friendica/friendica
6
0
Fork 1
mirror of https://github.com/friendica/friendica synced 2024-05-28 00:58:18 +02:00
Code Issues Packages Projects Releases 1 Wiki Activity

Merge branch 'master' of git://github.com/friendika/friendika

Browse source
This commit is contained in:
root 2010-12-08 06:54:13 +01:00
parent af48dbec7f a42b9ea3de
commit a96da92571
17 changed files with 315 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
boot.php
View file

@ -2,7 +2,7 @@
set_time_limit(0);
define ( 'BUILD_ID', 1021 );
define ( 'BUILD_ID', 1022 );
define ( 'DFRN_PROTOCOL_VERSION', '2.0' );
define ( 'EOL', "<br />\r\n" );
@ -518,16 +518,29 @@ function random_string() {
return(hash('sha256',uniqid(rand(),true)));
}}
// This is our primary input filter. The high bit hack only involved some old
// IE browser, forget which.
// Use this on any text input where angle chars are not valid or permitted
// They will be replaced with safer brackets. This may be filtered further
// if these are not allowed either.
/**
* This is our primary input filter.
*
* The high bit hack only involved some old IE browser, forget which (IE5/Mac?)
* that had an XSS attack vector due to stripping the high-bit on an 8-bit character
* after cleansing, and angle chars with the high bit set could get through as markup.
*
* This is now disabled because it was interfering with some legitimate unicode sequences
* and hopefully there aren't a lot of those browsers left.
*
* Use this on any text input where angle chars are not valid or permitted
* They will be replaced with safer brackets. This may be filtered further
* if these are not allowed either.
*
*/
if(! function_exists('notags')) {
function notags($string) {
// protect against :<> with high-bit set
return(str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string));
return(str_replace(array("<",">"), array('[',']'), $string));
// High-bit filter no longer used
// return(str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string));
}}
// use this on "body" or "content" input where angle chars shouldn't be removed,

3
database.sql
View file

@ -187,6 +187,7 @@ CREATE TABLE IF NOT EXISTS `item` (
`allow_gid` mediumtext NOT NULL,
`deny_cid` mediumtext NOT NULL,
`deny_gid` mediumtext NOT NULL,
`private` tinyint(1) NOT NULL DEFAULT '0',
`visible` tinyint(1) NOT NULL DEFAULT '0',
`unseen` tinyint(1) NOT NULL DEFAULT '1',
`deleted` tinyint(1) NOT NULL DEFAULT '0',
@ -319,7 +320,9 @@ CREATE TABLE IF NOT EXISTS `profile` (
CREATE TABLE IF NOT EXISTS `profile_check` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`uid` int(10) unsigned NOT NULL,
`cid` int(10) unsigned NOT NULL,
`dfrn_id` char(255) NOT NULL,
`sec` char(255) NOT NULL,
`expire` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

24
include/dba.php
View file

@ -1,12 +1,15 @@
<?php
// MySQL database class
//
// For debugging, insert 'dbg(x);' anywhere in the program flow.
// x = 1: display db success/failure following content
// x = 2: display full queries following content
// x = 3: display full queries using echo; which will mess up display
// really bad but will return output in stubborn cases.
/**
*
* MySQL database class
*
* For debugging, insert 'dbg(1);' anywhere in the program flow.
* dbg(0); will turn it off. Logging is performed at LOGGER_DATA level.
* When logging, all binary info is converted to text and html entities are escaped so that
* the debugging stream is safe to view within both terminals and web pages.
*
*/
if(! class_exists('dba')) {
class dba {
@ -51,6 +54,13 @@ class dba {
logger('dba: ' . $str );
}
else {
/*
* If dbfail.out exists, we will write any failed calls directly to it,
* regardless of any logging that may or may nor be in effect.
* These usually indicate SQL syntax errors that need to be resolved.
*/
if($result === false) {
logger('dba: ' . printable($sql) . ' returned false.');
if(file_exists('dbfail.out'))

