Esempio n. 1
0
function get_item_elements($x)
{
    $arr = array();
    $arr['body'] = $x['body'] ? htmlspecialchars($x['body'], ENT_COMPAT, 'UTF-8', false) : '';
    $key = get_config('system', 'pubkey');
    $maxlen = get_max_import_size();
    if ($maxlen && mb_strlen($arr['body']) > $maxlen) {
        $arr['body'] = mb_substr($arr['body'], 0, $maxlen, 'UTF-8');
        logger('get_item_elements: message length exceeds max_import_size: truncated');
    }
    $arr['created'] = datetime_convert('UTC', 'UTC', $x['created']);
    $arr['edited'] = datetime_convert('UTC', 'UTC', $x['edited']);
    if ($arr['created'] > datetime_convert()) {
        $arr['created'] = datetime_convert();
    }
    if ($arr['edited'] > datetime_convert()) {
        $arr['edited'] = datetime_convert();
    }
    $arr['expires'] = x($x, 'expires') && $x['expires'] ? datetime_convert('UTC', 'UTC', $x['expires']) : NULL_DATE;
    $arr['commented'] = x($x, 'commented') && $x['commented'] ? datetime_convert('UTC', 'UTC', $x['commented']) : $arr['created'];
    $arr['comments_closed'] = x($x, 'comments_closed') && $x['comments_closed'] ? datetime_convert('UTC', 'UTC', $x['comments_closed']) : NULL_DATE;
    $arr['title'] = $x['title'] ? htmlspecialchars($x['title'], ENT_COMPAT, 'UTF-8', false) : '';
    if (mb_strlen($arr['title']) > 255) {
        $arr['title'] = mb_substr($arr['title'], 0, 255);
    }
    $arr['app'] = $x['app'] ? htmlspecialchars($x['app'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['route'] = $x['route'] ? htmlspecialchars($x['route'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['mid'] = $x['message_id'] ? htmlspecialchars($x['message_id'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['parent_mid'] = $x['message_top'] ? htmlspecialchars($x['message_top'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['thr_parent'] = $x['message_parent'] ? htmlspecialchars($x['message_parent'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['plink'] = $x['permalink'] ? htmlspecialchars($x['permalink'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['location'] = $x['location'] ? htmlspecialchars($x['location'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['coord'] = $x['longlat'] ? htmlspecialchars($x['longlat'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['verb'] = $x['verb'] ? htmlspecialchars($x['verb'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['mimetype'] = $x['mimetype'] ? htmlspecialchars($x['mimetype'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['obj_type'] = $x['object_type'] ? htmlspecialchars($x['object_type'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['tgt_type'] = $x['target_type'] ? htmlspecialchars($x['target_type'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['public_policy'] = $x['public_scope'] ? htmlspecialchars($x['public_scope'], ENT_COMPAT, 'UTF-8', false) : '';
    if ($arr['public_policy'] === 'public') {
        $arr['public_policy'] = '';
    }
    $arr['comment_policy'] = $x['comment_scope'] ? htmlspecialchars($x['comment_scope'], ENT_COMPAT, 'UTF-8', false) : 'contacts';
    $arr['sig'] = $x['signature'] ? htmlspecialchars($x['signature'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['diaspora_meta'] = $x['diaspora_signature'] ? json_encode(crypto_encapsulate($x['diaspora_signature'], $key)) : '';
    $arr['object'] = activity_sanitise($x['object']);
    $arr['target'] = activity_sanitise($x['target']);
    $arr['attach'] = activity_sanitise($x['attach']);
    $arr['term'] = decode_tags($x['tags']);
    $arr['item_private'] = array_key_exists('flags', $x) && is_array($x['flags']) && in_array('private', $x['flags']) ? 1 : 0;
    $arr['item_flags'] = 0;
    if (array_key_exists('flags', $x) && in_array('consensus', $x['flags'])) {
        $arr['item_flags'] |= ITEM_CONSENSUS;
    }
    if (array_key_exists('flags', $x) && in_array('deleted', $x['flags'])) {
        $arr['item_restrict'] |= ITEM_DELETED;
    }
    if (array_key_exists('flags', $x) && in_array('hidden', $x['flags'])) {
        $arr['item_restrict'] |= ITEM_HIDDEN;
    }
    // Here's the deal - the site might be down or whatever but if there's a new person you've never
    // seen before sending stuff to your stream, we MUST be able to look them up and import their data from their
    // hub and verify that they are legit - or else we're going to toss the post. We only need to do this
    // once, and after that your hub knows them. Sure some info is in the post, but it's only a transit identifier
    // and not enough info to be able to look you up from your hash - which is the only thing stored with the post.
