Merge pull request #4573 from MrPetovan/bug/fix-attach-display

Add support for Atom enclosure

diff --git a/doc/Settings.md b/doc/Settings.md
index a574e0675c3d0627cfeb1cdbd2660582191209ed..5f41bb83b3f667786458802bafa92c169ff9e6cb 100644 (file)
--- a/doc/Settings.md
+++ b/doc/Settings.md
@@ -57,6 +57,21 @@ The `vier` theme for instance is mobile friendly.
 
 ### Registration
 
+#### Register policy
+
+With this drop down selector you can set the nodes registration policy.
+You can chose between the following modes:
+
+* **open**: Everybody can register a new account and start using it right away.
+* **requires approval**: Everybody can register a new account, but the admin has to approve it before it can be used.
+* **closed**: No new registrations are possible.
+
+##### Invitation based registry
+
+Additionally to the setting in the admin panel, you can devide if registrations are only possible using an invitation code or not.
+To enable invitation based registration, you have to set the `invitation_only` setting in the [.htconfig.php](/help/htconfig) file.
+If you want to use this method, the registration policy has to be set to either *open* or *requires approval*.
+
 #### Check Full Names
 
 You may find a lot of spammers trying to register on your site.

diff --git a/doc/de/Settings.md b/doc/de/Settings.md
index 1c7a487431ccd5647ddc896abf386a2cc0544f2d..e3f5dbe84add0423ca0389c037cb46a0d4b151c7 100644 (file)
--- a/doc/de/Settings.md
+++ b/doc/de/Settings.md
@@ -54,6 +54,20 @@ Das `vier` Theme z.B. unterstützt kleine Anzeigen und benötigt kein zusätzlic
 
 ### Registrierung
 
+#### Registrierungsmethode
+
+Diese Einstellung regelt die Art der Registrierung.
+Dabei kannst du zwischen den folgenden Optionen wählen:
+
+* **Offen**: Jeder kann ein neues Nutzerkonto anlegen und es sofort benutzen.
+* **Bedarf der Zustimmung**: Jeder kann ein Nutzerkonto anlegen. Dieses muss allerdings durch den Admin freigeschaltet werden, bevor es verwendet werden kann.
+* **Geschlossen**: Es können keine weiteren Nutzerkonten angelegt werden.
+
+##### Einladungen 
+
+Zusätzlich zu den oben genannten Möglichkeiten, kann die Registrierung eines neuen Nutzerkontos an eine Einladung durch einen bestehenden Nutzer gekoppelt werden.
+Hierzu muss in der [.htconfig.php](/help/htconfig) Datei die Option `invitation_only` aktiviert und als Registrierungsmethode entweder *Offen* oder *Bedarf der Zustimmung* gewählt werden.
+
 #### Namen auf Vollständigkeit überprüfen
 
 Es kann vorkommen, dass viele Spammer versuchen, sich auf deiner Seite zu registrieren. 

diff --git a/doc/htconfig.md b/doc/htconfig.md
index 3a482742d2c25821c8e148fe207410c797c313de..a19a92a4afef810c7876bbb2c79130b6a62175a4 100644 (file)
--- a/doc/htconfig.md
+++ b/doc/htconfig.md
@@ -47,6 +47,7 @@ Example: To set the automatic database cleanup process add this line to your .ht
 * **ignore_cache** (Boolean) - For development only. Disables the item cache.
 * **instances_social_key** - Key to the API of https://instances.social which retrieves data about mastodon servers. See https://instances.social/api/token to get an API key.
 * **ipv4_resolve** (Boolean) - Resolve IPV4 addresses only. Don't resolve to IPV6. Default value is false.
+* **invitation_only** (Boolean) -  If set true registration is only possible after a current member of the node has send an invitation. Default is false.
 * **like_no_comment** (Boolean) - Don't update the "commented" value of an item when it is liked.
 * **local_block** (Boolean) - Used in conjunction with "block_public".
 * **local_search** (Boolean) - Blocks search for users who are not logged in to prevent crawlers from blocking your system.

diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php
index 8dd9305ca316f263f98503304ef59492b868eaed..091957c197408ae9921be0904b19f0ec81bbba80 100644 (file)
--- a/src/Content/Text/BBCode.php
+++ b/src/Content/Text/BBCode.php
@@ -1123,13 +1123,13 @@ class BBCode
                                }
 
                                if (stripos(normalise_link($link), 'http://twitter.com/') === 0) {
+                                       $text .= '<br /><a href="' . $link . '">' . $link . '</a>';
+                               } else {
                                        $text .= $headline . '<blockquote>' . trim($share[3]) . "</blockquote><br />";
 
                                        if ($link != "") {
                                                $text .= '<br /><a href="' . $link . '">[l]</a>';
                                        }
-                               } else {
-                                       $text .= '<br /><a href="' . $link . '">' . $link . '</a>';
                                }
 
                                break;

diff --git a/src/Core/NotificationsManager.php b/src/Core/NotificationsManager.php
index 0e552d2e09620207632ffec2c58e7eb61badb4f5..10646cbf97d3aec1d5b310acd369e8d7f8fd9e7e 100644 (file)
--- a/src/Core/NotificationsManager.php
+++ b/src/Core/NotificationsManager.php
@@ -135,7 +135,7 @@ class NotificationsManager extends BaseObject
        public function setSeen($note, $seen = true)
        {
                return q(
-                       "UPDATE `notify` SET `seen` = %d WHERE ( `link` = '%s' OR ( `parent` != 0 AND `parent` = %d AND `otype` = '%s' )) AND `uid` = %d",
+                       "UPDATE `notify` SET `seen` = %d WHERE (`link` = '%s' OR (`parent` != 0 AND `parent` = %d AND `otype` = '%s')) AND `uid` = %d",
                        intval($seen),
                        dbesc($note['link']),
                        intval($note['parent']),
@@ -384,16 +384,18 @@ class NotificationsManager extends BaseObject
        private function networkTotal($seen = 0)
        {
                $sql_seen = "";
+               $index_hint = "";
 
                if ($seen === 0) {
-                       $sql_seen = " AND `item`.`unseen` = 1 ";
+                       $sql_seen = " AND `item`.`unseen` ";
+                       $index_hint = "USE INDEX (`uid_unseen_contactid`)";
                }
 
                $r = q(
                        "SELECT COUNT(*) AS `total`
-                               FROM `item` INNER JOIN `item` AS `pitem` ON `pitem`.`id`=`item`.`parent`
-                               WHERE `item`.`visible` = 1 AND `pitem`.`parent` != 0 AND
-                                `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 0
+                               FROM `item` $index_hint STRAIGHT_JOIN `item` AS `pitem` ON `pitem`.`id`=`item`.`parent`
+                               WHERE `item`.`visible` AND `pitem`.`parent` != 0 AND
+                               NOT `item`.`deleted` AND `item`.`uid` = %d AND NOT `item`.`wall`
                                $sql_seen",
                        intval(local_user())
                );
@@ -423,18 +425,20 @@ class NotificationsManager extends BaseObject
                $total = $this->networkTotal($seen);
                $notifs = [];
                $sql_seen = "";
+               $index_hint = "";
 
                if ($seen === 0) {
-                       $sql_seen = " AND `item`.`unseen` = 1 ";
+                       $sql_seen = " AND `item`.`unseen` ";
+                       $index_hint = "USE INDEX (`uid_unseen_contactid`)";
                }
 
                $r = q(
                        "SELECT `item`.`id`,`item`.`parent`, `item`.`verb`, `item`.`author-name`, `item`.`unseen`,
                                `item`.`author-link`, `item`.`author-avatar`, `item`.`created`, `item`.`object` AS `object`,
                                `pitem`.`author-name` AS `pname`, `pitem`.`author-link` AS `plink`, `pitem`.`guid` AS `pguid`
-                       FROM `item` INNER JOIN `item` AS `pitem` ON `pitem`.`id`=`item`.`parent`
-                       WHERE `item`.`visible` = 1 AND `pitem`.`parent` != 0 AND
-                                `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 0
+                       FROM `item` $index_hint STRAIGHT_JOIN `item` AS `pitem` ON `pitem`.`id`=`item`.`parent`
+                       WHERE `item`.`visible` AND `pitem`.`parent` != 0 AND
+                               NOT `item`.`deleted` AND `item`.`uid` = %d AND NOT `item`.`wall`
                                $sql_seen
                        ORDER BY `item`.`created` DESC LIMIT %d, %d ",
                        intval(local_user()),
@@ -466,7 +470,7 @@ class NotificationsManager extends BaseObject
                $sql_seen = "";
 
