diff --git a/.gitignore b/.gitignore
index 6302bc1c8b..2531fe4cdd 100755
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,9 @@ addon
#ignore documentation, it should be newly built
doc/api
+#ignore reports, should be generted with every build
+report/
+
#ignore config files from eclipse, we don't want IDE files in our repository
.project
.buildpath
diff --git a/.htaccess b/.htaccess
index 1df5096702..5f9531a7eb 100755
--- a/.htaccess
+++ b/.htaccess
@@ -5,6 +5,9 @@ AddType audio/ogg .oga
Deny from all
+
+Deny from all
+
RewriteEngine on
diff --git a/boot.php b/boot.php
index 1414adb069..04f36093bf 100755
--- a/boot.php
+++ b/boot.php
@@ -9,8 +9,8 @@ require_once('include/nav.php');
require_once('include/cache.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica');
-define ( 'FRIENDICA_VERSION', '2.3.1277' );
-define ( 'DFRN_PROTOCOL_VERSION', '2.22' );
+define ( 'FRIENDICA_VERSION', '2.3.1281' );
+define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
define ( 'DB_UPDATE_VERSION', 1131 );
define ( 'EOL', " \r\n" );
@@ -379,11 +379,22 @@ class App {
$scheme = $this->scheme;
- if(x($this->config,'ssl_policy')) {
- if(($ssl) || ($this->config['ssl_policy'] == SSL_POLICY_FULL))
- $scheme = 'https';
- if(($this->config['ssl_policy'] == SSL_POLICY_SELFSIGN) && (local_user() || x($_POST,'auth-params')))
+ if((x($this->config,'system')) && (x($this->config['system'],'ssl_policy'))) {
+ if($this->config['system']['ssl_policy'] == SSL_POLICY_FULL)
$scheme = 'https';
+
+// We need to populate the $ssl flag across the entire program before turning this on.
+// Basically, we'll have $ssl = true on any links which can only be seen by a logged in user
+// (and also the login link). Anything seen by an outsider will have it turned off.
+// At present, setting SSL_POLICY_SELFSIGN will only force remote contacts to update their
+// contact links to this site with "http:" if they are currently using "https:"
+
+// if($this->config['system']['ssl_policy'] == SSL_POLICY_SELFSIGN) {
+// if($ssl)
+// $scheme = 'https';
+// else
+// $scheme = 'http';
+// }
}
$this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' );
@@ -685,6 +696,7 @@ function get_guid($size=16) {
if(! function_exists('login')) {
function login($register = false, $hiddens=false) {
+ $a = get_app();
$o = "";
$reg = false;
if ($register) {
@@ -704,23 +716,26 @@ function login($register = false, $hiddens=false) {
}
+ $dest_url = $a->get_baseurl(true) . '/' . $a->query_string;
$o .= replace_macros($tpl,array(
- '$logout' => t('Logout'),
- '$login' => t('Login'),
+
+ '$dest_url' => $dest_url,
+ '$logout' => t('Logout'),
+ '$login' => t('Login'),
'$lname' => array('username', t('Nickname or Email address: ') , '', ''),
'$lpassword' => array('password', t('Password: '), '', ''),
'$openid' => !$noid,
- '$lopenid' => array('openid_url', t('Or login using OpenID: '),'',''),
+ '$lopenid' => array('openid_url', t('Or login using OpenID: '),'',''),
- '$hiddens' => $hiddens,
+ '$hiddens' => $hiddens,
- '$register' => $reg,
+ '$register' => $reg,
- '$lostpass' => t('Forgot your password?'),
- '$lostlink' => t('Password Reset'),
+ '$lostpass' => t('Forgot your password?'),
+ '$lostlink' => t('Password Reset'),
));
call_hooks('login_hook',$o);
@@ -1209,7 +1224,7 @@ function current_theme(){
$a = get_app();
$system_theme = ((isset($a->config['system']['theme'])) ? $a->config['system']['theme'] : '');
- $theme_name = ((is_array($_SESSION) && x($_SESSION,'theme')) ? $_SESSION['theme'] : $system_theme);
+ $theme_name = ((isset($_SESSION) && x($_SESSION,'theme')) ? $_SESSION['theme'] : $system_theme);
if($theme_name && file_exists('view/theme/' . $theme_name . '/style.css'))
return($theme_name);
@@ -1335,7 +1350,7 @@ function profile_tabs($a, $is_owner=False, $nickname=Null){
array(
'label' => t('Profile'),
'url' => $url.'/?tab=profile',
- 'sel' => (($tab=='profile')?'active':''),
+ 'sel' => ((isset($tab) && $tab=='profile')?'active':''),
),
array(
'label' => t('Photos'),
diff --git a/build.xml b/build.xml
index 83c5300264..a61a5123d7 100644
--- a/build.xml
+++ b/build.xml
@@ -1,14 +1,49 @@
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
@@ -31,6 +66,9 @@
+
+
+
diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index caa0572d20..605a3eb78e 100755
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -75,4 +75,33 @@ function networks_widget($baseurl,$selected = '') {
));
}
+function fileas_widget($baseurl,$selected = '') {
+ $a = get_app();
+ if(! local_user())
+ return '';
+
+ $saved = get_pconfig(local_user(),'system','filetags');
+ if(! strlen($saved))
+ return;
+
+ $matches = false;
+ $terms = array();
+ $cnt = preg_match_all('/\[(.*?)\]/',$saved,$matches,PREG_SET_ORDER);
+ if($cnt) {
+ foreach($matches as $mtch) {
+ $unescaped = file_tag_decode($mtch[1]);
+ $terms[] = array('name' => $unescaped,'selected' => (($selected == $unescaped) ? 'selected' : ''));
+ }
+ }
+
+ return replace_macros(get_markup_template('fileas_widget.tpl'),array(
+ '$title' => t('File Selections'),
+ '$desc' => '',
+ '$sel_all' => (($selected == '') ? 'selected' : ''),
+ '$all' => t('Everything'),
+ '$terms' => $terms,
+ '$base' => $baseurl,
+
+ ));
+}
diff --git a/include/conversation.php b/include/conversation.php
index 526c6ea005..88ecf502b2 100755
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -186,6 +186,8 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
require_once('bbcode.php');
+ $ssl_state = ((local_user()) ? true : false);
+
$profile_owner = 0;
$page_writeable = false;
@@ -345,7 +347,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
'like' => '',
'dislike' => '',
'comment' => '',
- 'conv' => (($preview) ? '' : array('href'=> $a->get_baseurl() . '/display/' . $nickname . '/' . $item['id'], 'title'=> t('View in context'))),
+ 'conv' => (($preview) ? '' : array('href'=> $a->get_baseurl($ssl_state) . '/display/' . $nickname . '/' . $item['id'], 'title'=> t('View in context'))),
'previewing' => $previewing,
'wait' => t('Please wait'),
);
@@ -375,7 +377,8 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
$comments[$item['parent']] = 1;
else
$comments[$item['parent']] += 1;
- }
+ } elseif(! x($comments,$item['parent']))
+ $comments[$item['parent']] = 0; // avoid notices later on
}
// map all the like/dislike activities for each parent item
@@ -460,7 +463,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
$comment_lastcollapsed = true;
}
- $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ;
+ $redirect_url = $a->get_baseurl($ssl_state) . '/redir/' . $item['cid'] ;
$lock = ((($item['private']) || (($item['uid'] == local_user()) && (strlen($item['allow_cid']) || strlen($item['allow_gid'])
|| strlen($item['deny_cid']) || strlen($item['deny_gid']))))
@@ -542,7 +545,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
}
$edpost = (((($profile_owner == local_user()) && ($toplevelpost) && (intval($item['wall']) == 1)) || ($mode === 'notes'))
- ? array($a->get_baseurl()."/editpost/".$item['id'], t("Edit"))
+ ? array($a->get_baseurl($ssl_state)."/editpost/".$item['id'], t("Edit"))
: False);
@@ -559,24 +562,28 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
);
$star = false;
+ $filer = false;
+
$isstarred = "unstarred";
- if ($profile_owner == local_user() && $toplevelpost) {
- $isstarred = (($item['starred']) ? "starred" : "unstarred");
+ if ($profile_owner == local_user()) {
+ if($toplevelpost) {
+ $isstarred = (($item['starred']) ? "starred" : "unstarred");
- $star = array(
- 'do' => t("add star"),
- 'undo' => t("remove star"),
- 'toggle' => t("toggle star status"),
- 'classdo' => (($item['starred']) ? "hidden" : ""),
- 'classundo' => (($item['starred']) ? "" : "hidden"),
- 'starred' => t('starred'),
- 'tagger' => t("add tag"),
- 'classtagger' => "",
- );
+ $star = array(
+ 'do' => t("add star"),
+ 'undo' => t("remove star"),
+ 'toggle' => t("toggle star status"),
+ 'classdo' => (($item['starred']) ? "hidden" : ""),
+ 'classundo' => (($item['starred']) ? "" : "hidden"),
+ 'starred' => t('starred'),
+ 'tagger' => t("add tag"),
+ 'classtagger' => "",
+ );
+ }
+ $filer = t("file as");
}
-
$photo = $item['photo'];
$thumb = $item['thumb'];
@@ -670,6 +677,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
'edpost' => $edpost,
'isstarred' => $isstarred,
'star' => $star,
+ 'filer' => $filer,
'drop' => $drop,
'vote' => $likebuttons,
'like' => $like,
@@ -691,7 +699,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
$page_template = get_markup_template("conversation.tpl");
$o .= replace_macros($page_template, array(
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl($ssl_state),
'$mode' => $mode,
'$user' => $a->user,
'$threads' => $threads,
@@ -701,7 +709,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
return $o;
}}
-function best_link_url($item,&$sparkle) {
+function best_link_url($item,&$sparkle,$ssl_state = false) {
$a = get_app();
@@ -713,7 +721,7 @@ function best_link_url($item,&$sparkle) {
if((local_user()) && (local_user() == $item['uid'])) {
if(isset($a->contacts) && x($a->contacts,$clean_url)) {
if($a->contacts[$clean_url]['network'] === NETWORK_DFRN) {
- $best_url = $a->get_baseurl() . '/redir/' . $a->contacts[$clean_url]['id'];
+ $best_url = $a->get_baseurl($ssl_state) . '/redir/' . $a->contacts[$clean_url]['id'];
$sparkle = true;
}
else
@@ -734,10 +742,14 @@ function best_link_url($item,&$sparkle) {
if(! function_exists('item_photo_menu')){
function item_photo_menu($item){
$a = get_app();
-
- if (local_user() && (! count($a->contacts)))
- load_contact_links(local_user());
+ $ssl_state = false;
+
+ if(local_user()) {
+ $ssl_state = true;
+ if(! count($a->contacts))
+ load_contact_links(local_user());
+ }
$contact_url="";
$pm_url="";
$status_link="";
@@ -745,7 +757,7 @@ function item_photo_menu($item){
$posts_link="";
$sparkle = false;
- $profile_link = best_link_url($item,$sparkle);
+ $profile_link = best_link_url($item,$sparkle,$ssl_state);
if($profile_link === 'mailbox')
$profile_link = '';
@@ -754,7 +766,7 @@ function item_photo_menu($item){
$status_link = $profile_link . "?url=status";
$photos_link = $profile_link . "?url=photos";
$profile_link = $profile_link . "?url=profile";
- $pm_url = $a->get_baseurl() . '/message/new/' . $cid;
+ $pm_url = $a->get_baseurl($ssl_state) . '/message/new/' . $cid;
}
else {
if(local_user() && local_user() == $item['uid'] && link_compare($item['url'],$item['author-link'])) {
@@ -765,8 +777,8 @@ function item_photo_menu($item){
}
}
if(($cid) && (! $item['self'])) {
- $contact_url = $a->get_baseurl() . '/contacts/' . $cid;
- $posts_link = $a->get_baseurl() . '/network/?cid=' . $cid;
+ $contact_url = $a->get_baseurl($ssl_state) . '/contacts/' . $cid;
+ $posts_link = $a->get_baseurl($ssl_state) . '/network/?cid=' . $cid;
}
$menu = Array(
@@ -802,7 +814,7 @@ function like_puller($a,$item,&$arr,$mode) {
if((activity_match($item['verb'],$verb)) && ($item['id'] != $item['parent'])) {
$url = $item['author-link'];
if((local_user()) && (local_user() == $item['uid']) && ($item['network'] === 'dfrn') && (! $item['self']) && (link_compare($item['author-link'],$item['url']))) {
- $url = $a->get_baseurl() . '/redir/' . $item['contact-id'];
+ $url = $a->get_baseurl(true) . '/redir/' . $item['contact-id'];
$sparkle = ' class="sparkle" ';
}
if(! ((isset($arr[$item['parent'] . '-l'])) && (is_array($arr[$item['parent'] . '-l']))))
@@ -864,7 +876,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
$a->page['htmlhead'] .= replace_macros($tpl, array(
'$newpost' => 'true',
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'),
'$geotag' => $geotag,
'$nickname' => $x['nickname'],
@@ -873,6 +885,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
'$vidurl' => t("Please enter a video link/URL:"),
'$audurl' => t("Please enter an audio link/URL:"),
'$term' => t('Tag term:'),
+ '$fileas' => t('File as:'),
'$whereareu' => t('Where are you right now?'),
'$title' => t('Enter a title for this item')
));
@@ -914,8 +927,8 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
$o .= replace_macros($tpl,array(
'$return_path' => $a->cmd,
- '$action' => $a->get_baseurl().'/item',
- '$share' => (($x['button']) ? $x['button'] : t('Share')),
+ '$action' => $a->get_baseurl(true) . '/item',
+ '$share' => (x($x,'button') ? $x['button'] : t('Share')),
'$upload' => t('Upload photo'),
'$shortupload' => t('upload photo'),
'$attach' => t('Attach file'),
@@ -938,7 +951,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
'$ptyp' => (($notes_cid) ? 'note' : 'wall'),
'$content' => '',
'$post_id' => '',
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$defloc' => $x['default_location'],
'$visitor' => $x['visitor'],
'$pvisit' => (($notes_cid) ? 'none' : $x['visitor']),
@@ -980,8 +993,8 @@ function conv_sort($arr,$order) {
usort($parents,'sort_thr_commented');
if(count($parents))
- foreach($parents as $x)
- $x['children'] = array();
+ foreach($parents as $i=>$_x)
+ $parents[$i]['children'] = array();
foreach($arr as $x) {
if($x['id'] != $x['parent']) {
diff --git a/include/event.php b/include/event.php
index 4a9a9a0041..29202baddf 100755
--- a/include/event.php
+++ b/include/event.php
@@ -163,7 +163,7 @@ function bbtoevent($s) {
if(preg_match("/\[event\-adjust\](.*?)\[\/event\-adjust\]/is",$s,$match))
$ev['adjust'] = $match[1];
$match = '';
- $ev['nofinish'] = (($ev['start'] && (!x($ev, 'finish') || !$ev['finish'])) ? 1 : 0);
+ $ev['nofinish'] = (((x($ev, 'start') && $ev['start']) && (!x($ev, 'finish') || !$ev['finish'])) ? 1 : 0);
return $ev;
}
diff --git a/include/items.php b/include/items.php
index 1a7aa6c460..4b1523ff65 100755
--- a/include/items.php
+++ b/include/items.php
@@ -682,7 +682,7 @@ function item_store($arr,$force_parent = false) {
unset($arr['dsprsig']);
}
- if($arr['gravity'])
+ if(x($arr, 'gravity'))
$arr['gravity'] = intval($arr['gravity']);
elseif($arr['parent-uri'] === $arr['uri'])
$arr['gravity'] = 0;
@@ -742,6 +742,7 @@ function item_store($arr,$force_parent = false) {
if($arr['parent-uri'] === $arr['uri']) {
$parent_id = 0;
+ $parent_deleted = 0;
$allow_cid = $arr['allow_cid'];
$allow_gid = $arr['allow_gid'];
$deny_cid = $arr['deny_cid'];
@@ -800,6 +801,8 @@ function item_store($arr,$force_parent = false) {
logger('item_store: item parent was not found - ignoring item');
return 0;
}
+
+ $parent_deleted = 0;
}
}
@@ -1043,6 +1046,21 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
if(! $rino_enable)
$rino = 0;
+ $ssl_val = intval(get_config('system','ssl_policy'));
+ $ssl_policy = '';
+ switch($ssl_val){
+ case SSL_POLICY_FULL:
+ $ssl_policy = 'full';
+ break;
+ case SSL_POLICY_SELFSIGN:
+ $ssl_policy = 'self';
+ break;
+ case SSL_POLICY_NONE:
+ default:
+ $ssl_policy = 'none';
+ break;
+ }
+
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
logger('dfrn_deliver: ' . $url);
@@ -1115,6 +1133,8 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$postvars['perm'] = 'r';
}
+ $postvars['ssl_policy'] = $ssl_policy;
+
if($rino && $rino_allowed && (! $dissolve)) {
$key = substr(random_string(),0,16);
$data = bin2hex(aes_encrypt($postvars['data'],$key));
diff --git a/include/nav.php b/include/nav.php
index aadfa82fd8..e280818399 100755
--- a/include/nav.php
+++ b/include/nav.php
@@ -8,6 +8,8 @@ function nav(&$a) {
*
*/
+ $ssl_state = ((local_user()) ? true : false);
+
if(!(x($a->page,'nav')))
$a->page['nav'] = '';
@@ -27,7 +29,7 @@ function nav(&$a) {
$myident = ((is_array($a->user) && isset($a->user['nickname'])) ? $a->user['nickname'] . '@' : '');
- $sitelocation = $myident . substr($a->get_baseurl(),strpos($a->get_baseurl(),'//') + 2 );
+ $sitelocation = $myident . substr($a->get_baseurl($ssl_state),strpos($a->get_baseurl($ssl_state),'//') + 2 );
// nav links: array of array('href', 'text', 'extra css classes', 'title')
@@ -53,7 +55,7 @@ function nav(&$a) {
// user info
$r = q("SELECT micro FROM contact WHERE uid=%d AND self=1", intval($a->user['uid']));
$userinfo = array(
- 'icon' => (count($r) ? $r[0]['micro']: $a->get_baseurl()."/images/default-profile-mm.jpg"),
+ 'icon' => (count($r) ? $r[0]['micro']: $a->get_baseurl($ssl_state)."/images/default-profile-mm.jpg"),
'name' => $a->user['username'],
);
@@ -76,7 +78,7 @@ function nav(&$a) {
if(($a->config['register_policy'] == REGISTER_OPEN) && (! local_user()) && (! remote_user()))
$nav['register'] = array('register',t('Register'), "", t('Create an account'));
- $help_url = $a->get_baseurl() . '/help';
+ $help_url = $a->get_baseurl($ssl_state) . '/help';
if(! get_config('system','hide_help'))
$nav['help'] = array($help_url, t('Help'), "", t('Help and documentation'));
diff --git a/include/oembed.php b/include/oembed.php
index 5c3c595f57..cc71f9757c 100755
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -1,6 +1,6 @@
embedurl;
- $jhtml = oembed_iframe($j->embedurl,$j->width,$j->height );
+ $jhtml = oembed_iframe($j->embedurl,(isset($j->width) ? $j->width : null), (isset($j->height) ? $j->height : null) );
$ret="";
switch ($j->type) {
case "video": {
diff --git a/include/security.php b/include/security.php
index 8c536b656a..6ea515bffe 100755
--- a/include/security.php
+++ b/include/security.php
@@ -288,3 +288,49 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
}
+/*
+ * Functions used to protect against Cross-Site Request Forgery
+ * The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key.
