diff --git a/INSTALL.txt b/INSTALL.txt index 577f3f354c..70e4f24efd 100644 --- a/INSTALL.txt +++ b/INSTALL.txt @@ -17,7 +17,7 @@ hosting provider prior to installation. - Apache with mod-rewrite enabled and "Options All" so you can use a local .htaccess file - - PHP > 5.1. The later the better. You'll need 5.3 for encryption of key + - PHP 5.2+. The later the better. You'll need 5.3 for encryption of key exchange conversations encryption support - PHP *command line* access with register_argc_argv set to true in the @@ -67,6 +67,12 @@ database was not installed correctly. You might wish to move/rename .htconfig.php to another name and empty (called 'dropping') the database tables, so that you can start fresh. +**************************************************************************** +**************************************************************************** +******** THIS NEXT STEP IS IMPORTANT!!!! *********** +**************************************************************************** +**************************************************************************** + 7. Set up a cron job or scheduled task to run the poller once every 5-10 minutes to pick up the recent "public" postings of your friends. Example: diff --git a/boot.php b/boot.php index 9715f9cfdb..85e1598831 100644 --- a/boot.php +++ b/boot.php @@ -2,8 +2,8 @@ set_time_limit(0); -define ( 'BUILD_ID', 1031 ); -define ( 'FRIENDIKA_VERSION', '2.01.1000' ); +define ( 'BUILD_ID', 1032 ); +define ( 'FRIENDIKA_VERSION', '2.01.1003' ); define ( 'DFRN_PROTOCOL_VERSION', '2.0' ); define ( 'EOL', "
\r\n" ); @@ -910,7 +910,6 @@ function xmlify($str) { case "'" : $buffer .= '''; break; - case "\"" : $buffer .= '"'; break; @@ -946,6 +945,11 @@ function unxmlify($s) { if(! function_exists('hex2bin')) { function hex2bin($s) { + if(! ctype_xdigit($s)) { + logger('hex2bin: illegal input: ' . print_r(debug_backtrace(), true)); + return($s); + } + return(pack("H*",$s)); }} @@ -2164,11 +2168,12 @@ function get_birthdays() { foreach($r as $rr) { $now = strtotime('now'); - $today = (((strtotime($rr['start']) < $now) && (strtotime($rr['finish']) > $now)) ? true : false); + $today = (((strtotime($rr['start'] . ' +00:00') < $now) && (strtotime($rr['finish'] . ' +00:00') > $now)) ? true : false); $o .= '
' . $rr['name'] . ' ' - . day_translate(datetime_convert('UTC', $a->timezone, $rr['start'], $bd_format)) . (($today) ? ' ' . t('[today]') : '') ; + . day_translate(datetime_convert('UTC', $a->timezone, $rr['start'], $bd_format)) . (($today) ? ' ' . t('[today]') : '') + . '
' ; } $o .= ''; diff --git a/include/html2bbcode.php b/include/html2bbcode.php index 688c014526..65cbcec41f 100644 --- a/include/html2bbcode.php +++ b/include/html2bbcode.php @@ -11,6 +11,9 @@ function html2bbcode($s) { $htmltags = array( '/\n/is', + '/\(.*?)\<\/pre\>/is', + '/\/is', + '/\<\/p\>/is', '/\(.*?)\<\/b\>/is', '/\(.*?)\<\/i\>/is', '/\(.*?)\<\/u\>/is', @@ -33,6 +36,9 @@ function html2bbcode($s) { $bbtags = array( '', + '[code]$1[/code]', + '', + "\n", '[b]$1[/b]', '[i]$1[/i]', '[u]$1[/u]', diff --git a/include/items.php b/include/items.php index 1a5ca5a1fa..1fdbc6fc20 100644 --- a/include/items.php +++ b/include/items.php @@ -35,6 +35,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) else killme(); + /** * * Determine the next birthday, but only if the birthday is published @@ -380,7 +381,7 @@ function get_atom_elements($feed,$item) { // It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust // the content type. Our own network only emits text normally, though it might have been converted to - // html if we used a pubsubhubbub transport. But if we see even one html open tag in our text, we will + // html if we used a pubsubhubbub transport. But if we see even one html tag in our text, we will // have to assume it is all html and needs to be purified. // It doesn't matter all that much security wise - because before this content is used anywhere, we are @@ -389,7 +390,7 @@ function get_atom_elements($feed,$item) { // html. - if(strpos($res['body'],'<')) { + if((strpos($res['body'],'<')) || (strpos($res['body'],'>'))) { $res['body'] = preg_replace('#]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?