friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Merge branch 'master', remote-tracking branch 'remotes/upstream/master' 

* remotes/upstream/master:
  slackr - tone down the shadows a smidgin
  add plugin hooks to gender, sexpref, and marital selectors
  birthday in november,december bug
  rework the way private photos are embedded to avoid url differences and also check the permissions if possible to make sure that nothing sneaks by.
  handle multiple underscores in D* links

* master:
This commit is contained in:
Simon L'nu 2012-05-28 16:49:12 -04:00
parent 24f5e6b3f3 6962989e52
commit 91c1a2943b
11 changed files with 168 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
boot.php
View File

@ -9,7 +9,7 @@ require_once('include/nav.php');
require_once('include/cache.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica');
define ( 'FRIENDICA_VERSION', '3.0.1355' );
define ( 'FRIENDICA_VERSION', '3.0.1356' );
define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
define ( 'DB_UPDATE_VERSION', 1144 );

2
include/auth.php
View File

@ -53,6 +53,8 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
$check = get_config('system','paranoia');
// extra paranoia - if the IP changed, log them out
if($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) {
logger('Session address changed. Paranoid setting in effect, blocking session. '
. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
nuke_session();
goaway(z_root());
}

7
include/bb2diaspora.php
View File

@ -221,13 +221,18 @@ function bb2diaspora($Text,$preserve_nl = false) {
$Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text);
$Text = preg_replace('/\[(.*?)\]\((.*?)\\\\_(.*?)\)/ism','[$1]($2_$3)',$Text);
$Text = preg_replace_callback('/\[(.*?)\]\((.*?)\)/ism','unescape_underscores_in_links',$Text);
call_hooks('bb2diaspora',$Text);
return $Text;
}
function unescape_underscores_in_links($m) {
$y = str_replace('\\_','_', $m[2]);
return('[' . $m[1] . '](' . $y . ')');
}
function format_event_diaspora($ev) {
$a = get_app();

2
include/delivery.php
View File

@ -288,7 +288,7 @@ function delivery_run($argv, $argc){
if($normal_mode) {
if($item_id == $item['id'] || $item['id'] == $item['parent'])
$atom .= atom_entry($item,'text',null,$owner,true);
$atom .= atom_entry($item,'text',null,$owner,true,(($top_level) ? $contact['id'] : 0));
}
else
$atom .= atom_entry($item,'text',null,$owner,true);

