//get_contact_block, bis Zeile 538 + //function qp, quick and dirty?? + //get_mentions + //get_contact_block, bis Zeile 538 } ?> diff --git a/util/db_update.php b/util/db_update.php index a6177324ac..35620e80b7 100755 --- a/util/db_update.php +++ b/util/db_update.php @@ -26,7 +26,7 @@ echo "New DB VERSION: " . DB_UPDATE_VERSION . "\n"; if($build != DB_UPDATE_VERSION) { echo "Updating database..."; - check_config(); + check_config($a); echo "Done\n"; } From 21589c5eced7869d7105fa439c433e6a12c89531 Mon Sep 17 00:00:00 2001 From: Alexander Kampmann Date: Fri, 9 Mar 2012 12:18:37 +0100 Subject: [PATCH 06/20] changed a test string --- tests/xss_filter_test.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/xss_filter_test.php b/tests/xss_filter_test.php index 00e97cf98e..35d3b1be9e 100644 --- a/tests/xss_filter_test.php +++ b/tests/xss_filter_test.php @@ -225,11 +225,11 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { } public function testGetTagsPersonOnly() { - $text="@Mike I saw the Theme Dev group was created."; + $text="@Test I saw the Theme Dev group was created."; $tags=get_tags($text); - $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals("@Test", $tags[0]); } public function testGetTags2Persons1TagSpecialChars() { From f8042d04451905486fb766c520736f4060ae9a12 Mon Sep 17 00:00:00 2001 From: Alexander Kampmann Date: Fri, 9 Mar 2012 12:57:11 +0100 Subject: [PATCH 07/20] splitted test cases. --- mod/item.php | 212 +++++++++++++++++++------------------- tests/get_tags_test.php | 147 ++++++++++++++++++++++++++ tests/xss_filter_test.php | 88 ---------------- 3 files changed, 255 insertions(+), 192 deletions(-) create mode 100644 tests/get_tags_test.php diff --git a/mod/item.php b/mod/item.php index 81d7c753b4..a9edf0da66 100755 --- a/mod/item.php +++ b/mod/item.php @@ -425,110 +425,7 @@ function item_post(&$a) { if(count($tags)) { foreach($tags as $tag) { - - if(isset($profile)) - unset($profile); - if(strpos($tag,'#') === 0) { - if(strpos($tag,'[url=')) - continue; - $basetag = str_replace('_',' ',substr($tag,1)); - $body = str_replace($tag,'#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]',$body); - - $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; - if(! stristr($str_tags,$newtag)) { - if(strlen($str_tags)) - $str_tags .= ','; - $str_tags .= $newtag; - } - continue; - } - if(strpos($tag,'@') === 0) { - if(strpos($tag,'[url=')) - continue; - $stat = false; - $name = substr($tag,1); - if((strpos($name,'@')) || (strpos($name,'http://'))) { - $newname = $name; - $links = @lrdd($name); - if(count($links)) { - foreach($links as $link) { - if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') - $profile = $link['@attributes']['href']; - if($link['@attributes']['rel'] === 'salmon') { - if(strlen($inform)) - $inform .= ','; - $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']); - } - } - } - } - else { - $newname = $name; - $alias = ''; - $tagcid = 0; - if(strrpos($newname,'+')) { - $tagcid = intval(substr($newname,strrpos($newname,'+') + 1)); - if(strpos($name,' ')) - $name = substr($name,0,strpos($name,' ')); - } - if($tagcid) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($tagcid), - intval($profile_uid) - ); - } - elseif(strstr($name,'_') || strstr($name,' ')) { - $newname = str_replace('_',' ',$name); - $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", - dbesc($newname), - intval($profile_uid) - ); - } - else { - $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", - dbesc($name), - dbesc($name), - intval($profile_uid) - ); - } - if(count($r)) { - $profile = $r[0]['url']; - if($r[0]['network'] === 'stat') { - $newname = $r[0]['nick']; - $stat = true; - if($r[0]['alias']) - $alias = $r[0]['alias']; - } - else - $newname = $r[0]['name']; - if(strlen($inform)) - $inform .= ','; - $inform .= 'cid:' . $r[0]['id']; - } - } - if($profile) { - $body = str_replace('@' . $name, '@' . '[url=' . $profile . ']' . $newname . '[/url]', $body); - $profile = str_replace(',','%2c',$profile); - $newtag = '@[url=' . $profile . ']' . $newname . '[/url]'; - if(! stristr($str_tags,$newtag)) { - if(strlen($str_tags)) - $str_tags .= ','; - $str_tags .= $newtag; - } - - // Status.Net seems to require the numeric ID URL in a mention if the person isn't - // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both. - - if(strlen($alias)) { - $newtag = '@[url=' . $alias . ']' . $newname . '[/url]'; - if(! stristr($str_tags,$newtag)) { - if(strlen($str_tags)) - $str_tags .= ','; - $str_tags .= $newtag; - } - } - } - } + handle_tag($body, $inform, $str_tags, $profile_uid, $tag); } } @@ -922,3 +819,110 @@ function item_content(&$a) { drop_item($a->argv[2]); } } + +function handle_body(&$body, &$inform, &$str_tags, $profile_uid, $tag) { + $profile=null; + if(isset($profile)) + unset($profile); + if(strpos($tag,'#') === 0) { + if(strpos($tag,'[url=')) + continue; + $basetag = str_replace('_',' ',substr($tag,1)); + $body = str_replace($tag,'#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]',$body); + + $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; + if(! stristr($str_tags,$newtag)) { + if(strlen($str_tags)) + $str_tags .= ','; + $str_tags .= $newtag; + } + continue; + } + if(strpos($tag,'@') === 0) { + if(strpos($tag,'[url=')) + continue; + $stat = false; + $name = substr($tag,1); + if((strpos($name,'@')) || (strpos($name,'http://'))) { + $newname = $name; + $links = @lrdd($name); + if(count($links)) { + foreach($links as $link) { + if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') + $profile = $link['@attributes']['href']; + if($link['@attributes']['rel'] === 'salmon') { + if(strlen($inform)) + $inform .= ','; + $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']); + } + } + } + } + else { + $newname = $name; + $alias = ''; + $tagcid = 0; + if(strrpos($newname,'+')) { + $tagcid = intval(substr($newname,strrpos($newname,'+') + 1)); + if(strpos($name,' ')) + $name = substr($name,0,strpos($name,' ')); + } + if($tagcid) { + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($tagcid), + intval($profile_uid) + ); + } + elseif(strstr($name,'_') || strstr($name,' ')) { + $newname = str_replace('_',' ',$name); + $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", + dbesc($newname), + intval($profile_uid) + ); + } + else { + $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", + dbesc($name), + dbesc($name), + intval($profile_uid) + ); + } + if(count($r)) { + $profile = $r[0]['url']; + if($r[0]['network'] === 'stat') { + $newname = $r[0]['nick']; + $stat = true; + if($r[0]['alias']) + $alias = $r[0]['alias']; + } + else + $newname = $r[0]['name']; + if(strlen($inform)) + $inform .= ','; + $inform .= 'cid:' . $r[0]['id']; + } + } + if($profile) { + $body = str_replace('@' . $name, '@' . '[url=' . $profile . ']' . $newname . '[/url]', $body); + $profile = str_replace(',','%2c',$profile); + $newtag = '@[url=' . $profile . ']' . $newname . '[/url]'; + if(! stristr($str_tags,$newtag)) { + if(strlen($str_tags)) + $str_tags .= ','; + $str_tags .= $newtag; + } + + // Status.Net seems to require the numeric ID URL in a mention if the person isn't + // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both. + + if(strlen($alias)) { + $newtag = '@[url=' . $alias . ']' . $newname . '[/url]'; + if(! stristr($str_tags,$newtag)) { + if(strlen($str_tags)) + $str_tags .= ','; + $str_tags .= $newtag; + } + } + } + } +} diff --git a/tests/get_tags_test.php b/tests/get_tags_test.php new file mode 100644 index 0000000000..a458f0fbc5 --- /dev/null +++ b/tests/get_tags_test.php @@ -0,0 +1,147 @@ +15, 'network'=>'stat', 'alias'=>'Mike', 'nick'=>'Mike', 'url'=>"http://justatest.de")); + +} +function dbesc($str) { + echo $str; +} + +class GetTagsTest extends PHPUnit_Framework_TestCase { + + public function setUp() { + set_include_path( + get_include_path() . PATH_SEPARATOR + . 'include' . PATH_SEPARATOR + . 'library' . PATH_SEPARATOR + . 'library/phpsec' . PATH_SEPARATOR + . '.' ); + } + + /** + * test with one Person tag + */ + public function testGetTagsShortPerson() { + $text="hi @Mike"; + + $tags=get_tags($text); + + $inform=''; + $str_tags=''; + handle_body($text, $inform, $str_tags, 11, $tags[0]); + + $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals($text, "hi @[url=http://justatest.de]Mike[/url]"); + } + + /** + * Test with one hash tag. + */ + public function testGetTagsShortTag() { + $text="This is a #test_case"; + + $tags=get_tags($text); + + $this->assertEquals("#test_case", $tags[0]); + } + + /** + * test with a person and a hash tag + */ + public function testGetTagsShortTagAndPerson() { + $text="hi @Mike This is a #test_case"; + + $tags=get_tags($text); + + $inform=''; + $str_tags=''; + handle_body($text, $inform, $str_tags, 11, $tags[0]); + + $this->assertEquals("hi @[url=http://justatest.de]Mike[/url] This is a #test_case", $text); + $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals("#test_case", $tags[1]); + } + + /** + * test with a person, a hash tag and some special chars. + */ + public function testGetTagsShortTagAndPersonSpecialChars() { + $text="hi @Mike, This is a #test_case."; + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals("#test_case", $tags[1]); + } + + /** + * Test with a person tag and text behind it. + */ + public function testGetTagsPersonOnly() { + $text="@Test I saw the Theme Dev group was created."; + + $tags=get_tags($text); + + $this->assertEquals("@Test", $tags[0]); + } + + /** + * test with two persons and one special tag. + */ + public function testGetTags2Persons1TagSpecialChars() { + $text="hi @Mike, I'm just writing #test_cases, so" + ." so @somebody@friendica.com may change #things."; + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals("#test_cases", $tags[1]); + $this->assertEquals("@somebody@friendica.com", $tags[2]); + $this->assertEquals("#things", $tags[3]); + } + + /** + * test with a long text. + */ + public function testGetTags() { + $text="hi @Mike, I'm just writing #test_cases, " + ." so @somebody@friendica.com may change #things. Of course I " + ."look for a lot of #pitfalls, like #tags at the end of a sentence " + ."@comment. I hope noone forgets about @fullstops.because that might" + ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? " + ."Now, add a @first_last tag. "; + //TODO check whether this are all variants (no, auto-stuff is missing). + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals("#test_cases", $tags[1]); + $this->assertEquals("@somebody@friendica.com", $tags[2]); + $this->assertEquals("#things", $tags[3]); + $this->assertEquals("#pitfalls", $tags[4]); + $this->assertEquals("#tags", $tags[5]); + $this->assertEquals("@comment", $tags[6]); + $this->assertEquals("@fullstops", $tags[7]); + $this->assertEquals("#things", $tags[8]); + $this->assertEquals("@Mike", $tags[9]); + $this->assertEquals("@campino@friendica.eu", $tags[10]); + $this->assertEquals("#nice", $tags[11]); + $this->assertEquals("@first_last", $tags[12]); + } + + /** + * test with an empty string + */ + public function testGetTagsEmpty() { + $tags=get_tags(""); + $this->assertEquals(0, count($tags)); + } +} \ No newline at end of file diff --git a/tests/xss_filter_test.php b/tests/xss_filter_test.php index 35d3b1be9e..fe944c2a74 100644 --- a/tests/xss_filter_test.php +++ b/tests/xss_filter_test.php @@ -1,6 +1,5 @@ assertFalse(attribute_contains($testAttr, "class2")); } - /** - * test get_tags - */ - public function testGetTagsShortPerson() { - $text="hi @Mike"; - - $tags=get_tags($text); - - $this->assertEquals("@Mike", $tags[0]); - } - - public function testGetTagsShortTag() { - $text="This is a #test_case"; - - $tags=get_tags($text); - - $this->assertEquals("#test_case", $tags[0]); - } - - public function testGetTagsShortTagAndPerson() { - $text="hi @Mike This is a #test_case"; - - $tags=get_tags($text); - - $this->assertEquals("@Mike", $tags[0]); - $this->assertEquals("#test_case", $tags[1]); - } - - public function testGetTagsShortTagAndPersonSpecialChars() { - $text="hi @Mike, This is a #test_case."; - - $tags=get_tags($text); - - $this->assertEquals("@Mike", $tags[0]); - $this->assertEquals("#test_case", $tags[1]); - } - - public function testGetTagsPersonOnly() { - $text="@Test I saw the Theme Dev group was created."; - - $tags=get_tags($text); - - $this->assertEquals("@Test", $tags[0]); - } - - public function testGetTags2Persons1TagSpecialChars() { - $text="hi @Mike, I'm just writing #test_cases, so" - ." so @somebody@friendica.com may change #things."; - - $tags=get_tags($text); - - $this->assertEquals("@Mike", $tags[0]); - $this->assertEquals("#test_cases", $tags[1]); - $this->assertEquals("@somebody@friendica.com", $tags[2]); - $this->assertEquals("#things", $tags[3]); - } - - public function testGetTags() { - $text="hi @Mike, I'm just writing #test_cases, " - ." so @somebody@friendica.com may change #things. Of course I " - ."look for a lot of #pitfalls, like #tags at the end of a sentence " - ."