18
include/items.php
View file

@ -367,6 +367,12 @@ function get_atom_elements($feed,$item) {
else
$res['last-child'] = 0;
$private = $item->get_item_tags(NAMESPACE_DFRN,'private');
if($private && $private[0]['data'] == 1)
$res['private'] = 1;
else
$res['private'] = 0;
$rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'published');
if($rawcreated)
$res['created'] = unxmlify($rawcreated[0]['data']);
@ -549,6 +555,7 @@ function item_store($arr) {
$arr['allow_gid'] = ((x($arr,'allow_gid')) ? trim($arr['allow_gid']) : '');
$arr['deny_cid'] = ((x($arr,'deny_cid')) ? trim($arr['deny_cid']) : '');
$arr['deny_gid'] = ((x($arr,'deny_gid')) ? trim($arr['deny_gid']) : '');
$arr['private'] = ((x($arr,'private')) ? intval($arr['private']) : 0 );
$arr['body'] = ((x($arr,'body')) ? escape_tags(trim($arr['body'])) : '');
// The content body has been through a lot of filtering and transport escaping by now.
@ -631,15 +638,21 @@ function item_store($arr) {
if($arr['parent-uri'] === $arr['uri'])
$parent_id = $current_post;
if(strlen($allow_cid) || strlen($allow_gid) || strlen($deny_cid) || strlen($deny_gid))
$private = 1;
else
$private = $arr['private'];
// Set parent id - and also make sure to inherit the parent's ACL's.
$r = q("UPDATE `item` SET `parent` = %d, `allow_cid` = '%s', `allow_gid` = '%s',
`deny_cid` = '%s', `deny_gid` = '%s' WHERE `id` = %d LIMIT 1",
`deny_cid` = '%s', `deny_gid` = '%s', `private` = %d WHERE `id` = %d LIMIT 1",
intval($parent_id),
dbesc($allow_cid),
dbesc($allow_gid),
dbesc($deny_cid),
dbesc($deny_gid),
intval($private),
intval($current_post)
);
@ -1256,6 +1269,9 @@ function atom_entry($item,$type,$author,$owner,$comment = false) {
if($item['coord'])
$o .= '<georss:point>' . xmlify($item['coord']) . '</georss:point>' . "\r\n";
if(($item['private']) || strlen($item['allow_cid']) || strlen($item['allow_gid']) || strlen($item['deny_cid']) || strlen($item['deny_gid']))
$o .= '<dfrn:private>1</dfrn:private>' . "\r\n";
$verb = construct_verb($item);
$o .= '<as:verb>' . xmlify($verb) . '</as:verb>' . "\r\n";
$actobj = construct_activity_object($item);

11
index.php
View file

@ -12,8 +12,12 @@ $install = ((file_exists('.htconfig.php')) ? false : true);
@include(".htconfig.php");
if(isset($lang) && strlen($lang))
load_translation_table($lang);
// get language setting directly from system variables, bypassing get_config()
// as database may not yet be configured.
$lang = ((isset($a->config['system']['language'])) ? $a->config['system']['language'] : 'en');
load_translation_table($lang);
require_once("dba.php");
$db = new dba($db_host, $db_user, $db_pass, $db_data, $install);
@ -122,9 +126,6 @@ $a->page['htmlhead'] = replace_macros($a->page['htmlhead'], array(
$page = $a->page;
$profile = $a->profile;
$lang = get_config('system','language');
if($lang === false)
$lang = 'en';
header("Content-type: text/html; charset=utf-8");

