Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-27 01:50:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into newui

Browse source
This commit is contained in:
fabrixxm 2011-08-22 13:56:08 +02:00
commit d8bd4fbb3e
52 changed files with 3730 additions and 1673 deletions
Download patch file Download diff file Expand all files Collapse all files

123
include/Scrape.php
View file

@ -44,8 +44,9 @@ function scrape_dfrn($url) {
$x = $item->getAttribute('rel');
if(($x === 'alternate') && ($item->getAttribute('type') === 'application/atom+xml'))
$ret['feed_atom'] = $item->getAttribute('href');
if(substr($x,0,5) == "dfrn-")
if(substr($x,0,5) == "dfrn-") {
$ret[$x] = $item->getAttribute('href');
}
if($x === 'lrdd') {
$decoded = urldecode($item->getAttribute('href'));
if(preg_match('/acct:([^@]*)@/',$decoded,$matches))
@ -55,17 +56,28 @@ function scrape_dfrn($url) {
// Pull out hCard profile elements
$largest_photo = 0;
$items = $dom->getElementsByTagName('*');
foreach($items as $item) {
if(attribute_contains($item->getAttribute('class'), 'vcard')) {
$level2 = $item->getElementsByTagName('*');
foreach($level2 as $x) {
if(attribute_contains($x->getAttribute('class'),'fn'))
if(attribute_contains($x->getAttribute('class'),'fn')) {
$ret['fn'] = $x->textContent;
if(attribute_contains($x->getAttribute('class'),'photo'))
$ret['photo'] = $x->getAttribute('src');
if(attribute_contains($x->getAttribute('class'),'key'))
}
if((attribute_contains($x->getAttribute('class'),'photo'))
|| (attribute_contains($x->getAttribute('class'),'avatar'))) {
$size = intval($x->getAttribute('width'));
// dfrn prefers 175, so if we find this, we set largest_size so it can't be topped.
if(($size > $largest_photo) || ($size == 175) || (! $largest_photo)) {
$ret['photo'] = $x->getAttribute('src');
$largest_photo = (($size == 175) ? 9999 : $size);
}
}
if(attribute_contains($x->getAttribute('class'),'key')) {
$ret['key'] = $x->textContent;
}
}
}
}
@ -190,8 +202,9 @@ function scrape_vcard($url) {
}
}
if((attribute_contains($x->getAttribute('class'),'nickname'))
|| (attribute_contains($x->getAttribute('class'),'uid')))
|| (attribute_contains($x->getAttribute('class'),'uid'))) {
$ret['nick'] = $x->textContent;
}
}
}
}
@ -289,7 +302,29 @@ function scrape_feed($url) {
}}
function probe_url($url) {
/**
*
* Probe a network address to discover what kind of protocols we need to communicate with it.
*
* Warning: this function is a bit touchy and there are some subtle dependencies within the logic flow.
* Edit with care.
*
*/
/**
*
* PROBE_DIASPORA has a bias towards returning Diaspora information
* while PROBE_NORMAL has a bias towards dfrn/zot - in the case where
* an address (such as a Friendika address) supports more than one type
* of network.
*
*/
define ( 'PROBE_NORMAL', 0);
define ( 'PROBE_DIASPORA', 1);
function probe_url($url, $mode = PROBE_NORMAL) {
require_once('include/email.php');
$result = array();
@ -366,7 +401,7 @@ function probe_url($url) {
}
}
}
else {
elseif($mode == PROBE_NORMAL) {
// Check email
@ -411,38 +446,46 @@ function probe_url($url) {
}
}
if(strlen($zot)) {
$s = fetch_url($zot);
if($s) {
$j = json_decode($s);
if($j) {
$network = NETWORK_ZOT;
$vcard = array(
'fn' => $j->fullname,
'nick' => $j->nickname,
'photo' => $j->photo
);
$profile = $j->url;
$notify = $j->post;
$pubkey = $j->pubkey;
$poll = 'N/A';
if($mode == PROBE_NORMAL) {
if(strlen($zot)) {
$s = fetch_url($zot);
if($s) {
$j = json_decode($s);
if($j) {
$network = NETWORK_ZOT;
$vcard = array(
'fn' => $j->fullname,
'nick' => $j->nickname,
'photo' => $j->photo
);
$profile = $j->url;
$notify = $j->post;
$pubkey = $j->pubkey;
$poll = 'N/A';
}
}
}
if(strlen($dfrn)) {
$ret = scrape_dfrn($dfrn);
if(is_array($ret) && x($ret,'dfrn-request')) {
$network = NETWORK_DFRN;
$request = $ret['dfrn-request'];
$confirm = $ret['dfrn-confirm'];
$notify = $ret['dfrn-notify'];
$poll = $ret['dfrn-poll'];
$vcard = array();
$vcard['fn'] = $ret['fn'];
$vcard['nick'] = $ret['nick'];
$vcard['photo'] = $ret['photo'];
}
}
}
if(strlen($dfrn)) {
$ret = scrape_dfrn($dfrn);
if(is_array($ret) && x($ret,'dfrn-request')) {
$network = NETWORK_DFRN;
$request = $ret['dfrn-request'];
$confirm = $ret['dfrn-confirm'];
$notify = $ret['dfrn-notify'];
$poll = $ret['dfrn-poll'];
}
}
if($diaspora && $diaspora_base && $diaspora_guid) {
$notify = $diaspora_base . 'receive/post/' . $diaspora_guid;
if($mode == PROBE_DIASPORA || ! $notify)
$notify = $diaspora_base . 'receive/users/' . $diaspora_guid;
if(strpos($url,'@'))
$addr = str_replace('acct:', '', $url);
}
@ -454,7 +497,7 @@ function probe_url($url) {
$network = NETWORK_OSTATUS;
$priority = 0;
if($hcard) {
if($hcard && ! $vcard) {
$vcard = scrape_vcard($hcard);
// Google doesn't use absolute url in profile photos
@ -498,10 +541,11 @@ function probe_url($url) {
logger('probe_url: scrape_feed returns: ' . print_r($feedret,true), LOGGER_DATA);
if(count($feedret) && ($feedret['feed_atom'] || $feedret['feed_rss'])) {
$poll = ((x($feedret,'feed_atom')) ? unamp($feedret['feed_atom']) : unamp($feedret['feed_rss']));
$vcard = array();
if(! x($vcard))
$vcard = array();
}
if(x($feedret,'photo'))
if(x($feedret,'photo') && (! x($vcard,'photo')))
$vcard['photo'] = $feedret['photo'];
require_once('library/simplepie/simplepie.inc');
$feed = new SimplePie();
@ -518,9 +562,11 @@ function probe_url($url) {
if($feed->error())
logger('probe_url: scrape_feed: Error parsing XML: ' . $feed->error());
if(! x($vcard,'photo'))
$vcard['photo'] = $feed->get_image_url();
$author = $feed->get_author();
if($author) {
$vcard['fn'] = unxmlify(trim($author->get_name()));
if(! $vcard['fn'])
@ -568,6 +614,7 @@ function probe_url($url) {
}
}
}
if((! $vcard['photo']) && strlen($email))
$vcard['photo'] = gravatar_img($email);
if($poll === $profile)

