FaceBook源代码泄漏 据
TechCrunch 的消息称,FaceBook源代码遭到泄漏,并且已经被发布到名叫
Facebook Secrets 博客。一般而言,源代码泄漏发生存在两种情况:其一是内部源代码开发者泄漏,另外一种就是利用程序的漏洞从而获取源代码。
登录该博客我们可以看到只是简单的几行代码,虽然不十分确定这就是FaceBook的源代码,然而让人担心的是成千上万用户的私人资料是否也安全呢?这对于Facebook来说无疑是致命的一击!
下面是该博客站点贴出的FaceBook首页源代码。
1
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/html/init.php
'
;
2
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/home.php
'
;
3
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/requests.php
'
;
4
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/feed/newsfeed.php
'
;
5
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/poke.php
'
;
6
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/share.php
'
;
7
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/orientation.php
'
;
8
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/feed/newsfeed.php
'
;
9
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/mobile/register.php
'
;
10
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/forms_lib.php
'
;
11
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/contact_importer/contact_importer.php
'
;
12
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/feed/util.php
'
;
13
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/hiding_prefs.php
'
;
14
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/abtesting.php
'
;
15
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/friends.php
'
;
16
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/statusupdates.php
'
;
17
.
18
.
//
lib/display/feed.php has to be declared here for scope issues.
19
.
//
This keeps display/feed.php cleaner and easier to understand.
20
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/display/feed.php
'
;
21
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/monetization_box.php
'
;
22
.
23
.
//
require login
24
.
$user
=
require_login();
25
.
print_time(
'
require_login
'
);
26
.
param_request(
array
(
'
react
'
=>
$PARAM_EXISTS
));
27
.
28
.
//
Check and fix broken emails
29
.
//
LN - disabling due to excessive can_see dirties and sets when enabled.
30
.
//
check_and_fix_broken_emails($user);
31
.
32
.
//
migrate AIM screenname from profile to screenname table if needed
33
.
migrate_screenname (
$user
);
34
.
35
.
//
homepage announcement variables
36
.
$HIDE_ANNOUNCEMENT_BIT
=
get_site_variable(
'
HIDE_ANNOUNCEMENT_BIT
'
);
37
.
$HIDE_INTRO_BITMASK
=
get_site_variable(
'
HIDE_INTRO_BITMASK
'
);
38
.
39
.
//
redirects
40
.
if
(is_sponsor_user()) {
41
.
redirect(
'
bizhome.php
'
,
'
www
'
);
42
.
}
43
.
44
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/mesg.php
'
;
45
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/invitetool.php
'
;
46
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/grammar.php
'
;
47
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/securityq.php
'
;
48
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/events.php
'
;
49
.
include_once
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/lib/rooster/stories.php
'
;
50
.
51
.
//
todo: password confirmation redirects here (from html/reset.php),
52
.
//
do we want a confirmation message?
53
.
54
.
param_get_slashed(
array
(
55
.
'
feeduser
'
=>
$PARAM_INT
,
//
debug: gets feed for user here
56
.
'
err
'
=>
$PARAM_STRING
,
//
returning from a failed entry on an orientation form
57
.
'
error
'
=>
$PARAM_STRING
,
//
an error can also be here because the profile photo upload code is crazy
58
.
'
ret
'
=>
$PARAM_INT
,
59
.
'
success
'
=>
$PARAM_INT
,
//
successful profile picture upload
60
.
'
jn
'
=>
$PARAM_INT
,
//
joined a network for orientation
61
.
'
np
'
=>
$PARAM_INT
,
//
network pending (for work/address network)
62
.
'
me
'
=>
$PARAM_STRING
,
//
mobile error
63
.
'
mr
'
=>
$PARAM_EXISTS
,
//
force mobile reg view
64
.
'
mobile
'
=>
$PARAM_EXISTS
,
//
mobile confirmation code sent
65
.
'
jif
'
=>
$PARAM_EXISTS
,
//
just imported friends
66
.
'
ied
'
=>
$PARAM_STRING
,
//
import email domain
67
.
'
o
'
=>
$PARAM_EXISTS
,
//
first time orientation, passed on confirm
68
.