    if (($xchan_hash = import_author_xchan($x['author'])) !== false) {
        $arr['author_xchan'] = $xchan_hash;
    } else {
        return array();
    }
    // save a potentially expensive lookup if author == owner
    if ($arr['author_xchan'] === make_xchan_hash($x['owner']['guid'], $x['owner']['guid_sig'])) {
        $arr['owner_xchan'] = $arr['author_xchan'];
    } else {
        if (($xchan_hash = import_author_xchan($x['owner'])) !== false) {
            $arr['owner_xchan'] = $xchan_hash;
        } else {
            return array();
        }
    }
    if ($arr['sig']) {
        $r = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($arr['author_xchan']));
        if ($r && rsa_verify($x['body'], base64url_decode($arr['sig']), $r[0]['xchan_pubkey'])) {
            $arr['item_flags'] |= ITEM_VERIFIED;
        } else {
            logger('get_item_elements: message verification failed.');
        }
    }
    // if it's a private post, encrypt it in the DB.
    // We have to do that here because we need to cleanse the input and prevent bad stuff from getting in,
    // and we need plaintext to do that.
    if (intval($arr['item_private'])) {
        $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
        if ($arr['title']) {
            $arr['title'] = json_encode(crypto_encapsulate($arr['title'], $key));
        }
        if ($arr['body']) {
            $arr['body'] = json_encode(crypto_encapsulate($arr['body'], $key));
        }
    }
    if (array_key_exists('revision', $x)) {
        // extended export encoding
        $arr['revision'] = $x['revision'];
        $arr['allow_cid'] = $x['allow_cid'];
        $arr['allow_gid'] = $x['allow_gid'];
        $arr['deny_cid'] = $x['deny_cid'];
        $arr['deny_gid'] = $x['deny_gid'];
        $arr['layout_mid'] = $x['layout_mid'];
        $arr['postopts'] = $x['postopts'];
        $arr['resource_id'] = $x['resource_id'];
        $arr['resource_type'] = $x['resource_type'];
        $arr['item_restrict'] = $x['item_restrict'];
        $arr['item_flags'] = $x['item_flags'];
        $arr['attach'] = $x['attach'];
    }
    return $arr;
}
Esempio n. 2
0
function get_item_elements($x, $allow_code = false)
{
    $arr = array();
    if ($allow_code) {
        $arr['body'] = $x['body'];
    } else {
        $arr['body'] = $x['body'] ? htmlspecialchars($x['body'], ENT_COMPAT, 'UTF-8', false) : '';
    }
    $key = get_config('system', 'pubkey');
    $maxlen = get_max_import_size();
    if ($maxlen && mb_strlen($arr['body']) > $maxlen) {
        $arr['body'] = mb_substr($arr['body'], 0, $maxlen, 'UTF-8');
        logger('get_item_elements: message length exceeds max_import_size: truncated');
    }
    $arr['created'] = datetime_convert('UTC', 'UTC', $x['created']);
    $arr['edited'] = datetime_convert('UTC', 'UTC', $x['edited']);
    if ($arr['created'] > datetime_convert()) {
        $arr['created'] = datetime_convert();
    }
    if ($arr['edited'] > datetime_convert()) {
        $arr['edited'] = datetime_convert();
    }
    $arr['expires'] = x($x, 'expires') && $x['expires'] ? datetime_convert('UTC', 'UTC', $x['expires']) : NULL_DATE;
    $arr['commented'] = x($x, 'commented') && $x['commented'] ? datetime_convert('UTC', 'UTC', $x['commented']) : $arr['created'];
    $arr['comments_closed'] = x($x, 'comments_closed') && $x['comments_closed'] ? datetime_convert('UTC', 'UTC', $x['comments_closed']) : NULL_DATE;
    $arr['title'] = $x['title'] ? htmlspecialchars($x['title'], ENT_COMPAT, 'UTF-8', false) : '';