237
include/api.php
View file

@ -196,6 +196,7 @@
$user = null;
$extra_query = "";
if(!is_null($contact_id)){
$user=$contact_id;
$extra_query = "AND `contact`.`id` = %d ";
@ -332,7 +333,7 @@
'notifications' => false,
'following' => '', #XXX: fix me
'verified' => true, #XXX: fix me
#'status' => null
'status' => array()
);
return $ret;
@ -352,11 +353,15 @@
return api_get_user($a,$a->contacts[$normalised]['id']);
}
// We don't know this person directly.
list($nick, $name) = array_map("trim",explode("(",$item['author-name']));
$name=str_replace(")","",$name);
$ret = array(
'uid' => 0,
'id' => 0,
'name' => $item['author-name'],
'screen_name' => $item['author_name'],
'name' => $name,
'screen_name' => $nick,
'location' => '', //$uinfo[0]['default-location'],
'profile_image_url' => $item['author-avatar'],
'url' => $item['author-link'],
@ -385,7 +390,7 @@
'notifications' => false,
'verified' => true, #XXX: fix me
'followers' => '', #XXX: fix me
#'status' => null
'status' => array()
);
return $ret;
@ -607,10 +612,17 @@
*/
function api_statuses_home_timeline(&$a, $type){
if (local_user()===false) return false;
$user_info = api_get_user($a);
// get last newtork messages
// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
// params
$count = (x($_REQUEST,'count')?$_REQUEST['count']:20);
$page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
if ($page<0) $page=0;
$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
$start = $page*$count;
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
@ -622,9 +634,11 @@
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
AND `item`.`id`>%d
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
intval($user_info['uid']),
0,20
intval($since_id),
intval($start), intval($count)
);
$ret = api_format_items($r,$user_info);
@ -649,7 +663,15 @@
$user_info = api_get_user($a);
// get last newtork messages
// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
// params
$count = (x($_REQUEST,'count')?$_REQUEST['count']:20);
$page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
if ($page<0) $page=0;
$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
$start = $page*$count;
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
@ -662,9 +684,11 @@
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
AND `item`.`id`>%d
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
intval($user_info['uid']),
0,20
intval($since_id),
intval($start), intval($count)
);
$ret = api_format_items($r,$user_info);
@ -688,7 +712,13 @@
$user_info = api_get_user($a);
// get last newtork messages
// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
// params
$count = (x($_GET,'count')?$_GET['count']:20);
$page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
if ($page<0) $page=0;
$start = $page*$count;
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
@ -703,7 +733,7 @@
$sql_extra
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
intval($user_info['uid']),
0,20
intval($start), intval($count)
);
$ret = api_format_items($r,$user_info);
@ -735,8 +765,8 @@
$status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item));
$status = array(
'created_at'=> api_date($item['created']),
'published' => datetime_convert('UTC','UTC',$item['created'],ATOM_TIME),
'updated' => datetime_convert('UTC','UTC',$item['edited'],ATOM_TIME),
'published' => api_date($item['created']),
'updated' => api_date($item['edited']),
'id' => intval($item['id']),
'message_id' => $item['uri'],
'text' => strip_tags(bbcode($item['body'])),
@ -780,6 +810,58 @@
}
api_register_func('api/account/rate_limit_status','api_account_rate_limit_status',true);
/**
* https://dev.twitter.com/docs/api/1/get/statuses/friends
* This function is deprecated by Twitter
* returns: json, xml
**/
function api_statuses_f(&$a, $type, $qtype) {
if (local_user()===false) return false;
$user_info = api_get_user($a);
if (x($_GET,'cursor') && $_GET['cursor']=='undefined'){
/* this is to stop Hotot to load friends multiple times
* I'm not sure if I'm missing return something or
* is a bug in hotot. Workaround, meantime
*/
$ret=Array();
$data = array('$users' => $ret);
return api_apply_template("friends", $type, $data);
}
if($qtype == 'friends')
$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND));
if($qtype == 'followers')
$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
$r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
intval(local_user())
);
$ret = array();
foreach($r as $cid){
$ret[] = api_get_user($a, $cid['id']);
}
$data = array('$users' => $ret);
return api_apply_template("friends", $type, $data);
}
function api_statuses_friends(&$a, $type){
return api_statuses_f($a,$type,"friends");
}
function api_statuses_followers(&$a, $type){
return api_statuses_f($a,$type,"followers");
}
api_register_func('api/statuses/friends','api_statuses_friends',true);
api_register_func('api/statuses/followers','api_statuses_followers',true);
function api_statusnet_config(&$a,$type) {
$name = $a->config['sitename'];
@ -808,7 +890,6 @@
}
api_register_func('api/statusnet/config','api_statusnet_config',false);
function api_statusnet_version(&$a,$type) {
// liar
@ -869,3 +950,131 @@
api_register_func('api/friends/ids','api_friends_ids',true);
api_register_func('api/followers/ids','api_followers_ids',true);
function api_direct_messages_new(&$a, $type) {
if (local_user()===false) return false;
if (!x($_POST, "text") || !x($_POST,"screen_name")) return;
$sender = api_get_user($a);
$r = q("SELECT `id` FROM `contact` WHERE `uid`=%d AND `nick`='%s'",
intval(local_user()),
dbesc($_POST['screen_name']));
$recipient = api_get_user($a, $r[0]['id']);
require_once("include/message.php");
$sub = ( (strlen($_POST['text'])>10)?substr($_POST['text'],0,10)."...":$_POST['text']);
$id = send_message($recipient['id'], $_POST['text'], $sub);
if ($id>-1) {
$r = q("SELECT * FROM `mail` WHERE id=%d", intval($id));
$item = $r[0];
$ret=Array(
'id' => $item['id'],
'created_at'=> api_date($item['created']),
'sender_id'=> $sender['id'] ,
'sender_screen_name'=> $sender['screen_name'],
'sender'=> $sender,
'recipient_id'=> $recipient['id'],
'recipient_screen_name'=> $recipient['screen_name'],
'recipient'=> $recipient,
'text'=> $item['title']."\n".strip_tags(bbcode($item['body'])) ,
);
} else {
$ret = array("error"=>$id);
}
$data = Array('$messages'=>$ret);
switch($type){
case "atom":
case "rss":
$data = api_rss_extra($a, $data, $user_info);
}
return api_apply_template("direct_messages", $type, $data);
}
api_register_func('api/direct_messages/new','api_direct_messages_new',true);
function api_direct_messages_box(&$a, $type, $box) {
if (local_user()===false) return false;
$user_info = api_get_user($a);
// params
$count = (x($_GET,'count')?$_GET['count']:20);
$page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
if ($page<0) $page=0;
$start = $page*$count;
if ($box=="sentbox") {
$sql_extra = "`from-url`='%s'";
} else {
$sql_extra = "`from-url`!='%s'";
}
$r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d",
intval(local_user()),
dbesc( $a->get_baseurl() . '/profile/' . $a->user['nickname'] ),
intval($start), intval($count)
);
$ret = Array();
foreach($r as $item){
switch ($box){
case "inbox":
$recipient = $user_info;
$sender = api_get_user($a,$item['contact-id']);
break;
case "sentbox":
$recipient = api_get_user($a,$item['contact-id']);
$sender = $user_info;
break;
}
$ret[]=Array(
'id' => $item['id'],
'created_at'=> api_date($item['created']),
'sender_id'=> $sender['id'] ,
'sender_screen_name'=> $sender['screen_name'],
'sender'=> $sender,
'recipient_id'=> $recipient['id'],
'recipient_screen_name'=> $recipient['screen_name'],
'recipient'=> $recipient,
'text'=> $item['title']."\n".strip_tags(bbcode($item['body'])) ,
);
}
$data = array('$messages' => $ret);
switch($type){
case "atom":
case "rss":
$data = api_rss_extra($a, $data, $user_info);
}
return api_apply_template("direct_messages", $type, $data);
}
function api_direct_messages_sentbox(&$a, $type){
return api_direct_messages_box($a, $type, "sentbox");
}
function api_direct_messages_inbox(&$a, $type){
return api_direct_messages_box($a, $type, "inbox");
}
api_register_func('api/direct_messages/sent','api_direct_messages_sentbox',true);
api_register_func('api/direct_messages','api_direct_messages_inbox',true);

