X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fitems.php;h=7b0ff2ce6b09e0fbd936012674c6f1fe61585335;hb=2fc89deaeae0341aa12b6b811927e793011055d1;hp=cca9e0401d9086b7ec495e760edc567c6a6fb8fc;hpb=34a8fb935d9619c5114981862dfe2949a90f09bb;p=friendica.git diff --git a/include/items.php b/include/items.php index cca9e0401d..7b0ff2ce6b 100644 --- a/include/items.php +++ b/include/items.php @@ -2,7 +2,7 @@ require_once('bbcode.php'); -function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update, $direction = 0) { +function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) { // default permissions - anonymous user @@ -14,13 +14,14 @@ function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update, $direction = 0) { AND `deny_gid` = '' "; - if(strlen($owner_id) && ! intval($owner_id)) { - $r = q("SELECT `uid`, `nickname` FROM `user` WHERE `nickname` = '%s' LIMIT 1", - dbesc($owner_id) + if(strlen($owner_nick) && ! intval($owner_nick)) { + $r = q("SELECT `uid`, `nickname`, `timezone` FROM `user` WHERE `nickname` = '%s' LIMIT 1", + dbesc($owner_nick) ); if(count($r)) { $owner_id = $r[0]['uid']; $owner_nick = $r[0]['nickname']; + $owner_tz = $r[0]['timezone']; } } @@ -34,6 +35,45 @@ function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update, $direction = 0) { else killme(); + + /** + * + * Determine the next birthday, but only if the birthday is published + * in the default profile. We _could_ also look for a private profile that the + * recipient can see, but somebody could get mad at us if they start getting + * public birthday greetings when they haven't made this info public. + * + * Assuming we are able to publish this info, we are then going to convert + * the start time from the owner's timezone to UTC. + * + * This will potentially solve the problem found with some social networks + * where birthdays are converted to the viewer's timezone and salutations from + * elsewhere in the world show up on the wrong day. We will convert it to the + * viewer's timezone also, but first we are going to convert it from the birthday + * person's timezone to GMT - so the viewer may find the birthday starting at + * 6:00PM the day before, but that will correspond to midnight to the birthday person. + * + */ + + $birthday = ''; + + $p = q("SELECT `dob` FROM `profile` WHERE `is-default` = 1 AND `uid` = %d LIMIT 1", + intval($owner_id) + ); + + if($p && count($p)) { + $tmp_dob = substr($p[0]['dob'],5); + if(intval($tmp_dob)) { + $y = datetime_convert($owner_tz,$owner_tz,'now','Y'); + $bd = $y . '-' . $tmp_dob . ' 00:00'; + $t_dob = strtotime($bd); + $now = strtotime(datetime_convert($owner_tz,$owner_tz,'now')); + if($t_dob < $now) + $bd = $y + 1 . '-' . $tmp_dob . ' 00:00'; + $birthday = datetime_convert($owner_tz,'UTC',$bd,ATOM_TIME); + } + } + if($dfrn_id && $dfrn_id != '*') { $sql_extra = ''; @@ -143,6 +183,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update, $direction = 0) { $atom .= replace_macros($feed_template, array( + '$version' => xmlify(FRIENDIKA_VERSION), '$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick), '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now' , ATOM_TIME)) , @@ -154,11 +195,16 @@ function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update, $direction = 0) { '$thumb' => xmlify($owner['thumb']), '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , - '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) + '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , + '$birthday' => ((strlen($birthday)) ? '' . xmlify($birthday) . '' : '') )); + call_hooks('atom_feed', $atom); if(! count($items)) { + + call_hooks('atom_feed_end', $atom); + $atom .= '' . "\r\n"; return $atom; } @@ -177,7 +223,10 @@ function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update, $direction = 0) { $atom .