Merge remote-tracking branch 'upstream/develop' into develop

include/conversation.php

@@ -144,109 +144,16 @@ function localize_item(&$item)
 		$item['body'] = item_redir_and_replace_images($extracted['body'], $extracted['images'], $item['contact-id']);
 	}
 
-	/*
-	heluecht 2018-06-19: from my point of view this whole code part is useless.
-	It just renders the body message of technical posts (Like, dislike, ...).
-	But: The body isn't visible at all. So we do this stuff just because we can.
-	Even if these messages were visible, this would only mean that something went wrong.
-	During the further steps of the database restructuring I would like to address this issue.
-	*/
-
+	/// @todo The following functionality needs to be cleaned up. 
+	if (!empty($item['verb'])) {
 		$activity = DI::activity();
 
-	$xmlhead = "<" . "?xml version='1.0' encoding='UTF-8' ?" . ">";
-	if ($activity->match($item['verb'], Activity::LIKE)
-		|| $activity->match($item['verb'], Activity::DISLIKE)
-		|| $activity->match($item['verb'], Activity::ATTEND)
-		|| $activity->match($item['verb'], Activity::ATTENDNO)
-		|| $activity->match($item['verb'], Activity::ATTENDMAYBE)) {
-
-		$fields = ['author-link', 'author-name', 'verb', 'object-type', 'resource-id', 'body', 'plink'];
-		$obj = Item::selectFirst($fields, ['uri' => $item['parent-uri']]);
-		if (!DBA::isResult($obj)) {
-			return;
-		}
-
-		$author  = '[url=' . $item['author-link'] . ']' . $item['author-name'] . '[/url]';
-		$objauthor =  '[url=' . $obj['author-link'] . ']' . $obj['author-name'] . '[/url]';
-
-		switch ($obj['verb']) {
-			case Activity::POST:
-				switch ($obj['object-type']) {
-					case Activity\ObjectType::EVENT:
-						$post_type = DI::l10n()->t('event');
-						break;
-					default:
-						$post_type = DI::l10n()->t('status');
-				}
-				break;
-			default:
-				if ($obj['resource-id']) {
-					$post_type = DI::l10n()->t('photo');
-					$m = [];
-					preg_match("/\[url=([^]]*)\]/", $obj['body'], $m);
-					$rr['plink'] = $m[1];
-				} else {
-					$post_type = DI::l10n()->t('status');
-				}
-		}
-
-		$plink = '[url=' . $obj['plink'] . ']' . $post_type . '[/url]';
-
-		$bodyverb = '';
-		if ($activity->match($item['verb'], Activity::LIKE)) {
-			$bodyverb = DI::l10n()->t('%1$s likes %2$s\'s %3$s');
-		} elseif ($activity->match($item['verb'], Activity::DISLIKE)) {
-			$bodyverb = DI::l10n()->t('%1$s doesn\'t like %2$s\'s %3$s');
-		} elseif ($activity->match($item['verb'], Activity::ATTEND)) {
-			$bodyverb = DI::l10n()->t('%1$s attends %2$s\'s %3$s');
-		} elseif ($activity->match($item['verb'], Activity::ATTENDNO)) {
-			$bodyverb = DI::l10n()->t('%1$s doesn\'t attend %2$s\'s %3$s');
-		} elseif ($activity->match($item['verb'], Activity::ATTENDMAYBE)) {
-			$bodyverb = DI::l10n()->t('%1$s attends maybe %2$s\'s %3$s');
-		}
-
-		$item['body'] = sprintf($bodyverb, $author, $objauthor, $plink);
-	}
-
-	if ($activity->match($item['verb'], Activity::FRIEND)) {
-
-		if ($item['object-type']=="" || $item['object-type']!== Activity\ObjectType::PERSON) return;
-
-		$Aname = $item['author-name'];
-		$Alink = $item['author-link'];
-
-		$xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">";
-
-		$obj = XML::parseString($xmlhead.$item['object']);
-		$links = XML::parseString($xmlhead."<links>".XML::unescape($obj->link)."</links>");
-
-		$Bname = $obj->title;
-		$Blink = "";
-		$Bphoto = "";
-		foreach ($links->link as $l) {
-			$atts = $l->attributes();
-			switch ($atts['rel']) {
-				case "alternate": $Blink = $atts['href']; break;
-				case "photo": $Bphoto = $atts['href']; break;
-			}
-		}
-
-		$A = '[url=' . Contact::magicLink($Alink) . ']' . $Aname . '[/url]';
-		$B = '[url=' . Contact::magicLink($Blink) . ']' . $Bname . '[/url]';
-		if ($Bphoto != "") {
-			$Bphoto = '[url=' . Contact::magicLink($Blink) . '][img]' . $Bphoto . '[/img][/url]';
-		}
-
-		$item['body'] = DI::l10n()->t('%1$s is now friends with %2$s', $A, $B)."\n\n\n".$Bphoto;
-
-	}
 		if (stristr($item['verb'], Activity::POKE)) {
-		$verb = urldecode(substr($item['verb'],strpos($item['verb'],'#')+1));
+			$verb = urldecode(substr($item['verb'], strpos($item['verb'],'#') + 1));
 			if (!$verb) {
 				return;
 			}
-		if ($item['object-type']=="" || $item['object-type']!== Activity\ObjectType::PERSON) {
+			if ($item['object-type'] == "" || $item['object-type'] !== Activity\ObjectType::PERSON) {
 				return;
 			}
 
