function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0, $forpubsub = false) { $sitefeed = strlen($owner_nick) ? false : true; // not yet implemented, need to rewrite huge chunks of following logic $public_feed = $dfrn_id ? false : true; $starred = false; // not yet implemented, possible security issues $converse = false; if ($public_feed && $a->argc > 2) { for ($x = 2; $x < $a->argc; $x++) { if ($a->argv[$x] == 'converse') { $converse = true; } if ($a->argv[$x] == 'starred') { $starred = true; } if ($a->argv[$x] === 'category' && $a->argc > $x + 1 && strlen($a->argv[$x + 1])) { $category = $a->argv[$x + 1]; } } } // default permissions - anonymous user $sql_extra = " AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' "; $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`\n\t\tFROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`\n\t\tWHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1", dbesc($owner_nick)); if (!count($r)) { killme(); } $owner = $r[0]; $owner_id = $owner['user_uid']; $owner_nick = $owner['nickname']; $birthday = feed_birthday($owner_id, $owner['timezone']); $sql_post_table = ""; $visibility = ""; if (!$public_feed) { $sql_extra = ''; switch ($direction) { case -1: $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); $my_id = $dfrn_id; break; case 0: $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); $my_id = '1:' . $dfrn_id; break; case 1: $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); $my_id = '0:' . $dfrn_id; break; default: return false; break; // NOTREACHED } $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `contact`.`uid` = %d {$sql_extra} LIMIT 1", intval($owner_id)); if (!count($r)) { killme(); } $contact = $r[0]; require_once 'include/security.php'; $groups = init_groups_visitor($contact['id']); if (count($groups)) { for ($x = 0; $x < count($groups); $x++) { $groups[$x] = '<' . intval($groups[$x]) . '>'; } $gs = implode('|', $groups); } else { $gs = '<<>>'; } // Impossible to match $sql_extra = sprintf("\n\t\t\tAND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )\n\t\t\tAND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )\n\t\t\tAND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\tAND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s')\n\t\t", intval($contact['id']), intval($contact['id']), dbesc($gs), dbesc($gs)); } if ($public_feed) { $sort = 'DESC'; } else { $sort = 'ASC'; } // Include answers to status.net posts in pubsub feeds if ($forpubsub) { $sql_post_table = "INNER JOIN `thread` ON `thread`.`iid` = `item`.`parent`\n\t\t\t\tLEFT JOIN `item` AS `thritem` ON `thritem`.`uri`=`item`.`thr-parent` AND `thritem`.`uid`=`item`.`uid`"; $visibility = sprintf("AND (`item`.`parent` = `item`.`id`) OR (`item`.`network` = '%s' AND ((`thread`.`network`='%s') OR (`thritem`.`network` = '%s')))", dbesc(NETWORK_DFRN), dbesc(NETWORK_OSTATUS), dbesc(NETWORK_OSTATUS)); $date_field = "`received`"; $sql_order = "`item`.`received` DESC"; } else { $date_field = "`changed`"; $sql_order = "`item`.`parent` " . $sort . ", `item`.`created` ASC"; } if (!strlen($last_update)) { $last_update = 'now -30 days'; } if (isset($category)) { $sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", dbesc(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($owner_id)); //$sql_extra .= file_tag_file_query('item',$category,'category'); } if ($public_feed) { if (!$converse) { $sql_extra .= " AND `contact`.`self` = 1 "; } } $check_date = datetime_convert('UTC', 'UTC', $last_update, 'Y-m-d H:i:s'); // AND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' ) // dbesc($check_date), $r = q("SELECT STRAIGHT_JOIN `item`.*, `item`.`id` AS `item_id`,\n\t\t`contact`.`name`, `contact`.`network`, `contact`.`photo`, `contact`.`url`,\n\t\t`contact`.`name-date`, `contact`.`uri-date`, `contact`.`avatar-date`,\n\t\t`contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,\n\t\t`contact`.`id` AS `contact-id`, `contact`.`uid` AS `contact-uid`,\n\t\t`sign`.`signed_text`, `sign`.`signature`, `sign`.`signer`\n\t\tFROM `item` {$sql_post_table}\n\t\tINNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tLEFT JOIN `sign` ON `sign`.`iid` = `item`.`id`\n\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`parent` != 0\n\t\tAND ((`item`.`wall` = 1) {$visibility}) AND `item`.{$date_field} > '%s'\n\t\t{$sql_extra}\n\t\tORDER BY {$sql_order} LIMIT 0, 300", intval($owner_id), dbesc($check_date), dbesc($sort)); // Will check further below if this actually returned results. // We will provide an empty feed if that is the case. $items = $r; $feed_template = get_markup_template($dfrn_id ? 'atom_feed_dfrn.tpl' : 'atom_feed.tpl'); $atom = ''; $hubxml = feed_hublinks(); $salmon = feed_salmonlinks($owner_nick); $alternatelink = $owner['url']; if (isset($category)) { $alternatelink .= "/category/" . $category; } $atom .= replace_macros($feed_template, array('$version' => xmlify(FRIENDICA_VERSION), '$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick), '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)), '$hub' => $hubxml, '$salmon' => $salmon, '$alternatelink' => xmlify($alternatelink), '$name' => xmlify($owner['name']), '$profile_page' => xmlify($owner['url']), '$photo' => xmlify($owner['photo']), '$thumb' => xmlify($owner['thumb']), '$picdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['avatar-date'] . '+00:00', ATOM_TIME)), '$uridate' => xmlify(datetime_convert('UTC', 'UTC', $owner['uri-date'] . '+00:00', ATOM_TIME)), '$namdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['name-date'] . '+00:00', ATOM_TIME)), '$birthday' => strlen($birthday) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : '', '$community' => $owner['page-flags'] == PAGE_COMMUNITY ? '<dfrn:community>1</dfrn:community>' : '')); call_hooks('atom_feed', $atom); if (!count($items)) { call_hooks('atom_feed_end', $atom); $atom .