+ * In this implementation, a security token is reusable (if the user submits a form, goes back and resubmits the form, maybe with small changes;
+ * or if the security token is used for ajax-calls that happen several times), but only valid for a certain amout of time (3hours).
+ * The "typename" seperates the security tokens of different types of forms. This could be relevant in the following case:
+ * A security token is used to protekt a link from CSRF (e.g. the "delete this profile"-link).
+ * If the new page contains by any chance external elements, then the used security token is exposed by the referrer.
+ * Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are,
+ * so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
+ */
+function get_form_security_token($typename = "") {
+ $a = get_app();
+
+ $timestamp = time();
+ $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $timestamp . $typename);
+
+ return $timestamp . "." . $sec_hash;
+}
+
+function check_form_security_token($typename = "", $formname = 'form_security_token') {
+ if (!x($_REQUEST, $formname)) return false;
+ $hash = $_REQUEST[$formname];
+
+ $max_livetime = 10800; // 3 hours
+
+ $a = get_app();
+
+ $x = explode(".", $hash);
+ if (time() > (IntVal($x[0]) + $max_livetime)) return false;
+
+ $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $x[0] . $typename);
+
+ return ($sec_hash == $x[1]);
+}
+
+function check_form_security_std_err_msg() {
+ return t('The form security token was not correct. This probably happened because the form has been opened for too long (>3 hours) before subitting it.') . EOL;
+}
+function check_form_security_token_redirectOnErr($err_redirect, $typename = "", $formname = 'form_security_token') {
+ if (!check_form_security_token($typename, $formname)) {
+ $a = get_app();
+ notice( check_form_security_std_err_msg() );
+ goaway($a->get_baseurl() . $err_redirect );
+ }
+}
diff --git a/include/template_processor.php b/include/template_processor.php
index 8671587fc4..7f7b0b55bd 100755
--- a/include/template_processor.php
+++ b/include/template_processor.php
@@ -80,8 +80,13 @@
*/
private function _replcb_for($args){
$m = array_map('trim', explode(" as ", $args[2]));
- list($keyname, $varname) = explode("=>",$m[1]);
- if (is_null($varname)) { $varname=$keyname; $keyname=""; }
+ $x = explode("=>",$m[1]);
+ if (count($x) == 1) {
+ $varname = $x[0];
+ $keyname = "";
+ } else {
+ list($keyname, $varname) = $x;
+ }
if ($m[0]=="" || $varname=="" || is_null($varname)) die("template error: 'for ".$m[0]." as ".$varname."'") ;
//$vals = $this->r[$m[0]];
$vals = $this->_get_var($m[0]);
diff --git a/include/text.php b/include/text.php
index 08c5a54246..d34fd7fbee 100644
--- a/include/text.php
+++ b/include/text.php
@@ -874,6 +874,7 @@ function link_compare($a,$b) {
if(! function_exists('prepare_body')) {
function prepare_body($item,$attach = false) {
+ $a = get_app();
call_hooks('prepare_body_init', $item);
$cache = get_config('system','itemcache');
@@ -926,6 +927,33 @@ function prepare_body($item,$attach = false) {
}
$s .= '
';
}
+ $matches = false;
+ $cnt = preg_match_all('/<(.*?)>/',$item['file'],$matches,PREG_SET_ORDER);
+ if($cnt) {
+// logger('prepare_text: categories: ' . print_r($matches,true), LOGGER_DEBUG);
+ foreach($matches as $mtch) {
+ if(strlen($x))
+ $x .= ',';
+ $x .= file_tag_decode($mtch[1]);
+ }
+ if(strlen($x))
+ $s .= '' . t('Categories:') . ' ' . $x . '
';
+
+
+ }
+ $matches = false;
+ $x = '';
+ $cnt = preg_match_all('/\[(.*?)\]/',$item['file'],$matches,PREG_SET_ORDER);
+ if($cnt) {
+// logger('prepare_text: filed_under: ' . print_r($matches,true), LOGGER_DEBUG);
+ foreach($matches as $mtch) {
+ if(strlen($x))
+ $x .= ' ';
+ $x .= file_tag_decode($mtch[1]). ' ' . t('[remove]') . ' ';
+ }
+ if(strlen($x) && (local_user() == $item['uid']))
+ $s .= '' . t('Filed under:') . ' ' . $x . '
';
+ }
$prep_arr = array('item' => $item, 'html' => $s);
call_hooks('prepare_body_final', $prep_arr);
@@ -1248,4 +1276,77 @@ function item_post_type($item) {
return t('post');
}
+// post categories and "save to file" use the same item.file table for storage.
+// We will differentiate the different uses by wrapping categories in angle brackets
+// and save to file categories in square brackets.
+// To do this we need to escape these characters if they appear in our tag.
+
+function file_tag_encode($s) {
+ return str_replace(array('<','>','[',']'),array('%3c','%3e','%5b','%5d'),$s);
+}
+
+function file_tag_decode($s) {
+ return str_replace(array('%3c','%3e','%5b','%5d'),array('<','>','[',']'),$s);
+}
+
+function file_tag_file_query($table,$s,$type = 'file') {
+ if($type == 'file')
+ $str = preg_quote( '[' . file_tag_encode($s) . ']' );
+ else
+ $str = preg_quote( '<' . file_tag_encode($s) . '>' );
+ return " AND " . (($table) ? dbesc($table) . '.' : '') . "file regexp '" . dbesc($str) . "' ";
+}
+
+function file_tag_save_file($uid,$item,$file) {
+ $result = false;
+ if(! intval($uid))
+ return false;
+ $r = q("select file from item where id = %d and uid = %d limit 1",
+ intval($item),
+ intval($uid)
+ );
+ if(count($r)) {
+ if(! stristr($r[0]['file'],'[' . file_tag_encode($file) . ']'))
+ q("update item set file = '%s' where id = %d and uid = %d limit 1",
+ dbesc($r[0]['file'] . '[' . file_tag_encode($file) . ']'),
+ intval($item),
+ intval($uid)
+ );
+ $saved = get_pconfig($uid,'system','filetags');
+ if((! strlen($saved)) || (! stristr($saved,'[' . file_tag_encode($file) . ']')))
+ set_pconfig($uid,'system','filetags',$saved . '[' . file_tag_encode($file) . ']');
+ }
+ return true;
+}
+
+function file_tag_unsave_file($uid,$item,$file) {
+ $result = false;
+ if(! intval($uid))
+ return false;
+
+ $pattern = '[' . file_tag_encode($file) . ']' ;
+
+ $r = q("select file from item where id = %d and uid = %d limit 1",
+ intval($item),
+ intval($uid)
+ );
+ if(! count($r))
+ return false;
+
+ q("update item set file = '%s' where id = %d and uid = %d limit 1",
+ dbesc(str_replace($pattern,'',$r[0]['file'])),
+ intval($item),
+ intval($uid)
+ );
+
+ $r = q("select file from item where uid = %d " . file_tag_file_query('item',$file),
+ intval($uid)
+ );
+
+ if(! count($r)) {
+ $saved = get_pconfig($uid,'system','filetags');
+ set_pconfig($uid,'system','filetags',str_replace($pattern,'',$saved));
+ }
+ return true;
+}
diff --git a/library/tinymce/jscripts/tiny_mce/plugins/bbcode/editor_plugin_src.js b/library/tinymce/jscripts/tiny_mce/plugins/bbcode/editor_plugin_src.js
index 44d1473a99..183f2bc68d 100755
--- a/library/tinymce/jscripts/tiny_mce/plugins/bbcode/editor_plugin_src.js
+++ b/library/tinymce/jscripts/tiny_mce/plugins/bbcode/editor_plugin_src.js
@@ -44,61 +44,79 @@
_dfrn_html2bbcode : function(s) {
s = tinymce.trim(s);
- function rep(re, str) {
-
- //modify code to keep stuff intact within [code][/code] blocks
- //Waitman Gobble NO WARRANTY
-
-
- var o = new Array();
- var x = s.split("[code]");
- var i = 0;
-
- var si = "";
- si = x.shift();
- si = si.replace(re,str);
- o.push(si);
-
- for (i = 0; i < x.length; i++) {
- var no = new Array();
- var j = x.shift();
- var g = j.split("[/code]");
- no.push(g.shift());
- si = g.shift();
- si = si.replace(re,str);
- no.push(si);
- o.push(no.join("[/code]"));
- }
-
- s = o.join("[code]");
-
- };
-
-
-
-
- /* oembed */
- function _h2b_cb(match) {
- function s_h2b(data) {
- match = data;
+ function rep(re, str) {
+
+ //modify code to keep stuff intact within [code][/code] blocks
+ //Waitman Gobble NO WARRANTY
+
+
+ var o = new Array();
+ var x = s.split("[code]");
+ var i = 0;
+
+ var si = "";
+ si = x.shift();
+ si = si.replace(re,str);
+ o.push(si);
+
+ for (i = 0; i < x.length; i++) {
+ var no = new Array();
+ var j = x.shift();
+ var g = j.split("[/code]");
+ no.push(g.shift());
+ si = g.shift();
+ si = si.replace(re,str);
+ no.push(si);
+ o.push(no.join("[/code]"));
+ }
+
+ s = o.join("[code]");
+
+ };
+
+
+
+
+ /* oembed */
+ function _h2b_cb(match) {
+ /*
+ function s_h2b(data) {
+ match = data;
}
$.ajax({
- type:"POST",
+ type:"POST",
url: 'oembed/h2b',
- data: {text: match},
- async: false,
- success: s_h2b,
- dataType: 'html'
- });
- return match;
- }
+ data: {text: match},
+ async: false,
+ success: s_h2b,
+ dataType: 'html'
+ });
+ */
+
+ var f, g, tof = [], tor = [];
+ var find_spanc = /]*class *= *[\"'](?:[^\"']* )*oembed(?: [^\"']*)*[\"'][^>]*>(.*?(?:]*>(.*?)<\/span *>)*.*?)<\/span *>/ig;
+ while (f = find_spanc.exec(match)) {
+ var find_a = /]* rel=[\"']oembed[\"'][^>]*)>.*?<\/a *>/ig;
+ if (g = find_a.exec(f[1])) {
+ var find_href = /href=[\"']([^\"']*)[\"']/ig;
+ var m2 = find_href.exec(g[1]);
+ if (m2[1]) {
+ tof.push(f[0]);
+ tor.push("[EMBED]" + m2[1] + "[/EMBED]");
+ }
+ }
+ }
+ for (var i = 0; i < tof.length; i++) match = match.replace(tof[i], tor[i]);
+
+ return match;
+ }
if (s.indexOf('class="oembed')>=0){
//alert("request oembed html2bbcode");
s = _h2b_cb(s);
}
-
- /* /oembed */
-
+
+ /* /oembed */
+
// example: to [b]
rep(/(.*?)<\/a>/gi,"[bookmark=$1]$2[/bookmark]");
@@ -111,16 +129,16 @@
rep(/ /gi,"[img=$3x$2]$1[/img]");
rep(/ /gi,"[img=$2x$3]$1[/img]");
rep(/ /gi,"[img]$1[/img]");
-
- rep(/(.*?)<\/ul>/gi,"[list]$1[/list]");
- rep(/(.*?)<\/ul>/gi,"[list=]$1[/list]");
- rep(/(.*?)<\/ul>/gi,"[list=1]$1[/list]");
- rep(/(.*?)<\/ul>/gi,"[list=i]$1[/list]");
- rep(/(.*?)<\/ul>/gi,"[list=I]$1[/list]");
- rep(/(.*?)<\/ul>/gi,"[list=a]$1[/list]");
- rep(/(.*?)<\/ul>/gi,"[list=A]$1[/list]");
- rep(/(.*?)<\/li>/gi,'[li]$1[/li]');
-
+
+ rep(/(.*?)<\/ul>/gi,"[list]$1[/list]");
+ rep(/(.*?)<\/ul>/gi,"[list=]$1[/list]");
+ rep(/(.*?)<\/ul>/gi,"[list=1]$1[/list]");
+ rep(/(.*?)<\/ul>/gi,"[list=i]$1[/list]");
+ rep(/(.*?)<\/ul>/gi,"[list=I]$1[/list]");
+ rep(/(.*?)<\/ul>/gi,"[list=a]$1[/list]");
+ rep(/(.*?)<\/ul>/gi,"[list=A]$1[/list]");
+ rep(/(.*?)<\/li>/gi,'[li]$1[/li]');
+
rep(/(.*?)<\/code>/gi,"[code]$1[/code]");
rep(/<\/(strong|b)>/gi,"[/b]");
rep(/<(strong|b)>/gi,"[b]");
@@ -149,42 +167,42 @@
// BBCode -> HTML from DFRN dialect
_dfrn_bbcode2html : function(s) {
s = tinymce.trim(s);
-
-
- function rep(re, str) {
-
- //modify code to keep stuff intact within [code][/code] blocks
- //Waitman Gobble NO WARRANTY
-
-
- var o = new Array();
- var x = s.split("[code]");
- var i = 0;
-
- var si = "";
- si = x.shift();
- si = si.replace(re,str);
- o.push(si);
-
- for (i = 0; i < x.length; i++) {
- var no = new Array();