61
include/crypto.php
View file

@ -3,19 +3,20 @@
require_once('library/ASNValue.class.php');
require_once('library/asn1.php');
// supported algorithms are 'sha256', 'sha1'
function rsa_sign($data,$key) {
function rsa_sign($data,$key,$alg = 'sha256') {
$sig = '';
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
openssl_sign($data,$sig,$key,'sha256');
if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') {
openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
}
else {
if(strlen($key) < 1024 || extension_loaded('gmp')) {
require_once('library/phpsec/Crypt/RSA.php');
$rsa = new CRYPT_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
$rsa->setHash('sha256');
$rsa->setHash($alg);
$rsa->loadKey($key);
$sig = $rsa->sign($data);
}
@ -27,17 +28,17 @@ function rsa_sign($data,$key) {
return $sig;
}
function rsa_verify($data,$sig,$key) {
function rsa_verify($data,$sig,$key,$alg = 'sha256') {
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
$verify = openssl_verify($data,$sig,$key,'sha256');
if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') {
$verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
}
else {
if(strlen($key) <= 300 || extension_loaded('gmp')) {
require_once('library/phpsec/Crypt/RSA.php');
$rsa = new CRYPT_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
$rsa->setHash('sha256');
$rsa->setHash($alg);
$rsa->loadKey($key);
$verify = $rsa->verify($data,$sig);
}
@ -74,7 +75,7 @@ function DerToRsa($Der)
//Encode:
$Der = base64_encode($Der);
//Split lines:
$lines = str_split($Der, 65);
$lines = str_split($Der, 64);
$body = implode("\n", $lines);
//Get title:
$title = 'RSA PUBLIC KEY';
@ -182,3 +183,45 @@ function salmon_key($pubkey) {
pemtome($pubkey,$m,$e);
return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;
}
if(! function_exists('aes_decrypt')) {
function aes_decrypt($val,$ky)
{
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
for($a=0;$a<strlen($ky);$a++)
$key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
$mode = MCRYPT_MODE_ECB;
$enc = MCRYPT_RIJNDAEL_128;
$dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) );
return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null));
}}
if(! function_exists('aes_encrypt')) {
function aes_encrypt($val,$ky)
{
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
for($a=0;$a<strlen($ky);$a++)
$key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
$mode=MCRYPT_MODE_ECB;
$enc=MCRYPT_RIJNDAEL_128;
$val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
}}
function pkcs5_pad ($text, $blocksize)
{
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
function pkcs5_unpad($text)
{
$pad = ord($text{strlen($text)-1});
if ($pad > strlen($text)) return false;
if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
return substr($text, 0, -1 * $pad);
}

