diff options
| author | friendica <info@friendica.com> | 2014-06-14 16:35:38 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-06-14 16:35:38 -0700 |
| commit | b67c8ec8b99f5a552c08afaedf022b088e55ef47 (patch) | |
| tree | d4deaf9e189406526214e836ff998beb31679228 | |
| parent | 794cded66e521cdc581e00e4c432694c3117cfed (diff) | |
| download | volse-hubzilla-b67c8ec8b99f5a552c08afaedf022b088e55ef47.tar.gz volse-hubzilla-b67c8ec8b99f5a552c08afaedf022b088e55ef47.tar.bz2 volse-hubzilla-b67c8ec8b99f5a552c08afaedf022b088e55ef47.zip | |
webpage permissions weirdness
| -rwxr-xr-x | include/items.php | 14 | ||||
| -rw-r--r-- | mod/item.php | 23 |
2 files changed, 22 insertions, 15 deletions
diff --git a/include/items.php b/include/items.php index c0a3a741e..434417751 100755 --- a/include/items.php +++ b/include/items.php @@ -2117,7 +2117,7 @@ function item_store_update($arr,$allow_exec = false) { unset($arr['llink']); $arr['edited'] = ((x($arr,'edited') !== false) ? datetime_convert('UTC','UTC',$arr['edited']) : datetime_convert()); - $arr['expires'] = ((x($arr,'expires') !== false) ? datetime_convert('UTC','UTC',$arr['expires']) : $orig[0]['expires']); + $arr['expires'] = ((x($arr,'expires') !== false) ? datetime_convert('UTC','UTC',$arr['expires']) : $orig[0]['expires']); $arr['commented'] = $orig[0]['commented']; $arr['received'] = datetime_convert(); $arr['changed'] = datetime_convert(); @@ -2130,11 +2130,13 @@ function item_store_update($arr,$allow_exec = false) { $arr['tgt_type'] = ((x($arr,'tgt_type')) ? notags(trim($arr['tgt_type'])) : $orig[0]['tgt_type']); $arr['target'] = ((x($arr,'target')) ? trim($arr['target']) : $orig[0]['target']); $arr['plink'] = ((x($arr,'plink')) ? notags(trim($arr['plink'])) : $orig[0]['plink']); - $arr['allow_cid'] = ((x($arr,'allow_cid')) ? trim($arr['allow_cid']) : $orig[0]['allow_cid']); - $arr['allow_gid'] = ((x($arr,'allow_gid')) ? trim($arr['allow_gid']) : $orig[0]['allow_gid']); - $arr['deny_cid'] = ((x($arr,'deny_cid')) ? trim($arr['deny_cid']) : $orig[0]['deny_cid']); - $arr['deny_gid'] = ((x($arr,'deny_gid')) ? trim($arr['deny_gid']) : $orig[0]['deny_gid']); - $arr['item_private'] = ((x($arr,'item_private')) ? intval($arr['item_private']) : $orig[0]['item_private']); + + $arr['allow_cid'] = ((array_key_exists('allow_cid',$arr)) ? trim($arr['allow_cid']) : $orig[0]['allow_cid']); + $arr['allow_gid'] = ((array_key_exists('allow_gid',$arr)) ? trim($arr['allow_gid']) : $orig[0]['allow_gid']); + $arr['deny_cid'] = ((array_key_exists('deny_cid',$arr)) ? trim($arr['deny_cid']) : $orig[0]['deny_cid']); + $arr['deny_gid'] = ((array_key_exists('deny_gid',$arr)) ? trim($arr['deny_gid']) : $orig[0]['deny_gid']); + $arr['item_private'] = ((array_key_exists('item_private',$arr)) ? intval($arr['item_private']) : $orig[0]['item_private']); + $arr['body'] = ((x($arr,'body')) ? trim($arr['body']) : ''); $arr['attach'] = ((x($arr,'attach')) ? notags(trim($arr['attach'])) : $orig[0]['attach']); $arr['app'] = ((x($arr,'app')) ? notags(trim($arr['app'])) : $orig[0]['app']); diff --git a/mod/item.php b/mod/item.php index 68582e580..7b105ee65 100644 --- a/mod/item.php +++ b/mod/item.php @@ -46,7 +46,7 @@ function item_post(&$a) { call_hooks('post_local_start', $_REQUEST); -// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA); + logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA); $api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false); @@ -262,14 +262,19 @@ function item_post(&$a) { if($orig_post) { - $str_group_allow = ((array_key_exists('group_allow',$_REQUEST)) - ? perms2str($_REQUEST['group_allow']) : $orig_post['allow_gid']); - $str_contact_allow = ((array_key_exists('contact_allow',$_REQUEST)) - ? perms2str($_REQUEST['contact_allow']) : $orig_post['allow_cid']); - $str_group_deny = ((array_key_exists('group_deny',$_REQUEST)) - ? perms2str($_REQUEST['group_deny']) : $orig_post['deny_gid']); - $str_contact_deny = ((array_key_exists('contact_deny',$_REQUEST)) - ? perms2str($_REQUEST['contact_deny']) : $orig_post['deny_cid']); + // webpages are allowed to change ACLs after the fact. Normal conversation items aren't. + if($webpage) { + $str_group_allow = perms2str($_REQUEST['group_allow']); + $str_contact_allow = perms2str($_REQUEST['contact_allow']); + $str_group_deny = perms2str($_REQUEST['group_deny']); + $str_contact_deny = perms2str($_REQUEST['contact_deny']); + } + else { + $str_group_allow = $orig_post['allow_gid']; + $str_contact_allow = $orig_post['allow_cid']; + $str_group_deny = $orig_post['deny_gid']; + $str_contact_deny = $orig_post['deny_cid']; + } $location = $orig_post['location']; $coord = $orig_post['coord']; $verb = $orig_post['verb']; |