'
verified
'
=>
$PARAM_EXISTS
));
//
verified mobile phone
69
.
70
.
param_post(
array
(
71
.
'
leave_orientation
'
=>
$PARAM_EXISTS
,
72
.
'
show_orientation
'
=>
$PARAM_INT
,
//
show an orientation step
73
.
'
hide_orientation
'
=>
$PARAM_INT
));
//
skip an orientation step
74
.
75
.
//
homepage actions
76
.
if
(
$req_react
&&
validate_expiring_hash(
$req_react
,
$GLOBALS
[
'
url_md5key
'
])) {
77
.
$show_reactivated_message
=
true
;
78
.
}
else
{
79
.
$show_reactivated_message
=
false
;
80
.
}
81
.
tpl_set(
'
show_reactivated_message
'
,
$show_reactivated_message
);
82
.
83
.
84
.
//
upcoming events
85
.
events_check_future_events(
$user
);
//
make sure big tunas haven't moved around
86
.
$upcoming_events
=
events_get_imminent_for_user(
$user
);
87
.
88
.
//
this is all stuff that can be fetched together!
89
.
$upcoming_events_short
=
array
();
90
.
obj_multiget_short(
array_keys
(
$upcoming_events
)
,
true
,
$upcoming_events_short
);
91
.
$new_pokes
=
0
;
92
.
//
only get the next N pokes for display
93
.
//
where N is set in the dbget to avoid caching issues
94
.
$poke_stats
=
get_num_pokes(
$user
);
95
.
get_next_pokes(
$user
,
true
,
$new_pokes
);
96
.
$poke_count
=
$poke_stats
[
'
unseen
'
];
97
.
98
.
$targeted_data
=
array
();
99
.
home_get_cache_targeted_data(
$user
,
true
,
$targeted_data
);
100
.
$announcement_data
=
array
();
101
.
home_get_cache_announcement_data(
$user
,
true
,
$announcement_data
);
102
.
$orientation
=
0
;
103
.
orientation_get_status(
$user
,
true
,
$orientation
);
104
.
$short_profile
=
array
();
105
.
profile_get_short(
$user
,
true
,
$short_profile
);
106
.
//
pure priming stuff
107
.
privacy_get_network_settings(
$user
,
true
);
108
.
$presence
=
array
();
109
.
mobile_get_presence_data(
$user
,
true
,
$presence
);
110
.
feedback_get_event_weights(
$user
,
true
);
111
.
//
Determine if we want to display the feed intro message
112
.
$intro_settings
=
0
;
113
.
user_get_hide_intro_bitmask(
$user
,
true
,
$intro_settings
);
114
.
$user_friend_finder
=
true
;
115
.
contact_importer_get_used_friend_finder(
$user
,
true
,
$used_friend_finder
);
116
.
$all_requests
=
requests_get_cache_data(
$user
);
117
.
//
FIXME?: is it sub-optimal to call this both in requests_get_cache_data and here?
118
.
$friends_status
=
statusupdates_get_recent(
$user
,
null
,
3
);
119
.
memcache_dispatch();
//
populate cache data
120
.
121
.
//
Merman's Admin profile always links to the Merman's home
122
.
if
(user_has_obj_attached(
$user
)) {
123
.
redirect(
'
mhome.php
'
,
'
www
'
);
124
.
}
125
.
126
.
if
(
is_array
(
$upcoming_events
)) {
127
.
foreach
(
$upcoming_events
as
$event_id
=>
$data
) {
128
.
$upcoming_events
[
$event_id
][
'
name
'
]
=
txt_set(
$upcoming_events_short
[
$event_id
][
'
name
'
]);
129
.
}
130
.
}
131
.
132
.
tpl_set(
'
upcoming_events
'
,
$upcoming_events
);
133
.
134
.
//
disabled account actions
135
.
$disabled_warning
=
((IS_DEV_SITE
||
IS_QA_SITE)
&&
is_disabled_user(
$user
));
136
.
tpl_set(
'
disabled_warning
'
,
$disabled_warning
);
137
.
138
.
//
new pokes (no more messages here, they are in the top nav!)