315
include/diaspora.php
View file

@ -4,25 +4,11 @@ require_once('include/crypto.php');
require_once('include/items.php');
function get_diaspora_key($uri) {
$key = '';
logger('Fetching diaspora key for: ' . $uri);
$arr = lrdd($uri);
if(is_array($arr)) {
foreach($arr as $a) {
if($a['@attributes']['rel'] === 'diaspora-public-key') {
$key = base64_decode($a['@attributes']['href']);
}
}
}
else {
return '';
}
if($key)
return rsatopem($key);
$r = find_diaspora_person_by_handle($uri);
if($r)
return $r['pubkey'];
return '';
}
@ -40,14 +26,16 @@ function diaspora_base_message($type,$data) {
function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) {
$a = get_app();
logger('diaspora_msg_build: ' . $msg, LOGGER_DATA);
$inner_aes_key = random_string(32);
$b_inner_aes_key = base64_encode($inner_aes_key);
$inner_iv = random_string(32);
$inner_iv = random_string(16);
$b_inner_iv = base64_encode($inner_iv);
$outer_aes_key = random_string(32);
$b_outer_aes_key = base64_encode($outer_aes_key);
$outer_iv = random_string(32);
$outer_iv = random_string(16);
$b_outer_iv = base64_encode($outer_iv);
$handle = 'acct:' . $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
@ -89,13 +77,20 @@ EOT;
$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv);
$outer_json = json_encode(array('iv' => $b_outer_iv,'key' => $b_outer_aes_key));
$encrypted_outer_key_bundle = '';
openssl_public_encrypt($outer_json,$encrypted_outer_key_bundle,$pubkey);
logger('outer_bundle_encrypt: ' . openssl_error_string());
$b64_encrypted_outer_key_bundle = base64_encode($encrypted_outer_key_bundle);
logger('outer_bundle: ' . $b64_encrypted_outer_key_bundle . ' key: ' . $pubkey);
$encrypted_header_json_object = json_encode(array('aes_key' => base64_encode($encrypted_outer_key_bundle),
'ciphertext' => base64_encode($ciphertext)));
$encrypted_header = '<encrypted_header>' . base64_encode($encrypted_header_json_object) . '</encrypted_header>';
$cipher_json = base64_encode($encrypted_header_json_object);
$encrypted_header = '<encrypted_header>' . $cipher_json . '</encrypted_header>';
$magic_env = <<< EOT
<?xml version='1.0' encoding='UTF-8'?>
@ -110,6 +105,7 @@ $magic_env = <<< EOT
</entry>
EOT;
logger('diaspora_msg_build: magic_env: ' . $magic_env, LOGGER_DATA);
return $magic_env;
}
@ -152,6 +148,7 @@ function diaspora_decode($importer,$xml) {
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv);
$decrypted = pkcs5_unpad($decrypted);
/**
@ -202,7 +199,7 @@ function diaspora_decode($importer,$xml) {
// Add back the 60 char linefeeds
// Diaspora devs: This completely violates the entire principle of salmon magic signatures,
// This completely violates the entire principle of salmon magic signatures,
// which was to have a message signing format that was completely ambivalent to linefeeds
// and transport whitespace mangling, and base64 wrapping rules. Guess what? PHP and Ruby
// use different linelengths for base64 output.
@ -218,7 +215,7 @@ function diaspora_decode($importer,$xml) {
$encoding = $base->encoding;
$alg = $base->alg;
// Diaspora devs: I can't even begin to tell you how sucky this is. Read the freaking spec.
// I can't even begin to tell you how sucky this is. Please read the spec.
$signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n";
@ -241,12 +238,10 @@ function diaspora_decode($importer,$xml) {
}
// Once we have the author URI, go to the web and try to find their public key
// *** or look it up locally ***
// (first this will look it up locally if it is in the fcontact cache)
// This will also convert diaspora public key from pkcs#1 to pkcs#8
logger('mod-diaspora: Fetching key for ' . $author_link );
// Get diaspora public key (pkcs#1) and convert to pkcs#8
$key = get_diaspora_key($author_link);
if(! $key) {
@ -278,21 +273,33 @@ function diaspora_get_contact_by_handle($uid,$handle) {
return false;
}
function find_person_by_handle($handle) {
// we don't care about the uid, we just want to save an expensive webfinger probe
$r = q("select * from contact where network = '%s' and addr = '%s' LIMIT 1",
dbesc(NETWORK_DIASPORA),
dbesc($handle)
);
if(count($r))
function find_diaspora_person_by_handle($handle) {
$r = q("select * from fcontact where network = '%s' and addr = '%s' limit 1",
dbesc(NETWORK_DIASPORA),
dbesc($handle)
);
if(count($r)) {
// update record occasionally so it doesn't get stale
$d = strtotime($r[0]['updated'] . ' +00:00');
if($d < strtotime('now - 14 days')) {
q("delete from fcontact where id = %d limit 1",
intval($r[0]['id'])
);
}
else
return $r[0];
$r = probe_url($handle);
// need to cached this, perhaps in fcontact
if(count($r))
return ($r);
return false;
}
require_once('include/Scrape.php');
$r = probe_url($handle, PROBE_DIASPORA);
if((count($r)) && ($r['network'] === NETWORK_DIASPORA)) {
add_fcontact($r);
return ($r);
}
return false;
}
function diaspora_request($importer,$xml) {
$sender_handle = unxmlify($xml->sender_handle);
@ -310,7 +317,7 @@ function diaspora_request($importer,$xml) {
// That makes us friends.
if($contact['rel'] == CONTACT_IS_FOLLOWER) {
q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval(CONTACT_IS_FRIEND),
