Handles symbols from Latin languages, Greek, Turkish, Bulgarian, Russian,
Ukrainian, Czech, Polish, Romanian, Latvian, Lithuanian, Vietnamese, Arabic,
Serbian, and Azerbaijani. Symbols it cannot transliterate
it will simply omit.
Usage:
echo URLify::filter (' J\'étudie le français ');
"jetudie-le-francais"
echo URLify::filter ('Lo siento, no hablo español.');
"lo-siento-no-hablo-espanol"
public function publishToPage(Page $c, $data, $controls)
{
$slug = array_filter($controls, function ($item) {
if ($item instanceof UrlSlugCorePageProperty) {
return true;
}
return false;
});
$this->addPageTypeComposerControlRequestValue('cName', $data['name']);
if (!count($slug) && $c->isPageDraft()) {
$txt = new \URLify();
$this->addPageTypeComposerControlRequestValue('cHandle', $txt->filter($data['name']));
}
parent::publishToPage($c, $data, $controls);
}
public function filter($value)
{
URLify::$remove_list = array();
$value = URLify::filter($value, 60, 'de');
$value = str_replace('-', '_', $value);
return $value;
}
/**
* {@inheritdoc}
*/
public function upload($fp, $dst, $name, $tmpname)
{
$this->setConnectorFromPlugin();
// upload file by elfinder.
$result = parent::upload($fp, $dst, $name, $tmpname);
$name = $result['name'];
$filtered = \URLify::filter($result['name'], 80);
if (strcmp($name, $filtered) != 0) {
/*$arg = array('target' => $file['hash'], 'name' => $filtered);
$elFinder->exec('rename', $arg);*/
$this->rename($result['hash'], $filtered);
}
$realPath = $this->realpath($result['hash']);
if (!empty($realPath)) {
// Getting file info
//$info = $elFinder->exec('file', array('target' => $file['hash']));
/** @var elFinderVolumeLocalFileSystem $volume */
//$volume = $info['volume'];
//$root = $volume->root();
//var/www/chamilogits/data/courses/NEWONE/document
$realPathRoot = $this->getCourseDocumentSysPath();
// Removing course path
$realPath = str_replace($realPathRoot, '/', $realPath);
\FileManager::add_document($this->connector->course, $realPath, 'file', intval($result['size']), $result['name']);
}
return $result;
}
public function execute(Stdio $stdio, array $params = [])
{
if (strpos($params['source'], 'data/') !== 0) {
throw new \DomainException('The source must be in the data directory.');
}
if (strpos($params['target'], 'data/') !== 0) {
throw new \DomainException('The target must be in the data directory.');
}
$params['source'] = substr($params['source'], strlen('data/'));
$params['target'] = substr($params['target'], strlen('data/'));
$match = preg_match('/^(?:.*?\\/)?([0-9]{4}-[0-9]{2}-[0-9]{2}\\.|[0-9]+\\.|)([^\\/]*)$/', $params['source'], $matches);
$matches[1] = trim($matches[1], '.');
if ($params['--date']) {
$matches[1] = (new \DateTime())->format('Y-m-d');
}
if ($params['--title']) {
$matches[2] = \URLify::filter($params['--title']);
}
$file = trim($params['target'], '/') . '/';
$file .= $params['--date'] ? $matches[1] . '.' : '';
$file .= $matches[2];
$this->hooks->call('before.move');
$this->data->move($params['source'], $file);
if ($params['--title']) {
$data = $this->data->read($file);
$data['title'] = $params['--title'];
$this->data->write($file, $data);
}
$stdio->outln('<<magenta>>' . $params['source'] . ' moved to ' . $file . '<<reset>>');
$this->hooks->call('after.move');
return Status::SUCCESS;
}
public function setFile($title, $fieldName)
{
$storage = new \Upload\Storage\FileSystem(self::PATH_ORIGINALS);
$this->file = new \Upload\File($fieldName, $storage);
$filename = \URLify::filter($title);
$this->file->setName($filename . '-' . uniqid());
$this->file->addValidations([new \Upload\Validation\Mimetype(['image/png', 'image/jpg', 'image/jpeg', 'image/gif']), new \Upload\Validation\Size('5M')]);
}
/**
* LogFile constructor.
*
* @param string $name
* @param string $clientSlug
* @param array $args
*/
public function __construct($name, $clientSlug, $args)
{
setlocale(LC_ALL, 'en_US.UTF8');
$this->name = $name;
$this->slug = \URLify::filter($name);
$this->collectionSlug = \URLify::filter($clientSlug);
$this->args = $args;
$this->lines = new ArrayCollection();
$this->loggers = new ArrayCollection();
}
/**
* @inheritdoc
*/
public function run()
{
if (Yii::$app->request->isPost) {
if (isset($_POST['filename'])) {
$this->fileName = \URLify::filter(pathinfo($_POST['filename'], PATHINFO_FILENAME), 255, "", true) . '_' . uniqid() . '.' . pathinfo($_POST['filename'], PATHINFO_EXTENSION);
$upload_dir = $this->uploadDir;
$upload_file = $this->fileName;
$uploader = new FileUpload('uploadfile');
$uploader->newFileName = $this->fileName;
$uploader->sizeLimit = $this->fileSizeLimit;
// Handle the upload
$result = $uploader->handleUpload($upload_dir);
unset($_POST['filename']);
if (!$result) {
$upload_result = json_encode(array('success' => false, 'msg' => $uploader->getErrorMsg()));
} else {
if ($this->isImage($upload_dir . $upload_file)) {
//
$image_name = $upload_dir . $upload_file;
// resize with calculate aspect ratio
list($image_width, $image_height, $type, $attr) = getimagesize($image_name);
$ratio = $image_width / $image_height;
if ($ratio > 1) {
$target_width = $this->resize_max_width;
$target_height = $this->resize_max_width / $ratio;
} else {
$target_width = $this->resize_max_height * $ratio;
$target_height = $this->resize_max_height;
}
// resize image if original dimension is bigger from max size
if ($target_width < $this->resize_max_width || $target_height < $this->resize_max_height) {
Image::thumbnail($image_name, $target_width, $target_height, ManipulatorInterface::THUMBNAIL_INSET)->save($image_name);
}
// apply watermark
if ($this->watermark) {
Image::watermark($image_name, $this->watermark)->save($image_name);
}
}
// thumbnails create
if ($this->thumbnail && $this->isImage($image_name) && ($this->thumbnail_width > 0 && $this->thumbnail_height > 0)) {
Image::thumbnail($image_name, $this->thumbnail_width, $this->thumbnail_height)->save($upload_dir . 'thumbs/' . $upload_file);
}
$upload_result = ['success' => true, 'filelink' => $upload_file];
}
Yii::$app->response->format = Response::FORMAT_JSON;
return $upload_result;
}
} else {
throw new BadRequestHttpException(Yii::t('upload', 'ONLY_POST_REQUEST'));
}
}
/**
* @param string $value
* @return string
*/
public function filter($value)
{
$transliterated = \URLify::transliterate($value);
if ($this->replaceSpacesWithDashes) {
$filter = new SeparatorToSeparator(' ', '_');
$transliterated = $filter->filter($transliterated);
} else {
if ($this->replaceSpacesWithSeparator) {
$filter = new SeparatorToSeparator(' ', $this->separator);
$transliterated = $filter->filter($transliterated);
}
}
return $transliterated;
}
/**
* Creates a new model.