139
.
if
(
!
user_is_guest(
$user
)) {
140
.
tpl_set(
'
poke_count
'
,
$poke_count
);
141
.
tpl_set(
'
pokes
'
,
$new_pokes
);
142
.
}
143
.
144
.
//
get announcement computations
145
.
tpl_set(
'
targeted_data
'
,
$targeted_data
);
146
.
tpl_set(
'
announcement_data
'
,
$announcement_data
);
147
.
148
.
149
.
//
birthday notifications
150
.
tpl_set(
'
birthdays
'
,
$birthdays
=
user_get_birthday_notifications(
$user
,
$short_profile
));
151
.
tpl_set(
'
show_birthdays
'
,
$show_birthdays
=
(
count
(
$birthdays
)
||
!
$orientation
));
152
.
153
.
//
user info
154
.
tpl_set(
'
first_name
'
,
user_get_first_name(txt_set(
$short_profile
[
'
id
'
])));
155
.
tpl_set(
'
user
'
,
$user
);
156
.
157
.
//
decide if there are now any requests to show
158
.
$show_requests
=
false
;
159
.
foreach
(
$all_requests
as
$request_category
) {
160
.
if
(
$request_category
) {
161
.
$show_requests
=
true
;
162
.
break
;
163
.
}
164
.
}
165
.
tpl_set(
'
all_requests
'
,
$show_requests
?
$all_requests
:
null
);
166
.
167
.
$permissions
=
privacy_get_reduced_network_permissions(
$user
,
$user
);
168
.
169
.
//
status
170
.
$user_info
=
array
(
'
user
'
=>
$user
,
171
.
'
firstname
'
=>
user_get_first_name(
$user
)
,
172
.
'
see_all
'
=>
'
/statusupdates/?ref=hp
'
,
173
.
'
profile_pic
'
=>
make_profile_image_src_direct(
$user
,
'
thumb
'
)
,
174
.
'
square_pic
'
=>
make_profile_image_src_direct(
$user
,
'
square
'
));
175
.
176
.
if
(
!
empty
(
$presence
)
&&
$presence
[
'
status_time
'
]
>
(
time
()
-
60
*
60
*
24
*
7
)) {
177
.
$status
=
array
(
'
message
'
=>
txt_set(
$presence
[
'
status
'
])
,
178
.
'
time
'
=>
$presence
[
'
status_time
'
]
,
179
.
'
source
'
=>
$presence
[
'
status_source
'
]);
180
.
}
else
{
181
.
$status
=
array
(
'
message
'
=>
null
,
'
time
'
=>
null
,
'
source
'
=>
null
);
182
.
}
183
.
tpl_set(
'
user_info
'
,
$user_info
);
184
.
185
.
tpl_set(
'
show_status
'
,
$show_status
=
!
$orientation
);
186
.
tpl_set(
'
status
'
,
$status
);
187
.
tpl_set(
'
status_custom
'
,
$status_custom
=
mobile_get_status_custom(
$user
));
188
.
tpl_set(
'
friends_status
'
,
$friends_status
);
189
.
190
.
//
orientation
191
.
if
(
$orientation
) {
192
.
if
(
$post_leave_orientation
) {
193
.
orientation_update_status(
$user
,
$orientation
,
2
);
194
.
notification_notify_exit_orientation(
$user
);
195
.
dirty_user(
$user
);
196
.
redirect(
'
home.php
'
);
197
.
}
else
if
(orientation_eligible_exit(
array
(
'
uid
'
=>
$user
))
==
2
) {
198
.
orientation_update_status(
$user
,
$orientation
,
1
);
199
.
notification_notify_exit_orientation(
$user
);
200
.
dirty_user(
$user
);
201
.
redirect(
'
home.php
'
);
202
.
}
203
.
}
204
.
205
.
//
timezone - outside of stealth, update user's timezone if necessary
206
.
$set_time
=
!
user_is_alpha(
$user
,
'
stealth
'
);
207
.
tpl_set(
'
timezone_autoset
'
,
$set_time
);
208
.
if
(
$set_time
) {
209
.
$daylight_savings
=
get_site_variable(
'
DAYLIGHT_SAVINGS_ON
'
);
210
.
tpl_set(
'
timezone
'
,
$short_profile
[
'
timezone
'
]
-
(
$daylight_savings
?
