mirror of
https://github.com/friendica/friendica
synced 2024-11-14 09:42:54 +00:00
Merge remote branch 'upstream/master'
This commit is contained in:
commit
6d31e3d6ef
24 changed files with 113 additions and 66 deletions
2
boot.php
2
boot.php
|
@ -9,7 +9,7 @@ require_once('include/nav.php');
|
||||||
require_once('include/cache.php');
|
require_once('include/cache.php');
|
||||||
|
|
||||||
define ( 'FRIENDICA_PLATFORM', 'Friendica');
|
define ( 'FRIENDICA_PLATFORM', 'Friendica');
|
||||||
define ( 'FRIENDICA_VERSION', '2.3.1283' );
|
define ( 'FRIENDICA_VERSION', '2.3.1285' );
|
||||||
define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
|
define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
|
||||||
define ( 'DB_UPDATE_VERSION', 1132 );
|
define ( 'DB_UPDATE_VERSION', 1132 );
|
||||||
|
|
||||||
|
|
|
@ -649,7 +649,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
|
||||||
// template to use to render item (wall, walltowall, search)
|
// template to use to render item (wall, walltowall, search)
|
||||||
'template' => $template,
|
'template' => $template,
|
||||||
|
|
||||||
'type' => implode("",array_slice(split("/",$item['verb']),-1)),
|
'type' => implode("",array_slice(explode("/",$item['verb']),-1)),
|
||||||
'tags' => $tags,
|
'tags' => $tags,
|
||||||
'body' => template_escape($body),
|
'body' => template_escape($body),
|
||||||
'text' => strip_tags(template_escape($body)),
|
'text' => strip_tags(template_escape($body)),
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
require_once('include/datetime.php');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* MySQL database class
|
* MySQL database class
|
||||||
|
@ -104,7 +106,6 @@ class dba {
|
||||||
|
|
||||||
logger('dba: ' . $str );
|
logger('dba: ' . $str );
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* If dbfail.out exists, we will write any failed calls directly to it,
|
* If dbfail.out exists, we will write any failed calls directly to it,
|
||||||
|
@ -115,8 +116,7 @@ class dba {
|
||||||
if($result === false) {
|
if($result === false) {
|
||||||
logger('dba: ' . printable($sql) . ' returned false.');
|
logger('dba: ' . printable($sql) . ' returned false.');
|
||||||
if(file_exists('dbfail.out'))
|
if(file_exists('dbfail.out'))
|
||||||
file_put_contents('dbfail.out', printable($sql) . ' returned false' . "\n", FILE_APPEND);
|
file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n", FILE_APPEND);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(($result === true) || ($result === false))
|
if(($result === true) || ($result === false))
|
||||||
|
@ -140,7 +140,7 @@ class dba {
|
||||||
|
|
||||||
|
|
||||||
if($this->debug)
|
if($this->debug)
|
||||||
logger('dba: ' . printable(print_r($r, true)), LOGGER_DATA);
|
logger('dba: ' . printable(print_r($r, true)));
|
||||||
return($r);
|
return($r);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -256,7 +256,8 @@ function delivery_run($argv, $argc){
|
||||||
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
|
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
|
||||||
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
|
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
|
||||||
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
|
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
|
||||||
'$birthday' => $birthday
|
'$birthday' => $birthday,
|
||||||
|
'$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
|
||||||
));
|
));
|
||||||
|
|
||||||
foreach($items as $item) {
|
foreach($items as $item) {
|
||||||
|
|
|
@ -56,7 +56,7 @@ function email_msg_headers($mbox,$uid) {
|
||||||
$raw_header = (($mbox && $uid) ? @imap_fetchheader($mbox,$uid,FT_UID) : '');
|
$raw_header = (($mbox && $uid) ? @imap_fetchheader($mbox,$uid,FT_UID) : '');
|
||||||
$raw_header = str_replace("\r",'',$raw_header);
|
$raw_header = str_replace("\r",'',$raw_header);
