<?php
/**
- * @file include/dfrn.php
- * The implementation of the dfrn protocol
+ * @copyright Copyright (C) 2020, Friendica
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
*
- * @see https://github.com/friendica/friendica/wiki/Protocol and
- * https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf
*/
+
namespace Friendica\Protocol;
use DOMDocument;
use DOMXPath;
use Friendica\App\BaseURL;
-use Friendica\Content\OEmbed;
use Friendica\Content\Text\BBCode;
-use Friendica\Content\Text\HTML;
-use Friendica\Core\Config;
use Friendica\Core\Hook;
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Model\Event;
use Friendica\Model\GContact;
use Friendica\Model\Item;
+use Friendica\Model\ItemURI;
use Friendica\Model\Mail;
+use Friendica\Model\Notify\Type;
use Friendica\Model\PermissionSet;
+use Friendica\Model\Post\Category;
use Friendica\Model\Profile;
+use Friendica\Model\Tag;
use Friendica\Model\User;
use Friendica\Network\Probe;
use Friendica\Util\Crypto;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;
-use HTMLPurifier;
-use HTMLPurifier_Config;
/**
* This class contain functions to create and send DFRN XML files
// default permissions - anonymous user
- $sql_extra = " AND NOT `item`.`private` ";
+ $sql_extra = sprintf(" AND `item`.`private` != %s ", Item::PRIVATE);
- $r = q(
- "SELECT `contact`.*, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`, `user`.`account-type`
- FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`
- WHERE `contact`.`self` AND `user`.`nickname` = '%s' LIMIT 1",
- DBA::escape($owner_nick)
- );
-
- if (! DBA::isResult($r)) {
+ $owner = DBA::selectFirst('owner-view', [], ['nickname' => $owner_nick]);
+ if (!DBA::isResult($owner)) {
Logger::log(sprintf('No contact found for nickname=%d', $owner_nick), Logger::WARNING);
exit();
}
- $owner = $r[0];
$owner_id = $owner['uid'];
$sql_post_table = "";
if (!empty($set)) {
$sql_extra = " AND `item`.`psid` IN (" . implode(',', $set) .")";
} else {
- $sql_extra = " AND NOT `item`.`private`";
+ $sql_extra = sprintf(" AND `item`.`private` != %s", Item::PRIVATE);
}
}
}
if (isset($category)) {
- $sql_post_table = sprintf(
- "INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
- DBA::escape(Strings::protectSprintf($category)),
- intval(TERM_OBJ_POST),
- intval(TERM_CATEGORY),
- intval($owner_id)
- );
+ $sql_post_table = sprintf("INNER JOIN (SELECT `uri-id` FROM `category-view` WHERE `name` = '%s' AND `type` = %d AND `uid` = %d ORDER BY `uri-id` DESC) AS `category` ON `item`.`uri-id` = `category`.`uri-id` ",
+ DBA::escape(Strings::protectSprintf($category)), intval(Category::CATEGORY), intval($owner_id));
}
if ($public_feed && ! $converse) {
if ($public_feed) {
$type = 'html';
// catch any email that's in a public conversation and make sure it doesn't leak
- if ($item['private']) {
+ if ($item['private'] == Item::PRIVATE) {
continue;
}
} else {
*/
private static function addAuthor(DOMDocument $doc, array $owner, $authorelement, $public)
{
- // Is the profile hidden or shouldn't be published in the net? Then add the "hide" element
- $r = q(
- "SELECT `id` FROM `profile` INNER JOIN `user` ON `user`.`uid` = `profile`.`uid`
- WHERE (`hidewall` OR NOT `net-publish`) AND `user`.`uid` = %d",
- intval($owner['uid'])
- );
- if (DBA::isResult($r)) {
- $hidewall = true;
- } else {
- $hidewall = false;
- }
+ // Should the profile be "unsearchable" in the net? Then add the "hide" element
+ $hide = DBA::exists('profile', ['uid' => $owner['uid'], 'net-publish' => false]);
$author = $doc->createElement($authorelement);
$namdate = DateTimeFormat::utc($owner['name-date'].'+00:00', DateTimeFormat::ATOM);
- $uridate = DateTimeFormat::utc($owner['uri-date'].'+00:00', DateTimeFormat::ATOM);