@comment. I hope noone forgets about @fullstops.because that might" - ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? " - ."Now, add a @first_last tag. "; - //check whether this are all variants (no, auto-stuff is missing). - - $tags=get_tags($text); - - $this->assertEquals("@Mike", $tags[0]); - $this->assertEquals("#test_cases", $tags[1]); - $this->assertEquals("@somebody@friendica.com", $tags[2]); - $this->assertEquals("#things", $tags[3]); - $this->assertEquals("#pitfalls", $tags[4]); - $this->assertEquals("#tags", $tags[5]); - $this->assertEquals("@comment", $tags[6]); - $this->assertEquals("@fullstops", $tags[7]); - $this->assertEquals("#things", $tags[8]); - $this->assertEquals("@Mike", $tags[9]); - $this->assertEquals("@campino@friendica.eu", $tags[10]); - $this->assertEquals("#nice", $tags[11]); - $this->assertEquals("@first_last", $tags[12]); - } - - public function testGetTagsEmpty() { - $tags=get_tags(""); - $this->assertEquals(0, count($tags)); - } //function qp, quick and dirty?? //get_mentions //get_contact_block, bis Zeile 538 From bce3bfff38ad6f540dca39f6ed5b1d8cae19edb1 Mon Sep 17 00:00:00 2001 From: Alexander Kampmann Date: Mon, 12 Mar 2012 13:59:00 +0100 Subject: [PATCH 08/20] get tags test improved --- mod/item.php | 79 ++++++++++++++++++++++++++++------------- tests/get_tags_test.php | 40 +++++++++++++++++++-- 2 files changed, 92 insertions(+), 27 deletions(-) diff --git a/mod/item.php b/mod/item.php index a9edf0da66..0ff7f6a7c8 100755 --- a/mod/item.php +++ b/mod/item.php @@ -820,33 +820,54 @@ function item_content(&$a) { } } +/** + * This function removes the tag $tag from the text $body and replaces it with + * the appropiate link. + * + * @param unknown_type $body the text to replace the tag in + * @param unknown_type $inform a comma-seperated string containing everybody to inform + * @param unknown_type $str_tags string to add the tag to + * @param unknown_type $profile_uid + * @param unknown_type $tag the tag to replace + */ function handle_body(&$body, &$inform, &$str_tags, $profile_uid, $tag) { - $profile=null; - if(isset($profile)) - unset($profile); + //is it a hash tag? if(strpos($tag,'#') === 0) { - if(strpos($tag,'[url=')) - continue; + //if the tag is replaced... + if(strpos($tag,'[url=')) + //...do nothing + continue; + //base tag has the tags name only $basetag = str_replace('_',' ',substr($tag,1)); - $body = str_replace($tag,'#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]',$body); - - $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; + //create text for link + $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; + //replace tag by the link + $body = str_replace($tag, $newtag, $body); + + //is the link already in str_tags? if(! stristr($str_tags,$newtag)) { + //append or set str_tags if(strlen($str_tags)) $str_tags .= ','; $str_tags .= $newtag; } continue; - } + } + //is it a person tag? if(strpos($tag,'@') === 0) { + //is it already replaced? if(strpos($tag,'[url=')) continue; $stat = false; - $name = substr($tag,1); + //get the person's name + $name = substr($tag,1); + //is it a link or a full dfrn address? if((strpos($name,'@')) || (strpos($name,'http://'))) { $newname = $name; + //get the profile links $links = @lrdd($name); if(count($links)) { + //for all links, collect how is to inform and how's profile is to link foreach($links as $link) { if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') $profile = $link['@attributes']['href']; @@ -857,38 +878,44 @@ function handle_body(&$body, &$inform, &$str_tags, $profile_uid, $tag) { } } } - } - else { + } else { //if it is a name rather than an address $newname = $name; $alias = ''; - $tagcid = 0; + $tagcid = 0; + //is it some generated name? if(strrpos($newname,'+')) { + //get the id $tagcid = intval(substr($newname,strrpos($newname,'+') + 1)); + //remove the next word from tag's name if(strpos($name,' ')) $name = substr($name,0,strpos($name,' ')); - } - if($tagcid) { + } + if($tagcid) { //if there was an id + //select contact with that id from the logged in user's contact list $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($tagcid), intval($profile_uid) ); - } - elseif(strstr($name,'_') || strstr($name,' ')) { + } elseif(strstr($name,'_') || strstr($name,' ')) { //no id + //get the real name $newname = str_replace('_',' ',$name); + //select someone from this user's contacts by name $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), intval($profile_uid) ); - } - else { + } else { + //select someone by attag or nick and the name passed in $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", dbesc($name), dbesc($name), intval($profile_uid) ); - } + } + //$r is set, if someone could be selected if(count($r)) { - $profile = $r[0]['url']; + $profile = $r[0]['url']; + //set newname to nick, find alias if($r[0]['network'] === 'stat') { $newname = $r[0]['nick']; $stat = true; @@ -897,15 +924,19 @@ function handle_body(&$body, &$inform, &$str_tags, $profile_uid, $tag) { } else $newname = $r[0]['name']; + //add person's id to $inform if(strlen($inform)) $inform .= ','; $inform .= 'cid:' . $r[0]['id']; } - } - if($profile) { - $body = str_replace('@' . $name, '@' . '[url=' . $profile . ']' . $newname . '[/url]', $body); + } + //if there is an url for this persons profile + if(isset($profile)) { + //create profile link $profile = str_replace(',','%2c',$profile); $newtag = '@[url=' . $profile . ']' . $newname . '[/url]'; + $body = str_replace('@' . $name, $newtag, $body); + //append tag to str_tags if(! stristr($str_tags,$newtag)) { if(strlen($str_tags)) $str_tags .= ','; diff --git a/tests/get_tags_test.php b/tests/get_tags_test.php index a458f0fbc5..ee2daced10 100644 --- a/tests/get_tags_test.php +++ b/tests/get_tags_test.php @@ -8,11 +8,45 @@ require_once 'include/text.php'; require_once 'mod/item.php'; function q($sql) { - return array(array('id'=>15, 'network'=>'stat', 'alias'=>'Mike', 'nick'=>'Mike', 'url'=>"http://justatest.de")); + + $result=array(array('id'=>15, + 'attag'=>'', 'network'=>'dfrn', + 'name'=>'Mike Lastname', 'alias'=>'Mike', + 'nick'=>'Mike', 'url'=>"http://justatest.de")); + + $args=func_get_args(); + $str=""; + foreach($args as $arg) { + $str.=", ".$arg; + } + + //last parameter is always (in this test) uid, so, it should be 11 + if($args[count($args)-1]!=11) { + throw new Exception("q from get_tags_test was used and uid was not 11. "); + } + + if(2==count($args)) { + //first call in handle_body, id only + if($result[0]['id']===$args[1]) { + return $result; + } + throw new Exception($str); + //second call in handle_body, name + if($result[0]['name']===$args[1]) { + return $result; + } + } + throw new Exception($str); + //third call in handle_body, nick or attag + if($result[0]['nick']===$args[2] || $result[0]['attag']===$args[1]) { + return $result; + } +// throw new Exception("Nothing fitted: ".$args[1].", ".$args[2]); } + function dbesc($str) { - echo $str; + return $str; } class GetTagsTest extends PHPUnit_Framework_TestCase { @@ -39,7 +73,7 @@ class GetTagsTest extends PHPUnit_Framework_TestCase { handle_body($text, $inform, $str_tags, 11, $tags[0]); $this->assertEquals("@Mike", $tags[0]); - $this->assertEquals($text, "hi @[url=http://justatest.de]Mike[/url]"); + $this->assertEquals("hi @[url=http://justatest.de]Mike Lastname[/url]", $text); } /** From 1ae740535d8a5b455395d51c01adef74e9dbb1ae Mon Sep 17 00:00:00 2001 From: Tony Baldwin Date: Tue, 13 Mar 2012 23:05:04 -0400 Subject: [PATCH 09/20] added slack-NS, non-scrolly, slackr-based theme. --- view/theme/slack-NS/style.css | 51 +++++++++++++++++++++++++++++++++++ view/theme/slack-NS/theme.php | 51 +++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) create mode 100755 view/theme/slack-NS/style.css create mode 100755 view/theme/slack-NS/theme.php diff --git a/view/theme/slack-NS/style.css b/view/theme/slack-NS/style.css new file mode 100755 index 0000000000..82bceeac8f --- /dev/null +++ b/view/theme/slack-NS/style.css @@ -0,0 +1,51 @@ +@import url('../duepuntozero/style.css'); + +.wall-item-content-wrapper { + border: none; +} + +.wall-item-content-wrapper.comment { + background: #ffffff !important; + border-left: 1px solid #EEE; +} + +.wall-item-tools { + background: none; +} + +.wall-item-content { + max-height: 20000px; + overflow: none; +} + +.comment-edit-text-empty, .comment-edit-text-full { + border: none; + border-left: 1px solid #EEE; + background: #EEEEEE; +} + +.comment-edit-wrapper, .comment-wwedit-wrapper { + background: #ffffff !important; +} + +section { + margin: 0px 32px; +} + +aside { + margin-left: 32px; +} +nav { + margin-left: 32px; + margin-right: 32px; +} + +nav #site-location { + top: 80px; + right: 36px; +} + +.wall-item-photo, .photo, .contact-block-img, .my-comment-photo { + border-radius: 3px; + -moz-border-radius: 3px; +} diff --git a/view/theme/slack-NS/theme.php b/view/theme/slack-NS/theme.php new file mode 100755 index 0000000000..ceec4dd976 --- /dev/null +++ b/view/theme/slack-NS/theme.php @@ -0,0 +1,51 @@ +theme_info = array( + 'extends' => 'duepuntozero', +); + +$a->page['htmlhead'] .= <<< EOT + +EOT; From 4972d7ef6ee740f6eb09d8c7efa9a76ee40973c1 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 13 Mar 2012 20:46:37 -0700 Subject: [PATCH 10/20] more work on filer, comment level and file tag removal --- include/conversation.php | 32 +++++++++++++---------- include/oembed.php | 5 +++- include/text.php | 9 ++++--- mod/filerm.php | 21 +++++++++++++++ view/theme/duepuntozero/style.css | 4 +-- view/theme/duepuntozero/wall_item.tpl | 6 +++-- view/theme/duepuntozero/wallwall_item.tpl | 3 +++ 7 files changed, 57 insertions(+), 23 deletions(-) create mode 100644 mod/filerm.php diff --git a/include/conversation.php b/include/conversation.php index a420e9923a..117127a287 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -560,25 +560,28 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { ); $star = false; + $filer = false; + $isstarred = "unstarred"; - if ($profile_owner == local_user() && $toplevelpost) { - $isstarred = (($item['starred']) ? "starred" : "unstarred"); + if ($profile_owner == local_user()) { + if($toplevelpost) { + $isstarred = (($item['starred']) ? "starred" : "unstarred"); - $star = array( - 'do' => t("add star"), - 'undo' => t("remove star"), - 'toggle' => t("toggle star status"), - 'classdo' => (($item['starred']) ? "hidden" : ""), - 'classundo' => (($item['starred']) ? "" : "hidden"), - 'starred' => t('starred'), - 'tagger' => t("add tag"), - 'filer' => t("file as"), - 'classtagger' => "", - ); + $star = array( + 'do' => t("add star"), + 'undo' => t("remove star"), + 'toggle' => t("toggle star status"), + 'classdo' => (($item['starred']) ? "hidden" : ""), + 'classundo' => (($item['starred']) ? "" : "hidden"), + 'starred' => t('starred'), + 'tagger' => t("add tag"), + 'classtagger' => "", + ); + } + $filer = t("file as"); } - $photo = $item['photo']; $thumb = $item['thumb']; @@ -672,6 +675,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { 'edpost' => $edpost, 'isstarred' => $isstarred, 'star' => $star, + 'filer' => $filer, 'drop' => $drop, 'vote' => $likebuttons, 'like' => $like, diff --git a/include/oembed.php b/include/oembed.php index 52068efc76..cc71f9757c 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -1,6 +1,6 @@ /',$item['file'],$matches,PREG_SET_ORDER); if($cnt) { - logger('prepare_text: categories: ' . print_r($matches,true), LOGGER_DEBUG); +// logger('prepare_text: categories: ' . print_r($matches,true), LOGGER_DEBUG); foreach($matches as $mtch) { if(strlen($x)) $x .= ','; @@ -931,11 +932,11 @@ function prepare_body($item,$attach = false) { $x = ''; $cnt = preg_match_all('/\[(.*?)\]/',$item['file'],$matches,PREG_SET_ORDER); if($cnt) { - logger('prepare_text: filed_under: ' . print_r($matches,true), LOGGER_DEBUG); +// logger('prepare_text: filed_under: ' . print_r($matches,true), LOGGER_DEBUG); foreach($matches as $mtch) { if(strlen($x)) - $x .= ','; - $x .= file_tag_decode($mtch[1]); + $x .= '   '; + $x .= file_tag_decode($mtch[1]). ' ' . t('[remove]') . ''; } if(strlen($x) && (local_user() == $item['uid'])) $s .= '