88
include/items.php
View File

@ -2832,7 +2832,7 @@ function atom_author($tag,$name,$uri,$h,$w,$photo) {
return $o;
}
function atom_entry($item,$type,$author,$owner,$comment = false) {
function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) {
$a = get_app();
@ -2844,7 +2844,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false) {
if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid'])
$body = fix_private_photos($item['body'],$owner['uid']);
$body = fix_private_photos($item['body'],$owner['uid'],$item,$cid);
else
$body = $item['body'];
@ -2927,14 +2927,17 @@ function atom_entry($item,$type,$author,$owner,$comment = false) {
return $o;
}
function fix_private_photos($s,$uid) {
function fix_private_photos($s,$uid, $item = null, $cid = 0) {
$a = get_app();
logger('fix_private_photos');
logger('fix_private_photos', LOGGER_DEBUG);
$site = substr($a->get_baseurl(),strpos($a->get_baseurl,'://'));
if(preg_match("/\[img\](.*?)\[\/img\]/is",$s,$matches)) {
$image = $matches[1];
logger('fix_private_photos: found photo ' . $image);
if(stristr($image ,$a->get_baseurl() . '/photo/')) {
logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG);
if(stristr($image , $site . '/photo/')) {
$replace = false;
$i = basename($image);
$i = str_replace('.jpg','',$i);
$x = strpos($i,'-');
@ -2947,8 +2950,39 @@ function fix_private_photos($s,$uid) {
intval($uid)
);
if(count($r)) {
logger('replacing photo');
$s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s);
// Check to see if we should replace this photo link with an embedded image
// 1. No need to do so if the photo is public
// 2. If there's a contact-id provided, see if they're in the access list
// for the photo. If so, embed it.
// 3. Otherwise, if we have an item, see if the item permissions match the photo
// permissions, regardless of order but first check to see if they're an exact
// match to save some processing overhead.
// Currently we only embed one private photo per message so as not to hit import
// size limits at the receiving end.
// To embed multiples, we would need to parse out the embedded photos on message
// receipt and limit size based only on the text component. Would also need to
// ignore all photos during bbcode translation and item localisation, as these
// will hit internal regex backtrace limits.
if(has_permissions($r[0])) {
if($cid) {
$recips = enumerate_permissions($r[0]);
if(in_array($cid, $recips)) {
$replace = true;
}
}
elseif($item) {
if(compare_permissions($item,$r[0]))
$replace = true;
}
}
if($replace) {
logger('replacing photo');
$s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s);
}
}
}
logger('fix_private_photos: replaced: ' . $s, LOGGER_DATA);
@ -2958,6 +2992,44 @@ function fix_private_photos($s,$uid) {
}
function has_permissions($obj) {
if(($obj['allow_cid'] != '') || ($obj['allow_gid'] != '') || ($obj['deny_cid'] != '') || ($obj['deny_gid'] != ''))
return true;
return false;
}
function compare_permissions($obj1,$obj2) {
// first part is easy. Check that these are exactly the same.
if(($obj1['allow_cid'] == $obj2['allow_cid'])
&& ($obj1['allow_gid'] == $obj2['allow_gid'])
&& ($obj1['deny_cid'] == $obj2['deny_cid'])
&& ($obj1['deny_gid'] == $obj2['deny_gid']))
return true;
// This is harder. Parse all the permissions and compare the resulting set.
$recipients1 = enumerate_permissions($obj1);
$recipients2 = enumerate_permissions($obj2);
sort($recipients1);
sort($recipients2);
if($recipients1 == $recipients2)
return true;
return false;
}
// returns an array of contact-ids that are allowed to see this object
function enumerate_permissions($obj) {
require_once('include/group.php');
$allow_people = expand_acl($obj['allow_cid']);
$allow_groups = expand_groups(expand_acl($obj['allow_gid']));
$deny_people = expand_acl($obj['deny_cid']);
$deny_groups = expand_groups(expand_acl($obj['deny_gid']));
$recipients = array_unique(array_merge($allow_people,$allow_groups));
$deny = array_unique(array_merge($deny_people,$deny_groups));
$recipients = array_diff($recipients,$deny);
return $recipients;
}
function item_getfeedtags($item) {
$ret = array();

2
include/notifier.php
View File

@ -345,7 +345,7 @@ function notifier_run($argv, $argc){
if($mail) {
$public_message = false; // mail is not public
$body = fix_private_photos($item['body'],$owner['uid']);
$body = fix_private_photos($item['body'],$owner['uid'],null,$message[0]['contact-id']);
$atom .= replace_macros($mail_template, array(
'$name' => xmlify($owner['name']),

4
include/profile_advanced.php
View File

@ -25,8 +25,8 @@ function advanced_profile(&$a) {
$val = ((intval($a->profile['dob']))
? day_translate(datetime_convert('UTC','UTC',$a->profile['dob'] . ' 00:00 +00:00',$year_bd_format))
: day_translate(datetime_convert('UTC','UTC','2001-' . substr($a->profile['dob'],6) . ' 00:00 +00:00',$short_bd_format)));
: day_translate(datetime_convert('UTC','UTC','2001-' . substr($a->profile['dob'],5) . ' 00:00 +00:00',$short_bd_format)));
$profile['birthday'] = array( t('Birthday:'), $val);
}