$picdate = DateTimeFormat::utc($owner['avatar-date'].'+00:00', DateTimeFormat::ATOM);
$attributes = [];
- if (!$public || !$hidewall) {
+ if (!$public || !$hide) {
$attributes = ["dfrn:updated" => $namdate];
}
$attributes = ["rel" => "photo", "type" => "image/jpeg",
"media:width" => 300, "media:height" => 300, "href" => $owner['photo']];
- if (!$public || !$hidewall) {
+ if (!$public || !$hide) {
$attributes["dfrn:updated"] = $picdate;
}
$attributes["rel"] = "avatar";
XML::addElement($doc, $author, "link", "", $attributes);
- if ($hidewall) {
+ if ($hide) {
XML::addElement($doc, $author, "dfrn:hide", "true");
}
}
// Only show contact details when we are allowed to
- $r = q(
- "SELECT `profile`.`about`, `profile`.`name`, `profile`.`homepage`, `user`.`nickname`,
- `user`.`timezone`, `profile`.`locality`, `profile`.`region`, `profile`.`country-name`,
- `profile`.`pub_keywords`, `profile`.`xmpp`, `profile`.`dob`
- FROM `profile`
- INNER JOIN `user` ON `user`.`uid` = `profile`.`uid`
- WHERE `profile`.`is-default` AND NOT `user`.`hidewall` AND `user`.`uid` = %d",
- intval($owner['uid'])
- );
- if (DBA::isResult($r)) {
- $profile = $r[0];
-
+ $profile = DBA::selectFirst('owner-view',
+ ['about', 'name', 'homepage', 'nickname', 'timezone', 'locality', 'region', 'country-name', 'pub_keywords', 'xmpp', 'dob'],
+ ['uid' => $owner['uid'], 'hidewall' => false]);
+ if (DBA::isResult($profile)) {
XML::addElement($doc, $author, "poco:displayName", $profile["name"]);
XML::addElement($doc, $author, "poco:updated", $namdate);
if ($activity) {
$entry = $doc->createElement($element);
- $r = XML::parseString($activity, false);
+ $r = XML::parseString($activity);
if (!$r) {
return false;
}
$r->link = preg_replace('/\<link(.*?)\"\>/', '<link$1"/>', $r->link);
// XML does need a single element as root element so we add a dummy element here
- $data = XML::parseString("<dummy>" . $r->link . "</dummy>", false);
+ $data = XML::parseString("<dummy>" . $r->link . "</dummy>");
if (is_object($data)) {
foreach ($data->link as $link) {
$attributes = [];
$entry->setAttribute("xmlns:statusnet", ActivityNamespace::STATUSNET);
}
- if ($item['private']) {
+ if ($item['private'] == Item::PRIVATE) {
$body = Item::fixPrivatePhotos($item['body'], $owner['uid'], $item, $cid);
} else {
$body = $item['body'];
$htmlbody = "[b]" . $item['title'] . "[/b]\n\n" . $htmlbody;
}
- $htmlbody = BBCode::convert($htmlbody, false, 7);
+ $htmlbody = BBCode::convert($htmlbody, false, BBCode::OSTATUS);
}
$author = self::addEntryAuthor($doc, "author", $item["author-link"], $item);
$dfrnowner = self::addEntryAuthor($doc, "dfrn:owner", $item["owner-link"], $item);
$entry->appendChild($dfrnowner);
- if (($item['parent'] != $item['id']) || ($item['parent-uri'] !== $item['uri']) || (($item['thr-parent'] !== '') && ($item['thr-parent'] !== $item['uri']))) {
+ if ($item['gravity'] != GRAVITY_PARENT) {
$parent_item = (($item['thr-parent']) ? $item['thr-parent'] : $item['parent-uri']);
$parent = Item::selectFirst(['guid', 'plink'], ['uri' => $parent_item, 'uid' => $item['uid']]);
$attributes = ["ref" => $parent_item, "type" => "text/html",
}
if ($item['private']) {
- XML::addElement($doc, $entry, "dfrn:private", ($item['private'] ? $item['private'] : 1));
+ // Friendica versions prior to 2020.3 can't handle "unlisted" properly. So we can only transmit public and private
+ XML::addElement($doc, $entry, "dfrn:private", ($item['private'] == Item::PRIVATE ? Item::PRIVATE : Item::PUBLIC));
+ XML::addElement($doc, $entry, "dfrn:unlisted", $item['private'] == Item::UNLISTED);
}
if ($item['extid']) {
// The signed text contains the content in Markdown, the sender handle and the signatur for the content
// It is needed for relayed comments to Diaspora.