    if (mb_strlen($arr['title']) > 255) {
        $arr['title'] = mb_substr($arr['title'], 0, 255);
    }
    $arr['app'] = $x['app'] ? htmlspecialchars($x['app'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['route'] = $x['route'] ? htmlspecialchars($x['route'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['mid'] = $x['message_id'] ? htmlspecialchars($x['message_id'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['parent_mid'] = $x['message_top'] ? htmlspecialchars($x['message_top'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['thr_parent'] = $x['message_parent'] ? htmlspecialchars($x['message_parent'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['plink'] = $x['permalink'] ? htmlspecialchars($x['permalink'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['location'] = $x['location'] ? htmlspecialchars($x['location'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['coord'] = $x['longlat'] ? htmlspecialchars($x['longlat'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['verb'] = $x['verb'] ? htmlspecialchars($x['verb'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['mimetype'] = $x['mimetype'] ? htmlspecialchars($x['mimetype'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['obj_type'] = $x['object_type'] ? htmlspecialchars($x['object_type'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['tgt_type'] = $x['target_type'] ? htmlspecialchars($x['target_type'], ENT_COMPAT, 'UTF-8', false) : '';
    $arr['public_policy'] = $x['public_scope'] ? htmlspecialchars($x['public_scope'], ENT_COMPAT, 'UTF-8', false) : '';
    if ($arr['public_policy'] === 'public') {
        $arr['public_policy'] = '';
    }
    $arr['comment_policy'] = $x['comment_scope'] ? htmlspecialchars($x['comment_scope'], ENT_COMPAT, 'UTF-8', false) : 'contacts';
    $arr['sig'] = $x['signature'] ? htmlspecialchars($x['signature'], ENT_COMPAT, 'UTF-8', false) : '';
    if (array_key_exists('diaspora_signature', $x) && is_array($x['diaspora_signature'])) {
        $x['diaspora_signature'] = json_encode($x['diaspora_signature']);
    }
    $arr['diaspora_meta'] = $x['diaspora_signature'] ? $x['diaspora_signature'] : '';
    $arr['object'] = activity_sanitise($x['object']);
    $arr['target'] = activity_sanitise($x['target']);
    $arr['attach'] = activity_sanitise($x['attach']);
    $arr['term'] = decode_tags($x['tags']);
    $arr['item_private'] = array_key_exists('flags', $x) && is_array($x['flags']) && in_array('private', $x['flags']) ? 1 : 0;
    $arr['item_flags'] = 0;
    if (array_key_exists('flags', $x) && in_array('consensus', $x['flags'])) {
        $arr['item_consensus'] = 1;
    }
    if (array_key_exists('flags', $x) && in_array('deleted', $x['flags'])) {
        $arr['item_deleted'] = 1;
    }
    if (array_key_exists('flags', $x) && in_array('hidden', $x['flags'])) {
        $arr['item_hidden'] = 1;
    }
    // Here's the deal - the site might be down or whatever but if there's a new person you've never
    // seen before sending stuff to your stream, we MUST be able to look them up and import their data from their
    // hub and verify that they are legit - or else we're going to toss the post. We only need to do this
    // once, and after that your hub knows them. Sure some info is in the post, but it's only a transit identifier
    // and not enough info to be able to look you up from your hash - which is the only thing stored with the post.