|
||||||
$ret = array();
|
$ret = array();
|
||||||
$h = split("\n",$raw_header);
|
$h = explode("\n",$raw_header);
|
||||||
if(count($h))
|
if(count($h))
|
||||||
foreach($h as $line ) {
|
foreach($h as $line ) {
|
||||||
if (preg_match("/^[a-zA-Z]/", $line)) {
|
if (preg_match("/^[a-zA-Z]/", $line)) {
|
||||||
|
|
|
@ -28,7 +28,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
|
||||||
|
|
||||||
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
|
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
|
||||||
|
|
||||||
$r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`
|
$r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`
|
||||||
FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
|
FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
|
||||||
WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1",
|
WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1",
|
||||||
dbesc($owner_nick)
|
dbesc($owner_nick)
|
||||||
|
@ -156,7 +156,8 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
|
||||||
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
|
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
|
||||||
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
|
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
|
||||||
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
|
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
|
||||||
'$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : '')
|
'$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''),
|
||||||
|
'$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
|
||||||
));
|
));
|
||||||
|
|
||||||
call_hooks('atom_feed', $atom);
|
call_hooks('atom_feed', $atom);
|
||||||
|
@ -1404,6 +1405,19 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$community_page = 0;
|
||||||
|
$rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community');
|
||||||
|
if($rawtags) {
|
||||||
|
$community_page = intval($rawtags[0]['data']);
|
||||||
|
}
|
||||||
|
if(is_array($contact) && intval($contact['forum']) != $community_page) {
|
||||||
|
q("update contact set forum = %d where id = %d limit 1",
|
||||||
|
intval($community_page),
|
||||||
|
intval($contact['id'])
|
||||||
|
);
|
||||||
|
$contact['forum'] = (string) $community_page;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// process any deleted entries
|
// process any deleted entries
|
||||||
|
|
||||||
|
@ -1988,6 +2002,19 @@ function local_delivery($importer,$data) {
|
||||||
// NOTREACHED
|
// NOTREACHED
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$community_page = 0;
|
||||||
|
$rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community');
|
||||||
|
if($rawtags) {
|
||||||
|
$community_page = intval($rawtags[0]['data']);
|
||||||
|
}
|
||||||
|
if(intval($importer['forum']) != $community_page) {
|
||||||
|
q("update contact set forum = %d where id = %d limit 1",
|
||||||
|
intval($community_page),
|
||||||
|
intval($importer['id'])
|
||||||
|
);
|
||||||
|
$importer['forum'] = (string) $community_page;
|
||||||
|
}
|
||||||
|
|
||||||
logger('local_delivery: feed item count = ' . $feed->get_item_quantity());
|
logger('local_delivery: feed item count = ' . $feed->get_item_quantity());
|
||||||
|
|
||||||
// process any deleted entries
|
// process any deleted entries
|
||||||
|
|
|
@ -303,7 +303,7 @@ function webfinger_dfrn($s,&$hcard) {
|
||||||
|
|
||||||
|
|
||||||
if(! function_exists('webfinger')) {
|
if(! function_exists('webfinger')) {
|
||||||
function webfinger($s) {
|
function webfinger($s, $debug = false) {
|
||||||
$host = '';
|
$host = '';
|
||||||
if(strstr($s,'@')) {
|
if(strstr($s,'@')) {
|
||||||
$host = substr($s,strpos($s,'@') + 1);
|
$host = substr($s,strpos($s,'@') + 1);
|
||||||
|
@ -328,7 +328,7 @@ function webfinger($s) {
|
||||||
}}
|
}}
|
||||||
|
|
||||||
if(! function_exists('lrdd')) {
|