* If creation is successful, the browser will be redirected to the 'view' page.
*/
public function actionNovo()
{
$model = new Depoimento();
$professor = Professor::model()->findByPk($_POST['Depoimento']['id_professor']);
if (!empty($_POST['Depoimento'])) {
if (empty($_POST['Depoimento']['nome'])) {
unset($_POST['Depoimento']['nome']);
}
$model->attributes = $_POST['Depoimento'];
$model->id_disciplina = empty($_POST['Depoimento']['id_disciplina']) ? null : $_POST['Depoimento']['id_disciplina'];
if ($model->save()) {
Yii::app()->user->setFlash('success', "Seu depoimento foi enviado com sucesso e está aguardando aprovação.");
$this->redirect(Yii::app()->baseUrl . '/professor/' . $model->id_professor . '/' . URLify::filter($professor->nome));
}
}
}
/** Takes text and converts it to an ASCII-only string (characters with code between 32 and 127, plus \t, \n and \r).
* @param string $text The text to be converted.
* @param string $locale='' The locale for the string. If not specified we consider the current locale.
* @return string
*/
public function asciify($text, $locale = '')
{
if (!strlen($locale)) {
$locale = \Localization::activeLocale();
}
$language = substr($locale, 0, strcspn($locale, '_'));
$text = \URLify::downcode($text, $language);
if (preg_match('/[^\\t\\r\\n\\x20-\\x7e]/', $text)) {
if (function_exists('iconv')) {
$t = @iconv(APP_CHARSET, 'US-ASCII//IGNORE//TRANSLIT', $text);
if (is_string($t)) {
$text = $t;
}
}
$text = preg_replace('/[^\\t\\r\\n\\x20-\\x7e]/', '', $text);
}
return $text;
}
function new_channel_init(&$a)
{
$cmd = argc() > 1 ? argv(1) : '';
if ($cmd === 'autofill.json') {
require_once 'library/urlify/URLify.php';
$result = array('error' => false, 'message' => '');
$n = trim($_REQUEST['name']);
$x = strtolower(URLify::transliterate($n));
$test = array();
// first name
if (strpos($x, ' ')) {
$test[] = legal_webbie(substr($x, 0, strpos($x, ' ')));
}
if ($test[0]) {
// first name plus first initial of last
$test[] = strpos($x, ' ') ? $test[0] . legal_webbie(trim(substr($x, strpos($x, ' '), 2))) : '';
// first name plus random number
$test[] = $test[0] . mt_rand(1000, 9999);
}
// fullname
$test[] = legal_webbie($x);
// fullname plus random number
$test[] = legal_webbie($x) . mt_rand(1000, 9999);
json_return_and_die(check_webbie($test));
}
if ($cmd === 'checkaddr.json') {
require_once 'library/urlify/URLify.php';
$result = array('error' => false, 'message' => '');
$n = trim($_REQUEST['nick']);
$x = strtolower(URLify::transliterate($n));
$test = array();
$n = legal_webbie($x);
if (strlen($n)) {
$test[] = $n;
$test[] = $n . mt_rand(1000, 9999);
}
for ($y = 0; $y < 100; $y++) {
$test[] = 'id' . mt_rand(1000, 9999);
}
json_return_and_die(check_webbie($test));
}
}
public function execute(Stdio $stdio, array $params = [])
{
if (strpos($params['target'], 'data/') !== 0) {
throw new \DomainException('The target must be in the data directory.');
}
$params['target'] = substr($params['target'], strlen('data/'));
if (!empty($params['--related'])) {
foreach ($params['--related'] as $key => $related) {
if (strpos($related, 'data/') !== 0) {
throw new \DomainException('Each --related must be in the data directory.');
}
$params['--related'][$key] = substr(dirname($related), strlen('data/')) . '/' . pathinfo($related, PATHINFO_FILENAME);
}
}
$data = [];
foreach (['title', 'summary', '--related'] as $param_key) {
if (!empty($params[$param_key])) {
$data[trim($param_key, '-')] = $params[$param_key];
}
}
$file = '';
if ($params['target']) {
$file = trim($params['target'], '/') . '/';
}
if ($params['--date']) {
$file .= (new \DateTime())->format('Y-m-d') . '.';
}
$file .= \URLify::filter($data['title']);
$file .= $params['--ext'] ? $params['--ext'] : '.md';
$file = trim($file, '/');
$this->hooks->call('before.make');
$this->data->write($file, $data);
$stdio->outln('<<magenta>>' . $file . ' published on ' . (new \DateTime())->format('Y-m-d') . '<<reset>>');
$this->hooks->call('after.make');
return Status::SUCCESS;
}
function item_post(&$a)
{
// This will change. Figure out who the observer is and whether or not
// they have permission to post here. Else ignore the post.
if (!local_channel() && !remote_channel() && !x($_REQUEST, 'commenter')) {
return;
}
require_once 'include/security.php';
$uid = local_channel();
$channel = null;
$observer = null;
/**
* Is this a reply to something?
*/
$parent = x($_REQUEST, 'parent') ? intval($_REQUEST['parent']) : 0;
$parent_mid = x($_REQUEST, 'parent_mid') ? trim($_REQUEST['parent_mid']) : '';
$remote_xchan = x($_REQUEST, 'remote_xchan') ? trim($_REQUEST['remote_xchan']) : false;
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($remote_xchan));
if ($r) {
$remote_observer = $r[0];
} else {
$remote_xchan = $remote_observer = false;
}
$profile_uid = x($_REQUEST, 'profile_uid') ? intval($_REQUEST['profile_uid']) : 0;
require_once 'include/identity.php';
$sys = get_sys_channel();
if ($sys && $profile_uid && $sys['channel_id'] == $profile_uid && is_site_admin()) {
$uid = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
if (x($_REQUEST, 'dropitems')) {
require_once 'include/items.php';
$arr_drop = explode(',', $_REQUEST['dropitems']);
drop_items($arr_drop);
$json = array('success' => 1);
echo json_encode($json);
killme();
}
call_hooks('post_local_start', $_REQUEST);
// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
$api_source = x($_REQUEST, 'api_source') && $_REQUEST['api_source'] ? true : false;
$consensus = intval($_REQUEST['consensus']);
// 'origin' (if non-zero) indicates that this network is where the message originated,
// for the purpose of relaying comments to other conversation members.
// If using the API from a device (leaf node) you must set origin to 1 (default) or leave unset.
