X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=classes%2FNotice.php;h=83d5d5fd577e73cb953ccf31c45915e1c900b8f2;hb=3bdb80a182b0fca7840d097be628a29a56e0c542;hp=6314ff534a0a23846e2a11f06e716826b618c299;hpb=d968247f754d66f76e5715b3d1e6933328270eaa;p=quix0rs-gnu-social.git diff --git a/classes/Notice.php b/classes/Notice.php index 6314ff534a..83d5d5fd57 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -55,10 +55,10 @@ class Notice extends Managed_DataObject public $__table = 'notice'; // table name public $id; // int(4) primary_key not_null public $profile_id; // int(4) multiple_key not_null - public $uri; // varchar(255) unique_key + public $uri; // varchar(191) unique_key not 255 because utf8mb4 takes more space public $content; // text public $rendered; // text - public $url; // varchar(255) + public $url; // varchar(191) not 255 because utf8mb4 takes more space public $created; // datetime multiple_key not_null default_0000-00-00%2000%3A00%3A00 public $modified; // timestamp not_null default_CURRENT_TIMESTAMP public $reply_to; // int(4) @@ -70,8 +70,8 @@ class Notice extends Managed_DataObject public $location_id; // int(4) public $location_ns; // int(4) public $repeat_of; // int(4) - public $verb; // varchar(255) - public $object_type; // varchar(255) + public $verb; // varchar(191) not 255 because utf8mb4 takes more space + public $object_type; // varchar(191) not 255 because utf8mb4 takes more space public $scope; // int(4) /* the code above is auto generated do not remove the tag below */ @@ -83,10 +83,10 @@ class Notice extends Managed_DataObject 'fields' => array( 'id' => array('type' => 'serial', 'not null' => true, 'description' => 'unique identifier'), 'profile_id' => array('type' => 'int', 'not null' => true, 'description' => 'who made the update'), - 'uri' => array('type' => 'varchar', 'length' => 255, 'description' => 'universally unique identifier, usually a tag URI'), + 'uri' => array('type' => 'varchar', 'length' => 191, 'description' => 'universally unique identifier, usually a tag URI'), 'content' => array('type' => 'text', 'description' => 'update content', 'collate' => 'utf8_general_ci'), 'rendered' => array('type' => 'text', 'description' => 'HTML version of the content'), - 'url' => array('type' => 'varchar', 'length' => 255, 'description' => 'URL of any attachment (image, video, bookmark, whatever)'), + 'url' => array('type' => 'varchar', 'length' => 191, 'description' => 'URL of any attachment (image, video, bookmark, whatever)'), 'created' => array('type' => 'datetime', 'not null' => true, 'description' => 'date this record was created'), 'modified' => array('type' => 'timestamp', 'not null' => true, 'description' => 'date this record was modified'), 'reply_to' => array('type' => 'int', 'description' => 'notice replied to (usually a guess)'), @@ -98,8 +98,8 @@ class Notice extends Managed_DataObject 'location_id' => array('type' => 'int', 'description' => 'location id if possible'), 'location_ns' => array('type' => 'int', 'description' => 'namespace for location'), 'repeat_of' => array('type' => 'int', 'description' => 'notice this is a repeat of'), - 'object_type' => array('type' => 'varchar', 'length' => 255, 'description' => 'URI representing activity streams object type', 'default' => 'http://activitystrea.ms/schema/1.0/note'), - 'verb' => array('type' => 'varchar', 'length' => 255, 'description' => 'URI representing activity streams verb', 'default' => 'http://activitystrea.ms/schema/1.0/post'), + 'object_type' => array('type' => 'varchar', 'length' => 191, 'description' => 'URI representing activity streams object type', 'default' => 'http://activitystrea.ms/schema/1.0/note'), + 'verb' => array('type' => 'varchar', 'length' => 191, 'description' => 'URI representing activity streams verb', 'default' => 'http://activitystrea.ms/schema/1.0/post'), 