214
mod/dfrn_poll.php
View file

@ -7,12 +7,12 @@ require_once('include/auth.php');
function dfrn_poll_init(&$a) {
$dfrn_id = ((x($_GET,'dfrn_id')) ? $_GET['dfrn_id'] : '');
$type = ((x($_GET,'type')) ? $_GET['type'] : '');
$type = ((x($_GET,'type')) ? $_GET['type'] : 'data');
$last_update = ((x($_GET,'last_update')) ? $_GET['last_update'] : '');
$destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
$sec = ((x($_GET,'sec')) ? intval($_GET['sec']) : 0);
$dfrn_version = ((x($_GET,'dfrn_version')) ? (float) $_GET['dfrn_version'] : 0);
$challenge = ((x($_GET,'challenge')) ? $_GET['challenge'] : '');
$sec = ((x($_GET,'sec')) ? $_GET['sec'] : '');
$dfrn_version = ((x($_GET,'dfrn_version')) ? (float) $_GET['dfrn_version'] : 2.0);
$direction = (-1);
@ -29,7 +29,7 @@ function dfrn_poll_init(&$a) {
killme();
}
if((isset($type)) && ($type === 'profile')) {
if(($type === 'profile') && (! strlen($sec))) {
$sql_extra = '';
switch($direction) {
@ -61,6 +61,8 @@ function dfrn_poll_init(&$a) {
$s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
logger("dfrn_poll: old profile returns " . $s, LOGGER_DATA);
if(strlen($s)) {
$xml = simplexml_load_string($s);
@ -85,30 +87,87 @@ function dfrn_poll_init(&$a) {
}
if((isset($type)) && ($type === 'profile-check')) {
if($type === 'profile-check') {
switch($direction) {
case 1:
$dfrn_id = '0:' . $dfrn_id;
break;
case 0:
$dfrn_id = '1:' . $dfrn_id;
break;
default:
break;
if((strlen($challenge)) && (strlen($sec))) {
q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
$r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
dbesc($sec)
);
if(! count($r)) {
xml_status(3);
// NOTREACHED
}
$orig_id = $r[0]['dfrn_id'];
if(strpos(':',$orig_id))
$orig_id = substr($orig_id,2);
$c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
intval($r[0]['cid'])
);
if(! count($c)) {
xml_status(3);
}
$contact = $c[0];
$sent_dfrn_id = hex2bin($dfrn_id);
$challenge = hex2bin($challenge);
$final_dfrn_id = '';
if(($contact['duplex']) && strlen($contact['prvkey'])) {
openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
openssl_private_decrypt($challenge,$decoded_challenge,$contact['prvkey']);
}
else {
openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
openssl_public_decrypt($challenge,$decoded_challenge,$contact['pubkey']);
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if(strpos($final_dfrn_id,':') == 1)
$final_dfrn_id = substr($final_dfrn_id,2);
if($final_dfrn_id != $orig_id) {
// did not decode properly - cannot trust this site
xml_status(3);
}
header("Content-type: text/xml");
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>$decoded_challenge</challenge><sec>$sec</sec></dfrn_poll>";
killme();
// NOTREACHED
}
q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
$r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
dbesc($dfrn_id));
if(count($r)) {
xml_status(1);
else {
// old protocol
switch($direction) {
case 1:
$dfrn_id = '0:' . $dfrn_id;
break;
case 0:
$dfrn_id = '1:' . $dfrn_id;
break;
default:
break;
}
q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
$r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
dbesc($dfrn_id));
if(count($r)) {
xml_status(1);
return; // NOTREACHED
}
xml_status(0);
return; // NOTREACHED
}
xml_status(0);
return; // NOTREACHED
}
}
@ -118,7 +177,7 @@ function dfrn_poll_post(&$a) {
$dfrn_id = ((x($_POST,'dfrn_id')) ? $_POST['dfrn_id'] : '');
$challenge = ((x($_POST,'challenge')) ? $_POST['challenge'] : '');
$url = ((x($_POST,'url')) ? $_POST['url'] : '');
$dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 0);
$dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
$direction = (-1);
if(strpos($dfrn_id,':') == 1) {
@ -213,11 +272,12 @@ function dfrn_poll_post(&$a) {
function dfrn_poll_content(&$a) {
$dfrn_id = ((x($_GET,'dfrn_id')) ? $_GET['dfrn_id'] : '');
$type = ((x($_GET,'type')) ? $_GET['type'] : 'data');
