Merge remote-tracking branch 'upstream/master' into contact-discovery

This commit is contained in:
Michael 2019-06-24 03:23:57 +00:00
commit 037cf01a15
9 changed files with 88 additions and 19 deletions

View File

@ -1,17 +1,20 @@
Version 2019.06 (UNRELEASED) (2019-06-?) Version 2019.06 (2019-06-23)
Friendica Core: Friendica Core:
Update to the tranlation (CS, DE, ET, PL, PT-BR, SV) [translation teams] Update to the tranlation (CS, DE, EN-GB, EN-US, ET, FR, IT, PL, PT-BR, SV) [translation teams]
Update to the documentation [nupplaphil, realkinetix] Update to the documentation [nupplaphil, realkinetix, MrPetovan]
Update to the themes (frio, vier) [BinkaDroid, MrPetovan, tobiasd] Update to the themes (frio, vier) [BinkaDroid, MrPetovan, tobiasd]
Enhancements to the API [annando, MrPetovan] Enhancements to the API [annando, MrPetovan]
Enhancements to the way reshares are handled [annando] Enhancements to the way reshares are handled [annando]
Enhancements to the redis configuration [nupplaphil] Enhancements to the redis configuration [nupplaphil]
Enhancements to the federation stats display in the admin panel [tobiasd] Enhancements to the federation stats display in the admin panel [tobiasd]
Enhancements to the processing of changed storage engine [MrPetovan] Enhancements to the processing of changed storage engine [MrPetovan]
Enhancements to ActivityPub support [annando, MrPetovan]
Enhancements to code security [MrPetovan]
Enhancements to delivery counter [annando]
Fixed the notification order [JeroenED] Fixed the notification order [JeroenED]
Fixed the timezone of Friendica logs [nupplaphil] Fixed the timezone of Friendica logs [nupplaphil]
Fixed tag completion painfully slow [AlfredSK] Fixed tag completion painfully slow [AlfredSK]
Fixed a regression in notifications [MrPetovan] Fixed a regression in notifications [MrPetovan, annando]
Fixed an issue with smilies and code blocks [MrPetovan] Fixed an issue with smilies and code blocks [MrPetovan]
Fixed an AP issue with unavailable local profiles [MrPetovan] Fixed an AP issue with unavailable local profiles [MrPetovan]
Fixed an issue with the File to Folder feature [MrPetovan] Fixed an issue with the File to Folder feature [MrPetovan]
@ -20,34 +23,55 @@ Version 2019.06 (UNRELEASED) (2019-06-?)
Fixed an issue occuring when the BasePath was not set [tobiasd] Fixed an issue occuring when the BasePath was not set [tobiasd]
Fixed an issue with additionally opened Sessions [MrPetovan] Fixed an issue with additionally opened Sessions [MrPetovan]
Fixed an issue with legacy loglevel mapping [nupplaphil] Fixed an issue with legacy loglevel mapping [nupplaphil]
Fixed contact suggestions [annando]
Fixed an issue with frio hovercard [nupplaphil]
Fixed event interaction federation [annando]
Fixed remote image permission [deantownsley]
General Code cleaning and restructuring [annando, nupplaphil, tobiasd] General Code cleaning and restructuring [annando, nupplaphil, tobiasd]
Added frio color scheme sharing [JeroenED] Added frio color scheme sharing [JeroenED]
Added syslog and stream Logger [nupplaphil] Added syslog and stream Logger [nupplaphil]
Added storage move cronjob [MrPetovan] Added storage move cronjob [MrPetovan]
Added collapsible panel for connector permission fields [MrPetovan] Added collapsible panel for connector permission fields [MrPetovan]
Added rule-based router [MrPetovan] Added rule-based router [MrPetovan]
Added Estinian translation [Rain Hawk] Added Estonian translation [Rain Hawk]
Added APCu caching [nupplaphil] Added APCu caching [nupplaphil]
Added BlockServer command to the Friendica console [nupplaphil] Added BlockServer command to the Friendica console [nupplaphil]
Added reshare count [annando]
Added rule-based router [MrPetovan, nupplaphil]
Added themed error pages with mascot [MrPetovan, lostinlight]
Added contact relationship filter [MrPetovan]
Removed the old queue mechanism (deferred workers are now used) [annando] Removed the old queue mechanism (deferred workers are now used) [annando]
Removed BasePath and Hostname settings from the admin panel [nupplaphil] Removed BasePath and Hostname settings from the admin panel [nupplaphil]
Remove support for defunct F-Droid Friendica app [MrPetovan]
Friendica Addons: Friendica Addons:
Update to the tranlation (ET, SV, ZH_CN) [translation teams] Update to the tranlation (ET, SV, ZH_CN) [translation teams]
botdetection: botdetection:
Added a new addon for preventing access by bots [nupplaphil] Added a new addon for preventing access by bots [nupplaphil, annando]
buffer: buffer:
Traces of Google+ were removed [annando] Traces of Google+ were removed [annando]
curweather: curweather:
Fixed a problem with the display of the correct temperature unit [tobiasd] Fixed a problem with the display of the correct temperature unit [tobiasd]
fromgplus: fromgplus:
Deprecated the addon as Google+ was closed [tobiasd] Deprecated the addon as Google+ was closed [tobiasd]
fortunate:
Deprecated addon for incompatibility with latest Friendica version [MrPetovan]
phpmailer: phpmailer:
Added a new addon to use external SMTP for email [M-arcus] Added a new addon to use external SMTP for email [M-arcus, kecalcze, MrPetovan]
pledgie:
Deprecated addon as service was discontinued [M-arcus]
xmpp:
Marked addon as unsupported because of various incompatibilities with themes [MrPetovan]
Closed Issues: Closed Issues:
5011, 5047, 5850, 6303, 6319, 6478, 6319, 6720, 6815, 6864, 6879, 1012, 2209, 2528, 3309, 3717, 3816, 3869, 4453, 4999, 5011, 5047, 5276, 5850, 5983, 6303, 6319, 6379, 6410, 6477,
6903, 6921, 6927, 6936, 6941, 6943, 6947, 6948, 6952 6478, 6720, 6799, 6813, 6819, 6861, 6864, 6879, 6903, 6916, 6917, 6918, 6921, 6927, 6929, 6936, 6938, 6941, 6943,
6947, 6948, 6950, 6952, 6983, 6999, 7023, 7036, 7047, 7106, 7112, 7119, 7128, 7130, 7131, 7141, 7142, 7150, 7171,
7183, 7196, 7209, 7223, 7226, 7240, 7241, 7249, 7264, 7269, 7271, 7275, 7300, 7303
Version 2019.04 (2019-04-28)
Friendica Core:
Fixed a privacy problem with postings accessed by feed [MrPetovan]
Version 2019.03 (2019-03-22) Version 2019.03 (2019-03-22)
Friendica Core: Friendica Core:

