X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FProtocol%2FDFRN.php;h=bc76692fbea399092d209d2dcfaa09c618c364ae;hb=4a22710b3bd82143ab4e012e84d995d3768f7c50;hp=208eb112c665bebc6f1bfe5b481594eab3a471ff;hpb=70af2cecf262bc9e2e7f8f05b8ef58eaa4f11fc3;p=friendica.git diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index 208eb112c6..bc76692fbe 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -8,6 +8,8 @@ */ namespace Friendica\Protocol; +use DOMDocument; +use DOMXPath; use Friendica\App; use Friendica\Content\OEmbed; use Friendica\Content\Text\BBCode; @@ -16,25 +18,20 @@ use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\System; -use Friendica\Core\Worker; -use Friendica\Database\DBM; +use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Event; use Friendica\Model\GContact; use Friendica\Model\Group; use Friendica\Model\Item; use Friendica\Model\Profile; +use Friendica\Model\PermissionSet; use Friendica\Model\User; use Friendica\Object\Image; -use Friendica\Protocol\OStatus; use Friendica\Util\Crypto; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; use Friendica\Util\XML; -use Friendica\Protocol\Diaspora; -use dba; -use DOMDocument; -use DOMXPath; use HTMLPurifier; use HTMLPurifier_Config; @@ -77,6 +74,11 @@ class DFRN } foreach ($items as $item) { + // These values aren't sent when sending from the queue. + /// @todo Check if we can set these values from the queue or if they are needed at all. + $item["entry:comment-allow"] = defaults($item, "entry:comment-allow", true); + $item["entry:cid"] = defaults($item, "entry:cid", 0); + $entry = self::entry($doc, "text", $item, $owner, $item["entry:comment-allow"], $item["entry:cid"]); $root->appendChild($entry); } @@ -122,16 +124,16 @@ class DFRN // default permissions - anonymous user - $sql_extra = " AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' "; + $sql_extra = " AND NOT `item`.`private` "; $r = q( "SELECT `contact`.*, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`, `user`.`account-type` FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid` WHERE `contact`.`self` AND `user`.`nickname` = '%s' LIMIT 1", - dbesc($owner_nick) + DBA::escape($owner_nick) ); - if (! DBM::is_result($r)) { + if (! DBA::isResult($r)) { logger(sprintf('No contact found for nickname=%d', $owner_nick), LOGGER_WARNING); killme(); } @@ -146,15 +148,15 @@ class DFRN $sql_extra = ''; switch ($direction) { case (-1): - $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); + $sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id)); $my_id = $dfrn_id; break; case 0: - $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id)); $my_id = '1:' . $dfrn_id; break; case 1: - $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id)); $my_id = '0:' . $dfrn_id; break; default: @@ -167,37 +169,21 @@ class DFRN intval($owner_id) ); - if (! DBM::is_result($r)) { + if (! DBA::isResult($r)) { logger(sprintf('No contact found for uid=%d', $owner_id), LOGGER_WARNING); killme(); } $contact = $r[0]; include_once 'include/security.php'; - $groups = Group::getIdsByContactId($contact['id']); - if (count($groups)) { - for ($x = 0; $x < count($groups); $x ++) { - $groups[$x] = '<' . intval($groups[$x]) . '>' ; - } + $set = PermissionSet::get($owner_id, $contact['id']); - $gs = implode('|', $groups); + if (!empty($set)) { + $sql_extra = " AND `item`.`psid` IN (" . implode(',', $set) .")"; } else { - $gs = '<<>>' ; // Impossible to match - } - - $sql_extra = sprintf( - " - AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') - ", - intval($contact['id']), - intval($contact['id']), - dbesc($gs), - dbesc($gs) - ); + $sql_extra = " AND NOT `item`.`private`"; + } } if ($public_feed) { @@ -213,7 +199,7 @@ class DFRN if (isset($category)) { $sql_post_table = sprintf( "INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", - dbesc(protect_sprintf($category)), + DBA::escape(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($owner_id) @@ -235,8 +221,8 @@ class DFRN $sql_extra ORDER BY `item`.`parent` ".$sort.", `item`.`created` ASC LIMIT 0, 300", intval($owner_id), - dbesc($check_date), - dbesc($sort) + DBA::escape($check_date), + DBA::escape($sort) ); $ids = []; @@ -246,7 +232,7 @@ class DFRN if (!empty($ids)) { $ret = Item::select(Item::DELIVER_FIELDLIST, ['id' => $ids]); - $items = dba::inArray($ret); + $items = Item::inArray($ret); } else { $items = []; } @@ -276,7 +262,7 @@ class DFRN /// @TODO This hook can't work anymore // Addon::callHooks('atom_feed', $atom); - if (!DBM::is_result($items) || $onlyheader) { + if (!DBA::isResult($items) || $onlyheader) { $atom = trim($doc->saveXML()); Addon::callHooks('atom_feed_end', $atom); @@ -330,8 +316,8 @@ class DFRN } $ret = Item::select(Item::DELIVER_FIELDLIST, $condition); - $items = dba::inArray($ret); - if (!DBM::is_result($items)) { + $items = Item::inArray($ret); + if (!DBA::isResult($items)) { killme(); } @@ -561,14 +547,14 @@ class DFRN } // For backward compatibility we keep this element - if ($owner['page-flags'] == PAGE_COMMUNITY) { + if ($owner['page-flags'] == Contact::PAGE_COMMUNITY) { XML::addElement($doc, $root, "dfrn:community", 1); } // The former element is replaced by this one XML::addElement($doc, $root, "dfrn:account_type", $owner["account-type"]); - /// @todo We need a way to transmit the different page flags like "PAGE_PRVGROUP" + /// @todo We need a way to transmit the different page flags like "Contact::PAGE_PRVGROUP" XML::addElement($doc, $root, "updated", DateTimeFormat::utcNow(DateTimeFormat::ATOM)); @@ -597,7 +583,7 @@ class DFRN WHERE (`hidewall` OR NOT `net-publish`) AND `user`.`uid` = %d", intval($owner['uid']) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $hidewall = true; } else { $hidewall = false; @@ -656,7 +642,7 @@ class DFRN WHERE `profile`.`is-default` AND NOT `user`.`hidewall` AND `user`.`uid` = %d", intval($owner['uid']) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $profile = $r[0]; XML::addElement($doc, $author, "poco:displayName", $profile["name"]); @@ -910,7 +896,7 @@ class DFRN $entry->setAttribute("xmlns:statusnet", NAMESPACE_STATUSNET); } - if ($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid']) { + if ($item['private']) { $body = Item::fixPrivatePhotos($item['body'], $owner['uid'], $item, $cid); } else { $body = $item['body']; @@ -938,7 +924,7 @@ class DFRN if (($item['parent'] != $item['id']) || ($item['parent-uri'] !== $item['uri']) || (($item['thr-parent'] !== '') && ($item['thr-parent'] !== $item['uri']))) { $parent_item = (($item['thr-parent']) ? $item['thr-parent'] : $item['parent-uri']); - $parent = Item::selectFirst(['guid','plink'], ['uri' => $parent_item, 'uid' => $item['uid']]); + $parent = Item::selectFirst(['guid', 'plink'], ['uri' => $parent_item, 'uid' => $item['uid']]); $attributes = ["ref" => $parent_item, "type" => "text/html", "href" => $parent['plink'], "dfrn:diaspora_guid" => $parent['guid']]; @@ -950,12 +936,12 @@ class DFRN $conversation_uri = $conversation_href; if (isset($parent_item)) { - $conversation = dba::selectFirst('conversation', ['conversation-uri', 'conversation-href'], ['item-uri' => $item['parent-uri']]); - if (DBM::is_result($conversation)) { - if ($r['conversation-uri'] != '') { + $conversation = DBA::selectFirst('conversation', ['conversation-uri', 'conversation-href'], ['item-uri' => $item['parent-uri']]); + if (DBA::isResult($conversation)) { + if ($conversation['conversation-uri'] != '') { $conversation_uri = $conversation['conversation-uri']; } - if ($r['conversation-href'] != '') { + if ($conversation['conversation-href'] != '') { $conversation_href = $conversation['conversation-href']; } } @@ -1004,15 +990,15 @@ class DFRN XML::addElement($doc, $entry, "georss:point", $item['coord']); } - if (($item['private']) || strlen($item['allow_cid']) || strlen($item['allow_gid']) || strlen($item['deny_cid']) || strlen($item['deny_gid'])) { - XML::addElement($doc, $entry, "dfrn:private", (($item['private']) ? $item['private'] : 1)); + if ($item['private']) { + XML::addElement($doc, $entry, "dfrn:private", ($item['private'] ? $item['private'] : 1)); } if ($item['extid']) { XML::addElement($doc, $entry, "dfrn:extid", $item['extid']); } - if ($item['bookmark']) { + if ($item['post-type'] == Item::PT_PAGE) { XML::addElement($doc, $entry, "dfrn:bookmark", "true"); } @@ -1072,10 +1058,10 @@ class DFRN $r = q( "SELECT `forum`, `prv` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s'", intval($owner["uid"]), - dbesc(normalise_link($mention)) + DBA::escape(normalise_link($mention)) ); - if (DBM::is_result($r) && ($r[0]["forum"] || $r[0]["prv"])) { + if (DBA::isResult($r) && ($r[0]["forum"] || $r[0]["prv"])) { XML::addElement( $doc, $entry, @@ -1187,7 +1173,7 @@ class DFRN $ret = Network::curl($url); - if ($ret['errno'] == CURLE_OPERATION_TIMEDOUT) { + if (!empty($ret["errno"]) && ($ret['errno'] == CURLE_OPERATION_TIMEDOUT)) { Contact::markForArchival($contact); return -2; // timed out } @@ -1216,9 +1202,16 @@ class DFRN $res = XML::parseString($xml); - if ((intval($res->status) != 0) || !strlen($res->challenge) || !strlen($res->dfrn_id)) { + if (!is_object($res) || (intval($res->status) != 0) || !strlen($res->challenge) || !strlen($res->dfrn_id)) { Contact::markForArchival($contact); - return ($res->status ? $res->status : 3); + + if (empty($res->status)) { + $status = 3; + } else { + $status = $res->status; + } + + return $status; } $postvars = []; @@ -1227,11 +1220,11 @@ class DFRN $perm = (($res->perm) ? $res->perm : null); $dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0); $rino_remote_version = intval($res->rino); - $page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0); + $page = (($owner['page-flags'] == Contact::PAGE_COMMUNITY) ? 