// If the API is used from another network with its own distribution
// and deliveries, you may wish to set origin to 0 or false and allow the other
// network to relay comments.
// If you are unsure, it is prudent (and important) to leave it unset.
$origin = $api_source && array_key_exists('origin', $_REQUEST) ? intval($_REQUEST['origin']) : 1;
// To represent message-ids on other networks - this will create an item_id record
$namespace = $api_source && array_key_exists('namespace', $_REQUEST) ? strip_tags($_REQUEST['namespace']) : '';
$remote_id = $api_source && array_key_exists('remote_id', $_REQUEST) ? strip_tags($_REQUEST['remote_id']) : '';
$owner_hash = null;
$message_id = x($_REQUEST, 'message_id') && $api_source ? strip_tags($_REQUEST['message_id']) : '';
$created = x($_REQUEST, 'created') ? datetime_convert('UTC', 'UTC', $_REQUEST['created']) : datetime_convert();
$post_id = x($_REQUEST, 'post_id') ? intval($_REQUEST['post_id']) : 0;
$app = x($_REQUEST, 'source') ? strip_tags($_REQUEST['source']) : '';
$return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : '';
$preview = x($_REQUEST, 'preview') ? intval($_REQUEST['preview']) : 0;
$categories = x($_REQUEST, 'category') ? escape_tags($_REQUEST['category']) : '';
$webpage = x($_REQUEST, 'webpage') ? intval($_REQUEST['webpage']) : 0;
$pagetitle = x($_REQUEST, 'pagetitle') ? escape_tags(urlencode($_REQUEST['pagetitle'])) : '';
$layout_mid = x($_REQUEST, 'layout_mid') ? escape_tags($_REQUEST['layout_mid']) : '';
$plink = x($_REQUEST, 'permalink') ? escape_tags($_REQUEST['permalink']) : '';
$obj_type = x($_REQUEST, 'obj_type') ? escape_tags($_REQUEST['obj_type']) : ACTIVITY_OBJ_NOTE;
// allow API to bulk load a bunch of imported items with sending out a bunch of posts.
$nopush = x($_REQUEST, 'nopush') ? intval($_REQUEST['nopush']) : 0;
/*
* Check service class limits
*/
if ($uid && !x($_REQUEST, 'parent') && !x($_REQUEST, 'post_id')) {
$ret = item_check_service_class($uid, $_REQUEST['webpage'] == ITEM_WEBPAGE ? true : false);
if (!$ret['success']) {
notice(t($ret['message']) . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
}
if ($pagetitle) {
require_once 'library/urlify/URLify.php';
$pagetitle = strtolower(URLify::transliterate($pagetitle));
}
$item_flags = $item_restrict = 0;
$route = '';
$parent_item = null;
$parent_contact = null;
$thr_parent = '';
$parid = 0;
$r = false;
if ($parent || $parent_mid) {
if (!x($_REQUEST, 'type')) {
$_REQUEST['type'] = 'net-comment';
}
if ($obj_type == ACTIVITY_OBJ_POST) {
$obj_type = ACTIVITY_OBJ_COMMENT;
}
if ($parent) {
$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1", intval($parent));
} elseif ($parent_mid && $uid) {
// This is coming from an API source, and we are logged in
$r = q("SELECT * FROM `item` WHERE `mid` = '%s' AND `uid` = %d LIMIT 1", dbesc($parent_mid), intval($uid));
}
// if this isn't the real parent of the conversation, find it
if ($r !== false && count($r)) {
$parid = $r[0]['parent'];
$parent_mid = $r[0]['mid'];
if ($r[0]['id'] != $r[0]['parent']) {
$r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1", intval($parid));
}
}
if ($r === false || !count($r)) {
notice(t('Unable to locate original post.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
// can_comment_on_post() needs info from the following xchan_query
xchan_query($r);
$parent_item = $r[0];
$parent = $r[0]['id'];
// multi-level threading - preserve the info but re-parent to our single level threading
$thr_parent = $parent_mid;
$route = $parent_item['route'];
}
if (!$observer) {
$observer = $a->get_observer();
}
if ($parent) {
logger('mod_item: item_post parent=' . $parent);
$can_comment = false;
if (array_key_exists('owner', $parent_item) && $parent_item['owner']['abook_flags'] & ABOOK_FLAG_SELF) {
$can_comment = perm_is_allowed($profile_uid, $observer['xchan_hash'], 'post_comments');
} else {
$can_comment = can_comment_on_post($observer['xchan_hash'], $parent_item);
}
if (!$can_comment) {
notice(t('Permission denied.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
} else {
if (!perm_is_allowed($profile_uid, $observer['xchan_hash'], 'post_wall')) {
notice(t('Permission denied.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
}
// is this an edited post?
$orig_post = null;
if ($namespace && $remote_id) {
// It wasn't an internally generated post - see if we've got an item matching this remote service id
$i = q("select iid from item_id where service = '%s' and sid = '%s' limit 1", dbesc($namespace), dbesc($remote_id));
if ($i) {
$post_id = $i[0]['iid'];
}
}
if ($post_id) {
$i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($post_id));
if (!count($i)) {
killme();
}
$orig_post = $i[0];
}
if (!$channel) {
if ($uid && $uid == $profile_uid) {
$channel = $a->get_channel();
} else {
// posting as yourself but not necessarily to a channel you control
$r = q("select * from channel left join account on channel_account_id = account_id where channel_id = %d LIMIT 1", intval($profile_uid));
if ($r) {
$channel = $r[0];
}
}
}
if (!$channel) {
logger("mod_item: no channel.");
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
$owner_xchan = null;
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($channel['channel_hash']));
if ($r && count($r)) {
$owner_xchan = $r[0];
} else {
logger("mod_item: no owner.");
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
$walltowall = false;
$walltowall_comment = false;
if ($remote_xchan) {
$observer = $remote_observer;
}
if ($observer) {
logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG);
// wall-to-wall detection.
