From 15c81716e8cbb916e9bfca5f0d519d9df5baa063 Mon Sep 17 00:00:00 2001 From: Friendika Date: Tue, 4 Jan 2011 02:01:07 -0800 Subject: [PATCH 1/4] much better solution to privacy on ajax wall photos --- mod/item.php | 53 ++++++++++++++++++++++----------------------- mod/wall_upload.php | 6 ++--- 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/mod/item.php b/mod/item.php index 36b51a537e..f9bf9a04e0 100644 --- a/mod/item.php +++ b/mod/item.php @@ -131,43 +131,42 @@ function item_post(&$a) { /** * - * If a photo was uploaded into the message using the ajax uploader, - * it can be seen by anybody. Set the permissions to match the message. - * Ideally this should be done when the photo was uploaded, but the permissions - * may not have been set at that time, and passing the permission arrays via - * javascript to the ajax upload is going to be a challenge. - * This is a compromise. Granted there is a window of time when the photo - * is public. You are welcome to suggest other ways to fix this. + * When a photo was uploaded into the message using the (profile wall) ajax + * uploader, The permissions are initially set to disallow anybody but the + * owner from seeing it. This is because the permissions may not yet have been + * set for the post. If it's private, the photo permissions should be set + * appropriately. But we didn't know the final permissions on the post until + * now. So now we'll look for links of uploaded messages that are in the + * post and set them to the same permissions as the post itself. * */ $match = null; - if($private) { - if(preg_match_all("/\[img\](.+?)\[\/img\]/",$body,$match)) { - $images = $match[1]; - if(count($images)) { - foreach($images as $image) { - if(! stristr($image,$a->get_baseurl() . '/photo/')) - continue; - $image_uri = substr($image,strrpos($image,'/') + 1); - $image_uri = substr($image_uri,0, strpos($image_uri,'-')); - $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' - WHERE `resource-id` = '%s' AND `album` = '%s' ", - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), - dbesc($image_uri), - dbesc( t('Wall Photos')) - ); - - } + if(preg_match_all("/\[img\](.+?)\[\/img\]/",$body,$match)) { + $images = $match[1]; + if(count($images)) { + foreach($images as $image) { + if(! stristr($image,$a->get_baseurl() . '/photo/')) + continue; + $image_uri = substr($image,strrpos($image,'/') + 1); + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' + WHERE `resource-id` = '%s' AND `album` = '%s' ", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + dbesc($image_uri), + dbesc( t('Wall Photos')) + ); + } } } + /** * Look for any tags and linkify them */ diff --git a/mod/wall_upload.php b/mod/wall_upload.php index eb44012d15..ab06b4b2d8 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -76,7 +76,7 @@ function wall_upload_post(&$a) { $smallest = 0; - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0 ); + $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, '<0>'); if(! $r) { echo ( t('Image upload failed.') . EOL); @@ -85,14 +85,14 @@ function wall_upload_post(&$a) { if($width > 640 || $height > 640) { $ph->scaleImage(640); - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1 ); + $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, '<0>'); if($r) $smallest = 1; } if($width > 320 || $height > 320) { $ph->scaleImage(320); - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2 ); + $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, '<0>' ); if($r) $smallest = 2; } From 236474da0bf765f877ee38d9682a95b0b7f98658 Mon Sep 17 00:00:00 2001 From: Friendika Date: Tue, 4 Jan 2011 02:20:00 -0800 Subject: [PATCH 2/4] convert received ostatus unfollow verb to activity streams stop-following --- include/items.