1 : 0); logger("Remote rino version: ".$rino_remote_version." for ".$contact["url"], LOGGER_DEBUG); - if ($owner['page-flags'] == PAGE_PRVGROUP) { + if ($owner['page-flags'] == Contact::PAGE_PRVGROUP) { $page = 2; } @@ -1251,8 +1244,8 @@ class DFRN } if (($contact['duplex'] && strlen($contact['pubkey'])) - || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey'])) - || ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey'])) + || ($owner['page-flags'] == Contact::PAGE_COMMUNITY && strlen($contact['pubkey'])) + || ($contact['rel'] == Contact::SHARING && strlen($contact['pubkey'])) ) { openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']); openssl_public_decrypt($challenge, $postvars['challenge'], $contact['pubkey']); @@ -1280,7 +1273,7 @@ class DFRN $postvars['dissolve'] = '1'; } - if ((($contact['rel']) && ($contact['rel'] != CONTACT_IS_SHARING) && (! $contact['blocked'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { + if ((($contact['rel']) && ($contact['rel'] != Contact::SHARING) && (! $contact['blocked'])) || ($owner['page-flags'] == Contact::PAGE_COMMUNITY)) { $postvars['data'] = $atom; $postvars['perm'] = 'rw'; } else { @@ -1314,15 +1307,15 @@ class DFRN if ($dfrn_version >= 2.1) { if (($contact['duplex'] && strlen($contact['pubkey'])) - || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey'])) - || ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey'])) + || ($owner['page-flags'] == Contact::PAGE_COMMUNITY && strlen($contact['pubkey'])) + || ($contact['rel'] == Contact::SHARING && strlen($contact['pubkey'])) ) { openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']); } else { openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']); } } else { - if (($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { + if (($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == Contact::PAGE_COMMUNITY)) { openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']); } else { openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']); @@ -1399,7 +1392,7 @@ class DFRN if (empty($contact['addr'])) { logger('Empty contact handle for ' . $contact['id'] . ' - ' . $contact['url'] . ' - trying to update it.'); if (Contact::updateFromProbe($contact['id'])) { - $new_contact = dba::selectFirst('contact', ['addr'], ['id' => $contact['id']]); + $new_contact = DBA::selectFirst('contact', ['addr'], ['id' => $contact['id']]); $contact['addr'] = $new_contact['addr']; } @@ -1490,11 +1483,11 @@ class DFRN "SELECT `id` FROM `event` WHERE `uid` = %d AND `cid` = %d AND `start` = '%s' AND `type` = '%s' LIMIT 1", intval($contact['uid']), intval($contact['id']), - dbesc(DateTimeFormat::utc($birthday)), - dbesc('birthday') + DBA::escape(DateTimeFormat::utc($birthday)), + DBA::escape('birthday') ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { return; } @@ -1508,13 +1501,13 @@ class DFRN VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", intval($contact['uid']), intval($contact['id']), - dbesc(DateTimeFormat::utcNow()), - dbesc(DateTimeFormat::utcNow()), - dbesc(DateTimeFormat::utc($birthday)), - dbesc(DateTimeFormat::utc($birthday . ' + 1 day ')), - dbesc($bdtext), - dbesc($bdtext2), - dbesc('birthday') + DBA::escape(DateTimeFormat::utcNow()), + DBA::escape(DateTimeFormat::utcNow()), + DBA::escape(DateTimeFormat::utc($birthday)), + DBA::escape(DateTimeFormat::utc($birthday . ' + 1 day ')), + DBA::escape($bdtext), + DBA::escape($bdtext2), + DBA::escape('birthday') ); } @@ -1534,16 +1527,16 @@ class DFRN private static function fetchauthor($xpath, $context, $importer, $element, $onlyfetch, $xml = "") { $author = []; - $author["name"] = $xpath->evaluate($element."/atom:name/text()", $context)->item(0)->nodeValue; - $author["link"] = $xpath->evaluate($element."/atom:uri/text()", $context)->item(0)->nodeValue; + $author["name"] = XML::getFirstNodeValue($xpath, $element."/atom:name/text()", $context); + $author["link"] = XML::getFirstNodeValue($xpath, $element."/atom:uri/text()", $context); $fields = ['id', 'uid', 'url', 'network', 'avatar-date', 'avatar', 'name-date', 'uri-date', 'addr', 'name', 'nick', 'about', 'location', 'keywords', 'xmpp', 'bdyear', 'bd', 'hidden', 'contact-type']; $condition = ["`uid` = ? AND `nurl` = ? AND `network` != ?", $importer["importer_uid"], normalise_link($author["link"]), NETWORK_STATUSNET]; - $contact_old = dba::selectFirst('contact', $fields, $condition); + $contact_old = DBA::selectFirst('contact', $fields, $condition); - if (DBM::is_result($contact_old)) { + if (DBA::isResult($contact_old)) { $author["contact-id"] = $contact_old["id"]; $author["network"] = $contact_old["network"]; } else { @@ -1551,6 +1544,7 @@ class DFRN logger("Contact ".