- var j = x.shift();
- var g = j.split("[/code]");
- no.push(g.shift());
- si = g.shift();
- si = si.replace(re,str);
- no.push(si);
- o.push(no.join("[/code]"));
- }
-
- s = o.join("[code]");
-
- };
-
-
-
-
-
+
+
+ function rep(re, str) {
+
+ //modify code to keep stuff intact within [code][/code] blocks
+ //Waitman Gobble NO WARRANTY
+
+
+ var o = new Array();
+ var x = s.split("[code]");
+ var i = 0;
+
+ var si = "";
+ si = x.shift();
+ si = si.replace(re,str);
+ o.push(si);
+
+ for (i = 0; i < x.length; i++) {
+ var no = new Array();
+ var j = x.shift();
+ var g = j.split("[/code]");
+ no.push(g.shift());
+ si = g.shift();
+ si = si.replace(re,str);
+ no.push(si);
+ o.push(no.join("[/code]"));
+ }
+
+ s = o.join("[code]");
+
+ };
+
+
+
+
+
// example: [b] to
rep(/\n/gi," ");
rep(/\[b\]/gi,"");
@@ -193,43 +211,43 @@
rep(/\[\/i\]/gi,"");
rep(/\[u\]/gi,"");
rep(/\[\/u\]/gi," ");
- rep(/\[hr\]/gi," ");
+ rep(/\[hr\]/gi," ");
rep(/\[bookmark=([^\]]+)\](.*?)\[\/bookmark\]/gi,"$2 ");
rep(/\[url=([^\]]+)\](.*?)\[\/url\]/gi,"$2 ");
rep(/\[url\](.*?)\[\/url\]/gi,"$1 ");
rep(/\[img=(.*?)x(.*?)\](.*?)\[\/img\]/gi," ");
rep(/\[img\](.*?)\[\/img\]/gi," ");
-
- rep(/\[list\](.*?)\[\/list\]/gi, '');
- rep(/\[list=\](.*?)\[\/list\]/gi, '');
- rep(/\[list=1\](.*?)\[\/list\]/gi, '');
- rep(/\[list=i\](.*?)\[\/list\]/gi,'');
- rep(/\[list=I\](.*?)\[\/list\]/gi, '');
- rep(/\[list=a\](.*?)\[\/list\]/gi, '');
- rep(/\[list=A\](.*?)\[\/list\]/gi, '');
- rep(/\[li\](.*?)\[\/li\]/gi, '$1 ');
+
+ rep(/\[list\](.*?)\[\/list\]/gi, '');
+ rep(/\[list=\](.*?)\[\/list\]/gi, '');
+ rep(/\[list=1\](.*?)\[\/list\]/gi, '');
+ rep(/\[list=i\](.*?)\[\/list\]/gi,'');
+ rep(/\[list=I\](.*?)\[\/list\]/gi, '');
+ rep(/\[list=a\](.*?)\[\/list\]/gi, '');
+ rep(/\[list=A\](.*?)\[\/list\]/gi, '');
+ rep(/\[li\](.*?)\[\/li\]/gi, '$1 ');
rep(/\[color=(.*?)\](.*?)\[\/color\]/gi,"$2 ");
rep(/\[size=(.*?)\](.*?)\[\/size\]/gi,"$2 ");
rep(/\[code\](.*?)\[\/code\]/gi,"$1
");
rep(/\[quote.*?\](.*?)\[\/quote\]/gi,"$1 ");
-
- /* oembed */
- function _b2h_cb(match, url) {
- url = bin2hex(url);
- function s_b2h(data) {
- match = data;
- }
- $.ajax({
- url: 'oembed/b2h?url=' + url,
- async: false,
- success: s_b2h,
- dataType: 'html'
- });
- return match;
- }
- s = s.replace(/\[embed\](.*?)\[\/embed\]/gi, _b2h_cb);
-
- /* /oembed */
+
+ /* oembed */
+ function _b2h_cb(match, url) {
+ url = bin2hex(url);
+ function s_b2h(data) {
+ match = data;
+ }
+ $.ajax({
+ url: 'oembed/b2h?url=' + url,
+ async: false,
+ success: s_b2h,
+ dataType: 'html'
+ });
+ return match;
+ }
+ s = s.replace(/\[embed\](.*?)\[\/embed\]/gi, _b2h_cb);
+
+ /* /oembed */
return s;
}
diff --git a/mod/admin.php b/mod/admin.php
index 93714bb5f9..88ccad6d3e 100755
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -37,7 +37,7 @@ function admin_post(&$a){
$func($a);
}
}
- goaway($a->get_baseurl() . '/admin/plugins/' . $a->argv[2] );
+ goaway($a->get_baseurl(true) . '/admin/plugins/' . $a->argv[2] );
return; // NOTREACHED
break;
case 'logs':
@@ -49,7 +49,7 @@ function admin_post(&$a){
}
}
- goaway($a->get_baseurl() . '/admin' );
+ goaway($a->get_baseurl(true) . '/admin' );
return; // NOTREACHED
}
@@ -68,11 +68,11 @@ function admin_content(&$a) {
// array( url, name, extra css classes )
$aside = Array(
- 'site' => Array($a->get_baseurl()."/admin/site/", t("Site") , "site"),
- 'users' => Array($a->get_baseurl()."/admin/users/", t("Users") , "users"),
- 'plugins'=> Array($a->get_baseurl()."/admin/plugins/", t("Plugins") , "plugins"),
- 'themes' => Array($a->get_baseurl()."/admin/themes/", t("Themes") , "themes"),
- 'update' => Array($a->get_baseurl()."/admin/update/", t("Update") , "update")
+ 'site' => Array($a->get_baseurl(true)."/admin/site/", t("Site") , "site"),
+ 'users' => Array($a->get_baseurl(true)."/admin/users/", t("Users") , "users"),
+ 'plugins'=> Array($a->get_baseurl(true)."/admin/plugins/", t("Plugins") , "plugins"),
+ 'themes' => Array($a->get_baseurl(true)."/admin/themes/", t("Themes") , "themes"),
+ 'update' => Array($a->get_baseurl(true)."/admin/update/", t("Update") , "update")
);
/* get plugins admin page */
@@ -81,18 +81,18 @@ function admin_content(&$a) {
$aside['plugins_admin']=Array();
foreach ($r as $h){
$plugin =$h['name'];
- $aside['plugins_admin'][] = Array($a->get_baseurl()."/admin/plugins/".$plugin, $plugin, "plugin");
+ $aside['plugins_admin'][] = Array($a->get_baseurl(true)."/admin/plugins/".$plugin, $plugin, "plugin");
// temp plugins with admin
$a->plugins_admin[] = $plugin;
}
- $aside['logs'] = Array($a->get_baseurl()."/admin/logs/", t("Logs"), "logs");
+ $aside['logs'] = Array($a->get_baseurl(true)."/admin/logs/", t("Logs"), "logs");
$t = get_markup_template("admin_aside.tpl");
$a->page['aside'] = replace_macros( $t, array(
'$admin' => $aside,
'$h_pending' => t('User registrations waiting for confirmation'),
- '$admurl'=> $a->get_baseurl()."/admin/"
+ '$admurl'=> $a->get_baseurl(true)."/admin/"
));
@@ -151,11 +151,7 @@ function admin_page_summary(&$a) {
$r = q("SELECT COUNT(id) as `count` FROM `register`");
$pending = $r[0]['count'];
-
-
-
-
-
+
$t = get_markup_template("admin_summary.tpl");
return replace_macros($t, array(
'$title' => t('Administration'),
@@ -210,7 +206,7 @@ function admin_page_site_post(&$a){
$dfrn_only = ((x($_POST,'dfrn_only')) ? True : False);
$ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False);
$diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False);
-
+ $ssl_policy = ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0);
set_config('config','sitename',$sitename);
if ($banner==""){
@@ -222,6 +218,7 @@ function admin_page_site_post(&$a){
} else {
set_config('system','banner', $banner);
}
+ set_config('system','ssl_policy',$ssl_policy);
set_config('system','language', $language);
set_config('system','theme', $theme);
set_config('system','maximagesize', $maximagesize);
@@ -258,7 +255,7 @@ function admin_page_site_post(&$a){
set_config('system','diaspora_enabled', $diaspora_enabled);
info( t('Site settings updated.') . EOL);
- goaway($a->get_baseurl() . '/admin/site' );
+ goaway($a->get_baseurl(true) . '/admin/site' );
return; // NOTREACHED
}
@@ -305,6 +302,12 @@ function admin_page_site(&$a) {
REGISTER_APPROVE => t("Requires approval"),
REGISTER_OPEN => t("Open")
);
+
+ $ssl_choices = array(
+ SSL_POLICY_NONE => t("No SSL policy, links will track page SSL state"),
+ SSL_POLICY_FULL => t("Force all links to use SSL"),
+ SSL_POLICY_SELFSIGN => t("Self-signed certificate, use SSL for local links only (discouraged)")
+ );
$t = get_markup_template("admin_site.tpl");
return replace_macros($t, array(
@@ -316,13 +319,13 @@ function admin_page_site(&$a) {
'$corporate' => t('Policies'),
'$advanced' => t('Advanced'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
// name, label, value, help string, extra data...
'$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), ""),
'$banner' => array('banner', t("Banner/Logo"), $banner, ""),
'$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices),
'$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices),
-
+ '$ssl_policy' => array('ssl_policy', t("SSL link policy"), get_config('system','ssl_policy'), t("Determines whether generated links should be forced to use SSL"), $ssl_choices),
'$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
'$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices),
@@ -389,7 +392,7 @@ function admin_page_users_post(&$a){
user_deny($hash);
}
}
- goaway($a->get_baseurl() . '/admin/users' );
+ goaway($a->get_baseurl(true) . '/admin/users' );
return; // NOTREACHED
}
@@ -399,7 +402,7 @@ function admin_page_users(&$a){
$user = q("SELECT * FROM `user` WHERE `uid`=%d", intval($uid));
if (count($user)==0){
notice( 'User not found' . EOL);
- goaway($a->get_baseurl() . '/admin/users' );
+ goaway($a->get_baseurl(true) . '/admin/users' );
return; // NOTREACHED
}
switch($a->argv[2]){
@@ -418,7 +421,7 @@ function admin_page_users(&$a){
notice( sprintf( ($user[0]['blocked']?t("User '%s' unblocked"):t("User '%s' blocked")) , $user[0]['username']) . EOL);
}; break;
}
- goaway($a->get_baseurl() . '/admin/users' );
+ goaway($a->get_baseurl(true) . '/admin/users' );
return; // NOTREACHED
}
@@ -497,7 +500,7 @@ function admin_page_users(&$a){
// values //
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$pending' => $pending,
'$users' => $users,
@@ -536,7 +539,7 @@ function admin_page_plugins(&$a){
info( sprintf( t("Plugin %s enabled."), $plugin ) );
}
set_config("system","addon", implode(", ",$a->plugins));
- goaway($a->get_baseurl() . '/admin/plugins' );
+ goaway($a->get_baseurl(true) . '/admin/plugins' );
return; // NOTREACHED
}
// display plugin details
@@ -569,7 +572,7 @@ function admin_page_plugins(&$a){
'$page' => t('Plugins'),
'$toggle' => t('Toggle'),
'$settings' => t('Settings'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$plugin' => $plugin,
'$status' => $status,
@@ -607,7 +610,7 @@ function admin_page_plugins(&$a){
'$title' => t('Administration'),
'$page' => t('Plugins'),
'$submit' => t('Submit'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$function' => 'plugins',
'$plugins' => $plugins
));
@@ -713,7 +716,7 @@ function admin_page_themes(&$a){
info( sprintf('Theme %s disabled.',$theme));
set_config('system','allowed_themes',$s);
- goaway($a->get_baseurl() . '/admin/themes' );
+ goaway($a->get_baseurl(true) . '/admin/themes' );
return; // NOTREACHED
}
@@ -742,7 +745,7 @@ function admin_page_themes(&$a){
'$page' => t('Themes'),
'$toggle' => t('Toggle'),
'$settings' => t('Settings'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$plugin' => $theme,
'$status' => $status,
@@ -774,7 +777,7 @@ function admin_page_themes(&$a){
'$title' => t('Administration'),
'$page' => t('Themes'),
'$submit' => t('Submit'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$function' => 'themes',
'$plugins' => $xthemes,
'$experimental' => t('[Experimental]'),
@@ -802,7 +805,7 @@ function admin_page_logs_post(&$a) {
}
info( t("Log settings updated.") );
- goaway($a->get_baseurl() . '/admin/logs' );
+ goaway($a->get_baseurl(true) . '/admin/logs' );
return; // NOTREACHED
}
@@ -856,7 +859,7 @@ readable.");
'$submit' => t('Submit'),
'$clear' => t('Clear'),
'$data' => $data,
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$logname' => get_config('system','logfile'),
// name, label, value, help string, extra data...
