aboutsummaryrefslogblamecommitdiffstats
path: root/mod/item.php
blob: e0497af7a54e79e240915d6fa1365252d04e706a (plain) (tree) 
6348e70da


7e16f8cda

c6267a2cd

7e16f8cda

6348e70da


6695b4a20

6348e70da







c4f31ec65









f937de932

c4f31ec65




6348e70da

e0e2a032c

6348e70da

25567fa04

6348e70da


7e16f8cda











c6267a2cd

7e16f8cda













c6267a2cd

7e16f8cda



6348e70da

e0e2a032c

7e16f8cda

e0e2a032c


f937de932


e0e2a032c


f937de932

aff4f63ff


6348e70da

aff4f63ff

6348e70da

5e4df4b3f

6348e70da

f937de932

6348e70da

f937de932










bec3d15c5



f937de932

6348e70da




9b0584e59





6348e70da




6817c5d59

9b0584e59



6348e70da

f937de932

6348e70da

5e4df4b3f



6348e70da


9b0584e59

7e16f8cda






6348e70da

9b0584e59


6348e70da


c4f31ec65

e0e2a032c

c4f31ec65


e0e2a032c



c4f31ec65






4631a3c28




c4f31ec65


e0e2a032c


6348e70da

e0e2a032c


9b0584e59

6348e70da


9b0584e59



6348e70da

9cc49f27e

9b0584e59

9cc49f27e

aff4f63ff

bec3d15c5

9cc49f27e

6348e70da

6695b4a20

f937de932

6348e70da

1
2

3

4

5

6
7

8

9
10
11
12
13
14
15

16
17
18
19
20
21
22
23
24

25

26
27
28
29

30

31

32

33

34
35

36
37
38
39
40
41
42
43
44
45
46

47

48
49
50
51
52
53
54
55
56
57
58
59
60

61

62
63
64

65

66

67

68
69

70
71

72
73

74

75
76

77

78

79

80

81

82

83

84
85
86
87
88
89
90
91
92
93

94
95
96

97

98
99
100
101

102
103
104
105
106

107
108
109
110

111

112
113
114

115

116

117

118
119
120

121
122

123

124
125
126
127
128
129

130

131
132

133
134

135

136

137
138

139
140
141

142
143
144
145
146
147

148
149
150
151

152
153

154
155

156

157
158

159

160
161

162
163
164

165

166

167

168

169

170

171

172

173

174

175


     
                               
                                                        
 

                         
 






                                                                        








                                                                        
                                                                            



                                     
                                                                                       
 
                                               
                                                    

                       










                                                            
                                                          












                                                                
                                                         


                                                              
 
                                                  
 

                                                       

                                                                    

         
                                      

                                                                              
                                                      
         
              
                                                                                         
                                                  
                             
                                                  









                                                                                 


                                                                 
                                                                              



                                                




                                                                                                     



                                             
 


                                                                                                                          
                                             
                                              
                                            


                                                        

                                           
                                    





                                                                 
                  

                                                                            

                                               
 
                                     

                                                                                                           


                                                                                                 





                                                                                                                                      



                                                                         

                                                        

                              
                                                   

                         
                                                                                                                     

                                                         


                                                                                          
                 
 
                                         
 
                                                                                                                      
                                       
 
         
                                                            
                             
 
<?php

function sanitise_acl(&$item) {
	$item = '<' . intval(notags(trim($item))) . '>';
}

function item_post(&$a) {

	if((! local_user()) && (! remote_user()))
		return;

	require_once('include/security.php');

	$uid = $_SESSION['uid'];
	$parent = ((x($_POST,'parent')) ? intval($_POST['parent']) : 0);

	$parent_item = null;

	if($parent) {
		$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
			intval($parent)
		);
		if(! count($r)) {
			notice("Unable to locate original post." . EOL);
			goaway($a->get_baseurl() . "/" . $_POST['return'] );
		}
		$parent_item = $r[0];
	}