$author["link"]." wasn't found for user ".$importer["importer_uid"]." XML: ".$xml, LOGGER_DEBUG); } + $author["contact-unknown"] = true; $author["contact-id"] = $importer["id"]; $author["network"] = $importer["network"]; $onlyfetch = true; @@ -1585,7 +1579,7 @@ class DFRN $author["avatar"] = current($avatarlist); } - if (DBM::is_result($contact_old) && !$onlyfetch) { + if (DBA::isResult($contact_old) && !$onlyfetch) { logger("Check if contact details for contact " . $contact_old["id"] . " (" . $contact_old["nick"] . ") have to be updated.", LOGGER_DEBUG); $poco = ["url" => $contact_old["url"]]; @@ -1606,33 +1600,33 @@ class DFRN } // Update contact data - $value = $xpath->evaluate($element . "/dfrn:handle/text()", $context)->item(0)->nodeValue; + $value = XML::getFirstNodeValue($xpath, $element . "/dfrn:handle/text()", $context); if ($value != "") { $poco["addr"] = $value; } - $value = $xpath->evaluate($element . "/poco:displayName/text()", $context)->item(0)->nodeValue; + $value = XML::getFirstNodeValue($xpath, $element . "/poco:displayName/text()", $context); if ($value != "") { $poco["name"] = $value; } - $value = $xpath->evaluate($element . "/poco:preferredUsername/text()", $context)->item(0)->nodeValue; + $value = XML::getFirstNodeValue($xpath, $element . "/poco:preferredUsername/text()", $context); if ($value != "") { $poco["nick"] = $value; } - $value = $xpath->evaluate($element . "/poco:note/text()", $context)->item(0)->nodeValue; + $value = XML::getFirstNodeValue($xpath, $element . "/poco:note/text()", $context); if ($value != "") { $poco["about"] = $value; } - $value = $xpath->evaluate($element . "/poco:address/poco:formatted/text()", $context)->item(0)->nodeValue; + $value = XML::getFirstNodeValue($xpath, $element . "/poco:address/poco:formatted/text()", $context); if ($value != "") { $poco["location"] = $value; } /// @todo Only search for elements with "poco:type" = "xmpp" - $value = $xpath->evaluate($element . "/poco:ims/poco:value/text()", $context)->item(0)->nodeValue; + $value = XML::getFirstNodeValue($xpath, $element . "/poco:ims/poco:value/text()", $context); if ($value != "") { $poco["xmpp"] = $value; } @@ -1645,7 +1639,7 @@ class DFRN /// - poco:country // If the "hide" element is present then the profile isn't searchable. - $hide = intval($xpath->evaluate($element . "/dfrn:hide/text()", $context)->item(0)->nodeValue == "true"); + $hide = intval(XML::getFirstNodeValue($xpath, $element . "/dfrn:hide/text()", $context) == "true"); logger("Hidden status for contact " . $contact_old["url"] . ": " . $hide, LOGGER_DEBUG); @@ -1667,7 +1661,7 @@ class DFRN } // "dfrn:birthday" contains the birthday converted to UTC - $birthday = $xpath->evaluate($element . "/dfrn:birthday/text()", $context)->item(0)->nodeValue; + $birthday = XML::getFirstNodeValue($xpath, $element . "/poco:birthday/text()", $context); if (strtotime($birthday) > time()) { $bd_timestamp = strtotime($birthday); @@ -1676,7 +1670,7 @@ class DFRN } // "poco:birthday" is the birthday in the format "yyyy-mm-dd" - $value = $xpath->evaluate($element . "/poco:birthday/text()", $context)->item(0)->nodeValue; + $value = XML::getFirstNodeValue($xpath, $element . "/poco:birthday/text()", $context); if (!in_array($value, ["", "0000-00-00", "0001-01-01"])) { $bdyear = date("Y"); @@ -1735,11 +1729,11 @@ class DFRN `addr` = '%s', `keywords` = '%s', `bdyear` = '%s', `bd` = '%s', `hidden` = %d, `xmpp` = '%s', `name-date` = '%s', `uri-date` = '%s' WHERE `id` = %d AND `network` = '%s'", - dbesc($contact["name"]), dbesc($contact["nick"]), dbesc($contact["about"]), dbesc($contact["location"]), - dbesc($contact["addr"]), dbesc($contact["keywords"]), dbesc($contact["bdyear"]), - dbesc($contact["bd"]), intval($contact["hidden"]), dbesc($contact["xmpp"]), - dbesc(DBM::date($contact["name-date"])), dbesc(DBM::date($contact["uri-date"])), - intval($contact["id"]), dbesc($contact["network"]) + DBA::escape($contact["name"]), DBA::escape($contact["nick"]), DBA::escape($contact["about"]), DBA::escape($contact["location"]), + DBA::escape($contact["addr"]), DBA::escape($contact["keywords"]), DBA::escape($contact["bdyear"]), + DBA::escape($contact["bd"]), intval($contact["hidden"]), DBA::escape($contact["xmpp"]), + DBA::escape(DateTimeFormat::utc($contact["name-date"])), DBA::escape(DateTimeFormat::utc($contact["uri-date"])), + intval($contact["id"]), DBA::escape($contact["network"]) ); } @@ -1852,7 +1846,7 @@ class DFRN $msg["seen"] = 0; $msg["replied"] = 0; - dba::insert('mail', $msg); + DBA::insert('mail', $msg); // send notifications. /// @TODO Arange this mess @@ -1905,8 +1899,8 @@ class DFRN $r = q( "SELECT `id` FROM `contact` WHERE `name` = '%s' AND `nurl` = '%s' AND `uid` = %d LIMIT 1", - dbesc($suggest["name"]), - dbesc(normalise_link($suggest["url"])), + DBA::escape($suggest["name"]), + DBA::escape(normalise_link($suggest["url"])), intval($suggest["uid"]) ); @@ -1917,7 +1911,7 @@ class DFRN * * @see https://github.com/friendica/friendica/pull/3254#discussion_r107315246 */ - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { return false; } @@ -1926,11 +1920,11 @@ class DFRN $fid = 0; $r = q( "SELECT `id` FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1", - dbesc($suggest["url"]), - dbesc($suggest["name"]), - dbesc($suggest["request"]) + DBA::escape($suggest["url"]), + DBA::escape($suggest["name"]), + DBA::escape($suggest["request"]) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $fid = $r[0]["id"]; // OK, we do. Do we already have an introduction for this person ? @@ -1947,32 +1941,32 @@ class DFRN * * @see https://github.com/friendica/friendica/pull/3254#discussion_r107315246 */ - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { return false; } } if (!$fid) { $r = q( "INSERT INTO `fcontact` (`name`,`url`,`photo`,`request`) VALUES ('%s', '%s', '%s', '%s')", - dbesc($suggest["name"]), - dbesc($suggest["url"]), - dbesc($suggest["photo"]), - dbesc($suggest["request"]) + DBA::escape($suggest["name"]), + DBA::escape($suggest["url"]), + DBA::escape($suggest["photo"]), + DBA::escape($suggest["request"]) ); } $r = q( "SELECT `id` FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1", - dbesc($suggest["url"]), - dbesc($suggest["name"]), - dbesc($suggest["request"]) + DBA::escape($suggest["url"]), + DBA::escape($suggest["name"]), + DBA::escape($suggest["request"]) ); /* * If no record in fcontact is found, below INSERT statement will not * link an introduction to it. */ - if (!DBM::is_result($r)) { - // database record did not get created. Quietly give up. + if (!DBA::isResult($r)) { + // Database record did not get created. Quietly give up. killme(); } @@ -1986,9 +1980,9 @@ class DFRN intval($suggest["uid"]), intval($fid), intval($suggest["cid"]), - dbesc($suggest["body"]), - dbesc($hash), - dbesc(DateTimeFormat::utcNow()), + DBA::escape($suggest["body"]), + DBA::escape($hash), + DBA::escape(DateTimeFormat::utcNow()), intval(0) ); @@ -2052,12 +2046,12 @@ class DFRN // update contact $r = q( - "SELECT `photo`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d;", + "SELECT `photo`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d", intval($importer["id"]), intval($importer["importer_uid"]) ); - if (!DBM::is_result($r)) { + if (!DBA::isResult($r)) { logger("Query failed to execute, no result returned in " . __FUNCTION__); return false; } @@ -2071,7 +2065,7 @@ class DFRN 'url' => $relocate["url"], 'nurl' => normalise_link($relocate["url"]), 'addr' => $relocate["addr"], 'connect' => $relocate["addr"], 'notify' => $relocate["notify"], 'server_url' => $relocate["server_url"]]; - dba::update('gcontact', $fields, ['nurl' => normalise_link($old["url"])]); + DBA::update('gcontact', $fields, ['nurl' => normalise_link($old["url"])]); // Update the contact table. We try to find every entry. $fields = ['name' => $relocate["name"], 'avatar' => $relocate["avatar"], @@ -2081,19 +2075,12 @@ class DFRN 'poll' => $relocate["poll"], 'site-pubkey' => $relocate["sitepubkey"]]; $condition = ["(`id` = ?) OR (`nurl` = ?)", $importer["id"], normalise_link($old["url"])]; - dba::update('contact', $fields, $condition); + DBA::update('contact', $fields, $condition); Contact::updateAvatar($relocate["avatar"], $importer["importer_uid"], $importer["id"], true); logger('Contacts are updated.'); - // update items - // This is an extreme performance killer - Item::update(['owner-link' => $relocate["url"]], ['owner-link' => $old["url"], 'uid' => $importer["importer_uid"]]); - Item::update(['author-link' => $relocate["url"]], ['author-link' => $old["url"], 'uid' => $importer["importer_uid"]]); - - logger('Items are updated.'); - /// @TODO /// merge with current record, current contents have priority /// update record, set url-updated @@ -2148,7 +2135,7 @@ class DFRN if ($item["parent-uri"] != $item["uri"]) { $community = false; - if ($importer["page-flags"] == PAGE_COMMUNITY || $importer["page-flags"] == PAGE_PRVGROUP) { + if ($importer["page-flags"] == Contact::PAGE_COMMUNITY || $importer["page-flags"] == Contact::PAGE_PRVGROUP) { $sql_extra = ""; $community = true; logger("possible community action"); @@ -2162,7 +2149,7 @@ class DFRN $is_a_remote_action = false; $parent = Item::selectFirst(['parent-uri'], ['uri' => $item["parent-uri"]]); - if (DBM::is_result($parent)) { + if (DBA::isResult($parent)) { $r = q( "SELECT `item`.`forum_mode`, `item`.`wall` FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` @@ -2170,12 +2157,12 @@ class DFRN AND `item`.