aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
authorMax Kostikov <max@kostikov.co>2020-12-19 22:02:51 +0100
committerMax Kostikov <max@kostikov.co>2020-12-19 22:02:51 +0100
commit116fc4e00df8f0a232289bc3fce37f8fc16f1c9d (patch)
tree0d1cc173d40f620626dff401333d7756975e8fc2 /Zotlabs/Module
parent600dcdfc583ab671fc61ff957ad7fd1a3a0c547d (diff)
parent57f6f54f29623972abc980b5e87c7933e32d1d3a (diff)
downloadvolse-hubzilla-116fc4e00df8f0a232289bc3fce37f8fc16f1c9d.tar.gz
volse-hubzilla-116fc4e00df8f0a232289bc3fce37f8fc16f1c9d.tar.bz2
volse-hubzilla-116fc4e00df8f0a232289bc3fce37f8fc16f1c9d.zip
Merge branch 'dev' into 'dev'
Dev sync See merge request kostikov/core!4
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Attach_edit.php203
-rw-r--r--Zotlabs/Module/Cdav.php29
-rw-r--r--Zotlabs/Module/Cloud.php20
-rw-r--r--Zotlabs/Module/Dav.php7
-rw-r--r--Zotlabs/Module/File_upload.php20
-rw-r--r--Zotlabs/Module/Filestorage.php17
-rw-r--r--Zotlabs/Module/Import.php12
-rw-r--r--Zotlabs/Module/Item.php463
-rw-r--r--Zotlabs/Module/Lockview.php60
-rw-r--r--Zotlabs/Module/Owa.php20
-rw-r--r--Zotlabs/Module/Rpost.php64
11 files changed, 563 insertions, 352 deletions
diff --git a/Zotlabs/Module/Attach_edit.php b/Zotlabs/Module/Attach_edit.php
new file mode 100644
index 000000000..5880d8f13
--- /dev/null
+++ b/Zotlabs/Module/Attach_edit.php
@@ -0,0 +1,203 @@
+<?php
+namespace Zotlabs\Module;
+/**
+ * @file Zotlabs/Module/Attach_edit.php
+ *
+ */
+
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Libsync;
+use Zotlabs\Access\AccessList;
+
+class Attach_edit extends Controller {
+
+ function post() {
+
+ if (!local_channel() && !remote_channel()) {
+ return;
+ }
+
+ $attach_ids = ((x($_POST, 'attach_ids')) ? $_POST['attach_ids'] : []);
+ $attach_id = ((x($_POST, 'attach_id')) ? intval($_POST['attach_id']) : 0);
+ $channel_id = ((x($_POST, 'channel_id')) ? intval($_POST['channel_id']) : 0);
+ $dnd = ((x($_POST, 'dnd')) ? intval($_POST['dnd']) : 0);
+ $permissions = ((x($_POST, 'permissions')) ? intval($_POST['permissions']) : 0);
+ $return_path = ((x($_POST, 'return_path')) ? notags($_POST['return_path']) : 'cloud');
+ $delete = ((x($_POST, 'delete')) ? intval($_POST['delete']) : 0);
+ $newfolder = ((x($_POST, 'newfolder_' . $attach_id)) ? notags($_POST['newfolder_' . $attach_id]) : '');
+ if(! $newfolder)
+ $newfolder = ((x($_POST, 'newfolder')) ? notags($_POST['newfolder']) : '');
+ $newfilename = ((x($_POST, 'newfilename_' . $attach_id)) ? notags($_POST['newfilename_' . $attach_id]) : '');
+ $recurse = ((x($_POST, 'recurse_' . $attach_id)) ? intval($_POST['recurse_' . $attach_id]) : 0);
+ if(! $recurse)
+ $recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0);
+ $notify = ((x($_POST, 'notify_edit_' . $attach_id)) ? intval($_POST['notify_edit_' . $attach_id]) : 0);
+ $copy = ((x($_POST, 'copy_' . $attach_id)) ? intval($_POST['copy_' . $attach_id]) : 0);
+ if(! $copy)
+ $copy = ((x($_POST, 'copy')) ? intval($_POST['copy']) : 0);
+
+ $categories = ((x($_POST, 'categories_' . $attach_id)) ? notags($_POST['categories_' . $attach_id]) : '');
+ if(! $categories)
+ $categories = ((x($_POST, 'categories')) ? notags($_POST['categories']) : '');
+
+ if($attach_id)
+ $attach_ids[] = $attach_id;
+
+ $single = ((count($attach_ids) === 1) ? true : false);
+
+ $channel = channelx_by_n($channel_id);
+
+ if (! $channel) {
+ notice(t('Channel not found.') . EOL);
+ return;
+ }
+
+ $nick = $channel['channel_address'];