= '</feed>' . "\r\n"; return $atom; } foreach ($items as $item) { // prevent private email from leaking. if ($item['network'] === NETWORK_MAIL) { continue; } // public feeds get html, our own nodes use bbcode if ($public_feed) { $type = 'html'; // catch any email that's in a public conversation and make sure it doesn't leak if ($item['private']) { continue; } } else { $type = 'text'; } $atom .= atom_entry($item, $type, null, $owner, true); } call_hooks('atom_feed_end', $atom); $atom .= '</feed>' . "\r\n"; return $atom; }
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) { // default permissions - anonymous user if (!strlen($owner_nick)) { killme(); } $public_feed = $dfrn_id ? false : true; $starred = false; $converse = false; if ($public_feed && $a->argc > 2) { for ($x = 2; $x < $a->argc; $x++) { if ($a->argv[$x] == 'converse') { $converse = true; } if ($a->argv[$x] == 'starred') { $starred = true; } } } $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`\n\t\tFROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`\n\t\tWHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1", dbesc($owner_nick)); if (!count($r)) { killme(); } $owner = $r[0]; $owner_id = $owner['user_uid']; $owner_nick = $owner['nickname']; $birthday = feed_birthday($owner_id, $owner['timezone']); if (!$public_feed) { $sql_extra = ''; switch ($direction) { case -1: $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); $my_id = $dfrn_id; break; case 0: $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); $my_id = '1:' . $dfrn_id; break; case 1: $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); $my_id = '0:' . $dfrn_id; break; default: return false; break; // NOTREACHED } $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `contact`.`uid` = %d {$sql_extra} LIMIT 1", intval($owner_id)); if (!count($r)) { killme(); } $contact = $r[0]; $groups = init_groups_visitor($contact['id']); if (count($groups)) { for ($x = 0; $x < count($groups); $x++) { $groups[$x] = '<' . intval($groups[$x]) . '>'; } $gs = implode('|', $groups); } else { $gs = '<<>>'; } // Impossible to match $sql_extra = sprintf(" \n\t\t\tAND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) \n\t\t\tAND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) \n\t\t\tAND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\tAND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') \n\t\t", intval($contact['id']), intval($contact['id']), dbesc($gs), dbesc($gs)); } if ($public_feed) { $sort = 'DESC'; } else { $sort = 'ASC'; } if (!strlen($last_update)) { $last_update = 'now -30 days'; } if ($public_feed) { if (!$converse) { $sql_extra .= " AND `contact`.`self` = 1 "; } } $check_date = datetime_convert('UTC', 'UTC', $last_update, 'Y-m-d H:i:s'); $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, \n\t\t`contact`.`name-date`, `contact`.`uri-date`, `contact`.`avatar-date`,\n\t\t`contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, \n\t\t`contact`.`id` AS `contact-id`, `contact`.`uid` AS `contact-uid`,\n\t\t`sign`.`signed_text`, `sign`.`signature`, `sign`.`signer`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tLEFT JOIN `sign` ON `sign`.`iid` = `item`.`id`\n\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`parent` != 0 \n\t\tAND `item`.`wall` = 1 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tAND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' )\n\t\t{$sql_extra}\n\t\tORDER BY `parent` %s, `created` ASC LIMIT 0, 300", intval($owner_id), dbesc($check_date), dbesc($check_date), dbesc($sort)); // Will check further below if this actually returned results. // We will provide an empty feed if that is the case. $items = $r; $feed_template = get_markup_template($dfrn_id ? 'atom_feed_dfrn.tpl' : 'atom_feed.tpl'); $atom = ''; $hubxml = feed_hublinks(); $salmon = feed_salmonlinks($owner_nick); $atom .= replace_macros($feed_template, array('$version' => xmlify(FRIENDICA_VERSION), '$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick), '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)), '$hub' => $hubxml, '$salmon' => $salmon, '$name' => xmlify($owner['name']), '$profile_page' => xmlify($owner['url']), '$photo' => xmlify($owner['photo']), '$thumb' => xmlify($owner['thumb']), '$picdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['avatar-date'] . '+00:00', ATOM_TIME)), '$uridate' => xmlify(datetime_convert('UTC', 'UTC', $owner['uri-date'] . '+00:00', ATOM_TIME)), '$namdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['name-date'] . '+00:00', ATOM_TIME)), '$birthday' => strlen($birthday) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : '')); call_hooks('atom_feed', $atom); if (!count($items)) { call_hooks('atom_feed_end', $atom); $atom .= '</feed>' . "\r\n"; return $atom; } foreach ($items as $item) { // public feeds get html, our own nodes use bbcode if ($public_feed) { $type = 'html'; // catch any email that's in a public conversation and make sure it doesn't leak if ($item['private']) { continue; } } else { $type = 'text'; } $atom .= atom_entry($item, $type, null, $owner, true); } call_hooks('atom_feed_end', $atom); $atom .= '</feed>' . "\r\n"; return $atom; }