'scope' => array('type' => 'int', 'description' => 'bit map for distribution scope; 0 = everywhere; 1 = this server only; 2 = addressees; 4 = followers; null = default'), ), @@ -128,7 +128,7 @@ class Notice extends Managed_DataObject return $def; } - + /* Notice types */ const LOCAL_PUBLIC = 1; const REMOTE = 0; @@ -142,7 +142,7 @@ class Notice extends Managed_DataObject const FOLLOWER_SCOPE = 8; protected $_profile = array(); - + /** * Will always return a profile, if anything fails it will * (through _setProfile) throw a NoProfileException. @@ -157,7 +157,7 @@ class Notice extends Managed_DataObject } return $this->_profile[$this->profile_id]; } - + public function _setProfile(Profile $profile=null) { if (!$profile instanceof Profile) { @@ -268,7 +268,7 @@ class Notice extends Managed_DataObject } return $title; } - + public function getContent() { return $this->content; @@ -276,19 +276,21 @@ class Notice extends Managed_DataObject /* * Get the original representation URL of this notice. + * + * @param boolean $fallback Whether to fall back to generate a local URL or throw InvalidUrlException */ - public function getUrl() + public function getUrl($fallback=false) { // The risk is we start having empty urls and non-http uris... // and we can't really handle any other protocol right now. switch (true) { case common_valid_http_url($this->url): // should we allow non-http/https URLs? return $this->url; - case $this->isLocal(): + case !$this->isLocal() && common_valid_http_url($this->uri): // Sometimes we only have the URI for remote posts. + return $this->uri; + case $this->isLocal() || $fallback: // let's generate a valid link to our locally available notice on demand return common_local_url('shownotice', array('notice' => $this->id), null, null, false); - case common_valid_http_url($this->uri): - return $this->uri; default: common_debug('No URL available for notice: id='.$this->id); throw new InvalidUrlException($this->url); @@ -311,6 +313,16 @@ class Notice extends Managed_DataObject return $notice; } + public static function getById($id) + { + $notice = new Notice(); + $notice->id = $id; + if (!$notice->find(true)) { + throw new NoResultException($notice); + } + return $notice; + } + /** * Extract #hashtags from this notice's content and save them to the database. */ @@ -540,8 +552,7 @@ class Notice extends Managed_DataObject throw new ClientException(_('You cannot repeat your own notice.')); } - if ($repeat->scope != Notice::SITE_SCOPE && - $repeat->scope != Notice::PUBLIC_SCOPE) { + if ($repeat->isPrivateScope()) { // TRANS: Client error displayed when trying to repeat a non-public notice. throw new ClientException(_('Cannot repeat a private notice.'), 403); } @@ -675,7 +686,7 @@ class Notice extends Managed_DataObject $notice->insert(); // throws exception on failure // If it's not part of a conversation, it's // the beginning of a new conversation. - if (empty($notice->conversation)) { + if (empty($notice->conversation)) { $orig = clone($notice); // $act->context->conversation will be null if it was not provided $conv = Conversation::create($notice, $options['conversation']); @@ -778,7 +789,7 @@ class Notice extends Managed_DataObject 'distribute' => true); // options will have default values when nothing has been supplied - $options = array_merge($defaults, $options); + $options = array_merge($defaults, $options); foreach (array_keys($defaults) as $key) { // Only convert the keynames we specify ourselves from 'defaults' array into variables $$key = $options[$key]; @@ -893,6 +904,12 @@ class Notice extends Managed_DataObject $stored->insert(); // throws exception on error $orig = clone($stored); // for updating later in this try clause + $object = null; + Event::handle('StoreActivityObject', array($act, $stored, $options, &$object)); + if (empty($object)) { + throw new ServerException('Unsuccessful call to StoreActivityObject '.