diff --git a/boot.php b/boot.php index 5baaa218fa..2e3480f405 100644 --- a/boot.php +++ b/boot.php @@ -298,6 +298,13 @@ function fetch_url($url,$binary = false) { curl_setopt($ch, CURLOPT_FOLLOWLOCATION,true); curl_setopt($ch, CURLOPT_MAXREDIRS,8); curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); + + // by default we will allow self-signed certs + // but you can override this + + $check_cert = get_config('system','verifyssl'); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); + $prx = get_config('system','proxy'); if(strlen($prx)) { curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); @@ -327,6 +334,8 @@ function post_url($url,$params) { curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); curl_setopt($ch, CURLOPT_POST,1); curl_setopt($ch, CURLOPT_POSTFIELDS,$params); + $check_cert = get_config('system','verifyssl'); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); $prx = get_config('system','proxy'); if(strlen($prx)) { curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); diff --git a/include/Photo.php b/include/Photo.php index 0f5003a6f7..e418cde462 100644 --- a/include/Photo.php +++ b/include/Photo.php @@ -6,12 +6,15 @@ class Photo { private $image; private $width; private $height; + private $valid; public function __construct($data) { + $this->valid = false; $this->image = @imagecreatefromstring($data); if($this->image !== FALSE) { $this->width = imagesx($this->image); $this->height = imagesy($this->image); + $this->valid = true; } } @@ -20,6 +23,10 @@ class Photo { imagedestroy($this->image); } + public function is_valid() { + return $this->valid; + } + public function getWidth() { return $this->width; } diff --git a/include/items.php b/include/items.php index ac4e694beb..799af48ac1 100644 --- a/include/items.php +++ b/include/items.php @@ -633,7 +633,7 @@ function consume_feed($xml,$importer,$contact, &$hub) { $resource_id = $r[0]['resource-id']; $img_str = fetch_url($photo_url,true); $img = new Photo($img_str); - if($img) { + if($img->is_valid()) { q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND contact-id` = %d AND `uid` = %d", dbesc($resource_id), intval($contact['id']), diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 5808b6fecc..43e28aef8b 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -26,7 +26,7 @@ function dfrn_confirm_post(&$a) { if(! count($r)) { xml_status(3); // failure - return; // NOTREACHED + // NOTREACHED } $my_prvkey = $r[0]['prvkey']; @@ -73,7 +73,7 @@ function dfrn_confirm_post(&$a) { ); if(count($r)) { xml_status(1); // Birthday paradox - duplicate dfrn-id - return; // NOTREACHED + // NOTREACHED } $r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1", @@ -96,7 +96,7 @@ function dfrn_confirm_post(&$a) { $filename = basename($r[0]['photo']); $img_str = fetch_url($r[0]['photo'],true); $img = new Photo($img_str); - if($img) { + if($img->is_valid()) { $img->scaleImageSquare(175); @@ -164,7 +164,7 @@ function dfrn_confirm_post(&$a) { ); if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) { - $tpl = (($new_relation == $REL_BUD) + $tpl = (($new_relation == REL_BUD) ? load_view_file('view/friend_complete_eml.tpl') : load_view_file('view/intro_complete_eml.tpl')); @@ -185,7 +185,7 @@ function dfrn_confirm_post(&$a) { } } xml_status(0); // Success - return; // NOTREACHED + // NOTREACHED } else { xml_status(2); // Hopefully temporary problem that can be retried. @@ -201,7 +201,7 @@ function dfrn_confirm_post(&$a) { $uid = get_uid(); if(! $uid) { - notice( t("Permission denied.") . EOL ); + notice( t('Permission denied.') . EOL ); return; } @@ -329,7 +329,7 @@ function dfrn_confirm_post(&$a) { $filename = basename($r[0]['photo']); $img_str = fetch_url($r[0]['photo'],true); $img = new Photo($img_str); - if($img) { + if($img->is_valid()) { $img->scaleImageSquare(175); diff --git a/mod/photos.php b/mod/photos.php index 345a22d504..052f3c1857 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -287,7 +287,7 @@ function photos_post(&$a) { $imagedata = @file_get_contents($src); $ph = new Photo($imagedata); - if(! ($image = $ph->getImage())) { + if(! $ph->is_valid()) { notice( t('Unable to process image.') . EOL ); @unlink($src); killme(); diff --git a/mod/profile_photo.php b/mod/profile_photo.php index bc2e5b4eaa..07df671da4 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -53,39 +53,42 @@ function profile_photo_post(&$a) { $base_image = $r[0]; $im = new Photo($base_image['data']); - $im->cropImage(175,$srcX,$srcY,$srcW,$srcH); + if($im->is_valid()) { + $im->cropImage(175,$srcX,$srcY,$srcW,$srcH); - $r = $im->store(get_uid(), 0, $base_image['resource-id'],$base_image['filename'], t('Profile Photos'), 4, 1); + $r = $im->store(get_uid(), 0, $base_image['resource-id'],$base_image['filename'], t('Profile Photos'), 4, 1); - if($r === false) - notice ( t('Image size reduction [175] failed.') . EOL ); + if($r === false) + notice ( t('Image size reduction [175] failed.') . EOL ); - $im->scaleImage(80); + $im->scaleImage(80); - $r = $im->store(get_uid(), 0, $base_image['resource-id'],$base_image['filename'], t('Profile Photos'), 5, 1); + $r = $im->store(get_uid(), 0, $base_image['resource-id'],$base_image['filename'], t('Profile Photos'), 5, 1); - if($r === false) - notice( t('Image size reduction [80] failed.') . EOL ); + if($r === false) + notice( t('Image size reduction [80] failed.') . EOL ); - // Unset the profile photo flag from any other photos I own + // Unset the profile photo flag from any other photos I own - $r = q("UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d", - dbesc($base_image['resource-id']), - intval(get_uid()) - ); + $r = q("UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d", + dbesc($base_image['resource-id']), + intval(get_uid()) + ); - $r = q("UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d LIMIT 1", - dbesc(datetime_convert()), - intval(get_uid()) - ); - - // Update global directory in background - $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php'); - $url = $_SESSION['my_url']; - if($url && strlen(get_config('system','directory_submit_url'))) - proc_close(proc_open("\"$php_path\" \"include/directory.php\" \"$url\" &", - array(),$foo)); + $r = q("UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d LIMIT 1", + dbesc(datetime_convert()), + intval(get_uid()) + ); + // Update global directory in background + $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php'); + $url = $_SESSION['my_url']; + if($url && strlen(get_config('system','directory_submit_url'))) + proc_close(proc_open("\"$php_path\" \"include/directory.php\" \"$url\" &", + array(),$foo)); + } + else + notice( t('Unable to process image') . EOL); } goaway($a->get_baseurl() . '/profiles'); return; // NOTREACHED @@ -98,7 +101,7 @@ function profile_photo_post(&$a) { $imagedata = @file_get_contents($src); $ph = new Photo($imagedata); - if(! ($image = $ph->getImage())) { + if(! $ph->is_valid()) { notice( t('Unable to process image.') . EOL ); @unlink($src); return; diff --git a/mod/wall_upload.php b/mod/wall_upload.php index 257235d62d..9875a01ade 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -4,10 +4,10 @@ require_once('Photo.php'); function wall_upload_post(&$a) { - if(! local_user()) { - echo ( t('Permission denied.') . EOL ); - killme(); - } + if(! local_user()) { + echo ( t('Permission denied.') . EOL ); + killme(); + } if(! x($_FILES,'userfile')) killme(); @@ -19,7 +19,7 @@ function wall_upload_post(&$a) { $imagedata = @file_get_contents($src); $ph = new Photo($imagedata); - if(! ($image = $ph->getImage())) { + if(! $ph->is_valid()) { echo ( t('Unable to process image.') . EOL); @unlink($src); killme();