`uid` = %d $sql_extra LIMIT 1", - dbesc($parent["parent-uri"]), - dbesc($parent["parent-uri"]), - dbesc($parent["parent-uri"]), + DBA::escape($parent["parent-uri"]), + DBA::escape($parent["parent-uri"]), + DBA::escape($parent["parent-uri"]), intval($importer["importer_uid"]) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $is_a_remote_action = true; } } @@ -2232,7 +2219,7 @@ class DFRN } if ($Blink && link_compare($Blink, System::baseUrl() . "/profile/" . $importer["nickname"])) { - $author = dba::selectFirst('contact', ['name', 'thumb', 'url'], ['id' => $item['author-id']]); + $author = DBA::selectFirst('contact', ['name', 'thumb', 'url'], ['id' => $item['author-id']]); // send a notification notification( @@ -2309,19 +2296,18 @@ class DFRN || ($item["verb"] == ACTIVITY_ATTENDMAYBE) ) { $is_like = true; - $item["type"] = "activity"; - $item["gravity"] = GRAVITY_LIKE; + $item["gravity"] = GRAVITY_ACTIVITY; // only one like or dislike per person // splitted into two queries for performance issues - $condition = ['uid' => $item["uid"], 'author-id' => $item["author-id"], + $condition = ['uid' => $item["uid"], 'author-id' => $item["author-id"], 'gravity' => GRAVITY_ACTIVITY, 'verb' => $item["verb"], 'parent-uri' => $item["parent-uri"]]; - if (dba::exists('item', $condition)) { + if (Item::exists($condition)) { return false; } - $condition = ['uid' => $item["uid"], 'author-id' => $item["author-id"], + $condition = ['uid' => $item["uid"], 'author-id' => $item["author-id"], 'gravity' => GRAVITY_ACTIVITY, 'verb' => $item["verb"], 'thr-parent' => $item["parent-uri"]]; - if (dba::exists('item', $condition)) { + if (Item::exists($condition)) { return false; } } else { @@ -2334,7 +2320,8 @@ class DFRN if ($xt->type == ACTIVITY_OBJ_NOTE) { $item_tag = Item::selectFirst(['id', 'tag'], ['uri' => $xt->id, 'uid' => $importer["importer_uid"]]); - if (!DBM::is_result($item_tag)) { + + if (!DBA::isResult($item_tag)) { logger("Query failed to execute, no result returned in " . __FUNCTION__); return false; } @@ -2417,16 +2404,15 @@ class DFRN $item["source"] = $xml; // Get the uri - $item["uri"] = $xpath->query("atom:id/text()", $entry)->item(0)->nodeValue; + $item["uri"] = XML::getFirstNodeValue($xpath, "atom:id/text()", $entry); - $item["edited"] = $xpath->query("atom:updated/text()", $entry)->item(0)->nodeValue; + $item["edited"] = XML::getFirstNodeValue($xpath, "atom:updated/text()", $entry); - $current = dba::selectFirst('item', - ['id', 'uid', 'edited', 'body'], + $current = Item::selectFirst(['id', 'uid', 'edited', 'body'], ['uri' => $item["uri"], 'uid' => $importer["importer_uid"]] ); // Is there an existing item? - if (DBM::is_result($current) && !self::isEditedTimestampNewer($current, $item)) { + if (DBA::isResult($current) && !self::isEditedTimestampNewer($current, $item)) { logger("Item ".$item["uri"]." (".$item['edited'].") already existed.", LOGGER_DEBUG); return; } @@ -2434,6 +2420,8 @@ class DFRN // Fetch the owner $owner = self::fetchauthor($xpath, $entry, $importer, "dfrn:owner", true); + $owner_unknown = (isset($owner["contact-unknown"]) && $owner["contact-unknown"]); + $item["owner-link"] = $owner["link"]; $item["owner-id"] = Contact::getIdForURL($owner["link"], 0); @@ -2443,11 +2431,11 @@ class DFRN $item["author-link"] = $author["link"]; $item["author-id"] = Contact::getIdForURL($author["link"], 0); - $item["title"] = $xpath->query("atom:title/text()", $entry)->item(0)->nodeValue; + $item["title"] = XML::getFirstNodeValue($xpath, "atom:title/text()", $entry); - $item["created"] = $xpath->query("atom:published/text()", $entry)->item(0)->nodeValue; + $item["created"] = XML::getFirstNodeValue($xpath, "atom:published/text()", $entry); - $item["body"] = $xpath->query("dfrn:env/text()", $entry)->item(0)->nodeValue; + $item["body"] = XML::getFirstNodeValue($xpath, "dfrn:env/text()", $entry); $item["body"] = str_replace([' ',"\t","\r","\n"], ['','','',''], $item["body"]); // make sure nobody is trying to sneak some html tags by us $item["body"] = notags(base64url_decode($item["body"])); @@ -2480,19 +2468,16 @@ class DFRN // We don't need the content element since "dfrn:env" is always present //$item["body"] = $xpath->query("atom:content/text()", $entry)->item(0)->nodeValue; - $item["location"] = $xpath->query("dfrn:location/text()", $entry)->item(0)->nodeValue; + $item["location"] = XML::getFirstNodeValue($xpath, "dfrn:location/text()", $entry); - $georsspoint = $xpath->query("georss:point", $entry); - if ($georsspoint) { - $item["coord"] = $georsspoint->item(0)->nodeValue; - } + $item["coord"] = XML::getFirstNodeValue($xpath, "georss:point", $entry); - $item["private"] = $xpath->query("dfrn:private/text()", $entry)->item(0)->nodeValue; + $item["private"] = XML::getFirstNodeValue($xpath, "dfrn:private/text()", $entry); - $item["extid"] = $xpath->query("dfrn:extid/text()", $entry)->item(0)->nodeValue; + $item["extid"] = XML::getFirstNodeValue($xpath, "dfrn:extid/text()", $entry); - if ($xpath->query("dfrn:bookmark/text()", $entry)->item(0)->nodeValue == "true") { - $item["bookmark"] = true; + if (XML::getFirstNodeValue($xpath, "dfrn:bookmark/text()", $entry) == "true") { + $item["post-type"] = Item::PT_PAGE; } $notice_info = $xpath->query("statusnet:notice_info", $entry); @@ -2504,18 +2489,18 @@ class DFRN } } - $item["guid"] = $xpath->query("dfrn:diaspora_guid/text()", $entry)->item(0)->nodeValue; + $item["guid"] = XML::getFirstNodeValue($xpath, "dfrn:diaspora_guid/text()", $entry); // We store the data from "dfrn:diaspora_signature" in a different table, this is done in "Item::insert" - $dsprsig = unxmlify($xpath->query("dfrn:diaspora_signature/text()", $entry)->item(0)->nodeValue); + $dsprsig = unxmlify(XML::getFirstNodeValue($xpath, "dfrn:diaspora_signature/text()", $entry)); if ($dsprsig != "") { $item["dsprsig"] = $dsprsig; } - $item["verb"] = $xpath->query("activity:verb/text()", $entry)->item(0)->nodeValue; + $item["verb"] = XML::getFirstNodeValue($xpath, "activity:verb/text()", $entry); - if ($xpath->query("activity:object-type/text()", $entry)->item(0)->nodeValue != "") { - $item["object-type"] = $xpath->query("activity:object-type/text()", $entry)->item(0)->nodeValue; + if (XML::getFirstNodeValue($xpath, "activity:object-type/text()", $entry) != "") { + $item["object-type"] = XML::getFirstNodeValue($xpath, "activity:object-type/text()", $entry); } $object = $xpath->query("activity:object", $entry)->item(0); @@ -2552,8 +2537,10 @@ class DFRN $termhash = array_shift($parts); $termurl = implode(":", $parts); - if (strlen($item["tag"])) { + if (!empty($item["tag"])) { $item["tag"] .= ","; + } else { + $item["tag"] = ""; } $item["tag"] .= $termhash . "[url=" . $termurl . "]" . $term . "[/url]"; @@ -2569,7 +2556,7 @@ class DFRN self::parseLinks($links, $item); } - $item['conversation-uri'] = $xpath->query('ostatus:conversation/text()', $entry)->item(0)->nodeValue; + $item['conversation-uri'] = XML::getFirstNodeValue($xpath, 'ostatus:conversation/text()', $entry); $conv = $xpath->query('ostatus:conversation', $entry); if (is_object($conv->item(0))) { @@ -2622,7 +2609,6 @@ class DFRN } if ($entrytype == DFRN::REPLY_RC) { - $item["type"] = "remote-comment"; $item["wall"] = 1; } elseif ($entrytype == DFRN::TOP_LEVEL) { if (!isset($item["object-type"])) { @@ -2630,7 +2616,7 @@ class DFRN } // Is it an event? - if ($item["object-type"] == ACTIVITY_OBJ_EVENT) { + if (($item["object-type"] == ACTIVITY_OBJ_EVENT) && !$owner_unknown) { logger("Item ".$item["uri"]." seems to contain an event.", LOGGER_DEBUG); $ev = Event::fromBBCode($item["body"]); if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) { @@ -2641,13 +2627,14 @@ class DFRN $ev["edited"] = $item["edited"]; $ev["private"] = $item["private"]; $ev["guid"] = $item["guid"]; + $ev["plink"] = $item["plink"]; $r = q( "SELECT `id` FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", - dbesc($item["uri"]), + DBA::escape($item["uri"]), intval($importer["importer_uid"]) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $ev["id"] = $r[0]["id"]; } @@ -2663,8 +2650,15 @@ class DFRN return; } + // This check is done here to be able to receive connection requests in "processVerbs" + if (($entrytype == DFRN::TOP_LEVEL) && $owner_unknown) { + logger("Item won't be stored because user " . $importer["importer_uid"] . " doesn't follow " . $item["owner-link"] . ".", LOGGER_DEBUG); + return; + } + + // Update content if 'updated' changes - if (DBM::is_result($current)) { + if (DBA::isResult($current)) { if (self::updateContent($current, $item, $importer, $entrytype)) { logger("Item ".$item["uri"]." was updated.", LOGGER_DEBUG); } else { @@ -2703,7 +2697,7 @@ class DFRN $item["owner-id"] = Contact::getIdForURL($importer["url"], 0); } - if (($importer["rel"] == CONTACT_IS_FOLLOWER) && (!self::tgroupCheck($importer["importer_uid"], $item))) { + if (($importer["rel"] == Contact::FOLLOWER) && (!self::tgroupCheck($importer["importer_uid"], $item))) { logger("Contact ".$importer["id"]." is only follower and tgroup check was negative.", LOGGER_DEBUG); return; } @@ -2754,13 +2748,18 @@ class DFRN return false; } - $condition = ["`uri` = ? AND `uid` = ? AND NOT `file` LIKE '%[%'", $uri, $importer["importer_uid"]]; - $item = dba::selectFirst('item', ['id', 'parent', 'contact-id'], $condition); - if (!DBM::is_result($item)) { + $condition = ['uri' => $uri, 'uid' => $importer["importer_uid"]]; + $item = Item::selectFirst(['id', 'parent', 'contact-id', 'file', 'deleted'], $condition); + if (!DBA::isResult($item)) { logger("Item with uri " . $uri . " for user " . $importer["importer_uid"] . " wasn't found.", LOGGER_DEBUG); return; } + if (strstr($item['file'], '[')) { + logger("Item with uri " . $uri . " for user " . $importer["importer_uid"] . " is filed. So it won't be