// For top-level posts, if the author and owner are different it's a wall-to-wall
// For comments, We need to additionally look at the parent and see if it's a wall post that originated locally.
if ($observer['xchan_name'] != $owner_xchan['xchan_name']) {
if ($parent_item && ($parent_item['item_flags'] & (ITEM_WALL | ITEM_ORIGIN)) == (ITEM_WALL | ITEM_ORIGIN)) {
$walltowall_comment = true;
$walltowall = true;
}
if (!$parent) {
$walltowall = true;
}
}
}
$public_policy = x($_REQUEST, 'public_policy') ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'], true);
if ($webpage) {
$public_policy = '';
}
if ($public_policy) {
$private = 1;
}
if ($orig_post) {
$private = 0;
// webpages are allowed to change ACLs after the fact. Normal conversation items aren't.
if ($webpage) {
$str_group_allow = perms2str($_REQUEST['group_allow']);
$str_contact_allow = perms2str($_REQUEST['contact_allow']);
$str_group_deny = perms2str($_REQUEST['group_deny']);
$str_contact_deny = perms2str($_REQUEST['contact_deny']);
} else {
$str_group_allow = $orig_post['allow_gid'];
$str_contact_allow = $orig_post['allow_cid'];
$str_group_deny = $orig_post['deny_gid'];
$str_contact_deny = $orig_post['deny_cid'];
$public_policy = $orig_post['public_policy'];
$private = $orig_post['item_private'];
}
if (strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny) || strlen($public_policy) || $private) {
$private = 1;
}
$location = $orig_post['location'];
$coord = $orig_post['coord'];
$verb = $orig_post['verb'];
$app = $orig_post['app'];
$title = escape_tags(trim($_REQUEST['title']));
$body = trim($_REQUEST['body']);
$item_flags = $orig_post['item_flags'];
// force us to recalculate if we need to obscure this post
if ($item_flags & ITEM_OBSCURED) {
$item_flags = $item_flags ^ ITEM_OBSCURED;
}
$item_restrict = $orig_post['item_restrict'];
$postopts = $orig_post['postopts'];
$created = $orig_post['created'];
$mid = $orig_post['mid'];
$parent_mid = $orig_post['parent_mid'];
$plink = $orig_post['plink'];
} else {
// if coming from the API and no privacy settings are set,
// use the user default permissions - as they won't have
// been supplied via a form.
if ($api_source && !array_key_exists('contact_allow', $_REQUEST) && !array_key_exists('group_allow', $_REQUEST) && !array_key_exists('contact_deny', $_REQUEST) && !array_key_exists('group_deny', $_REQUEST)) {
$str_group_allow = $channel['channel_allow_gid'];
$str_contact_allow = $channel['channel_allow_cid'];
$str_group_deny = $channel['channel_deny_gid'];
$str_contact_deny = $channel['channel_deny_cid'];
} elseif ($walltowall) {
// use the channel owner's default permissions
$str_group_allow = $channel['channel_allow_gid'];
$str_contact_allow = $channel['channel_allow_cid'];
$str_group_deny = $channel['channel_deny_gid'];
$str_contact_deny = $channel['channel_deny_cid'];
} else {
// use the posted permissions
$str_group_allow = perms2str($_REQUEST['group_allow']);
$str_contact_allow = perms2str($_REQUEST['contact_allow']);
$str_group_deny = perms2str($_REQUEST['group_deny']);
$str_contact_deny = perms2str($_REQUEST['contact_deny']);
}
$location = notags(trim($_REQUEST['location']));
$coord = notags(trim($_REQUEST['coord']));
$verb = notags(trim($_REQUEST['verb']));
$title = escape_tags(trim($_REQUEST['title']));
$body = trim($_REQUEST['body']);
$body .= trim($_REQUEST['attachment']);
$postopts = '';
$private = strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny) || strlen($public_policy) ? 1 : 0;
// If this is a comment, set the permissions from the parent.
if ($parent_item) {
$private = 0;
if ($parent_item['item_private'] || strlen($parent_item['allow_cid']) || strlen($parent_item['allow_gid']) || strlen($parent_item['deny_cid']) || strlen($parent_item['deny_gid']) || strlen($parent_item['public_policy'])) {
$private = $parent_item['item_private'] ? $parent_item['item_private'] : 1;
}
$public_policy = $parent_item['public_policy'];
$str_contact_allow = $parent_item['allow_cid'];
$str_group_allow = $parent_item['allow_gid'];
$str_contact_deny = $parent_item['deny_cid'];
$str_group_deny = $parent_item['deny_gid'];
$owner_hash = $parent_item['owner_xchan'];
}
if (!strlen($body)) {
if ($preview) {
killme();
}
info(t('Empty post discarded.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
}
$expires = NULL_DATE;
if (feature_enabled($profile_uid, 'content_expire')) {
if (x($_REQUEST, 'expire')) {
$expires = datetime_convert(date_default_timezone_get(), 'UTC', $_REQUEST['expire']);
if ($expires <= datetime_convert()) {
$expires = NULL_DATE;
}
}
}
$mimetype = notags(trim($_REQUEST['mimetype']));
if (!$mimetype) {
$mimetype = 'text/bbcode';
}
if ($preview) {
$body = z_input_filter($profile_uid, $body, $mimetype);
}
// Verify ability to use html or php!!!
$execflag = false;
if ($mimetype === 'application/x-php') {
$z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", intval($profile_uid));
if ($z && ($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE || $z[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
if ($uid && get_account_id() == $z[0]['account_id']) {
$execflag = true;
} else {
notice(t('Executable content type not permitted to this channel.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
}
}
if ($mimetype === 'text/bbcode') {
require_once 'include/text.php';
if ($uid && $uid == $profile_uid && feature_enabled($uid, 'markdown')) {
require_once 'include/bb2diaspora.php';
$body = escape_tags($body);
$body = preg_replace_callback('/\\[share(.*?)\\]/ism', 'share_shield', $body);
$body = diaspora2bb($body, true);
$body = preg_replace_callback('/\\[share(.*?)\\]/ism', 'share_unshield', $body);
}
// BBCODE alert: the following functions assume bbcode input
// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)
// we may need virtual or template classes to implement the possible alternatives
// Work around doubled linefeeds in Tinymce 3.5b2
// First figure out if it's a status post that would've been
// created using tinymce. Otherwise leave it alone.
$plaintext = true;
// $plaintext = ((feature_enabled($profile_uid,'richtext')) ? false : true);
// if((! $parent) && (! $api_source) && (! $plaintext)) {
// $body = fix_mce_lf($body);
// }
// If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it, if our pconfig is set.
if (!$parent && get_pconfig($profile_uid, 'system', 'tagifonlyrecip') && substr_count($str_contact_allow, '<') == 1 && $str_group_allow == '' && $str_contact_deny == '' && $str_group_deny == '') {
$x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc(str_replace(array('<', '>'), array('', ''), $str_contact_allow)), intval($profile_uid));
if ($x && $x[0]['abook_their_perms'] & PERMS_W_TAGWALL) {
$body .= "\n\n@group+" . $x[0]['abook_id'] . "\n";
}
}
/**
* fix naked links by passing through a callback to see if this is a red site
* (already known to us) which will get a zrl, otherwise link with url, add bookmark tag to both.
* First protect any url inside certain bbcode tags so we don't double link it.