View File

@ -1 +1 @@
2019.06-rc 2019.06

View File

@ -31,7 +31,7 @@ use Friendica\Util\DateTimeFormat;
define('FRIENDICA_PLATFORM', 'Friendica'); define('FRIENDICA_PLATFORM', 'Friendica');
define('FRIENDICA_CODENAME', 'Dalmatian Bellflower'); define('FRIENDICA_CODENAME', 'Dalmatian Bellflower');
define('FRIENDICA_VERSION', '2019.06-rc'); define('FRIENDICA_VERSION', '2019.06');
define('DFRN_PROTOCOL_VERSION', '2.23'); define('DFRN_PROTOCOL_VERSION', '2.23');
define('NEW_UPDATE_ROUTINE_VERSION', 1170); define('NEW_UPDATE_ROUTINE_VERSION', 1170);

View File

@ -97,7 +97,19 @@
}, },
"archive": { "archive": {
"exclude": [ "exclude": [
"log", "cache", "/photo", "/proxy" "/.*",
"/*file",
"!/.htaccess-dist",
"/tests",
"/*.xml",
"/composer.*",
"/log",
"/cache",
"/photo",
"/proxy",
"/addon",
"!/vendor",
"!/view/asset"
] ]
}, },
"require-dev": { "require-dev": {

View File

@ -84,6 +84,10 @@ function display_init(App $a)
displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom'); displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
} }
if ($a->argc >= 3 && $nick == 'feed-item') {
displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
}
if (!empty($_SERVER['HTTP_ACCEPT']) && strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) { if (!empty($_SERVER['HTTP_ACCEPT']) && strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) {
Logger::log('Directly serving XML for id '.$item["id"], Logger::DEBUG); Logger::log('Directly serving XML for id '.$item["id"], Logger::DEBUG);
displayShowFeed($item["id"], false); displayShowFeed($item["id"], false);