+ $observer = App::get_observer();
+ $observer_hash = (($observer) ? $observer['xchan_hash'] : '');
+ $is_owner = ((local_channel() == $channel_id) ? true : false);
+
+ $ids_str = implode(',', $attach_ids);
+
+ $r = q("SELECT id, uid, hash, creator, folder, filename, is_photo, is_dir FROM attach WHERE id IN ( %s ) AND uid = %d",
+ dbesc($ids_str),
+ intval($channel_id)
+ );
+
+ if (! $r) {
+ notice(t('File not found.') . EOL);
+ return;
+ }
+
+ foreach ($r as $rr) {
+ $actions_done = '';
+ $attach_id = $rr['id'];
+ $resource = $rr['hash'];
+ $creator = $rr['creator'];
+ $folder = $rr['folder'];
+ $filename = $rr['filename'];
+ $is_photo = intval($rr['is_photo']);
+ $is_dir = intval($rr['is_dir']);
+ $admin_delete = false;
+
+ $is_creator = (($creator == $observer_hash) ? true : false);
+ $move = ((! $copy && ($folder !== $newfolder || (($single) ? $filename !== $newfilename : false))) ? true : false);
+
+ $perms = get_all_perms($channel_id, $observer_hash);
+
+ if (! ($perms['view_storage'] || is_site_admin())) {
+ notice( t('Permission denied.') . EOL);
+ continue;
+ }
+
+ if (! $perms['write_storage']) {
+ if (is_site_admin()) {
+ $admin_delete = true;
+ }
+ else {
+ notice( t('Permission denied.') . EOL);
+ continue;
+ }
+ }
+
+ if (!$is_owner && !$admin_delete) {
+ if(! $is_creator) {
+ notice( t('Permission denied.') . EOL);
+ continue;
+ }
+ }
+
+ if ($delete) {
+ attach_delete($channel_id, $resource, $is_photo);
+ $actions_done .= 'delete,';
+ }
+
+ if ($copy) {
+ if($is_dir && $resource == $newfolder) {
+ notice( t('Can not copy folder into itself.') . EOL);
+ continue;
+ }
+ $x = attach_copy($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
+ if ($x['success'])
+ $resource = $x['resource_id'];
+
+ $actions_done .= 'copy,';
+
+ }
+
+ if ($move) {
+ if($is_dir && $resource == $newfolder) {
+ notice( sprintf(t('Can not move folder "%s" into itself.'), $filename) . EOL);
+ continue;
+ }
+ $x = attach_move($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
+
+ $actions_done .= 'move,';
+
+ }
+
+ if(! $delete && ! $dnd) {
+ if ($single || (! $single && $categories)) {
+ q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
+ intval($channel_id),
+ intval($attach_id),
+ intval(TERM_OBJ_FILE)
+ );
+ $cat = explode(',', $categories);
+ if ($cat) {
+ foreach($cat as $term) {
+ $term = trim(escape_tags($term));
+ if ($term) {
+ $term_link = z_root() . '/cloud/' . $nick . '/?cat=' . $term;
+ store_item_tag($channel_id, $attach_id, TERM_OBJ_FILE, TERM_CATEGORY, $term, $term_link);
+ }
+ }
+ $actions_done .= 'cat_add,';
+ }
+ }
+ else {
+ q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
+ intval($channel_id),
+ intval($attach_id),
+ intval(TERM_OBJ_FILE)
+ );
+ $actions_done .= 'cat_remove,';
+ }
+
+ if ($is_owner && ($single || (! $single && $permissions))) {
+ $acl = new AccessList($channel);
+ $acl->set_from_array($_REQUEST);
+ $x = $acl->get();
+
+ attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true);
+ $actions_done .= 'permissions,';
+
+ if ($notify) {
+ attach_store_item($channel, $observer, $resource);
+ $actions_done .= 'notify,';
+ }
+ }
+ }
+
+ if (! $admin_delete && $actions_done) {
+ $sync = attach_export_data($channel, $resource, (($delete) ? true : false));
+
+ if ($sync) {
+ Libsync::build_sync_packet($channel_id, ['file' => [$sync]]);
+ }
+ }
+
+ logger('attach_edit: ' . $actions_done);
+
+ }
+
+ if($dnd || $delete) {
+ json_return_and_die([ 'success' => true ]);
+ }
+
