function get_item_elements($x) { $arr = array(); $arr['body'] = $x['body'] ? htmlspecialchars($x['body'], ENT_COMPAT, 'UTF-8', false) : ''; $key = get_config('system', 'pubkey'); $maxlen = get_max_import_size(); if ($maxlen && mb_strlen($arr['body']) > $maxlen) { $arr['body'] = mb_substr($arr['body'], 0, $maxlen, 'UTF-8'); logger('get_item_elements: message length exceeds max_import_size: truncated'); } $arr['created'] = datetime_convert('UTC', 'UTC', $x['created']); $arr['edited'] = datetime_convert('UTC', 'UTC', $x['edited']); if ($arr['created'] > datetime_convert()) { $arr['created'] = datetime_convert(); } if ($arr['edited'] > datetime_convert()) { $arr['edited'] = datetime_convert(); } $arr['expires'] = x($x, 'expires') && $x['expires'] ? datetime_convert('UTC', 'UTC', $x['expires']) : NULL_DATE; $arr['commented'] = x($x, 'commented') && $x['commented'] ? datetime_convert('UTC', 'UTC', $x['commented']) : $arr['created']; $arr['comments_closed'] = x($x, 'comments_closed') && $x['comments_closed'] ? datetime_convert('UTC', 'UTC', $x['comments_closed']) : NULL_DATE; $arr['title'] = $x['title'] ? htmlspecialchars($x['title'], ENT_COMPAT, 'UTF-8', false) : ''; if (mb_strlen($arr['title']) > 255) { $arr['title'] = mb_substr($arr['title'], 0, 255); } $arr['app'] = $x['app'] ? htmlspecialchars($x['app'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['route'] = $x['route'] ? htmlspecialchars($x['route'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['mid'] = $x['message_id'] ? htmlspecialchars($x['message_id'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['parent_mid'] = $x['message_top'] ? htmlspecialchars($x['message_top'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['thr_parent'] = $x['message_parent'] ? htmlspecialchars($x['message_parent'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['plink'] = $x['permalink'] ? htmlspecialchars($x['permalink'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['location'] = $x['location'] ? htmlspecialchars($x['location'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['coord'] = $x['longlat'] ? htmlspecialchars($x['longlat'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['verb'] = $x['verb'] ? htmlspecialchars($x['verb'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['mimetype'] = $x['mimetype'] ? htmlspecialchars($x['mimetype'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['obj_type'] = $x['object_type'] ? htmlspecialchars($x['object_type'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['tgt_type'] = $x['target_type'] ? htmlspecialchars($x['target_type'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['public_policy'] = $x['public_scope'] ? htmlspecialchars($x['public_scope'], ENT_COMPAT, 'UTF-8', false) : ''; if ($arr['public_policy'] === 'public') { $arr['public_policy'] = ''; } $arr['comment_policy'] = $x['comment_scope'] ? htmlspecialchars($x['comment_scope'], ENT_COMPAT, 'UTF-8', false) : 'contacts'; $arr['sig'] = $x['signature'] ? htmlspecialchars($x['signature'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['diaspora_meta'] = $x['diaspora_signature'] ? json_encode(crypto_encapsulate($x['diaspora_signature'], $key)) : ''; $arr['object'] = activity_sanitise($x['object']); $arr['target'] = activity_sanitise($x['target']); $arr['attach'] = activity_sanitise($x['attach']); $arr['term'] = decode_tags($x['tags']); $arr['item_private'] = array_key_exists('flags', $x) && is_array($x['flags']) && in_array('private', $x['flags']) ? 