if(! function_exists('lrdd')) {
|
||||||
function lrdd($uri) {
|
function lrdd($uri, $debug = false) {
|
||||||
|
|
||||||
$a = get_app();
|
$a = get_app();
|
||||||
|
|
||||||
|
|
|
@ -337,7 +337,9 @@ function notifier_run($argv, $argc){
|
||||||
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
|
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
|
||||||
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
|
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
|
||||||
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
|
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
|
||||||
'$birthday' => $birthday
|
'$birthday' => $birthday,
|
||||||
|
'$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
|
||||||
|
|
||||||
));
|
));
|
||||||
|
|
||||||
if($mail) {
|
if($mail) {
|
||||||
|
|
|
@ -232,7 +232,7 @@ function poller_run($argv, $argc){
|
||||||
|
|
||||||
$importer_uid = $contact['uid'];
|
$importer_uid = $contact['uid'];
|
||||||
|
|
||||||
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
|
$r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `contact`.`uid` = `user`.`uid` WHERE `user`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1",
|
||||||
intval($importer_uid)
|
intval($importer_uid)
|
||||||
);
|
);
|
||||||
if(! count($r))
|
if(! count($r))
|
||||||
|
|
|
@ -61,13 +61,18 @@ function queue_run($argv, $argc){
|
||||||
q("DELETE FROM `queue` WHERE `created` < UTC_TIMESTAMP() - INTERVAL 3 DAY");
|
q("DELETE FROM `queue` WHERE `created` < UTC_TIMESTAMP() - INTERVAL 3 DAY");
|
||||||
}
|
}
|
||||||
|
|
||||||
if($queue_id)
|
if($queue_id) {
|
||||||
$r = q("SELECT `id` FROM `queue` WHERE `id` = %d LIMIT 1",
|
$r = q("SELECT `id` FROM `queue` WHERE `id` = %d LIMIT 1",
|
||||||
intval($queue_id)
|
intval($queue_id)
|
||||||
);
|
);
|
||||||
else
|
}
|
||||||
$r = q("SELECT `id` FROM `queue` WHERE `last` < UTC_TIMESTAMP() - INTERVAL 15 MINUTE ");
|
else {
|
||||||
|
|
||||||
|
// For the first 12 hours we'll try to deliver every 15 minutes
|
||||||
|
// After that, we'll only attempt delivery once per hour.
|
||||||
|
|
||||||
|
$r = q("SELECT `id` FROM `queue` WHERE (( `created` > UTC_TIMESTAMP() - INTERVAL 12 HOUR && `last` < UTC_TIMESTAMP() - INTERVAL 15 MINUTE ) OR ( `last` < UTC_TIMESTAMP() - INTERVAL 1 HOUR ))");
|
||||||
|
}
|
||||||
if(! count($r)){
|
if(! count($r)){
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
@ -299,16 +299,16 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
|
||||||
* Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are,
|
* Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are,
|
||||||
* so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
|
* so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
|
||||||
*/
|
*/
|
||||||
function get_form_security_token($typename = "") {
|
function get_form_security_token($typename = '') {
|
||||||
$a = get_app();
|
$a = get_app();
|
||||||
|
|
||||||
$timestamp = time();
|
$timestamp = time();
|
||||||
$sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $timestamp . $typename);
|
$sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $timestamp . $typename);
|
||||||
|
|
||||||
return $timestamp . "." . $sec_hash;
|
return $timestamp . '.' . $sec_hash;
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_form_security_token($typename = "", $formname = 'form_security_token') {
|
function check_form_security_token($typename = '', $formname = 'form_security_token') {
|
||||||
if (!x($_REQUEST, $formname)) return false;
|
if (!x($_REQUEST, $formname)) return false;
|
||||||
$hash = $_REQUEST[$formname];
|
$hash = $_REQUEST[$formname];
|
||||||
|
|
||||||
|
@ -316,10 +316,10 @@ function check_form_security_token($typename = "", $formname = 'form_security_to
|
||||||
|
|
||||||
$a = get_app();
|
$a = get_app();
|
||||||
|
|
||||||
$x = explode(".", $hash);
|
$x = explode('.', $hash);