+ goaway($return_path);
+
+ }
+
+}
diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php
index d7d57664c..0f4f4585e 100644
--- a/Zotlabs/Module/Cdav.php
+++ b/Zotlabs/Module/Cdav.php
@@ -5,6 +5,8 @@ use App;
use Zotlabs\Lib\Apps;
use Zotlabs\Web\Controller;
use Zotlabs\Web\HTTPSig;
+use Zotlabs\Lib\Libzot;
+
require_once('include/event.php');
@@ -47,11 +49,12 @@ class Cdav extends Controller {
if($sigblock) {
$keyId = str_replace('acct:','',$sigblock['keyId']);
if($keyId) {
- $r = q("select * from hubloc where hubloc_addr = '%s' limit 1",
+ $r = q("select * from hubloc where hubloc_addr = '%s'",
dbesc($keyId)
);
if($r) {
- $c = channelx_by_hash($r[0]['hubloc_hash']);
+ $r = Libzot::zot_record_preferred($r);
+ $c = channelx_by_hash($r['hubloc_hash']);
if($c) {
$a = q("select * from account where account_id = %d limit 1",
intval($c['channel_account_id'])
@@ -157,10 +160,10 @@ class Cdav extends Controller {
}
}
-
+
// Track CDAV updates from remote clients
- $httpmethod = $_SERVER['REQUEST_METHOD'];
+ $httpmethod = $_SERVER['REQUEST_METHOD'];
if($httpmethod === 'PUT' || $httpmethod === 'DELETE') {
@@ -190,9 +193,9 @@ class Cdav extends Controller {
if($x = get_cdav_id($principalUri, explode("/", $httpuri)[4], $cdavtable)) {
$cdavdata = $this->get_cdav_data($x['id'], $cdavtable);
-
+
$etag = (isset($_SERVER['HTTP_IF_MATCH']) ? $_SERVER['HTTP_IF_MATCH'] : false);
-
+
// delete
if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag)
build_sync_packet($channel['channel_id'], [
@@ -762,7 +765,7 @@ class Cdav extends Controller {
$cardData = $vcard->serialize();
$carddavBackend->updateCard($id, $uri, $cardData);
-
+
build_sync_packet($channel['channel_id'], [
'addressbook' => [
'action' => 'update_card',
@@ -804,7 +807,7 @@ class Cdav extends Controller {
$src = $_FILES['userfile']['tmp_name'];
if($src) {
-
+
$carddata = @file_get_contents($src);
if($_REQUEST['c_upload']) {
@@ -840,13 +843,13 @@ class Cdav extends Controller {
$objects = new \Sabre\VObject\Splitter\VCard($carddata);
$profile = \Sabre\VObject\Node::PROFILE_CARDDAV;
$backend = new \Sabre\CardDAV\Backend\PDO($pdo);
-
+
$cdavdata = $this->get_cdav_data($id, 'addressbooks');
}
-
+
$ids = [];
import_cdav_card($id, $ext, $table, $column, $objects, $profile, $backend, $ids, true);
-
+
build_sync_packet($channel['channel_id'], [
$sync => [
'action' => 'import',
@@ -1013,7 +1016,7 @@ class Cdav extends Controller {
$catsenabled = feature_enabled(local_channel(), 'categories');
require_once('include/acl_selectors.php');
-
+
$accesslist = new \Zotlabs\Access\AccessList($channel);
$perm_defaults = $accesslist->get();
@@ -1427,7 +1430,7 @@ class Cdav extends Controller {
return;
$uri = 'principals/' . $channel['channel_address'];
-
+
$r = q("select * from principals where uri = '%s' limit 1",
dbesc($uri)
diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php
index f595e0fac..39ae0f92f 100644
--- a/Zotlabs/Module/Cloud.php
+++ b/Zotlabs/Module/Cloud.php
@@ -8,7 +8,11 @@ namespace Zotlabs\Module;
*/
use Sabre\DAV as SDAV;
-use \Zotlabs\Storage;
+use \Zotlabs\Web\Controller;
+use \Zotlabs\Storage\BasicAuth;
+use \Zotlabs\Storage\Directory;
+use \Zotlabs\Storage\Browser;
+
// composer autoloader for SabreDAV
require_once('vendor/autoload.php');
@@ -20,7 +24,7 @@ require_once('include/attach.php');
* @brief Cloud Module.
*
*/
-class Cloud extends \Zotlabs\Web\Controller {
+class Cloud extends Controller {
/**
* @brief Fires up the SabreDAV server.