@@ -901,7 +904,7 @@ function admin_page_remoteupdate(&$a) {
$tpl = get_markup_template("admin_remoteupdate.tpl");
return replace_macros($tpl, array(
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$submit' => t("Update now"),
'$close' => t("Close"),
'$localversion' => FRIENDICA_VERSION,
diff --git a/mod/contacts.php b/mod/contacts.php
index 001bf12af4..78c8d40928 100755
--- a/mod/contacts.php
+++ b/mod/contacts.php
@@ -61,7 +61,7 @@ function contacts_post(&$a) {
if(! count($orig_record)) {
notice( t('Could not access contact record.') . EOL);
- goaway($a->get_baseurl() . '/contacts');
+ goaway($a->get_baseurl(true) . '/contacts');
return; // NOTREACHED
}
@@ -141,7 +141,7 @@ function contacts_content(&$a) {
if(! count($orig_record)) {
notice( t('Could not access contact record.') . EOL);
- goaway($a->get_baseurl() . '/contacts');
+ goaway($a->get_baseurl(true) . '/contacts');
return; // NOTREACHED
}
@@ -149,7 +149,7 @@ function contacts_content(&$a) {
// pull feed and consume it, which should subscribe to the hub.
proc_run('php',"include/poller.php","$contact_id");
- goaway($a->get_baseurl() . '/contacts/' . $contact_id);
+ goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
// NOTREACHED
}
@@ -164,7 +164,7 @@ function contacts_content(&$a) {
//notice( t('Contact has been ') . (($blocked) ? t('blocked') : t('unblocked')) . EOL );
info( (($blocked) ? t('Contact has been blocked') : t('Contact has been unblocked')) . EOL );
}
- goaway($a->get_baseurl() . '/contacts/' . $contact_id);
+ goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
return; // NOTREACHED
}
@@ -178,7 +178,7 @@ function contacts_content(&$a) {
if($r) {
info( (($readonly) ? t('Contact has been ignored') : t('Contact has been unignored')) . EOL );
}
- goaway($a->get_baseurl() . '/contacts/' . $contact_id);
+ goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
return; // NOTREACHED
}
@@ -220,9 +220,9 @@ function contacts_content(&$a) {
contact_remove($orig_record[0]['id']);
info( t('Contact has been removed.') . EOL );
if(x($_SESSION,'return_url'))
- goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+ goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']);
else
- goaway($a->get_baseurl() . '/contacts');
+ goaway($a->get_baseurl(true) . '/contacts');
return; // NOTREACHED
}
}
@@ -233,7 +233,7 @@ function contacts_content(&$a) {
$contact = $a->data['contact'];
$tpl = get_markup_template('contact_head.tpl');
- $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));
+ $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(true)));
require_once('include/contact_selectors.php');
@@ -295,17 +295,17 @@ function contacts_content(&$a) {
$tabs = array(
array(
'label' => (($contact['blocked']) ? t('Unblock') : t('Block') ),
- 'url' => $a->get_baseurl() . '/contacts/' . $contact_id . '/block',
+ 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/block',
'sel' => '',
),
array(
'label' => (($contact['readonly']) ? t('Unignore') : t('Ignore') ),
- 'url' => $a->get_baseurl() . '/contacts/' . $contact_id . '/ignore',
+ 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/ignore',
'sel' => '',
),
array(
'label' => t('Repair'),
- 'url' => $a->get_baseurl() . '/crepair/' . $contact_id,
+ 'url' => $a->get_baseurl(true) . '/crepair/' . $contact_id,
'sel' => '',
)
);
@@ -322,7 +322,7 @@ function contacts_content(&$a) {
'$lbl_info1' => t('Contact Information / Notes'),
'$infedit' => t('Edit contact notes'),
'$common_text' => $common_text,
- '$common_link' => $a->get_baseurl() . '/common/' . $contact['id'],
+ '$common_link' => $a->get_baseurl(true) . '/common/' . $contact['id'],
'$all_friends' => $all_friends,
'$relation_text' => $relation_text,
'$visit' => sprintf( t('Visit %s\'s profile [%s]'),$contact['name'],$contact['url']),
@@ -397,30 +397,30 @@ function contacts_content(&$a) {
$tabs = array(
array(
'label' => t('All Contacts'),
- 'url' => $a->get_baseurl() . '/contacts/all',
+ 'url' => $a->get_baseurl(true) . '/contacts/all',
'sel' => ($all) ? 'active' : '',
),
array(
'label' => t('Unblocked Contacts'),
- 'url' => $a->get_baseurl() . '/contacts',
+ 'url' => $a->get_baseurl(true) . '/contacts',
'sel' => ((! $all) && (! $blocked) && (! $hidden) && (! $search) && (! $nets) && (! $ignored)) ? 'active' : '',
),
array(
'label' => t('Blocked Contacts'),
- 'url' => $a->get_baseurl() . '/contacts/blocked',
+ 'url' => $a->get_baseurl(true) . '/contacts/blocked',
'sel' => ($blocked) ? 'active' : '',
),
array(
'label' => t('Ignored Contacts'),
- 'url' => $a->get_baseurl() . '/contacts/ignored',
+ 'url' => $a->get_baseurl(true) . '/contacts/ignored',
'sel' => ($ignored) ? 'active' : '',
),
array(
'label' => t('Hidden Contacts'),
- 'url' => $a->get_baseurl() . '/contacts/hidden',
+ 'url' => $a->get_baseurl(true) . '/contacts/hidden',
'sel' => ($hidden) ? 'active' : '',
),
@@ -445,7 +445,7 @@ function contacts_content(&$a) {
$r = q("SELECT COUNT(*) AS `total` FROM `contact`
- WHERE `uid` = %d AND `pending` = 0 $sql_extra $sql_extra2 ",
+ WHERE `uid` = %d AND `self` = 0 AND `pending` = 0 $sql_extra $sql_extra2 ",
intval($_SESSION['uid']));
if(count($r)) {
$a->set_pager_total($r[0]['total']);
@@ -454,7 +454,7 @@ function contacts_content(&$a) {
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `pending` = 0 $sql_extra $sql_extra2 ORDER BY `name` ASC LIMIT %d , %d ",
+ $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `pending` = 0 $sql_extra $sql_extra2 ORDER BY `name` ASC LIMIT %d , %d ",
intval($_SESSION['uid']),
intval($a->pager['start']),
intval($a->pager['itemspage'])
@@ -465,8 +465,6 @@ function contacts_content(&$a) {
if(count($r)) {
foreach($r as $rr) {
- if($rr['self'])
- continue;
switch($rr['rel']) {
case CONTACT_IS_FRIEND:
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 0c0c27e3d6..3dbdc5b328 100755
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -14,6 +14,7 @@ function dfrn_notify_post(&$a) {
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
+ $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
$writable = (-1);
if($dfrn_version >= 2.21) {
@@ -94,6 +95,65 @@ function dfrn_notify_post(&$a) {
$importer['writable'] = $writable;
}
+ // if contact's ssl policy changed, update our links
+
+ $ssl_changed = false;
+
+ if($ssl_policy == 'self' && strstr($importer['url'],'https:')) {
+ $ssl_changed = true;
+ $importer['url'] = str_replace('https:','http:',$importer['url']);
+ $importer['nurl'] = normalise_link($importer['url']);
+ $importer['photo'] = str_replace('https:','http:',$importer['photo']);
+ $importer['thumb'] = str_replace('https:','http:',$importer['thumb']);
+ $importer['micro'] = str_replace('https:','http:',$importer['micro']);
+ $importer['request'] = str_replace('https:','http:',$importer['request']);
+ $importer['notify'] = str_replace('https:','http:',$importer['notify']);
+ $importer['poll'] = str_replace('https:','http:',$importer['poll']);
+ $importer['confirm'] = str_replace('https:','http:',$importer['confirm']);
+ $importer['poco'] = str_replace('https:','http:',$importer['poco']);
+ }
+
+ if($ssl_policy == 'full' && strstr($importer['url'],'http:')) {
+ $ssl_changed = true;
+ $importer['url'] = str_replace('http:','https:',$importer['url']);
+ $importer['nurl'] = normalise_link($importer['url']);
+ $importer['photo'] = str_replace('http:','https:',$importer['photo']);
+ $importer['thumb'] = str_replace('http:','https:',$importer['thumb']);
+ $importer['micro'] = str_replace('http:','https:',$importer['micro']);
+ $importer['request'] = str_replace('http:','https:',$importer['request']);
+ $importer['notify'] = str_replace('http:','https:',$importer['notify']);
+ $importer['poll'] = str_replace('http:','https:',$importer['poll']);
+ $importer['confirm'] = str_replace('http:','https:',$importer['confirm']);
+ $importer['poco'] = str_replace('http:','https:',$importer['poco']);
+ }
+
+ if($ssl_changed) {
+ q("update contact set
+ url = '%s',
+ nurl = '%s',
+ photo = '%s',
+ thumb = '%s',
+ micro = '%s',
+ request = '%s',
+ notify = '%s',
+ poll = '%s',
+ confirm = '%s',
+ poco = '%s'
+ where id = %d limit 1",
+ dbesc($importer['url']),
+ dbesc($importer['nurl']),
+ dbesc($importer['photo']),
+ dbesc($importer['thumb']),
+ dbesc($importer['micro']),
+ dbesc($importer['request']),
+ dbesc($importer['notify']),
+ dbesc($importer['poll']),
+ dbesc($importer['confirm']),
+ dbesc($importer['poco']),
+ intval($importer['id'])
+ );
+ }
+
logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']);
logger('dfrn_notify: data: ' . $data, LOGGER_DATA);
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index bc159137df..c2d37dac7e 100755
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -43,7 +43,7 @@ function dfrn_request_post(&$a) {
return;
- if($_POST['cancel']) {
+ if(x($_POST, 'cancel')) {
goaway(z_root());
}
@@ -77,9 +77,10 @@ function dfrn_request_post(&$a) {
* Lookup the contact based on their URL (which is the only unique thing we have at the moment)
*/
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `self` = 0 LIMIT 1",
+ $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND (`url` = '%s' OR `nurl` = '%s') AND `self` = 0 LIMIT 1",
intval(local_user()),
- dbesc($dfrn_url)
+ dbesc($dfrn_url),
+ dbesc(normalise_link($dfrn_url))
);
if(count($r)) {
@@ -666,7 +667,25 @@ function dfrn_request_content(&$a) {
$page_desc = sprintf( t('Diaspora members: Please do not use this form. Instead, enter "%s" into your Diaspora search bar.'),
$target_addr) . EOL . EOL;
- $page_desc .= t("Please enter your 'Identity Address' from one of the following supported social networks:");
+ $page_desc .= t("Please enter your 'Identity Address' from one of the following supported communications networks:");
+
+ // see if we are allowed to have NETWORK_MAIL2 contacts
+
+ $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
+ if(get_config('system','dfrn_only'))
+ $mail_disabled = 1;
+
+ if(! $mail_disabled) {
+ $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1",
+ intval($a->profile['uid'])
+ );
+ if(! count($r))
+ $mail_disabled = 1;
+ }
+
+ $emailnet = (($mail_disabled) ? '' : t("Connect as an email follower \x28Coming soon\x29"));
+
+ $invite_desc = t('If you are not yet a member of the free social web, follow this link to find a public Friendica site and join us today .');
$o .= replace_macros($tpl,array(
'$header' => t('Friend/Connection Request'),
@@ -682,6 +701,8 @@ function dfrn_request_content(&$a) {
'$diaspora' => t('Diaspora'),
'$diasnote' => t('- please share from your own site as noted above'),
'$your_address' => t('Your Identity Address:'),
+ '$invite_desc' => $invite_desc,
+ '$emailnet' => $emailnet,
'$submit' => t('Submit Request'),
'$cancel' => t('Cancel'),
'$nickname' => $a->argv[1],
diff --git a/mod/filer.php b/mod/filer.php
new file mode 100755
index 0000000000..a9e2135361
--- /dev/null
+++ b/mod/filer.php
@@ -0,0 +1,23 @@
+argc > 1) ? notags(trim($a->argv[1])) : 0);
+
+ logger('filer: tag ' . $term . ' item ' . $item_id);
+
+ if($item_id && strlen($term))
+ file_tag_save_file(local_user(),$item_id,$term);
+
+ killme();
+}
diff --git a/mod/filerm.php b/mod/filerm.php
new file mode 100644
index 0000000000..66b684dc96
--- /dev/null
+++ b/mod/filerm.php
@@ -0,0 +1,21 @@
+argc > 1) ? notags(trim($a->argv[1])) : 0);
+
+ logger('filerm: tag ' . $term . ' item ' . $item_id);
+
+ if($item_id && strlen($term))
+ file_tag_unsave_file(local_user(),$item_id,$term);
+
+ if(x($_SESSION,'return_url'))
+ goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+
+ killme();
+}
diff --git a/mod/hcard.php b/mod/hcard.php
index 19e649dcb6..6d2d9e2ebf 100755
--- a/mod/hcard.php
+++ b/mod/hcard.php
@@ -21,7 +21,7 @@ function hcard_init(&$a) {
profile_load($a,$which,$profile);
if((x($a->profile,'page-flags')) && ($a->profile['page-flags'] == PAGE_COMMUNITY)) {
- $a->page['htmlhead'] .= ' ';
+ $a->page['htmlhead'] .= ' ';
}
if(x($a->profile,'openidserver'))
$a->page['htmlhead'] .= ' ' . "\r\n";
diff --git a/mod/item.php b/mod/item.php
index 81d7c753b4..98cfb43385 100755
--- a/mod/item.php
+++ b/mod/item.php
@@ -425,110 +425,7 @@ function item_post(&$a) {
if(count($tags)) {
foreach($tags as $tag) {
-
- if(isset($profile))
- unset($profile);
- if(strpos($tag,'#') === 0) {
- if(strpos($tag,'[url='))
- continue;
- $basetag = str_replace('_',' ',substr($tag,1));
- $body = str_replace($tag,'#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]',$body);
-
- $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]';
- if(! stristr($str_tags,$newtag)) {
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
- continue;
- }
- if(strpos($tag,'@') === 0) {
- if(strpos($tag,'[url='))
- continue;
- $stat = false;
- $name = substr($tag,1);
- if((strpos($name,'@')) || (strpos($name,'http://'))) {
- $newname = $name;
- $links = @lrdd($name);
- if(count($links)) {
- foreach($links as $link) {
- if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
- $profile = $link['@attributes']['href'];
- if($link['@attributes']['rel'] === 'salmon') {
- if(strlen($inform))
- $inform .= ',';
- $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']);
- }
- }
- }
- }
- else {
- $newname = $name;
- $alias = '';
- $tagcid = 0;
- if(strrpos($newname,'+')) {
- $tagcid = intval(substr($newname,strrpos($newname,'+') + 1));
- if(strpos($name,' '))
- $name = substr($name,0,strpos($name,' '));
- }
- if($tagcid) {
- $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($tagcid),
- intval($profile_uid)
- );
- }
- elseif(strstr($name,'_') || strstr($name,' ')) {
- $newname = str_replace('_',' ',$name);
- $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
- dbesc($newname),
- intval($profile_uid)
- );
- }
- else {
- $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
- dbesc($name),
- dbesc($name),
- intval($profile_uid)
- );
- }
- if(count($r)) {
- $profile = $r[0]['url'];
- if($r[0]['network'] === 'stat') {
- $newname = $r[0]['nick'];
- $stat = true;
- if($r[0]['alias'])
- $alias = $r[0]['alias'];
- }
- else
- $newname = $r[0]['name'];
- if(strlen($inform))
- $inform .= ',';
- $inform .= 'cid:' . $r[0]['id'];
- }
- }
- if($profile) {
- $body = str_replace('@' . $name, '@' . '[url=' . $profile . ']' . $newname . '[/url]', $body);
- $profile = str_replace(',','%2c',$profile);
- $newtag = '@[url=' . $profile . ']' . $newname . '[/url]';
- if(! stristr($str_tags,$newtag)) {
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
-
- // Status.Net seems to require the numeric ID URL in a mention if the person isn't
- // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both.
