include/items.php

   1 <?php
   2
   3
   4 function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update) {
   5
   6         require_once('bbcode.php');
   7
   8         // default permissions - anonymous user
   9
  10         $sql_extra = "
  11                 AND `allow_cid` = ''
  12                 AND `allow_gid` = ''
  13                 AND `deny_cid`  = ''
  14                 AND `deny_gid`  = ''
  15         ";
  16
  17         if(strlen($owner_id) && ! intval($owner_id)) {
  18                 $r = q("SELECT `uid`, `nickname` FROM `user` WHERE `nickname` = '%s' LIMIT 1",
  19                         dbesc($owner_id)
  20                 );
  21                 if(count($r)) {
  22                         $owner_id = $r[0]['uid'];
  23                         $owner_nick = $r[0]['nickname'];
  24                 }
  25         }
  26
  27         $r = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1",
  28                 intval($owner_id)
  29         );
  30         if(count($r))
  31                 $owner = $r[0];
  32         else
  33                 killme();
  34
  35         if($dfrn_id != '*') {
  36
  37                 $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' LIMIT 1",
  38                         dbesc($dfrn_id)
  39                 );
  40                 if(! count($r))
  41                         return false;
  42
  43                 $contact = $r[0];
  44                 $groups = init_groups_visitor($contact['id']);
  45
  46                 if(count($groups)) {
  47                         for($x = 0; $x < count($groups); $x ++)
  48                                 $groups[$x] = '<' . intval($groups[$x]) . '>' ;
  49                         $gs = implode('|', $groups);
  50                 }
  51                 else
  52                         $gs = '<<>>' ; // Impossible to match
  53
  54                 $sql_extra = sprintf("
  55                         AND ( `allow_cid` = '' OR     `allow_cid` REGEXP '<%d>' )
  56                         AND ( `deny_cid`  = '' OR NOT `deny_cid`  REGEXP '<%d>' )
  57                         AND ( `allow_gid` = '' OR     `allow_gid` REGEXP '%s' )
  58                         AND ( `deny_gid`  = '' OR NOT `deny_gid`  REGEXP '%s')
  59                 ",
  60                         intval($contact['id']),
  61                         intval($contact['id']),
  62                         dbesc($gs),
  63                         dbesc($gs)
  64                 );
  65         }
  66
  67         if(! strlen($last_update))
  68                 $last_update = 'now - 30 days';
  69         $check_date = datetime_convert('UTC','UTC',$last_update,'Y-m-d H:i:s');
  70
  71         $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
  72                 `contact`.`name`, `contact`.`photo`, `contact`.`url`,
  73                 `contact`.`name-date`, `contact`.`uri-date`, `contact`.`avatar-date`,
  74                 `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
  75                 `contact`.`id` AS `contact-id`, `contact`.`uid` AS `contact-uid`
  76                 FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
  77                 WHERE `item`.`uid` = %d AND `item`.`visible` = 1
  78                 AND NOT `item`.`type` IN ( 'remote', 'net-comment' ) AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
  79                 AND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' )
  80                 $sql_extra
  81                 ORDER BY `parent` ASC, `created` ASC LIMIT 0, 300",
  82                 intval($owner_id),
  83                 dbesc($check_date),
  84                 dbesc($check_date)
  85         );
  86         if(! count($r))
  87                 killme();
  88
  89         $items = $r;
  90
  91         $feed_template = file_get_contents('view/atom_feed.tpl');
  92         $tomb_template = file_get_contents('view/atom_tomb.tpl');
  93         $item_template = file_get_contents('view/atom_item.tpl');
  94         $cmnt_template = file_get_contents('view/atom_cmnt.tpl');
  95
  96         $atom = '';
  97
  98
  99         $atom .= replace_macros($feed_template, array(
 100                         '$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick),
 101                         '$feed_title' => xmlify($owner['name']),
 102                         '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', $updated . '+00:00' , 'Y-m-d\TH:i:s\Z')) ,
 103                         '$name' => xmlify($owner['name']),
 104                         '$profile_page' => xmlify($owner['url']),
 105                         '$photo' => xmlify($owner['photo']),
 106                         '$thumb' => xmlify($owner['thumb']),
 107                         '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) ,
 108                         '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date']    . '+00:00' , 'Y-m-d\TH:i:s\Z')) ,
 109                         '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date']   . '+00:00' , 'Y-m-d\TH:i:s\Z'))
 110
 111         ));
 112
 113
 114         foreach($items as $item) {
 115
 116                 // public feeds get html, our own nodes use bbcode
 117
 118                 if($dfrn_id == '*') {
 119                         $item['body'] = bbcode($item['body']);
 120                         $type = 'html';
 121                 }
 122                 else {
 123                         $type = 'text';
 124                 }
 125
 126                 if($item['deleted']) {
 127                         $atom .= replace_macros($tomb_template, array(
 128                                 '$id' => xmlify($item['uri']),
 129                                 '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z'))
 130                         ));
 131                 }
 132                 else {
 133                         $verb = construct_verb($item);