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/include/items.php b/include/items.php index 0c055f5711..61bc0c5d77 100644 --- a/include/items.php +++ b/include/items.php @@ -420,9 +420,19 @@ function get_atom_elements($feed,$item) { $rawverb = $item->get_item_tags(NAMESPACE_ACTIVITY, 'verb'); + // select between supported verbs - if($rawverb) + + if($rawverb) { $res['verb'] = unxmlify($rawverb[0]['data']); + } + + // translate OStatus unfollow to activity streams if it happened to get selected + + if((x($res,'verb')) && ($res['verb'] === 'http://ostatus.org/schema/1.0/unfollow')) + $res['verb'] = ACTIVITY_UNFOLLOW; + + $rawobj = $item->get_item_tags(NAMESPACE_ACTIVITY, 'object'); From 2bf99df385a54c3a8a449b9eda1d2a9877465dd1 Mon Sep 17 00:00:00 2001 From: fabrixxm Date: Tue, 4 Jan 2011 13:04:23 +0100 Subject: [PATCH 3/4] Updated IT strings --- view/it/strings.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/view/it/strings.php b/view/it/strings.php index 8015163103..0e6def3dfa 100644 --- a/view/it/strings.php +++ b/view/it/strings.php @@ -80,10 +80,11 @@ $a->strings['Profile not found.'] = 'Profilo non trovato.'; $a->strings['Response from remote site was not understood.'] = 'La risposta dal sito remota non รจ stata capita.'; $a->strings['Unexpected response from remote site: '] = 'Risposta dal sito remoto inaspettata: '; $a->strings["Confirmation completed successfully."] = "Conferma completata con successo."; -$a->strings['Remote site reported: '] = 'Il sito remoto riporsta: '; +$a->strings['Remote site reported: '] = 'Il sito remoto riporta: '; $a->strings["Temporary failure. Please wait and try again."] = "Errore temporaneo. Attendi e riprova."; $a->strings["Introduction failed or was revoked."] = "La presentazione è fallita o è stata revocata."; $a->strings['Unable to set contact photo.'] = 'Impossibile impostare la foto del contatto.'; +$a->strings['is now friends with'] = 'ora è amico di'; $a->strings['No user record found for '] = 'Nessun utente trovato per '; $a->strings['Our site encryption key is apparently messed up.'] = 'La nostra chiave di criptazione del sito e\' apparentemente incasinata.'; $a->strings['Empty site URL was provided or URL could not be decrypted by us.'] = 'E\' stato fornito un indirizzo vuoto o non possiamo decriptare l\'indirizzo.'; @@ -108,6 +109,9 @@ $a->strings["not found at the given location."] = "non trovato alla posizione da $a->strings["Introduction complete."] = "Presentazione completa."; $a->strings['Unrecoverable protocol error.'] = 'Errore di protocollo non recuperabile.'; $a->strings['Profile unavailable.'] = 'Profilo non disponibile.'; +$a->strings['has received too many connection requests today.'] = 'ha ricevuto troppe connessioni oggi.'; +$a->strings['Spam protection measures have been invoked.'] = 'Sono state attivate le misure di protezione contro lo spam.'; +$a->strings['Friends are advised to please try again in 24 hours.'] = 'Gli amici sono pregati di riprovare tra 24 ore.'; $a->strings["Invalid locator"] = "Invalid locator"; $a->strings["Unable to resolve your name at the provided location."] = "Impossibile risolvere il tuo nome nella posizione indicata."; $a->strings['You have already introduced yourself here.'] = 'Ti sei già presentato qui.'; @@ -136,6 +140,7 @@ $a->strings['Global Directory'] = 'Elenco Globale'; $a->strings['Item not found.'] = 'Elemento non trovato.'; $a->strings['Private Message'] = 'Messaggio privato'; $a->strings['This is you'] = 'Questo sei tu'; +$a->strings['View $name\'s profile'] = 'Guarda il profilo di $name'; $a->strings['Item has been removed.'] = 'L\'elemento è stato rimosso.'; $a->strings['The profile address specified does not provide adequate information.'] = 'L\'indirizzo del profilo specificato non fornisce adeguate informazioni'; $a->strings['Limited profile. This person will be unable to receive direct/personal notifications from you.'] = 'Profilo limitato. Questa persona non sara\' in grado di ricevere nofiche dirette/personali da te.'; @@ -163,6 +168,7 @@ $a->strings['This is required. Please adjust the configuration file .htconfig.ph $a->strings['The command line version of PHP on your system does not have "register_argc_argv" enabled.'] = 'La versione da riga di comando di PHP nel sistema non ha abilitato "register_argc_argv".'; $a->strings['This is required for message delivery to work.'] = 'Ció è richiesto per far funzionare la consegna dei