' . t('Filed under:') . ' ' . $x . '
'; diff --git a/mod/filerm.php b/mod/filerm.php new file mode 100644 index 0000000000..66b684dc96 --- /dev/null +++ b/mod/filerm.php @@ -0,0 +1,21 @@ +argc > 1) ? notags(trim($a->argv[1])) : 0); + + logger('filerm: tag ' . $term . ' item ' . $item_id); + + if($item_id && strlen($term)) + file_tag_unsave_file(local_user(),$item_id,$term); + + if(x($_SESSION,'return_url')) + goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); + + killme(); +} diff --git a/view/theme/duepuntozero/style.css b/view/theme/duepuntozero/style.css index 10ddb00909..b79b00ef41 100755 --- a/view/theme/duepuntozero/style.css +++ b/view/theme/duepuntozero/style.css @@ -2615,12 +2615,12 @@ aside input[type='text'] { margin-top: 10px; } -.body-tag { +.body-tag, .filesavetags { opacity: 0.5; filter:alpha(opacity=50); } -.body-tag:hover { +.body-tag:hover, .filesavetags:hover { opacity: 1.0 !important; filter:alpha(opacity=100) !important; } diff --git a/view/theme/duepuntozero/wall_item.tpl b/view/theme/duepuntozero/wall_item.tpl index 2c88fc598e..6cb018b7bc 100755 --- a/view/theme/duepuntozero/wall_item.tpl +++ b/view/theme/duepuntozero/wall_item.tpl @@ -56,9 +56,11 @@ {{ if $item.star }} - {{ endif }} - + {{ if $item.filer }} + + {{ endif }} +
{{ if $item.drop.dropping }}{{ endif }}
diff --git a/view/theme/duepuntozero/wallwall_item.tpl b/view/theme/duepuntozero/wallwall_item.tpl index 211906c934..c37bcb4a28 100755 --- a/view/theme/duepuntozero/wallwall_item.tpl +++ b/view/theme/duepuntozero/wallwall_item.tpl @@ -61,6 +61,9 @@ {{ endif }} + {{ if $item.filer }} + + {{ endif }}
{{ if $item.drop.dropping }}{{ endif }} From 7e270b043c07878d52c2c0a156b2ee1b1b787ced Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 13 Mar 2012 23:52:13 -0700 Subject: [PATCH 11/20] addon settings form error --- mod/network.php | 2 +- mod/settings.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mod/network.php b/mod/network.php index 4f58fc4fbc..e9f3913ff4 100755 --- a/mod/network.php +++ b/mod/network.php @@ -192,7 +192,7 @@ function network_content(&$a, $update = 0) { 'sel'=>$starred_active, ), array( - 'label' => t('Bookmarks'), + 'label' => t('Shared Links'), 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&bmark=1', 'sel'=>$bookmarked_active, ), diff --git a/mod/settings.php b/mod/settings.php index f42fdb3973..15fd0c352e 100755 --- a/mod/settings.php +++ b/mod/settings.php @@ -559,7 +559,7 @@ function settings_content(&$a) { $tpl = get_markup_template("settings_addons.tpl"); $o .= replace_macros($tpl, array( - '$form_security_token' => get_form_security_token("settings_addons"), + '$form_security_token' => get_form_security_token("settings_addon"), '$title' => t('Plugin Settings'), '$tabs' => $tabs, '$settings_addons' => $settings_addons From 509532d168bf716eb24e030ab59476a88ab91571 Mon Sep 17 00:00:00 2001 From: Alexander Kampmann Date: Wed, 14 Mar 2012 12:30:52 +0100 Subject: [PATCH 12/20] get_tags tests corrected. They test for the right things now. --- mod/item.php | 13 ++- tests/get_tags_test.php | 243 +++++++++++++++++++++++++++++++--------- 2 files changed, 195 insertions(+), 61 deletions(-) diff --git a/mod/item.php b/mod/item.php index 0ff7f6a7c8..e4336b974c 100755 --- a/mod/item.php +++ b/mod/item.php @@ -425,7 +425,7 @@ function item_post(&$a) { if(count($tags)) { foreach($tags as $tag) { - handle_tag($body, $inform, $str_tags, $profile_uid, $tag); + handle_tag($a, $body, $inform, $str_tags, $profile_uid, $tag); } } @@ -830,7 +830,7 @@ function item_content(&$a) { * @param unknown_type $profile_uid * @param unknown_type $tag the tag to replace */ -function handle_body(&$body, &$inform, &$str_tags, $profile_uid, $tag) { +function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { //is it a hash tag? if(strpos($tag,'#') === 0) { //if the tag is replaced... @@ -851,7 +851,7 @@ function handle_body(&$body, &$inform, &$str_tags, $profile_uid, $tag) { $str_tags .= ','; $str_tags .= $newtag; } - continue; + return; } //is it a person tag? if(strpos($tag,'@') === 0) { @@ -887,14 +887,15 @@ function handle_body(&$body, &$inform, &$str_tags, $profile_uid, $tag) { //get the id $tagcid = intval(substr($newname,strrpos($newname,'+') + 1)); //remove the next word from tag's name - if(strpos($name,' ')) - $name = substr($name,0,strpos($name,' ')); + if(strpos($name,' ')) { + $name = substr($name,0,strpos($name,' ')); + } } if($tagcid) { //if there was an id //select contact with that id from the logged in user's contact list $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($tagcid), - intval($profile_uid) + intval($profile_uid) ); } elseif(strstr($name,'_') || strstr($name,' ')) { //no id //get the real name diff --git a/tests/get_tags_test.php b/tests/get_tags_test.php index ee2daced10..bde2db7d09 100644 --- a/tests/get_tags_test.php +++ b/tests/get_tags_test.php @@ -1,14 +1,41 @@ 15, 'attag'=>'', 'network'=>'dfrn', 'name'=>'Mike Lastname', 'alias'=>'Mike', @@ -16,48 +43,59 @@ function q($sql) { $args=func_get_args(); - $str=""; - foreach($args as $arg) { - $str.=", ".$arg; - } - //last parameter is always (in this test) uid, so, it should be 11 if($args[count($args)-1]!=11) { - throw new Exception("q from get_tags_test was used and uid was not 11. "); + return; } - if(2==count($args)) { + + if(3==count($args)) { //first call in handle_body, id only - if($result[0]['id']===$args[1]) { + if($result[0]['id']==$args[1]) { return $result; } - throw new Exception($str); //second call in handle_body, name if($result[0]['name']===$args[1]) { return $result; } } - throw new Exception($str); //third call in handle_body, nick or attag if($result[0]['nick']===$args[2] || $result[0]['attag']===$args[1]) { return $result; } -// throw new Exception("Nothing fitted: ".$args[1].", ".$args[2]); } +/** + * replacement for dbesc. + * I don't want to test dbesc here, so + * I just return the input. It won't be a problem, because + * the test does not use a real database. + * + * DON'T USE HAT FUNCTION OUTSIDE A TEST! + * + * @param string $str + * @return input + */ function dbesc($str) { return $str; } -class GetTagsTest extends PHPUnit_Framework_TestCase { - +/** + * TestCase for tag handling. + * + * @author alexander + * @package test.util + */ +class GetTagsTest extends PHPUnit_Framework_TestCase { + /** the mock to use as app */ + private $a; + + /** + * initialize the test. That's a phpUnit function, + * don't change its name. + */ public function setUp() { - set_include_path( - get_include_path() . PATH_SEPARATOR - . 'include' . PATH_SEPARATOR - . 'library' . PATH_SEPARATOR - . 'library/phpsec' . PATH_SEPARATOR - . '.' ); + $this->a=new MockApp(); } /** @@ -70,10 +108,54 @@ class GetTagsTest extends PHPUnit_Framework_TestCase { $inform=''; $str_tags=''; - handle_body($text, $inform, $str_tags, 11, $tags[0]); - - $this->assertEquals("@Mike", $tags[0]); + foreach($tags as $tag) { + handle_tag($this->a, $text, $inform, $str_tags, 11, $tag); + } + + //correct tags found? + $this->assertEquals(1, count($tags)); + $this->assertTrue(in_array("@Mike", $tags)); + + //correct output from handle_tag? + $this->assertEquals("cid:15", $inform); + $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url]", $str_tags); $this->assertEquals("hi @[url=http://justatest.de]Mike Lastname[/url]", $text); + } + + /** + * test with one Person tag. + * There's a minor spelling mistake... + */ + public function testGetTagsShortPersonSpelling() { + $text="hi @Mike.because"; + + $tags=get_tags($text); + + //correct tags found? + $this->assertEquals(1, count($tags)); + $this->assertTrue(in_array("@Mike.because", $tags)); + + $inform=''; + $str_tags=''; + handle_tag($this->a, $text, $inform, $str_tags, 11, $tags[0]); + + $this->assertEquals("cid:15", $inform); + $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url]", $str_tags); + $this->assertEquals("hi @[url=http://justatest.de]Mike Lastname[/url].because", $text); + } + + /** + * test with two Person tags. + * There's a minor spelling mistake... + */ + public function testGetTagsPerson2Spelling() { + $text="hi @Mike@campino@friendica.eu"; + + $tags=get_tags($text); + + $this->assertEquals(2, count($tags)); + $this->assertTrue(in_array("@Mike", $tags)); + $this->assertTrue(in_array("@campino@friendica.eu", $tags)); } /** @@ -83,8 +165,9 @@ class GetTagsTest extends PHPUnit_Framework_TestCase { $text="This is a #test_case"; $tags=get_tags($text); - - $this->assertEquals("#test_case", $tags[0]); + + $this->assertEquals(1, count($tags)); + $this->assertTrue(in_array("#test_case", $tags)); } /** @@ -95,13 +178,21 @@ class GetTagsTest extends PHPUnit_Framework_TestCase { $tags=get_tags($text); - $inform=''; - $str_tags=''; - handle_body($text, $inform, $str_tags, 11, $tags[0]); - - $this->assertEquals("hi @[url=http://justatest.de]Mike[/url] This is a #test_case", $text); - $this->assertEquals("@Mike", $tags[0]); - $this->assertEquals("#test_case", $tags[1]); + $this->assertEquals(3, count($tags)); + $this->assertTrue(in_array("@Mike", $tags)); + $this->assertTrue(in_array("@Mike This", $tags)); + $this->assertTrue(in_array("#test_case", $tags)); + + $inform=''; + $str_tags=''; + foreach($tags as $tag) { + handle_tag($this->a, $text, $inform, $str_tags, 11, $tag); + } + + $this->assertEquals("cid:15", $inform); + $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url],#[url=baseurl/search?search=test%20case]test case[/url]", $str_tags); + $this->assertEquals("hi @[url=http://justatest.de]Mike Lastname[/url] This is a #[url=baseurl/search?search=test%20case]test case[/url]", $text); + } /** @@ -112,8 +203,9 @@ class GetTagsTest extends PHPUnit_Framework_TestCase { $tags=get_tags($text); - $this->assertEquals("@Mike", $tags[0]); - $this->assertEquals("#test_case", $tags[1]); + $this->assertEquals(2, count($tags)); + $this->assertTrue(in_array("@Mike", $tags)); + $this->assertTrue(in_array("#test_case", $tags)); } /** @@ -123,10 +215,45 @@ class GetTagsTest extends PHPUnit_Framework_TestCase { $text="@Test I saw the Theme Dev group was created."; $tags=get_tags($text); - - $this->assertEquals("@Test", $tags[0]); + + $this->assertEquals(2, count($tags)); + $this->assertTrue(in_array("@Test I", $tags)); + $this->assertTrue(in_array("@Test", $tags)); } + /** + * this test demonstrates strange behaviour by intval. + * It makes the next test fail. + */ + public function testIntval() { + $this->assertEquals(15, intval("15 it")); + } + + /** + * test a tag with an id in it + */ + public function testIdTag() { + $text="Test with @mike+15 id tag"; + + $tags=get_tags($text); + + $this->assertEquals(2, count($tags)); + $this->assertTrue(in_array("@mike+15", $tags)); + + //happens right now, but it shouldn't be necessary + $this->assertTrue(in_array("@mike+15 id", $tags)); + + $inform=''; + $str_tags=''; + foreach($tags as $tag) { + handle_tag($this->a, $text, $inform, $str_tags, 11, $tag); + } + + $this->assertEquals("Test with @[url=http://justatest.de]Mike Lastname[/url] id tag", $text); + $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url]", $str_tags); + $this->assertEquals("cid:15", $inform); + } + /** * test with two persons and one special tag. */ @@ -135,11 +262,13 @@ class GetTagsTest extends PHPUnit_Framework_TestCase { ." so @somebody@friendica.com may change #things."; $tags=get_tags($text); - - $this->assertEquals("@Mike", $tags[0]); - $this->assertEquals("#test_cases", $tags[1]); - $this->assertEquals("@somebody@friendica.com", $tags[2]); - $this->assertEquals("#things", $tags[3]); + + $this->assertEquals(5, count($tags)); + $this->assertTrue(in_array("@Mike", $tags)); + $this->assertTrue(in_array("#test_cases", $tags)); + $this->assertTrue(in_array("@somebody@friendica.com", $tags)); + $this->assertTrue(in_array("@somebody@friendica.com may", $tags)); + $this->assertTrue(in_array("#things", $tags)); } /** @@ -156,19 +285,23 @@ class GetTagsTest extends PHPUnit_Framework_TestCase { $tags=get_tags($text); - $this->assertEquals("@Mike", $tags[0]); - $this->assertEquals("#test_cases", $tags[1]); - $this->assertEquals("@somebody@friendica.com", $tags[2]); - $this->assertEquals("#things", $tags[3]); - $this->assertEquals("#pitfalls", $tags[4]); - $this->assertEquals("#tags", $tags[5]); - $this->assertEquals("@comment", $tags[6]); - $this->assertEquals("@fullstops", $tags[7]); - $this->assertEquals("#things", $tags[8]); - $this->assertEquals("@Mike", $tags[9]); - $this->assertEquals("@campino@friendica.eu", $tags[10]); - $this->assertEquals("#nice", $tags[11]); - $this->assertEquals("@first_last", $tags[12]); + $this->assertTrue(in_array("@Mike", $tags)); + $this->assertTrue(in_array("#test_cases", $tags)); + $this->assertTrue(in_array("@somebody@friendica.com", $tags)); + $this->assertTrue(in_array("#things", $tags)); + $this->assertTrue(in_array("#pitfalls", $tags)); + $this->assertTrue(in_array("#tags", $tags)); + $this->assertTrue(in_array("@comment", $tags)); + $this->assertTrue(in_array("@fullstops.because", $tags)); + $this->assertTrue(in_array("#things", $tags)); + $this->assertTrue(in_array("@Mike", $tags)); + $this->assertTrue(in_array("#nice", $tags)); + $this->assertTrue(in_array("@first_last", $tags)); + + //right now, none of the is matched + $this->assertFalse(in_array("@Mike@campino@friendica.eu", $tags)); + $this->assertTrue(in_array("@campino@friendica.eu", $tags)); + $this->assertTrue(in_array("@campino@friendica.eu is", $tags)); } /** From c0c98206ef322b3d175d5348d37e8d0b5fca140b Mon Sep 17 00:00:00 2001 From: Alexander Kampmann Date: Wed, 14 Mar 2012 12:31:25 +0100 Subject: [PATCH 13/20] removed done TODO --- tests/get_tags_test.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/get_tags_test.php b/tests/get_tags_test.php index bde2db7d09..9051923be0 100644 --- a/tests/get_tags_test.php +++ b/tests/get_tags_test.php @@ -281,8 +281,7 @@ class GetTagsTest extends PHPUnit_Framework_TestCase { ."@comment. I hope noone forgets about @fullstops.because that might" ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? " ."Now, add a @first_last tag. "; - //TODO check whether this are all variants (no, auto-stuff is missing). - + $tags=get_tags($text); $this->assertTrue(in_array("@Mike", $tags)); From 509ed2604fe6860b83e02984f8b4a280496a22a8 Mon Sep 17 00:00:00 2001 From: Alexander Kampmann Date: Wed, 14 Mar 2012 12:54:49 +0100 Subject: [PATCH 14/20] splitted tests into several files --- tests/autoname_test.php | 73 +++++++++++++++ tests/contains_attribute_test.php | 51 ++++++++++ tests/expand_acl_test.php | 142 ++++++++++++++++++++++++++++ tests/xss_filter_test.php | 149 +----------------------------- 4 files changed, 269 insertions(+), 146 deletions(-) create mode 100755 tests/autoname_test.php create mode 100755 tests/contains_attribute_test.php create mode 100755 tests/expand_acl_test.php diff --git a/tests/autoname_test.php b/tests/autoname_test.php new file mode 100755 index 0000000000..9dae920ca2 --- /dev/null +++ b/tests/autoname_test.php @@ -0,0 +1,73 @@ +assertNotEquals($autoname1, $autoname2); + } + + /** + *autonames should be random, odd length + */ + public function testAutonameOdd() { + $autoname1=autoname(9); + $autoname2=autoname(9); + + $this->assertNotEquals($autoname1, $autoname2); + } + + /** + * try to fail autonames + */ + public function testAutonameNoLength() { + $autoname1=autoname(0); + $this->assertEquals(0, count($autoname1)); + } + + /** + * try to fail it with invalid input + * + * TODO: What's corect behaviour here? An exception? + */ + public function testAutonameNegativeLength() { + $autoname1=autoname(-23); + $this->assertEquals(0, count($autoname1)); + } + + // public function testAutonameMaxLength() { + // $autoname2=autoname(PHP_INT_MAX); + // $this->assertEquals(PHP_INT_MAX, count($autoname2)); + // } + + /** + * test with a length, that may be too short + */ + public function testAutonameLength1() { + $autoname1=autoname(1); + $this->assertEquals(1, count($autoname1)); + + $autoname2=autoname(1); + $this->assertEquals(1, count($autoname2)); + + $this->assertFalse($autoname1==$autoname2); + } +} \ No newline at end of file diff --git a/tests/contains_attribute_test.php b/tests/contains_attribute_test.php new file mode 100755 index 0000000000..b0bb06acfa --- /dev/null +++ b/tests/contains_attribute_test.php @@ -0,0 +1,51 @@ +assertTrue(attribute_contains($testAttr, "class3")); + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + /** + * test attribute contains + */ + public function testAttributeContains2() { + $testAttr="class1 not-class2 class3"; + $this->assertTrue(attribute_contains($testAttr, "class3")); + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + /** + * test with empty input + */ + public function testAttributeContainsEmpty() { + $testAttr=""; + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + /** + * test input with special chars + */ + public function testAttributeContainsSpecialChars() { + $testAttr="--... %\$ä() /(=?}"; + $this->assertFalse(attribute_contains($testAttr, "class2")); + } +} \ No newline at end of file diff --git a/tests/expand_acl_test.php b/tests/expand_acl_test.php new file mode 100755 index 0000000000..b516a3f14d --- /dev/null +++ b/tests/expand_acl_test.php @@ -0,0 +1,142 @@ +<2><3>'; + $this->assertEquals(array(1, 2, 3), expand_acl($text)); + } + + /** + * test with a big number + */ + public function testExpandAclBigNumber() { + $text='<1><'.PHP_INT_MAX.'><15>'; + $this->assertEquals(array(1, PHP_INT_MAX, 15), expand_acl($text)); + } + + /** + * test with a string in it. + * + * TODO: is this valid input? Otherwise: should there be an exception? + */ + public function testExpandAclString() { + $text="<1><279012>"; + $this->assertEquals(array(1, 279012, 'tt'), expand_acl($text)); + } + + /** + * test with a ' ' in it. + * + * TODO: is this valid input? Otherwise: should there be an exception? + */ + public function testExpandAclSpace() { + $text="<1><279 012><32>"; + $this->assertEquals(array(1, "279 012", "32"), expand_acl($text)); + } + + /** + * test empty input + */ + public function testExpandAclEmpty() { + $text=""; + $this->assertEquals(array(), expand_acl($text)); + } + + /** + * test invalid input, no < at all + * + * TODO: should there be an exception? + */ + public function testExpandAclNoBrackets() { + $text="According to documentation, that's invalid. "; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + /** + * test invalid input, just open < + * + * TODO: should there be an exception? + */ + public function testExpandAclJustOneBracket1() { + $text="assertEquals(array(), expand_acl($text)); + } + + /** + * test invalid input, just close > + * + * TODO: should there be an exception? + */ + public function testExpandAclJustOneBracket2() { + $text="Another invalid> string"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + /** + * test invalid input, just close > + * + * TODO: should there be an exception? + */ + public function testExpandAclCloseOnly() { + $text="Another> invalid> string>"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + /** + * test invalid input, just open < + * + * TODO: should there be an exception? + */ + public function testExpandAclOpenOnly() { + $text="assertEquals(array(), expand_acl($text)); + } + + /** + * test invalid input, open and close do not match + * + * TODO: should there be an exception? + */ + public function testExpandAclNoMatching1() { + $text=" invalid "; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + /** + * test invalid input, open and close do not match + * + * TODO: should there be an exception? + */ + public function testExpandAclNoMatching2() { + $text="<1>2><3>"; + $this->assertEquals(array(), expand_acl($text)); + } + + /** + * test invalid input, empty <> + * + * TODO: should there be an exception? Or array(1, 3) + */ + public function testExpandAclEmptyMatch() { + $text="<1><><3>"; + $this->assertEquals(array(), expand_acl($text)); + } +} \ No newline at end of file diff --git a/tests/xss_filter_test.php b/tests/xss_filter_test.php index fe944c2a74..d7dcf0472b 100644 --- a/tests/xss_filter_test.php +++ b/tests/xss_filter_test.php @@ -1,24 +1,16 @@ '; @@ -30,49 +22,6 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString); } - /** - *autonames should be random, even length - */ - public function testAutonameEven() { - $autoname1=autoname(10); - $autoname2=autoname(10); - - $this->assertNotEquals($autoname1, $autoname2); - } - - /** - *autonames should be random, odd length - */ - public function testAutonameOdd() { - $autoname1=autoname(9); - $autoname2=autoname(9); - - $this->assertNotEquals($autoname1, $autoname2); - } - - /** - * try to fail autonames - */ - public function testAutonameNoLength() { - $autoname1=autoname(0); - $this->assertEquals(0, count($autoname1)); - } - - public function testAutonameNegativeLength() { - $autoname1=autoname(-23); - $this->assertEquals(0, count($autoname1)); - } - - // public function testAutonameMaxLength() { - // $autoname2=autoname(PHP_INT_MAX); - // $this->assertEquals(PHP_INT_MAX, count($autoname2)); - // } - - public function testAutonameLength1() { - $autoname3=autoname(1); - $this->assertEquals(1, count($autoname3)); - } - /** *xmlify and unxmlify */ @@ -87,7 +36,6 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { /** * test hex2bin and reverse */ - public function testHex2Bin() { $this->assertEquals(-3, hex2bin(bin2hex(-3))); $this->assertEquals(0, hex2bin(bin2hex(0))); @@ -95,97 +43,6 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX))); } - /** - * test expand_acl - */ - public function testExpandAclNormal() { - $text="<1><2><3>"; - $this->assertEquals(array(1, 2, 3), expand_acl($text)); - } - - public function testExpandAclBigNumber() { - $text="<1><279012><15>"; - $this->assertEquals(array(1, 279012, 15), expand_acl($text)); - } - - public function testExpandAclString() { - $text="<1><279012>"; //maybe that's invalid - $this->assertEquals(array(1, 279012, 'tt'), expand_acl($text)); - } - - public function testExpandAclSpace() { - $text="<1><279 012><32>"; //maybe that's invalid - $this->assertEquals(array(1, "279 012", "32"), expand_acl($text)); - } - - public function testExpandAclEmpty() { - $text=""; //maybe that's invalid - $this->assertEquals(array(), expand_acl($text)); - } - - public function testExpandAclNoBrackets() { - $text="According to documentation, that's invalid. "; //should be invalid - $this->assertEquals(array(), expand_acl($text)); - } - - public function testExpandAclJustOneBracket1() { - $text="assertEquals(array(), expand_acl($text)); - } - - public function testExpandAclJustOneBracket2() { - $text="Another invalid> string"; //should be invalid - $this->assertEquals(array(), expand_acl($text)); - } - - public function testExpandAclCloseOnly() { - $text="Another> invalid> string>"; //should be invalid - $this->assertEquals(array(), expand_acl($text)); - } - - public function testExpandAclOpenOnly() { - $text="assertEquals(array(), expand_acl($text)); - } - - public function testExpandAclNoMatching1() { - $text=" invalid "; //should be invalid - $this->assertEquals(array(), expand_acl($text)); - } - - public function testExpandAclNoMatching2() { - $text="<1>2><3>"; - $this->assertEquals(array(), expand_acl($text)); - } - - /** - * test attribute contains - */ - public function testAttributeContains1() { - $testAttr="class1 notclass2 class3"; - $this->assertTrue(attribute_contains($testAttr, "class3")); - $this->assertFalse(attribute_contains($testAttr, "class2")); - } - - /** - * test attribute contains - */ - public function testAttributeContains2() { - $testAttr="class1 not-class2 class3"; - $this->assertTrue(attribute_contains($testAttr, "class3")); - $this->assertFalse(attribute_contains($testAttr, "class2")); - } - - public function testAttributeContainsEmpty() { - $testAttr=""; - $this->assertFalse(attribute_contains($testAttr, "class2")); - } - - public function testAttributeContainsSpecialChars() { - $testAttr="--... %\$ä() /(=?