7
include/profile_selectors.php
View File

@ -5,6 +5,8 @@ function gender_selector($current="",$suffix="") {
$o = '';
$select = array('', t('Male'), t('Female'), t('Currently Male'), t('Currently Female'), t('Mostly Male'), t('Mostly Female'), t('Transgender'), t('Intersex'), t('Transsexual'), t('Hermaphrodite'), t('Neuter'), t('Non-specific'), t('Other'), t('Undecided'));
call_hooks('gender_selector', $select);
$o .= "<select name=\"gender$suffix\" id=\"gender-select$suffix\" size=\"1\" >";
foreach($select as $selection) {
if($selection !== 'NOTRANSLATION') {
@ -20,6 +22,9 @@ function sexpref_selector($current="",$suffix="") {
$o = '';
$select = array('', t('Males'), t('Females'), t('Gay'), t('Lesbian'), t('No Preference'), t('Bisexual'), t('Autosexual'), t('Abstinent'), t('Virgin'), t('Deviant'), t('Fetish'), t('Oodles'), t('Nonsexual'));
call_hooks('sexpref_selector', $select);
$o .= "<select name=\"sexual$suffix\" id=\"sexual-select$suffix\" size=\"1\" >";
foreach($select as $selection) {
if($selection !== 'NOTRANSLATION') {
@ -36,6 +41,8 @@ function marital_selector($current="",$suffix="") {
$o = '';
$select = array('', t('Single'), t('Lonely'), t('Available'), t('Unavailable'), t('Has crush'), t('Infatuated'), t('Dating'), t('Unfaithful'), t('Sex Addict'), t('Friends'), t('Friends/Benefits'), t('Casual'), t('Engaged'), t('Married'), t('Imaginarily married'), t('Partners'), t('Cohabiting'), t('Common law'), t('Happy'), t('Not looking'), t('Swinger'), t('Betrayed'), t('Separated'), t('Unstable'), t('Divorced'), t('Imaginarily divorced'), t('Widowed'), t('Uncertain'), t('It\'s complicated'), t('Don\'t care'), t('Ask me') );
call_hooks('marital_selector', $select);
$o .= "<select name=\"marital\" id=\"marital-select\" size=\"1\" >";
foreach($select as $selection) {
if($selection !== 'NOTRANSLATION') {

1
mod/settings.php
View File

@ -15,6 +15,7 @@ function get_theme_config_file($theme){
}
function settings_init(&$a) {
// These lines provide the javascript needed by the acl selector
$a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "';" ;

