function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) {
- // default permissions - anonymous user
-
- if(! strlen($owner_nick))
- killme();
+ $sitefeed = ((strlen($owner_nick)) ? false : true); // not yet implemented, need to rewrite huge chunks of following logic
$public_feed = (($dfrn_id) ? false : true);
- $starred = false;
- $converse = false;
+ $starred = false; // not yet implemented, possible security issues
+ $converse = false;
if($public_feed && $a->argc > 2) {
for($x = 2; $x < $a->argc; $x++) {
}
}
+ // default permissions - anonymous user
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
- $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`
+ $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`
FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1",
dbesc($owner_nick)
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
- '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : '')
+ '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''),
+ '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
));
call_hooks('atom_feed', $atom);
// the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining
// html.
- if((strpos($res['body'],'<') !== false) || (strpos($res['body'],'>') !== false)) {
+ if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) {
$res['body'] = reltoabs($res['body'],$base_url);
// we shouldn't need a whitelist, because the bbcode converter
// will strip out any unsupported tags.
- // $config->set('HTML.Allowed', 'p,b,a[href],i');
$purifier = new HTMLPurifier($config);
$res['body'] = $purifier->purify($res['body']);
- $res['body'] = html2bbcode($res['body']);
+ $res['body'] = @html2bbcode($res['body']);
+ }
+ elseif(! $have_real_body) {
+
+ // it's not one of our messages and it has no tags
+ // so it's probably just text. We'll escape it just to be safe.
+
+ $res['body'] = escape_tags($res['body']);
}
+ // this tag is obsolete but we keep it for really old sites
+
$allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');
if($allow && $allow[0]['data'] == 1)
$res['last-child'] = 1;
unset($arr['dsprsig']);
}
- if($arr['gravity'])
+ if(x($arr, 'gravity'))
$arr['gravity'] = intval($arr['gravity']);
elseif($arr['parent-uri'] === $arr['uri'])
$arr['gravity'] = 0;
if($arr['parent-uri'] === $arr['uri']) {
$parent_id = 0;
+ $parent_deleted = 0;
$allow_cid = $arr['allow_cid'];
$allow_gid = $arr['allow_gid'];
$deny_cid = $arr['deny_cid'];
logger('item_store: item parent was not found - ignoring item');
return 0;
}
+
+ $parent_deleted = 0;
}
}
if(! $rino_enable)
$rino = 0;
+ $ssl_val = intval(get_config('system','ssl_policy'));
+ $ssl_policy = '';
+
+ switch($ssl_val){
+ case SSL_POLICY_FULL:
+ $ssl_policy = 'full';
+ break;
+ case SSL_POLICY_SELFSIGN:
+ $ssl_policy = 'self';
+ break;
+ case SSL_POLICY_NONE:
+ default:
+ $ssl_policy = 'none';
+ break;
+ }
+
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
logger('dfrn_deliver: ' . $url);
$postvars = array();
$sent_dfrn_id = hex2bin((string) $res->dfrn_id);
$challenge = hex2bin((string) $res->challenge);
+ $perm = (($res->perm) ? $res->perm : null);
$dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0);
$rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
+ $page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
$final_dfrn_id = '';
+ if($perm) {
+ if((($perm == 'rw') && (! intval($contact['writable'])))
+ || (($perm == 'r') && (intval($contact['writable'])))) {
+ q("update contact set writable = %d where id = %d limit 1",
+ intval(($perm == 'rw') ? 1 : 0),
+ intval($contact['id'])
+ );
+ $contact['writable'] = (string) 1 - intval($contact['writable']);
+ }
+ }
if(($contact['duplex'] && strlen($contact['pubkey']))
|| ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))
$postvars['perm'] = 'r';
}
+ $postvars['ssl_policy'] = $ssl_policy;
+
+ if($page)
+ $postvars['page'] = '1';
+
if($rino && $rino_allowed && (! $dissolve)) {
$key = substr(random_string(),0,16);
$data = bin2hex(aes_encrypt($postvars['data'],$key));
}
+ $community_page = 0;
+ $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community');
+ if($rawtags) {
+ $community_page = intval($rawtags[0]['data']);
+ }
+ if(is_array($contact) && intval($contact['forum']) != $community_page) {
+ q("update contact set forum = %d where id = %d limit 1",
+ intval($community_page),
+ intval($contact['id'])
+ );
+ $contact['forum'] = (string) $community_page;
+ }
+
// process any deleted entries
}
if($deleted && is_array($contact)) {
$r = q("SELECT `item`.*, `contact`.`self` FROM `item` left join `contact` on `item`.`contact-id` = `contact`.`id`
- WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d LIMIT 1",
+ WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1",
dbesc($uri),
intval($importer['uid']),
intval($contact['id'])
if(count($r)) {
if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) {
- $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
+ $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($datarray['title']),
dbesc($datarray['body']),
+ dbesc($datarray['tag']),
dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
dbesc($item_id),
intval($importer['uid'])
if((activity_match($datarray['verb'],ACTIVITY_LIKE)) || (activity_match($datarray['verb'],ACTIVITY_DISLIKE))) {
$datarray['type'] = 'activity';
$datarray['gravity'] = GRAVITY_LIKE;
+ // only one like or dislike per person
+ $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 limit 1",
+ intval($datarray['uid']),
+ intval($datarray['contact-id']),
+ dbesc($datarray['verb'])
+ );
+ if($r && count($r))
+ continue;
}
if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) {
if(count($r)) {
if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) {
- $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
+ $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($datarray['title']),
dbesc($datarray['body']),
+ dbesc($datarray['tag']),
dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
dbesc($item_id),
intval($importer['uid'])
$datarray['parent-uri'] = $item_id;
$datarray['uid'] = $importer['uid'];
$datarray['contact-id'] = $contact['id'];
+
+ if(! link_compare($datarray['owner-link'],$contact['url'])) {
+ // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
+ // but otherwise there's a possible data mixup on the sender's system.