@@ -255,7 +162,7 @@ function localize_item(&$item)
 
 			$xmlhead = "<" . "?xml version='1.0' encoding='UTF-8' ?" . ">";
 
-		$obj = XML::parseString($xmlhead.$item['object']);
+			$obj = XML::parseString($xmlhead . $item['object']);
 
 			$Bname = $obj->title;
 			$Blink = $obj->id;
@@ -282,12 +189,12 @@ function localize_item(&$item)
 			$txt = DI::l10n()->t('%1$s poked %2$s');
 
 			// now translate the verb
-		$poked_t = trim(sprintf($txt, "", ""));
+			$poked_t = trim(sprintf($txt, '', ''));
 			$txt = str_replace($poked_t, DI::l10n()->t($verb), $txt);
 
 			// then do the sprintf on the translation string
 
-		$item['body'] = sprintf($txt, $A, $B). "\n\n\n" . $Bphoto;
+			$item['body'] = sprintf($txt, $A, $B) . "\n\n\n" . $Bphoto;
 
 		}
 
@@ -335,31 +242,8 @@ function localize_item(&$item)
 			$tag = sprintf('#[url=%s]%s[/url]', $parsedobj->id, $parsedobj->content);
 			$item['body'] = DI::l10n()->t('%1$s tagged %2$s\'s %3$s with %4$s', $author, $objauthor, $plink, $tag);
 		}
-
-	if ($activity->match($item['verb'], Activity::FAVORITE)) {
-		if ($item['object-type'] == "") {
-			return;
 	}
 
-		$Aname = $item['author-name'];
-		$Alink = $item['author-link'];
-
-		$xmlhead = "<" . "?xml version='1.0' encoding='UTF-8' ?" . ">";
-
-		$obj = XML::parseString($xmlhead.$item['object']);
-		if (strlen($obj->id)) {
-			$fields = ['author-link', 'author-name', 'plink'];
-			$target = Item::selectFirst($fields, ['uri' => $obj->id, 'uid' => $item['uid']]);
-			if (DBA::isResult($target) && $target['plink']) {
-				$Bname = $target['author-name'];
-				$Blink = $target['author-link'];
-				$A = '[url=' . Contact::magicLink($Alink) . ']' . $Aname . '[/url]';
-				$B = '[url=' . Contact::magicLink($Blink) . ']' . $Bname . '[/url]';
-				$P = '[url=' . $target['plink'] . ']' . DI::l10n()->t('post/item') . '[/url]';
-				$item['body'] = DI::l10n()->t('%1$s marked %2$s\'s %3$s as favorite', $A, $B, $P)."\n";
-			}
-		}
-	}
 	$matches = null;
 	if (preg_match_all('/@\[url=(.*?)\]/is', $item['body'], $matches, PREG_SET_ORDER)) {
 		foreach ($matches as $mtch) {

mod/lostpass.php

@@ -41,10 +41,10 @@ function lostpass_post(App $a)
 		DI::baseUrl()->redirect();
 	}
 
-	$pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999);
+	$pwdreset_token = Strings::getRandomHex(32);
 
 	$fields = [
-		'pwdreset' => $pwdreset_token,
+		'pwdreset' => hash('sha256', $pwdreset_token),
 		'pwdreset_time' => DateTimeFormat::utcNow()
 	];
 	$result = DBA::update('user', $fields, ['uid' => $user['uid']]);
@@ -95,7 +95,7 @@ function lostpass_content(App $a)
 	if ($a->argc > 1) {
 		$pwdreset_token = $a->argv[1];
 
-		$user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'pwdreset_time', 'language'], ['pwdreset' => $pwdreset_token]);
+		$user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'pwdreset_time', 'language'], ['pwdreset' => hash('sha256', $pwdreset_token)]);
 		if (!DBA::isResult($user)) {
 			notice(DI::l10n()->t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed."));