116
util/messages.po
View File

@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: 3.0.1355\n"
"Project-Id-Version: 3.0.1356\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2012-05-26 10:00-0700\n"
"POT-Creation-Date: 2012-05-27 10:00-0700\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -221,7 +221,7 @@ msgid "link to source"
msgstr ""
#: ../../mod/events.php:324 ../../view/theme/diabook/theme.php:126
#: ../../include/nav.php:52 ../../boot.php:1523
#: ../../include/nav.php:52 ../../boot.php:1520
msgid "Events"
msgstr ""
@ -271,7 +271,7 @@ msgid "Description:"
msgstr ""
#: ../../mod/events.php:423 ../../include/event.php:37
#: ../../include/bb2diaspora.php:260 ../../boot.php:1103
#: ../../include/bb2diaspora.php:265 ../../boot.php:1100
msgid "Location:"
msgstr ""
@ -346,7 +346,7 @@ msgstr ""
msgid "No"
msgstr ""
#: ../../mod/photos.php:43 ../../boot.php:1517
#: ../../mod/photos.php:43 ../../boot.php:1514
msgid "Photo Albums"
msgstr ""
@ -551,7 +551,7 @@ msgstr ""
#: ../../mod/photos.php:1295 ../../mod/photos.php:1335
#: ../../mod/photos.php:1366 ../../include/conversation.php:558
#: ../../boot.php:517
#: ../../boot.php:514
msgid "Comment"
msgstr ""
@ -1135,7 +1135,7 @@ msgid ""
msgstr ""
#: ../../mod/localtime.php:12 ../../include/event.php:11
#: ../../include/bb2diaspora.php:238
#: ../../include/bb2diaspora.php:243
msgid "l F d, Y \\@ g:i A"
msgstr ""
@ -1181,7 +1181,7 @@ msgid "is interested in:"
msgstr ""
#: ../../mod/match.php:58 ../../mod/suggest.php:59
#: ../../include/contact_widgets.php:9 ../../boot.php:1047
#: ../../include/contact_widgets.php:9 ../../boot.php:1044
msgid "Connect"
msgstr ""
@ -1708,7 +1708,7 @@ msgstr ""
#: ../../addon/facebook/facebook.php:1178
#: ../../addon/public_server/public_server.php:62
#: ../../addon/testdrive/testdrive.php:67 ../../include/items.php:2738
#: ../../boot.php:697
#: ../../boot.php:694
msgid "Administrator"
msgstr ""
@ -1718,7 +1718,7 @@ msgid ""
"Password reset failed."
msgstr ""
#: ../../mod/lostpass.php:83 ../../boot.php:829
#: ../../mod/lostpass.php:83 ../../boot.php:826
msgid "Password Reset"
msgstr ""
@ -2384,7 +2384,7 @@ msgstr ""
msgid "Invalid contact."
msgstr ""
#: ../../mod/notes.php:44 ../../boot.php:1529
#: ../../mod/notes.php:44 ../../boot.php:1526
msgid "Personal Notes"
msgstr ""
@ -2635,7 +2635,7 @@ msgstr ""
#: ../../mod/profperm.php:103 ../../view/theme/diabook/theme.php:123
#: ../../include/profile_advanced.php:7 ../../include/profile_advanced.php:74
#: ../../include/nav.php:50 ../../boot.php:1508
#: ../../include/nav.php:50 ../../boot.php:1505
msgid "Profile"
msgstr ""
@ -2807,7 +2807,7 @@ msgstr ""
msgid "Choose a nickname: "
msgstr ""
#: ../../mod/register.php:546 ../../include/nav.php:81 ../../boot.php:795
#: ../../mod/register.php:546 ../../include/nav.php:81 ../../boot.php:792
msgid "Register"
msgstr ""
@ -2850,7 +2850,7 @@ msgid "Access denied."
msgstr ""
#: ../../mod/fbrowser.php:23 ../../view/theme/diabook/theme.php:125
#: ../../include/nav.php:51 ../../boot.php:1514
#: ../../include/nav.php:51 ../../boot.php:1511
msgid "Photos"
msgstr ""
@ -3633,7 +3633,7 @@ msgstr ""
msgid "FTP Password"
msgstr ""
#: ../../mod/profile.php:21 ../../boot.php:960
#: ../../mod/profile.php:21 ../../boot.php:957
msgid "Requested profile is not available."
msgstr ""
@ -3703,8 +3703,8 @@ msgid ""
"Account not found and OpenID registration is not permitted on this site."
msgstr ""
#: ../../mod/openid.php:93 ../../include/auth.php:97
#: ../../include/auth.php:160
#: ../../mod/openid.php:93 ../../include/auth.php:99
#: ../../include/auth.php:162
msgid "Login failed."
msgstr ""
@ -4051,23 +4051,23 @@ msgstr ""
msgid "Edit/Manage Profiles"
msgstr ""
#: ../../mod/profiles.php:630 ../../boot.php:1069
#: ../../mod/profiles.php:630 ../../boot.php:1066
msgid "Change profile photo"
msgstr ""
#: ../../mod/profiles.php:631 ../../boot.php:1070
#: ../../mod/profiles.php:631 ../../boot.php:1067
msgid "Create New Profile"
msgstr ""
#: ../../mod/profiles.php:642 ../../boot.php:1080
#: ../../mod/profiles.php:642 ../../boot.php:1077
msgid "Profile Image"
msgstr ""
#: ../../mod/profiles.php:644 ../../boot.php:1083
#: ../../mod/profiles.php:644 ../../boot.php:1080
msgid "visible to everybody"
msgstr ""
#: ../../mod/profiles.php:645 ../../boot.php:1084
#: ../../mod/profiles.php:645 ../../boot.php:1081
msgid "Edit visibility"
msgstr ""
@ -4675,7 +4675,7 @@ msgstr ""
#: ../../addon/page/page.php:63 ../../addon/showmore/showmore.php:87
#: ../../include/contact_widgets.php:188 ../../include/conversation.php:470