4
:
5
) );
211
.
}
212
.
213
.
//
set next step if we can
214
.
if
(
!
$orientation
) {
215
.
user_set_next_step(
$user
,
$short_profile
);
216
.
}
217
.
218
.
//
note: don't make this an else with the above statement, because then no news feed stories will be fetched if they're exiting orientation
219
.
if
(
$orientation
) {
220
.
extract
(orientation_get_const());
221
.
222
.
require_js(
'
js/dynamic_dialog.js
'
);
223
.
require_js(
'
js/suggest.js
'
);
224
.
require_js(
'
js/typeahead_ns.js
'
);
225
.
require_js(
'
js/suggest.js
'
);
226
.
require_js(
'
js/editregion.js
'
);
227
.
require_js(
'
js/orientation.js
'
);
228
.
require_css(
'
css/typeahead.css
'
);
229
.
require_css(
'
css/editor.css
'
);
230
.
231
.
if
(
$post_hide_orientation
&&
$post_hide_orientation
<=
$ORIENTATION_MAX
) {
232
.
$orientation
[
'
orientation_bitmask
'
]
|=
(
$post_hide_orientation
*
$ORIENTATION_SKIPPED_MODIFIER
);
233
.
orientation_update_status(
$user
,
$orientation
);
234
.
}
else
if
(
$post_show_orientation
&&
$post_show_orientation
<=
$ORIENTATION_MAX
) {
235
.
$orientation
[
'
orientation_bitmask
'
]
&=
~
(
$post_show_orientation
*
$ORIENTATION_SKIPPED_MODIFIER
);
236
.
orientation_update_status(
$user
,
$orientation
);
237
.
}
238
.
239
.
$stories
=
orientation_get_stories(
$user
,
$orientation
);
240
.
switch
(
$get_err
) {
241
.
case
$ORIENTATION_ERR_COLLEGE
:
242
.
$temp
=
array
();
//
the affil_retval_msg needs some parameters won't be used
243
.
$stories
[
$ORIENTATION_NETWORK
][
'
failed_college
'
]
=
affil_retval_msg(
$get_ret
,
$temp
,
$temp
);
244
.
break
;
245
.
case
$ORIENTATION_ERR_CORP
:
246
.
$temp
=
array
();
247
.
//
We special case the network not recognized error here, because affil_retval_msg is retarded.
248
.
$stories
[
$ORIENTATION_NETWORK
][
'
failed_corp
'
]
=
(
$get_ret
==
70
)
?
'
The email you entered did not match any of our supported networks.
'
.
249
.
'
Click here to see our supported list.
'
.
250
.
'
Go here to suggest your network for the future.
'
251
.
:
affil_retval_msg(
$get_ret
,
$temp
,
$temp
);
252
.
break
;
253
.
}
254
.
255
.
//
photo upload error
256
.
if
(
$get_error
) {
257
.
$stories
[
$ORIENTATION_ORDER
[
$ORIENTATION_PROFILE
]][
'
upload_error
'
]
=
pic_get_error_text(
$get_error
);
258
.
}
259
.
//
photo upload success
260
.
else
if
(
$get_success
==
1
) {
261
.
$stories
[
$ORIENTATION_ORDER
[
$ORIENTATION_PROFILE
]][
'
uploaded_pic
'
]
=
true
;
262
.
//
join network success
263
.
}
else
if
(
$get_jn
) {
264
.
$stories
[
$ORIENTATION_ORDER
[
$ORIENTATION_NETWORK
]][
'
joined
'
]
=
array
(
265
.
'
id
'
=>
$get_jn
,
266
.
'
name
'
=>
network_get_name(
$get_jn
));
267
.
//
network join pending
268
.
}
else
if
(
$get_np
) {
269
.
270
.
$stories
[
$ORIENTATION_ORDER
[
$ORIENTATION_NETWORK
]][
'
join_pending
'
]
=
array
(
271
.
'
id
'
=>
$get_np
,
272
.
'
email
'
=>
get_affil_email_conf(
$user
,
$get_np
)
,
273
.
'
network
'
=>
network_get_name(
$get_np
));
274
.