+ // the tgroup delivery code called from item_store will correct it if it's a forum,
+ // but we're going to unconditionally correct it here so that the post will always be owned by our contact.
+ logger('consume_feed: Correcting item owner.', LOGGER_DEBUG);
+ $datarray['owner-name'] = $contact['name'];
+ $datarray['owner-link'] = $contact['url'];
+ $datarray['owner-avatar'] = $contact['thumb'];
+ }
+
$r = item_store($datarray);
continue;
);
if(count($r)) {
$fid = $r[0]['id'];
+
+ // OK, we do. Do we already have an introduction for this person ?
+ $r = q("select id from intro where uid = %d and fid = %d limit 1",
+ intval($fsugg['uid']),
+ intval($fid)
+ );
+ if(count($r))
+ return 0;
}
if(! $fid)
$r = q("INSERT INTO `fcontact` ( `name`,`url`,`photo`,`request` ) VALUES ( '%s', '%s', '%s', '%s' ) ",
else
return 0;
+
$hash = random_string();
$r = q("INSERT INTO `intro` ( `uid`, `fid`, `contact-id`, `note`, `hash`, `datetime`, `blocked` )
// NOTREACHED
}
+
+ $community_page = 0;
+ $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community');
+ if($rawtags) {
+ $community_page = intval($rawtags[0]['data']);
+ }
+ if(intval($importer['forum']) != $community_page) {
+ q("update contact set forum = %d where id = %d limit 1",
+ intval($community_page),
+ intval($importer['id'])
+ );
+ $importer['forum'] = (string) $community_page;
+ }
logger('local_delivery: feed item count = ' . $feed->get_item_quantity());
if($deleted) {
$r = q("SELECT `item`.*, `contact`.`self` FROM `item` left join contact on `item`.`contact-id` = `contact`.`id`
- WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d LIMIT 1",
+ WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1",
dbesc($uri),
intval($importer['importer_uid']),
intval($importer['id'])
if(($item['verb'] === ACTIVITY_TAG) && ($item['object-type'] === ACTVITY_OBJ_TAGTERM)) {
$xo = parse_xml_string($item['object'],false);
$xt = parse_xml_string($item['target'],false);
+
if($xt->type === ACTIVITY_OBJ_NOTE) {
$i = q("select * from `item` where uri = '%s' and uid = %d limit 1",
dbesc($xt->id),
$datarray['type'] = 'activity';
$datarray['gravity'] = GRAVITY_LIKE;
$datarray['last-child'] = 0;
+ // only one like or dislike per person
+ $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 limit 1",
+ intval($datarray['uid']),
+ intval($datarray['contact-id']),
+ dbesc($datarray['verb'])
+ );
+ if($r && count($r))
+ continue;
}
if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) {
if(count($r)) {
if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) {
- $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
+ $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($datarray['title']),
dbesc($datarray['body']),
+ dbesc($datarray['tag']),
dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
dbesc($item_id),
intval($importer['importer_uid'])
if(($datarray['verb'] == ACTIVITY_LIKE) || ($datarray['verb'] == ACTIVITY_DISLIKE)) {
$datarray['type'] = 'activity';
$datarray['gravity'] = GRAVITY_LIKE;
+ // only one like or dislike per person
+ $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 limit 1",
+ intval($datarray['uid']),
+ intval($datarray['contact-id']),
+ dbesc($datarray['verb'])
+ );
+ if($r && count($r))
+ continue;
+
}
if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) {
if(count($r)) {
if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) {
- $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
+ $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($datarray['title']),
dbesc($datarray['body']),
+ dbesc($datarray['tag']),
dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
dbesc($item_id),
intval($importer['importer_uid'])
$datarray['parent-uri'] = $item_id;
$datarray['uid'] = $importer['importer_uid'];
$datarray['contact-id'] = $importer['id'];
+
+ if(! link_compare($datarray['owner-link'],$contact['url'])) {
+ // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
+ // but otherwise there's a possible data mixup on the sender's system.
+ // the tgroup delivery code called from item_store will correct it if it's a forum,
+ // but we're going to unconditionally correct it here so that the post will always be owned by our contact.
+ logger('local_delivery: Correcting item owner.', LOGGER_DEBUG);
+ $datarray['owner-name'] = $importer['senderName'];
+ $datarray['owner-link'] = $importer['url'];
+ $datarray['owner-avatar'] = $importer['thumb'];
+ }
+
$r = item_store($datarray);
continue;
}
foreach($r as $item) {
+ // don't expire filed items
+
+ if(strpos($item['file'],'[') !== false)
+ continue;
+
// Only expire posts, not photos and photo comments
if($expire_photos==0 && strlen($item['resource-id']))
projects / friendica.git / blobdiff