deleted.", LOGGER_DEBUG); + return; + } + // When it is a starting post it has to belong to the person that wants to delete it if (($item['id'] == $item['parent']) && ($item['contact-id'] != $importer["id"])) { logger("Item with uri " . $uri . " don't belong to contact " . $importer["id"] . " - ignoring deletion.", LOGGER_DEBUG); @@ -2770,7 +2769,7 @@ class DFRN // Comments can be deleted by the thread owner or comment owner if (($item['id'] != $item['parent']) && ($item['contact-id'] != $importer["id"])) { $condition = ['id' => $item['parent'], 'contact-id' => $importer["id"]]; - if (!dba::exists('item', $condition)) { + if (!Item::exists($condition)) { logger("Item with uri " . $uri . " wasn't found or mustn't be deleted by contact " . $importer["id"] . " - ignoring deletion.", LOGGER_DEBUG); return; } @@ -2818,7 +2817,6 @@ class DFRN $header = []; $header["uid"] = $importer["importer_uid"]; $header["network"] = NETWORK_DFRN; - $header["type"] = "remote"; $header["wall"] = 0; $header["origin"] = 0; $header["contact-id"] = $importer["id"]; @@ -2838,23 +2836,23 @@ class DFRN logger("Import DFRN message for user " . $importer["importer_uid"] . " from contact " . $importer["id"], LOGGER_DEBUG); // is it a public forum? Private forums aren't exposed with this method - $forum = intval($xpath->evaluate("/atom:feed/dfrn:community/text()")->item(0)->nodeValue); + $forum = intval(XML::getFirstNodeValue($xpath, "/atom:feed/dfrn:community/text()")); // The account type is new since 3.5.1 if ($xpath->query("/atom:feed/dfrn:account_type")->length > 0) { - $accounttype = intval($xpath->evaluate("/atom:feed/dfrn:account_type/text()")->item(0)->nodeValue); + $accounttype = intval(XML::getFirstNodeValue($xpath, "/atom:feed/dfrn:account_type/text()")); if ($accounttype != $importer["contact-type"]) { - dba::update('contact', ['contact-type' => $accounttype], ['id' => $importer["id"]]); + DBA::update('contact', ['contact-type' => $accounttype], ['id' => $importer["id"]]); } // A forum contact can either have set "forum" or "prv" - but not both - if (($accounttype == ACCOUNT_TYPE_COMMUNITY) && (($forum != $importer["forum"]) || ($forum == $importer["prv"]))) { + if (($accounttype == Contact::ACCOUNT_TYPE_COMMUNITY) && (($forum != $importer["forum"]) || ($forum == $importer["prv"]))) { $condition = ['(`forum` != ? OR `prv` != ?) AND `id` = ?', $forum, !$forum, $importer["id"]]; - dba::update('contact', ['forum' => $forum, 'prv' => !$forum], $condition); + DBA::update('contact', ['forum' => $forum, 'prv' => !$forum], $condition); } } elseif ($forum != $importer["forum"]) { // Deprecated since 3.5.1 $condition = ['`forum` != ? AND `id` = ?', $forum, $importer["id"]]; - dba::update('contact', ['forum' => $forum], $condition); + DBA::update('contact', ['forum' => $forum], $condition); } @@ -2890,7 +2888,7 @@ class DFRN $newentries = []; $entries = $xpath->query("/atom:feed/atom:entry"); foreach ($entries as $entry) { - $created = $xpath->query("atom:published/text()", $entry)->item(0)->nodeValue; + $created = XML::getFirstNodeValue($xpath, "atom:published/text()", $entry); $newentries[strtotime($created)] = $entry; } @@ -2940,23 +2938,23 @@ class DFRN /// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange. $r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1) AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1", - dbesc($contact_nick), - dbesc($a->user['nickname']), - dbesc($baseurl), - dbesc($nurl) + DBA::escape($contact_nick), + DBA::escape($a->user['nickname']), + DBA::escape($baseurl), + DBA::escape($nurl) ); - if ((! DBM::is_result($r)) || $r[0]['id'] == remote_user()) { + if ((! DBA::isResult($r)) || $r[0]['id'] == remote_user()) { return; } $r = q("SELECT * FROM contact WHERE nick = '%s' AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1", - dbesc($contact_nick), - dbesc(NETWORK_DFRN), + DBA::escape($contact_nick), + DBA::escape(NETWORK_DFRN), intval(local_user()), - dbesc($baseurl) + DBA::escape($baseurl) ); - if (! DBM::is_result($r)) { + if (! DBA::isResult($r)) { return; } @@ -2982,7 +2980,7 @@ class DFRN $sec = random_string(); - dba::insert('profile_check', ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]); + DBA::insert('profile_check', ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]); $url = curPageURL(); @@ -3023,12 +3021,12 @@ class DFRN $u = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($uid) ); - if (!DBM::is_result($u)) { + if (!DBA::isResult($u)) { return false; } - $community_page = ($u[0]['page-flags'] == PAGE_COMMUNITY); - $prvgroup = ($u[0]['page-flags'] == PAGE_PRVGROUP); + $community_page = ($u[0]['page-flags'] == Contact::PAGE_COMMUNITY); + $prvgroup = ($u[0]['page-flags'] == Contact::PAGE_PRVGROUP); $link = normalise_link(System::baseUrl() . '/profile/' . $u[0]['nickname']);