//
just imported friend confirmation
275
.
}
else
if
(
$get_jif
) {
276
.
$stories
[
$ORIENTATION_ORDER
[
$ORIENTATION_NETWORK
]][
'
just_imported_friends
'
]
=
true
;
277
.
$stories
[
$ORIENTATION_ORDER
[
$ORIENTATION_NETWORK
]][
'
domain
'
]
=
$get_ied
;
278
.
}
279
.
280
.
//
Mobile web API params
281
.
if
(
$get_mobile
) {
282
.
$stories
[
$ORIENTATION_ORDER
[
$ORIENTATION_MOBILE
]][
'
sent_code
'
]
=
true
;
283
.
$stories
[
$ORIENTATION_ORDER
[
$ORIENTATION_MOBILE
]][
'
view
'
]
=
'
confirm
'
;
284
.
}
285
.
if
(
$get_verified
) {
286
.
$stories
[
$ORIENTATION_ORDER
[
$ORIENTATION_MOBILE
]][
'
verified
'
]
=
true
;
287
.
}
288
.
if
(
$get_me
) {
289
.
$stories
[
$ORIENTATION_ORDER
[
$ORIENTATION_MOBILE
]][
'
error
'
]
=
$get_me
;
290
.
}
291
.
if
(
$get_mr
) {
292
.
$stories
[
$ORIENTATION_ORDER
[
$ORIENTATION_MOBILE
]][
'
view
'
]
=
'
register
'
;
293
.
}
294
.
295
.
if
(orientation_eligible_exit(
$orientation
)) {
296
.
tpl_set(
'
orientation_show_exit
'
,
true
);
297
.
}
298
.
tpl_set(
'
orientation_stories
'
,
$stories
);
299
.
300
.
//
if in orientation, we hide all feed intros (all 1's in bitmask)
301
.
$intro_settings
=
-
1
;
302
.
303
.
}
304
.
tpl_set(
'
orientation
'
,
$orientation
);
305
.
306
.
//
Rooster Stories
307
.
if
(
!
$orientation
&&
308
.
((get_site_variable(
'
ROOSTER_ENABLED
'
)
==
2
)
||
309
.
(get_site_variable(
'
ROOSTER_DEV_ENABLED
'
)
==
2
))) {
310
.
$rooster_story_count
=
get_site_variable(
'
ROOSTER_STORY_COUNT
'
);
311
.
if
(
!
isset
(
$rooster_story_count
)) {
312
.
//
Set default if something is wrong with the sitevar
313
.
$rooster_story_count
=
2
;
314
.
}
315
.
$rooster_stories
=
rooster_get_stories(
$user
,
$rooster_story_count
,
$log_omissions
=
true
);
316
.
if
(
!
emptyempty(
$rooster_stories
)
&&
!
emptyempty(
$rooster_stories
[
'
stories
'
])) {
317
.
//
Do page-view level logging here
318
.
foreach
(
$rooster_stories
[
'
stories
'
]
as
$story
) {
319
.
rooster_log_action(
$user
,
$story
,
ROOSTER_LOG_ACTION_VIEW);
320
.
}
321
.
tpl_set(
'
rooster_stories
'
,
$rooster_stories
);
322
.
}
323
.
}
324
.
325
.
//
set the variables for the home announcement code
326
.
$hide_announcement_tpl
=
(
$intro_settings
|
$HIDE_INTRO_BITMASK
)
&
$HIDE_ANNOUNCEMENT_BIT
;
327
.
//
if on qa/dev site, special rules
328
.
$HIDE_INTRO_ON_DEV
=
get_site_variable(
'
HIDE_INTRO_ON_DEV
'
);
329
.
if
((IS_QA_SITE
||
IS_DEV_SITE)
&&
!
$HIDE_INTRO_ON_DEV
) {
330
.
$hide_announcement_tpl
=
0
;
331
.
}
332
.
333
.
tpl_set(
'
hide_announcement
'
,
$hide_announcement_tpl
);
334
.
if
(
$is_candidate
=
is_candidate_user(
$user
)) {
335
.
tpl_set(
'
hide_announcement
'
,
false
);
336
.
}
337
.