|
||||||
if (time() > (IntVal($x[0]) + $max_livetime)) return false;
|
if (time() > (IntVal($x[0]) + $max_livetime)) return false;
|
||||||
|
|
||||||
$sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $x[0] . $typename);
|
$sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename);
|
||||||
|
|
||||||
return ($sec_hash == $x[1]);
|
return ($sec_hash == $x[1]);
|
||||||
}
|
}
|
||||||
|
@ -327,10 +327,20 @@ function check_form_security_token($typename = "", $formname = 'form_security_to
|
||||||
function check_form_security_std_err_msg() {
|
function check_form_security_std_err_msg() {
|
||||||
return t('The form security token was not correct. This probably happened because the form has been opened for too long (>3 hours) before subitting it.') . EOL;
|
return t('The form security token was not correct. This probably happened because the form has been opened for too long (>3 hours) before subitting it.') . EOL;
|
||||||
}
|
}
|
||||||
function check_form_security_token_redirectOnErr($err_redirect, $typename = "", $formname = 'form_security_token') {
|
function check_form_security_token_redirectOnErr($err_redirect, $typename = '', $formname = 'form_security_token') {
|
||||||
if (!check_form_security_token($typename, $formname)) {
|
if (!check_form_security_token($typename, $formname)) {
|
||||||
$a = get_app();
|
$a = get_app();
|
||||||
|
logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
|
||||||
|
logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
|
||||||
notice( check_form_security_std_err_msg() );
|
notice( check_form_security_std_err_msg() );
|
||||||
goaway($a->get_baseurl() . $err_redirect );
|
goaway($a->get_baseurl() . $err_redirect );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') {
|
||||||
|
if (!check_form_security_token($typename, $formname)) {
|
||||||
|
logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
|
||||||
|
logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
|
||||||
|
header('HTTP/1.1 403 Forbidden');
|
||||||
|
killme();
|
||||||
|
}
|
||||||
|
}
|
|
@ -203,7 +203,7 @@
|
||||||
$os=$s; $count++;
|
$os=$s; $count++;
|
||||||
$s = $this->var_replace($s);
|
$s = $this->var_replace($s);
|
||||||
}
|
}
|
||||||
return template_unescape($s);
|
return $s;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@ function replace_macros($s,$r) {
|
||||||
|
|
||||||
//$a = get_app();
|
//$a = get_app();
|
||||||
//$a->page['debug'] .= "$tt <br>\n";
|
//$a->page['debug'] .= "$tt <br>\n";
|
||||||
return $r;
|
return template_unescape($r);
|
||||||
|
|
||||||
}}
|
}}
|
||||||
|
|
||||||
|
|
|
@ -486,9 +486,9 @@
|
||||||
return a.join('');
|
return a.join('');
|
||||||
}
|
}
|
||||||
|
|
||||||
function groupChangeMember(gid,cid) {
|
function groupChangeMember(gid, cid, sec_token) {
|
||||||
$('body .fakelink').css('cursor', 'wait');
|
$('body .fakelink').css('cursor', 'wait');
|
||||||
$.get('group/' + gid + '/' + cid, function(data) {
|
$.get('group/' + gid + '/' + cid + "?t=" + sec_token, function(data) {
|
||||||
$('#group-update-wrapper').html(data);
|
$('#group-update-wrapper').html(data);
|
||||||
$('body .fakelink').css('cursor', 'auto');
|
$('body .fakelink').css('cursor', 'auto');
|
||||||
});
|
});
|
||||||
|
|
|
@ -25,10 +25,6 @@ function directory_post(&$a) {
|
||||||
|
|
||||||
function directory_content(&$a) {
|
function directory_content(&$a) {
|
||||||
|
|
||||||
$everything = (($a->argc > 1 && $a->argv[1] === 'all' && is_site_admin()) ? true : false);
|
|
||||||
if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
|
|
||||||
$everything = false;
|
|
||||||
|
|
||||||
if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
|
if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
|
||||||
notice( t('Public access denied.') . EOL);
|
notice( t('Public access denied.') . EOL);
|
||||||
return;
|
return;
|
||||||
|