$last_update = ((x($_GET,'last_update')) ? $_GET['last_update'] : '');
$dfrn_version = ((x($_GET,'dfrn_version')) ? (float) $_GET['dfrn_version'] : 2.0);
$sec = ((x($_GET,'sec')) ? intval($_GET['sec']) : 0);
$dfrn_id = ((x($_GET,'dfrn_id')) ? $_GET['dfrn_id'] : '');
$type = ((x($_GET,'type')) ? $_GET['type'] : 'data');
$last_update = ((x($_GET,'last_update')) ? $_GET['last_update'] : '');
$destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
$sec = ((x($_GET,'sec')) ? $_GET['sec'] : '');
$dfrn_version = ((x($_GET,'dfrn_version')) ? (float) $_GET['dfrn_version'] : 2.0);
$direction = (-1);
if(strpos($dfrn_id,':') == 1) {
@ -234,19 +294,23 @@ function dfrn_poll_content(&$a) {
$r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
$r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
dbesc($hash),
dbesc($dfrn_id),
intval(time() + 60 ),
dbesc($type),
dbesc($last_update)
);
if($type !== 'profile') {
$r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
dbesc($hash),
dbesc($dfrn_id),
intval(time() + 60 ),
dbesc($type),
dbesc($last_update)
);
}
$sql_extra = '';
switch($direction) {
case (-1):
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
if($type === 'profile')
$sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id),dbesc($dfrn_id));
else
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
@ -262,7 +326,12 @@ function dfrn_poll_content(&$a) {
break; // NOTREACHED
}
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
$r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname`
FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
dbesc($a->argv[1])
);
if(count($r)) {
@ -270,7 +339,6 @@ function dfrn_poll_content(&$a) {
$encrypted_id = '';
$id_str = $my_id . '.' . mt_rand(1000,9999);
if($r[0]['duplex'] && strlen($r[0]['pubkey'])) {
openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
@ -287,15 +355,61 @@ function dfrn_poll_content(&$a) {
$status = 1;
}
header("Content-type: text/xml");
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
. '<dfrn_poll>' . "\r\n"
. "\t" . '<status>' . $status . '</status>' . "\r\n"
. "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
. "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
. "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
. '</dfrn_poll>' . "\r\n" ;
killme();
if(($type === 'profile') && (strlen($sec))) {
// URL reply
$s = fetch_url($r[0]['poll']
. '?dfrn_id=' . $encrypted_id
. '&type=profile-check'
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION
. '&challenge=' . $challenge
. '&sec=' . $sec
);
logger("dfrn_poll: sec profile: " . $s, LOGGER_DATA);
if(strlen($s) && strstr($s,'<?xml')) {
$xml = simplexml_load_string($s);
logger('dfrn_poll: profile: parsed xml: ' . print_r($xml,true), LOGGER_DATA);
logger('dfrn_poll: secure profile: challenge: ' . $xml->challenge . ' expecting ' . $hash);
logger('dfrn_poll: secure profile: sec: ' . $xml->sec . ' expecting ' . $sec);
if(((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) {
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['id'];
notice( $r[0]['username'] . t(' welcomes ') . $r[0]['name'] . EOL);
// Visitors get 1 day session.
$session_id = session_id();
$expire = time() + 86400;
q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
dbesc($expire),
dbesc($session_id)
);
}
$profile = $r[0]['nickname'];
goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
}
goaway($a->get_baseurl());
// NOTREACHED
}
else {
// XML reply
header("Content-type: text/xml");
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
. '<dfrn_poll>' . "\r\n"
. "\t" . '<status>' . $status . '</status>' . "\r\n"
. "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
. "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
. "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
. '</dfrn_poll>' . "\r\n" ;
killme();
// NOTREACHED
}
}
}