View File

@ -226,7 +226,7 @@ class Event extends BaseObject
return; return;
} }
DBA::delete('event', ['id' => $event_id]); DBA::delete('event', ['id' => $event_id], ['cascade' => false]);
Logger::log("Deleted event ".$event_id, Logger::DEBUG); Logger::log("Deleted event ".$event_id, Logger::DEBUG);
} }

View File

@ -1080,9 +1080,11 @@ class Item extends BaseObject
} }
// When the permission set will be used in photo and events as well, // When the permission set will be used in photo and events as well,
// this query here needs to be extended. // this query here needs to be extended.
if (!empty($item['psid']) && !self::exists(['psid' => $item['psid'], 'deleted' => false])) { // @todo Currently deactivated. We need the permission set in the deletion process.
DBA::delete('permissionset', ['id' => $item['psid']], ['cascade' => false]); // This is a reminder to add the removal somewhere else.
} //if (!empty($item['psid']) && !self::exists(['psid' => $item['psid'], 'deleted' => false])) {
// DBA::delete('permissionset', ['id' => $item['psid']], ['cascade' => false]);
//}
// If it's the parent of a comment thread, kill all the kids // If it's the parent of a comment thread, kill all the kids
if ($item['id'] == $item['parent']) { if ($item['id'] == $item['parent']) {

View File

@ -16,6 +16,7 @@ use Friendica\Database\DBA;
use Friendica\Database\DBStructure; use Friendica\Database\DBStructure;
use Friendica\Model\Storage\IStorage; use Friendica\Model\Storage\IStorage;
use Friendica\Object\Image; use Friendica\Object\Image;
use Friendica\Protocol\DFRN;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network; use Friendica\Util\Network;
use Friendica\Util\Security; use Friendica\Util\Security;
@ -133,8 +134,16 @@ class Photo extends BaseObject
if ($r === false) { if ($r === false) {
return false; return false;
} }
$uid = $r["uid"];
$sql_acl = Security::getPermissionsSQLByUserId($r["uid"]); // This is the first place, when retrieving just a photo, that we know who owns the photo.
// Make sure that the requester's session is appropriately authenticated to that user
// otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
$r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
// this will either just return (if auth all ok) or will redirect and exit (starting over)
DFRN::autoRedir(self::getApp(), $r["nickname"]);
$sql_acl = Security::getPermissionsSQLByUserId($uid);
$conditions = [ $conditions = [
"`resource-id` = ? AND `scale` <= ? " . $sql_acl, "`resource-id` = ? AND `scale` <= ? " . $sql_acl,

View File

@ -2899,7 +2899,12 @@ class DFRN
{ {
// prevent looping // prevent looping
if (!empty($_REQUEST['redir'])) { if (!empty($_REQUEST['redir'])) {
return; Logger::log('autoRedir might be looping because redirect has been redirected', Logger::DEBUG);
// looping prevention also appears to sometimes prevent authentication for images
// because browser may have multiple connections open and load an image on a connection
// whose session wasn't updated when a previous redirect authenticated
// Leaving commented in case looping reappears
//return;
} }
if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) { if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) {
@ -2923,6 +2928,9 @@ class DFRN
$baseurl = substr($baseurl, $domain_st + 3); $baseurl = substr($baseurl, $domain_st + 3);
$nurl = Strings::normaliseLink($baseurl); $nurl = Strings::normaliseLink($baseurl);
$r = User::getByNickname($contact_nick, ["uid"]);
$contact_uid = $r["uid"];
/// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange. /// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange.
$r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1) $r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1)
AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1", AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1",
@ -2931,9 +2939,19 @@ class DFRN
DBA::escape($baseurl), DBA::escape($baseurl),
DBA::escape($nurl) DBA::escape($nurl)
); );
if ((! DBA::isResult($r)) || $r[0]['id'] == remote_user()) { if ((! DBA::isResult($r))) {
return; return;
} }
// test if redirect authentication already succeeded
// Note that "contact" in the sense used in the $contact_nick argument to this function
// and the sense in the $remote[]["cid"] in the session are opposite.
// In the session variable the user currently fetching is the contact
// while $contact_nick is the nick of tho user who owns the stuff being fetched.
foreach (\Friendica\Core\Session::get('remote', []) as $visitor) {
if ($visitor['uid'] == $contact_uid && $visitor['cid'] == $r[0]['id']) {
return;
}
}
$r = q("SELECT * FROM contact WHERE nick = '%s' $r = q("SELECT * FROM contact WHERE nick = '%s'
AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1", AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1",