if ($item['signed_text']) {
- $sign = base64_encode(json_encode(['signed_text' => $item['signed_text'],'signature' => $item['signature'],'signer' => $item['signer']]));
+ $sign = base64_encode(json_encode(['signed_text' => $item['signed_text'],'signature' => '','signer' => '']));
XML::addElement($doc, $entry, "dfrn:diaspora_signature", $sign);
}
if ($item['object-type'] != "") {
XML::addElement($doc, $entry, "activity:object-type", $item['object-type']);
- } elseif ($item['id'] == $item['parent']) {
+ } elseif ($item['gravity'] == GRAVITY_PARENT) {
XML::addElement($doc, $entry, "activity:object-type", Activity\ObjectType::NOTE);
} else {
XML::addElement($doc, $entry, "activity:object-type", Activity\ObjectType::COMMENT);
$entry->appendChild($actarg);
}
- $tags = Item::getFeedTags($item);
+ $tags = Tag::getByURIId($item['uri-id']);
- /// @TODO Combine this with similar below if() block?
if (count($tags)) {
- foreach ($tags as $t) {
- if (($type != 'html') || ($t[0] != "@")) {
- XML::addElement($doc, $entry, "category", "", ["scheme" => "X-DFRN:".$t[0].":".$t[1], "term" => $t[2]]);
+ foreach ($tags as $tag) {
+ if (($type != 'html') || ($tag['type'] == Tag::HASHTAG)) {
+ XML::addElement($doc, $entry, "category", "", ["scheme" => "X-DFRN:" . Tag::TAG_CHARACTER[$tag['type']] . ":" . $tag['url'], "term" => $tag['name']]);
}
- }
- }
-
- if (count($tags)) {
- foreach ($tags as $t) {
- if ($t[0] == "@") {
- $mentioned[$t[1]] = $t[1];
+ if ($tag['type'] != Tag::HASHTAG) {
+ $mentioned[$tag['url']] = $tag['url'];
}
}
}
notification(
[
- 'type' => NOTIFY_SUGGEST,
+ 'type' => Type::SUGGEST,
'notify_flags' => $importer['notify-flags'],
'language' => $importer['language'],
'to_name' => $importer['username'],
}
$fields = ['title' => $item['title'] ?? '', 'body' => $item['body'] ?? '',
- 'tag' => $item['tag'] ?? '', 'changed' => DateTimeFormat::utcNow(),
+ 'changed' => DateTimeFormat::utcNow(),
'edited' => DateTimeFormat::utc($item["edited"])];
$condition = ["`uri` = ? AND `uid` IN (0, ?)", $item["uri"], $importer["importer_uid"]];
if (!$verb) {
return;
}
- $xo = XML::parseString($item["object"], false);
+ $xo = XML::parseString($item["object"]);
if (($xo->type == Activity\ObjectType::PERSON) && ($xo->id)) {
// somebody was poked/prodded. Was it me?