}"; - $this->assertFalse(attribute_contains($testAttr, "class2")); - } - //function qp, quick and dirty?? //get_mentions //get_contact_block, bis Zeile 538 From 64e3e3590b8ef04a1fdb1cccabc3970295ef92f2 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 14 Mar 2012 16:09:13 -0700 Subject: [PATCH 15/20] revup --- boot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot.php b/boot.php index 749ef6e3f3..ba731ddee2 100755 --- a/boot.php +++ b/boot.php @@ -9,7 +9,7 @@ require_once('include/nav.php'); require_once('include/cache.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica'); -define ( 'FRIENDICA_VERSION', '2.3.1280' ); +define ( 'FRIENDICA_VERSION', '2.3.1281' ); define ( 'DFRN_PROTOCOL_VERSION', '2.22' ); define ( 'DB_UPDATE_VERSION', 1131 ); From f0a62d8908cef31982c1c2b24fc9dbc8b59b8bdb Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 14 Mar 2012 20:36:23 -0700 Subject: [PATCH 16/20] ssl_policy stuff --- boot.php | 19 +++++++++++--- include/items.php | 17 +++++++++++++ mod/admin.php | 17 +++++++------ mod/dfrn_notify.php | 60 +++++++++++++++++++++++++++++++++++++++++++++ view/admin_site.tpl | 1 + 5 files changed, 103 insertions(+), 11 deletions(-) diff --git a/boot.php b/boot.php index ba731ddee2..22a4e39be5 100755 --- a/boot.php +++ b/boot.php @@ -379,11 +379,22 @@ class App { $scheme = $this->scheme; - if(x($this->config,'ssl_policy')) { - if(($ssl) || ($this->config['ssl_policy'] == SSL_POLICY_FULL)) - $scheme = 'https'; - if(($this->config['ssl_policy'] == SSL_POLICY_SELFSIGN) && (local_user() || x($_POST,'auth-params'))) + if((x($this->config,'system')) && (x($this->config['system'],'ssl_policy'))) { + if($this->config['system']['ssl_policy'] == SSL_POLICY_FULL) $scheme = 'https'; + +// We need to populate the $ssl flag across the entire program before turning this on. +// Basically, we'll have $ssl = true on any links which can only be seen by a logged in user +// (and also the login link). Anything seen by an outsider will have it turned off. +// At present, setting SSL_POLICY_SELFSIGN will only force remote contacts to update their +// contact links to this site with "http:" if they are currently using "https:" + +// if($this->config['system']['ssl_policy'] == SSL_POLICY_SELFSIGN) { +// if($ssl) +// $scheme = 'https'; +// else +// $scheme = 'http'; +// } } $this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' ); diff --git a/include/items.php b/include/items.php index 70c72ae165..4b1523ff65 100755 --- a/include/items.php +++ b/include/items.php @@ -1046,6 +1046,21 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { if(! $rino_enable) $rino = 0; + $ssl_val = intval(get_config('system','ssl_policy')); + $ssl_policy = ''; + switch($ssl_val){ + case SSL_POLICY_FULL: + $ssl_policy = 'full'; + break; + case SSL_POLICY_SELFSIGN: + $ssl_policy = 'self'; + break; + case SSL_POLICY_NONE: + default: + $ssl_policy = 'none'; + break; + } + $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : ''); logger('dfrn_deliver: ' . $url); @@ -1118,6 +1133,8 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $postvars['perm'] = 'r'; } + $postvars['ssl_policy'] = $ssl_policy; + if($rino && $rino_allowed && (! $dissolve)) { $key = substr(random_string(),0,16); $data = bin2hex(aes_encrypt($postvars['data'],$key)); diff --git a/mod/admin.php b/mod/admin.php index 93714bb5f9..2b8d9bcd23 100755 --- a/mod/admin.php +++ b/mod/admin.php @@ -151,11 +151,7 @@ function admin_page_summary(&$a) { $r = q("SELECT COUNT(id) as `count` FROM `register`"); $pending = $r[0]['count']; - - - - - + $t = get_markup_template("admin_summary.tpl"); return replace_macros($t, array( '$title' => t('Administration'), @@ -210,7 +206,7 @@ function admin_page_site_post(&$a){ $dfrn_only = ((x($_POST,'dfrn_only')) ? True : False); $ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False); $diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False); - + $ssl_policy = ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0); set_config('config','sitename',$sitename); if ($banner==""){ @@ -222,6 +218,7 @@ function admin_page_site_post(&$a){ } else { set_config('system','banner', $banner); } + set_config('system','ssl_policy',$ssl_policy); set_config('system','language', $language); set_config('system','theme', $theme); set_config('system','maximagesize', $maximagesize); @@ -305,6 +302,12 @@ function admin_page_site(&$a) { REGISTER_APPROVE => t("Requires approval"), REGISTER_OPEN => t("Open") ); + + $ssl_choices = array( + SSL_POLICY_NONE => t("No SSL policy, links will track page SSL state"), + SSL_POLICY_FULL => t("Force all links to use SSL"), + SSL_POLICY_SELFSIGN => t("Self-signed certificate, use SSL for local links only (discouraged)") + ); $t = get_markup_template("admin_site.tpl"); return replace_macros($t, array( @@ -322,7 +325,7 @@ function admin_page_site(&$a) { '$banner' => array('banner', t("Banner/Logo"), $banner, ""), '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices), - + '$ssl_policy' => array('ssl_policy', t("SSL link policy"), get_config('system','ssl_policy'), t("Determines whether generated links should be forced to use SSL"), $ssl_choices), '$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")), '$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices), diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 0c0c27e3d6..3dbdc5b328 100755 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -14,6 +14,7 @@ function dfrn_notify_post(&$a) { $key = ((x($_POST,'key')) ? $_POST['key'] : ''); $dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0); $perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r'); + $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none'); $writable = (-1); if($dfrn_version >= 2.21) { @@ -94,6 +95,65 @@ function dfrn_notify_post(&$a) { $importer['writable'] = $writable; } + // if contact's ssl policy changed, update our links + + $ssl_changed = false; + + if($ssl_policy == 'self' && strstr($importer['url'],'https:')) { + $ssl_changed = true; + $importer['url'] = str_replace('https:','http:',$importer['url']); + $importer['nurl'] = normalise_link($importer['url']); + $importer['photo'] = str_replace('https:','http:',$importer['photo']); + $importer['thumb'] = str_replace('https:','http:',$importer['thumb']); + $importer['micro'] = str_replace('https:','http:',$importer['micro']); + $importer['request'] = str_replace('https:','http:',$importer['request']); + $importer['notify'] = str_replace('https:','http:',$importer['notify']); + $importer['poll'] = str_replace('https:','http:',$importer['poll']); + $importer['confirm'] = str_replace('https:','http:',$importer['confirm']); + $importer['poco'] = str_replace('https:','http:',$importer['poco']); + } + + if($ssl_policy == 'full' && strstr($importer['url'],'http:')) { + $ssl_changed = true; + $importer['url'] = str_replace('http:','https:',$importer['url']); + $importer['nurl'] = normalise_link($importer['url']); + $importer['photo'] = str_replace('http:','https:',$importer['photo']); + $importer['thumb'] = str_replace('http:','https:',$importer['thumb']); + $importer['micro'] = str_replace('http:','https:',$importer['micro']); + $importer['request'] = str_replace('http:','https:',$importer['request']); + $importer['notify'] = str_replace('http:','https:',$importer['notify']); + $importer['poll'] = str_replace('http:','https:',$importer['poll']); + $importer['confirm'] = str_replace('http:','https:',$importer['confirm']); + $importer['poco'] = str_replace('http:','https:',$importer['poco']); + } + + if($ssl_changed) { + q("update contact set + url = '%s', + nurl = '%s', + photo = '%s', + thumb = '%s', + micro = '%s', + request = '%s', + notify = '%s', + poll = '%s', + confirm = '%s', + poco = '%s' + where id = %d limit 1", + dbesc($importer['url']), + dbesc($importer['nurl']), + dbesc($importer['photo']), + dbesc($importer['thumb']), + dbesc($importer['micro']), + dbesc($importer['request']), + dbesc($importer['notify']), + dbesc($importer['poll']), + dbesc($importer['confirm']), + dbesc($importer['poco']), + intval($importer['id']) + ); + } + logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']); logger('dfrn_notify: data: ' . $data, LOGGER_DATA); diff --git a/view/admin_site.tpl b/view/admin_site.tpl index 9a12298454..01fe893c65 100755 --- a/view/admin_site.tpl +++ b/view/admin_site.tpl @@ -7,6 +7,7 @@ {{ inc field_textarea.tpl with $field=$banner }}{{ endinc }} {{ inc field_select.tpl with $field=$language }}{{ endinc }} {{ inc field_select.tpl with $field=$theme }}{{ endinc }} + {{ inc field_select.tpl with $field=$ssl_policy }}{{ endinc }}
From 110e8f29197e0824d555b82c05c31f36b87ab7ae Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 14 Mar 2012 21:20:20 -0700 Subject: [PATCH 17/20] basic ssl_policy for important modules --- include/conversation.php | 40 ++++++++++++++++++-------------- include/nav.php | 8 ++++--- mod/admin.php | 50 ++++++++++++++++++++-------------------- mod/contacts.php | 34 +++++++++++++-------------- mod/manage.php | 2 +- mod/message.php | 20 ++++++++-------- mod/network.php | 26 +++++++++++---------- mod/notifications.php | 44 +++++++++++++++++------------------ mod/notify.php | 4 ++-- mod/profiles.php | 18 +++++++-------- mod/settings.php | 24 +++++++++---------- 11 files changed, 140 insertions(+), 130 deletions(-) diff --git a/include/conversation.php b/include/conversation.php index 117127a287..88ecf502b2 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -186,6 +186,8 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { require_once('bbcode.php'); + $ssl_state = ((local_user()) ? true : false); + $profile_owner = 0; $page_writeable = false; @@ -345,7 +347,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { 'like' => '', 'dislike' => '', 'comment' => '', - 'conv' => (($preview) ? '' : array('href'=> $a->get_baseurl() . '/display/' . $nickname . '/' . $item['id'], 'title'=> t('View in context'))), + 'conv' => (($preview) ? '' : array('href'=> $a->get_baseurl($ssl_state) . '/display/' . $nickname . '/' . $item['id'], 'title'=> t('View in context'))), 'previewing' => $previewing, 'wait' => t('Please wait'), ); @@ -461,7 +463,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { $comment_lastcollapsed = true; } - $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ; + $redirect_url = $a->get_baseurl($ssl_state) . '/redir/' . $item['cid'] ; $lock = ((($item['private']) || (($item['uid'] == local_user()) && (strlen($item['allow_cid']) || strlen($item['allow_gid']) || strlen($item['deny_cid']) || strlen($item['deny_gid'])))) @@ -543,7 +545,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { } $edpost = (((($profile_owner == local_user()) && ($toplevelpost) && (intval($item['wall']) == 1)) || ($mode === 'notes')) - ? array($a->get_baseurl()."/editpost/".$item['id'], t("Edit")) + ? array($a->get_baseurl($ssl_state)."/editpost/".$item['id'], t("Edit")) : False); @@ -697,7 +699,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { $page_template = get_markup_template("conversation.tpl"); $o .