X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fitems.php;h=4ef26fbda8a9fc6885a05b4dcac1ce6d86097ece;hb=ff5ab7e9c6b0795673938a991f4cc2d222be6bae;hp=e71c10fae4c56d70ef69643236912b240089cd9d;hpb=1088257aad2cd920af17e9ba99900194f5aa355a;p=friendica.git diff --git a/include/items.php b/include/items.php index e71c10fae4..4ef26fbda8 100755 --- a/include/items.php +++ b/include/items.php @@ -76,6 +76,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) killme(); $contact = $r[0]; + require_once('include/security.php'); $groups = init_groups_visitor($contact['id']); if(count($groups)) { @@ -378,10 +379,12 @@ function title_is_body($title, $body) { $title = strip_tags($title); $title = trim($title); + $title = html_entity_decode($title, ENT_QUOTES, 'UTF-8'); $title = str_replace(array("\n", "\r", "\t", " "), array("","","",""), $title); $body = strip_tags($body); $body = trim($body); + $body = html_entity_decode($body, ENT_QUOTES, 'UTF-8'); $body = str_replace(array("\n", "\r", "\t", " "), array("","","",""), $body); if (strlen($title) < strlen($body)) @@ -792,6 +795,8 @@ function get_atom_elements($feed,$item) { // There is some better way to parse this array - but it didn't worked for me. $child = $item->feed->data["child"][SIMPLEPIE_NAMESPACE_ATOM_10]["feed"][0]["child"][SIMPLEPIE_NAMESPACE_ATOM_10]["entry"][0]["child"]["http://activitystrea.ms/spec/1.0/"][object][0]["child"]; if (is_array($child)) { + logger('get_atom_elements: Looking for status.net repeated message'); + $message = $child["http://activitystrea.ms/spec/1.0/"]["object"][0]["child"][SIMPLEPIE_NAMESPACE_ATOM_10]["content"][0]["data"]; $author = $child[SIMPLEPIE_NAMESPACE_ATOM_10]["author"][0]["child"][SIMPLEPIE_NAMESPACE_ATOM_10]; $uri = $author["uri"][0]["data"]; @@ -800,6 +805,8 @@ function get_atom_elements($feed,$item) { $avatar = $avatar["href"]; if (($name != "") and ($uri != "") and ($avatar != "") and ($message != "")) { + logger('get_atom_elements: fixing sender of repeated message'); + $res["owner-name"] = $res["author-name"]; $res["owner-link"] = $res["author-link"]; $res["owner-avatar"] = $res["author-avatar"]; @@ -1184,6 +1191,15 @@ function tag_deliver($uid,$item_id) { // send a notification + // use a local photo if we have one + + $r = q("select * from contact where uid = %d and nurl = '%s' limit 1", + intval($u[0]['uid']), + dbesc(normalise_link($item['author-link'])) + ); + $photo = (($r && count($r)) ? $r[0]['thumb'] : $item['author-avatar']); + + require_once('include/enotify.php'); notification(array( 'type' => NOTIFY_TAGSELF, @@ -1196,11 +1212,16 @@ function tag_deliver($uid,$item_id) { 'link' => $a->get_baseurl() . '/display/' . $u[0]['nickname'] . '/' . $item['id'], 'source_name' => $item['author-name'], 'source_link' => $item['author-link'], - 'source_photo' => $item['author-avatar'], + 'source_photo' => $photo, 'verb' => ACTIVITY_TAG, 'otype' => 'item' )); + + $arr = array('item' => $item, 'user' => $u[0], 'contact' => $r[0]); + + call_hooks('tagged', $arr); + if((! $community_page) && (! $prvgroup)) return; @@ -1247,6 +1268,59 @@ function tag_deliver($uid,$item_id) { +function tgroup_check($uid,$item) { + + $a = get_app(); + + $mention = false; + + // check that the message originated elsewhere and is a top-level post + + if(($item['wall']) || ($item['origin']) || ($item['uri'] != $item['parent-uri'])) + return false; + + + $u = q("select * from user where uid = %d limit 1", + intval($uid) + ); + if(! count($u)) + return false; + + $community_page = (($u[0]['page-flags'] == PAGE_COMMUNITY) ? true : false); + $prvgroup = (($u[0]['page-flags'] == PAGE_PRVGROUP) ? true : false); + + + $link = normalise_link($a->get_baseurl() . '/profile/' . $u[0]['nickname']); + + // Diaspora uses their own hardwired link URL in @-tags + // instead of the one we supply with webfinger + + $dlink = normalise_link($a->get_baseurl() . '/u/' . $u[0]['nickname']); + + $cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism',$item['body'],$matches,PREG_SET_ORDER); + if($cnt) { + foreach($matches as $mtch) { + if(link_compare($link,$mtch[1]) || link_compare($dlink,$mtch[1])) { + $mention = true; + logger('tgroup_check: mention found: ' . $mtch[2]); + } + } + } + + if(! $mention) + return false; + + if((! $community_page) && (! $prvgroup)) + return false; + + + + return