 134                         $actobj = construct_activity($item);
 135
 136                         if($item['parent'] == $item['id']) {
 137                                 $atom .= replace_macros($item_template, array(
 138                                         '$name' => xmlify($item['name']),
 139                                         '$profile_page' => xmlify($item['url']),
 140                                         '$thumb' => xmlify($item['thumb']),
 141                                         '$owner_name' => xmlify($item['owner-name']),
 142                                         '$owner_profile_page' => xmlify($item['owner-link']),
 143                                         '$owner_thumb' => xmlify($item['owner-avatar']),
 144                                         '$item_id' => xmlify($item['uri']),
 145                                         '$title' => xmlify($item['title']),
 146                                         '$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
 147                                         '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
 148                                         '$location' => xmlify($item['location']),
 149                                         '$type' => $type,
 150                                         '$content' => xmlify($item['body']),
 151                                         '$verb' => xmlify($verb),
 152                                         '$actobj' => $actobj,  // do not xmlify
 153                                         '$comment_allow' => (($item['last-child'] && strlen($contact['dfrn-id'])) ? 1 : 0)
 154                                 ));
 155                         }
 156                         else {
 157                                 $atom .= replace_macros($cmnt_template, array(
 158                                         '$name' => xmlify($item['name']),
 159                                         '$profile_page' => xmlify($item['url']),
 160                                         '$thumb' => xmlify($item['thumb']),
 161                                         '$item_id' => xmlify($item['uri']),
 162                                         '$title' => xmlify($item['title']),
 163                                         '$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
 164                                         '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
 165                                         '$type' => $type,
 166                                         '$content' =>xmlify($item['body']),
 167                                         '$verb' => xmlify($verb),
 168                                         '$actobj' => $actobj, // do not xmlify
 169                                         '$parent_id' => xmlify($item['parent-uri']),
 170                                         '$comment_allow' => (($item['last-child']) ? 1 : 0)
 171                                 ));
 172                         }
 173                 }
 174         }
 175
 176         $atom .= '</feed>' . "\r\n";
 177         return $atom;
 178 }
 179
 180
 181 function construct_verb($item) {
 182         if($item['verb'])
 183                 return $item['verb'];
 184         return ACTIVITY_POST;
 185 }
 186
 187 function construct_activity($item) {
 188
 189         if($item['type'] == 'activity') {
 190
 191
 192         }
 193         return '';
 194 }
 195
 196
 197
 198
 199 function get_atom_elements($item) {
 200
 201         require_once('library/HTMLPurifier.auto.php');
 202         require_once('include/html2bbcode.php');
 203
 204         $res = array();
 205
 206         $raw_author = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'author');
 207         if($raw_author) {
 208                 if($raw_author[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['rel'] == 'photo')
 209                 $res['author-avatar'] = unxmlify($raw_author[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['href']);
 210         }
 211
 212         $author = $item->get_author();
 213         $res['author-name'] = unxmlify($author->get_name());
 214         $res['author-link'] = unxmlify($author->get_link());
 215         if(! $res['author-avatar'])
 216                 $res['author-avatar'] = unxmlify($author->get_avatar());
 217         $res['uri'] = unxmlify($item->get_id());
 218         $res['title'] = unxmlify($item->get_title());
 219         $res['body'] = unxmlify($item->get_content());
 220
 221         $maxlen = get_max_import_size();
 222         if($maxlen && (strlen($res['body']) > $maxlen))
 223                 $res['body'] = substr($res['body'],0, $maxlen);
 224
 225         // It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust
 226         // the content type. Our own network only emits text normally, though it might have been converted to
 227         // html if we used a pubsubhubbub transport. But if we see even one html open tag in our text, we will
 228         // have to assume it is all html and needs to be purified.
 229
 230         // It doesn't matter all that much security wise - because before this content is used anywhere, we are
 231         // going to escape any tags we find regardless, but this lets us import a limited subset of html from
 232         // the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining
 233         // html.
 234
 235
 236
 237         if(strpos($res['body'],'<')) {
 238
 239                 $res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
 240                         '[youtube]$1[/youtube]', $res['body']);
 241
 242                 $config = HTMLPurifier_Config::createDefault();
 243                 $config->set('Core.DefinitionCache', null);
 244
 245                 // we shouldn't need a whitelist, because the bbcode converter
 246                 // will strip out any unsupported tags.