$stored->uri . ': '.$act->asString()); + } + // If it's not part of a conversation, it's // the beginning of a new conversation. if (empty($stored->conversation)) { @@ -901,12 +918,6 @@ class Notice extends Managed_DataObject $stored->conversation = $conv->id; } - $object = null; - Event::handle('StoreActivityObject', array($act, $stored, $options, &$object)); - if (empty($object)) { - throw new ServerException('No object from StoreActivityObject '.$stored->uri . ': '.$act->asString()); - } - $stored->object_type = ActivityUtils::resolveUri($object->getObjectType(), true); $stored->update($orig); } catch (Exception $e) { if (empty($stored->id)) { @@ -958,7 +969,7 @@ class Notice extends Managed_DataObject // Prepare inbox delivery, may be queued to background. $stored->distribute(); } - + return $stored; } @@ -998,6 +1009,7 @@ class Notice extends Managed_DataObject if ($this->isPublic()) { $this->blowStream('public'); + $this->blowStream('networkpublic'); } self::blow('notice:list-ids:conversation:%s', $this->conversation); @@ -1042,6 +1054,7 @@ class Notice extends Managed_DataObject if ($this->isPublic()) { self::blow('public;last'); + self::blow('networkpublic;last'); } self::blow('fave:by_notice', $this->id); @@ -1066,13 +1079,9 @@ class Notice extends Managed_DataObject } $args = func_get_args(); - $format = array_shift($args); - $keyPart = vsprintf($format, $args); - $cacheKey = Cache::key($keyPart); - $c->delete($cacheKey); // delete the "last" stream, too, if this notice is @@ -1114,7 +1123,7 @@ class Notice extends Managed_DataObject * * @return void */ - function saveKnownUrls($urls) + function saveKnownUrls(array $urls) { if (common_config('attachments', 'process_links')) { // @fixme validation? @@ -1186,24 +1195,20 @@ class Notice extends Managed_DataObject } protected $_attachments = array(); - + function attachments() { if (isset($this->_attachments[$this->id])) { return $this->_attachments[$this->id]; } - + $f2ps = File_to_post::listGet('post_id', array($this->id)); - $ids = array(); - foreach ($f2ps[$this->id] as $f2p) { - $ids[] = $f2p->file_id; + $ids[] = $f2p->file_id; } - - $files = File::multiGet('id', $ids); + $files = File::multiGet('id', $ids); $this->_attachments[$this->id] = $files->fetchAll(); - return $this->_attachments[$this->id]; } @@ -1285,7 +1290,7 @@ class Notice extends Managed_DataObject $root->free(); return $root; } - + if (is_null($profile)) { $keypart = sprintf('notice:conversation_root:%d:null', $this->id); } else { @@ -1293,7 +1298,7 @@ class Notice extends Managed_DataObject $this->id, $profile->id); } - + $root = self::cacheGet($keypart); if ($root !== false && $root->inScope($profile)) { @@ -1492,7 +1497,7 @@ class Notice extends Managed_DataObject foreach (array_unique($group_ids) as $id) { $group = User_group::getKV('id', $id); if ($group instanceof User_group) { - common_log(LOG_ERR, "Local delivery to group id $id, $group->nickname"); + common_log(LOG_DEBUG, "Local delivery to group id $id, $group->nickname"); $result = $this->addToGroupInbox($group); if (!$result) { common_log_db_error($gi, 'INSERT', __FILE__); @@ -1688,12 +1693,12 @@ class Notice extends Managed_DataObject $ids[] = $reply->profile_id; } - $this->_replies[$this->id] = $ids; + $this->_setReplies($ids); return $ids; } - function _setReplies($replies) + function _setReplies(array $replies) { $this->_replies[$this->id] = $replies; } @@ -1706,9 +1711,9 @@ class Notice extends Managed_DataObject function getReplyProfiles() { $ids = $this->getReplies(); - + $profiles = Profile::multiGet('id', $ids); - + return $profiles->fetchAll(); } @@ -1746,9 +1751,9 @@ class Notice extends Managed_DataObject * * @return array of Group objects */ - + protected $_groups = array(); - + function getGroups() { // Don't save groups for repeats @@ -1756,28 +1761,25 @@ class