12
mod/display.php
View file

@ -142,8 +142,8 @@ function display_content(&$a) {
&& ($item['id'] != $item['parent']))
continue;
$lock = (($item['uid'] == local_user()) && (strlen($item['allow_cid']) || strlen($item['allow_gid'])
|| strlen($item['deny_cid']) || strlen($item['deny_gid']))
$lock = ((($item['private']) || (($item['uid'] == local_user()) && (strlen($item['allow_cid']) || strlen($item['allow_gid'])
|| strlen($item['deny_cid']) || strlen($item['deny_gid']))))
? '<div class="wall-item-lock"><img src="images/lock_icon.gif" class="lockview" alt="' . t('Private Message') . '" onclick="lockview(event,' . $item['id'] . ');" /></div>'
: '<div class="wall-item-lock"></div>');
@ -235,6 +235,12 @@ function display_content(&$a) {
$location = '<span class="smalltext">' . $coord . '</span>';
}
$indent = (($item['parent'] != $item['item_id']) ? ' comment' : '');
if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0)
$indent .= ' shiny';
$o .= replace_macros($template,array(
'$id' => $item['item_id'],
'$profile_url' => $profile_link,
@ -247,7 +253,7 @@ function display_content(&$a) {
'$ago' => relative_date($item['created']),
'$lock' => $lock,
'$location' => $location,
'$indent' => (($item['parent'] != $item['item_id']) ? ' comment' : ''),
'$indent' => $indent,
'$owner_url' => $owner_url,
'$owner_photo' => $owner_photo,
'$owner_name' => $owner_name,

12
mod/item.php
View file

@ -53,6 +53,8 @@ function item_post(&$a) {
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
$private = ((strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) ? 1 : 0);
$title = notags(trim($_POST['title']));
$body = escape_tags(trim($_POST['body']));
$location = notags(trim($_POST['location']));
@ -195,8 +197,8 @@ function item_post(&$a) {
$r = q("INSERT INTO `item` (`uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`,
`author-name`, `author-link`, `author-avatar`, `created`, `edited`, `changed`, `uri`, `title`, `body`, `location`, `coord`,
`tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)
VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
`tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private` )
VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )",
intval($profile_uid),
dbesc($post_type),
intval($wall),
@ -222,7 +224,8 @@ function item_post(&$a) {
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
dbesc($str_group_deny)
dbesc($str_group_deny),
intval($private)
);
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
dbesc($uri));
@ -241,12 +244,13 @@ function item_post(&$a) {
// Inherit ACL's from the parent item.
// TODO merge with subsequent UPDATE operation and save a db write
$r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
$r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `private` = %d
WHERE `id` = %d LIMIT 1",
dbesc($parent_item['allow_cid']),
dbesc($parent_item['allow_gid']),
dbesc($parent_item['deny_cid']),
dbesc($parent_item['deny_gid']),
intval($parent_item['private']),
intval($post_id)
);

7
mod/lockview.php
View file

@ -22,6 +22,13 @@ function lockview_content(&$a) {
$deny_users = expand_acl($item['deny_cid']);
$deny_groups = expand_acl($item['deny_gid']);
if(($item['private']) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid']))
&& (! strlen($item['deny_cid'])) && (! strlen($item['deny_gid']))) {
echo t('Remote privacy information not available.') . '<br />';
killme();
}
$o = t('Visible to:') . '<br />';
$l = array();