1 : 0; $arr['item_flags'] = 0; if (array_key_exists('flags', $x) && in_array('consensus', $x['flags'])) { $arr['item_flags'] |= ITEM_CONSENSUS; } if (array_key_exists('flags', $x) && in_array('deleted', $x['flags'])) { $arr['item_restrict'] |= ITEM_DELETED; } if (array_key_exists('flags', $x) && in_array('hidden', $x['flags'])) { $arr['item_restrict'] |= ITEM_HIDDEN; } // Here's the deal - the site might be down or whatever but if there's a new person you've never // seen before sending stuff to your stream, we MUST be able to look them up and import their data from their // hub and verify that they are legit - or else we're going to toss the post. We only need to do this // once, and after that your hub knows them. Sure some info is in the post, but it's only a transit identifier // and not enough info to be able to look you up from your hash - which is the only thing stored with the post. if (($xchan_hash = import_author_xchan($x['author'])) !== false) { $arr['author_xchan'] = $xchan_hash; } else { return array(); } // save a potentially expensive lookup if author == owner if ($arr['author_xchan'] === make_xchan_hash($x['owner']['guid'], $x['owner']['guid_sig'])) { $arr['owner_xchan'] = $arr['author_xchan']; } else { if (($xchan_hash = import_author_xchan($x['owner'])) !== false) { $arr['owner_xchan'] = $xchan_hash; } else { return array(); } } if ($arr['sig']) { $r = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($arr['author_xchan'])); if ($r && rsa_verify($x['body'], base64url_decode($arr['sig']), $r[0]['xchan_pubkey'])) { $arr['item_flags'] |= ITEM_VERIFIED; } else { logger('get_item_elements: message verification failed.'); } } // if it's a private post, encrypt it in the DB. // We have to do that here because we need to cleanse the input and prevent bad stuff from getting in, // and we need plaintext to do that. if (intval($arr['item_private'])) { $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; if ($arr['title']) { $arr['title'] = json_encode(crypto_encapsulate($arr['title'], $key)); } if ($arr['body']) { $arr['body'] = json_encode(crypto_encapsulate($arr['body'], $key)); } } if (array_key_exists('revision', $x)) { // extended export encoding $arr['revision'] = $x['revision']; $arr['allow_cid'] = $x['allow_cid']; $arr['allow_gid'] = $x['allow_gid']; $arr['deny_cid'] = $x['deny_cid']; $arr['deny_gid'] = $x['deny_gid']; $arr['layout_mid'] = $x['layout_mid']; $arr['postopts'] = $x['postopts']; $arr['resource_id'] = $x['resource_id']; $arr['resource_type'] = $x['resource_type']; $arr['item_restrict'] = $x['item_restrict']; $arr['item_flags'] = $x['item_flags']; $arr['attach'] = $x['attach']; } return $arr; }
function get_item_elements($x, $allow_code = false) { $arr = array(); if ($allow_code) { $arr['body'] = $x['body']; } else { $arr['body'] = $x['body'] ? htmlspecialchars($x['body'], ENT_COMPAT, 'UTF-8', false) : ''; } $key = get_config('system', 'pubkey'); $maxlen = get_max_import_size(); if ($maxlen && mb_strlen($arr['body']) > $maxlen) { $arr['body'] = mb_substr($arr['body'], 0, $maxlen, 'UTF-8'); logger('get_item_elements: message length exceeds max_import_size: truncated'); } $arr['created'] = datetime_convert('UTC', 'UTC', $x['created']); $arr['edited'] = datetime_convert('UTC', 'UTC', $x['edited']); if ($arr['created'] > datetime_convert()) { $arr['created'] = datetime_convert(); } if ($arr['edited'] > datetime_convert()) { $arr['edited'] = datetime_convert(); } $arr['expires'] = x($x, 'expires') && $x['expires'] ? datetime_convert('UTC', 'UTC', $x['expires']) : NULL_DATE; $arr['commented'] = x($x, 'commented') && $x['commented'] ? datetime_convert('UTC', 'UTC', $x['commented']) : $arr['created']; $arr['comments_closed'] = x($x, 