From 17aca9bee85f8c13d7723e1d0e5ec990c0885497 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Mon, 21 Oct 2019 21:18:59 +0200 Subject: [PATCH 1/6] move mod/ignored to src/Module/Item/Ignored --- mod/ignored.php | 52 --------------------------- src/Module/Item/Ignored.php | 70 +++++++++++++++++++++++++++++++++++++ static/routes.config.php | 11 +++--- 3 files changed, 76 insertions(+), 57 deletions(-) delete mode 100644 mod/ignored.php create mode 100644 src/Module/Item/Ignored.php diff --git a/mod/ignored.php b/mod/ignored.php deleted file mode 100644 index 6e0cf92a65..0000000000 --- a/mod/ignored.php +++ /dev/null @@ -1,52 +0,0 @@ -argc > 1) { - $message_id = intval($a->argv[1]); - } - - if (empty($message_id)) { - exit(); - } - - $thread = Item::selectFirstThreadForUser(local_user(), ['uid', 'ignored'], ['iid' => $message_id]); - if (!DBA::isResult($thread)) { - exit(); - } - - // Numeric values are needed for the json output further below - $ignored = ($thread['ignored'] ? 0 : 1); - - if ($thread['uid'] != 0) { - DBA::update('thread', ['ignored' => $ignored], ['iid' => $message_id]); - } else { - DBA::update('user-item', ['ignored' => $ignored], ['iid' => $message_id, 'uid' => local_user()], true); - } - - // See if we've been passed a return path to redirect to - $return_path = $_REQUEST['return'] ?? ''; - if ($return_path) { - $rand = '_=' . time(); - if (strpos($return_path, '?')) { - $rand = "&$rand"; - } else { - $rand = "?$rand"; - } - - $a->internalRedirect($return_path . $rand); - } - - // the json doesn't really matter, it will either be 0 or 1 - - echo json_encode($ignored); - exit(); -} diff --git a/src/Module/Item/Ignored.php b/src/Module/Item/Ignored.php new file mode 100644 index 0000000000..474f01dbe0 --- /dev/null +++ b/src/Module/Item/Ignored.php @@ -0,0 +1,70 @@ +t('Access denied.')); + } + + /** @var App\Arguments $args */ + $args = self::getClass(App\Arguments::class); + /** @var Database $dba */ + $dba = self::getClass(Database::class); + + $message_id = intval($args->get(1)); + + if (empty($message_id) || !is_int($message_id)) { + throw new HTTPException\BadRequestException(); + } + + $thread = Item::selectFirstThreadForUser(local_user(), ['uid', 'ignored'], ['iid' => $message_id]); + if (!$dba->isResult($thread)) { + throw new HTTPException\BadRequestException(); + } + + // Numeric values are needed for the json output further below + $ignored = !empty($thread['ignored']) ? 0 : 1; + + if (!empty($thread['uid']) && $thread['uid'] != 0) { + $dba->update('thread', ['ignored' => $ignored], ['iid' => $message_id]); + } else { + $dba->update('user-item', ['ignored' => $ignored], ['iid' => $message_id, 'uid' => local_user()], true); + } + + // See if we've been passed a return path to redirect to + $return_path = $_REQUEST['return'] ?? ''; + if (!empty($return_path)) { + $rand = '_=' . time(); + if (strpos($return_path, '?')) { + $rand = "&$rand"; + } else { + $rand = "?$rand"; + } + + self::getApp()->internalRedirect($return_path . $rand); + } + + // the json doesn't really matter, it will either be 0 or 1 + + echo json_encode($ignored); + exit(); + } +} diff --git a/static/routes.config.php b/static/routes.config.php index 7cc9fdaa6d..32a9f12edf 100644 --- a/static/routes.config.php +++ b/static/routes.config.php @@ -128,11 +128,12 @@ return [ '/{group:\d+}/add/{contact:\d+}' => [Module\Group::class, [R::GET, R::POST]], '/{group:\d+}/remove/{contact:\d+}' => [Module\Group::class, [R::GET, R::POST]], ], - '/hashtag' => [Module\Hashtag::class, [R::GET]], - '/home' => [Module\Home::class, [R::GET]], - '/help[/{doc:.+}]' => [Module\Help::class, [R::GET]], - '/inbox[/{nickname}]' => [Module\Inbox::class, [R::GET, R::POST]], - '/invite' => [Module\Invite::class, [R::GET, R::POST]], + '/hashtag' => [Module\Hashtag::class, [R::GET]], + '/home' => [Module\Home::class, [R::GET]], + '/help[/{doc:.