intval($contact['id']),
intval($importer['uid'])
@ -320,8 +327,8 @@ function diaspora_request($importer,$xml) {
return;
}
require_once('include/Scrape.php');
$ret = probe_url($sender_handle);
$ret = find_diaspora_person_by_handle($sender_handle);
if((! count($ret)) || ($ret['network'] != NETWORK_DIASPORA)) {
logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle);
@ -352,11 +359,12 @@ function diaspora_request($importer,$xml) {
$hash = random_string() . (string) time(); // Generate a confirm_key
if($contact_record) {
$ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`,`blocked`)
VALUES ( %d, %d, 1, %d, '%s', '%s', '%s', 0 )",
$ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime` )
VALUES ( %d, %d, %d, %d, '%s', '%s', '%s' )",
intval($importer['uid']),
intval($contact_record['id']),
0,
0,
dbesc( t('Sharing notification from Diaspora network')),
dbesc($hash),
dbesc(datetime_convert())
@ -483,7 +491,7 @@ function diaspora_comment($importer,$xml,$msg) {
dbesc($parent_guid)
);
if(! count($r)) {
logger('diaspora_comment: parent item not found: ' . $guid);
logger('diaspora_comment: parent item not found: parent: ' . $parent_guid . ' item: ' . $guid);
return;
}
$parent_item = $r[0];
@ -492,12 +500,12 @@ function diaspora_comment($importer,$xml,$msg) {
$author_signature = base64_decode($author_signature);
if(stricmp($diaspora_handle,$msg['author']) == 0) {
if(strcasecmp($diaspora_handle,$msg['author']) == 0) {
$person = $contact;
$key = $msg['key'];
}
else {
$person = find_person_by_handle($diaspora_handle);
$person = find_diaspora_person_by_handle($diaspora_handle);
if(is_array($person) && x($person,'pubkey'))
$key = $person['pubkey'];
@ -507,11 +515,12 @@ function diaspora_comment($importer,$xml,$msg) {
}
}
if(! rsa_verify($author_signed_data,$author_signature,$key)) {
if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) {
logger('diaspora_comment: verification failed.');
return;
}
if($parent_author_signature) {
$owner_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $msg['author'];
@ -519,7 +528,7 @@ function diaspora_comment($importer,$xml,$msg) {
$key = $msg['key'];
if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) {
if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) {
logger('diaspora_comment: owner verification failed.');
return;
}
@ -578,14 +587,25 @@ function diaspora_comment($importer,$xml,$msg) {
$datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']);
$datarray['body'] = $body;
item_store($datarray);
$message_id = item_store($datarray);
if(! $parent_author_signature) {
q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
intval($message_id),
dbesc($author_signed_data),
dbesc(base64_encode($author_signature)),
dbesc($diaspora_handle)
);
}
// notify others
return;
}
function diaspora_like($importer,$xml,$msg) {
$a = get_app();
$guid = notags(unxmlify($xml->guid));
$parent_guid = notags(unxmlify($xml->parent_guid));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
@ -621,7 +641,7 @@ function diaspora_like($importer,$xml,$msg) {
$parent_item = $r[0];
$r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '$s' LIMIT 1",
$r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
intval($importer['uid']),
dbesc($guid)
);
@ -645,25 +665,25 @@ function diaspora_like($importer,$xml,$msg) {
return;
}
$author_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $diaspora_handle;
$author_signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle;
$author_signature = base64_decode($author_signature);
if(stricmp($diaspora_handle,$msg['author']) == 0) {
if(strcasecmp($diaspora_handle,$msg['author']) == 0) {
$person = $contact;
$key = $msg['key'];
}
else {
$person = find_person_by_handle($diaspora_handle);
$person = find_diaspora_person_by_handle($diaspora_handle);
if(is_array($person) && x($person,'pubkey'))
$key = $person['pubkey'];
else {
logger('diaspora_comment: unable to find author details');
logger('diaspora_like: unable to find author details');
return;
}
}
if(! rsa_verify($author_signed_data,$author_signature,$key)) {
if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) {
logger('diaspora_like: verification failed.');
return;
}
@ -675,7 +695,7 @@ function diaspora_like($importer,$xml,$msg) {
$key = $msg['key'];
if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) {
if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) {
logger('diaspora_like: owner verification failed.');
return;
}
@ -708,6 +728,7 @@ EOT;
$arr['uri'] = $uri;
$arr['uid'] = $importer['uid'];
$arr['guid'] = $guid;
$arr['contact-id'] = $contact['id'];
$arr['type'] = 'activity';
$arr['wall'] = $parent_item['wall'];
@ -715,13 +736,13 @@ EOT;
$arr['parent'] = $parent_item['id'];
$arr['parent-uri'] = $parent_item['uri'];
$datarray['owner-name'] = $contact['name'];
$datarray['owner-link'] = $contact['url'];
$datarray['owner-avatar'] = $contact['thumb'];
$arr['owner-name'] = $contact['name'];
$arr['owner-link'] = $contact['url'];
$arr['owner-avatar'] = $contact['thumb'];
$datarray['author-name'] = $person['name'];
$datarray['author-link'] = $person['url'];
$datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']);