= atom_entry($item,$type,null,$owner,true); } + call_hooks('atom_feed_end', $atom); + $atom .= '' . "\r\n"; + return $atom; } @@ -332,7 +381,7 @@ function get_atom_elements($feed,$item) { // It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust // the content type. Our own network only emits text normally, though it might have been converted to - // html if we used a pubsubhubbub transport. But if we see even one html open tag in our text, we will + // html if we used a pubsubhubbub transport. But if we see even one html tag in our text, we will // have to assume it is all html and needs to be purified. // It doesn't matter all that much security wise - because before this content is used anywhere, we are @@ -341,7 +390,7 @@ function get_atom_elements($feed,$item) { // html. - if(strpos($res['body'],'<')) { + if((strpos($res['body'],'<')) || (strpos($res['body'],'>'))) { $res['body'] = preg_replace('#]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?#s', '[youtube]$1[/youtube]', $res['body']); @@ -355,11 +404,12 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $res['body'] = $purifier->purify($res['body']); - } + $res['body'] = html2bbcode($res['body']); + } + else + $res['body'] = escape_tags($res['body']); - $res['body'] = html2bbcode($res['body']); - $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) @@ -367,19 +417,35 @@ function get_atom_elements($feed,$item) { else $res['last-child'] = 0; - $rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'published'); - if($rawcreated) - $res['created'] = unxmlify($rawcreated[0]['data']); + $private = $item->get_item_tags(NAMESPACE_DFRN,'private'); + if($private && $private[0]['data'] == 1) + $res['private'] = 1; + else + $res['private'] = 0; + $rawlocation = $item->get_item_tags(NAMESPACE_DFRN, 'location'); if($rawlocation) $res['location'] = unxmlify($rawlocation[0]['data']); + $rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'published'); + if($rawcreated) + $res['created'] = unxmlify($rawcreated[0]['data']); + + $rawedited = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'updated'); if($rawedited) $res['edited'] = unxmlify($rawcreated[0]['data']); + + if(! $res['created']) + $res['created'] = $item->get_date(); + + if(! $res['edited']) + $res['edited'] = $item->get_date(); + + $rawowner = $item->get_item_tags(NAMESPACE_DFRN, 'owner'); if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']) $res['owner-name'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']); @@ -407,9 +473,19 @@ function get_atom_elements($feed,$item) { $rawverb = $item->get_item_tags(NAMESPACE_ACTIVITY, 'verb'); + // select between supported verbs - if($rawverb) + + if($rawverb) { $res['verb'] = unxmlify($rawverb[0]['data']); + } + + // translate OStatus unfollow to activity streams if it happened to get selected + + if((x($res,'verb')) && ($res['verb'] === 'http://ostatus.org/schema/1.0/unfollow')) + $res['verb'] = ACTIVITY_UNFOLLOW; + + $rawobj = $item->get_item_tags(NAMESPACE_ACTIVITY, 'object'); @@ -429,7 +505,9 @@ function get_atom_elements($feed,$item) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['content'][0]['data']; if(! $body) $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; - if(strpos($body,'<')) { + // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events + $res['object'] .= '' . xmlify($body) . '' . "\n"; + if((strpos($body,'<')) || (strpos($body,'>'))) { $body = preg_replace('#]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?#s', '[youtube]$1[/youtube]', $body); @@ -439,9 +517,11 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $body = $purifier->purify($body); + $body = html2bbcode($body); } + else + $body = escape_tags($body); - $body = html2bbcode($body); $res['object'] .