+}]' => [Module\Help::class, [R::GET]], + '/ignored/{id}' => [Module\Item\Ignored::class, [R::GET]], + '/inbox[/{nickname}]' => [Module\Inbox::class, [R::GET, R::POST]], + '/invite' => [Module\Invite::class, [R::GET, R::POST]], '/install' => [ '[/]' => [Module\Install::class, [R::GET, R::POST]], From db25f5b6ca964bf9bd20d0109f889db57a39114e Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Wed, 23 Oct 2019 16:24:19 +0200 Subject: [PATCH 2/6] Add jsonExit() and fix UID issue --- src/Module/Item/Ignored.php | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/src/Module/Item/Ignored.php b/src/Module/Item/Ignored.php index 474f01dbe0..c629b0d2e9 100644 --- a/src/Module/Item/Ignored.php +++ b/src/Module/Item/Ignored.php @@ -6,6 +6,7 @@ use Friendica\App; use Friendica\BaseModule; use Friendica\Core\L10n\L10n; use Friendica\Core\Session; +use Friendica\Core\System; use Friendica\Database\Database; use Friendica\Model\Item; use Friendica\Network\HTTPException; @@ -43,10 +44,20 @@ class Ignored extends BaseModule // Numeric values are needed for the json output further below $ignored = !empty($thread['ignored']) ? 0 : 1; - if (!empty($thread['uid']) && $thread['uid'] != 0) { - $dba->update('thread', ['ignored' => $ignored], ['iid' => $message_id]); - } else { - $dba->update('user-item', ['ignored' => $ignored], ['iid' => $message_id, 'uid' => local_user()], true); + switch ($thread['uid'] ?? 0) { + // if the thread is from the current user + case local_user(): + $dba->update('thread', ['ignored' => $ignored], ['iid' => $message_id]); + break; + // Empty or 0 (null will get transformed to 0) => it's a public post + case 0: + case '': + $dba->update('user-item', ['ignored' => $ignored], ['iid' => $message_id, 'uid' => local_user()], true); + break; + // In case we retrieved a thread which isn't our or a public, it's a forbidden action + // but due to security reason (brute force), we print a Bad request exception + default: + throw new HTTPException\BadRequestException(); } // See if we've been passed a return path to redirect to @@ -63,8 +74,6 @@ class Ignored extends BaseModule } // the json doesn't really matter, it will either be 0 or 1 - - echo json_encode($ignored); - exit(); + System::jsonExit([$ignored]); } } From dba2d574b1daf80c4fe834aae408ffc9a8e49e57 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Wed, 23 Oct 2019 21:29:17 +0200 Subject: [PATCH 3/6] Adapt because of feedback --- src/Module/Item/Ignored.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/Module/Item/Ignored.php b/src/Module/Item/Ignored.php index c629b0d2e9..f37c5ab3a7 100644 --- a/src/Module/Item/Ignored.php +++ b/src/Module/Item/Ignored.php @@ -49,13 +49,12 @@ class Ignored extends BaseModule case local_user(): $dba->update('thread', ['ignored' => $ignored], ['iid' => $message_id]); break; - // Empty or 0 (null will get transformed to 0) => it's a public post + // 0 (null will get transformed to 0) => it's a public post case 0: - case '': $dba->update('user-item', ['ignored' => $ignored], ['iid' => $message_id, 'uid' => local_user()], true); break; - // In case we retrieved a thread which isn't our or a public, it's a forbidden action - // but due to security reason (brute force), we print a Bad request exception + // Throws a BadRequestException and not a ForbiddenException on purpose + // Avoids harvesting existing, but forbidden IIDs (security issue) default: throw new HTTPException\BadRequestException(); } From 5aa73afa7e4ffcd005d7a2ff3af8330ce1c90b15 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Thu, 24 Oct 2019 09:09:47 +0200 Subject: [PATCH 4/6] Rename module class name --- src/Module/Item/{Ignored.php => Ignore.php} | 2 +- static/routes.config.