= replace_macros($page_template, array( - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl($ssl_state), '$mode' => $mode, '$user' => $a->user, '$threads' => $threads, @@ -707,7 +709,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { return $o; }} -function best_link_url($item,&$sparkle) { +function best_link_url($item,&$sparkle,$ssl_state = false) { $a = get_app(); @@ -719,7 +721,7 @@ function best_link_url($item,&$sparkle) { if((local_user()) && (local_user() == $item['uid'])) { if(isset($a->contacts) && x($a->contacts,$clean_url)) { if($a->contacts[$clean_url]['network'] === NETWORK_DFRN) { - $best_url = $a->get_baseurl() . '/redir/' . $a->contacts[$clean_url]['id']; + $best_url = $a->get_baseurl($ssl_state) . '/redir/' . $a->contacts[$clean_url]['id']; $sparkle = true; } else @@ -740,10 +742,14 @@ function best_link_url($item,&$sparkle) { if(! function_exists('item_photo_menu')){ function item_photo_menu($item){ $a = get_app(); - - if (local_user() && (! count($a->contacts))) - load_contact_links(local_user()); + $ssl_state = false; + + if(local_user()) { + $ssl_state = true; + if(! count($a->contacts)) + load_contact_links(local_user()); + } $contact_url=""; $pm_url=""; $status_link=""; @@ -751,7 +757,7 @@ function item_photo_menu($item){ $posts_link=""; $sparkle = false; - $profile_link = best_link_url($item,$sparkle); + $profile_link = best_link_url($item,$sparkle,$ssl_state); if($profile_link === 'mailbox') $profile_link = ''; @@ -760,7 +766,7 @@ function item_photo_menu($item){ $status_link = $profile_link . "?url=status"; $photos_link = $profile_link . "?url=photos"; $profile_link = $profile_link . "?url=profile"; - $pm_url = $a->get_baseurl() . '/message/new/' . $cid; + $pm_url = $a->get_baseurl($ssl_state) . '/message/new/' . $cid; } else { if(local_user() && local_user() == $item['uid'] && link_compare($item['url'],$item['author-link'])) { @@ -771,8 +777,8 @@ function item_photo_menu($item){ } } if(($cid) && (! $item['self'])) { - $contact_url = $a->get_baseurl() . '/contacts/' . $cid; - $posts_link = $a->get_baseurl() . '/network/?cid=' . $cid; + $contact_url = $a->get_baseurl($ssl_state) . '/contacts/' . $cid; + $posts_link = $a->get_baseurl($ssl_state) . '/network/?cid=' . $cid; } $menu = Array( @@ -808,7 +814,7 @@ function like_puller($a,$item,&$arr,$mode) { if((activity_match($item['verb'],$verb)) && ($item['id'] != $item['parent'])) { $url = $item['author-link']; if((local_user()) && (local_user() == $item['uid']) && ($item['network'] === 'dfrn') && (! $item['self']) && (link_compare($item['author-link'],$item['url']))) { - $url = $a->get_baseurl() . '/redir/' . $item['contact-id']; + $url = $a->get_baseurl(true) . '/redir/' . $item['contact-id']; $sparkle = ' class="sparkle" '; } if(! ((isset($arr[$item['parent'] . '-l'])) && (is_array($arr[$item['parent'] . '-l'])))) @@ -870,7 +876,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { $a->page['htmlhead'] .= replace_macros($tpl, array( '$newpost' => 'true', - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), '$geotag' => $geotag, '$nickname' => $x['nickname'], @@ -921,7 +927,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { $o .= replace_macros($tpl,array( '$return_path' => $a->cmd, - '$action' => $a->get_baseurl().'/item', + '$action' => $a->get_baseurl(true) . '/item', '$share' => (x($x,'button') ? $x['button'] : t('Share')), '$upload' => t('Upload photo'), '$shortupload' => t('upload photo'), @@ -945,7 +951,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { '$ptyp' => (($notes_cid) ? 'note' : 'wall'), '$content' => '', '$post_id' => '', - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$defloc' => $x['default_location'], '$visitor' => $x['visitor'], '$pvisit' => (($notes_cid) ? 'none' : $x['visitor']), diff --git a/include/nav.php b/include/nav.php index aadfa82fd8..e280818399 100755 --- a/include/nav.php +++ b/include/nav.php @@ -8,6 +8,8 @@ function nav(&$a) { * */ + $ssl_state = ((local_user()) ? true : false); + if(!(x($a->page,'nav'))) $a->page['nav'] = ''; @@ -27,7 +29,7 @@ function nav(&$a) { $myident = ((is_array($a->user) && isset($a->user['nickname'])) ? $a->user['nickname'] . '@' : ''); - $sitelocation = $myident . substr($a->get_baseurl(),strpos($a->get_baseurl(),'//') + 2 ); + $sitelocation = $myident . substr($a->get_baseurl($ssl_state),strpos($a->get_baseurl($ssl_state),'//') + 2 ); // nav links: array of array('href', 'text', 'extra css classes', 'title') @@ -53,7 +55,7 @@ function nav(&$a) { // user info $r = q("SELECT micro FROM contact WHERE uid=%d AND self=1", intval($a->user['uid'])); $userinfo = array( - 'icon' => (count($r) ? $r[0]['micro']: $a->get_baseurl()."/images/default-profile-mm.jpg"), + 'icon' => (count($r) ? $r[0]['micro']: $a->get_baseurl($ssl_state)."/images/default-profile-mm.jpg"), 'name' => $a->user['username'], ); @@ -76,7 +78,7 @@ function nav(&$a) { if(($a->config['register_policy'] == REGISTER_OPEN) && (! local_user()) && (! remote_user())) $nav['register'] = array('register',t('Register'), "", t('Create an account')); - $help_url = $a->get_baseurl() . '/help'; + $help_url = $a->get_baseurl($ssl_state) . '/help'; if(! get_config('system','hide_help')) $nav['help'] = array($help_url, t('Help'), "", t('Help and documentation')); diff --git a/mod/admin.php b/mod/admin.php index 2b8d9bcd23..88ccad6d3e 100755 --- a/mod/admin.php +++ b/mod/admin.php @@ -37,7 +37,7 @@ function admin_post(&$a){ $func($a); } } - goaway($a->get_baseurl() . '/admin/plugins/' . $a->argv[2] ); + goaway($a->get_baseurl(true) . '/admin/plugins/' . $a->argv[2] ); return; // NOTREACHED break; case 'logs': @@ -49,7 +49,7 @@ function admin_post(&$a){ } } - goaway($a->get_baseurl() . '/admin' ); + goaway($a->get_baseurl(true) . '/admin' ); return; // NOTREACHED } @@ -68,11 +68,11 @@ function admin_content(&$a) { // array( url, name, extra css classes ) $aside = Array( - 'site' => Array($a->get_baseurl()."/admin/site/", t("Site") , "site"), - 'users' => Array($a->get_baseurl()."/admin/users/", t("Users") , "users"), - 'plugins'=> Array($a->get_baseurl()."/admin/plugins/", t("Plugins") , "plugins"), - 'themes' => Array($a->get_baseurl()."/admin/themes/", t("Themes") , "themes"), - 'update' => Array($a->get_baseurl()."/admin/update/", t("Update") , "update") + 'site' => Array($a->get_baseurl(true)."/admin/site/", t("Site") , "site"), + 'users' => Array($a->get_baseurl(true)."/admin/users/", t("Users") , "users"), + 'plugins'=> Array($a->get_baseurl(true)."/admin/plugins/", t("Plugins") , "plugins"), + 'themes' => Array($a->get_baseurl(true)."/admin/themes/", t("Themes") , "themes"), + 'update' => Array($a->get_baseurl(true)."/admin/update/", t("Update") , "update") ); /* get plugins admin page */ @@ -81,18 +81,18 @@ function admin_content(&$a) { $aside['plugins_admin']=Array(); foreach ($r as $h){ $plugin =$h['name']; - $aside['plugins_admin'][] = Array($a->get_baseurl()."/admin/plugins/".$plugin, $plugin, "plugin"); + $aside['plugins_admin'][] = Array($a->get_baseurl(true)."/admin/plugins/".$plugin, $plugin, "plugin"); // temp plugins with admin $a->plugins_admin[] = $plugin; } - $aside['logs'] = Array($a->get_baseurl()."/admin/logs/", t("Logs"), "logs"); + $aside['logs'] = Array($a->get_baseurl(true)."/admin/logs/", t("Logs"), "logs"); $t = get_markup_template("admin_aside.tpl"); $a->page['aside'] = replace_macros( $t, array( '$admin' => $aside, '$h_pending' => t('User registrations waiting for confirmation'), - '$admurl'=> $a->get_baseurl()."/admin/" + '$admurl'=> $a->get_baseurl(true)."/admin/" )); @@ -255,7 +255,7 @@ function admin_page_site_post(&$a){ set_config('system','diaspora_enabled', $diaspora_enabled); info( t('Site settings updated.') . EOL); - goaway($a->get_baseurl() . '/admin/site' ); + goaway($a->get_baseurl(true) . '/admin/site' ); return; // NOTREACHED } @@ -319,7 +319,7 @@ function admin_page_site(&$a) { '$corporate' => t('Policies'), '$advanced' => t('Advanced'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), // name, label, value, help string, extra data... '$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), ""), '$banner' => array('banner', t("Banner/Logo"), $banner, ""), @@ -392,7 +392,7 @@ function admin_page_users_post(&$a){ user_deny($hash); } } - goaway($a->get_baseurl() . '/admin/users' ); + goaway($a->get_baseurl(true) . '/admin/users' ); return; // NOTREACHED } @@ -402,7 +402,7 @@ function admin_page_users(&$a){ $user = q("SELECT * FROM `user` WHERE `uid`=%d", intval($uid)); if (count($user)==0){ notice( 'User not found' . EOL); - goaway($a->get_baseurl() . '/admin/users' ); + goaway($a->get_baseurl(true) . '/admin/users' ); return; // NOTREACHED } switch($a->argv[2]){ @@ -421,7 +421,7 @@ function admin_page_users(&$a){ notice( sprintf( ($user[0]['blocked']?t("User '%s' unblocked"):t("User '%s' blocked")) , $user[0]['username']) . EOL); }; break; } - goaway($a->get_baseurl() . '/admin/users' ); + goaway($a->get_baseurl(true) . '/admin/users' ); return; // NOTREACHED } @@ -500,7 +500,7 @@ function admin_page_users(&$a){ // values // - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$pending' => $pending, '$users' => $users, @@ -539,7 +539,7 @@ function admin_page_plugins(&$a){ info( sprintf( t("Plugin %s enabled."), $plugin ) ); } set_config("system","addon", implode(", ",$a->plugins)); - goaway($a->get_baseurl() . '/admin/plugins' ); + goaway($a->get_baseurl(true) . '/admin/plugins' ); return; // NOTREACHED } // display plugin details @@ -572,7 +572,7 @@ function admin_page_plugins(&$a){ '$page' => t('Plugins'), '$toggle' => t('Toggle'), '$settings' => t('Settings'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$plugin' => $plugin, '$status' => $status, @@ -610,7 +610,7 @@ function admin_page_plugins(&$a){ '$title' => t('Administration'), '$page' => t('Plugins'), '$submit' => t('Submit'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$function' => 'plugins', '$plugins' => $plugins )); @@ -716,7 +716,7 @@ function admin_page_themes(&$a){ info( sprintf('Theme %s disabled.',$theme)); set_config('system','allowed_themes',$s); - goaway($a->get_baseurl() . '/admin/themes' ); + goaway($a->get_baseurl(true) . '/admin/themes' ); return; // NOTREACHED } @@ -745,7 +745,7 @@ function admin_page_themes(&$a){ '$page' => t('Themes'), '$toggle' => t('Toggle'), '$settings' => t('Settings'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$plugin' => $theme, '$status' => $status, @@ -777,7 +777,7 @@ function admin_page_themes(&$a){ '$title' => t('Administration'), '$page' => t('Themes'), '$submit' => t('Submit'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$function' => 'themes', '$plugins' => $xthemes, '$experimental' => t('[Experimental]'), @@ -805,7 +805,7 @@ function admin_page_logs_post(&$a) { } info( t("Log settings updated.") ); - goaway($a->get_baseurl() . '/admin/logs' ); + goaway($a->get_baseurl(true) . '/admin/logs' ); return; // NOTREACHED } @@ -859,7 +859,7 @@ readable."); '$submit' => t('Submit'), '$clear' => t('Clear'), '$data' => $data, - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$logname' => get_config('system','logfile'), // name, label, value, help string, extra data... @@ -904,7 +904,7 @@ function admin_page_remoteupdate(&$a) { $tpl = get_markup_template("admin_remoteupdate.tpl"); return replace_macros($tpl, array( - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$submit' => t("Update now"), '$close' => t("Close"), '$localversion' => FRIENDICA_VERSION, diff --git a/mod/contacts.php b/mod/contacts.php index 38ca570ddf..78c8d40928 100755 --- a/mod/contacts.php +++ b/mod/contacts.php @@ -61,7 +61,7 @@ function contacts_post(&$a) { if(! count($orig_record)) { notice( t('Could not access contact record.') . EOL); - goaway($a->get_baseurl() . '/contacts'); + goaway($a->get_baseurl(true) . '/contacts'); return; // NOTREACHED } @@ -141,7 +141,7 @@ function contacts_content(&$a) { if(! count($orig_record)) { notice( t('Could not access contact record.') . EOL); - goaway($a->get_baseurl() . '/contacts'); + goaway($a->get_baseurl(true) . '/contacts'); return; // NOTREACHED } @@ -149,7 +149,7 @@ function contacts_content(&$a) { // pull feed and consume it, which should subscribe to the hub. proc_run('php',"include/poller.php","$contact_id"); - goaway($a->get_baseurl() . '/contacts/' . $contact_id); + goaway($a->get_baseurl(true) . '/contacts/' . $contact_id); // NOTREACHED } @@ -164,7 +164,7 @@ function contacts_content(&$a) { //notice( t('Contact has been ') . (($blocked) ? t('blocked') : t('unblocked')) . EOL ); info( (($blocked) ? t('Contact has been blocked') : t('Contact has been unblocked')) . EOL ); } - goaway($a->get_baseurl() . '/contacts/' . $contact_id); + goaway($a->get_baseurl(true) . '/contacts/' . $contact_id); return; // NOTREACHED } @@ -178,7 +178,7 @@ function contacts_content(&$a) { if($r) { info( (($readonly) ? t('Contact has been ignored') : t('Contact has been unignored')) . EOL ); } - goaway($a->get_baseurl() . '/contacts/' . $contact_id); + goaway($a->get_baseurl(true) . '/contacts/' . $contact_id); return; // NOTREACHED } @@ -220,9 +220,9 @@ function contacts_content(&$a) { contact_remove($orig_record[0]['id']); info( t('Contact has been removed.') . EOL ); if(x($_SESSION,'return_url')) - goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); + goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']); else - goaway($a->get_baseurl() . '/contacts'); + goaway($a->get_baseurl(true) . '/contacts'); return; // NOTREACHED } } @@ -233,7 +233,7 @@ function contacts_content(&$a) { $contact = $a->data['contact']; $tpl = get_markup_template('contact_head.tpl'); - $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl())); + $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(true))); require_once('include/contact_selectors.php'); @@ -295,17 +295,17 @@ function contacts_content(&$a) { $tabs = array( array( 'label' => (($contact['blocked']) ? t('Unblock') : t('Block') ), - 'url' => $a->get_baseurl() . '/contacts/' . $contact_id . '/block', + 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/block', 'sel' => '', ), array( 'label' => (($contact['readonly']) ? t('Unignore') : t('Ignore') ), - 'url' => $a->get_baseurl() . '/contacts/' . $contact_id . '/ignore', + 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/ignore', 'sel' => '', ), array( 'label' => t('Repair'), - 'url' => $a->get_baseurl() . '/crepair/' . $contact_id, + 'url' => $a->get_baseurl(true) . '/crepair/' . $contact_id, 'sel' => '', ) ); @@ -322,7 +322,7 @@ function contacts_content(&$a) { '$lbl_info1' => t('Contact Information / Notes'), '$infedit' => t('Edit contact notes'), '$common_text' => $common_text, - '$common_link' => $a->get_baseurl() . '/common/' . $contact['id'], + '$common_link' => $a->get_baseurl(true) . '/common/' . $contact['id'], '$all_friends' => $all_friends, '$relation_text' => $relation_text, '$visit' => sprintf( t('Visit %s\'s profile [%s]'),$contact['name'],$contact['url']), @@ -397,30 +397,30 @@ function contacts_content(&$a) { $tabs = array( array( 'label' => t('All Contacts'), - 'url' => $a->get_baseurl() . '/contacts/all', + 'url' => $a->get_baseurl(true) . '/contacts/all', 'sel' => ($all) ? 'active' : '', ), array( 'label' => t('Unblocked Contacts'), - 'url' => $a->get_baseurl() . '/contacts', + 'url' => $a->get_baseurl(true) . '/contacts', 'sel' => ((! $all) && (! $blocked) && (! $hidden) && (! $search) && (! $nets) && (! $ignored)) ? 'active' : '', ), array( 'label' => t('Blocked Contacts'), - 'url' => $a->get_baseurl() . '/contacts/blocked', + 'url' => $a->get_baseurl(true) . '/contacts/blocked', 'sel' => ($blocked) ? 'active' : '', ), array( 'label' => t('Ignored Contacts'), - 'url' => $a->get_baseurl() . '/contacts/ignored', + 'url' => $a->get_baseurl(true) . '/contacts/ignored', 'sel' => ($ignored) ? 'active' : '', ), array( 'label' => t('Hidden Contacts'), - 'url' => $a->get_baseurl() . '/contacts/hidden', + 'url' => $a->get_baseurl(true) . '/contacts/hidden', 'sel' => ($hidden) ? 'active' : '', ), diff --git a/mod/manage.php b/mod/manage.php index ec4dcd8a00..84dfa6917c 100755 --- a/mod/manage.php +++ b/mod/manage.php @@ -74,7 +74,7 @@ function manage_post(&$a) { if($limited_id) $_SESSION['submanage'] = $original_id; - goaway($a->get_baseurl() . '/profile/' . $a->user['nickname']); + goaway($a->get_baseurl(true) . '/profile/' . $a->user['nickname']); // NOTREACHED } diff --git a/mod/message.php b/mod/message.php index 65f692f3d5..55e313776d 100755 --- a/mod/message.php +++ b/mod/message.php @@ -56,23 +56,23 @@ function message_content(&$a) { return; } - $myprofile = $a->get_baseurl() . '/profile/' . $a->user['nickname']; + $myprofile = $a->get_baseurl(true) . '/profile/' . $a->user['nickname']; $tabs = array( array( 'label' => t('Inbox'), - 'url'=> $a->get_baseurl() . '/message', + 'url'=> $a->get_baseurl(true) . '/message', 'sel'=> (($a->argc == 1) ? 'active' : ''), ), array( 'label' => t('Outbox'), - 'url' => $a->get_baseurl() . '/message/sent', + 'url' => $a->get_baseurl(true) . '/message/sent', 'sel'=> (($a->argv[1] == 'sent') ? 'active' : ''), ), array( 'label' => t('New Message'), - 'url' => $a->get_baseurl() . '/message/new', + 'url' => $a->get_baseurl(true) . '/message/new', 'sel'=> (($a->argv[1] == 'new') ? 'active' : ''), ), ); @@ -99,7 +99,7 @@ function message_content(&$a) { if($r) { info( t('Message deleted.') . EOL ); } - goaway($a->get_baseurl() . '/message' ); + goaway($a->get_baseurl(true) . '/message' ); } else { $r = q("SELECT `parent-uri`,`convid` FROM `mail` WHERE `id` = %d AND `uid` = %d LIMIT 1", @@ -129,7 +129,7 @@ function message_content(&$a) { if($r) info( t('Conversation removed.') . EOL ); } - goaway($a->get_baseurl() . '/message' ); + goaway($a->get_baseurl(true) . '/message' ); } } @@ -146,7 +146,7 @@ function message_content(&$a) { $tpl = get_markup_template('msg-header.tpl'); $a->page['htmlhead'] .= replace_macros($tpl, array( - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), '$nickname' => $a->user['nickname'], '$linkurl' => t('Please enter a link URL:') @@ -210,7 +210,7 @@ function message_content(&$a) { $o .= replace_macros($tpl, array( '$id' => $rr['id'], '$from_name' =>$rr['from-name'], - '$from_url' => (($rr['network'] === NETWORK_DFRN) ? $a->get_baseurl() . '/redir/' . $rr['contact-id'] : $rr['url']), + '$from_url' => (($rr['network'] === NETWORK_DFRN) ? $a->get_baseurl(true) . '/redir/' . $rr['contact-id'] : $rr['url']), '$sparkle' => ' sparkle', '$from_photo' => $rr['thumb'], '$subject' => template_escape((($rr['mailseen']) ? $rr['title'] : '' . $rr['title'] . '')), @@ -267,7 +267,7 @@ function message_content(&$a) { $a->page['htmlhead'] .= replace_macros($tpl, array( '$nickname' => $a->user['nickname'], - '$baseurl' => $a->get_baseurl() + '$baseurl' => $a->get_baseurl(true) )); @@ -278,7 +278,7 @@ function message_content(&$a) { $sparkle = ''; } else { - $from_url = $a->get_baseurl() . '/redir/' . $message['contact-id']; + $from_url = $a->get_baseurl(true) . '/redir/' . $message['contact-id']; $sparkle = ' sparkle'; } $o .= replace_macros($tpl, array( diff --git a/mod/network.php b/mod/network.php index e9f3913ff4..d0f1733f46 100755 --- a/mod/network.php +++ b/mod/network.php @@ -44,14 +44,16 @@ function network_init(&$a) { } $a->page['aside'] .= group_side('network','network',true,$group_id); - $a->page['aside'] .= networks_widget($a->get_baseurl() . '/network',(x($_GET, 'nets') ? $_GET['nets'] : '')); + $a->page['aside'] .= networks_widget($a->get_baseurl(true) . '/network',(x($_GET, 'nets') ? $_GET['nets'] : '')); $a->page['aside'] .= saved_searches($search); - $a->page['aside'] .= fileas_widget($a->get_baseurl() . '/network',(x($_GET, 'file') ? $_GET['file'] : '')); + $a->page['aside'] .= fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : '')); } function saved_searches($search) { + $a = get_app(); + $srchurl = '/network?f=' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : '') . ((x($_GET,'star')) ? '&star=' . $_GET['star'] : '') @@ -88,7 +90,7 @@ function saved_searches($search) { $o = replace_macros($tpl, array( '$title' => t('Saved Searches'), '$add' => t('add'), - '$searchbox' => search($search,'netsearch-box',$srchurl,true), + '$searchbox' => search($search,'netsearch-box',$a->get_baseurl(true) . $srchurl,true), '$saved' => $saved, )); @@ -167,38 +169,38 @@ function network_content(&$a, $update = 0) { $tabs = array( array( 'label' => t('Commented Order'), - 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?f=&cid=' . $_GET['cid'] : ''), + 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?f=&cid=' . $_GET['cid'] : ''), 'sel'=>$all_active, ), array( 'label' => t('Posted Order'), - 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), + 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), 'sel'=>$postord_active, ), array( 'label' => t('Personal'), - 'url' => $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1', + 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1', 'sel' => $conv_active, ), array( 'label' => t('New'), - 'url' => $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . '/new' . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : ''), + 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . '/new' . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : ''), 'sel' => $new_active, ), array( 'label' => t('Starred'), - 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1', + 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1', 'sel'=>$starred_active, ), array( 'label' => t('Shared Links'), - 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&bmark=1', + 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&bmark=1', 'sel'=>$bookmarked_active, ), // array( // 'label' => t('Spam'), -// 'url'=>$a->get_baseurl() . '/network?f=&spam=1' +// 'url'=>$a->get_baseurl(true) . '/network?f=&spam=1' // 'sel'=> $spam_active, // ), @@ -300,7 +302,7 @@ function network_content(&$a, $update = 0) { if($update) killme(); notice( t('No such group') . EOL ); - goaway($a->get_baseurl() . '/network'); + goaway($a->get_baseurl(true) . '/network'); // NOTREACHED } @@ -332,7 +334,7 @@ function network_content(&$a, $update = 0) { } else { notice( t('Invalid contact.') . EOL); - goaway($a->get_baseurl() . '/network'); + goaway($a->get_baseurl(true) . '/network'); // NOTREACHED } } diff --git a/mod/notifications.php b/mod/notifications.php index 99031a1d59..d478b51634 100755 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -42,12 +42,12 @@ function notifications_post(&$a) { intval(local_user()) ); } - goaway($a->get_baseurl() . '/notifications/intros'); + goaway($a->get_baseurl(true) . '/notifications/intros'); } if($_POST['submit'] == t('Ignore')) { $r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1", intval($intro_id)); - goaway($a->get_baseurl() . '/notifications/intros'); + goaway($a->get_baseurl(true) . '/notifications/intros'); } } } @@ -69,32 +69,32 @@ function notifications_content(&$a) { $tabs = array( array( 'label' => t('System'), - 'url'=>$a->get_baseurl() . '/notifications/system', + 'url'=>$a->get_baseurl(true) . '/notifications/system', 'sel'=> (($a->argv[1] == 'system') ? 'active' : ''), ), array( 'label' => t('Network'), - 'url'=>$a->get_baseurl() . '/notifications/network', + 'url'=>$a->get_baseurl(true) . '/notifications/network', 'sel'=> (($a->argv[1] == 'network') ? 'active' : ''), ), array( 'label' => t('Personal'), - 'url'=>$a->get_baseurl() . '/notifications/personal', + 'url'=>$a->get_baseurl(true) . '/notifications/personal', 'sel'=> (($a->argv[1] == 'personal') ? 'active' : ''), ), array( 'label' => t('Home'), - 'url' => $a->get_baseurl() . '/notifications/home', + 'url' => $a->get_baseurl(true) . '/notifications/home', 'sel'=> (($a->argv[1] == 'home') ? 'active' : ''), ), array( 'label' => t('Introductions'), - 'url' => $a->get_baseurl() . '/notifications/intros', + 'url' => $a->get_baseurl(true) . '/notifications/intros', 'sel'=> (($a->argv[1] == 'intros') ? 'active' : ''), ), array( 'label' => t('Messages'), - 'url' => $a->get_baseurl() . '/message', + 'url' => $a->get_baseurl(true) . '/message', 'sel'=> '', ), ); @@ -244,7 +244,7 @@ function notifications_content(&$a) { switch($it['verb']){ case ACTIVITY_LIKE: $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -253,7 +253,7 @@ function notifications_content(&$a) { case ACTIVITY_DISLIKE: $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -267,7 +267,7 @@ function notifications_content(&$a) { $it['fname'] = $obj->title; $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), '$item_when' => relative_date($it['created']) @@ -281,7 +281,7 @@ function notifications_content(&$a) { $tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments); $notif_content .= replace_macros($tpl,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => $item_text, '$item_when' => relative_date($it['created']) @@ -314,7 +314,7 @@ function notifications_content(&$a) { if (count($r) > 0) { foreach ($r as $it) { $notif_content .= replace_macros($not_tpl,array( - '$item_link' => $a->get_baseurl().'/notify/view/'. $it['id'], + '$item_link' => $a->get_baseurl(true).'