-
- if(strlen($alias)) {
- $newtag = '@[url=' . $alias . ']' . $newname . '[/url]';
- if(! stristr($str_tags,$newtag)) {
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
- }
- }
- }
+ handle_tag($a, $body, $inform, $str_tags, $profile_uid, $tag);
}
}
@@ -627,7 +524,7 @@ function item_post(&$a) {
if($preview) {
require_once('include/conversation.php');
- $o = conversation(&$a,array(array_merge($contact_record,$datarray)),'search',false,true);
+ $o = conversation($a,array(array_merge($contact_record,$datarray)),'search',false,true);
logger('preview: ' . $o);
echo json_encode(array('preview' => $o));
killme();
@@ -922,3 +819,142 @@ function item_content(&$a) {
drop_item($a->argv[2]);
}
}
+
+/**
+ * This function removes the tag $tag from the text $body and replaces it with
+ * the appropiate link.
+ *
+ * @param unknown_type $body the text to replace the tag in
+ * @param unknown_type $inform a comma-seperated string containing everybody to inform
+ * @param unknown_type $str_tags string to add the tag to
+ * @param unknown_type $profile_uid
+ * @param unknown_type $tag the tag to replace
+ */
+function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
+ //is it a hash tag?
+ if(strpos($tag,'#') === 0) {
+ //if the tag is replaced...
+ if(strpos($tag,'[url='))
+ //...do nothing
+ continue;
+ //base tag has the tags name only
+ $basetag = str_replace('_',' ',substr($tag,1));
+ //create text for link
+ $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]';
+ //replace tag by the link
+ $body = str_replace($tag, $newtag, $body);
+
+ //is the link already in str_tags?
+ if(! stristr($str_tags,$newtag)) {
+ //append or set str_tags
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+ return;
+ }
+ //is it a person tag?
+ if(strpos($tag,'@') === 0) {
+ //is it already replaced?
+ if(strpos($tag,'[url='))
+ continue;
+ $stat = false;
+ //get the person's name
+ $name = substr($tag,1);
+ //is it a link or a full dfrn address?
+ if((strpos($name,'@')) || (strpos($name,'http://'))) {
+ $newname = $name;
+ //get the profile links
+ $links = @lrdd($name);
+ if(count($links)) {
+ //for all links, collect how is to inform and how's profile is to link
+ foreach($links as $link) {
+ if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
+ $profile = $link['@attributes']['href'];
+ if($link['@attributes']['rel'] === 'salmon') {
+ if(strlen($inform))
+ $inform .= ',';
+ $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']);
+ }
+ }
+ }
+ } else { //if it is a name rather than an address
+ $newname = $name;
+ $alias = '';
+ $tagcid = 0;
+ //is it some generated name?
+ if(strrpos($newname,'+')) {
+ //get the id
+ $tagcid = intval(substr($newname,strrpos($newname,'+') + 1));
+ //remove the next word from tag's name
+ if(strpos($name,' ')) {
+ $name = substr($name,0,strpos($name,' '));
+ }
+ }
+ if($tagcid) { //if there was an id
+ //select contact with that id from the logged in user's contact list
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($tagcid),
+ intval($profile_uid)
+ );
+ } elseif(strstr($name,'_') || strstr($name,' ')) { //no id
+ //get the real name
+ $newname = str_replace('_',' ',$name);
+ //select someone from this user's contacts by name
+ $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
+ dbesc($newname),
+ intval($profile_uid)
+ );
+ } else {
+ //select someone by attag or nick and the name passed in
+ $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
+ dbesc($name),
+ dbesc($name),
+ intval($profile_uid)
+ );
+ }
+ //$r is set, if someone could be selected
+ if(count($r)) {
+ $profile = $r[0]['url'];
+ //set newname to nick, find alias
+ if($r[0]['network'] === 'stat') {
+ $newname = $r[0]['nick'];
+ $stat = true;
+ if($r[0]['alias'])
+ $alias = $r[0]['alias'];
+ }
+ else
+ $newname = $r[0]['name'];
+ //add person's id to $inform
+ if(strlen($inform))
+ $inform .= ',';
+ $inform .= 'cid:' . $r[0]['id'];
+ }
+ }
+ //if there is an url for this persons profile
+ if(isset($profile)) {
+ //create profile link
+ $profile = str_replace(',','%2c',$profile);
+ $newtag = '@[url=' . $profile . ']' . $newname . '[/url]';
+ $body = str_replace('@' . $name, $newtag, $body);
+ //append tag to str_tags
+ if(! stristr($str_tags,$newtag)) {
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+
+ // Status.Net seems to require the numeric ID URL in a mention if the person isn't
+ // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both.
+
+ if(strlen($alias)) {
+ $newtag = '@[url=' . $alias . ']' . $newname . '[/url]';
+ if(! stristr($str_tags,$newtag)) {
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+ }
+ }
+ }
+}
diff --git a/mod/manage.php b/mod/manage.php
index ec4dcd8a00..84dfa6917c 100755
--- a/mod/manage.php
+++ b/mod/manage.php
@@ -74,7 +74,7 @@ function manage_post(&$a) {
if($limited_id)
$_SESSION['submanage'] = $original_id;
- goaway($a->get_baseurl() . '/profile/' . $a->user['nickname']);
+ goaway($a->get_baseurl(true) . '/profile/' . $a->user['nickname']);
// NOTREACHED
}
diff --git a/mod/message.php b/mod/message.php
index 57d45ee3c7..55e313776d 100755
--- a/mod/message.php
+++ b/mod/message.php
@@ -56,23 +56,23 @@ function message_content(&$a) {
return;
}
- $myprofile = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
+ $myprofile = $a->get_baseurl(true) . '/profile/' . $a->user['nickname'];
$tabs = array(
array(
'label' => t('Inbox'),
- 'url'=> $a->get_baseurl() . '/message',
+ 'url'=> $a->get_baseurl(true) . '/message',
'sel'=> (($a->argc == 1) ? 'active' : ''),
),
array(
'label' => t('Outbox'),
- 'url' => $a->get_baseurl() . '/message/sent',
+ 'url' => $a->get_baseurl(true) . '/message/sent',
'sel'=> (($a->argv[1] == 'sent') ? 'active' : ''),
),
array(
'label' => t('New Message'),
- 'url' => $a->get_baseurl() . '/message/new',
+ 'url' => $a->get_baseurl(true) . '/message/new',
'sel'=> (($a->argv[1] == 'new') ? 'active' : ''),
),
);
@@ -99,7 +99,7 @@ function message_content(&$a) {
if($r) {
info( t('Message deleted.') . EOL );
}
- goaway($a->get_baseurl() . '/message' );
+ goaway($a->get_baseurl(true) . '/message' );
}
else {
$r = q("SELECT `parent-uri`,`convid` FROM `mail` WHERE `id` = %d AND `uid` = %d LIMIT 1",
@@ -129,7 +129,7 @@ function message_content(&$a) {
if($r)
info( t('Conversation removed.') . EOL );
}
- goaway($a->get_baseurl() . '/message' );
+ goaway($a->get_baseurl(true) . '/message' );
}
}
@@ -146,7 +146,7 @@ function message_content(&$a) {
$tpl = get_markup_template('msg-header.tpl');
$a->page['htmlhead'] .= replace_macros($tpl, array(
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'),
'$nickname' => $a->user['nickname'],
'$linkurl' => t('Please enter a link URL:')
@@ -192,9 +192,9 @@ function message_content(&$a) {
$a->set_pager_total($r[0]['total']);
$r = q("SELECT max(`mail`.`created`) AS `mailcreated`, min(`mail`.`seen`) AS `mailseen`,
- `mail`.* , `contact`.`name`, `contact`.`url`, `contact`.`thumb`
+ `mail`.* , `contact`.`name`, `contact`.`url`, `contact`.`thumb` , `contact`.`network`
FROM `mail` LEFT JOIN `contact` ON `mail`.`contact-id` = `contact`.`id`
- WHERE `mail`.`uid` = %d AND `from-url` $eq '%s' GROUP BY `parent-uri` ORDER BY `created` DESC LIMIT %d , %d ",
+ WHERE `mail`.`uid` = %d AND `from-url` $eq '%s' GROUP BY `parent-uri` ORDER BY `mailcreated` DESC LIMIT %d , %d ",
intval(local_user()),
dbesc($myprofile),
intval($a->pager['start']),
@@ -210,7 +210,7 @@ function message_content(&$a) {
$o .= replace_macros($tpl, array(
'$id' => $rr['id'],
'$from_name' =>$rr['from-name'],
- '$from_url' => (($rr['network'] === NETWORK_DFRN) ? $a->get_baseurl() . '/redir/' . $rr['contact-id'] : $rr['url']),
+ '$from_url' => (($rr['network'] === NETWORK_DFRN) ? $a->get_baseurl(true) . '/redir/' . $rr['contact-id'] : $rr['url']),
'$sparkle' => ' sparkle',
'$from_photo' => $rr['thumb'],
'$subject' => template_escape((($rr['mailseen']) ? $rr['title'] : '' . $rr['title'] . ' ')),
@@ -267,7 +267,7 @@ function message_content(&$a) {
$a->page['htmlhead'] .= replace_macros($tpl, array(
'$nickname' => $a->user['nickname'],
- '$baseurl' => $a->get_baseurl()
+ '$baseurl' => $a->get_baseurl(true)
));
@@ -278,7 +278,7 @@ function message_content(&$a) {
$sparkle = '';
}
else {
- $from_url = $a->get_baseurl() . '/redir/' . $message['contact-id'];
+ $from_url = $a->get_baseurl(true) . '/redir/' . $message['contact-id'];
$sparkle = ' sparkle';
}
$o .= replace_macros($tpl, array(
diff --git a/mod/network.php b/mod/network.php
index b04a7b4890..d0f1733f46 100755
--- a/mod/network.php
+++ b/mod/network.php
@@ -44,21 +44,26 @@ function network_init(&$a) {
}
$a->page['aside'] .= group_side('network','network',true,$group_id);
- $a->page['aside'] .= networks_widget($a->get_baseurl() . '/network',(($_GET['nets']) ? $_GET['nets'] : ''));
+ $a->page['aside'] .= networks_widget($a->get_baseurl(true) . '/network',(x($_GET, 'nets') ? $_GET['nets'] : ''));
$a->page['aside'] .= saved_searches($search);
+ $a->page['aside'] .= fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : ''));
}
function saved_searches($search) {
+ $a = get_app();
+
$srchurl = '/network?f='
- . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : '')
- . ((x($_GET,'star')) ? '&star=' . $_GET['star'] : '')
+ . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : '')
+ . ((x($_GET,'star')) ? '&star=' . $_GET['star'] : '')
. ((x($_GET,'bmark')) ? '&bmark=' . $_GET['bmark'] : '')
- . ((x($_GET,'conv')) ? '&conv=' . $_GET['conv'] : '')
- . ((x($_GET,'nets')) ? '&nets=' . $_GET['nets'] : '')
- . ((x($_GET,'cmin')) ? '&cmin=' . $_GET['cmin'] : '')
- . ((x($_GET,'cmax')) ? '&cmax=' . $_GET['cmax'] : '');
+ . ((x($_GET,'conv')) ? '&conv=' . $_GET['conv'] : '')
+ . ((x($_GET,'nets')) ? '&nets=' . $_GET['nets'] : '')
+ . ((x($_GET,'cmin')) ? '&cmin=' . $_GET['cmin'] : '')
+ . ((x($_GET,'cmax')) ? '&cmax=' . $_GET['cmax'] : '')
+ . ((x($_GET,'file')) ? '&file=' . $_GET['file'] : '');
+ ;
$o = '';
@@ -85,7 +90,7 @@ function saved_searches($search) {
$o = replace_macros($tpl, array(
'$title' => t('Saved Searches'),
'$add' => t('add'),
- '$searchbox' => search($search,'netsearch-box',$srchurl,true),
+ '$searchbox' => search($search,'netsearch-box',$a->get_baseurl(true) . $srchurl,true),
'$saved' => $saved,
));
@@ -130,15 +135,15 @@ function network_content(&$a, $update = 0) {
$starred_active = 'active';
}
- if($_GET['bmark']) {
+ if(x($_GET,'bmark')) {
$bookmarked_active = 'active';
}
- if($_GET['conv']) {
+ if(x($_GET,'conv')) {
$conv_active = 'active';
}
- if($_GET['spam']) {
+ if(x($_GET,'spam')) {
$spam_active = 'active';
}
@@ -164,38 +169,38 @@ function network_content(&$a, $update = 0) {
$tabs = array(
array(
'label' => t('Commented Order'),
- 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?f=&cid=' . $_GET['cid'] : ''),
+ 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?f=&cid=' . $_GET['cid'] : ''),
'sel'=>$all_active,
),
array(
'label' => t('Posted Order'),
- 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''),
+ 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''),
'sel'=>$postord_active,
),
array(
'label' => t('Personal'),
- 'url' => $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1',
+ 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1',
'sel' => $conv_active,
),
array(
'label' => t('New'),
- 'url' => $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . '/new' . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : ''),
+ 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . '/new' . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : ''),
'sel' => $new_active,
),
array(
'label' => t('Starred'),
- 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1',
+ 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1',
'sel'=>$starred_active,
),
array(
- 'label' => t('Bookmarks'),
- 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&bmark=1',
+ 'label' => t('Shared Links'),
+ 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&bmark=1',
'sel'=>$bookmarked_active,
),
// array(
// 'label' => t('Spam'),
-// 'url'=>$a->get_baseurl() . '/network?f=&spam=1'
+// 'url'=>$a->get_baseurl(true) . '/network?f=&spam=1'
// 'sel'=> $spam_active,
// ),
@@ -226,6 +231,7 @@ function network_content(&$a, $update = 0) {
$nets = ((x($_GET,'nets')) ? $_GET['nets'] : '');
$cmin = ((x($_GET,'cmin')) ? intval($_GET['cmin']) : 0);
$cmax = ((x($_GET,'cmax')) ? intval($_GET['cmax']) : 99);
+ $file = ((x($_GET,'file')) ? $_GET['file'] : '');
if(($a->argc > 2) && $a->argv[2] === 'new')
$nouveau = true;
@@ -239,13 +245,13 @@ function network_content(&$a, $update = 0) {
}
}
- if(x($_GET,'search'))
+ if(x($_GET,'search') || x($_GET,'file'))
$nouveau = true;
if($cid)
$def_acl = array('allow_cid' => '<' . intval($cid) . '>');
if(! $update) {
- if(group) {
+ if($group) {
if(($t = group_public_members($group)) && (! get_pconfig(local_user(),'system','nowarn_insecure'))) {
notice( sprintf( tt('Warning: This group contains %s member from an insecure network.',
'Warning: This group contains %s members from an insecure network.',
@@ -296,7 +302,7 @@ function network_content(&$a, $update = 0) {
if($update)
killme();
notice( t('No such group') . EOL );
- goaway($a->get_baseurl() . '/network');
+ goaway($a->get_baseurl(true) . '/network');
// NOTREACHED
}
@@ -328,7 +334,7 @@ function network_content(&$a, $update = 0) {
}
else {
notice( t('Invalid contact.') . EOL);
- goaway($a->get_baseurl() . '/network');
+ goaway($a->get_baseurl(true) . '/network');
// NOTREACHED
}
}
@@ -358,6 +364,7 @@ function network_content(&$a, $update = 0) {
. ((x($_GET,'nets')) ? '&nets=' . $_GET['nets'] : '')
. ((x($_GET,'cmin')) ? '&cmin=' . $_GET['cmin'] : '')
. ((x($_GET,'cmax')) ? '&cmax=' . $_GET['cmax'] : '')
+ . ((x($_GET,'file')) ? '&file=' . $_GET['file'] : '')
. "'; var profile_page = " . $a->pager['page'] . "; \r\n";
}
@@ -371,6 +378,9 @@ function network_content(&$a, $update = 0) {
dbesc('\\]' . preg_quote($search) . '\\[')
);
}
+ if(strlen($file)) {
+ $sql_extra .= file_tag_file_query('item',$file);
+ }
if($conv) {