$home_announcement_tpl
=
!
$hide_announcement_tpl
||
$is_candidate
?
home_get_announcement_info(
$user
)
:
0
;
338
.
tpl_set(
'
home_announcement
'
,
$home_announcement_tpl
);
339
.
tpl_set(
'
hide_announcement_bit
'
,
$HIDE_ANNOUNCEMENT_BIT
);
340
.
341
.
$show_friend_finder
=
!
$orientation
&&
contact_importer_enabled(
$user
)
&&
!
user_get_hiding_pref(
$user
,
'
home_friend_finder
'
);
342
.
tpl_set(
'
show_friend_finder
'
,
$show_friend_finder
);
343
.
if
(
$show_friend_finder
&&
(user_get_friend_count(
$user
)
>
20
)) {
344
.
tpl_set(
'
friend_finder_hide_options
'
,
array
(
'
text
'
=>
'
close
'
,
345
.
'
onclick
'
=>
"
return clearFriendFinder()
"
));
346
.
}
else
{
347
.
tpl_set(
'
friend_finder_hide_options
'
,
null
);
348
.
}
349
.
350
.
$account_info
=
user_get_account_info(
$user
);
351
.
$account_create_time
=
$account_info
[
'
time
'
];
352
.
353
.
tpl_set(
'
show_friend_finder_top
'
,
354
.
!
$used_friend_finder
);
355
.
356
.
tpl_set(
'
user
'
,
$user
);
357
.
358
.
359
.
//
MONETIZATION BOX
360
.
$minimize_monetization_box
=
user_get_hiding_pref(
$user
,
'
home_monetization
'
);
361
.
$show_monetization_box
=
(
!
$orientation
&&
362
.
get_site_variable(
'
HOMEPAGE_MONETIZATION_BOX
'
));
363
.
tpl_set(
'
show_monetization_box
'
,
$show_monetization_box
);
364
.
tpl_set(
'
minimize_monetization_box
'
,
$minimize_monetization_box
);
365
.
366
.
if
(
$show_monetization_box
) {
367
.
$monetization_box_data
=
monetization_box_user_get_data(
$user
);
368
.
txt_set(
'
monetization_box_data
'
,
$monetization_box_data
);
369
.
}
370
.
371
.
372
.
//
ORIENTATION
373
.
if
(
$orientation
) {
374
.
$network_ids
=
id_get_networks(
$user
);
375
.
$network_names
=
multiget_network_name(
$network_ids
);
376
.
$in_corp_network
=
in_array
(
$GLOBALS
[
'
TYPE_CORP
'
]
,
array_map
(
'
extract_network_type
'
,
$network_ids
));
377
.
$show_corp_search
=
$in_corp_network
||
378
.
get_age(user_get_basic_info_attr(
$user
,
'
birthday
'
))
>=
21
;
379
.
$pending_hs
=
is_hs_pending_user(
$user
);
380
.
$hs_id
=
null
;
381
.
$hs_name
=
null
;
382
.
if
(
$pending_hs
) {
383
.
foreach
(id_get_pending_networks(
$user
)
as
$network
) {
384
.
if
(extract_network_type(
$network
[
'
network_key
'
])
==
$GLOBALS
[
'
TYPE_HS
'
]) {
385
.
$hs_id
=
$network
[
'
network_key
'
];
386
.
$hs_name
=
network_get_name(
$hs_id
);
387
.
break
;
388
.
}
389
.
}
390
.
}
391
.
//
$orientation_people = orientation_get_friend_and_inviter_ids($user);
392
.
$orientation_people
=
array
(
'
friends
'
=>
user_get_all_friends(
$user
)
,
393
.
'
pending
'
=>
array_keys
(user_get_friend_requests(
$user
))
,
394
.
'
inviters
'
=>
array
()
,
//
wc: don't show inviters for now
395
.
);
396
.
$orientation_info
=
array_merge
(
$orientation_people
,
397
.
array
(
'
network_names
'
=>
$network_names
,
398
.
'
show_corp_search
'
=>
$show_corp_search
,
399
.
'
pending_hs
'
=>
array
(
'
hs_id
'
=>
$hs_id
,
400
.