@@ -42,7 +46,7 @@ class Cloud extends \Zotlabs\Web\Controller {
- $auth = new \Zotlabs\Storage\BasicAuth();
+ $auth = new BasicAuth();
$ob_hash = get_observer_hash();
@@ -72,7 +76,7 @@ class Cloud extends \Zotlabs\Web\Controller {
if($x !== \App::$query_string)
goaway(z_root() . '/' . $x);
- $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
+ $rootDirectory = new Directory('/', [], $auth);
// A SabreDAV server-object
$server = new SDAV\Server($rootDirectory);
@@ -85,7 +89,7 @@ class Cloud extends \Zotlabs\Web\Controller {
$is_readable = false;
// provide a directory view for the cloud in Hubzilla
- $browser = new \Zotlabs\Storage\Browser($auth);
+ $browser = new Browser($auth);
$auth->setBrowserPlugin($browser);
$server->addPlugin($browser);
@@ -105,13 +109,13 @@ class Cloud extends \Zotlabs\Web\Controller {
if($browser->build_page)
construct_page();
-
+
killme();
}
function DAVException($err) {
-
+
if($err instanceof \Sabre\DAV\Exception\NotFound) {
notice( t('Not found') . EOL);
}
@@ -126,7 +130,7 @@ class Cloud extends \Zotlabs\Web\Controller {
}
construct_page();
-
+
killme();
}
diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php
index adab25e45..949b89950 100644
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -51,11 +51,12 @@ class Dav extends \Zotlabs\Web\Controller {
if($sigblock) {
$keyId = str_replace('acct:','',$sigblock['keyId']);
if($keyId) {
- $r = q("select * from hubloc where hubloc_addr = '%s' limit 1",
+ $r = q("select * from hubloc where hubloc_addr = '%s'",
dbesc($keyId)
);
if($r) {
- $c = channelx_by_hash($r[0]['hubloc_hash']);
+ $r = Libzot::zot_record_preferred($r);
+ $c = channelx_by_hash($r['hubloc_hash']);
if($c) {
$a = q("select * from account where account_id = %d limit 1",
intval($c['channel_account_id'])
@@ -99,7 +100,7 @@ class Dav extends \Zotlabs\Web\Controller {
$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV');
- $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
+ $rootDirectory = new \Zotlabs\Storage\Directory('/', [], $auth);
// A SabreDAV server-object
$server = new SDAV\Server($rootDirectory);
diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php
index 1735e9487..6794dceee 100644
--- a/Zotlabs/Module/File_upload.php
+++ b/Zotlabs/Module/File_upload.php
@@ -11,17 +11,16 @@ require_once('include/photos.php');
class File_upload extends \Zotlabs\Web\Controller {
function post() {
-
logger('file upload: ' . print_r($_REQUEST,true));
logger('file upload: ' . print_r($_FILES,true));
-
+
$channel = (($_REQUEST['channick']) ? channelx_by_nick($_REQUEST['channick']) : null);
-
+
if(! $channel) {
logger('channel not found');
killme();
}
-
+
$_REQUEST['source'] = 'file_upload';
if($channel['channel_id'] != local_channel()) {
@@ -40,13 +39,11 @@ class File_upload extends \Zotlabs\Web\Controller {
$r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
if($r['success']) {
$hash = $r['data']['hash'];
-
$sync = attach_export_data($channel,$hash);
if($sync) {
Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync)));
}
- goaway(z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['data']['display_path']);
-
+ goaway(z_root() . '/' . $_REQUEST['return_url']);
}
}
else {
@@ -54,8 +51,6 @@ class File_upload extends \Zotlabs\Web\Controller {
$matches = [];
$partial = false;
-
-
if(array_key_exists('HTTP_CONTENT_RANGE',$_SERVER)) {
$pm = preg_match('/bytes (\d*)\-(\d*)\/(\d*)/',$_SERVER['HTTP_CONTENT_RANGE'],$matches);
if($pm) {
@@ -83,7 +78,7 @@ class File_upload extends \Zotlabs\Web\Controller {
];
}
}
- else {
+ else {
if(! array_key_exists('userfile',$_FILES)) {
$_FILES['userfile'] = [
'name' => $_FILES['files']['name'],
@@ -103,8 +98,9 @@ class File_upload extends \Zotlabs\Web\Controller {
}
}
+
goaway(z_root() . '/' . $_REQUEST['return_url']);
-
+
}
-
+
}
diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php
index 0c6233493..0d132e998 100644
--- a/Zotlabs/Module/Filestorage.php
+++ b/Zotlabs/Module/Filestorage.php
@@ -11,6 +11,9 @@ class Filestorage extends \Zotlabs\Web\Controller {
function post() {
+ notice( t('Deprecated!') . EOL);
+ return;
+
$channel_id = ((x($_POST, 'uid')) ? intval($_POST['uid']) : 0);
if((! $channel_id) || (! local_channel()) || ($channel_id != local_channel())) {
@@ -47,6 +50,9 @@ class Filestorage extends \Zotlabs\Web\Controller {
function get() {
+ notice( t('Deprecated!') . EOL);
+ return;
+
if(argc() > 1)
$which = argv(1);
else {
@@ -88,7 +94,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