$arr['author-name'] = $person['name'];
$arr['author-link'] = $person['url'];
$arr['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']);
$ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]';
$alink = '[url=' . $parent_item['author-link'] . ']' . $parent_item['author-name'] . '[/url]';
@ -736,12 +757,20 @@ EOT;
$arr['unseen'] = 1;
$arr['last-child'] = 0;
$post_id = item_store($arr);
$message_id = item_store($arr);
if(! $parent_author_signature) {
q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
intval($message_id),
dbesc($author_signed_data),
dbesc(base64_encode($author_signature)),
dbesc($diaspora_handle)
);
}
// FIXME send notification
return;
}
function diaspora_retraction($importer,$xml) {
@ -770,21 +799,22 @@ function diaspora_share($me,$contact) {
$tpl = get_markup_template('diaspora_share.tpl');
$msg = replace_macros($tpl, array(
'$sender' => myaddr,
'$sender' => $myaddr,
'$recipient' => $theiraddr
));
$slap = 'xml=' . urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey']));
$slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey'])));
post_url($contact['notify'],$slap);
post_url($contact['notify'] . '/',$slap);
$return_code = $a->get_curl_code();
logger('diaspora_send_share: returns: ' . $return_code);
return $return_code;
}
function diaspora_send_status($item,$owner,$contact) {
$a = get_app();
$myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
$myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
$theiraddr = $contact['addr'];
require_once('include/bbcode.php');
@ -805,11 +835,154 @@ function diaspora_send_status($item,$owner,$contact) {
logger('diaspora_send_status: base message: ' . $msg, LOGGER_DATA);
$slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']));
$slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])));
post_url($contact['notify'],$slap);
post_url($contact['notify'] . '/',$slap);
$return_code = $a->get_curl_code();
logger('diaspora_send_status: returns: ' . $return_code);
return $return_code;
}
function diaspora_send_followup($item,$owner,$contact) {
$a = get_app();
$myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
$theiraddr = $contact['addr'];
$p = q("select guid from item where parent = %d limit 1",
$item['parent']
);
if(count($p))
$parent_guid = $p[0]['guid'];
else
return;
if($item['verb'] === ACTIVITY_LIKE) {
$tpl = get_markup_template('diaspora_like.tpl');
$like = true;
$target_type = 'Post';
$positive = (($item['deleted']) ? 'false' : 'true');
}
else {
$tpl = get_markup_template('diaspora_comment.tpl');
$like = false;
}
$text = bbcode($item['body']);
// sign it
if($like)
$signed_text = $item['guid'] . ';' . $target_type . ';' . $positive . ';' . $myaddr;
else
$signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr;
$authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey']),'sha');
$msg = replace_macros($tpl,array(
'$guid' => xmlify($item['guid']),
'$parent_guid' => xmlify($parent_guid),
'$target_type' =>xmlify($target_type),
'$authorsig' => xmlify($authorsig),
'$body' => xmlify($text),
'$positive' => xmlify($positive),
'$handle' => xmlify($myaddr)
));
logger('diaspora_followup: base message: ' . $msg, LOGGER_DATA);
$slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])));
post_url($contact['notify'] . '/',$slap);
$return_code = $a->get_curl_code();
logger('diaspora_send_followup: returns: ' . $return_code);
return $return_code;
}
function diaspora_send_relay($item,$owner,$contact) {
$a = get_app();
$myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
$theiraddr = $contact['addr'];
$p = q("select guid from item where parent = %d limit 1",
$item['parent']
);
if(count($p))
$parent_guid = $p[0]['guid'];
else
return;
// fetch the original signature
$r = q("select * from sign where iid = %d limit 1",
intval($item['id'])
);
if(! count($r))
return;
$orig_sign = $r[0];
if($item['verb'] === ACTIVITY_LIKE) {
$tpl = get_markup_template('diaspora_like_relay.tpl');
$like = true;
$target_type = 'Post';
$positive = (($item['deleted']) ? 'false' : 'true');
}
else {
$tpl = get_markup_template('diaspora_comment_relay.tpl');
$like = false;
}
$text = bbcode($item['body']);
// sign it
if($like)
$parent_signed_text = $orig_sign['signed_text'];
else
$parent_signed_text = $orig_sign['signed_text'];
$parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha'));
$msg = replace_macros($tpl,array(
'$guid' => xmlify($item['guid']),
'$parent_guid' => xmlify($parent_guid),
'$target_type' =>xmlify($target_type),
'$authorsig' => xmlify($orig_sign['signature']),
'$parentsig' => xmlify($parentauthorsig),
'$text' => xmlify($text),
'$positive' => xmlify($positive),
'$diaspora_handle' => xmlify($myaddr)
));
// fetch the original signature
$r = q("select * from sign where iid = %d limit 1",
intval($item['id'])
);
if(! count($r))
return;
logger('diaspora_relay_comment: base message: ' . $msg, LOGGER_DATA);
$slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])));
post_url($contact['notify'] . '/',$slap);
$return_code = $a->get_curl_code();
logger('diaspora_send_relay: returns: ' . $return_code);
return $return_code;
}
function diaspora_send_retraction($item,$owner,$contact) {
}