Notice extends Managed_DataObject if (!empty($this->repeat_of)) { return array(); } - + if (isset($this->_groups[$this->id])) { return $this->_groups[$this->id]; } - + $gis = Group_inbox::listGet('notice_id', array($this->id)); $ids = array(); - foreach ($gis[$this->id] as $gi) - { + foreach ($gis[$this->id] as $gi) { $ids[] = $gi->group_id; } - + $groups = User_group::multiGet('id', $ids); - - $this->_groups[$this->id] = $groups->fetchAll(); - + $this->_setGroups($groups->fetchAll()); return $this->_groups[$this->id]; } - - function _setGroups($groups) + + function _setGroups(array $groups) { $this->_groups[$this->id] = $groups; } @@ -1818,17 +1820,7 @@ class Notice extends Managed_DataObject $act->verb = $this->verb; - if ($this->repeat_of) { - $repeated = Notice::getKV('id', $this->repeat_of); - if ($repeated instanceof Notice) { - // TRANS: A repeat activity's title. %1$s is repeater's nickname - // and %2$s is the repeated user's nickname. - $act->title = sprintf(_('%1$s repeated a notice by %2$s'), - $this->getProfile()->getNickname(), - $repeated->getProfile()->getNickname()); - $act->objects[] = $repeated->asActivity($scoped); - } - } else { + if (!$this->repeat_of) { $act->objects[] = $this->asActivityObject(); } @@ -1851,9 +1843,9 @@ class Notice extends Managed_DataObject $attachments = $this->attachments(); foreach ($attachments as $attachment) { - // Save local attachments + // Include local attachments in Activity if (!empty($attachment->filename)) { - $act->attachments[] = ActivityObject::fromFile($attachment); + $act->enclosures[] = $attachment->getEnclosure(); } } @@ -2158,7 +2150,7 @@ class Notice extends Managed_DataObject // Unfortunately this is likely to lose tags or URLs // at the end of long notices. $content = mb_substr($content, 0, $maxlen - 4) . ' ...'; - } + } // Scope is same as this one's @@ -2502,6 +2494,37 @@ class Notice extends Managed_DataObject */ public function getTags() { + // Check default scope (non-private notices) + $inScope = (!$this->isPrivateScope()); + + // Get current profile + $profile = Profile::current(); + + // Is the general scope check okay and the user in logged in? + //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . ']: inScope=' . intval($inScope) . ',profile[]=' . gettype($profile)); + if (($inScope === TRUE) && ($profile instanceof Profile)) { + /* + * Check scope, else a privacy leaks happens this way: + * + * 1) Bob and Alice follow each other and write private notices + * (this->scope=2) to each other. + * 2) Bob uses tags in his private notice to alice (which she can + * read from him). + * 3) Alice adds that notice (with tags) to her favorites + * ("faving") it. + * 4) The tags from Bob's private notice becomes visible in Alice's + * profile. + * + * This has the simple background that the scope is not being + * re-checked. This has to be done here at this point because given + * above scenario is a privacy leak as the tags may be *really* + * private (nobody else shall see them) such as initmate words or + * very political words. + */ + $inScope = $this->inScope($profile); + //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . ']: inScope=' . intval($inScope) . ' - After inScope() has been called.'); + } + $tags = array(); $keypart = sprintf('notice:tags:%d', $this->id); @@ -2513,7 +2536,9 @@ class Notice extends Managed_DataObject } else { $tag = new Notice_tag(); $tag->notice_id = $this->id; - if ($tag->find()) { + + // Check scope for privacy-leak protection (see some lines above why) + if (($inScope === TRUE) && ($tag->find())) { while ($tag->fetch()) { $tags[] = $tag->tag; } @@ -2637,12 +2662,13 @@ class Notice extends Managed_DataObject function isPublic() { - if (common_config('public', 'localonly')) { - return ($this->is_local == Notice::LOCAL_PUBLIC); - } else { - return (($this->is_local != Notice::LOCAL_NONPUBLIC) && - ($this->is_local != Notice::GATEWAY)); - } + return (($this->is_local != Notice::LOCAL_NONPUBLIC) && + ($this->is_local != Notice::GATEWAY)); + } + + public function isPrivateScope () { + return ($this->scope != Notice::SITE_SCOPE && + $this->scope != Notice::PUBLIC_SCOPE); } /** @@ -2659,7 +2685,7 @@ class Notice extends Managed_DataObject * * @return boolean whether the profile is in the notice's scope */ - function inScope($profile) + function inScope(Profile $profile=null) { if (is_null($profile)) { $keypart = sprintf('notice:in-scope-for:%d:null', $this->id); @@ -2682,7 +2708,7 @@ class Notice extends Managed_DataObject return ($result == 1) ? true : false; } - protected function _inScope($profile) + protected function _inScope(Profile $profile=null) { if (!is_null($this->scope)) { $scope = $this->scope; @@ -2690,89 +2716,69 @@ class Notice extends Managed_DataObject $scope = self::defaultScope(); } - // If there's no scope, anyone (even anon) is in scope. - - if ($scope == 0) { // Not private - + if ($scope == 0 && !$this->getProfile()->isPrivateStream()) { // Not scoping, so it is public. return !$this->isHiddenSpam($profile); + } - } else { // Private, somehow - - // If there's scope, anon cannot be in scope + // If there's scope, anon cannot be in scope + if (empty($profile)) { + return false; + } - if (empty($profile)) { - return false; - } + // Author is always in scope + if ($this->profile_id == $profile->id) { + return true; + } - // Author is always in scope + // Only for users on this site + if (($scope & Notice::SITE_SCOPE) && !$profile->isLocal()) { + return false; + } - if ($this->profile_id == $profile->id) { - return true; - } + // Only for users mentioned in the notice + if ($scope & Notice::ADDRESSEE_SCOPE) { - // Only for users on this site + $reply = Reply::pkeyGet(array('notice_id' => $this->id, + 'profile_id' => $profile->id)); - if (($scope & Notice::SITE_SCOPE) && !$profile->isLocal()) { + if (!$reply instanceof Reply) { return false; } + } - // Only for users mentioned in the notice - - if ($scope & Notice::ADDRESSEE_SCOPE) { - - $reply = Reply::pkeyGet(array('notice_id' => $this->id, - 'profile_id' => $profile->id)); - - if (!$reply instanceof Reply) { - return false; - } - } - - // Only for members of the given group - - if ($scope & Notice::GROUP_SCOPE) { - - // XXX: just query for the single membership + // Only for members of the given group + if ($scope & Notice::GROUP_SCOPE) { - $groups = $this->getGroups(); + // XXX: just query for the single membership - $foundOne = false; + $groups = $this->getGroups(); - foreach ($groups as $group) { - if ($profile->isMember($group)) { - $foundOne = true; - break; - } - } + $foundOne = false; - if (!$foundOne) { - return false; + foreach ($groups as $group) { + if ($profile->isMember($group)) { + $foundOne = true; + break; } } - // Only for followers of the author - - $author = null; + if (!$foundOne) { + return false; + } + } - if ($scope & Notice::FOLLOWER_SCOPE) { + if ($scope & Notice::FOLLOWER_SCOPE || $this->getProfile()->isPrivateStream()) { - try { - $author = $this->getProfile(); - } catch (Exception $e) { - return false; - } - - if (!Subscription::exists($profile, $author)) { - return false; - } + if (!Subscription::exists($profile, $this->getProfile())) { + return false; } - - return !$this->isHiddenSpam($profile); } + + return !