$author = DBA::selectFirst('contact', ['name', 'thumb', 'url'], ['id' => $item['author-id']]);
$parent = Item::selectFirst(['id'], ['uri' => $item['parent-uri'], 'uid' => $importer["importer_uid"]]);
- $item["parent"] = $parent['id'];
+ $item['parent'] = $parent['id'];
// send a notification
notification(
[
- "type" => NOTIFY_POKE,
+ "type" => Type::POKE,
"notify_flags" => $importer["notify-flags"],
"language" => $importer["language"],
"to_name" => $importer["username"],
"verb" => $item["verb"],
"otype" => "person",
"activity" => $verb,
- "parent" => $item["parent"]]
+ "parent" => $item['parent']]
);
}
}
}
if (($item["verb"] == Activity::TAG) && ($item["object-type"] == Activity\ObjectType::TAGTERM)) {
- $xo = XML::parseString($item["object"], false);
- $xt = XML::parseString($item["target"], false);
+ $xo = XML::parseString($item["object"]);
+ $xt = XML::parseString($item["target"]);
if ($xt->type == Activity\ObjectType::NOTE) {
- $item_tag = Item::selectFirst(['id', 'tag'], ['uri' => $xt->id, 'uid' => $importer["importer_uid"]]);
+ $item_tag = Item::selectFirst(['id', 'uri-id', 'tag'], ['uri' => $xt->id, 'uid' => $importer["importer_uid"]]);
if (!DBA::isResult($item_tag)) {
Logger::log("Query failed to execute, no result returned in " . __FUNCTION__);
// extract tag, if not duplicate, add to parent item
if ($xo->content) {
- if (!stristr($item_tag["tag"], trim($xo->content))) {
- $tag = $item_tag["tag"] . (strlen($item_tag["tag"]) ? ',' : '') . '#[url=' . $xo->id . ']'. $xo->content . '[/url]';
- Item::update(['tag' => $tag], ['id' => $item_tag["id"]]);
- }
+ Tag::store($item_tag['uri-id'], Tag::HASHTAG, $xo->content);
}
}
}
$item["body"] = XML::getFirstNodeValue($xpath, "dfrn:env/text()", $entry);
$item["body"] = str_replace([' ',"\t","\r","\n"], ['','','',''], $item["body"]);
- // make sure nobody is trying to sneak some html tags by us
+
$item["body"] = Strings::base64UrlDecode($item["body"]);
$item["body"] = BBCode::limitBodySize($item["body"]);
- /// @todo Do we really need this check for HTML elements? (It was copied from the old function)
- if ((strpos($item['body'], '<') !== false) && (strpos($item['body'], '>') !== false)) {
- $base_url = DI::baseUrl()->get();
- $item['body'] = HTML::relToAbs($item['body'], $base_url);
-
- $item['body'] = HTML::toBBCodeVideo($item['body']);
-
- $item['body'] = OEmbed::HTML2BBCode($item['body']);
-
- $config = HTMLPurifier_Config::createDefault();
- $config->set('Cache.DefinitionImpl', null);
-
- // we shouldn't need a whitelist, because the bbcode converter
- // will strip out any unsupported tags.
-
- $purifier = new HTMLPurifier($config);
- $item['body'] = $purifier->purify($item['body']);
-
- $item['body'] = @HTML::toBBCode($item['body']);
- }
-
/// @todo We should check for a repeated post and if we know the repeated author.