                if ($seen === 0) {
-                       $sql_seen = " AND `seen` = 0 ";
+                       $sql_seen = " AND NOT `seen` ";
                }
 
                $r = q(
@@ -501,7 +505,7 @@ class NotificationsManager extends BaseObject
                $sql_seen = "";
 
                if ($seen === 0) {
-                       $sql_seen = " AND `seen` = 0 ";
+                       $sql_seen = " AND NOT `seen` ";
                }
 
                $r = q(
@@ -536,7 +540,7 @@ class NotificationsManager extends BaseObject
                $myurl = str_replace(['www.', '.'], ['', '\\.'], $myurl);
                $diasp_url = str_replace('/profile/', '/u/', $myurl);
                $sql_extra = sprintf(
-                       " AND ( `item`.`author-link` regexp '%s' OR `item`.`tag` regexp '%s' OR `item`.`tag` regexp '%s' ) ",
+                       " AND (`item`.`author-link` REGEXP '%s' OR `item`.`tag` REGEXP '%s' OR `item`.`tag` REGEXP '%s') ",
                        dbesc($myurl . '$'),
                        dbesc($myurl . '\\]'),
                        dbesc($diasp_url . '\\]')
@@ -555,19 +559,21 @@ class NotificationsManager extends BaseObject
        private function personalTotal($seen = 0)
        {
                $sql_seen = "";
+               $index_hint = "";
                $sql_extra = $this->personalSqlExtra();
 
                if ($seen === 0) {
-                       $sql_seen = " AND `item`.`unseen` = 1 ";
+                       $sql_seen = " AND `item`.`unseen` ";
+                       $index_hint = "USE INDEX (`uid_unseen_contactid`)";
                }
 
                $r = q(
                        "SELECT COUNT(*) AS `total`
-                               FROM `item` INNER JOIN `item` AS `pitem` ON  `pitem`.`id`=`item`.`parent`
-                               WHERE `item`.`visible` = 1
+                               FROM `item` $index_hint
+                               WHERE `item`.`visible`
                                $sql_extra
                                $sql_seen
-                               AND `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 0 ",
+                               AND NOT `item`.`deleted` AND `item`.`uid` = %d AND NOT `item`.`wall`",
                        intval(local_user())
                );
                if (DBM::is_result($r)) {
@@ -597,20 +603,22 @@ class NotificationsManager extends BaseObject
                $sql_extra = $this->personalSqlExtra();
                $notifs = [];
                $sql_seen = "";
+               $index_hint = "";
 
                if ($seen === 0) {
-                       $sql_seen = " AND `item`.`unseen` = 1 ";
+                       $sql_seen = " AND `item`.`unseen` ";
+                       $index_hint = "USE INDEX (`uid_unseen_contactid`)";
                }
 
                $r = q(
                        "SELECT `item`.`id`,`item`.`parent`, `item`.`verb`, `item`.`author-name`, `item`.`unseen`,
                                `item`.`author-link`, `item`.`author-avatar`, `item`.`created`, `item`.`object` AS `object`,
                                `pitem`.`author-name` AS `pname`, `pitem`.`author-link` AS `plink`, `pitem`.`guid` AS `pguid`
-                       FROM `item` INNER JOIN `item` AS `pitem` ON  `pitem`.`id`=`item`.`parent`
-                       WHERE `item`.`visible` = 1
+                       FROM `item` $index_hint STRAIGHT_JOIN `item` AS `pitem` ON `pitem`.`id`=`item`.`parent`
+                       WHERE `item`.`visible`
                                $sql_extra
                                $sql_seen
-                               AND `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 0
+                               AND NOT `item`.`deleted` AND `item`.`uid` = %d AND NOT `item`.`wall`
                        ORDER BY `item`.`created` DESC LIMIT %d, %d ",
                        intval(local_user()),
                        intval($start),
@@ -639,13 +647,15 @@ class NotificationsManager extends BaseObject
        private function homeTotal($seen = 0)
        {
                $sql_seen = "";
+               $index_hint = "";
 
