diff options
| author | Mario Vavti <mario@mariovavti.com> | 2017-03-08 09:39:46 +0100 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2017-03-08 09:39:46 +0100 |
| commit | bc2b948f1f6e62b1c277a4042200bb6678956f3f (patch) | |
| tree | 8586c30e495607eee23f16c0aad40974f0711275 /Zotlabs/Module/Display.php | |
| parent | 23e3e2c50499fab52769929a448e73012fd915af (diff) | |
| parent | ff9442474d07cce24c8f66db39ec34471c3874a2 (diff) | |
| download | volse-hubzilla-2.2.tar.gz volse-hubzilla-2.2.tar.bz2 volse-hubzilla-2.2.zip | |
Merge branch 2.2RC2.2
Diffstat (limited to 'Zotlabs/Module/Display.php')
| -rw-r--r-- | Zotlabs/Module/Display.php | 61 |
1 files changed, 32 insertions, 29 deletions
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 42f6dd4ac..a4d59a1b6 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -1,12 +1,17 @@ <?php namespace Zotlabs\Module; +require_once("include/bbcode.php"); +require_once('include/security.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); +require_once('include/items.php'); class Display extends \Zotlabs\Web\Controller { function get($update = 0, $load = false) { - + $checkjs = new \Zotlabs\Web\CheckJS(1); if($load) @@ -18,30 +23,21 @@ class Display extends \Zotlabs\Web\Controller { return; } - require_once("include/bbcode.php"); - require_once('include/security.php'); - require_once('include/conversation.php'); - require_once('include/acl_selectors.php'); - require_once('include/items.php'); - - - \App::$page['htmlhead'] .= replace_macros(get_markup_template('display-head.tpl'), array()); - + if(argc() > 1 && argv(1) !== 'load') $item_hash = argv(1); - if($_REQUEST['mid']) $item_hash = $_REQUEST['mid']; - - - if(! $item_hash) { + + if(! $item_hash) { \App::$error = 404; notice( t('Item not found.') . EOL); return; } $observer_is_owner = false; + $updateable = false; if(local_channel() && (! $update)) { @@ -93,9 +89,15 @@ class Display extends \Zotlabs\Web\Controller { // find a copy of the item somewhere $target_item = null; - + + if(strpos($item_hash,'b64.') === 0) + $decoded = @base64url_decode(substr($item_hash,4)); + if($decoded) + $item_hash = $decoded; + $r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1", - dbesc($item_hash . '%') + dbesc($item_hash . '%'), + dbesc($decoded . '%') ); if($r) { @@ -180,10 +182,9 @@ class Display extends \Zotlabs\Web\Controller { $item_normal = item_normal(); $sql_extra = public_permissions_sql($observer_hash); - + if(($update && $load) || ($checkjs->disabled())) { - $updateable = false; $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']),intval(\App::$pager['start'])); @@ -193,9 +194,9 @@ class Display extends \Zotlabs\Web\Controller { require_once('include/channel.php'); $sys = get_sys_channel(); $sysid = $sys['channel_id']; - + if(local_channel()) { - $r = q("SELECT * from item + $r = q("SELECT item.id as item_id from item WHERE uid = %d and mid = '%s' $item_normal @@ -209,6 +210,7 @@ class Display extends \Zotlabs\Web\Controller { } } + if($r === null) { // in case somebody turned off public access to sys channel content using permissions @@ -218,7 +220,7 @@ class Display extends \Zotlabs\Web\Controller { $sysid = 0; - $r = q("SELECT * from item + $r = q("SELECT item.id as item_id from item WHERE mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) @@ -241,11 +243,11 @@ class Display extends \Zotlabs\Web\Controller { require_once('include/channel.php'); $sys = get_sys_channel(); $sysid = $sys['channel_id']; - + if(local_channel()) { - $r = q("SELECT * from item + $r = q("SELECT item.parent AS item_id from item WHERE uid = %d - and mid = '%s' + and parent_mid = '%s' $item_normal $simple_update limit 1", @@ -256,14 +258,15 @@ class Display extends \Zotlabs\Web\Controller { $updateable = true; } } + if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner_xchan can't match if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) $sysid = 0; - $r = q("SELECT * from item - WHERE mid = '%s' + $r = q("SELECT item.parent AS item_id from item + WHERE parent_mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) @@ -285,7 +288,7 @@ class Display extends \Zotlabs\Web\Controller { if($r) { - $parents_str = ids_to_querystr($r,'id'); + $parents_str = ids_to_querystr($r,'item_id'); if($parents_str) { $items = q("SELECT item.*, item.id AS item_id @@ -315,10 +318,10 @@ class Display extends \Zotlabs\Web\Controller { if($updateable) { $x = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 AND uid = %d and parent = %d ", intval(local_channel()), - intval($r[0]['parent']) + intval($r[0]['item_id']) ); } - + $o .= '<div id="content-complete"></div>'; return $o; |