}
else {
notice( t('Permission denied.') . EOL);
- if($json_return)
+ if($json_return)
json_return_and_die([ 'success' => false ]);
return;
}
@@ -102,24 +108,23 @@ class Filestorage extends \Zotlabs\Web\Controller {
if(! $r) {
notice( t('File not found.') . EOL);
- if($json_return)
+ if($json_return)
json_return_and_die([ 'success' => false ]);
goaway(z_root() . '/cloud/' . $which);
}
- if(local_channel() !== $owner) {
+ if((local_channel() !== $owner) && !$admin_delete) {
if($r[0]['creator'] && $r[0]['creator'] !== $ob_hash) {
notice( t('Permission denied.') . EOL);
- if($json_return)
+ if($json_return)
json_return_and_die([ 'success' => false ]);
goaway(z_root() . '/cloud/' . $which);
}
}
-
$f = $r[0];
$channel = channelx_by_n($owner);
@@ -138,7 +143,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
if($json_return)
json_return_and_die([ 'success' => true ]);
- goaway(dirname($url));
+ //goaway(dirname($url));
}
diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php
index 2c6e09fa7..f8fc366e0 100644
--- a/Zotlabs/Module/Import.php
+++ b/Zotlabs/Module/Import.php
@@ -68,7 +68,7 @@ class Import extends \Zotlabs\Web\Controller {
notice( t('Nothing to import.') . EOL);
return;
} else if(strpos($old_address, '@')) {
- // if you copy the identity address from your profile page, make it work for convenience - WARNING: this is a utf-8 variant and NOT an ASCII ampersand. Please do not edit.
+ // if you copy the identity address from your profile page, make it work for convenience - WARNING: this is a utf-8 variant and NOT an ASCII ampersand. Please do not edit.
$old_address = str_replace('@', '@', $old_address);
}
@@ -231,7 +231,8 @@ class Import extends \Zotlabs\Web\Controller {
'hubloc_host' => \App::get_hostname(),
'hubloc_callback' => z_root() . '/post',
'hubloc_sitekey' => get_config('system','pubkey'),
- 'hubloc_updated' => datetime_convert()
+ 'hubloc_updated' => datetime_convert(),
+ 'hubloc_id_url' => channel_url($channel)
]
);
@@ -442,7 +443,7 @@ class Import extends \Zotlabs\Web\Controller {
if(array_key_exists('abook_instance',$abook) && $abook['abook_instance'] && strpos($abook['abook_instance'],z_root()) === false) {
$abook['abook_not_here'] = 1;
- }
+ }
if($abook['abook_self']) {
$role = get_pconfig($channel['channel_id'],'system','permissions_role');
@@ -584,11 +585,6 @@ class Import extends \Zotlabs\Web\Controller {
if(array_key_exists('item_id',$data) && $data['item_id'])
import_item_ids($channel,$data['item_id']);
- // send out refresh requests
- // notify old server that it may no longer be primary.
-
- \Zotlabs\Daemon\Master::Summon(array('Notifier','location',$channel['channel_id']));
-
// This will indirectly perform a refresh_all *and* update the directory
\Zotlabs\Daemon\Master::Summon(array('Directory', $channel['channel_id']));
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 7c438c309..9a120dac1 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -26,17 +26,17 @@ require_once('include/conversation.php');
/**
*
* This is the POST destination for most all locally posted
- * text stuff. This function handles status, wall-to-wall status,
- * local comments, and remote coments that are posted on this site
+ * text stuff. This function handles status, wall-to-wall status,
+ * local comments, and remote coments that are posted on this site
* (as opposed to being delivered in a feed).
- * Also processed here are posts and comments coming through the
- * statusnet/twitter API.
- * All of these become an "item" which is our basic unit of
+ * Also processed here are posts and comments coming through the
+ * statusnet/twitter API.
+ * All of these become an "item" which is our basic unit of
* information.
- * Posts that originate externally or do not fall into the above
- * posting categories go through item_store() instead of this function.
+ * Posts that originate externally or do not fall into the above
+ * posting categories go through item_store() instead of this function.
*
- */
+ */
class Item extends Controller {
@@ -107,7 +107,7 @@ class Item extends Controller {
}
$parents_str = ids_to_querystr($i,'item_id');
-
+
$items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal order by item.id asc",
dbesc($parents_str)
);
@@ -285,7 +285,7 @@ class Item extends Controller {
// This will change. Figure out who the observer is and whether or not
// they have permission to post here. Else ignore the post.