'comments_closed') && $x['comments_closed'] ? datetime_convert('UTC', 'UTC', $x['comments_closed']) : NULL_DATE; $arr['title'] = $x['title'] ? htmlspecialchars($x['title'], ENT_COMPAT, 'UTF-8', false) : ''; if (mb_strlen($arr['title']) > 255) { $arr['title'] = mb_substr($arr['title'], 0, 255); } $arr['app'] = $x['app'] ? htmlspecialchars($x['app'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['route'] = $x['route'] ? htmlspecialchars($x['route'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['mid'] = $x['message_id'] ? htmlspecialchars($x['message_id'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['parent_mid'] = $x['message_top'] ? htmlspecialchars($x['message_top'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['thr_parent'] = $x['message_parent'] ? htmlspecialchars($x['message_parent'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['plink'] = $x['permalink'] ? htmlspecialchars($x['permalink'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['location'] = $x['location'] ? htmlspecialchars($x['location'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['coord'] = $x['longlat'] ? htmlspecialchars($x['longlat'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['verb'] = $x['verb'] ? htmlspecialchars($x['verb'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['mimetype'] = $x['mimetype'] ? htmlspecialchars($x['mimetype'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['obj_type'] = $x['object_type'] ? htmlspecialchars($x['object_type'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['tgt_type'] = $x['target_type'] ? htmlspecialchars($x['target_type'], ENT_COMPAT, 'UTF-8', false) : ''; $arr['public_policy'] = $x['public_scope'] ? htmlspecialchars($x['public_scope'], ENT_COMPAT, 'UTF-8', false) : ''; if ($arr['public_policy'] === 'public') { $arr['public_policy'] = ''; } $arr['comment_policy'] = $x['comment_scope'] ? htmlspecialchars($x['comment_scope'], ENT_COMPAT, 'UTF-8', false) : 'contacts'; $arr['sig'] = $x['signature'] ? htmlspecialchars($x['signature'], ENT_COMPAT, 'UTF-8', false) : ''; if (array_key_exists('diaspora_signature', $x) && is_array($x['diaspora_signature'])) { $x['diaspora_signature'] = json_encode($x['diaspora_signature']); } $arr['diaspora_meta'] = $x['diaspora_signature'] ? $x['diaspora_signature'] : ''; $arr['object'] = activity_sanitise($x['object']); $arr['target'] = activity_sanitise($x['target']); $arr['attach'] = activity_sanitise($x['attach']); $arr['term'] = decode_tags($x['tags']); $arr['item_private'] = array_key_exists('flags', $x) && is_array($x['flags']) && in_array('private', $x['flags']) ? 1 : 0; $arr['item_flags'] = 0; if (array_key_exists('flags', $x) && in_array('consensus', $x['flags'])) { $arr['item_consensus'] = 1; } if (array_key_exists('flags', $x) && in_array('deleted', $x['flags'])) { $arr['item_deleted'] = 1; } if (array_key_exists('flags', $x) && in_array('hidden', $x['flags'])) { $arr['item_hidden'] = 1; } // Here's the deal - the site might be down or whatever but if there's a new person you've never // seen before sending stuff to your stream, we MUST be able to look them up and import their data from their // hub and verify that they are legit - or else we're going to toss the post. We only need to do this // once, and after that your hub knows them. Sure some info is in the post, but it's only a transit identifier // and not enough info to be able to look you up from your hash - which is the only thing stored with the post. if (($xchan_hash = import_author_xchan($x['author'])) !