= '' . $body . '' . "\n"; } @@ -466,7 +546,9 @@ function get_atom_elements($feed,$item) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['content'][0]['data']; if(! $body) $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; - if(strpos($body,'<')) { + // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events + $res['object'] .= '' . xmlify($body) . '' . "\n"; + if((strpos($body,'<')) || (strpos($body,'>'))) { $body = preg_replace('#]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?#s', '[youtube]$1[/youtube]', $body); @@ -476,15 +558,21 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $body = $purifier->purify($body); + $body = html2bbcode($body); } + else + $body = escape_tags($body); - $body = html2bbcode($body); $res['target'] .= '' . $body . '' . "\n"; } $res['target'] .= '' . "\n"; } + $arr = array('feed' => $feed, 'item' => $item, 'result' => $res); + + call_hooks('parse_atom', $arr); + return $res; } @@ -499,7 +587,7 @@ function encode_rel_links($links) { if($link['attribs']['']['type']) $o .= 'type="' . $link['attribs']['']['type'] . '" '; if($link['attribs']['']['href']) - $o .= 'type="' . $link['attribs']['']['href'] . '" '; + $o .= 'href="' . $link['attribs']['']['href'] . '" '; if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['width']) $o .= 'media:width="' . $link['attribs'][NAMESPACE_MEDIA]['width'] . '" '; if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['height']) @@ -549,13 +637,19 @@ function item_store($arr) { $arr['allow_gid'] = ((x($arr,'allow_gid')) ? trim($arr['allow_gid']) : ''); $arr['deny_cid'] = ((x($arr,'deny_cid')) ? trim($arr['deny_cid']) : ''); $arr['deny_gid'] = ((x($arr,'deny_gid')) ? trim($arr['deny_gid']) : ''); + $arr['private'] = ((x($arr,'private')) ? intval($arr['private']) : 0 ); $arr['body'] = ((x($arr,'body')) ? escape_tags(trim($arr['body'])) : ''); // The content body has been through a lot of filtering and transport escaping by now. // We don't want to skip any filters, however a side effect of all this filtering - // is that ampersands will have been double encoded. + // is that ampersands and <> may have been double encoded, depending on which filter chain + // they came through. - $arr['body'] = str_replace('&amp;','&',$arr['body']); + $arr['body'] = str_replace( + array('&amp;', '&gt;', '&lt;', '&quot;'), + array('&' , '>' , '<', '"'), + $arr['body'] + ); @@ -576,6 +670,16 @@ function item_store($arr) { ); if(count($r)) { + + // is the new message multi-level threaded? + // even though we don't support it now, preserve the info + // and re-attach to the conversation parent. + + if($r[0]['uri'] != $r[0]['parent-uri']) { + $arr['thr-parent'] = $arr['parent-uri']; + $arr['parent-uri'] = $r[0]['parent-uri']; + } + $parent_id = $r[0]['id']; $allow_cid = $r[0]['allow_cid']; $allow_gid = $r[0]['allow_gid']; @@ -588,6 +692,8 @@ function item_store($arr) { } } + call_hooks('post_remote',$arr); + dbesc_array($arr); logger('item_store: ' . print_r($arr,true), LOGGER_DATA); @@ -616,15 +722,21 @@ function item_store($arr) { if($arr['parent-uri'] === $arr['uri']) $parent_id = $current_post; + if(strlen($allow_cid) || strlen($allow_gid) || strlen($deny_cid) || strlen($deny_gid)) + $private = 1; + else + $private = $arr['private']; + // Set parent id - and also make sure to inherit the parent's ACL's. $r = q("UPDATE `item` SET `parent` = %d, `allow_cid` = '%s', `allow_gid` = '%s', - `deny_cid` = '%s', `deny_gid` = '%s' WHERE `id` = %d LIMIT 1", + `deny_cid` = '%s', `deny_gid` = '%s', `private` = %d WHERE `id` = %d LIMIT 1", intval($parent_id), dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), dbesc($deny_gid), + intval($private), intval($current_post) ); @@ -644,7 +756,7 @@ function get_item_contact($item,$contacts) { } -function dfrn_deliver($owner,$contact,$atom) { +function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $a = get_app(); @@ -658,7 +770,14 @@ function dfrn_deliver($owner,$contact,$atom) { if($contact['duplex'] && $contact['issued-id']) $idtosend = '1:' . $orig_id; - $url = $contact['notify'] . '?dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION ; + $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0); + + $rino_enable = get_config('system','rino_encrypt'); + + if(! $rino_enable) + $rino = 0; + + $url = $contact['notify'] . '?dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : ''); logger('dfrn_deliver: ' . $url); @@ -679,8 +798,9 @@ function dfrn_deliver($owner,$contact,$atom) { return (($res->status) ? $res->status : 3); $postvars = array(); - $sent_dfrn_id = hex2bin($res->dfrn_id); - $challenge = hex2bin($res->challenge); + $sent_dfrn_id = hex2bin((string) $res->dfrn_id); + $challenge = hex2bin((string) $res->challenge); + $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); $final_dfrn_id = ''; @@ -707,6 +827,8 @@ function dfrn_deliver($owner,$contact,$atom) { $postvars['dfrn_id'] = $idtosend; $postvars['dfrn_version'] = DFRN_PROTOCOL_VERSION; + if($dissolve) + $postvars['dissolve'] = '1'; if(($contact['rel']) && ($contact['rel'] != REL_FAN) && (! $contact['blocked']) && (! $contact['readonly'])) { $postvars['data'] = $atom; @@ -718,9 +840,29 @@ function dfrn_deliver($owner,$contact,$atom) { $postvars['data'] = str_replace('1','0',$atom); } + if($rino && $rino_allowed && (! $dissolve)) { + $key = substr(random_string(),0,16); + $data = bin2hex(aes_encrypt($postvars['data'],$key)); + $postvars['data'] = $data; + logger('rino: sent key = ' . $key); + + if(($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { + openssl_private_encrypt($key,$postvars['key'],$contact['prvkey']); + } + else { + openssl_public_encrypt($key,$postvars['key'],$contact['pubkey']); + } + + logger('md5 rawkey ' . md5($postvars['key'])); + + $postvars['key'] = bin2hex($postvars['key']); + } + + logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA); + $xml = post_url($contact['notify'],$postvars); - logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true) . "\n" . "RECEIVING: " . $xml, LOGGER_DATA); + logger('dfrn_deliver: ' . "RECEIVED: " . $xml, LOGGER_DATA); $curl_stat = $a->get_curl_code(); if((! $curl_stat) || (! strlen($xml))) @@ -744,12 +886,12 @@ function dfrn_deliver($owner,$contact,$atom) { * $contact = the person who is sending us stuff. If not set, we MAY be processing a "follow" activity * from an external network and MAY create an appropriate contact record. Otherwise, we MUST * have a contact record. - * $hub = should wefind ahub declation in the feed, pass it back to our calling process, who might (or + * $hub = should we find a hub declation in the feed, pass it back to our calling process, who might (or * might not) try and subscribe to it. * */ -function consume_feed($xml,$importer,$contact, &$hub, $datedir = 0) { +function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0) { require_once('simplepie/simplepie.inc'); @@ -767,7 +909,7 @@ function consume_feed($xml,$importer,$contact, &$hub, $datedir = 0) { $new_name = ''; $photo_timestamp = ''; $photo_url = ''; - + $birthday = ''; $hubs = $feed->get_links('hub'); @@ -785,10 +927,14 @@ function consume_feed($xml,$importer,$contact, &$hub, $datedir = 0) { $photo_timestamp = datetime_convert('UTC','UTC',$elems['link'][0]['attribs'][NAMESPACE_DFRN]['updated']); $photo_url = $elems['link'][0]['attribs']['']['href']; } + + if((x($rawtags[0]['child'], NAMESPACE_DFRN)) && (x($rawtags[0]['child'][NAMESPACE_DFRN],'birthday'))) { + $birthday = datetime_convert('UTC','UTC', $rawtags[0]['child'][NAMESPACE_DFRN]['birthday'][0]['data']); + } } if((is_array($contact)) && ($photo_timestamp) && (strlen($photo_url)) && ($photo_timestamp > $contact['avatar-date'])) { - logger('Consume feed: Updating photo for ' . $contact['name']); + logger('consume_feed: Updating photo for ' . $contact['name']); require_once("Photo.php"); $photo_failure = false; $have_photo = false; @@ -850,9 +996,63 @@ function consume_feed($xml,$importer,$contact, &$hub, $datedir = 0) { ); } + if(strlen($birthday)) { + if(substr($birthday,0,4) != $contact['bdyear']) { + logger('consume_feed: updating birthday: ' . $birthday); + + /** + * + * Add new birthday event for this person + * + * $bdtext is just a readable placeholder in case the event is shared + * with others. We will replace it during presentation to our $importer + * to contain a sparkle link and perhaps a photo. + * + */ + + $bdtext = t('Birthday:') . ' [url=' . $contact['url'] . ']' . $contact['name'] . '[/url]' ; + + + $r = q("INSERT INTO `event` (`uid`,`cid`,`created`,`edited`,`start`,`finish`,`desc`,`type`) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s' ) ", + intval($contact['uid']), + intval($contact['id']), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc(datetime_convert('UTC','UTC', $birthday)), + dbesc(datetime_convert('UTC','UTC', $birthday . ' + 1 day ')), + dbesc($bdtext), + dbesc('birthday') + ); + + + // update bdyear + + q("UPDATE `contact` SET `bdyear` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", + dbesc(substr($birthday,0,4)), + intval($contact['uid']), + intval($contact['id']) + ); + + // This function is called twice without reloading the contact + // Make sure we only create one event. This is why &$contact + // is a reference var in this function + + $contact['bdyear'] = substr($birthday,0,4); + } + + } + // Now process the feed if($feed->get_item_quantity()) { - foreach($feed->get_items() as $item) { + + // in inverse date order + if ($datedir) + $items = array_reverse($feed->get_items()); + else + $items = $feed->get_items(); + + foreach($items as $item) { $deleted = false; @@ -967,6 +1167,10 @@ function consume_feed($xml,$importer,$contact, &$hub, $datedir = 0) { ); $datarray['last-child'] = 1; } + if(($contact['network'] === 'feed') || (! strlen($contact['notify']))) { + // one way feed - no remote comment ability + $datarray['last-child'] = 0; + } $datarray['parent-uri'] = $parent_uri; $datarray['uid'] = $importer['uid']; $datarray['contact-id'] = $contact['id']; @@ -1019,6 +1223,11 @@ function consume_feed($xml,$importer,$contact, &$hub, $datedir = 0) { $datarray['last-child'] = 1; } + if(($contact['network'] === 'feed') || (! strlen($contact['notify']))) { + // one way feed - no remote comment ability + $datarray['last-child'] = 0; + } + $datarray['parent-uri'] = $item_id; $datarray['uid'] = $importer['uid']; $datarray['contact-id'] = $contact['id']; @@ -1028,7 +1237,6 @@ function consume_feed($xml,$importer,$contact, &$hub, $datedir = 0) { } } } - } function new_follower($importer,$contact,$datarray,$item) { @@ -1090,6 +1298,7 @@ function new_follower($importer,$contact,$datarray,$item) { $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($importer['uid']) ); + $a = get_app(); if(count($r)) { if(($r[0]['notify-flags'] & NOTIFY_INTRO) && ($r[0]['page-flags'] == PAGE_NORMAL)) { $email_tpl = load_view_file('view/follow_notify_eml.tpl'); @@ -1173,6 +1382,9 @@ function atom_author($tag,$name,$uri,$h,$w,$photo) { $o .= "$uri\r\n"; $o .= '' . "\r\n"; $o .= '' . "\r\n"; + + call_hooks('atom_author', $o); + $o .= "\r\n"; return $o; } @@ -1213,6 +1425,9 @@ function atom_entry($item,$type,$author,$owner,$comment = false) { if($item['coord']) $o .= '' . xmlify($item['coord']) . '' . "\r\n"; + if(($item['private']) || strlen($item['allow_cid']) || strlen($item['allow_gid']) || strlen($item['deny_cid']) || strlen($item['deny_gid'])) + $o .= '1' . "\r\n"; + $verb = construct_verb($item); $o .= '' . xmlify($verb) . '' . "\r\n"; $actobj = construct_activity_object($item); @@ -1226,8 +1441,10 @@ function atom_entry($item,$type,$author,$owner,$comment = false) { if($mentioned) $o .= $mentioned; + call_hooks('atom_entry', $o); + $o .= '' . "\r\n"; return $o; } - \ No newline at end of file +