-
+
if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'anonname')))
return;
@@ -293,25 +293,25 @@ class Item extends Controller {
$channel = null;
$observer = null;
$datarray = [];
-
-
+
+
/**
* Is this a reply to something?
*/
-
+
$parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0);
$parent_mid = ((x($_REQUEST,'parent_mid')) ? trim($_REQUEST['parent_mid']) : '');
$mode = (($_REQUEST['conv_mode'] === 'channel') ? 'channel' : 'network');
-
+
$remote_xchan = ((x($_REQUEST,'remote_xchan')) ? trim($_REQUEST['remote_xchan']) : false);
$r = q("select * from xchan where xchan_hash = '%s' limit 1",
dbesc($remote_xchan)
);
if($r)
$remote_observer = $r[0];
- else
+ else
$remote_xchan = $remote_observer = false;
-
+
$profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0);
require_once('include/channel.php');
@@ -321,7 +321,7 @@ class Item extends Controller {
$channel = $sys;
$observer = $sys;
}
-
+
if(x($_REQUEST,'dropitems')) {
require_once('include/items.php');
$arr_drop = explode(',',$_REQUEST['dropitems']);
@@ -330,36 +330,36 @@ class Item extends Controller {
echo json_encode($json);
killme();
}
-
+
call_hooks('post_local_start', $_REQUEST);
-
+
// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
-
+
$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
-
+
$consensus = intval($_REQUEST['consensus']);
$nocomment = intval($_REQUEST['nocomment']);
$is_poll = ((trim($_REQUEST['poll_answers'][0]) != '' && trim($_REQUEST['poll_answers'][1]) != '') ? true : false);
// 'origin' (if non-zero) indicates that this network is where the message originated,
- // for the purpose of relaying comments to other conversation members.
+ // for the purpose of relaying comments to other conversation members.
// If using the API from a device (leaf node) you must set origin to 1 (default) or leave unset.
// If the API is used from another network with its own distribution
- // and deliveries, you may wish to set origin to 0 or false and allow the other
+ // and deliveries, you may wish to set origin to 0 or false and allow the other
// network to relay comments.
-
- // If you are unsure, it is prudent (and important) to leave it unset.
-
+
+ // If you are unsure, it is prudent (and important) to leave it unset.
+
$origin = (($api_source && array_key_exists('origin',$_REQUEST)) ? intval($_REQUEST['origin']) : 1);
-
+
// To represent message-ids on other networks - this will create an iconfig record
-
+
$namespace = (($api_source && array_key_exists('namespace',$_REQUEST)) ? strip_tags($_REQUEST['namespace']) : '');
$remote_id = (($api_source && array_key_exists('remote_id',$_REQUEST)) ? strip_tags($_REQUEST['remote_id']) : '');
-
+
$owner_hash = null;
-
+
$message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : '');
$created = ((x($_REQUEST,'created')) ? datetime_convert(date_default_timezone_get(),'UTC',$_REQUEST['created']) : datetime_convert());
$post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0);
@@ -373,49 +373,49 @@ class Item extends Controller {
$layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): '');
$plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : '');
$obj_type = ((x($_REQUEST,'obj_type')) ? escape_tags($_REQUEST['obj_type']) : ACTIVITY_OBJ_NOTE);
-
- // allow API to bulk load a bunch of imported items with sending out a bunch of posts.
+
+ // allow API to bulk load a bunch of imported items with sending out a bunch of posts.