/notify/view/'. $it['id'], '$item_image' => $it['photo'], '$item_text' => strip_tags(bbcode($it['msg'])), '$item_when' => relative_date($it['date']) @@ -334,7 +334,7 @@ function notifications_content(&$a) { $notif_tpl = get_markup_template('notifications.tpl'); - $myurl = $a->get_baseurl() . '/profile/'. $a->user['nickname']; + $myurl = $a->get_baseurl(true) . '/profile/'. $a->user['nickname']; $myurl = substr($myurl,strpos($myurl,'://')+3); $myurl = str_replace(array('www.','.'),array('','\\.'),$myurl); $diasp_url = str_replace('/profile/','/u/',$myurl); @@ -369,7 +369,7 @@ function notifications_content(&$a) { switch($it['verb']){ case ACTIVITY_LIKE: $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -378,7 +378,7 @@ function notifications_content(&$a) { case ACTIVITY_DISLIKE: $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -392,7 +392,7 @@ function notifications_content(&$a) { $it['fname'] = $obj->title; $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), '$item_when' => relative_date($it['created']) @@ -406,7 +406,7 @@ function notifications_content(&$a) { $tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments); $notif_content .= replace_macros($tpl,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => $item_text, '$item_when' => relative_date($it['created']) @@ -456,7 +456,7 @@ function notifications_content(&$a) { switch($it['verb']){ case ACTIVITY_LIKE: $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -465,7 +465,7 @@ function notifications_content(&$a) { break; case ACTIVITY_DISLIKE: $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -479,7 +479,7 @@ function notifications_content(&$a) { $it['fname'] = $obj->title; $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), '$item_when' => relative_date($it['created']) @@ -488,7 +488,7 @@ function notifications_content(&$a) { break; default: $notif_content .= replace_macros($tpl_item_comments,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s commented on %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) diff --git a/mod/notify.php b/mod/notify.php index a572b15344..ae8273a1d3 100644 --- a/mod/notify.php +++ b/mod/notify.php @@ -20,7 +20,7 @@ function notify_init(&$a) { goaway($r[0]['link']); } - goaway($a->get_baseurl()); + goaway($a->get_baseurl(true)); } if($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all' ) { @@ -51,7 +51,7 @@ function notify_content(&$a) { if (count($r) > 0) { foreach ($r as $it) { $notif_content .= replace_macros($not_tpl,array( - '$item_link' => $a->get_baseurl().'/notify/view/'. $it['id'], + '$item_link' => $a->get_baseurl(true).'/notify/view/'. $it['id'], '$item_image' => $it['photo'], '$item_text' => strip_tags(bbcode($it['msg'])), '$item_when' => relative_date($it['date']) diff --git a/mod/profiles.php b/mod/profiles.php index b307a2d43b..7b3b6ccc1e 100755 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -240,7 +240,7 @@ function profiles_content(&$a) { ); if(! count($r)) { notice( t('Profile not found.') . EOL); - goaway($a->get_baseurl() . '/profiles'); + goaway($a->get_baseurl(true) . '/profiles'); return; // NOTREACHED } @@ -260,7 +260,7 @@ function profiles_content(&$a) { if($r) info( t('Profile deleted.') . EOL); - goaway($a->get_baseurl() . '/profiles'); + goaway($a->get_baseurl(true) . '/profiles'); return; // NOTREACHED } @@ -297,9 +297,9 @@ function profiles_content(&$a) { info( t('New profile created.') . EOL); if(count($r3) == 1) - goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']); + goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']); - goaway($a->get_baseurl() . '/profiles'); + goaway($a->get_baseurl(true) . '/profiles'); } if(($a->argc > 2) && ($a->argv[1] === 'clone')) { @@ -339,9 +339,9 @@ function profiles_content(&$a) { ); info( t('New profile created.') . EOL); if(count($r3) == 1) - goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']); + goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']); - goaway($a->get_baseurl() . '/profiles'); + goaway($a->get_baseurl(true) . '/profiles'); return; // NOTREACHED } @@ -373,7 +373,7 @@ function profiles_content(&$a) { )); - $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl())); + $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(true))); $a->page['htmlhead'] .= ""; $f = get_config('system','birthday_input_format'); @@ -425,7 +425,7 @@ function profiles_content(&$a) { '$lbl_work' => t('Work/employment'), '$lbl_school' => t('School/education'), '$disabled' => (($is_default) ? 'onclick="return false;" style="color: #BBBBFF;"' : ''), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$profile_id' => $r[0]['id'], '$profile_name' => $r[0]['profile-name'], '$default' => (($is_default) ? '

' . t('This is your public profile.
It may be visible to anybody using the internet.') . '

' : ""), @@ -489,7 +489,7 @@ function profiles_content(&$a) { '$alt' => t('Profile Image'), '$profile_name' => $rr['profile-name'], '$visible' => (($rr['is-default']) ? '' . t('visible to everybody') . '' - : '' . t('Edit visibility') . '') + : '' . t('Edit visibility') . '') )); } } diff --git a/mod/settings.php b/mod/settings.php index 15fd0c352e..f694b5840f 100755 --- a/mod/settings.php +++ b/mod/settings.php @@ -59,7 +59,7 @@ function settings_post(&$a) { q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_user()); - goaway($a->get_baseurl()."/settings/oauth/"); + goaway($a->get_baseurl(true)."/settings/oauth/"); return; } @@ -104,7 +104,7 @@ function settings_post(&$a) { local_user()); } } - goaway($a->get_baseurl()."/settings/oauth/"); + goaway($a->get_baseurl(true)."/settings/oauth/"); return; } @@ -411,7 +411,7 @@ function settings_post(&$a) { } - goaway($a->get_baseurl() . '/settings' ); + goaway($a->get_baseurl(true) . '/settings' ); return; // NOTREACHED } @@ -435,27 +435,27 @@ function settings_content(&$a) { $tabs = array( array( 'label' => t('Account settings'), - 'url' => $a->get_baseurl().'/settings', + 'url' => $a->get_baseurl(true).'/settings', 'sel' => (($a->argc == 1)?'active':''), ), array( 'label' => t('Connector settings'), - 'url' => $a->get_baseurl().'/settings/connectors', + 'url' => $a->get_baseurl(true).'/settings/connectors', 'sel' => (($a->argc > 1) && ($a->argv[1] === 'connectors')?'active':''), ), array( 'label' => t('Plugin settings'), - 'url' => $a->get_baseurl().'/settings/addon', + 'url' => $a->get_baseurl(true).'/settings/addon', 'sel' => (($a->argc > 1) && ($a->argv[1] === 'addon')?'active':''), ), array( 'label' => t('Connections'), - 'url' => $a->get_baseurl() . '/settings/oauth', + 'url' => $a->get_baseurl(true) . '/settings/oauth', 'sel' => (($a->argc > 1) && ($a->argv[1] === 'oauth')?'active':''), ), array( 'label' => t('Export personal data'), - 'url' => $a->get_baseurl() . '/uexport', + 'url' => $a->get_baseurl(true) . '/uexport', 'sel' => '' ) ); @@ -517,7 +517,7 @@ function settings_content(&$a) { $r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d", dbesc($a->argv[3]), local_user()); - goaway($a->get_baseurl()."/settings/oauth/"); + goaway($a->get_baseurl(true)."/settings/oauth/"); return; } @@ -533,7 +533,7 @@ function settings_content(&$a) { $tpl = get_markup_template("settings_oauth.tpl"); $o .= replace_macros($tpl, array( '$form_security_token' => get_form_security_token("settings_oauth"), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$title' => t('Connected Apps'), '$add' => t('Add application'), '$edit' => t('Edit'), @@ -789,7 +789,7 @@ function settings_content(&$a) { $theme_selected = (!x($_SESSION,'theme')? $default_theme : $_SESSION['theme']); - $subdir = ((strlen($a->get_path())) ? '
' . t('or') . ' ' . $a->get_baseurl() . '/profile/' . $nickname : ''); + $subdir = ((strlen($a->get_path())) ? '
' . t('or') . ' ' . $a->get_baseurl(true) . '/profile/' . $nickname : ''); $tpl_addr = get_markup_template("settings_nick_set.tpl"); @@ -819,7 +819,7 @@ function settings_content(&$a) { '$ptitle' => t('Account Settings'), '$submit' => t('Submit'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$uid' => local_user(), '$form_security_token' => get_form_security_token("settings"), From 93a8907f435e1b6ca55fa816ffb81b47a018db03 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 14 Mar 2012 21:29:44 -0700 Subject: [PATCH 18/20] force login to ssl on SSL_POLICY_SELFSIGN --- boot.php | 18 +++++++++++------- view/login.tpl | 2 +- view/logout.tpl | 2 +- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/boot.php b/boot.php index 22a4e39be5..c4cfbe5bf8 100755 --- a/boot.php +++ b/boot.php @@ -696,6 +696,7 @@ function get_guid($size=16) { if(! function_exists('login')) { function login($register = false, $hiddens=false) { + $a = get_app(); $o = ""; $reg = false; if ($register) { @@ -715,23 +716,26 @@ function login($register = false, $hiddens=false) { } + $dest_url = $a->get_baseurl(true) . '/' . $a->query_string; $o .= replace_macros($tpl,array( - '$logout' => t('Logout'), - '$login' => t('Login'), + + '$dest_url' => $dest_url, + '$logout' => t('Logout'), + '$login' => t('Login'), '$lname' => array('username', t('Nickname or Email address: ') , '', ''), '$lpassword' => array('password', t('Password: '), '', ''), '$openid' => !$noid, - '$lopenid' => array('openid_url', t('Or login using OpenID: '),'',''), + '$lopenid' => array('openid_url', t('Or login using OpenID: '),'',''), - '$hiddens' => $hiddens, + '$hiddens' => $hiddens, - '$register' => $reg, + '$register' => $reg, - '$lostpass' => t('Forgot your password?'), - '$lostlink' => t('Password Reset'), + '$lostpass' => t('Forgot your password?'), + '$lostlink' => t('Password Reset'), )); call_hooks('login_hook',$o); diff --git a/view/login.tpl b/view/login.tpl index 5349fa3d83..4cbbb16240 100755 --- a/view/login.tpl +++ b/view/login.tpl @@ -1,5 +1,5 @@ -
+
diff --git a/view/logout.tpl b/view/logout.tpl index 6a84a5bbcf..efc971df84 100755 --- a/view/logout.tpl +++ b/view/logout.tpl @@ -1,4 +1,4 @@ - +
From b44533e9fb685bb4b38073a90003d61911e1e24e Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 14 Mar 2012 21:40:36 -0700 Subject: [PATCH 19/20] roll protocol version due to ssl_policy settings --- boot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot.php b/boot.php index c4cfbe5bf8..04f36093bf 100755 --- a/boot.php +++ b/boot.php @@ -10,7 +10,7 @@ require_once('include/cache.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica'); define ( 'FRIENDICA_VERSION', '2.3.1281' ); -define ( 'DFRN_PROTOCOL_VERSION', '2.22' ); +define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'DB_UPDATE_VERSION', 1131 ); define ( 'EOL', "
\r\n" ); From b06c5983a4dae26dd24aecd7473bad98558cd6fc Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 14 Mar 2012 21:58:54 -0700 Subject: [PATCH 20/20] don't allow multiple friends with http/https same person, don't show mail2 coming soon unless person is allowed to have email contacts --- mod/dfrn_request.php | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 4acb5c9bb5..c2d37dac7e 100755 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -77,9 +77,10 @@ function dfrn_request_post(&$a) { * Lookup the contact based on their URL (which is the only unique thing we have at the moment) */ - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `self` = 0 LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND (`url` = '%s' OR `nurl` = '%s') AND `self` = 0 LIMIT 1", intval(local_user()), - dbesc($dfrn_url) + dbesc($dfrn_url), + dbesc(normalise_link($dfrn_url)) ); if(count($r)) { @@ -668,7 +669,21 @@ function dfrn_request_content(&$a) { $page_desc .= t("Please enter your 'Identity Address' from one of the following supported communications networks:"); - $emailnet = t("Connect as an email follower \x28Coming soon\x29"); + // see if we are allowed to have NETWORK_MAIL2 contacts + + $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1); + if(get_config('system','dfrn_only')) + $mail_disabled = 1; + + if(! $mail_disabled) { + $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", + intval($a->profile['uid']) + ); + if(! count($r)) + $mail_disabled = 1; + } + + $emailnet = (($mail_disabled) ? '' : t("Connect as an email follower \x28Coming soon\x29")); $invite_desc = t('If you are not yet a member of the free social web, follow this link to find a public Friendica site and join us today.');