== false) { $arr['author_xchan'] = $xchan_hash; } else { return array(); } // save a potentially expensive lookup if author == owner if ($arr['author_xchan'] === make_xchan_hash($x['owner']['guid'], $x['owner']['guid_sig'])) { $arr['owner_xchan'] = $arr['author_xchan']; } else { if (($xchan_hash = import_author_xchan($x['owner'])) !== false) { $arr['owner_xchan'] = $xchan_hash; } else { return array(); } } if ($arr['sig']) { $r = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($arr['author_xchan'])); if ($r && rsa_verify($x['body'], base64url_decode($arr['sig']), $r[0]['xchan_pubkey'])) { $arr['item_verified'] = 1; } else { logger('get_item_elements: message verification failed.'); } } if (array_key_exists('revision', $x)) { // extended export encoding $arr['revision'] = $x['revision']; $arr['allow_cid'] = $x['allow_cid']; $arr['allow_gid'] = $x['allow_gid']; $arr['deny_cid'] = $x['deny_cid']; $arr['deny_gid'] = $x['deny_gid']; $arr['layout_mid'] = $x['layout_mid']; $arr['postopts'] = $x['postopts']; $arr['resource_id'] = $x['resource_id']; $arr['resource_type'] = $x['resource_type']; $arr['attach'] = $x['attach']; $arr['item_origin'] = $x['item_origin']; $arr['item_unseen'] = $x['item_unseen']; $arr['item_starred'] = $x['item_starred']; $arr['item_uplink'] = $x['item_uplink']; $arr['item_consensus'] = $x['item_consensus']; $arr['item_wall'] = $x['item_wall']; $arr['item_thread_top'] = $x['item_thread_top']; $arr['item_notshown'] = $x['item_notshown']; $arr['item_nsfw'] = $x['item_nsfw']; // local only $arr['item_relay'] = $x['item_relay']; $arr['item_mentionsme'] = $x['item_mentionsme']; $arr['item_nocomment'] = $x['item_nocomment']; // local only $arr['item_obscured'] = $x['item_obscured']; // local only $arr['item_verified'] = $x['item_verified']; $arr['item_retained'] = $x['item_retained']; $arr['item_rss'] = $x['item_rss']; $arr['item_deleted'] = $x['item_deleted']; $arr['item_type'] = $x['item_type']; $arr['item_hidden'] = $x['item_hidden']; $arr['item_unpublished'] = $x['item_unpublished']; $arr['item_delayed'] = $x['item_delayed']; $arr['item_pending_remove'] = $x['item_pending_remove']; $arr['item_blocked'] = $x['item_blocked']; if (array_key_exists('item_flags', $x)) { if ($x['item_flags'] & 0x4) { $arr['item_starred'] = 1; } if ($x['item_flags'] & 0x8) { $arr['item_uplink'] = 1; } if ($x['item_flags'] & 0x10) { $arr['item_consensus'] = 1; } if ($x['item_flags'] & 0x20) { $arr['item_wall'] = 1; } if ($x['item_flags'] & 0x40) { $arr['item_thread_top'] = 1; } if ($x['item_flags'] & 0x80) { $arr['item_notshown'] = 1; } if ($x['item_flags'] & 0x100) { $arr['item_nsfw'] = 1; } if ($x['item_flags'] & 0x400) { $arr['item_mentionsme'] = 1; } if ($x['item_flags'] & 0x800) { $arr['item_nocomment'] = 1; } if ($x['item_flags'] & 0x4000) { $arr['item_retained'] = 1; } if ($x['item_flags'] & 0x8000) { $arr['item_rss'] = 1; } } if (array_key_exists('item_restrict', $x)) { if ($x['item_restrict'] & 0x1) { $arr['item_hidden'] = 1; } if ($x['item_restrict'] & 0x2) { $arr['item_blocked'] = 1; } if ($x['item_restrict'] & 0x10) { $arr['item_deleted'] = 1; } if ($x['item_restrict'] & 0x20) { $arr['item_unpublished'] = 1; } if ($x['item_restrict'] & 0x40) { $arr['item_type'] = ITEM_TYPE_WEBPAGE; } if ($x['item_restrict'] & 0x80) { $arr['item_delayed'] = 1; } if ($x['item_restrict'] & 0x100) { $arr['item_type'] = ITEM_TYPE_BLOCK; } if ($x['item_restrict'] & 0x200) { $arr['item_type'] = ITEM_TYPE_PDL; } if ($x['item_restrict'] & 0x400) { $arr['item_type'] = ITEM_TYPE_BUG; } if ($x['item_restrict'] & 0x800) { $arr['item_pending_remove'] = 1; } if ($x['item_restrict'] & 0x1000) { $arr['item_type'] = ITEM_TYPE_DOC; } } } return $arr; }