    if (($xchan_hash = import_author_xchan($x['author'])) !== false) {
        $arr['author_xchan'] = $xchan_hash;
    } else {
        return array();
    }
    // save a potentially expensive lookup if author == owner
    if ($arr['author_xchan'] === make_xchan_hash($x['owner']['guid'], $x['owner']['guid_sig'])) {
        $arr['owner_xchan'] = $arr['author_xchan'];
    } else {
        if (($xchan_hash = import_author_xchan($x['owner'])) !== false) {
            $arr['owner_xchan'] = $xchan_hash;
        } else {
            return array();
        }
    }
    if ($arr['sig']) {
        $r = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($arr['author_xchan']));
        if ($r && rsa_verify($x['body'], base64url_decode($arr['sig']), $r[0]['xchan_pubkey'])) {
            $arr['item_verified'] = 1;
        } else {
            logger('get_item_elements: message verification failed.');
        }
    }
    if (array_key_exists('revision', $x)) {
        // extended export encoding
        $arr['revision'] = $x['revision'];
        $arr['allow_cid'] = $x['allow_cid'];
        $arr['allow_gid'] = $x['allow_gid'];
        $arr['deny_cid'] = $x['deny_cid'];
        $arr['deny_gid'] = $x['deny_gid'];
        $arr['layout_mid'] = $x['layout_mid'];
        $arr['postopts'] = $x['postopts'];
        $arr['resource_id'] = $x['resource_id'];
        $arr['resource_type'] = $x['resource_type'];
        $arr['attach'] = $x['attach'];
        $arr['item_origin'] = $x['item_origin'];
        $arr['item_unseen'] = $x['item_unseen'];
        $arr['item_starred'] = $x['item_starred'];
        $arr['item_uplink'] = $x['item_uplink'];
        $arr['item_consensus'] = $x['item_consensus'];
        $arr['item_wall'] = $x['item_wall'];
        $arr['item_thread_top'] = $x['item_thread_top'];
        $arr['item_notshown'] = $x['item_notshown'];
        $arr['item_nsfw'] = $x['item_nsfw'];
        // local only		$arr['item_relay'] = $x['item_relay'];
        $arr['item_mentionsme'] = $x['item_mentionsme'];
        $arr['item_nocomment'] = $x['item_nocomment'];
        // local only $arr['item_obscured'] = $x['item_obscured'];
        // local only $arr['item_verified'] = $x['item_verified'];
        $arr['item_retained'] = $x['item_retained'];
        $arr['item_rss'] = $x['item_rss'];
        $arr['item_deleted'] = $x['item_deleted'];
        $arr['item_type'] = $x['item_type'];
        $arr['item_hidden'] = $x['item_hidden'];
        $arr['item_unpublished'] = $x['item_unpublished'];
        $arr['item_delayed'] = $x['item_delayed'];
        $arr['item_pending_remove'] = $x['item_pending_remove'];
        $arr['item_blocked'] = $x['item_blocked'];
        if (array_key_exists('item_flags', $x)) {
            if ($x['item_flags'] & 0x4) {
                $arr['item_starred'] = 1;
            }
            if ($x['item_flags'] & 0x8) {
                $arr['item_uplink'] = 1;
            }
            if ($x['item_flags'] & 0x10) {
                $arr['item_consensus'] = 1;
            }
            if ($x['item_flags'] & 0x20) {
                $arr['item_wall'] = 1;
            }
            if ($x['item_flags'] & 0x40) {
                $arr['item_thread_top'] = 1;
            }
            if ($x['item_flags'] & 0x80) {
                $arr['item_notshown'] = 1;
            }
            if ($x['item_flags'] & 0x100) {
                $arr['item_nsfw'] = 1;
            }
            if ($x['item_flags'] & 0x400) {
                $arr['item_mentionsme'] = 1;
            }
            if ($x['item_flags'] & 0x800) {
                $arr['item_nocomment'] = 1;
            }
            if ($x['item_flags'] & 0x4000) {
                $arr['item_retained'] = 1;
            }
            if ($x['item_flags'] & 0x8000) {
                $arr['item_rss'] = 1;
            }
        }
        if (array_key_exists('item_restrict', $x)) {
            if ($x['item_restrict'] & 0x1) {
                $arr['item_hidden'] = 1;
            }
            if ($x['item_restrict'] & 0x2) {
                $arr['item_blocked'] = 1;
            }
            if ($x['item_restrict'] & 0x10) {
                $arr['item_deleted'] = 1;
            }
            if ($x['item_restrict'] & 0x20) {
                $arr['item_unpublished'] = 1;
            }
            if ($x['item_restrict'] & 0x40) {
                $arr['item_type'] = ITEM_TYPE_WEBPAGE;
            }
            if ($x['item_restrict'] & 0x80) {
                $arr['item_delayed'] = 1;
            }
            if ($x['item_restrict'] & 0x100) {
                $arr['item_type'] = ITEM_TYPE_BLOCK;
            }
            if ($x['item_restrict'] & 0x200) {
                $arr['item_type'] = ITEM_TYPE_PDL;
            }
            if ($x['item_restrict'] & 0x400) {
                $arr['item_type'] = ITEM_TYPE_BUG;
            }
            if ($x['item_restrict'] & 0x800) {
                $arr['item_pending_remove'] = 1;
            }
            if ($x['item_restrict'] & 0x1000) {
                $arr['item_type'] = ITEM_TYPE_DOC;
            }
        }
    }
    return $arr;
}