9
include/items.php
View file

@ -1,8 +1,9 @@
<?php
require_once('bbcode.php');
require_once('oembed.php');
require_once('include/bbcode.php');
require_once('include/oembed.php');
require_once('include/salmon.php');
require_once('include/crypto.php');
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) {
@ -694,6 +695,7 @@ function item_store($arr,$force_parent = false) {
$arr['tag'] = ((x($arr,'tag')) ? notags(trim($arr['tag'])) : '');
$arr['attach'] = ((x($arr,'attach')) ? notags(trim($arr['attach'])) : '');
$arr['app'] = ((x($arr,'app')) ? notags(trim($arr['app'])) : '');
$arr['guid'] = ((x($arr,'guid')) ? notags(trim($arr['guid'])) : get_guid());
if($arr['parent-uri'] === $arr['uri']) {
$parent_id = 0;
@ -757,7 +759,6 @@ function item_store($arr,$force_parent = false) {
}
}
$arr['guid'] = get_guid();
call_hooks('post_remote',$arr);
@ -1635,7 +1636,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false) {
$o .= '<published>' . xmlify(datetime_convert('UTC','UTC',$item['created'] . '+00:00',ATOM_TIME)) . '</published>' . "\r\n";
$o .= '<updated>' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '</updated>' . "\r\n";
$o .= '<dfrn:env>' . base64url_encode($body, true) . '</dfrn:env>' . "\r\n";
$o .= '<content type="' . $type . '" >' . xmlify(($type === 'html') ? bbcode($body) : $body) . '</content>' . "\r\n";
$o .= '<content type="' . $type . '" >' . xmlify((($type === 'html') ? bbcode($body) : $body)) . '</content>' . "\r\n";
$o .= '<link rel="alternate" type="text/html" href="' . xmlify($a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id']) . '" />' . "\r\n";
if($comment)
$o .= '<dfrn:comment-allow>' . intval($item['last-child']) . '</dfrn:comment-allow>' . "\r\n";

96
include/message.php Normal file
View file

@ -0,0 +1,96 @@
<?php
// send a private message
function send_message($recipient=0, $body='', $subject='', $replyto=''){
$a = get_app();
if(! $recipient) return -1;
if(! strlen($subject))
$subject = t('[no subject]');
$me = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
intval(local_user())
);
$contact = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($recipient),
intval(local_user())
);
if(! (count($me) && (count($contact)))) {
return -2;
}
$hash = random_string();
$uri = 'urn:X-dfrn:' . $a->get_baseurl() . ':' . local_user() . ':' . $hash ;
if(! strlen($replyto))
$replyto = $uri;
$r = q("INSERT INTO `mail` ( `uid`, `from-name`, `from-photo`, `from-url`,
`contact-id`, `title`, `body`, `seen`, `replied`, `uri`, `parent-uri`, `created`)
VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s', '%s', '%s' )",
intval(local_user()),
dbesc($me[0]['name']),
dbesc($me[0]['thumb']),
dbesc($me[0]['url']),
intval($recipient),
dbesc($subject),
dbesc($body),
1,
0,
dbesc($uri),
dbesc($replyto),
datetime_convert()
);
$r = q("SELECT * FROM `mail` WHERE `uri` = '%s' and `uid` = %d LIMIT 1",
dbesc($uri),
intval(local_user())
);
if(count($r))
$post_id = $r[0]['id'];
/**
*
* When a photo was uploaded into the message using the (profile wall) ajax
* uploader, The permissions are initially set to disallow anybody but the
* owner from seeing it. This is because the permissions may not yet have been
* set for the post. If it's private, the photo permissions should be set
* appropriately. But we didn't know the final permissions on the post until
* now. So now we'll look for links of uploaded messages that are in the
* post and set them to the same permissions as the post itself.
*
*/
$match = null;
if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) {
$images = $match[1];
if(count($images)) {
foreach($images as $image) {
if(! stristr($image,$a->get_baseurl() . '/photo/'))
continue;
$image_uri = substr($image,strrpos($image,'/') + 1);
$image_uri = substr($image_uri,0, strpos($image_uri,'-'));
$r = q("UPDATE `photo` SET `allow_cid` = '%s'
WHERE `resource-id` = '%s' AND `album` = '%s' AND `uid` = %d ",
dbesc('<' . $recipient . '>'),
dbesc($image_uri),
dbesc( t('Wall Photos')),
intval(local_user())
);
}
}
}
if($post_id) {
proc_run('php',"include/notifier.php","mail","$post_id");
return intval($post_id);
} else {
return -3;
}
}