14
mod/network.php
View file

@ -165,11 +165,13 @@ function network_content(&$a, $update = 0) {
if(((activity_match($item['verb'],ACTIVITY_LIKE)) || (activity_match($item['verb'],ACTIVITY_DISLIKE))) && ($item['id'] != $item['parent']))
continue;
$lock = (($item['uid'] == local_user()) && (strlen($item['allow_cid']) || strlen($item['allow_gid'])
|| strlen($item['deny_cid']) || strlen($item['deny_gid']))
$lock = ((($item['private']) || (($item['uid'] == local_user()) && (strlen($item['allow_cid']) || strlen($item['allow_gid'])
|| strlen($item['deny_cid']) || strlen($item['deny_gid']))))
? '<div class="wall-item-lock"><img src="images/lock_icon.gif" class="lockview" alt="' . t('Private Message') . '" onclick="lockview(event,' . $item['id'] . ');" /></div>'
: '<div class="wall-item-lock"></div>');
// Top-level wall post not written by the wall owner (wall-to-wall)
// First figure out who owns it.
@ -274,6 +276,12 @@ function network_content(&$a, $update = 0) {
$location = '<span class="smalltext">' . $coord . '</span>';
}
$indent = (($item['parent'] != $item['item_id']) ? ' comment' : '');
if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0)
$indent .= ' shiny';
// Build the HTML
$o .= replace_macros($template,array(
@ -288,7 +296,7 @@ function network_content(&$a, $update = 0) {
'$ago' => relative_date($item['created']),
'$lock' => $lock,
'$location' => $location,
'$indent' => (($item['parent'] != $item['item_id']) ? ' comment' : ''),
'$indent' => $indent,
'$owner_url' => $owner_url,
'$owner_photo' => $owner_photo,
'$owner_name' => $owner_name,

2
mod/photos.php
View file

@ -644,7 +644,7 @@ function photos_content(&$a) {
$owner_uid = $a->data['user']['uid'];
$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
dbg(1);
if((local_user()) && (local_user() == $owner_uid))
$can_post = true;
else {

11
mod/profile.php
View file

@ -305,8 +305,8 @@ function profile_content(&$a, $update = 0) {
&& ($item['id'] != $item['parent']))
continue;
$lock = (($item['uid'] == local_user()) && (strlen($item['allow_cid']) || strlen($item['allow_gid'])
|| strlen($item['deny_cid']) || strlen($item['deny_gid']))
$lock = ((($item['private']) || (($item['uid'] == local_user()) && (strlen($item['allow_cid']) || strlen($item['allow_gid'])
|| strlen($item['deny_cid']) || strlen($item['deny_gid']))))
? '<div class="wall-item-lock"><img src="images/lock_icon.gif" class="lockview" alt="' . t('Private Message') . '" onclick="lockview(event,' . $item['id'] . ');" /></div>'
: '<div class="wall-item-lock"></div>');
@ -376,6 +376,11 @@ function profile_content(&$a, $update = 0) {
$location = '<span class="smalltext">' . $coord . '</span>';
}
$indent = (($item['parent'] != $item['item_id']) ? ' comment' : '');
if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0)
$indent .= ' shiny';
$o .= replace_macros($template,array(
'$id' => $item['item_id'],
'$profile_url' => $profile_link,
@ -387,7 +392,7 @@ function profile_content(&$a, $update = 0) {
'$ago' => relative_date($item['created']),
'$lock' => $lock,
'$location' => $location,
'$indent' => (($item['parent'] != $item['item_id']) ? ' comment' : ''),
'$indent' => $indent,
'$drop' => $drop,
'$like' => $like,
'$vote' => $likebuttons,