*/
$body = preg_replace_callback('/\\[code(.*?)\\[\\/(code)\\]/ism', 'red_escape_codeblock', $body);
$body = preg_replace_callback('/\\[url(.*?)\\[\\/(url)\\]/ism', 'red_escape_codeblock', $body);
$body = preg_replace_callback('/\\[zrl(.*?)\\[\\/(zrl)\\]/ism', 'red_escape_codeblock', $body);
$body = preg_replace_callback("/([^\\]\\='" . '"' . "\\/]|^|\\#\\^)(https?\\:\\/\\/[a-zA-Z0-9\\:\\/\\-\\?\\&\\;\\.\\=\\@\\_\\~\\#\\%\$\\!\\+\\,]+)/ism", 'red_zrl_callback', $body);
$body = preg_replace_callback('/\\[\\$b64zrl(.*?)\\[\\/(zrl)\\]/ism', 'red_unescape_codeblock', $body);
$body = preg_replace_callback('/\\[\\$b64url(.*?)\\[\\/(url)\\]/ism', 'red_unescape_codeblock', $body);
$body = preg_replace_callback('/\\[\\$b64code(.*?)\\[\\/(code)\\]/ism', 'red_unescape_codeblock', $body);
// fix any img tags that should be zmg
$body = preg_replace_callback('/\\[img(.*?)\\](.*?)\\[\\/img\\]/ism', 'red_zrlify_img_callback', $body);
$body = bb_translate_video($body);
/**
* Fold multi-line [code] sequences
*/
$body = preg_replace('/\\[\\/code\\]\\s*\\[code\\]/ism', "\n", $body);
$body = scale_external_images($body, false);
// Look for tags and linkify them
$results = linkify_tags($a, $body, $uid ? $uid : $profile_uid);
if ($results) {
// Set permissions based on tag replacements
set_linkified_perms($results, $str_contact_allow, $str_group_allow, $profile_uid, $parent_item, $private);
$post_tags = array();
foreach ($results as $result) {
$success = $result['success'];
if ($success['replaced']) {
$post_tags[] = array('uid' => $profile_uid, 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
}
}
}
/**
*
* When a photo was uploaded into the message using the (profile wall) ajax
* uploader, The permissions are initially set to disallow anybody but the
* owner from seeing it. This is because the permissions may not yet have been
* set for the post. If it's private, the photo permissions should be set
* appropriately. But we didn't know the final permissions on the post until
* now. So now we'll look for links of uploaded photos and attachments that are in the
* post and set them to the same permissions as the post itself.
*
* If the post was end-to-end encrypted we can't find images and attachments in the body,
* use our media_str input instead which only contains these elements - but only do this
* when encrypted content exists because the photo/attachment may have been removed from
* the post and we should keep it private. If it's encrypted we have no way of knowing
* so we'll set the permissions regardless and realise that the media may not be
* referenced in the post.
*
* What is preventing us from being able to upload photos into comments is dealing with
* the photo and attachment permissions, since we don't always know who was in the
* distribution for the top level post.
*
* We might be able to provide this functionality with a lot of fiddling:
* - if the top level post is public (make the photo public)
* - if the top level post was written by us or a wall post that belongs to us (match the top level post)
* - if the top level post has privacy mentions, add those to the permissions.
* - otherwise disallow the photo *or* make the photo public. This is the part that gets messy.
*/
if (!$preview) {
fix_attached_photo_permissions($profile_uid, $owner_xchan['xchan_hash'], strpos($body, '[/crypt]') ? $_POST['media_str'] : $body, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
fix_attached_file_permissions($channel, $observer['xchan_hash'], strpos($body, '[/crypt]') ? $_POST['media_str'] : $body, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
}
$attachments = '';
$match = false;
if (preg_match_all('/(\\[attachment\\](.*?)\\[\\/attachment\\])/', $body, $match)) {
$attachments = array();
foreach ($match[2] as $mtch) {
$hash = substr($mtch, 0, strpos($mtch, ','));
$rev = intval(substr($mtch, strpos($mtch, ',')));
$r = attach_by_hash_nodata($hash, $rev);
if ($r['success']) {
$attachments[] = array('href' => $a->get_baseurl() . '/attach/' . $r['data']['hash'], 'length' => $r['data']['filesize'], 'type' => $r['data']['filetype'], 'title' => urlencode($r['data']['filename']), 'revision' => $r['data']['revision']);
}
$body = str_replace($match[1], '', $body);
}
}
}
// BBCODE end alert
if (strlen($categories)) {
$cats = explode(',', $categories);
foreach ($cats as $cat) {
$post_tags[] = array('uid' => $profile_uid, 'type' => TERM_CATEGORY, 'otype' => TERM_OBJ_POST, 'term' => trim($cat), 'url' => $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat)));
}
}
$item_unseen = 1;
// determine if this is a wall post
if ($parent) {
if ($parent_item['item_flags'] & ITEM_WALL) {
$item_flags = $item_flags | ITEM_WALL;
}
} else {
if (!$webpage) {
$item_flags = $item_flags | ITEM_WALL;
}
}
if ($origin) {
$item_flags = $item_flags | ITEM_ORIGIN;
}
if ($moderated) {
$item_restrict = $item_restrict | ITEM_MODERATED;
}
if ($webpage) {
$item_restrict = $item_restrict | $webpage;
}
if (!strlen($verb)) {
$verb = ACTIVITY_POST;
}
$notify_type = $parent ? 'comment-new' : 'wall-new';
if (!$mid) {
$mid = $message_id ? $message_id : item_message_id();
}
if (!$parent_mid) {
$parent_mid = $mid;
}
if ($parent_item) {
$parent_mid = $parent_item['mid'];
}
// Fallback so that we alway have a thr_parent
if (!$thr_parent) {
$thr_parent = $mid;
}
$datarray = array();
if (!$parent) {
$item_flags = $item_flags | ITEM_THREAD_TOP;
}
if ($consensus) {
$item_flags |= ITEM_CONSENSUS;
}
if (!$plink && $item_flags & ITEM_THREAD_TOP) {
$plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid;
}
$datarray['aid'] = $channel['channel_account_id'];
$datarray['uid'] = $profile_uid;
$datarray['owner_xchan'] = $owner_hash ? $owner_hash : $owner_xchan['xchan_hash'];
$datarray['author_xchan'] = $observer['xchan_hash'];
$datarray['created'] = $created;
$datarray['edited'] = $orig_post ? datetime_convert() : $created;
$datarray['expires'] = $expires;
$datarray['commented'] = $orig_post ? datetime_convert() : $created;
$datarray['received'] = $orig_post ? datetime_convert() : $created;
$datarray['changed'] = $orig_post ? datetime_convert() : $created;
$datarray['mid'] = $mid;
$datarray['parent_mid'] = $parent_mid;
$datarray['mimetype'] = $mimetype;
$datarray['title'] = $title;
$datarray['body'] = $body;
$datarray['app'] = $app;
$datarray['location'] = $location;
$datarray['coord'] = $coord;
$datarray['verb'] = $verb;
$datarray['obj_type'] = $obj_type;
$datarray['allow_cid'] = $str_contact_allow;
$datarray['allow_gid'] = $str_group_allow;
$datarray['deny_cid'] = $str_contact_deny;
$datarray['deny_gid'] = $str_group_deny;
$datarray['item_private'] = $private;
$datarray['attach'] = $attachments;
$datarray['thr_parent'] = $thr_parent;
$datarray['postopts'] = $postopts;
$datarray['item_restrict'] = $item_restrict;
$datarray['item_flags'] = $item_flags;
$datarray['layout_mid'] = $layout_mid;