$myurl = $a->get_baseurl() . '/profile/'. $a->user['nickname'];
@@ -491,7 +501,9 @@ function network_content(&$a, $update = 0) {
$items = conv_sort($items,$ordering);
- }
+ } else {
+ $items = array();
+ }
}
diff --git a/mod/notifications.php b/mod/notifications.php
index 99031a1d59..d478b51634 100755
--- a/mod/notifications.php
+++ b/mod/notifications.php
@@ -42,12 +42,12 @@ function notifications_post(&$a) {
intval(local_user())
);
}
- goaway($a->get_baseurl() . '/notifications/intros');
+ goaway($a->get_baseurl(true) . '/notifications/intros');
}
if($_POST['submit'] == t('Ignore')) {
$r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1",
intval($intro_id));
- goaway($a->get_baseurl() . '/notifications/intros');
+ goaway($a->get_baseurl(true) . '/notifications/intros');
}
}
}
@@ -69,32 +69,32 @@ function notifications_content(&$a) {
$tabs = array(
array(
'label' => t('System'),
- 'url'=>$a->get_baseurl() . '/notifications/system',
+ 'url'=>$a->get_baseurl(true) . '/notifications/system',
'sel'=> (($a->argv[1] == 'system') ? 'active' : ''),
),
array(
'label' => t('Network'),
- 'url'=>$a->get_baseurl() . '/notifications/network',
+ 'url'=>$a->get_baseurl(true) . '/notifications/network',
'sel'=> (($a->argv[1] == 'network') ? 'active' : ''),
),
array(
'label' => t('Personal'),
- 'url'=>$a->get_baseurl() . '/notifications/personal',
+ 'url'=>$a->get_baseurl(true) . '/notifications/personal',
'sel'=> (($a->argv[1] == 'personal') ? 'active' : ''),
),
array(
'label' => t('Home'),
- 'url' => $a->get_baseurl() . '/notifications/home',
+ 'url' => $a->get_baseurl(true) . '/notifications/home',
'sel'=> (($a->argv[1] == 'home') ? 'active' : ''),
),
array(
'label' => t('Introductions'),
- 'url' => $a->get_baseurl() . '/notifications/intros',
+ 'url' => $a->get_baseurl(true) . '/notifications/intros',
'sel'=> (($a->argv[1] == 'intros') ? 'active' : ''),
),
array(
'label' => t('Messages'),
- 'url' => $a->get_baseurl() . '/message',
+ 'url' => $a->get_baseurl(true) . '/message',
'sel'=> '',
),
);
@@ -244,7 +244,7 @@ function notifications_content(&$a) {
switch($it['verb']){
case ACTIVITY_LIKE:
$notif_content .= replace_macros($tpl_item_likes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -253,7 +253,7 @@ function notifications_content(&$a) {
case ACTIVITY_DISLIKE:
$notif_content .= replace_macros($tpl_item_dislikes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -267,7 +267,7 @@ function notifications_content(&$a) {
$it['fname'] = $obj->title;
$notif_content .= replace_macros($tpl_item_friends,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']),
'$item_when' => relative_date($it['created'])
@@ -281,7 +281,7 @@ function notifications_content(&$a) {
$tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments);
$notif_content .= replace_macros($tpl,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => $item_text,
'$item_when' => relative_date($it['created'])
@@ -314,7 +314,7 @@ function notifications_content(&$a) {
if (count($r) > 0) {
foreach ($r as $it) {
$notif_content .= replace_macros($not_tpl,array(
- '$item_link' => $a->get_baseurl().'/notify/view/'. $it['id'],
+ '$item_link' => $a->get_baseurl(true).'/notify/view/'. $it['id'],
'$item_image' => $it['photo'],
'$item_text' => strip_tags(bbcode($it['msg'])),
'$item_when' => relative_date($it['date'])
@@ -334,7 +334,7 @@ function notifications_content(&$a) {
$notif_tpl = get_markup_template('notifications.tpl');
- $myurl = $a->get_baseurl() . '/profile/'. $a->user['nickname'];
+ $myurl = $a->get_baseurl(true) . '/profile/'. $a->user['nickname'];
$myurl = substr($myurl,strpos($myurl,'://')+3);
$myurl = str_replace(array('www.','.'),array('','\\.'),$myurl);
$diasp_url = str_replace('/profile/','/u/',$myurl);
@@ -369,7 +369,7 @@ function notifications_content(&$a) {
switch($it['verb']){
case ACTIVITY_LIKE:
$notif_content .= replace_macros($tpl_item_likes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -378,7 +378,7 @@ function notifications_content(&$a) {
case ACTIVITY_DISLIKE:
$notif_content .= replace_macros($tpl_item_dislikes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -392,7 +392,7 @@ function notifications_content(&$a) {
$it['fname'] = $obj->title;
$notif_content .= replace_macros($tpl_item_friends,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']),
'$item_when' => relative_date($it['created'])
@@ -406,7 +406,7 @@ function notifications_content(&$a) {
$tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments);
$notif_content .= replace_macros($tpl,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => $item_text,
'$item_when' => relative_date($it['created'])
@@ -456,7 +456,7 @@ function notifications_content(&$a) {
switch($it['verb']){
case ACTIVITY_LIKE:
$notif_content .= replace_macros($tpl_item_likes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -465,7 +465,7 @@ function notifications_content(&$a) {
break;
case ACTIVITY_DISLIKE:
$notif_content .= replace_macros($tpl_item_dislikes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -479,7 +479,7 @@ function notifications_content(&$a) {
$it['fname'] = $obj->title;
$notif_content .= replace_macros($tpl_item_friends,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']),
'$item_when' => relative_date($it['created'])
@@ -488,7 +488,7 @@ function notifications_content(&$a) {
break;
default:
$notif_content .= replace_macros($tpl_item_comments,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s commented on %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
diff --git a/mod/notify.php b/mod/notify.php
index a572b15344..ae8273a1d3 100644
--- a/mod/notify.php
+++ b/mod/notify.php
@@ -20,7 +20,7 @@ function notify_init(&$a) {
goaway($r[0]['link']);
}
- goaway($a->get_baseurl());
+ goaway($a->get_baseurl(true));
}
if($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all' ) {
@@ -51,7 +51,7 @@ function notify_content(&$a) {
if (count($r) > 0) {
foreach ($r as $it) {
$notif_content .= replace_macros($not_tpl,array(
- '$item_link' => $a->get_baseurl().'/notify/view/'. $it['id'],
+ '$item_link' => $a->get_baseurl(true).'/notify/view/'. $it['id'],
'$item_image' => $it['photo'],
'$item_text' => strip_tags(bbcode($it['msg'])),
'$item_when' => relative_date($it['date'])
diff --git a/mod/parse_url.php b/mod/parse_url.php
index e0b378f685..27dac4d5d3 100755
--- a/mod/parse_url.php
+++ b/mod/parse_url.php
@@ -188,7 +188,7 @@ function parse_url_content(&$a) {
if(! $text) {
logger('parsing meta');
- $items = $domhead->getElementsByTagName('meta');
+ $items = (isset($domhead) && is_object($domhead) ? $domhead->getElementsByTagName('meta') : null);
if($items) {
foreach($items as $item) {
$property = $item->getAttribute('property');
diff --git a/mod/profile.php b/mod/profile.php
index 1a701f4077..428679ffc5 100755
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -27,7 +27,7 @@ function profile_init(&$a) {
profile_load($a,$which,$profile);
if((x($a->profile,'page-flags')) && ($a->profile['page-flags'] == PAGE_COMMUNITY)) {
- $a->page['htmlhead'] .= ' ';
+ $a->page['htmlhead'] .= ' ';
}
if(x($a->profile,'openidserver'))
$a->page['htmlhead'] .= ' ' . "\r\n";
diff --git a/mod/profile_photo.php b/mod/profile_photo.php
index e3dbdaf39c..d1fd08eba6 100755
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -15,11 +15,13 @@ function profile_photo_init(&$a) {
function profile_photo_post(&$a) {
- if(! local_user()) {
- notice ( t('Permission denied.') . EOL );
- return;
- }
-
+ if(! local_user()) {
+ notice ( t('Permission denied.') . EOL );
+ return;
+ }
+
+ check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
+
if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) {
// phase 2 - we have finished cropping
@@ -148,7 +150,9 @@ function profile_photo_content(&$a) {
notice( t('Permission denied.') . EOL );
return;
};
-
+
+ check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
+
$resource_id = $a->argv[2];
//die(":".local_user());
$r=q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC",
@@ -203,6 +207,7 @@ function profile_photo_content(&$a) {
'$lbl_upfile' => t('Upload File:'),
'$title' => t('Upload Profile Photo'),
'$submit' => t('Upload'),
+ '$form_security_token' => get_form_security_token("profile_photo"),
'$select' => sprintf('%s %s', t('or'), ($newuser) ? '' . t('skip this step') . ' ' : '' . t('select a photo from your photo albums') . ' ')
));
@@ -218,6 +223,7 @@ function profile_photo_content(&$a) {
'$image_url' => $a->get_baseurl() . '/photo/' . $filename,
'$title' => t('Crop Image'),
'$desc' => t('Please adjust the image cropping for optimum viewing.'),
+ '$form_security_token' => get_form_security_token("profile_photo"),
'$done' => t('Done Editing')
));
return $o;
diff --git a/mod/profiles.php b/mod/profiles.php
index ccd7d54741..7b3b6ccc1e 100755
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -21,6 +21,9 @@ function profiles_post(&$a) {
notice( t('Profile not found.') . EOL);
return;
}
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_edit');
+
$is_default = (($orig[0]['is-default']) ? 1 : 0);
$profile_name = notags(trim($_POST['profile_name']));
@@ -237,9 +240,11 @@ function profiles_content(&$a) {
);
if(! count($r)) {
notice( t('Profile not found.') . EOL);
- goaway($a->get_baseurl() . '/profiles');
+ goaway($a->get_baseurl(true) . '/profiles');
return; // NOTREACHED
}
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_drop', 't');
// move every contact using this profile as their default to the user default
@@ -255,7 +260,7 @@ function profiles_content(&$a) {
if($r)
info( t('Profile deleted.') . EOL);
- goaway($a->get_baseurl() . '/profiles');
+ goaway($a->get_baseurl(true) . '/profiles');
return; // NOTREACHED
}
@@ -264,6 +269,8 @@ function profiles_content(&$a) {
if(($a->argc > 1) && ($a->argv[1] === 'new')) {
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_new', 't');
$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
intval(local_user()));
@@ -290,11 +297,14 @@ function profiles_content(&$a) {
info( t('New profile created.') . EOL);
if(count($r3) == 1)
- goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
- goaway($a->get_baseurl() . '/profiles');
- }
+ goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']);
+
+ goaway($a->get_baseurl(true) . '/profiles');
+ }
if(($a->argc > 2) && ($a->argv[1] === 'clone')) {
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_clone', 't');
$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
intval(local_user()));
@@ -329,10 +339,12 @@ function profiles_content(&$a) {
);
info( t('New profile created.') . EOL);
if(count($r3) == 1)
- goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
- goaway($a->get_baseurl() . '/profiles');
- return; // NOTREACHED
- }
+ goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']);
+
+ goaway($a->get_baseurl(true) . '/profiles');
+
+ return; // NOTREACHED
+ }
if(($a->argc > 1) && (intval($a->argv[1]))) {
@@ -361,7 +373,7 @@ function profiles_content(&$a) {
));
- $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));
+ $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(true)));
$a->page['htmlhead'] .= "";
$f = get_config('system','birthday_input_format');
@@ -371,6 +383,9 @@ function profiles_content(&$a) {
$is_default = (($r[0]['is-default']) ? 1 : 0);
$tpl = get_markup_template("profile_edit.tpl");
$o .= replace_macros($tpl,array(
+ '$form_security_token' => get_form_security_token("profile_edit"),
+ '$profile_clone_link' => 'profiles/clone/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_clone"),
+ '$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_drop"),
'$banner' => t('Edit Profile Details'),
'$submit' => t('Submit'),
'$viewprof' => t('View this profile'),
@@ -410,7 +425,7 @@ function profiles_content(&$a) {
'$lbl_work' => t('Work/employment'),
'$lbl_school' => t('School/education'),
'$disabled' => (($is_default) ? 'onclick="return false;" style="color: #BBBBFF;"' : ''),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$profile_id' => $r[0]['id'],
'$profile_name' => $r[0]['profile-name'],
'$default' => (($is_default) ? '' . t('This is your public profile. It may be visible to anybody using the internet.') . '
' : ""),
@@ -460,7 +475,8 @@ function profiles_content(&$a) {
$o .= replace_macros($tpl_header,array(
'$header' => t('Edit/Manage Profiles'),
'$chg_photo' => t('Change profile photo'),
- '$cr_new' => t('Create New Profile')
+ '$cr_new' => t('Create New Profile'),
+ '$cr_new_link' => 'profiles/new?t=' . get_form_security_token("profile_new")
));
@@ -473,7 +489,7 @@ function profiles_content(&$a) {
'$alt' => t('Profile Image'),
'$profile_name' => $rr['profile-name'],
'$visible' => (($rr['is-default']) ? '' . t('visible to everybody') . ' '
- : ' ' . t('Edit visibility') . '
')
+ : ' ' . t('Edit visibility') . ' ')
));
}
}
diff --git a/mod/settings.php b/mod/settings.php
index 2ef582fdfe..f694b5840f 100755
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -53,16 +53,20 @@ function settings_post(&$a) {
$old_page_flags = $a->user['page-flags'];
if(($a->argc > 1) && ($a->argv[1] === 'oauth') && x($_POST,'remove')){
+ check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
+
$key = $_POST['remove'];
q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
dbesc($key),
local_user());
- goaway($a->get_baseurl()."/settings/oauth/");
+ goaway($a->get_baseurl(true)."/settings/oauth/");
return;
}
if(($a->argc > 2) && ($a->argv[1] === 'oauth') && ($a->argv[2] === 'edit'||($a->argv[2] === 'add')) && x($_POST,'submit')) {
+ check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
+
$name = ((x($_POST,'name')) ? $_POST['name'] : '');
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
$secret = ((x($_POST,'secret')) ? $_POST['secret'] : '');
@@ -100,18 +104,23 @@ function settings_post(&$a) {
local_user());
}
}
- goaway($a->get_baseurl()."/settings/oauth/");
+ goaway($a->get_baseurl(true)."/settings/oauth/");
return;
}
if(($a->argc > 1) && ($a->argv[1] == 'addon')) {
+ check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon');