23
mod/redir.php
View file

@ -4,10 +4,13 @@ function redir_init(&$a) {
if((! local_user()) || (! ($a->argc == 2)) || (! intval($a->argv[1])))
goaway($a->get_baseurl());
$cid = $a->argv[1];
$r = q("SELECT `network`, `issued-id`, `dfrn-id`, `duplex`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]),
intval($cid),
intval(local_user())
);
if((! count($r)) || ($r[0]['network'] !== 'dfrn'))
goaway($a->get_baseurl());
@ -21,12 +24,20 @@ function redir_init(&$a) {
$orig_id = $r[0]['dfrn-id'];
$dfrn_id = '0:' . $orig_id;
}
q("INSERT INTO `profile_check` ( `uid`, `dfrn_id`, `expire`)
VALUES( %d, '%s', %d )",
intval($_SESSION['uid']),
$sec = random_string();
q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`)
VALUES( %d, %s, '%s', '%s', %d )",
intval(local_user()),
intval($cid),
dbesc($dfrn_id),
intval(time() + 45));
dbesc($sec),
intval(time() + 45)
);
goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=1');
// . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile');
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec);
}

30
mod/register.php
View file

@ -30,17 +30,12 @@ function register_post(&$a) {
break;
}
if(x($_POST,'username'))
$username = notags(trim($_POST['username']));
if(x($_POST['nickname']))
$nickname = notags(trim($_POST['nickname']));
if(x($_POST,'email'))
$email = notags(trim($_POST['email']));
if(x($_POST,'openid_url'))
$openid_url = notags(trim($_POST['openid_url']));
$photo = ((x($_POST,'photo')) ? notags(trim($_POST['photo'])) : '');
$username = ((x($_POST,'username')) ? notags(trim($_POST['username'])) : '');
$nickname = ((x($_POST,'nickname')) ? notags(trim($_POST['nickname'])) : '');
$email = ((x($_POST,'email')) ? notags(trim($_POST['email'])) : '');
$openid_url = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : '');
$photo = ((x($_POST,'photo')) ? notags(trim($_POST['photo'])) : '');
if((! x($username)) || (! x($email)) || (! x($nickname))) {
if($openid_url) {
@ -71,14 +66,15 @@ function register_post(&$a) {
// I don't really like having this rule, but it cuts down
// on the number of auto-registrations by Russian spammers
// $no_utf = get_config('system','no_utf');
// Using preg_match was completely unreliable, due to mixed UTF-8 regex support
// $no_utf = get_config('system','no_utf');
// $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' );
// $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' );
// $loose_reg = get_config('system','no_regfullname');
// if((! $loose_reg) && (! preg_match($pat,$username)))
// $err .= t('That doesn\'t appear to be your full name.') . EOL;
// So now we are just looking for a space in the full name.
$loose_reg = get_config('system','no_regfullname');
if((! $loose_reg) && (! strpos($username,' ')))
$err .= t("That doesn\'t appear to be your full \x28First Last\x29 name.") . EOL;
if(! allowed_email($email))
$err .= t('Your email domain is not among those allowed on this site.') . EOL;

7
update.php
View file

@ -186,3 +186,10 @@ function update_1020() {
q("ALTER TABLE `profile` DROP `showwith`");
q("ALTER TABLE `item` ADD `thr-parent` CHAR( 255 ) NOT NULL AFTER `parent-uri` ");
}
function update_1021() {
q("ALTER TABLE `profile_check` ADD `sec` CHAR( 255 ) NOT NULL AFTER `dfrn_id` ");
q("ALTER TABLE `profile_check` ADD `cid` INT(10) unsigned NOT NULL DEFAULT '0' AFTER `uid`");
q("ALTER TABLE `item` ADD `private` TINYINT( 1 ) NOT NULL DEFAULT '0' AFTER `deny_gid` ");
}

2
view/en/profile.php
View file

@ -48,7 +48,7 @@
<?php } ?>
<?php if(strlen($profile['pubkey'])) { ?>
<div class="key" style="display: none"><?php echo $profile['pubkey']; ?></div>
<div class="key" style="display: none;"><?php echo $profile['pubkey']; ?></div>
<?php } ?>
</div>
<?php } ?>

5
view/theme/default/style.css
View file

@ -71,6 +71,11 @@ code {
blockquote:before {
content: '>> ';
}
.shiny {
border-color: orange !important;
}
.nav-login-link {
float: right;
margin-left: 0px;