$datarray['public_policy'] = $public_policy;
$datarray['comment_policy'] = map_scope($channel['channel_w_comment']);
$datarray['term'] = $post_tags;
$datarray['plink'] = $plink;
$datarray['route'] = $route;
$datarray['item_unseen'] = $item_unseen;
// preview mode - prepare the body for display and send it via json
if ($preview) {
require_once 'include/conversation.php';
$datarray['owner'] = $owner_xchan;
$datarray['author'] = $observer;
$datarray['attach'] = json_encode($datarray['attach']);
$o = conversation($a, array($datarray), 'search', false, 'preview');
// logger('preview: ' . $o, LOGGER_DEBUG);
echo json_encode(array('preview' => $o));
killme();
}
if ($orig_post) {
$datarray['edit'] = true;
}
call_hooks('post_local', $datarray);
if (x($datarray, 'cancel')) {
logger('mod_item: post cancelled by plugin.');
if ($return_path) {
goaway($a->get_baseurl() . "/" . $return_path);
}
$json = array('cancel' => 1);
if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload'])) {
$json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload'];
}
echo json_encode($json);
killme();
}
if (mb_strlen($datarray['title']) > 255) {
$datarray['title'] = mb_substr($datarray['title'], 0, 255);
}
if (array_key_exists('item_private', $datarray) && $datarray['item_private']) {
$datarray['body'] = trim(z_input_filter($datarray['uid'], $datarray['body'], $datarray['mimetype']));
if ($uid) {
if ($channel['channel_hash'] === $datarray['author_xchan']) {
$datarray['sig'] = base64url_encode(rsa_sign($datarray['body'], $channel['channel_prvkey']));
$datarray['item_flags'] = $datarray['item_flags'] | ITEM_VERIFIED;
}
}
logger('Encrypting local storage');
$key = get_config('system', 'pubkey');
$datarray['item_flags'] = $datarray['item_flags'] | ITEM_OBSCURED;
if ($datarray['title']) {
$datarray['title'] = json_encode(crypto_encapsulate($datarray['title'], $key));
}
if ($datarray['body']) {
$datarray['body'] = json_encode(crypto_encapsulate($datarray['body'], $key));
}
}
if ($orig_post) {
$datarray['id'] = $post_id;
item_store_update($datarray, $execflag);
update_remote_id($channel, $post_id, $webpage, $pagetitle, $namespace, $remote_id, $mid);
if (!$nopush) {
proc_run('php', "include/notifier.php", 'edit_post', $post_id);
}
if (x($_REQUEST, 'return') && strlen($return_path)) {
logger('return: ' . $return_path);
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
} else {
$post_id = 0;
}
$post = item_store($datarray, $execflag);
$post_id = $post['item_id'];
if ($post_id) {
logger('mod_item: saved item ' . $post_id);
if ($parent) {
// only send comment notification if this is a wall-to-wall comment,
// otherwise it will happen during delivery
if ($datarray['owner_xchan'] != $datarray['author_xchan'] && $parent_item['item_flags'] & ITEM_WALL) {
notification(array('type' => NOTIFY_COMMENT, 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . $datarray['mid'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $parent, 'parent_mid' => $parent_item['mid']));
}
} else {
$parent = $post_id;
if ($datarray['owner_xchan'] != $datarray['author_xchan']) {
notification(array('type' => NOTIFY_WALL, 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . $datarray['mid'], 'verb' => ACTIVITY_POST, 'otype' => 'item'));
}
if ($uid && $uid == $profile_uid && !$datarray['item_restrict']) {
q("update channel set channel_lastpost = '%s' where channel_id = %d", dbesc(datetime_convert()), intval($uid));
}
}
// photo comments turn the corresponding item visible to the profile wall
// This way we don't see every picture in your new photo album posted to your wall at once.
// They will show up as people comment on them.
if ($parent_item['item_restrict'] & ITEM_HIDDEN) {
$r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d", intval($parent_item['item_restrict'] - ITEM_HIDDEN), intval($parent_item['id']));
}
} else {
logger('mod_item: unable to retrieve post that was just stored.');
notice(t('System error. Post not saved.') . EOL);
goaway($a->get_baseurl() . "/" . $return_path);
// NOTREACHED
}
if ($parent) {
// Store the comment signature information in case we need to relay to Diaspora
$ditem = $datarray;
$ditem['author'] = $observer;
store_diaspora_comment_sig($ditem, $channel, $parent_item, $post_id, $walltowall_comment ? 1 : 0);
}
update_remote_id($channel, $post_id, $webpage, $pagetitle, $namespace, $remote_id, $mid);
$datarray['id'] = $post_id;
$datarray['llink'] = $a->get_baseurl() . '/display/' . $channel['channel_address'] . '/' . $post_id;
call_hooks('post_local_end', $datarray);
if (!$nopush) {
proc_run('php', 'include/notifier.php', $notify_type, $post_id);
}
logger('post_complete');
// figure out how to return, depending on from whence we came
if ($api_source) {
return $post;
}
if ($return_path) {
goaway($a->get_baseurl() . "/" . $return_path);
}
$json = array('success' => 1);
if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload'])) {
$json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload'];
}
logger('post_json: ' . print_r($json, true), LOGGER_DEBUG);
echo json_encode($json);
killme();
// NOTREACHED
}
/**
* Append words to the remove list. Accepts either single words
* or an array of words.
*/
public static function remove_words($words)
{
$words = is_array($words) ? $words : array($words);
self::$remove_list = array_merge(self::$remove_list, $words);
}
/**
* Modifies a given username accordingly to the specification for valid characters and length.
* @param $username string The input username.
* @param bool $strict (optional) When this flag is TRUE, the result is guaranteed for full compliance, otherwise compliance may be partial. The default value is FALSE.
* @param string $encoding (optional) The character encoding for the input names. If it is omitted, the platform character set will be used by default.
* @return string The resulting purified username.
*/
public static function purify_username($username, $strict = false, $encoding = null)
{
if ($strict) {
// 1. Conversion of unacceptable letters (latinian letters with accents for example) into ASCII letters in order they not to be totally removed.
// 2. Applying the strict purifier.
// 3. Length limitation.
$return = api_get_setting('login_is_email') == 'true' ? substr(preg_replace(USERNAME_PURIFIER_MAIL, '', $username), 0, USERNAME_MAX_LENGTH) : substr(preg_replace(USERNAME_PURIFIER, '', $username), 0, USERNAME_MAX_LENGTH);
$return = URLify::transliterate($return);
return $return;
}
// 1. Applying the shallow purifier.
// 2. Length limitation.
return substr(preg_replace(USERNAME_PURIFIER_SHALLOW, '', $username), 0, USERNAME_MAX_LENGTH);
}
/**
* Converts UTF8 into Latin
*
* @param $value
*
* @return mixed
*/
public static function transliterate($value)
{
return \URLify::transliterate($value);
}
/**
* Modify a string, so that we can use it for slugs. Like
* safeString, but using hyphens instead of underscores.