@ -52,12 +48,6 @@ function directory_content(&$a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
$admin = '';
|
$admin = '';
|
||||||
if(is_site_admin()) {
|
|
||||||
if($everything)
|
|
||||||
$admin = '<ul><li><div id="directory-admin-link"><a href="' . $a->get_baseurl() . '/directory' . '">' . t('Normal site view') . '</a></div></li></ul>';
|
|
||||||
else
|
|
||||||
$admin = '<ul><li><div id="directory-admin-link"><a href="' . $a->get_baseurl() . '/directory/all' . '">' . t('Admin - View all site entries') . '</a></div></li></ul>';
|
|
||||||
}
|
|
||||||
|
|
||||||
$o .= replace_macros($tpl, array(
|
$o .= replace_macros($tpl, array(
|
||||||
'$search' => $search,
|
'$search' => $search,
|
||||||
|
@ -73,16 +63,13 @@ function directory_content(&$a) {
|
||||||
$search = dbesc($search);
|
$search = dbesc($search);
|
||||||
$sql_extra = ((strlen($search)) ? " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`,`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` ) AGAINST ('$search' IN BOOLEAN MODE) " : "");
|
$sql_extra = ((strlen($search)) ? " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`,`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` ) AGAINST ('$search' IN BOOLEAN MODE) " : "");
|
||||||
|
|
||||||
$publish = ((get_config('system','publish_all') || $everything) ? '' : " AND `publish` = 1 " );
|
$publish = ((get_config('system','publish_all')) ? '' : " AND `publish` = 1 " );
|
||||||
|
|
||||||
|
|
||||||
$r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 $publish AND `user`.`blocked` = 0 $sql_extra ");
|
$r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 $publish AND `user`.`blocked` = 0 $sql_extra ");
|
||||||
if(count($r))
|
if(count($r))
|
||||||
$a->set_pager_total($r[0]['total']);
|
$a->set_pager_total($r[0]['total']);
|
||||||
|
|
||||||
if($everything)
|
|
||||||
$order = " ORDER BY `register_date` DESC ";
|
|
||||||
else
|
|
||||||
$order = " ORDER BY `name` ASC ";
|
$order = " ORDER BY `name` ASC ";
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -21,6 +21,8 @@ function group_post(&$a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if(($a->argc == 2) && ($a->argv[1] === 'new')) {
|
if(($a->argc == 2) && ($a->argv[1] === 'new')) {
|
||||||
|
check_form_security_token_redirectOnErr('/group/new', 'group_edit');
|
||||||
|
|
||||||
$name = notags(trim($_POST['groupname']));
|
$name = notags(trim($_POST['groupname']));
|
||||||
$r = group_add(local_user(),$name);
|
$r = group_add(local_user(),$name);
|
||||||
if($r) {
|
if($r) {
|
||||||
|
@ -35,6 +37,8 @@ function group_post(&$a) {
|
||||||
return; // NOTREACHED
|
return; // NOTREACHED
|
||||||
}
|
}
|
||||||
if(($a->argc == 2) && (intval($a->argv[1]))) {
|
if(($a->argc == 2) && (intval($a->argv[1]))) {
|
||||||
|
check_form_security_token_redirectOnErr('/group', 'group_edit');
|
||||||
|
|
||||||
$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
||||||
intval($a->argv[1]),
|
intval($a->argv[1]),
|
||||||
intval(local_user())
|
intval(local_user())
|
||||||
|
@ -62,6 +66,7 @@ function group_post(&$a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function group_content(&$a) {
|
function group_content(&$a) {
|
||||||
|
$change = false;
|
||||||
|
|
||||||
if(! local_user()) {
|
if(! local_user()) {
|
||||||
notice( t('Permission denied') . EOL);
|
notice( t('Permission denied') . EOL);
|
||||||
|
@ -83,14 +88,17 @@ function group_content(&$a) {
|
||||||
|
|
||||||
return replace_macros($tpl, $context + array(
|
return replace_macros($tpl, $context + array(
|
||||||
'$title' => t('Create a group of contacts/friends.'),
|
'$title' => t('Create a group of contacts/friends.'),
|
||||||
'$gname' => array('groupname',t('Group Name: '),$group['name'], ''),
|
'$gname' => array('groupname',t('Group Name: '), '', ''),
|
||||||
'$gid' => 'new',
|
'$gid' => 'new',
|
||||||
|
'$form_security_token' => get_form_security_token("group_edit"),