	$profile_uid = ((x($_POST,'profile_uid')) ? intval($_POST['profile_uid']) : 0);

	if(! can_write_wall($a,$profile_uid)) {
		notice("Permission denied." . EOL) ;
		return;
	}
	
	$str_group_allow = '';
	$group_allow = $_POST['group_allow'];
	if(is_array($group_allow)) {
		array_walk($group_allow,'sanitise_acl');
		$str_group_allow = implode('',$group_allow);
	}

	$str_contact_allow = '';
	$contact_allow = $_POST['contact_allow'];
	if(is_array($contact_allow)) {
		array_walk($contact_allow,'sanitise_acl');
		$str_contact_allow = implode('',$contact_allow);
	}

	$str_group_deny = '';
	$group_deny = $_POST['group_deny'];
	if(is_array($group_deny)) {
		array_walk($group_deny,'sanitise_acl');
		$str_group_deny = implode('',$group_deny);
	}

	$str_contact_deny = '';
	$contact_deny = $_POST['contact_deny'];
	if(is_array($contact_deny)) {
		array_walk($contact_deny,'sanitise_acl');
		$str_contact_deny = implode('',$contact_deny);
	}


	$body = escape_tags(trim($_POST['body']));

	if(! strlen($body)) {
		notice("Empty post discarded." . EOL );
		goaway($a->get_baseurl() . "/" . $_POST['return'] );

	}

	// get contact info for poster

	if((x($_SESSION,'visitor_id')) && (intval($_SESSION['visitor_id']))) {
		$contact_id = $_SESSION['visitor_id'];
	}
	else {
		$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
			intval($_SESSION['uid']));
		if(count($r))
			$contact_id = $r[0]['id'];
	}

	// get contact info for owner
	
	$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
		intval($profile_uid)
	);
	if(count($r))
		$contact_record = $r[0];


	$notify_type = (($parent) ? 'comment-new' : 'wall-new' );

	if(($_POST['type'] == 'wall') || ($_POST['type'] == 'wall-comment')) {

		do {
			$dups = false;
			$hash = random_string();

			$uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $profile_uid . ':' . $hash;

			$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
			dbesc($uri));
			if(count($r))
				$dups = true;
		} while($dups == true);


		$r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `created`,
			`edited`, `uri`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)
			VALUES( %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
			intval($profile_uid),
			dbesc($_POST['type']),
			intval($contact_id),
			dbesc($contact_record['name']),
			dbesc($contact_record['url']),
			dbesc($contact_record['thumb']),
			datetime_convert(),
			datetime_convert(),
			dbesc($uri),
			dbesc(escape_tags(trim($_POST['body']))),
			dbesc($str_contact_allow),
			dbesc($str_group_allow),
			dbesc($str_contact_deny),
			dbesc($str_group_deny)

		);
		$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
			dbesc($uri));
		if(count($r)) {
			$post_id = $r[0]['id'];

			if($parent) {

				// This item is the last leaf and gets the comment box, clear any ancestors
				$r = q("UPDATE `item` SET `last-child` = 0 WHERE `parent` = %d ",
					intval($parent)
				);

				// Inherit ACL's from the parent item.
				// TODO merge with subsequent UPDATE operation and save a db write 

				$r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
					WHERE `id` = %d LIMIT 1",
					dbesc($parent_item['allow_cid']),
					dbesc($parent_item['allow_gid']),
					dbesc($parent_item['deny_cid']),
					dbesc($parent_item['deny_gid']),
					intval($post_id)
				);
			}
			else {
				$parent = $post_id;
			}

			$r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `last-child` = 1, `visible` = 1
				WHERE `id` = %d LIMIT 1",
				intval($parent),
				dbesc(($parent == $post_id) ? $uri : $parent_item['uri']),
				intval($post_id)
			);
		}

		$url = $a->get_baseurl();

		proc_close(proc_open("php include/notifier.php \"$url\" \"$notify_type\" \"$post_id\" > notify.log &",
			array(),$foo));

	}
	goaway($a->get_baseurl() . "/" . $_POST['return'] );
	return; // NOTREACHED
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 19:42:36 +0000