From abfbe9c9375c7505e0422b8adc1d9d5426d7df1a Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Sun, 10 Apr 2016 16:56:08 -0700
Subject: [PATCH] a few issues: block public not blocking mod_cal, typo in sql
 for one clone file sync operation, fix_system_urls not catching cached
 contact photos, extend sessionhandler expiration when remember_me is enabled
 as the stored session is expiring long before the browser session.

---
 Zotlabs/Web/Session.php        | 29 +++++++++++++++++------------
 Zotlabs/Web/SessionHandler.php |  7 ++++++-
 boot.php                       | 18 ++++++++++++++++++
 include/auth.php               |  2 ++
 include/import.php             |  2 +-
 mod/cal.php                    |  5 +++++
 version.inc                    |  2 +-
 7 files changed, 50 insertions(+), 15 deletions(-)

diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index 494c02b1d..d25ce5f6a 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -13,6 +13,8 @@ namespace Zotlabs\Web;
 
 class Session {
 
+	private static $handler = null;
+
 	function init() {
 
 		$gc_probability = 50;
@@ -26,6 +28,7 @@ class Session {
 		 */
 
 		$handler = new \Zotlabs\Web\SessionHandler();
+		self::$handler = $handler;
 
 		$x = session_set_save_handler($handler,true);
 		if(! $x)
@@ -67,26 +70,28 @@ class Session {
 
 
 
-	function new_cookie($time) {
+	function new_cookie($xtime) {
+
+		$newxtime = (($xtime> 0) ? (time() + $xtime) : 0);
 
 		$old_sid = session_id();
 
 		session_regenerate_id(false);
 
-		q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
-			dbesc(session_id()),
-			dbesc($old_sid)
-		);
+		if(self::$handler) {
+			$v = q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
+				dbesc(session_id()),
+				dbesc($old_sid)
+			);
+		}
+		else 
+			logger('no session handler');
 
 		if (x($_COOKIE, 'jsAvailable')) {
-			if ($time) {
-				$expires = time() + $time;
-			} else {
-				$expires = 0;
-			}
-			setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
+			setcookie('jsAvailable', $_COOKIE['jsAvailable'], $newxtime);
 		}
-		setcookie(session_name(),session_id(),$expires);
+		setcookie(session_name(),session_id(),$newxtime);
+
 	}
 
 
diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php
index ede2bd609..670e8f216 100644
--- a/Zotlabs/Web/SessionHandler.php
+++ b/Zotlabs/Web/SessionHandler.php
@@ -35,7 +35,12 @@ class SessionHandler implements \SessionHandlerInterface {
 			return false;
 		}
 
-		$expire = time() + $this->session_expire;
+		// Can't just use $data here because we can't be certain of the serialisation algorithm
+
+		if($_SESSION && array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me']))
+			$expire = time() + (60 * 60 * 24 * 365);
+		else
+			$expire = time() + $this->session_expire;
 		$default_expire = time() + 300;
 
 		if($this->session_exists) {
diff --git a/boot.php b/boot.php
index 386a419dc..b6febde4e 100755
--- a/boot.php
+++ b/boot.php
@@ -1542,6 +1542,24 @@ function fix_system_urls($oldurl, $newurl) {
 			proc_run('php', 'include/notifier.php', 'refresh_all', $c[0]['channel_id']);
 		}
 	}
+
+	// now replace any remote xchans whose photos are stored locally (which will be most if not all remote xchans)
+
+	$r = q("select * from xchan where xchan_photo_l like '%s'",
+		dbesc($oldurl . '%')
+	);
+
+	if($r) {
+		foreach($r as $rr) {
+			$x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s' where xchan_hash = '%s'",
+				dbesc(str_replace($oldurl,$newurl,$rr['xchan_photo_l'])),
+				dbesc(str_replace($oldurl,$newurl,$rr['xchan_photo_m'])),
+				dbesc(str_replace($oldurl,$newurl,$rr['xchan_photo_s'])),
+				dbesc($rr['xchan_hash'])
+			);
+		}
+	}
+
 }
 
 
diff --git a/include/auth.php b/include/auth.php
index 21f0dded8..f31bc074d 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -275,9 +275,11 @@ else {
 		// on the cookie
 
 		if($_POST['remember_me']) {
+			$_SESSION['remember_me'] = 1;
 			\Zotlabs\Web\Session::new_cookie(31449600); // one year
 		}
 		else {
+			$_SESSION['remember_me'] = 0;
 			\Zotlabs\Web\Session::new_cookie(0); // 0 means delete on browser exit
 		}
 
diff --git a/include/import.php b/include/import.php
index f15dedfe0..3b5c8508c 100644
--- a/include/import.php
+++ b/include/import.php
@@ -925,7 +925,7 @@ function sync_files($channel,$files) {
 						$ext = '';
 					}
 
-					$r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder == '%s' and hash != '%s' ",
+					$r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' and hash != '%s' ",
 						dbesc($basename . $ext),
 						dbesc($basename . '(%)' . $ext),
 						dbesc($att['folder']),
diff --git a/mod/cal.php b/mod/cal.php
index b58f3a1f1..56d65d3f2 100755
--- a/mod/cal.php
+++ b/mod/cal.php
@@ -45,6 +45,11 @@ function cal_init(&$a) {
 
 function cal_content(&$a) {
 
+	if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) {
+		return;
+	}
+
+
 	$channel = null;
 
 	if(argc() > 1) {
diff --git a/version.inc b/version.inc
index 32652d931..37532de97 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2016-04-08.1360H
+2016-04-10.1362H