true; + +} + + + @@ -1803,6 +1877,12 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) if($pass == 1) continue; + // not allowed to post + + if($contact['rel'] == CONTACT_IS_FOLLOWER) + continue; + + // Have we seen it? If not, import it. $item_id = $item->get_id(); @@ -2077,6 +2157,14 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) $datarray['owner-avatar'] = $contact['thumb']; } + // We've allowed "followers" to reach this point so we can decide if they are + // posting an @-tag delivery, which followers are allowed to do for certain + // page types. Now that we've parsed the post, let's check if it is legit. Otherwise ignore it. + + if(($contact['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['uid'],$datarray))) + continue; + + $r = item_store($datarray); continue; @@ -2086,9 +2174,10 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) } function local_delivery($importer,$data) { - $a = get_app(); + logger(__function__, LOGGER_TRACE); + if($importer['readonly']) { // We aren't receiving stuff from this person. But we will quietly ignore them // rather than a blatant "go away" message. @@ -2223,7 +2312,7 @@ function local_delivery($importer,$data) { } -/* + // Currently unsupported - needs a lot of work $reloc = $feed->get_feed_tags( NAMESPACE_DFRN, 'relocate' ); if(isset($reloc[0]['child'][NAMESPACE_DFRN])) { @@ -2233,23 +2322,79 @@ function local_delivery($importer,$data) { $newloc['cid'] = $importer['id']; $newloc['name'] = notags(unxmlify($base['name'][0]['data'])); $newloc['photo'] = notags(unxmlify($base['photo'][0]['data'])); + $newloc['thumb'] = notags(unxmlify($base['thumb'][0]['data'])); + $newloc['micro'] = notags(unxmlify($base['micro'][0]['data'])); $newloc['url'] = notags(unxmlify($base['url'][0]['data'])); $newloc['request'] = notags(unxmlify($base['request'][0]['data'])); $newloc['confirm'] = notags(unxmlify($base['confirm'][0]['data'])); $newloc['notify'] = notags(unxmlify($base['notify'][0]['data'])); $newloc['poll'] = notags(unxmlify($base['poll'][0]['data'])); - $newloc['site-pubkey'] = notags(unxmlify($base['site-pubkey'][0]['data'])); - $newloc['pubkey'] = notags(unxmlify($base['pubkey'][0]['data'])); - $newloc['prvkey'] = notags(unxmlify($base['prvkey'][0]['data'])); + $newloc['sitepubkey'] = notags(unxmlify($base['sitepubkey'][0]['data'])); + /** relocated user must have original key pair */ + /*$newloc['pubkey'] = notags(unxmlify($base['pubkey'][0]['data'])); + $newloc['prvkey'] = notags(unxmlify($base['prvkey'][0]['data']));*/ + + logger("items:relocate contact ".print_r($newloc, true).print_r($importer, true), LOGGER_DEBUG); + + // update contact + $r = q("SELECT photo, url FROM contact WHERE id=%d AND uid=%d;", + intval($importer['id']), + intval($importer['importer_uid'])); + if ($r === false) + return 1; + $old = $r[0]; + + $x = q("UPDATE contact SET + name = '%s', + photo = '%s', + thumb = '%s', + micro = '%s', + url = '%s', + request = '%s', + confirm = '%s', + notify = '%s', + poll = '%s', + `site-pubkey` = '%s' + WHERE id=%d AND uid=%d;", + dbesc($newloc['name']), + dbesc($newloc['photo']), + dbesc($newloc['thumb']), + dbesc($newloc['micro']), + dbesc($newloc['url']), + dbesc($newloc['request']), + dbesc($newloc['confirm']), + dbesc($newloc['notify']), + dbesc($newloc['poll']), + dbesc($newloc['sitepubkey']), + intval($importer['id']), + intval($importer['importer_uid'])); + + if ($x === false) + return 1; + // update items + $fields = array( + 'owner-link' => array($old['url'], $newloc['url']), + 'author-link' => array($old['url'], $newloc['url']), + 'owner-avatar' => array($old['photo'], $newloc['photo']), + 'author-avatar' => array($old['photo'], $newloc['photo']), + ); + foreach ($fields as $n=>$f){ + $x = q("UPDATE item SET `%s`='%s' WHERE `%s`='%s' AND uid=%d", + $n, dbesc($f[1]), + $n, dbesc($f[0]), + intval($importer['importer_uid'])); + if ($x === false) + return 1; + } // TODO // merge with current record, current contents have priority // update record, set url-updated // update profile photos // schedule a scan? - + return 0; } -*/ + // handle friend suggestion notification @@ -2620,22 +2765,32 @@ function local_delivery($importer,$data) { // Specifically, the recipient? $is_a_remote_comment = false; - - // POSSIBLE CLEANUP --> Why select so many fields when only forum_mode and wall are used? - $r = q("select `item`.