#s', '[youtube]$1[/youtube]', $res['body']); @@ -403,11 +404,12 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $res['body'] = $purifier->purify($res['body']); + + $res['body'] = html2bbcode($res['body']); } - + else + $res['body'] = escape_tags($res['body']); - $res['body'] = html2bbcode($res['body']); - $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) @@ -495,7 +497,7 @@ function get_atom_elements($feed,$item) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events $res['object'] .= '' . xmlify($body) . '' . "\n"; - if(strpos($body,'<')) { + if((strpos($body,'<')) || (strpos($body,'>'))) { $body = preg_replace('#]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?#s', '[youtube]$1[/youtube]', $body); @@ -505,9 +507,11 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $body = $purifier->purify($body); + $body = html2bbcode($body); } + else + $body = escape_tags($body); - $body = html2bbcode($body); $res['object'] .= '' . $body . '' . "\n"; } @@ -534,7 +538,7 @@ function get_atom_elements($feed,$item) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events $res['object'] .= '' . xmlify($body) . '' . "\n"; - if(strpos($body,'<')) { + if((strpos($body,'<')) || (strpos($body,'>'))) { $body = preg_replace('#]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?#s', '[youtube]$1[/youtube]', $body); @@ -544,9 +548,11 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $body = $purifier->purify($body); + $body = html2bbcode($body); } + else + $body = escape_tags($body); - $body = html2bbcode($body); $res['target'] .= '' . $body . '' . "\n"; } @@ -571,7 +577,7 @@ function encode_rel_links($links) { if($link['attribs']['']['type']) $o .= 'type="' . $link['attribs']['']['type'] . '" '; if($link['attribs']['']['href']) - $o .= 'type="' . $link['attribs']['']['href'] . '" '; + $o .= 'href="' . $link['attribs']['']['href'] . '" '; if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['width']) $o .= 'media:width="' . $link['attribs'][NAMESPACE_MEDIA]['width'] . '" '; if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['height']) @@ -782,8 +788,8 @@ function dfrn_deliver($owner,$contact,$atom) { return (($res->status) ? $res->status : 3); $postvars = array(); - $sent_dfrn_id = hex2bin($res->dfrn_id); - $challenge = hex2bin($res->challenge); + $sent_dfrn_id = hex2bin((string) $res->dfrn_id); + $challenge = hex2bin((string) $res->challenge); $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); $final_dfrn_id = ''; diff --git a/include/notifier.php b/include/notifier.php index 7791b9bd4b..39640e51a3 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -181,7 +181,7 @@ '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', $updated . '+00:00' , ATOM_TIME)) , '$hub' => $hubxml, - '$salmon' => '', // private feed, we don't use salmon here + '$salmon' => '', // private feed, we don't use salmon here '$name' => xmlify($owner['name']), '$profile_page' => xmlify($owner['url']), '$photo' => xmlify($owner['photo']), @@ -207,7 +207,6 @@ )); } else { - if($followup) { foreach($items as $item) { // there is only one item if($item['id'] == $item_id) { @@ -224,7 +223,13 @@ continue; $atom .