24
include/network.php
View file

@ -536,7 +536,7 @@ function fetch_xrd_links($url) {
$aliases = array($alias);
else
$aliases = $alias;
if(count($aliases)) {
if($aliases && count($aliases)) {
foreach($aliases as $alias) {
$links[]['@attributes'] = array('rel' => 'alias' , 'href' => $alias);
}
@ -693,3 +693,25 @@ function parse_xml_string($s,$strict = true) {
}
return $x;
}}
function add_fcontact($arr) {
$r = q("insert into fcontact ( `url`,`name`,`photo`,`request`,`nick`,`addr`,
`notify`,`poll`,`confirm`,`network`,`alias`,`pubkey`,`updated` )
values('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')",
dbesc($arr['url']),
dbesc($arr['name']),
dbesc($arr['photo']),
dbesc($arr['request']),
dbesc($arr['nick']),
dbesc($arr['addr']),
dbesc($arr['notify']),
dbesc($arr['poll']),
dbesc($arr['confirm']),
dbesc($arr['network']),
dbesc($arr['alias']),
dbesc($arr['pubkey']),
dbesc(datetime_convert())
);
return $r;
}

28
include/notifier.php
View file

@ -502,22 +502,27 @@ function notifier_run($argv, $argc){
}
break;
case NETWORK_DIASPORA:
if(get_config('system','dfrn_only') || (! get_config('diaspora_enabled')) || (! $normal_mode))
require_once('include/diaspora.php');
if(get_config('system','dfrn_only') || (! get_config('system','diaspora_enabled')) || (! $normal_mode))
break;
if($target_item['deleted']) {
// diaspora delete, (check for like)
if($target_item['verb'] === ACTIVITY_DISLIKE) {
// unsupported
break;
}
elseif($target_item['deleted'] && (! $parent_item['verb'] === ACTIVITY_LIKE)) {
// diaspora delete,
diaspora_send_retraction($target_item,$owner,$contact);
break;
}
elseif($followup) {
// send to owner to relay
// send comments, likes and retractions of likes to owner to relay
diaspora_send_followup($target_item,$owner,$contact);
break;
}
elseif($target_item['parent'] != $target_item['id']) {
// we are the relay
// we are the relay - send comments, likes and unlikes to our conversants
diaspora_send_relay($target_item,$owner,$contact);
break;
}
elseif($top_level) {
@ -571,7 +576,7 @@ function notifier_run($argv, $argc){
/**
*
* If you have less than 150 dfrn friends and it's a public message,
* If you have less than 999 dfrn friends and it's a public message,
* we'll just go ahead and push them out securely with dfrn/rino.
* If you've got more than that, you'll have to rely on PuSH delivery.
*
@ -587,8 +592,9 @@ function notifier_run($argv, $argc){
*/
$r = q("SELECT `id`, `name` FROM `contact`
WHERE `network` = NETWORK_DFRN AND `uid` = %d AND `blocked` = 0 AND `pending` = 0
WHERE `network` = '%s' AND `uid` = %d AND `blocked` = 0 AND `pending` = 0
AND `rel` != %d ",
dbesc(NETWORK_DFRN),
intval($owner['uid']),
intval(CONTACT_IS_SHARING)
);

2
include/security.php
View file

@ -28,7 +28,7 @@ function can_write_wall(&$a,$owner) {
AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
intval($owner),
intval(remote_user()),
intval(CONTACT_IS_FOLLOWER),
intval(CONTACT_IS_SHARING),
intval(CONTACT_IS_FRIEND),
intval(PAGE_COMMUNITY)
);

42
include/text.php
View file

@ -147,7 +147,7 @@ if(! function_exists('xmlify')) {
function xmlify($str) {
$buffer = '';
for($x = 0; $x < strlen($str); $x ++) {
for($x = 0; $x < mb_strlen($str); $x ++) {
$char = $str[$x];
switch( $char ) {
@ -620,32 +620,6 @@ function valid_email($x){
}}
if(! function_exists('aes_decrypt')) {
function aes_decrypt($val,$ky)
{
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
for($a=0;$a<strlen($ky);$a++)
$key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
$mode = MCRYPT_MODE_ECB;
$enc = MCRYPT_RIJNDAEL_128;
$dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) );
return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null));
}}
if(! function_exists('aes_encrypt')) {
function aes_encrypt($val,$ky)
{
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
for($a=0;$a<strlen($ky);$a++)
$key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
$mode=MCRYPT_MODE_ECB;
$enc=MCRYPT_RIJNDAEL_128;
$val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
}}
/**
*
* Function: linkify
@ -903,20 +877,6 @@ function generate_user_guid() {
}
function pkcs5_pad ($text, $blocksize)
{
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
function pkcs5_unpad($text)
{
$pad = ord($text{strlen($text)-1});
if ($pad > strlen($text)) return false;
if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
return substr($text, 0, -1 * $pad);
}
function base64url_encode($s, $strip_padding = false) {

2
include/zotfns.php
View file

@ -2,6 +2,8 @@
require_once('include/salmon.php');
require_once('include/crypto.php');
function zot_get($url,$args) {
$argstr = '';