$nopush = ((x($_REQUEST,'nopush')) ? intval($_REQUEST['nopush']) : 0);
-
+
/*
* Check service class limits
*/
if ($uid && !(x($_REQUEST,'parent')) && !(x($_REQUEST,'post_id'))) {
$ret = $this->item_check_service_class($uid,(($_REQUEST['webpage'] == ITEM_TYPE_WEBPAGE) ? true : false));
- if (!$ret['success']) {
+ if (!$ret['success']) {
notice( t($ret['message']) . EOL) ;
if($api_source)
- return ( [ 'success' => false, 'message' => 'service class exception' ] );
- if(x($_REQUEST,'return'))
+ return ( [ 'success' => false, 'message' => 'service class exception' ] );
+ if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
}
}
-
+
if($pagetitle) {
require_once('library/urlify/URLify.php');
$pagetitle = strtolower(\URLify::transliterate($pagetitle));
}
-
-
+
+
$item_flags = $item_restrict = 0;
$expires = NULL_DATE;
-
+
$route = '';
$parent_item = null;
$parent_contact = null;
$thr_parent = '';
$parid = 0;
$r = false;
-
+
if($parent || $parent_mid) {
-
+
if(! x($_REQUEST,'type'))
$_REQUEST['type'] = 'net-comment';
-
+
if($obj_type == ACTIVITY_OBJ_NOTE)
$obj_type = ACTIVITY_OBJ_COMMENT;
-
+
if($parent) {
$r = q("SELECT * FROM item WHERE id = %d LIMIT 1",
intval($parent)
@@ -438,7 +438,7 @@ class Item extends Controller {
);
}
- // if interacting with a pubstream item,
+ // if interacting with a pubstream item,
// create a copy of the parent in your stream
if($r[0]['uid'] === $sys['channel_id'] && local_channel()) {
@@ -449,8 +449,8 @@ class Item extends Controller {
if(! $r) {
notice( t('Unable to locate original post.') . EOL);
if($api_source)
- return ( [ 'success' => false, 'message' => 'invalid post id' ] );
- if(x($_REQUEST,'return'))
+ return ( [ 'success' => false, 'message' => 'invalid post id' ] );
+ if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
}
@@ -461,15 +461,15 @@ class Item extends Controller {
$parent = $r[0]['id'];
// multi-level threading - preserve the info but re-parent to our single level threading
-
+
$thr_parent = $parent_mid;
-
+
$route = $parent_item['route'];
-
+
}
$moderated = false;
-
+
if(! $observer) {
$observer = \App::get_observer();
if(! $observer) {
@@ -479,13 +479,13 @@ class Item extends Controller {
$remote_xchan = $remote_observer = $observer;
}
}
- }
-
+ }
+
if(! $observer) {
notice( t('Permission denied.') . EOL) ;
if($api_source)
- return ( [ 'success' => false, 'message' => 'permission denied' ] );
- if(x($_REQUEST,'return'))
+ return ( [ 'success' => false, 'message' => 'permission denied' ] );
+ if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
}
@@ -499,12 +499,12 @@ class Item extends Controller {
if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self'])==1 )
$can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments');
}
-
+
if(! $can_comment) {
notice( t('Permission denied.') . EOL) ;
if($api_source)
- return ( [ 'success' => false, 'message' => 'permission denied' ] );
- if(x($_REQUEST,'return'))
+ return ( [ 'success' => false, 'message' => 'permission denied' ] );
+ if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
}
@@ -513,30 +513,30 @@ class Item extends Controller {
if(! perm_is_allowed($profile_uid,$observer['xchan_hash'],($webpage) ? 'write_pages' : 'post_wall')) {
notice( t('Permission denied.') . EOL) ;
if($api_source)
- return ( [ 'success' => false, 'message' => 'permission denied' ] );
- if(x($_REQUEST,'return'))
+ return ( [ 'success' => false, 'message' => 'permission denied' ] );
+ if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
}
}
-
-
+
+
// is this an edited post?
-
+
$orig_post = null;
-
+
if($namespace && $remote_id) {
// It wasn't an internally generated post - see if we've got an item matching this remote service id
$i = q("select iid from iconfig where cat = 'system' and k = '%s' and v = '%s' limit 1",
dbesc($namespace),
- dbesc($remote_id)
+ dbesc($remote_id)
);
if($i)
- $post_id = $i[0]['iid'];
+ $post_id = $i[0]['iid'];
}
-
+
$iconfig = null;
-
+
if($post_id) {
$i = q("SELECT * FROM item WHERE uid = %d AND id = %d LIMIT 1",
intval($profile_uid),
@@ -549,8 +549,8 @@ class Item extends Controller {
intval($post_id)
);
}
-
-
+
+
if(! $channel) {
if($uid && $uid == $profile_uid) {
$channel = \App::get_channel();
@@ -564,19 +564,19 @@ class Item extends Controller {
$channel = $r[0];
}
}
-
-
+
+
if(! $channel) {
logger("mod_item: no channel.");
if($api_source)
- return ( [ 'success' => false, 'message' => 'no channel' ] );
- if(x($_REQUEST,'return'))
+ return ( [ 'success' => false, 'message' => 'no channel' ] );
+ if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
}
-
+
$owner_xchan = null;
-
+
$r = q("select * from xchan where xchan_hash = '%s' limit 1",
dbesc($channel['channel_hash'])
);
@@ -586,50 +586,50 @@ class Item extends Controller {
else {
logger("mod_item: no owner.");
if($api_source)
- return ( [ 'success' => false, 'message' => 'no owner' ] );
- if(x($_REQUEST,'return'))
+ return ( [ 'success' => false, 'message' => 'no owner' ] );
+ if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
}
-
+
$walltowall = false;
$walltowall_comment = false;
-
+
if($remote_xchan && ! $moderated)
$observer = $remote_observer;
-
+
if($observer) {
logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG);
-
+
// wall-to-wall detection.