= atom_entry($item,'text',$contact,$owner,true); - $slaps[] = atom_entry($item,'html',$contact,$owner,true); + + // There's a problem here - we *were* going to use salmon to provide semi-authenticated + // communication to OStatus, but unless we're the item author they won't verify. + // commented out for now, though we'll still send local replies (and any mentions + // that they contain) upstream. Rethinking the problem space. + +// $slaps[] = atom_entry($item,'html',$contact,$owner,true); } } } @@ -232,7 +237,7 @@ logger('notifier: ' . $atom, LOGGER_DATA); - logger('notifier: slaps: ' . print_r($slaps,true), LOGGER_DATA); +// logger('notifier: slaps: ' . print_r($slaps,true), LOGGER_DATA); if($followup) $recip_str = $parent['contact-id']; @@ -324,14 +329,12 @@ // send additional slaps to mentioned remote tags (@foo@example.com) - if(count($slaps) && count($url_recipients) && $notify_hub) { + if($slap && count($url_recipients) && $followup && $notify_hub) { foreach($url_recipients as $url) { - logger('notifier: urldelivery: ' . $url); - foreach($slaps as $slappy) { - if($url) { - $deliver_status = slapper($owner,$url,$slappy); - // TODO: redeliver/queue these items on failure, though there is no contact record - } + if($url) { + logger('notifier: urldelivery: ' . $url); + $deliver_status = slapper($owner,$url,$slap); + // TODO: redeliver/queue these items on failure, though there is no contact record } } } diff --git a/include/poller.php b/include/poller.php index 28e421f5fe..fc45ff9c3e 100644 --- a/include/poller.php +++ b/include/poller.php @@ -186,8 +186,8 @@ $postvars = array(); - $sent_dfrn_id = hex2bin($res->dfrn_id); - $challenge = hex2bin($res->challenge); + $sent_dfrn_id = hex2bin((string) $res->dfrn_id); + $challenge = hex2bin((string) $res->challenge); $final_dfrn_id = ''; diff --git a/mod/message.php b/mod/message.php index 251b5a4149..9cc2e2826c 100644 --- a/mod/message.php +++ b/mod/message.php @@ -270,7 +270,7 @@ function message_content(&$a) { '$sparkle' => $sparkle, '$from_photo' => $message['from-photo'], '$subject' => $message['title'], - '$body' => bbcode($message['body']), + '$body' => smilies(bbcode($message['body'])), '$delete' => t('Delete message'), '$to_name' => $message['name'], '$date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A') diff --git a/mod/network.php b/mod/network.php index 08607fa18e..5073b8a61d 100644 --- a/mod/network.php +++ b/mod/network.php @@ -115,6 +115,10 @@ function network_content(&$a, $update = 0) { $o = '

' . t('Group: ') . $r[0]['name'] . '

' . $o; } + if((! $group) && (! $update)) + $o .= get_birthdays(); + + $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 diff --git a/mod/profile.php b/mod/profile.php index 9b8388177d..bcd2b64e36 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -230,7 +230,7 @@ function profile_content(&$a, $update = 0) { if($is_owner && ! $update) - $o .= get_birthdays(); + $o .= get_birthdays(); $cmnt_tpl = load_view_file('view/comment_item.tpl'); diff --git a/mod/salmon.php b/mod/salmon.php index 2ae6aa6287..8c7d921c86 100644 --- a/mod/salmon.php +++ b/mod/salmon.php @@ -199,7 +199,12 @@ function salmon_post(&$a) { $hub = ''; - // consume_feed will only accept a follow activity from this person if there is no contact record. + /** + * + * anti-spam measure: consume_feed will accept a follow activity from + * this person (and nothing else) if there is no existing contact record. + * + */ $contact_rec = ((count($r)) ? $r[0] : null); diff --git a/update.php b/update.php index ae0e35531d..7aacffb40b 100644 --- a/update.php +++ b/update.php @@ -302,3 +302,18 @@ function update_1030() { } +function update_1031() { + // Repair any bad links that slipped into the item table + $r = q("SELECT `id`, `object` FROM `item` WHERE `object` != '' "); + if($r && count($r)) { + foreach($r as $rr) { + if(strstr($rr['object'],'type="http')) { + q("UPDATE `item` SET `object` = '%s' WHERE `id` = %d LIMIT 1", + dbesc(str_replace('type="http','href="http',$rr['object'])), + intval($rr['id']) + ); + } + } + } +} + diff --git a/view/en/profile_advanced.php b/view/en/profile_advanced.php index 82c66adece..9aee6c2627 100644 --- a/view/en/profile_advanced.php +++ b/view/en/profile_advanced.php @@ -39,8 +39,8 @@ EOT; $o .= '