`id`, `item`.`uri`, `item`.`tag`, `item`.`forum_mode`,`item`.`origin`,`item`.`wall`, - `contact`.`name`, `contact`.`url`, `contact`.`thumb` from `item` - LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - WHERE `item`.`uri` = '%s' AND (`item`.`parent-uri` = '%s' or `item`.`thr-parent` = '%s') - AND `item`.`uid` = %d - $sql_extra + $top_uri = $parent_uri; + + $r = q("select `item`.`parent-uri` from `item` + WHERE `item`.`uri` = '%s' LIMIT 1", - dbesc($parent_uri), - dbesc($parent_uri), - dbesc($parent_uri), - intval($importer['importer_uid']) + dbesc($parent_uri) ); - if($r && count($r)) - $is_a_remote_comment = true; + if($r && count($r)) { + $top_uri = $r[0]['parent-uri']; + + // POSSIBLE CLEANUP --> Why select so many fields when only forum_mode and wall are used? + $r = q("select `item`.`id`, `item`.`uri`, `item`.`tag`, `item`.`forum_mode`,`item`.`origin`,`item`.`wall`, + `contact`.`name`, `contact`.`url`, `contact`.`thumb` from `item` + LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` + WHERE `item`.`uri` = '%s' AND (`item`.`parent-uri` = '%s' or `item`.`thr-parent` = '%s') + AND `item`.`uid` = %d + $sql_extra + LIMIT 1", + dbesc($top_uri), + dbesc($top_uri), + dbesc($top_uri), + intval($importer['importer_uid']) + ); + if($r && count($r)) + $is_a_remote_comment = true; + } // Does this have the characteristics of a community or private group comment? // If it's a reply to a wall post on a community/prvgroup page it's a @@ -2689,15 +2844,6 @@ function local_delivery($importer,$data) { } - // TODO: make this next part work against both delivery threads of a community post - -// if((! link_compare($datarray['author-link'],$importer['url'])) && (! $community)) { -// logger('local_delivery: received relay claiming to be from ' . $importer['url'] . ' however comment author url is ' . $datarray['author-link'] ); - // they won't know what to do so don't report an error. Just quietly die. -// return 0; -// } - - // our user with $importer['importer_uid'] is the owner $own = q("select name,url,thumb from contact where uid = %d and self = 1 limit 1", intval($importer['importer_uid']) @@ -2767,15 +2913,6 @@ function local_delivery($importer,$data) { } } -// if($community) { -// $newtag = '@[url=' . $a->get_baseurl() . '/profile/' . $importer['nickname'] . ']' . $importer['username'] . '[/url]'; -// if(! stristr($datarray['tag'],$newtag)) { -// if(strlen($datarray['tag'])) -// $datarray['tag'] .= ','; -// $datarray['tag'] .= $newtag; -// } -// } - $posted_id = item_store($datarray); $parent = 0; @@ -2845,6 +2982,9 @@ function local_delivery($importer,$data) { $item_id = $item->get_id(); $datarray = get_atom_elements($feed,$item); + if($importer['rel'] == CONTACT_IS_FOLLOWER) + continue; + $r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['importer_uid']) @@ -2939,7 +3079,7 @@ function local_delivery($importer,$data) { if(!x($datarray['type']) || $datarray['type'] != 'activity') { $myconv = q("SELECT `author-link`, `author-avatar`, `parent` FROM `item` WHERE `parent-uri` = '%s' AND `uid` = %d AND `parent` != 0 AND `deleted` = 0", - dbesc($parent_uri), + dbesc($top_uri), intval($importer['importer_uid']) ); @@ -3079,6 +3219,9 @@ function local_delivery($importer,$data) { $datarray['owner-avatar'] = $importer['thumb']; } + if(($importer['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['importer_uid'],$datarray))) + continue; + $posted_id = item_store($datarray); if(stristr($datarray['verb'],ACTIVITY_POKE)) { @@ -3152,7 +3295,7 @@ function new_follower($importer,$contact,$datarray,$item,$sharing = false) { if(is_array($contact)) { if(($contact['network'] == NETWORK_OSTATUS && $contact['rel'] == CONTACT_IS_SHARING) || ($sharing && $contact['rel'] == CONTACT_IS_FOLLOWER)) { - $r = q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(CONTACT_IS_FRIEND), intval($contact['id']), intval($importer['uid']) @@ -3821,10 +3964,10 @@ function drop_item($id,$interactive = true) { // send the notification upstream/downstream as the case may be + proc_run('php',"include/notifier.php","drop","$drop_id"); + if(! $interactive) return $owner; - - proc_run('php',"include/notifier.php","drop","$drop_id"); goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); //NOTREACHED }