|
||||||
));
|
));
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(($a->argc == 3) && ($a->argv[1] === 'drop')) {
|
if(($a->argc == 3) && ($a->argv[1] === 'drop')) {
|
||||||
|
check_form_security_token_redirectOnErr('/group', 'group_drop', 't');
|
||||||
|
|
||||||
if(intval($a->argv[2])) {
|
if(intval($a->argv[2])) {
|
||||||
$r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
$r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
||||||
intval($a->argv[2]),
|
intval($a->argv[2]),
|
||||||
|
@ -108,6 +116,8 @@ function group_content(&$a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) {
|
if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) {
|
||||||
|
check_form_security_token_ForbiddenOnErr('group_member_change', 't');
|
||||||
|
|
||||||
$r = q("SELECT `id` FROM `contact` WHERE `id` = %d AND `uid` = %d and `self` = 0 and `blocked` = 0 AND `pending` = 0 LIMIT 1",
|
$r = q("SELECT `id` FROM `contact` WHERE `id` = %d AND `uid` = %d and `self` = 0 and `blocked` = 0 AND `pending` = 0 LIMIT 1",
|
||||||
intval($a->argv[2]),
|
intval($a->argv[2]),
|
||||||
intval(local_user())
|
intval(local_user())
|
||||||
|
@ -155,7 +165,8 @@ function group_content(&$a) {
|
||||||
$drop_tpl = get_markup_template('group_drop.tpl');
|
$drop_tpl = get_markup_template('group_drop.tpl');
|
||||||
$drop_txt = replace_macros($drop_tpl, array(
|
$drop_txt = replace_macros($drop_tpl, array(
|
||||||
'$id' => $group['id'],
|
'$id' => $group['id'],
|
||||||
'$delete' => t('Delete')
|
'$delete' => t('Delete'),
|
||||||
|
'$form_security_token' => get_form_security_token("group_drop"),
|
||||||
));
|
));
|
||||||
|
|
||||||
$celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false);
|
$celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false);
|
||||||
|
@ -166,6 +177,7 @@ function group_content(&$a) {
|
||||||
'$gname' => array('groupname',t('Group Name: '),$group['name'], ''),
|
'$gname' => array('groupname',t('Group Name: '),$group['name'], ''),
|
||||||
'$gid' => $group['id'],
|
'$gid' => $group['id'],
|
||||||
'$drop' => $drop_txt,
|
'$drop' => $drop_txt,
|
||||||
|
'$form_security_token' => get_form_security_token('group_edit'),
|
||||||
);
|
);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -177,14 +189,14 @@ function group_content(&$a) {
|
||||||
'label_members' => t('Members'),
|
'label_members' => t('Members'),
|
||||||
'members' => array(),
|
'members' => array(),
|
||||||
'label_contacts' => t('All Contacts'),
|
'label_contacts' => t('All Contacts'),
|
||||||
'contacts' => arraY(),
|
'contacts' => array(),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$sec_token = addslashes(get_form_security_token('group_member_change'));
|
||||||
$textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false);
|
$textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false);
|
||||||
foreach($members as $member) {
|
foreach($members as $member) {
|
||||||
if($member['url']) {
|
if($member['url']) {
|
||||||
$member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;';
|
$member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;';
|
||||||
$groupeditor['members'][] = micropro($member,true,'mpgroup', $textmode);
|
$groupeditor['members'][] = micropro($member,true,'mpgroup', $textmode);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -199,7 +211,7 @@ function group_content(&$a) {
|
||||||
$textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false);
|
$textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false);
|
||||||
foreach($r as $member) {
|
foreach($r as $member) {
|
||||||
if(! in_array($member['id'],$preselected)) {
|
if(! in_array($member['id'],$preselected)) {
|
||||||
$member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;';
|
$member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;';
|
||||||
$groupeditor['contacts'][] = micropro($member,true,'mpall', $textmode);