#: ../../boot.php:518
#: ../../boot.php:515
msgid "show more"
msgstr ""
@ -4691,7 +4691,7 @@ msgstr ""
#: ../../addon/communityhome/communityhome.php:34
#: ../../addon/communityhome/twillingham/communityhome.php:28
#: ../../addon/communityhome/twillingham/communityhome.php:34
#: ../../include/nav.php:64 ../../boot.php:816
#: ../../include/nav.php:64 ../../boot.php:813
msgid "Login"
msgstr ""
@ -5868,7 +5868,7 @@ msgstr ""
msgid "Set colour scheme"
msgstr ""
#: ../../include/profile_advanced.php:17 ../../boot.php:1105
#: ../../include/profile_advanced.php:17 ../../boot.php:1102
msgid "Gender:"
msgstr ""
@ -5889,11 +5889,11 @@ msgstr ""
msgid "Age:"
msgstr ""
#: ../../include/profile_advanced.php:37 ../../boot.php:1108
#: ../../include/profile_advanced.php:37 ../../boot.php:1105
msgid "Status:"
msgstr ""
#: ../../include/profile_advanced.php:45 ../../boot.php:1110
#: ../../include/profile_advanced.php:45 ../../boot.php:1107
msgid "Homepage:"
msgstr ""
@ -6249,11 +6249,11 @@ msgstr ""
msgid "Ask me"
msgstr ""
#: ../../include/event.php:17 ../../include/bb2diaspora.php:244
#: ../../include/event.php:17 ../../include/bb2diaspora.php:249
msgid "Starts:"
msgstr ""
#: ../../include/event.php:27 ../../include/bb2diaspora.php:252
#: ../../include/event.php:27 ../../include/bb2diaspora.php:257
msgid "Finishes:"
msgstr ""
@ -6477,7 +6477,7 @@ msgstr ""
msgid "Contacts not in any group"
msgstr ""
#: ../../include/nav.php:46 ../../boot.php:815
#: ../../include/nav.php:46 ../../boot.php:812
msgid "Logout"
msgstr ""
@ -6485,7 +6485,7 @@ msgstr ""
msgid "End this session"
msgstr ""
#: ../../include/nav.php:49 ../../boot.php:1502
#: ../../include/nav.php:49 ../../boot.php:1499
msgid "Status"
msgstr ""
@ -6565,11 +6565,11 @@ msgstr ""
msgid "Manage other pages"
msgstr ""
#: ../../include/nav.php:138 ../../boot.php:1063
#: ../../include/nav.php:138 ../../boot.php:1060
msgid "Profiles"
msgstr ""
#: ../../include/nav.php:138 ../../boot.php:1063
#: ../../include/nav.php:138 ../../boot.php:1060
msgid "Manage/edit profiles"
msgstr ""
@ -6652,13 +6652,13 @@ msgstr ""
msgid "Logged out."
msgstr ""
#: ../../include/auth.php:113
#: ../../include/auth.php:115
msgid ""
"We encountered a problem while logging in with the OpenID you provided. "
"Please check the correct spelling of the ID."
msgstr ""
#: ../../include/auth.php:113
#: ../../include/auth.php:115
msgid "The error message was:"
msgstr ""
@ -7236,96 +7236,96 @@ msgstr ""
msgid "permissions"
msgstr ""
#: ../../boot.php:516
#: ../../boot.php:513
msgid "Delete this item?"
msgstr ""
#: ../../boot.php:519
#: ../../boot.php:516
msgid "show fewer"
msgstr ""
#: ../../boot.php:692
#: ../../boot.php:689
#, php-format
msgid "Update %s failed. See error logs."
msgstr ""
#: ../../boot.php:694
#: ../../boot.php:691
#, php-format
msgid "Update Error at %s"
msgstr ""
#: ../../boot.php:794
#: ../../boot.php:791
msgid "Create a New Account"
msgstr ""
#: ../../boot.php:818
#: ../../boot.php:815
msgid "Nickname or Email address: "
msgstr ""
#: ../../boot.php:819
#: ../../boot.php:816
msgid "Password: "
msgstr ""
#: ../../boot.php:822
#: ../../boot.php:819
msgid "Or login using OpenID: "
msgstr ""
#: ../../boot.php:828
#: ../../boot.php:825
msgid "Forgot your password?"
msgstr ""
#: ../../boot.php:995
#: ../../boot.php:992
msgid "Edit profile"
msgstr ""
#: ../../boot.php:1055
#: ../../boot.php:1052
msgid "Message"
msgstr ""
#: ../../boot.php:1171 ../../boot.php:1247
#: ../../boot.php:1168 ../../boot.php:1244
msgid "g A l F d"
msgstr ""
#: ../../boot.php:1172 ../../boot.php:1248
#: ../../boot.php:1169 ../../boot.php:1245
msgid "F d"
msgstr ""
#: ../../boot.php:1217 ../../boot.php:1288
#: ../../boot.php:1214 ../../boot.php:1285
msgid "[today]"
msgstr ""
#: ../../boot.php:1229
#: ../../boot.php:1226
msgid "Birthday Reminders"
msgstr ""
#: ../../boot.php:1230
#: ../../boot.php:1227
msgid "Birthdays this week:"
msgstr ""
#: ../../boot.php:1281
#: ../../boot.php:1278
msgid "[No description]"
msgstr ""
#: ../../boot.php:1299
#: ../../boot.php:1296
msgid "Event Reminders"
msgstr ""
#: ../../boot.php:1300
#: ../../boot.php:1297
msgid "Events this week:"
msgstr ""
#: ../../boot.php:1505
#: ../../boot.php:1502
msgid "Status Messages and Posts"
msgstr ""
#: ../../boot.php:1511
#: ../../boot.php:1508
msgid "Profile Details"
msgstr ""
#: ../../boot.php:1526
#: ../../boot.php:1523
msgid "Events and Calendar"
msgstr ""
#: ../../boot.php:1532
#: ../../boot.php:1529
msgid "Only You Can See This"
msgstr ""