+
call_hooks('plugin_settings_post', $_POST);
return;
}
if(($a->argc > 1) && ($a->argv[1] == 'connectors')) {
-
- if(x($_POST['imap-submit'])) {
+
+ check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors');
+
+ if(x($_POST, 'imap-submit')) {
+
$mail_server = ((x($_POST,'mail_server')) ? $_POST['mail_server'] : '');
$mail_port = ((x($_POST,'mail_port')) ? $_POST['mail_port'] : '');
$mail_ssl = ((x($_POST,'mail_ssl')) ? strtolower(trim($_POST['mail_ssl'])) : '');
@@ -185,7 +194,8 @@ function settings_post(&$a) {
return;
}
-
+ check_form_security_token_redirectOnErr('/settings', 'settings');
+
call_hooks('settings_post', $_POST);
if((x($_POST,'npassword')) || (x($_POST,'confirm'))) {
@@ -401,7 +411,7 @@ function settings_post(&$a) {
}
- goaway($a->get_baseurl() . '/settings' );
+ goaway($a->get_baseurl(true) . '/settings' );
return; // NOTREACHED
}
@@ -425,27 +435,27 @@ function settings_content(&$a) {
$tabs = array(
array(
'label' => t('Account settings'),
- 'url' => $a->get_baseurl().'/settings',
+ 'url' => $a->get_baseurl(true).'/settings',
'sel' => (($a->argc == 1)?'active':''),
),
array(
'label' => t('Connector settings'),
- 'url' => $a->get_baseurl().'/settings/connectors',
+ 'url' => $a->get_baseurl(true).'/settings/connectors',
'sel' => (($a->argc > 1) && ($a->argv[1] === 'connectors')?'active':''),
),
array(
'label' => t('Plugin settings'),
- 'url' => $a->get_baseurl().'/settings/addon',
+ 'url' => $a->get_baseurl(true).'/settings/addon',
'sel' => (($a->argc > 1) && ($a->argv[1] === 'addon')?'active':''),
),
array(
'label' => t('Connections'),
- 'url' => $a->get_baseurl() . '/settings/oauth',
+ 'url' => $a->get_baseurl(true) . '/settings/oauth',
'sel' => (($a->argc > 1) && ($a->argv[1] === 'oauth')?'active':''),
),
array(
'label' => t('Export personal data'),
- 'url' => $a->get_baseurl() . '/uexport',
+ 'url' => $a->get_baseurl(true) . '/uexport',
'sel' => ''
)
);
@@ -460,6 +470,7 @@ function settings_content(&$a) {
if(($a->argc > 2) && ($a->argv[2] === 'add')) {
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array(
+ '$form_security_token' => get_form_security_token("settings_oauth"),
'$tabs' => $tabs,
'$title' => t('Add application'),
'$submit' => t('Submit'),
@@ -486,6 +497,7 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array(
+ '$form_security_token' => get_form_security_token("settings_oauth"),
'$tabs' => $tabs,
'$title' => t('Add application'),
'$submit' => t('Update'),
@@ -500,10 +512,12 @@ function settings_content(&$a) {
}
if(($a->argc > 3) && ($a->argv[2] === 'delete')) {
+ check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't');
+
$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d",
dbesc($a->argv[3]),
local_user());
- goaway($a->get_baseurl()."/settings/oauth/");
+ goaway($a->get_baseurl(true)."/settings/oauth/");
return;
}
@@ -518,7 +532,8 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_oauth.tpl");
$o .= replace_macros($tpl, array(
- '$baseurl' => $a->get_baseurl(),
+ '$form_security_token' => get_form_security_token("settings_oauth"),
+ '$baseurl' => $a->get_baseurl(true),
'$title' => t('Connected Apps'),
'$add' => t('Add application'),
'$edit' => t('Edit'),
@@ -544,6 +559,7 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_addons.tpl");
$o .= replace_macros($tpl, array(
+ '$form_security_token' => get_form_security_token("settings_addon"),
'$title' => t('Plugin Settings'),
'$tabs' => $tabs,
'$settings_addons' => $settings_addons
@@ -586,28 +602,28 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_connectors.tpl");
$o .= replace_macros($tpl, array(
+ '$form_security_token' => get_form_security_token("settings_connectors"),
+
'$title' => t('Connector Settings'),
'$tabs' => $tabs,
- '$diasp_enabled' => $diasp_enabled,
- '$ostat_enabled' => $ostat_enabled,
-
- '$h_imap' => t('Email/Mailbox Setup'),
- '$imap_desc' => t("If you wish to communicate with email contacts using this service \x28optional\x29, please specify how to connect to your mailbox."),
- '$imap_lastcheck' => array('imap_lastcheck', t('Last successful email check:'), $mail_chk,''),
- '$mail_disabled' => (($mail_disabled) ? t('Email access is disabled on this site.') : ''),
- '$mail_server' => array('mail_server', t('IMAP server name:'), $mail_server, ''),
- '$mail_port' => array('mail_port', t('IMAP port:'), $mail_port, ''),
- '$mail_ssl' => array('mail_ssl', t('Security:'), strtoupper($mail_ssl), '', array( ''=>t('None'), 'TLS'=>'TLS', 'SSL'=>'SSL')),
- '$mail_user' => array('mail_user', t('Email login name:'), $mail_user, ''),
- '$mail_pass' => array('mail_pass', t('Email password:'), '', ''),
- '$mail_replyto' => array('mail_replyto', t('Reply-to address:'), '', 'Optional'),
- '$mail_pubmail' => array('mail_pubmail', t('Send public posts to all email contacts:'), $mail_pubmail, ''),
- '$mail_action' => array('mail_action', t('Action after import:'), $mail_action, '', array(0=>t('None'), 1=>t('Delete'), 2=>t('Mark as seen'), 3=>t('Move to folder'))),
- '$mail_movetofolder' => array('mail_movetofolder', t('Move to folder:'), $mail_movetofolder, ''),
- '$submit' => t('Submit'),
-
+ '$diasp_enabled' => $diasp_enabled,
+ '$ostat_enabled' => $ostat_enabled,
+ '$h_imap' => t('Email/Mailbox Setup'),
+ '$imap_desc' => t("If you wish to communicate with email contacts using this service \x28optional\x29, please specify how to connect to your mailbox."),
+ '$imap_lastcheck' => array('imap_lastcheck', t('Last successful email check:'), $mail_chk,''),
+ '$mail_disabled' => (($mail_disabled) ? t('Email access is disabled on this site.') : ''),
+ '$mail_server' => array('mail_server', t('IMAP server name:'), $mail_server, ''),
+ '$mail_port' => array('mail_port', t('IMAP port:'), $mail_port, ''),
+ '$mail_ssl' => array('mail_ssl', t('Security:'), strtoupper($mail_ssl), '', array( ''=>t('None'), 'TLS'=>'TLS', 'SSL'=>'SSL')),
+ '$mail_user' => array('mail_user', t('Email login name:'), $mail_user, ''),
+ '$mail_pass' => array('mail_pass', t('Email password:'), '', ''),
+ '$mail_replyto' => array('mail_replyto', t('Reply-to address:'), '', 'Optional'),
+ '$mail_pubmail' => array('mail_pubmail', t('Send public posts to all email contacts:'), $mail_pubmail, ''),
+ '$mail_action' => array('mail_action', t('Action after import:'), $mail_action, '', array(0=>t('None'), 1=>t('Delete'), 2=>t('Mark as seen'), 3=>t('Move to folder'))),
+ '$mail_movetofolder' => array('mail_movetofolder', t('Move to folder:'), $mail_movetofolder, ''),
+ '$submit' => t('Submit'),
'$settings_connectors' => $settings_connectors
));
@@ -773,7 +789,7 @@ function settings_content(&$a) {
$theme_selected = (!x($_SESSION,'theme')? $default_theme : $_SESSION['theme']);
- $subdir = ((strlen($a->get_path())) ? ' ' . t('or') . ' ' . $a->get_baseurl() . '/profile/' . $nickname : '');
+ $subdir = ((strlen($a->get_path())) ? ' ' . t('or') . ' ' . $a->get_baseurl(true) . '/profile/' . $nickname : '');
$tpl_addr = get_markup_template("settings_nick_set.tpl");
@@ -803,8 +819,9 @@ function settings_content(&$a) {
'$ptitle' => t('Account Settings'),
'$submit' => t('Submit'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$uid' => local_user(),
+ '$form_security_token' => get_form_security_token("settings"),
'$nickname_block' => $prof_addr,
diff --git a/mod/share.php b/mod/share.php
index f6c025e3ce..47bb851a4f 100755
--- a/mod/share.php
+++ b/mod/share.php
@@ -17,7 +17,7 @@ function share_init(&$a) {
$o = '';
if(local_user() && intval(get_pconfig(local_user(),'system','plaintext'))) {
- $o .= '♲ [url=' . $r[0]['author-link'] . ']' . $r[0]['author-name'] . '[/url]';
+ $o .= "\xE2\x99\xb2" . ' [url=' . $r[0]['author-link'] . ']' . $r[0]['author-name'] . '[/url]' . "\n";
if($r[0]['title'])
$o .= '[b]' . $r[0]['title'] . '[/b]' . "\n";
$o .= $r[0]['body'] . "\n";
diff --git a/tests/autoname_test.php b/tests/autoname_test.php
new file mode 100755
index 0000000000..9dae920ca2
--- /dev/null
+++ b/tests/autoname_test.php
@@ -0,0 +1,73 @@
+assertNotEquals($autoname1, $autoname2);
+ }
+
+ /**
+ *autonames should be random, odd length
+ */
+ public function testAutonameOdd() {
+ $autoname1=autoname(9);
+ $autoname2=autoname(9);
+
+ $this->assertNotEquals($autoname1, $autoname2);
+ }
+
+ /**
+ * try to fail autonames
+ */
+ public function testAutonameNoLength() {
+ $autoname1=autoname(0);
+ $this->assertEquals(0, count($autoname1));
+ }
+
+ /**
+ * try to fail it with invalid input
+ *
+ * TODO: What's corect behaviour here? An exception?
+ */
+ public function testAutonameNegativeLength() {
+ $autoname1=autoname(-23);
+ $this->assertEquals(0, count($autoname1));
+ }
+
+ // public function testAutonameMaxLength() {
+ // $autoname2=autoname(PHP_INT_MAX);
+ // $this->assertEquals(PHP_INT_MAX, count($autoname2));
+ // }
+
+ /**
+ * test with a length, that may be too short
+ */
+ public function testAutonameLength1() {
+ $autoname1=autoname(1);
+ $this->assertEquals(1, count($autoname1));
+
+ $autoname2=autoname(1);
+ $this->assertEquals(1, count($autoname2));
+
+ $this->assertFalse($autoname1==$autoname2);
+ }
+}
\ No newline at end of file
diff --git a/tests/contains_attribute_test.php b/tests/contains_attribute_test.php
new file mode 100755
index 0000000000..b0bb06acfa
--- /dev/null
+++ b/tests/contains_attribute_test.php
@@ -0,0 +1,51 @@
+assertTrue(attribute_contains($testAttr, "class3"));
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+
+ /**
+ * test attribute contains
+ */
+ public function testAttributeContains2() {
+ $testAttr="class1 not-class2 class3";
+ $this->assertTrue(attribute_contains($testAttr, "class3"));
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+
+ /**
+ * test with empty input
+ */
+ public function testAttributeContainsEmpty() {
+ $testAttr="";
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+
+ /**
+ * test input with special chars
+ */
+ public function testAttributeContainsSpecialChars() {
+ $testAttr="--... %\$ä() /(=?}";
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+}
\ No newline at end of file
diff --git a/tests/expand_acl_test.php b/tests/expand_acl_test.php
new file mode 100755
index 0000000000..b516a3f14d
--- /dev/null
+++ b/tests/expand_acl_test.php
@@ -0,0 +1,142 @@
+<2><3>';
+ $this->assertEquals(array(1, 2, 3), expand_acl($text));
+ }
+
+ /**
+ * test with a big number
+ */
+ public function testExpandAclBigNumber() {
+ $text='<1><'.PHP_INT_MAX.'><15>';
+ $this->assertEquals(array(1, PHP_INT_MAX, 15), expand_acl($text));
+ }
+
+ /**
+ * test with a string in it.
+ *
+ * TODO: is this valid input? Otherwise: should there be an exception?
+ */
+ public function testExpandAclString() {
+ $text="<1><279012>";
+ $this->assertEquals(array(1, 279012, 'tt'), expand_acl($text));
+ }
+
+ /**
+ * test with a ' ' in it.
+ *
+ * TODO: is this valid input? Otherwise: should there be an exception?
+ */
+ public function testExpandAclSpace() {
+ $text="<1><279 012><32>";
+ $this->assertEquals(array(1, "279 012", "32"), expand_acl($text));
+ }
+
+ /**
+ * test empty input
+ */
+ public function testExpandAclEmpty() {
+ $text="";
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, no < at all
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclNoBrackets() {
+ $text="According to documentation, that's invalid. "; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, just open <
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclJustOneBracket1() {
+ $text="assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, just close >
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclJustOneBracket2() {
+ $text="Another invalid> string"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, just close >
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclCloseOnly() {
+ $text="Another> invalid> string>"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, just open <
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclOpenOnly() {
+ $text="assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, open and close do not match
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclNoMatching1() {
+ $text=" invalid "; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, open and close do not match
+ *
+ * TODO: should there be an exception?
+ */
+ public function testExpandAclNoMatching2() {
+ $text="<1>2><3>";
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test invalid input, empty <>
+ *
+ * TODO: should there be an exception? Or array(1, 3)
+ */
+ public function testExpandAclEmptyMatch() {
+ $text="<1><><3>";
+ $this->assertEquals(array(), expand_acl($text));
+ }
+}
\ No newline at end of file
diff --git a/tests/get_tags_test.php b/tests/get_tags_test.php
new file mode 100644
index 0000000000..9051923be0
--- /dev/null
+++ b/tests/get_tags_test.php
@@ -0,0 +1,313 @@
+15,
+ 'attag'=>'', 'network'=>'dfrn',
+ 'name'=>'Mike Lastname', 'alias'=>'Mike',
+ 'nick'=>'Mike', 'url'=>"http://justatest.de"));
+
+ $args=func_get_args();
+
+ //last parameter is always (in this test) uid, so, it should be 11
+ if($args[count($args)-1]!=11) {
+ return;
+ }
+
+
+ if(3==count($args)) {
+ //first call in handle_body, id only
+ if($result[0]['id']==$args[1]) {
+ return $result;
+ }
+ //second call in handle_body, name
+ if($result[0]['name']===$args[1]) {
+ return $result;
+ }
+ }
+ //third call in handle_body, nick or attag
+ if($result[0]['nick']===$args[2] || $result[0]['attag']===$args[1]) {
+ return $result;
+ }
+}
+
+/**
+ * replacement for dbesc.
+ * I don't want to test dbesc here, so
+ * I just return the input. It won't be a problem, because
+ * the test does not use a real database.
+ *
+ * DON'T USE HAT FUNCTION OUTSIDE A TEST!
+ *
+ * @param string $str
+ * @return input
+ */
+function dbesc($str) {
+ return $str;
+}
+
+/**
+ * TestCase for tag handling.
+ *
+ * @author alexander
+ * @package test.util
+ */
+class GetTagsTest extends PHPUnit_Framework_TestCase {
+ /** the mock to use as app */
+ private $a;
+
+ /**
+ * initialize the test. That's a phpUnit function,
+ * don't change its name.