messaggi.'; $a->strings['Error: the "openssl_pkey_new" function on this system is not able to generate encryption keys'] = 'Errore: la funzione "openssl_pkey_new" in questo sistema non è in grado di generare le chiavi di criptazione'; +$a->strings['If running under Windows, please see "http://www.php.net/manual/en/openssl.installation.php".'] = 'Se stai eseguendo friendika su windows, guarda "http://www.php.net/manual/en/openssl.installation.php".'; $a->strings['Error: Apache webserver mod-rewrite module is required but not installed.'] = 'Errore: il modulo mod-rewrite di Apache &egreve; richiesto ma non installato'; $a->strings['Error: libCURL PHP module required but not installed.'] = 'Errore: il modulo libCURL di PHP è richiesto ma non installato.'; $a->strings['Error: GD graphics PHP module with JPEG support required but not installed.'] = 'Errore: Il modulo GD graphics di PHP con supporto a JPEG è richiesto ma non installato.'; @@ -223,6 +229,7 @@ $a->strings['Message not available.'] = 'Messaggio non disponibile.'; $a->strings['Delete message'] = 'Cancella messaggio'; $a->strings['Send Reply'] = 'Invia risposta'; $a->strings['No such group'] = 'Nessun gruppo'; +$a->strings['Group is empty'] = 'Il gruppo è vuoto'; $a->strings['Group: '] = 'Gruppo: '; $a->strings['Invalid request identifier.'] = 'Identificativo richiesta invalido.'; $a->strings['Discard'] = 'Scarta'; @@ -344,8 +351,8 @@ $a->strings['Logged out.'] = 'Sei uscito.'; $a->strings['Unknown | Not categorised'] = 'Sconosciuto | non categorizzato'; $a->strings['Block immediately'] = 'Blocca immediatamente'; $a->strings['Shady, spammer, self-marketer'] = 'Shady, spammer, self-marketer'; -$a->strings['Known to me, but no opinion'] = 'Lo conosco, ma non ho oppiniioni'; -$a->strings['OK, probably harmless'] = 'OK, probabilmente innocuo'; +$a->strings['Known to me, but no opinion'] = 'Lo conosco, ma non ho oppinioni'; +$a->strings['OK, probably harmless'] = 'E\' ok, probabilmente innocuo'; $a->strings['Reputable, has my trust'] = 'Rispettabile, ha la mia fiducia'; $a->strings['Frequently'] = 'Frequentemente'; $a->strings['Hourly'] = 'Ogni ora'; From 64628c800d711c3a3c28e2bf94efd7e8b26a5eba Mon Sep 17 00:00:00 2001 From: Friendika Date: Tue, 4 Jan 2011 05:06:10 -0800 Subject: [PATCH 4/4] provide "return home" key --- .htaccess | 1 + include/main.js | 5 +++++ index.php | 3 +++ mod/dfrn_poll.php | 2 ++ 4 files changed, 11 insertions(+) diff --git a/.htaccess b/.htaccess index b6d4eecc33..b06dd8bdc3 100644 --- a/.htaccess +++ b/.htaccess @@ -1,6 +1,7 @@ Options -Indexes AddType application/x-java-archive .jar +AddType audio/ogg .oga Deny from all diff --git a/include/main.js b/include/main.js index ef6b059ccf..d137d4c9c6 100644 --- a/include/main.js +++ b/include/main.js @@ -44,6 +44,11 @@ $('#pause').html(''); } } + if(event.keyCode == '36') { + event.preventDefault(); + if(homebase) + document.location = homebase; + } }); }); diff --git a/index.php b/index.php index 2e14e7d2ac..cbc85accf4 100644 --- a/index.php +++ b/index.php @@ -173,6 +173,9 @@ if($a->module_loaded) { } +if(x($_SESSION,'visitor_home')) + $a->page['content'] .= ''; + if(stristr($_SESSION['sysmsg'], t('Permission denied'))) { header($_SERVER["SERVER_PROTOCOL"] . ' 403 ' . t('Permission denied.')); } diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index 52272efade..1061cdb899 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -73,6 +73,7 @@ function dfrn_poll_init(&$a) { if((int) $xml->status == 1) { $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $r[0]['id']; + $_SESSION['visitor_home'] = $r[0]['url']; notice( $r[0]['username'] . t(' welcomes ') . $r[0]['name'] . EOL); // Visitors get 1 day session. $session_id = session_id(); @@ -386,6 +387,7 @@ function dfrn_poll_content(&$a) { if(((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) { $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $r[0]['id']; + $_SESSION['visitor_home'] = $r[0]['url']; notice( $r[0]['username'] . t(' welcomes ') . $r[0]['name'] . EOL); // Visitors get 1 day session. $session_id = session_id();