aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-06-14 16:35:38 -0700
committerfriendica <info@friendica.com>2014-06-14 16:35:38 -0700
commitb67c8ec8b99f5a552c08afaedf022b088e55ef47 (patch)
treed4deaf9e189406526214e836ff998beb31679228
parent794cded66e521cdc581e00e4c432694c3117cfed (diff)
downloadvolse-hubzilla-b67c8ec8b99f5a552c08afaedf022b088e55ef47.tar.gz
volse-hubzilla-b67c8ec8b99f5a552c08afaedf022b088e55ef47.tar.bz2
volse-hubzilla-b67c8ec8b99f5a552c08afaedf022b088e55ef47.zip
webpage permissions weirdness
-rwxr-xr-xinclude/items.php14
-rw-r--r--mod/item.php23
2 files changed, 22 insertions, 15 deletions
diff --git a/include/items.php b/include/items.php
index c0a3a741e..434417751 100755
--- a/include/items.php
+++ b/include/items.php
@@ -2117,7 +2117,7 @@ function item_store_update($arr,$allow_exec = false) {
unset($arr['llink']);
$arr['edited'] = ((x($arr,'edited') !== false) ? datetime_convert('UTC','UTC',$arr['edited']) : datetime_convert());
- $arr['expires'] = ((x($arr,'expires') !== false) ? datetime_convert('UTC','UTC',$arr['expires']) : $orig[0]['expires']);
+ $arr['expires'] = ((x($arr,'expires') !== false) ? datetime_convert('UTC','UTC',$arr['expires']) : $orig[0]['expires']);
$arr['commented'] = $orig[0]['commented'];
$arr['received'] = datetime_convert();
$arr['changed'] = datetime_convert();
@@ -2130,11 +2130,13 @@ function item_store_update($arr,$allow_exec = false) {
$arr['tgt_type'] = ((x($arr,'tgt_type')) ? notags(trim($arr['tgt_type'])) : $orig[0]['tgt_type']);
$arr['target'] = ((x($arr,'target')) ? trim($arr['target']) : $orig[0]['target']);
$arr['plink'] = ((x($arr,'plink')) ? notags(trim($arr['plink'])) : $orig[0]['plink']);
- $arr['allow_cid'] = ((x($arr,'allow_cid')) ? trim($arr['allow_cid']) : $orig[0]['allow_cid']);
- $arr['allow_gid'] = ((x($arr,'allow_gid')) ? trim($arr['allow_gid']) : $orig[0]['allow_gid']);
- $arr['deny_cid'] = ((x($arr,'deny_cid')) ? trim($arr['deny_cid']) : $orig[0]['deny_cid']);
- $arr['deny_gid'] = ((x($arr,'deny_gid')) ? trim($arr['deny_gid']) : $orig[0]['deny_gid']);
- $arr['item_private'] = ((x($arr,'item_private')) ? intval($arr['item_private']) : $orig[0]['item_private']);
+
+ $arr['allow_cid'] = ((array_key_exists('allow_cid',$arr)) ? trim($arr['allow_cid']) : $orig[0]['allow_cid']);
+ $arr['allow_gid'] = ((array_key_exists('allow_gid',$arr)) ? trim($arr['allow_gid']) : $orig[0]['allow_gid']);
+ $arr['deny_cid'] = ((array_key_exists('deny_cid',$arr)) ? trim($arr['deny_cid']) : $orig[0]['deny_cid']);
+ $arr['deny_gid'] = ((array_key_exists('deny_gid',$arr)) ? trim($arr['deny_gid']) : $orig[0]['deny_gid']);
+ $arr['item_private'] = ((array_key_exists('item_private',$arr)) ? intval($arr['item_private']) : $orig[0]['item_private']);
+
$arr['body'] = ((x($arr,'body')) ? trim($arr['body']) : '');
$arr['attach'] = ((x($arr,'attach')) ? notags(trim($arr['attach'])) : $orig[0]['attach']);
$arr['app'] = ((x($arr,'app')) ? notags(trim($arr['app'])) : $orig[0]['app']);
diff --git a/mod/item.php b/mod/item.php
index 68582e580..7b105ee65 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -46,7 +46,7 @@ function item_post(&$a) {
call_hooks('post_local_start', $_REQUEST);
-// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
+ logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
@@ -262,14 +262,19 @@ function item_post(&$a) {
if($orig_post) {
- $str_group_allow = ((array_key_exists('group_allow',$_REQUEST))
- ? perms2str($_REQUEST['group_allow']) : $orig_post['allow_gid']);
- $str_contact_allow = ((array_key_exists('contact_allow',$_REQUEST))
- ? perms2str($_REQUEST['contact_allow']) : $orig_post['allow_cid']);
- $str_group_deny = ((array_key_exists('group_deny',$_REQUEST))
- ? perms2str($_REQUEST['group_deny']) : $orig_post['deny_gid']);
- $str_contact_deny = ((array_key_exists('contact_deny',$_REQUEST))
- ? perms2str($_REQUEST['contact_deny']) : $orig_post['deny_cid']);
+ // webpages are allowed to change ACLs after the fact. Normal conversation items aren't.
+ if($webpage) {
+ $str_group_allow = perms2str($_REQUEST['group_allow']);
+ $str_contact_allow = perms2str($_REQUEST['contact_allow']);
+ $str_group_deny = perms2str($_REQUEST['group_deny']);
+ $str_contact_deny = perms2str($_REQUEST['contact_deny']);
+ }
+ else {
+ $str_group_allow = $orig_post['allow_gid'];
+ $str_contact_allow = $orig_post['allow_cid'];
+ $str_group_deny = $orig_post['deny_gid'];
+ $str_contact_deny = $orig_post['deny_cid'];
+ }
$location = $orig_post['location'];
$coord = $orig_post['coord'];
$verb = $orig_post['verb'];