' . ((intval($a->profile['dob'])) - ? datetime_convert('UTC',date_default_timezone_get(),$a->profile['dob'],'j F, Y') - : datetime_convert('UTC',date_default_timezone_get(),'2001-' . substr($a->profile['dob'],6),'j F')) + ? day_translate(datetime_convert('UTC',date_default_timezone_get(),$a->profile['dob'],'j F, Y')) + : day_translate(datetime_convert('UTC',date_default_timezone_get(),'2001-' . substr($a->profile['dob'],6),'j F'))) . "
\r\n"; $o .= '
'; diff --git a/view/it/profile_advanced.php b/view/it/profile_advanced.php index 50bb0dd281..899fd56b25 100644 --- a/view/it/profile_advanced.php +++ b/view/it/profile_advanced.php @@ -39,8 +39,8 @@ EOT; $o .= '
' . ((intval($a->profile['dob'])) - ? datetime_convert('UTC',date_default_timezone_get(),$a->profile['dob'],'j F, Y') - : datetime_convert('UTC',date_default_timezone_get(),'2001-' . substr($a->profile['dob'],6),'j F')) + ? day_translate(datetime_convert('UTC',date_default_timezone_get(),$a->profile['dob'],'j F, Y')) + : day_translate(datetime_convert('UTC',date_default_timezone_get(),'2001-' . substr($a->profile['dob'],6),'j F'))) . "
\r\n"; $o .= '
'; diff --git a/view/theme/default/style.css b/view/theme/default/style.css index fd14c6bddd..d9e93bbe64 100644 --- a/view/theme/default/style.css +++ b/view/theme/default/style.css @@ -1979,5 +1979,5 @@ a.mail-list-link { } #birthday-wrapper { - margin-bottom: 15px; + margin-bottom: 20px; } diff --git a/view/theme/duepuntozero/shiny.jpg b/view/theme/duepuntozero/shiny.jpg deleted file mode 100644 index 17c9788169..0000000000 Binary files a/view/theme/duepuntozero/shiny.jpg and /dev/null differ diff --git a/view/theme/duepuntozero/shiny.png b/view/theme/duepuntozero/shiny.png new file mode 100644 index 0000000000..994c0d05d7 Binary files /dev/null and b/view/theme/duepuntozero/shiny.png differ diff --git a/view/theme/duepuntozero/style.css b/view/theme/duepuntozero/style.css index 37670df01e..b2bdb6e87d 100644 --- a/view/theme/duepuntozero/style.css +++ b/view/theme/duepuntozero/style.css @@ -3,23 +3,10 @@ * Fabio Comuni */ -@font-face { - font-family: FreeSans; - font-style: normal; - font-weight: bold; - src: local('FreeSansBold'), url('FreeSansBold.otf'); -} -@font-face { - font-family: FreeSans; - font-style: normal; - font-weight: normal; - src: local('FreeSans'), url('FreeSans.otf'); -} - /* generals */ body { - font-family: /*FreeSans,*/ helvetica,arial,clean,sans-serif; + font-family: helvetica,arial,freesans,clean,sans-serif; font-size: 12px; background-color: #ffffff; background-image: url(head.jpg); @@ -209,10 +196,10 @@ footer { } -.shiny { - background-image: url(shiny.jpg); - background-repeat: repeat-x; - background-position: left bottom; +div.wall-item-content-wrapper.shiny { + background-image: url('shiny.png'); + background-position: -5px 30px; + background-repeat:no-repeat; } /* from defautlt */ @@ -801,7 +788,7 @@ input#dfrn-url { .wall-item-content-wrapper.comment { margin-left: 50px; - background: #CCCCCC; + background: #EEEEEE; } .wall-item-photo-wrapper { @@ -879,7 +866,7 @@ input#dfrn-url { .comment-edit-wrapper { margin-top: 15px; - background: #CCCCCC; + background: #f3f3f3; margin-left: 50px; } @@ -1876,5 +1863,5 @@ a.mail-list-link { } #birthday-wrapper { - margin-bottom: 15px; + margin-bottom: 20px; }