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename src/Module/Item/{Ignored.php => Ignore.php} (98%) diff --git a/src/Module/Item/Ignored.php b/src/Module/Item/Ignore.php similarity index 98% rename from src/Module/Item/Ignored.php rename to src/Module/Item/Ignore.php index f37c5ab3a7..362b6c9baa 100644 --- a/src/Module/Item/Ignored.php +++ b/src/Module/Item/Ignore.php @@ -14,7 +14,7 @@ use Friendica\Network\HTTPException; /** * Module for ignoring threads or user items */ -class Ignored extends BaseModule +class Ignore extends BaseModule { public static function rawContent() { diff --git a/static/routes.config.php b/static/routes.config.php index 32a9f12edf..cce7789cd5 100644 --- a/static/routes.config.php +++ b/static/routes.config.php @@ -131,7 +131,7 @@ return [ '/hashtag' => [Module\Hashtag::class, [R::GET]], '/home' => [Module\Home::class, [R::GET]], '/help[/{doc:.+}]' => [Module\Help::class, [R::GET]], - '/ignored/{id}' => [Module\Item\Ignored::class, [R::GET]], + '/ignored/{id}' => [Module\Item\Ignore::class, [R::GET]], '/inbox[/{nickname}]' => [Module\Inbox::class, [R::GET, R::POST]], '/invite' => [Module\Invite::class, [R::GET, R::POST]], From 062e47231437dfcc5df185bf50f82011eae31275 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Thu, 24 Oct 2019 17:18:29 +0200 Subject: [PATCH 5/6] Rename route '/ignored/{iid}' to '/item/ignore/{iid}' --- src/Module/Item/Ignore.php | 2 +- static/routes.config.php | 8 ++++++-- view/js/main.js | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/Module/Item/Ignore.php b/src/Module/Item/Ignore.php index 362b6c9baa..6a28310b40 100644 --- a/src/Module/Item/Ignore.php +++ b/src/Module/Item/Ignore.php @@ -30,7 +30,7 @@ class Ignore extends BaseModule /** @var Database $dba */ $dba = self::getClass(Database::class); - $message_id = intval($args->get(1)); + $message_id = intval($args->get(2)); if (empty($message_id) || !is_int($message_id)) { throw new HTTPException\BadRequestException(); diff --git a/static/routes.config.php b/static/routes.config.php index cce7789cd5..19d1b3156e 100644 --- a/static/routes.config.php +++ b/static/routes.config.php @@ -131,9 +131,13 @@ return [ '/hashtag' => [Module\Hashtag::class, [R::GET]], '/home' => [Module\Home::class, [R::GET]], '/help[/{doc:.+}]' => [Module\Help::class, [R::GET]], - '/ignored/{id}' => [Module\Item\Ignore::class, [R::GET]], '/inbox[/{nickname}]' => [Module\Inbox::class, [R::GET, R::POST]], - '/invite' => [Module\Invite::class, [R::GET, R::POST]], + + '/item' => [ + '/ignore/{id}' => [Module\Item\Ignore::class, [R::GET]], + ], + + '/invite' => [Module\Invite::class, [R::GET, R::POST]], '/install' => [ '[/]' => [Module\Install::class, [R::GET, R::POST]], diff --git a/view/js/main.js b/view/js/main.js index 47e7b968d0..40db7c2a13 100644 --- a/view/js/main.js +++ b/view/js/main.js @@ -629,7 +629,7 @@ function dostar(ident) { function doignore(ident) { ident = ident.toString(); $('#like-rotator-' + ident).show(); - $.get('ignored/' + ident, function(data) { + $.get('item/ignore/' + ident, function(data) { if (data.match(/1/)) { $('#ignored-' + ident).addClass('ignored'); $('#ignored-' + ident).removeClass('unignored'); From 488504314a729a6637787b2e235e45edf376225c Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Thu, 24 Oct 2019 17:32:03 +0200 Subject: [PATCH 6/6] sort route config --- static/routes.config.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/static/routes.config.php b/static/routes.config.php index 19d1b3156e..3379ee1138 100644 --- a/static/routes.config.php +++ b/static/routes.config.php @@ -132,17 +132,17 @@ return [ '/home' => [Module\Home::class, [R::GET]], '/help[/{doc:.+}]' => [Module\Help::class, [R::GET]], '/inbox[/{nickname}]' => [Module\Inbox::class, [R::GET, R::POST]], - - '/item' => [ - '/ignore/{id}' => [Module\Item\Ignore::class, [R::GET]], - ], - - '/invite' => [Module\Invite::class, [R::GET, R::POST]], + '/invite' => [Module\Invite::class, [R::GET, R::POST]], '/install' => [ '[/]' => [Module\Install::class, [R::GET, R::POST]], '/testrewrite' => [Module\Install::class, [R::GET]], ], + + '/item' => [ + '/ignore/{id}' => [Module\Item\Ignore::class, [R::GET]], + ], + '/like/{item:\d+}' => [Module\Like::class, [R::GET]], '/localtime' => [Module\Debug\Localtime::class, [R::GET, R::POST]], '/login' => [Module\Login::class, [R::GET, R::POST]],