*
* @param string $str
* @param string $type
* @return string
*/
function makeSlug($str)
{
return \URLify::filter(strip_tags($str));
}
$page->num = count($this->params) > 1 && is_numeric($this->params[1]) ? $this->params[1] - 1 : 0;
$page->offset = $page->num * $page->limit;
$p = new blog\Post();
$posts = $p->by($page->author, $page->limit, $page->offset);
$page->count = $p->query()->where('published', 'yes')->where('author', $page->author)->count();
$page->last = $page->offset + count($posts);
$page->more = $page->count > $page->last ? true : false;
$page->next = $page->num + 2;
$footer = Appconf::blog('Blog', 'post_footer');
$footer_stripped = strip_tags($footer);
$footer = $footer && !empty($footer_stripped) ? $tpl->run_includes($footer) : false;
if (Appconf::blog('Blog', 'post_format') === 'markdown') {
require_once 'apps/blog/lib/markdown.php';
}
foreach ($posts as $post) {
$post->url = '/blog/post/' . $post->id . '/' . URLify::filter($post->title);
$post->tag_list = strlen($post->tags) > 0 ? explode(',', $post->tags) : array();
$post->social_buttons = $appconf['Social Buttons'];
if (Appconf::blog('Blog', 'post_format') === 'html') {
$post->body = $tpl->run_includes($post->body);
} else {
$post->body = $tpl->run_includes(Markdown($post->body));
}
if ($preview_chars) {
$post->body = blog_filter_truncate($post->body, $preview_chars) . ' <a href="' . $post->url . '">' . __('Read more') . '</a>';
} else {
$post->footer = $footer;
}
echo $tpl->render('blog/post', $post);
}
$page->title = __('Posts by %s', $tpl->sanitize($page->author));
public function rescanPagePaths($newPaths)
{
$db = Loader::db();
$txt = Loader::helper('text');
// First, get the list of page paths from the DB.
$ppaths = $this->getPagePaths();
// Second, reset all of their cPath values to null.
$paths = array();
foreach ($ppaths as $ppath) {
if (!$ppath['ppIsCanonical']) {
$paths[$ppath['ppID']] = null;
}
}
// Third, fill in the cPath values from the user updated data.
Loader::library('3rdparty/urlify');
foreach ($newPaths as $key => $val) {
if (!empty($val)) {
// Auto-prepend a slash if one is missing.
$val = trim($val, '/');
$pathSegments = explode('/', $val);
$newVal = '/';
foreach ($pathSegments as $pathSegment) {
$newVal .= URLify::filter($pathSegment) . '/';
}
$newVal = substr($newVal, 0, strlen($newVal) - 1);
$newVal = str_replace('-', PAGE_PATH_SEPARATOR, $newVal);
$paths[$key] = $newVal;
}
}
// Fourth, delete, update, or insert page paths as necessary.
foreach ($paths as $key => $val) {
if (empty($val)) {
$v = array($this->cID, $key);
$q = "delete from PagePaths where cID = ? and ppID = ?";
} else {
if (is_numeric($key)) {
$val = $this->uniquifyPagePath($val);
$v = array($val, $this->cID, $key);
$q = "update PagePaths set cPath = ?, ppIsCanonical = 0 where cID = ? and ppID = ?";
} else {
$val = $this->uniquifyPagePath($val);
$v = array($this->cID, $val);
$q = "insert into PagePaths (cID, cPath, ppIsCanonical) values (?, ?, 0)";
}
}
$r = $db->query($q, $v);
}
}
<?php
/**
* Renders the RSS feed for the blog.
*/
$res = $memcache->get('_blog_rss');
if (!$res) {
require_once 'apps/blog/lib/Filters.php';
$p = new blog\Post();
$page->posts = $p->latest(10, 0);
$page->title = $appconf['Blog']['title'];
$page->date = gmdate('Y-m-d\\TH:i:s');
foreach ($page->posts as $k => $post) {
$page->posts[$k]->url = '/blog/post/' . $post->id . '/' . URLify::filter($post->title);
}
$res = $tpl->render('blog/rss', $page);
$memcache->set('_blog_rss', $res, 1800);
// half an hour
}
$page->layout = false;
header('Content-Type: text/xml');
echo $res;
function get()
{
$noid = get_config('system', 'disable_openid');
if ($noid) {
goaway(z_root());
}
logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA);
if (x($_REQUEST, 'openid_mode')) {
$openid = new LightOpenID(z_root());
if ($openid->validate()) {
logger('openid: validate');
$authid = normalise_openid($_REQUEST['openid_identity']);
if (!strlen($authid)) {
logger(t('OpenID protocol error. No ID returned.') . EOL);
goaway(z_root());
}
$x = match_openid($authid);
if ($x) {
$r = q("select * from channel where channel_id = %d limit 1", intval($x));
if ($r) {
$y = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id']));
if ($y) {
foreach ($y as $record) {
if ($record['account_flags'] == ACCOUNT_OK || $record['account_flags'] == ACCOUNT_UNVERIFIED) {
logger('mod_openid: openid success for ' . $x[0]['channel_name']);
$_SESSION['uid'] = $r[0]['channel_id'];
$_SESSION['account_id'] = $r[0]['channel_account_id'];
$_SESSION['authenticated'] = true;
authenticate_success($record, $r[0], true, true, true, true);
goaway(z_root());
}
}
}
}
}
// Successful OpenID login - but we can't match it to an existing account.
// See if they've got an xchan
$r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", dbesc($authid));
if ($r) {
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['xchan_hash'];
$_SESSION['my_url'] = $r[0]['xchan_url'];
$_SESSION['my_address'] = $r[0]['xchan_addr'];
$arr = array('xchan' => $r[0], 'session' => $_SESSION);
call_hooks('magic_auth_openid_success', $arr);
\App::set_observer($r[0]);
require_once 'include/security.php';
\App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name']));
logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
if ($_SESSION['return_url']) {
goaway($_SESSION['return_url']);
}
goaway(z_root());
}
// no xchan...
// create one.
// We should probably probe the openid url and figure out if they have any kind of
// social presence we might be able to scrape some identifying info from.