                if ($seen === 0) {
-                       $sql_seen = " AND `item`.`unseen` = 1 ";
+                       $sql_seen = " AND `item`.`unseen` ";
+                       $index_hint = "USE INDEX (`uid_unseen_contactid`)";
                }
 
                $r = q(
-                       "SELECT COUNT(*) AS `total` FROM `item`
+                       "SELECT COUNT(*) AS `total` FROM `item` $index_hint
                                WHERE `item`.`visible` = 1 AND
                                 `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 1
                                $sql_seen",
@@ -677,18 +687,20 @@ class NotificationsManager extends BaseObject
                $total = $this->homeTotal($seen);
                $notifs = [];
                $sql_seen = "";
+               $index_hint = "";
 
                if ($seen === 0) {
-                       $sql_seen = " AND `item`.`unseen` = 1 ";
+                       $sql_seen = " AND `item`.`unseen` ";
+                       $index_hint = "USE INDEX (`uid_unseen_contactid`)";
                }
 
                $r = q(
                        "SELECT `item`.`id`,`item`.`parent`, `item`.`verb`, `item`.`author-name`, `item`.`unseen`,
                                `item`.`author-link`, `item`.`author-avatar`, `item`.`created`, `item`.`object` AS `object`,
                                `pitem`.`author-name` AS `pname`, `pitem`.`author-link` AS `plink`, `pitem`.`guid` AS `pguid`
-                       FROM `item` INNER JOIN `item` AS `pitem` ON `pitem`.`id`=`item`.`parent`
-                       WHERE `item`.`visible` = 1 AND
-                                `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 1
+                       FROM `item` $index_hint STRAIGHT_JOIN `item` AS `pitem` ON `pitem`.`id`=`item`.`parent`
+                       WHERE `item`.`visible` AND
+                               NOT `item`.`deleted` AND `item`.`uid` = %d AND `item`.`wall`
                                $sql_seen
                        ORDER BY `item`.`created` DESC LIMIT %d, %d ",
                        intval(local_user()),

diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php
index 384a019587f4e8282e5f14def77c467fce1a4de0..097ec8ddd58d9fb3ee9781af1802d72c3876fa7d 100644 (file)
--- a/src/Protocol/Diaspora.php
+++ b/src/Protocol/Diaspora.php
@@ -221,11 +221,20 @@ class Diaspora
 
                $signable_data = $msg.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg);
 
+               if ($handle == '') {
+                       logger('No author could be decoded. Discarding. Message: ' . $envelope);
+                       return false;
+               }
+
                $key = self::key($handle);
+               if ($key == '') {
+                       logger("Couldn't get a key for handle " . $handle . ". Discarding.");
+                       return false;
+               }
 
                $verify = Crypto::rsaVerify($signable_data, $sig, $key);
                if (!$verify) {
-                       logger('Message did not verify. Discarding.');
+                       logger('Message from ' . $handle . ' did not verify. Discarding.');
                        return false;
                }
 
@@ -321,7 +330,16 @@ class Diaspora
                // Get the senders' public key
                $key_id = $base->sig[0]->attributes()->key_id[0];
                $author_addr = base64_decode($key_id);
+               if ($author_addr == '') {
+                       logger('No author could be decoded. Discarding. Message: ' . $xml);
+                       System::httpExit(400);
+               }
+
                $key = self::key($author_addr);
+               if ($key == '') {
+                       logger("Couldn't get a key for handle " . $author_addr . ". Discarding.");
+                       System::httpExit(400);
+               }
 
                $verify = Crypto::rsaVerify($signed_data, $signature, $key);
                if (!$verify) {