$this->isHiddenSpam($profile); } - function isHiddenSpam($profile) { - + function isHiddenSpam(Profile $profile=null) { + // Hide posts by silenced users from everyone but moderators. if (common_config('notice', 'hidespam')) { @@ -2822,7 +2828,7 @@ class Notice extends Managed_DataObject $skip = array('_profile', '_groups', '_attachments', '_faves', '_replies', '_repeats'); return array_diff($vars, $skip); } - + static function defaultScope() { $scope = common_config('notice', 'defaultscope'); @@ -2836,10 +2842,9 @@ class Notice extends Managed_DataObject return $scope; } - static function fillProfiles($notices) + static function fillProfiles(array $notices) { $map = self::getProfiles($notices); - foreach ($notices as $entry=>$notice) { try { if (array_key_exists($notice->profile_id, $map)) { @@ -2850,42 +2855,35 @@ class Notice extends Managed_DataObject unset($notices[$entry]); } } - + return array_values($map); } - - static function getProfiles(&$notices) + + static function getProfiles(array &$notices) { $ids = array(); foreach ($notices as $notice) { $ids[] = $notice->profile_id; } - $ids = array_unique($ids); - - return Profile::pivotGet('id', $ids); + return Profile::pivotGet('id', $ids); } - - static function fillGroups(&$notices) + + static function fillGroups(array &$notices) { $ids = self::_idsOf($notices); - $gis = Group_inbox::listGet('notice_id', $ids); - $gids = array(); - foreach ($gis as $id => $gi) - { + foreach ($gis as $id => $gi) { foreach ($gi as $g) { $gids[] = $g->group_id; } } - + $gids = array_unique($gids); - $group = User_group::pivotGet('id', $gids); - foreach ($notices as $notice) { $grps = array(); @@ -2906,24 +2904,19 @@ class Notice extends Managed_DataObject return array_keys($ids); } - static function fillAttachments(&$notices) + static function fillAttachments(array &$notices) { $ids = self::_idsOf($notices); - $f2pMap = File_to_post::listGet('post_id', $ids); - $fileIds = array(); - foreach ($f2pMap as $noticeId => $f2ps) { foreach ($f2ps as $f2p) { - $fileIds[] = $f2p->file_id; + $fileIds[] = $f2p->file_id; } } $fileIds = array_unique($fileIds); - $fileMap = File::pivotGet('id', $fileIds); - foreach ($notices as $notice) { $files = array(); @@ -2935,7 +2928,7 @@ class Notice extends Managed_DataObject } } - static function fillReplies(&$notices) + static function fillReplies(array &$notices) { $ids = self::_idsOf($notices); $replyMap = Reply::listGet('notice_id', $ids); @@ -2949,30 +2942,36 @@ class Notice extends Managed_DataObject } } - protected $_repeats = array(); + /** + * Checks whether the current profile is allowed (in scope) to see this notice. + * + * @return $inScope Whether the current profile is allowed to see this notice + */ + function isCurrentProfileInScope () { + // Check scope, default is allowed + $inScope = TRUE; - function getRepeats() - { - if (isset($this->_repeats[$this->id])) { - return $this->_repeats[$this->id]; - } - $repeatMap = Notice::listGet('repeat_of', array($this->id)); - $this->_repeats[$this->id] = $repeatMap[$this->id]; - return $this->_repeats[$this->id]; - } + //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',this->id=' . $this->id . ',this->scope=' . $this->scope); - function _setRepeats($repeats) - { - $this->_repeats[$this->id] = $repeats; - } + // Is it private scope? + if ($this->isPrivateScope()) { + // 2) Get current profile + $profile = Profile::current(); - static function fillRepeats(&$notices) - { - $ids = self::_idsOf($notices); - $repeatMap = Notice::listGet('repeat_of', $ids); - foreach ($notices as $notice) { - $repeats = $repeatMap[$notice->id]; - $notice->_setRepeats($repeats); + // Is the profile not set? + if (!$profile instanceof Profile) { + // Public viewer shall not see a tag from a private dent (privacy leak) + //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] Not logged in (public view).'); + $inScope = FALSE; + } elseif (!$this->inScope($profile)) { + // Current profile is not in scope (not allowed to see) of notice + //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] profile->id=' . $profile->id . ' is not allowed to see this notice.'); + $inScope = FALSE; + } } + + // Return result + //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',this->weight=' . $this->weight . ',inScope=' . intval($inScope) . ' - EXIT!'); + return $inScope; } }