$name = $authid;
$url = trim($_REQUEST['openid_identity'], '/');
if (strpos($url, 'http') === false) {
$url = 'https://' . $url;
}
$pphoto = z_root() . '/' . get_default_profile_photo();
$parsed = @parse_url($url);
if ($parsed) {
$host = $parsed['host'];
}
$attr = $openid->getAttributes();
if (is_array($attr) && count($attr)) {
foreach ($attr as $k => $v) {
if ($k === 'namePerson/friendly') {
$nick = notags(trim($v));
}
if ($k === 'namePerson/first') {
$first = notags(trim($v));
}
if ($k === 'namePerson') {
$name = notags(trim($v));
}
if ($k === 'contact/email') {
$addr = notags(trim($v));
}
if ($k === 'media/image/aspect11') {
$photosq = trim($v);
}
if ($k === 'media/image/default') {
$photo_other = trim($v);
}
}
}
if (!$nick) {
if ($first) {
$nick = $first;
} else {
$nick = $name;
}
}
require_once 'library/urlify/URLify.php';
$x = strtolower(\URLify::transliterate($nick));
if ($nick & $host) {
$addr = $nick . '@' . $host;
}
$network = 'unknown';
if ($photosq) {
$pphoto = $photosq;
} elseif ($photo_other) {
$pphoto = $photo_other;
}
$mimetype = guess_image_type($pphoto);
$x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype,\n\t xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date, \n\t\t\t\t\txchan_name_date, xchan_hidden)\n\t values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 1) ", dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($mimetype), dbesc($pphoto), dbesc($addr), dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($name), dbesc($network), dbesc(datetime_convert()), dbesc(datetime_convert()));
if ($x) {
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($url));
if ($r) {
$photos = import_xchan_photo($pphoto, $url);
if ($photos) {
$z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', \n\t\t\t\t\t\t\t\txchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($url));
}
set_xconfig($url, 'system', 'openid', $authid);
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['xchan_hash'];
$_SESSION['my_url'] = $r[0]['xchan_url'];
$_SESSION['my_address'] = $r[0]['xchan_addr'];
$arr = array('xchan' => $r[0], 'session' => $_SESSION);
call_hooks('magic_auth_openid_success', $arr);
\App::set_observer($r[0]);
info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name']));
logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
if ($_SESSION['return_url']) {
goaway($_SESSION['return_url']);
}
goaway(z_root());
}
}
}
}
notice(t('Login failed.') . EOL);
goaway(z_root());
// NOTREACHED
}
/**
* Transliteration of cyrillic into URL-string
*/
public static function translit($text, $length = 60)
{
//$result = URLify::filter(iconv("windows-1251", "utf-8", $text), $length);
$result = URLify::filter($text, $length);
return $result;
}
function remove_accent($str)
{
return URLify::downcode($str);
}
function test_many_rounds_with_unknown_language_code()
{
for ($i = 0; $i < 1000; $i++) {
URLify::downcode('Lo siento, no hablo español.', -1);
}
}
public function urlify($url)
{
$url = \URLify::transliterate($url);
// remove all these words from the string before urlifying
$remove_pattern = '~[^-.\\w\\s/?&+]~u';
$url = preg_replace($remove_pattern, '', $url);
$url = str_replace('_', ' ', $url);
$url = preg_replace('~^\\s+|\\s+$~', '', $url);
// $url = preg_replace ('~\s{2,}~', ' ', $url);
$url = preg_replace('~[-\\s]+~', '-', $url);
$url = strtolower(trim($url, '-'));
return $url;
}
/**
* Transliterates a string with arbitrary encoding into a plain ASCII string.
*
* Example:
* echo api_transliterate(api_html_entity_decode(
* 'Фёдор '.
* 'Михайлович '.
* 'Достоевкий',
* ENT_QUOTES, 'UTF-8'), 'X', 'UTF-8');
* The output should be: Fyodor Mihaylovich Dostoevkiy
*
* @param string $string The input string.
* @param string $unknown (optional) Replacement character for unknown characters and illegal UTF-8 sequences.
* @param string $from_encoding (optional) The encoding of the input string. If it is omited, the platform character set is assumed.
* @return string Plain ASCII output.
*/
function api_transliterate($string, $unknown = '?', $from_encoding = null)
{
return URLify::transliterate($string);
}
private function saveCategory(Request $request, Category $entity)
{
$entity->setName($request->get('name'));
$entity->setSlug(\URLify::filter($entity->getName(), 255, 'de'));
/** @var EntityManager $em */
$em = $this->getDoctrine()->getManager();
return $em;
}
/**
* Returns a config property if it exists and throws an exception if not.
*
* @param string|null $property Dot-separated property (e.g. "date_format" or "logs.collection.log_file")
*
* @throws \InvalidArgumentException
*
* @return mixed
*/
public function get($property = null)
{
if ($property === null || $property == '') {
return $this->config;
}
$tree = explode('.', $property);
$node = $this->config;
foreach ($tree as $workingNode) {
if (!array_key_exists($workingNode, $node)) {
$actualNode = null;
foreach ($node as $testNodeKey => $testNode) {
if (\URLify::filter($testNodeKey) == $workingNode) {
$actualNode = $testNodeKey;
}
}
if ($actualNode === null) {
throw new \InvalidArgumentException('The property "' . $property . '" was not found. Failed while getting node "' . $workingNode . '"');
}
$workingNode = $actualNode;
}
$node = $node[$workingNode];
}
return $node;
}
/**
* Returns a "safe" version of the given string - basically only US-ASCII and
* numbers. Needed because filenames and titles and such, can't use all characters.
*
* @param string $str
* @param boolean $strict
* @param string $extrachars
* @return string
*/
function safeString($str, $strict = false, $extrachars = "")
{
$str = URLify::downcode($str);
$str = str_replace("&", "", $str);
$delim = '/';
if ($extrachars != "") {
$extrachars = preg_quote($extrachars, $delim);
}
if ($strict) {
$str = strtolower(str_replace(" ", "-", $str));
$regex = "[^a-zA-Z0-9_" . $extrachars . "-]";
} else {
$regex = "[^a-zA-Z0-9 _.," . $extrachars . "-]";
}
$str = preg_replace($delim . $regex . $delim, '', $str);
return $str;
}
if ($p->published === 'que') {
if ($p->ts <= gmdate ('Y-m-d H:i:s')) {
$p->published = 'yes';
$p->put ();
Versions::add ($p);
} else {
return $this->error (404, __ ('Post not found'), '<p>' . __ ('Hmm, we can\'t seem to find the post you wanted at the moment.') . '</p>');
}
}
$page->title = $p->title;
$post = $p->orig ();
$post->full = true;
$post->url = '/blog/post/' . $post->id . '/';
$post->fullurl = $post->url . URLify::filter ($post->title);
$post->tag_list = (strlen ($post->tags) > 0) ? explode (',', $post->tags) : array ();
if (Appconf::blog ('Blog', 'post_format') === 'html') {
$post->body = $tpl->run_includes ($post->body);
} else {
require_once ('apps/blog/lib/markdown.php');
$post->body = $tpl->run_includes (Markdown ($post->body));
}
$post->social_buttons = Appconf::blog ('Social Buttons');
$post->related = Appconf::blog ('Blog', 'show_related_posts');
$footer = Appconf::blog ('Blog', 'post_footer');
$footer_stripped = strip_tags ($footer);
$post->footer = ($footer && ! empty ($footer_stripped))
? $tpl->run_includes ($footer)
: false;