diff options
| author | Mario <mario@mariovavti.com> | 2023-07-11 18:57:18 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2023-07-11 18:57:18 +0000 |
| commit | 63fb8d03929189bfc8cbf53d23cb79984fe2c3cd (patch) | |
| tree | b9f74bd8c7721dca7ece251fdbb9a7c4fe9b949a /Zotlabs/Module/Oep.php | |
| parent | 57796a2f962d045445cbf69237bb3d6786e4d0d4 (diff) | |
| parent | 384de0925e502cfa8fe6ca287530ef5529fdff10 (diff) | |
| download | volse-hubzilla-63fb8d03929189bfc8cbf53d23cb79984fe2c3cd.tar.gz volse-hubzilla-63fb8d03929189bfc8cbf53d23cb79984fe2c3cd.tar.bz2 volse-hubzilla-63fb8d03929189bfc8cbf53d23cb79984fe2c3cd.zip | |
Merge branch '8.6RC'8.6
Diffstat (limited to 'Zotlabs/Module/Oep.php')
| -rw-r--r-- | Zotlabs/Module/Oep.php | 52 |
1 files changed, 35 insertions, 17 deletions
diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index bf17e6436..37a46a23e 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -28,7 +28,6 @@ class Oep extends \Zotlabs\Web\Controller { $format = $_REQUEST['format'] ?? ''; if($format && $format !== 'json') http_status_exit(501, 'Not implemented'); - if(fnmatch('*/photos/*/album/*',$url)) $arr = $this->oep_album_reply($_REQUEST); elseif(fnmatch('*/photos/*/image/*',$url)) @@ -95,12 +94,12 @@ class Oep extends \Zotlabs\Web\Controller { $c = channelx_by_n($p[0]['uid']); - if(! ($c && $res)) return; - if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream')) + if(! perm_is_allowed($c['channel_id'], get_observer_hash(), 'view_stream')) { return; + } $sql_extra = item_permissions_sql($c['channel_id']); @@ -336,32 +335,51 @@ class Oep extends \Zotlabs\Web\Controller { $maxwidth = ((isset($args['maxwidth'])) ? $args['maxwidth'] : 0); $maxheight = ((isset($args['maxheight'])) ? $args['maxheight'] : 0); - if(preg_match('#//(.*?)/(.*?)/(.*?)/(.*?)mid\=(.*?)(&|$)#',$url,$matches)) { - $chn = $matches[3]; - $res = $matches[5]; + $parsed = parse_url($url); + if (empty($parsed['path'])) { + return; } - if(! ($chn && $res)) + $nick = basename($parsed['path']); + if (!$nick) { return; + } - $c = q("select * from channel where channel_address = '%s' limit 1", - dbesc($chn) - ); + if (empty($parsed['query'])) { + return; + } - if(! $c) + parse_str($parsed['query'], $query); + + if (empty($query['mid'])) { return; + } - if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream')) + $mid = unpack_link_id($query['mid']); + if (!$mid) { return; + } - $sql_extra = item_permissions_sql($c[0]['channel_id']); + $c = channelx_by_nick($nick); + if(! $c) { + return; + } - $p = q("select * from item where mid = '%s' and uid = %d $sql_extra limit 1", - dbesc($res), - intval($c[0]['channel_id']) + if(! perm_is_allowed($c['channel_id'], get_observer_hash(), 'view_stream')) { + return; + } + + $sql_extra = item_permissions_sql($c['channel_id']); + $item_normal = item_normal(); + + $p = q("select * from item where mid = '%s' and uid = %d $sql_extra $item_normal limit 1", + dbesc($mid), + intval($c['channel_id']) ); - if(! $p) + + if(! $p) { return; + } xchan_query($p,true); $p = fetch_post_tags($p,true); |