13
view/theme/slackr/style.css
View File

@ -43,7 +43,7 @@ nav #site-location {
#profile-jot-text_parent, .mceLayout {
border-radius: 3px;
-moz-border-radius: 3px;
box-shadow: 3px 3px 10px 0 #000000;
box-shadow: 4px 4px 3px 0 #444444;
}
#profile-jot-text:hover {
@ -66,24 +66,29 @@ nav #site-location {
.wall-item-photo, .photo, .contact-block-img, .my-comment-photo {
border-radius: 3px;
-moz-border-radius: 3px;
box-shadow: 3px 3px 10px 0 #000000;
box-shadow: 4px 4px 3px 0 #444444;
}
#sidebar-page-list img {
border-radius: 3px;
-moz-border-radius: 3px;
box-shadow: 3px 3px 10px -2px #000000;
box-shadow: 4px 4px 3px 0 #444444;
}
.contact-entry-photo img, .profile-match-photo img, #photo-photo img, .directory-photo-img, .photo-album-photo, .photo-top-photo, .fc, .profile-jot-text, .group-selected, .nets-selected, .fileas-selected, #profile-jot-submit, .categories-selected {
border-radius: 3px;
-moz-border-radius: 3px;
box-shadow: 3px 3px 10px 0 #000000;
box-shadow: 4px 4px 3px 0 #444444;
}
.photo {
border: 1px solid #AAAAAA;
}
.photo-top-photo, .photo-album-photo {
padding: 10px;
max-width: 300px;
border: 1px solid #888888;
}
.rotleft1 {