// We don't need the content element since "dfrn:env" is always present
$item["private"] = XML::getFirstNodeValue($xpath, "dfrn:private/text()", $entry);
+ $unlisted = XML::getFirstNodeValue($xpath, "dfrn:unlisted/text()", $entry);
+ if (!empty($unlisted) && ($item['private'] != Item::PRIVATE)) {
+ $item['private'] = Item::UNLISTED;
+ }
+
$item["extid"] = XML::getFirstNodeValue($xpath, "dfrn:extid/text()", $entry);
if (XML::getFirstNodeValue($xpath, "dfrn:bookmark/text()", $entry) == "true") {
$item["guid"] = XML::getFirstNodeValue($xpath, "dfrn:diaspora_guid/text()", $entry);
+ $item['uri-id'] = ItemURI::insert(['uri' => $item['uri'], 'guid' => $item['guid']]);
+
+ Tag::storeFromBody($item['uri-id'], $item["body"]);
+
// We store the data from "dfrn:diaspora_signature" in a different table, this is done in "Item::insert"
$dsprsig = XML::unescape(XML::getFirstNodeValue($xpath, "dfrn:diaspora_signature/text()", $entry));
if ($dsprsig != "") {
- $item["dsprsig"] = $dsprsig;
+ $signature = json_decode(base64_decode($dsprsig));
+ // We don't store the old style signatures anymore that also contained the "signature" and "signer"
+ if (!empty($signature->signed_text) && empty($signature->signature) && empty($signature->signer)) {
+ $item["diaspora_signed_text"] = $signature->signed_text;
+ }
}
$item["verb"] = XML::getFirstNodeValue($xpath, "activity:verb/text()", $entry);
$item["object"] = self::transformActivity($xpath, $object, "object");
if (trim($item["object"]) != "") {
- $r = XML::parseString($item["object"], false);
+ $r = XML::parseString($item["object"]);
if (isset($r->type)) {
$item["object-type"] = $r->type;
}
if (($term != "") && ($scheme != "")) {
$parts = explode(":", $scheme);
if ((count($parts) >= 4) && (array_shift($parts) == "X-DFRN")) {
- $termhash = array_shift($parts);
- $termurl = implode(":", $parts);
-
- if (!empty($item["tag"])) {
- $item["tag"] .= ",";
- } else {
- $item["tag"] = "";
- }
-
- $item["tag"] .= $termhash . "[url=" . $termurl . "]" . $term . "[/url]";
+ $termurl = array_pop($parts);
+ $termurl = array_pop($parts) . $termurl;
+ Tag::store($item['uri-id'], Tag::IMPLICIT_MENTION, $term, $termurl);
}
}
}
// Turn this into a wall post.
$notify = Item::isRemoteSelf($importer, $item);
- $posted_id = Item::insert($item, false, $notify);
+ $posted_id = Item::insert($item, $notify);
if ($notify) {
$posted_id = $notify;
}
$condition = ['uri' => $uri, 'uid' => $importer["importer_uid"]];
- $item = Item::selectFirst(['id', 'parent', 'contact-id', 'file', 'deleted'], $condition);
+ $item = Item::selectFirst(['id', 'parent', 'contact-id', 'file', 'deleted', 'gravity'], $condition);
if (!DBA::isResult($item)) {
Logger::log("Item with uri " . $uri . " for user " . $importer["importer_uid"] . " wasn't found.", Logger::DEBUG);
return;
}
// When it is a starting post it has to belong to the person that wants to delete it
- if (($item['id'] == $item['parent']) && ($item['contact-id'] != $importer["id"])) {
+ if (($item['gravity'] == GRAVITY_PARENT) && ($item['contact-id'] != $importer["id"])) {
Logger::log("Item with uri " . $uri . " don't belong to contact " . $importer["id"] . " - ignoring deletion.", Logger::DEBUG);
return;
}
// Comments can be deleted by the thread owner or comment owner
- if (($item['id'] != $item['parent']) && ($item['contact-id'] != $importer["id"])) {
+ if (($item['gravity'] != GRAVITY_PARENT) && ($item['contact-id'] != $importer["id"])) {
$condition = ['id' => $item['parent'], 'contact-id' => $importer["id"]];
if (!Item::exists($condition)) {
Logger::log("Item with uri " . $uri . " wasn't found or mustn't be deleted by contact " . $importer["id"] . " - ignoring deletion.", Logger::DEBUG);
Logger::log('deleting item '.$item['id'].' uri='.$uri, Logger::DEBUG);
- Item::delete(['id' => $item['id']]);
+ Item::markForDeletion(['id' => $item['id']]);
}
/**