 247                 // $config->set('HTML.Allowed', 'p,b,a[href],i');
 248
 249                 $purifier = new HTMLPurifier($config);
 250                 $res['body'] = $purifier->purify($res['body']);
 251         }
 252
 253         $res['body'] = html2bbcode($res['body']);
 254
 255         $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');
 256         if($allow && $allow[0]['data'] == 1)
 257                 $res['last-child'] = 1;
 258         else
 259                 $res['last-child'] = 0;
 260
 261         $rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'published');
 262         if($rawcreated)
 263                 $res['created'] = unxmlify($rawcreated[0]['data']);
 264
 265         $rawlocation = $item->get_item_tags(NAMESPACE_DFRN, 'location');
 266         if($rawlocation)
 267                 $res['location'] = unxmlify($rawlocation[0]['data']);
 268
 269
 270         $rawedited = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'updated');
 271         if($rawedited)
 272                 $res['edited'] = unxmlify($rawcreated[0]['data']);
 273
 274         $rawowner = $item->get_item_tags(NAMESPACE_DFRN, 'owner');
 275         if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data'])
 276                 $res['owner-name'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']);
 277         elseif($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data'])
 278                 $res['owner-name'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']);
 279         if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data'])
 280                 $res['owner-link'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']);
 281         elseif($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data'])
 282                 $res['owner-link'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']);
 283
 284         if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['rel'] == 'photo')
 285                 $res['owner-avatar'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['href']);
 286         elseif($rawowner[0]['child'][NAMESPACE_DFRN]['avatar'][0]['data'])
 287                 $res['owner-avatar'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['avatar'][0]['data']);
 288
 289         $rawverb = $item->get_item_tags(NAMESPACE_ACTIVITY, 'verb');
 290         // select between supported verbs
 291         if($rawverb)
 292                 $res['verb'] = unxmlify($rawverb[0]['data']);
 293
 294         $rawobj = $item->get_item_tags(NAMESPACE_ACTIVITY, 'object');
 295         if($rawobj) {
 296                 $res['object-type'] = $rawobj[0]['object-type'][0]['data'];
 297                 $res['object'] = $rawobj[0];
 298         }
 299
 300         return $res;
 301 }
 302
 303 function post_remote($a,$arr) {
 304
 305 //print_r($arr);
 306
 307         if(! x($arr,'type'))
 308                 $arr['type'] = 'remote';
 309         $arr['uri'] = notags(trim($arr['uri']));
 310         $arr['author-name'] = notags(trim($arr['author-name']));
 311         $arr['author-link'] = notags(trim($arr['author-link']));
 312         $arr['author-avatar'] = notags(trim($arr['author-avatar']));
 313         $arr['owner-name'] = notags(trim($arr['owner-name']));
 314         $arr['owner-link'] = notags(trim($arr['owner-link']));
 315         $arr['owner-avatar'] = notags(trim($arr['owner-avatar']));
 316         $arr['created'] = datetime_convert('UTC','UTC',$arr['created'],'Y-m-d H:i:s');
 317         $arr['edited'] = datetime_convert('UTC','UTC',$arr['edited'],'Y-m-d H:i:s');
 318         $arr['changed'] = datetime_convert();
 319         $arr['title'] = notags(trim($arr['title']));
 320         $arr['location'] = notags(trim($arr['location']));
 321         $arr['body'] = escape_tags(trim($arr['body']));
 322         $arr['last-child'] = intval($arr['last-child']);
 323         $arr['visible'] = 1;
 324         $arr['deleted'] = 0;
 325         $arr['parent-uri'] = notags(trim($arr['parent-uri']));
 326         $arr['verb'] = notags(trim($arr['verb']));
 327         $arr['object-type'] = notags(trim($arr['object-type']));
 328         $arr['object'] = trim($arr['object']);
 329
 330         $parent_id = 0;
 331         $parent_missing = false;
 332
 333         dbesc_array($arr);
 334
 335         $r = q("INSERT INTO `item` (`"
 336                         . implode("`, `", array_keys($arr))
 337                         . "`) VALUES ('"
 338                         . implode("', '", array_values($arr))
 339                         . "')" );
 340
 341         $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
 342                 dbesc($arr['parent-uri']),
 343                 intval($arr['uid'])
 344         );
 345
 346         if(count($r))
 347                 $parent_id = $r[0]['id'];
 348         else {
 349                 $parent_missing = true;
 350         }
 351
 352         $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
 353                 $arr['uri'],           // already dbesc'd
 354                 intval($arr['uid'])
 355         );
 356         if(count($r))
 357                 $current_post = $r[0]['id'];
 358         else
 359                 return 0;
 360
 361         if($parent_missing) {
 362
 363                 // perhaps the parent was deleted, but in any case, this thread is dead
 364                 // and unfortunately our brand new item now has to be destroyed
 365
 366                 q("DELETE FROM `item` WHERE `id` = %d LIMIT 1",
 367                         intval($current_post)
 368                 );
 369                 return 0;
 370         }
 371
 372         $r = q("UPDATE `item` SET `parent` = %d WHERE `id` = %d LIMIT 1",
 373                 intval($parent_id),
 374                 intval($current_post)
 375         );
 376
 377         return $current_post;
 378 }