|
$groupeditor['contacts'][] = micropro($member,true,'mpall', $textmode);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1069,7 +1069,7 @@ function photos_content(&$a) {
|
||||||
if($can_post && ($ph[0]['uid'] == $owner_uid)) {
|
if($can_post && ($ph[0]['uid'] == $owner_uid)) {
|
||||||
$tools = array(
|
$tools = array(
|
||||||
'edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . (($cmd === 'edit') ? '' : '/edit'), (($cmd === 'edit') ? t('View photo') : t('Edit photo'))),
|
'edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . (($cmd === 'edit') ? '' : '/edit'), (($cmd === 'edit') ? t('View photo') : t('Edit photo'))),
|
||||||
'profile'=>array($a->get_baseurl() . '/profile_photo/use/'.$ph[0]['resource-id'], t('Use as profile photo')),
|
'profile'=>array($a->get_baseurl() . '/profile_photo/use/'.$ph[0]['resource-id'] . '?form_security_token=' . get_form_security_token('profile_photo'), t('Use as profile photo')),
|
||||||
);
|
);
|
||||||
|
|
||||||
// lock
|
// lock
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
<link rel="license" href="http://creativecommons.org/licenses/by/3.0/" />
|
<link rel="license" href="http://creativecommons.org/licenses/by/3.0/" />
|
||||||
$hub
|
$hub
|
||||||
$salmon
|
$salmon
|
||||||
|
$community
|
||||||
|
|
||||||
<updated>$feed_updated</updated>
|
<updated>$feed_updated</updated>
|
||||||
|
|
||||||
|
|
|
@ -12,10 +12,11 @@
|
||||||
|
|
||||||
<id>$feed_id</id>
|
<id>$feed_id</id>
|
||||||
<title>$feed_title</title>
|
<title>$feed_title</title>
|
||||||
<generator uri="http://friendika.com" version="$version">Friendika</generator>
|
<generator uri="http://friendica.com" version="$version">Friendica</generator>
|
||||||
<link rel="license" href="http://creativecommons.org/licenses/by/3.0/" />
|
<link rel="license" href="http://creativecommons.org/licenses/by/3.0/" />
|
||||||
$hub
|
$hub
|
||||||
$salmon
|
$salmon
|
||||||
|
$community
|
||||||
|
|
||||||
<updated>$feed_updated</updated>
|
<updated>$feed_updated</updated>
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
<div class="group-delete-wrapper button" id="group-delete-wrapper-$id" >
|
<div class="group-delete-wrapper button" id="group-delete-wrapper-$id" >
|
||||||
<a href="group/drop/$id"
|
<a href="group/drop/$id?t=$form_security_token"
|
||||||
onclick="return confirmDelete();"
|
onclick="return confirmDelete();"
|
||||||
id="group-delete-icon-$id"
|
id="group-delete-icon-$id"
|
||||||
class="icon drophide group-delete-icon"
|
class="icon drophide group-delete-icon"
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
<div id="group-edit-wrapper" >
|
<div id="group-edit-wrapper" >
|
||||||
<form action="group/$gid" id="group-edit-form" method="post" >
|
<form action="group/$gid" id="group-edit-form" method="post" >
|
||||||
|
<input type='hidden' name='form_security_token' value='$form_security_token'>
|
||||||
|
|
||||||
{{ inc field_input.tpl with $field=$gname }}{{ endinc }}
|
{{ inc field_input.tpl with $field=$gname }}{{ endinc }}
|
||||||
{{ if $drop }}$drop{{ endif }}
|
{{ if $drop }}$drop{{ endif }}
|
||||||
|
|
|
@ -1258,7 +1258,7 @@ section {
|
||||||
}
|
}
|
||||||
[class^="comment-edit-text"] {
|
[class^="comment-edit-text"] {
|
||||||
margin: 5px 0 10px 20px;
|
margin: 5px 0 10px 20px;
|
||||||
width: 86.5%;
|
width: 84.5%;
|
||||||
}
|
}
|
||||||
.comment-edit-text-empty {
|
.comment-edit-text-empty {
|
||||||
height: 20px;
|
height: 20px;
|
||||||
|
|
|
@ -1256,7 +1256,7 @@ section {
|
||||||
}
|
}
|
||||||
[class^="comment-edit-text"] {
|
[class^="comment-edit-text"] {
|
||||||
margin: 5px 0 10px 20px;
|
margin: 5px 0 10px 20px;
|
||||||
width: 86.5%;
|
width: 84.5%;
|
||||||
}
|
}
|
||||||
.comment-edit-text-empty {
|
.comment-edit-text-empty {
|
||||||
height: 20px;
|
height: 20px;
|
||||||
|
|
Loading…
Reference in a new issue