'
hs_name
'
=>
$hs_name
)
,
401
.
'
user
'
=>
$user
,
402
.
));
403
.
tpl_set(
'
orientation_info
'
,
$orientation_info
);
404
.
405
.
tpl_set(
'
simple_orientation_first_login
'
,
$get_o
);
//
unused right now
406
.
}
407
.
408
.
409
.
//
Roughly determine page length for ads
410
.
//
first, try page length using right-hand panel
411
.
$ads_page_length_data
=
3
+
//
3 for profile pic + next step
412
.
(
$show_friend_finder
?
1
:
0
)
+
413
.
(
$show_status
?
(
$status_custom
?
count
(
$friends_status
)
:
0
)
:
0
)
+
414
.
(
$show_monetization_box
?
1
:
0
)
+
415
.
(
$show_birthdays
?
count
(
$birthdays
)
:
0
)
+
416
.
count
(
$new_pokes
);
417
.
418
.
//
page length using feed stories
419
.
if
(
$orientation
) {
420
.
$ads_page_length_data
=
max
(
$ads_page_length_data
,
count
(
$stories
)
*
5
);
421
.
}
422
.
tpl_set(
'
ads_page_length_data
'
,
$ads_page_length_data
);
423
.
424
.
$feed_stories
=
null
;
425
.
if
(
!
$orientation
) {
//
if they're not in orientation they get other cool stuff
426
.
//
ad_insert: the ad type to try to insert for the user
427
.
//
(0 if we don't want to try an insert)
428
.
$ad_insert
=
get_site_variable(
'
FEED_ADS_ENABLE_INSERTS
'
);
429
.
430
.
$feed_off
=
false
;
431
.
432
.
if
(check_super(
$user
)
&&
$get_feeduser
){
433
.
$feed_stories
=
user_get_displayable_stories(
$get_feeduser
,
0
,
null
,
$ad_insert
);
434
.
}
else
if
(can_see(
$user
,
$user
,
'
feed
'
)) {
435
.
$feed_stories
=
user_get_displayable_stories(
$user
,
0
,
null
,
$ad_insert
);
436
.
}
else
{
437
.
$feed_off
=
true
;
438
.
}
439
.
440
.
//
Friend's Feed Selector - Requires dev.php constant
441
.
if
(is_friendfeed_user(
$user
)) {
442
.
$friendfeed
=
array
();
443
.
$friendfeed
[
'
feeduser
'
]
=
$get_feeduser
;
444
.
$friendfeed
[
'
feeduser_name
'
]
=
user_get_name(
$get_feeduser
);
445
.
$friendfeed
[
'
friends
'
]
=
user_get_all_friends(
$user
);
446
.
tpl_set(
'
friendfeed
'
,
$friendfeed
);
447
.
}
448
.
449
.
$feed_stories
=
feed_adjust_timezone(
$user
,
$feed_stories
);
450
.
451
.
tpl_set(
'
feed_off
'
,
$feed_off
?
redirect(
'
privacy.php?view=feeds
'
,
null
,
false
)
:
false
);
452
.
}
453
.
tpl_set(
'
feed_stories
'
,
$feed_stories
);
454
.
455
.
render_template(
$_SERVER
[
'
PHP_ROOT
'
]
.
'
/html/home.phpt
'
);
--------------------------------------
上午从TC看到FaceBook源代码遭泄漏 ,刚才去看TC的该页面,已经做了两点更新,下面跟大家分享一下:其一是FaceBook的Brandee Barker在评论留言中解释了一下造成此事的原因,另一件就是该文章作者Nik Cubrilovic在自己的博客上给出了预防PHP源代码泄漏的方法。
先说说第一件:FB官方给出的解释是,少数用户利用某台服务器的配置错误将源码泄漏出来,并且现在已经修复了此错误,且声明这不是安全缺口所以对用 私人数据并不会造成影响。不管是服务器配置错误或者符合超载,看来造成此事的原因是apache和mod_php将未经解释的源代码直接输出。(原文)
Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.
第二件Nik在博客上写了四条预防PHP源代码泄漏 的方法:
1)使用mod_security 过滤输出严防泄漏 Use mod_security to filter output and prevent leakage (例如)