+ */
+ public function setUp() {
+ $this->a=new MockApp();
+ }
+
+ /**
+ * test with one Person tag
+ */
+ public function testGetTagsShortPerson() {
+ $text="hi @Mike";
+
+ $tags=get_tags($text);
+
+ $inform='';
+ $str_tags='';
+ foreach($tags as $tag) {
+ handle_tag($this->a, $text, $inform, $str_tags, 11, $tag);
+ }
+
+ //correct tags found?
+ $this->assertEquals(1, count($tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+
+ //correct output from handle_tag?
+ $this->assertEquals("cid:15", $inform);
+ $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url]", $str_tags);
+ $this->assertEquals("hi @[url=http://justatest.de]Mike Lastname[/url]", $text);
+ }
+
+ /**
+ * test with one Person tag.
+ * There's a minor spelling mistake...
+ */
+ public function testGetTagsShortPersonSpelling() {
+ $text="hi @Mike.because";
+
+ $tags=get_tags($text);
+
+ //correct tags found?
+ $this->assertEquals(1, count($tags));
+ $this->assertTrue(in_array("@Mike.because", $tags));
+
+ $inform='';
+ $str_tags='';
+ handle_tag($this->a, $text, $inform, $str_tags, 11, $tags[0]);
+
+ $this->assertEquals("cid:15", $inform);
+ $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url]", $str_tags);
+ $this->assertEquals("hi @[url=http://justatest.de]Mike Lastname[/url].because", $text);
+ }
+
+ /**
+ * test with two Person tags.
+ * There's a minor spelling mistake...
+ */
+ public function testGetTagsPerson2Spelling() {
+ $text="hi @Mike@campino@friendica.eu";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(2, count($tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("@campino@friendica.eu", $tags));
+ }
+
+ /**
+ * Test with one hash tag.
+ */
+ public function testGetTagsShortTag() {
+ $text="This is a #test_case";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(1, count($tags));
+ $this->assertTrue(in_array("#test_case", $tags));
+ }
+
+ /**
+ * test with a person and a hash tag
+ */
+ public function testGetTagsShortTagAndPerson() {
+ $text="hi @Mike This is a #test_case";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(3, count($tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("@Mike This", $tags));
+ $this->assertTrue(in_array("#test_case", $tags));
+
+ $inform='';
+ $str_tags='';
+ foreach($tags as $tag) {
+ handle_tag($this->a, $text, $inform, $str_tags, 11, $tag);
+ }
+
+ $this->assertEquals("cid:15", $inform);
+ $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url],#[url=baseurl/search?search=test%20case]test case[/url]", $str_tags);
+ $this->assertEquals("hi @[url=http://justatest.de]Mike Lastname[/url] This is a #[url=baseurl/search?search=test%20case]test case[/url]", $text);
+
+ }
+
+ /**
+ * test with a person, a hash tag and some special chars.
+ */
+ public function testGetTagsShortTagAndPersonSpecialChars() {
+ $text="hi @Mike, This is a #test_case.";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(2, count($tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("#test_case", $tags));
+ }
+
+ /**
+ * Test with a person tag and text behind it.
+ */
+ public function testGetTagsPersonOnly() {
+ $text="@Test I saw the Theme Dev group was created.";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(2, count($tags));
+ $this->assertTrue(in_array("@Test I", $tags));
+ $this->assertTrue(in_array("@Test", $tags));
+ }
+
+ /**
+ * this test demonstrates strange behaviour by intval.
+ * It makes the next test fail.
+ */
+ public function testIntval() {
+ $this->assertEquals(15, intval("15 it"));
+ }
+
+ /**
+ * test a tag with an id in it
+ */
+ public function testIdTag() {
+ $text="Test with @mike+15 id tag";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(2, count($tags));
+ $this->assertTrue(in_array("@mike+15", $tags));
+
+ //happens right now, but it shouldn't be necessary
+ $this->assertTrue(in_array("@mike+15 id", $tags));
+
+ $inform='';
+ $str_tags='';
+ foreach($tags as $tag) {
+ handle_tag($this->a, $text, $inform, $str_tags, 11, $tag);
+ }
+
+ $this->assertEquals("Test with @[url=http://justatest.de]Mike Lastname[/url] id tag", $text);
+ $this->assertEquals("@[url=http://justatest.de]Mike Lastname[/url]", $str_tags);
+ $this->assertEquals("cid:15", $inform);
+ }
+
+ /**
+ * test with two persons and one special tag.
+ */
+ public function testGetTags2Persons1TagSpecialChars() {
+ $text="hi @Mike, I'm just writing #test_cases, so"
+ ." so @somebody@friendica.com may change #things.";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals(5, count($tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("#test_cases", $tags));
+ $this->assertTrue(in_array("@somebody@friendica.com", $tags));
+ $this->assertTrue(in_array("@somebody@friendica.com may", $tags));
+ $this->assertTrue(in_array("#things", $tags));
+ }
+
+ /**
+ * test with a long text.
+ */
+ public function testGetTags() {
+ $text="hi @Mike, I'm just writing #test_cases, "
+ ." so @somebody@friendica.com may change #things. Of course I "
+ ."look for a lot of #pitfalls, like #tags at the end of a sentence "
+ ."@comment. I hope noone forgets about @fullstops.because that might"
+ ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? "
+ ."Now, add a @first_last tag. ";
+
+ $tags=get_tags($text);
+
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("#test_cases", $tags));
+ $this->assertTrue(in_array("@somebody@friendica.com", $tags));
+ $this->assertTrue(in_array("#things", $tags));
+ $this->assertTrue(in_array("#pitfalls", $tags));
+ $this->assertTrue(in_array("#tags", $tags));
+ $this->assertTrue(in_array("@comment", $tags));
+ $this->assertTrue(in_array("@fullstops.because", $tags));
+ $this->assertTrue(in_array("#things", $tags));
+ $this->assertTrue(in_array("@Mike", $tags));
+ $this->assertTrue(in_array("#nice", $tags));
+ $this->assertTrue(in_array("@first_last", $tags));
+
+ //right now, none of the is matched
+ $this->assertFalse(in_array("@Mike@campino@friendica.eu", $tags));
+ $this->assertTrue(in_array("@campino@friendica.eu", $tags));
+ $this->assertTrue(in_array("@campino@friendica.eu is", $tags));
+ }
+
+ /**
+ * test with an empty string
+ */
+ public function testGetTagsEmpty() {
+ $tags=get_tags("");
+ $this->assertEquals(0, count($tags));
+ }
+}
\ No newline at end of file
diff --git a/tests/xss_filter_test.php b/tests/xss_filter_test.php
new file mode 100644
index 0000000000..d7dcf0472b
--- /dev/null
+++ b/tests/xss_filter_test.php
@@ -0,0 +1,50 @@
+';
+
+ $validstring=notags($invalidstring);
+ $escapedString=escape_tags($invalidstring);
+
+ $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
+ $this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString);
+ }
+
+ /**
+ *xmlify and unxmlify
+ */
+ public function testXmlify() {
+ $text="I want to break\n this!11! ";
+ $xml=xmlify($text); //test whether it actually may be part of a xml document
+ $retext=unxmlify($text);
+
+ $this->assertEquals($text, $retext);
+ }
+
+ /**
+ * test hex2bin and reverse
+ */
+ public function testHex2Bin() {
+ $this->assertEquals(-3, hex2bin(bin2hex(-3)));
+ $this->assertEquals(0, hex2bin(bin2hex(0)));
+ $this->assertEquals(12, hex2bin(bin2hex(12)));
+ $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
+ }
+
+ //function qp, quick and dirty??
+ //get_mentions
+ //get_contact_block, bis Zeile 538
+}
+?>
diff --git a/util/db_update.php b/util/db_update.php
index a6177324ac..35620e80b7 100755
--- a/util/db_update.php
+++ b/util/db_update.php
@@ -26,7 +26,7 @@ echo "New DB VERSION: " . DB_UPDATE_VERSION . "\n";
if($build != DB_UPDATE_VERSION) {
echo "Updating database...";
- check_config();
+ check_config($a);
echo "Done\n";
}
diff --git a/view/admin_site.tpl b/view/admin_site.tpl
index 9a12298454..01fe893c65 100755
--- a/view/admin_site.tpl
+++ b/view/admin_site.tpl
@@ -7,6 +7,7 @@
{{ inc field_textarea.tpl with $field=$banner }}{{ endinc }}
{{ inc field_select.tpl with $field=$language }}{{ endinc }}
{{ inc field_select.tpl with $field=$theme }}{{ endinc }}
+ {{ inc field_select.tpl with $field=$ssl_policy }}{{ endinc }}
diff --git a/view/auto_request.tpl b/view/auto_request.tpl
index 204fcf2475..2958397c92 100755
--- a/view/auto_request.tpl
+++ b/view/auto_request.tpl
@@ -7,8 +7,15 @@ $page_desc
$friendica
$diaspora $diasnote
$statusnet
+$emailnet
+
+$invite_desc
+
+
+$desc
+
diff --git a/view/cropbody.tpl b/view/cropbody.tpl
index c9c0f84de1..b484d15bf7 100755
--- a/view/cropbody.tpl
+++ b/view/cropbody.tpl
@@ -40,6 +40,7 @@ $desc
+
diff --git a/view/de/strings.php b/view/de/strings.php
index 3f9176cd7b..5438a1c9fc 100755
--- a/view/de/strings.php
+++ b/view/de/strings.php
@@ -4,23 +4,23 @@ function string_plural_select_de($n){
return ($n != 1);
}
;
-$a->strings["Post successful."] = "Beitrag erfolgreich veröffentlicht.";
+$a->strings["Post successful."] = "Beitrag erfolgreich ver�ffentlicht.";
$a->strings["[Embedded content - reload page to view]"] = "[Eingebetteter Inhalt - Seite neu laden zum Betrachten]";
$a->strings["Contact settings applied."] = "Einstellungen zum Kontakt angewandt.";
$a->strings["Contact update failed."] = "Konnte den Kontakt nicht aktualisieren.";
$a->strings["Permission denied."] = "Zugriff verweigert.";
$a->strings["Contact not found."] = "Kontakt nicht gefunden.";
$a->strings["Repair Contact Settings"] = "Kontakt-Einstellungen reparieren";
-$a->strings["WARNING: This is highly advanced and if you enter incorrect information your communications with this contact may stop working."] = "ACHTUNG: Das sind Experten-Einstellungen! Wenn Du etwas Falsches eingibst, funktioniert die Kommunikation mit diesem Kontakt evtl. nicht mehr.";
-$a->strings["Please use your browser 'Back' button now if you are uncertain what to do on this page."] = "Bitte nutze den Zurück-Button deines Browsers jetzt , wenn du dir unsicher bist, was du tun willst.";
-$a->strings["Return to contact editor"] = "Zurück zum Kontakteditor";
+$a->strings["WARNING: This is highly advanced and if you enter incorrect information your communications with this contact may stop working."] = "ACHTUNG: Das sind Experten-Einstellungen! Wenn Du etwas falsches eingibst, funktioniert die Kommunikation mit diesem Kontakt evtl. nicht mehr.";
+$a->strings["Please use your browser 'Back' button now if you are uncertain what to do on this page."] = "Bitte nutze den Zur�ck-Button deines Browsers jetzt , wenn du dir unsicher bist, was auf dieser Seite gemacht wird.";
+$a->strings["Return to contact editor"] = "Zur�ck zum Kontakteditor";
$a->strings["Name"] = "Name";
$a->strings["Account Nickname"] = "Account-Spitzname";
-$a->strings["@Tagname - overrides Name/Nickname"] = "@Tagname - überschreibt Name/Spitzname";
+$a->strings["@Tagname - overrides Name/Nickname"] = "@Tagname - �berschreibt Name/Spitzname";
$a->strings["Account URL"] = "Account-URL";
-$a->strings["Friend Request URL"] = "URL für Freundschaftsanfragen";
-$a->strings["Friend Confirm URL"] = "URL für Bestätigungen von Freundschaftsanfragen";
-$a->strings["Notification Endpoint URL"] = "URL-Endpunkt für Benachrichtigungen";
+$a->strings["Friend Request URL"] = "URL f�r Freundschaftsanfragen";
+$a->strings["Friend Confirm URL"] = "URL f�r Best�tigungen von Freundschaftsanfragen";
+$a->strings["Notification Endpoint URL"] = "URL-Endpunkt f�r Benachrichtigungen";
$a->strings["Poll/Feed URL"] = "Pull/Feed-URL";
$a->strings["New photo from this URL"] = "Neues Foto von dieser URL";
$a->strings["Submit"] = "Senden";
@@ -28,7 +28,7 @@ $a->strings["Help:"] = "Hilfe:";
$a->strings["Help"] = "Hilfe";
$a->strings["Not Found"] = "Nicht gefunden";
$a->strings["Page not found."] = "Seite nicht gefunden.";
-$a->strings["File exceeds size limit of %d"] = "Die Datei ist größer als das erlaubte Limit von %d";
+$a->strings["File exceeds size limit of %d"] = "Die Datei ist gr��er als das erlaubte Limit von %d";
$a->strings["File upload failed."] = "Hochladen der Datei fehlgeschlagen.";
$a->strings["Friend suggestion sent."] = "Kontaktvorschlag gesendet.";
$a->strings["Suggest Friends"] = "Kontakte vorschlagen";
@@ -40,7 +40,7 @@ $a->strings["link to source"] = "Link zum Originalbeitrag";
$a->strings["Events"] = "Veranstaltungen";
$a->strings["Create New Event"] = "Neue Veranstaltung erstellen";
$a->strings["Previous"] = "Vorherige";
-$a->strings["Next"] = "Nächste";
+$a->strings["Next"] = "N�chste";
$a->strings["hour:minute"] = "Stunde:Minute";
$a->strings["Event details"] = "Veranstaltungsdetails";
$a->strings["Format is %s %s. Starting date and Description are required."] = "Format ist %s %s. Anfangsdatum und Beschreibung sind notwendig.";
diff --git a/view/dfrn_request.tpl b/view/dfrn_request.tpl
index cd98a4daab..d8aa8b1818 100755
--- a/view/dfrn_request.tpl
+++ b/view/dfrn_request.tpl
@@ -7,7 +7,11 @@ $page_desc
$friendica
$diaspora $diasnote
$statusnet
+$emailnet
+$invite_desc
+
+
$desc
diff --git a/view/fileas_widget.tpl b/view/fileas_widget.tpl
new file mode 100755
index 0000000000..54fba7435f
--- /dev/null
+++ b/view/fileas_widget.tpl
@@ -0,0 +1,12 @@
+
diff --git a/view/jot-header.tpl b/view/jot-header.tpl
index d6b172b6af..88df73494f 100755
--- a/view/jot-header.tpl
+++ b/view/jot-header.tpl
@@ -262,6 +262,18 @@ function enableOnUser(){
}
}
+ function itemFiler(id) {
+ reply = prompt("$fileas");
+ if(reply && reply.length) {
+ commentBusy = true;
+ $('body').css('cursor', 'wait');
+ $.get('filer/' + id + '?term=' + reply);
+ if(timer) clearTimeout(timer);
+ timer = setTimeout(NavUpdate,3000);
+ liking = 1;
+ }
+ }
+
function jotClearLocation() {
$('#jot-coord').val('');
$('#profile-nolocation-wrapper').hide();
diff --git a/view/login.tpl b/view/login.tpl
index 5349fa3d83..4cbbb16240 100755
--- a/view/login.tpl
+++ b/view/login.tpl
@@ -1,5 +1,5 @@
-