// For top-level posts, if the author and owner are different it's a wall-to-wall
// For comments, We need to additionally look at the parent and see if it's a wall post that originated locally.
-
+
if($observer['xchan_name'] != $owner_xchan['xchan_name']) {
if(($parent_item) && ($parent_item['item_wall'] && $parent_item['item_origin'])) {
$walltowall_comment = true;
$walltowall = true;
}
if(! $parent) {
- $walltowall = true;
+ $walltowall = true;
}
}
}
-
+
$acl = new \Zotlabs\Access\AccessList($channel);
- $view_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream');
+ $view_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream');
$comment_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments');
-
+
$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($view_policy,true));
if($webpage)
$public_policy = '';
if($public_policy)
$private = 1;
-
+
if($orig_post) {
$private = 0;
- // webpages are allowed to change ACLs after the fact. Normal conversation items aren't.
+ // webpages are allowed to change ACLs after the fact. Normal conversation items aren't.
if($webpage) {
$acl->set_from_array($_REQUEST);
}
@@ -641,8 +641,8 @@ class Item extends Controller {
if($public_policy || $acl->is_private()) {
$private = (($private) ? $private : 1);
- }
-
+ }
+
$location = $orig_post['location'];
$coord = $orig_post['coord'];
$verb = $orig_post['verb'];
@@ -651,7 +651,7 @@ class Item extends Controller {
$summary = trim($_REQUEST['summary']);
$body = trim($_REQUEST['body']);
$item_flags = $orig_post['item_flags'];
-
+
$item_origin = $orig_post['item_origin'];
$item_unseen = $orig_post['item_unseen'];
$item_starred = $orig_post['item_starred'];
@@ -675,16 +675,16 @@ class Item extends Controller {
$item_delayed = $orig_post['item_delayed'];
$item_pending_remove = $orig_post['item_pending_remove'];
$item_blocked = $orig_post['item_blocked'];
-
-
-
+
+
+
$postopts = $orig_post['postopts'];
$created = $orig_post['created'];
$expires = $orig_post['expires'];
$mid = $orig_post['mid'];
$parent_mid = $orig_post['parent_mid'];
$plink = $orig_post['plink'];
-
+
}
else {
if(! $walltowall) {
@@ -695,18 +695,18 @@ class Item extends Controller {
$acl->set_from_array($_REQUEST);
}
elseif(! $api_source) {
-
+
// if no ACL has been defined and we aren't using the API, the form
// didn't send us any parameters. This means there's no ACL or it has
// been reset to the default audience.
// If $api_source is set and there are no ACL parameters, we default
// to the channel permissions which were set in the ACL contructor.
-
+
$acl->set(array('allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => ''));
}
}
-
-
+
+
$location = notags(trim($_REQUEST['location']));
$coord = notags(trim($_REQUEST['coord']));
$verb = notags(trim($_REQUEST['verb']));
@@ -716,12 +716,12 @@ class Item extends Controller {
$body .= trim($_REQUEST['attachment']);
$postopts = '';
- $allow_empty = ((array_key_exists('allow_empty',$_REQUEST)) ? intval($_REQUEST['allow_empty']) : 0);
+ $allow_empty = ((array_key_exists('allow_empty',$_REQUEST)) ? intval($_REQUEST['allow_empty']) : 0);
$private = (($private) ? $private : intval($acl->is_private() || ($public_policy)));
-
+
// If this is a comment, set the permissions from the parent.
-
+
if($parent_item) {
$acl->set($parent_item);
$private = intval($acl->is_private() || $parent_item['item_private']);
@@ -729,21 +729,21 @@ class Item extends Controller {
$owner_hash = $parent_item['owner_xchan'];
$webpage = $parent_item['item_type'];
}
-
+
if((! $allow_empty) && (! strlen($body))) {
if($preview)
killme();
info( t('Empty post discarded.') . EOL );
if($api_source)
- return ( [ 'success' => false, 'message' => 'no content' ] );
- if(x($_REQUEST,'return'))
+ return ( [ 'success' => false, 'message' => 'no content' ] );
+ if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
}
}
-
-
-
+
+
+
if(feature_enabled($profile_uid,'content_expire')) {
if(x($_REQUEST,'expire')) {
$expires = datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expire']);
@@ -756,16 +756,16 @@ class Item extends Controller {
$mimetype = notags(trim($_REQUEST['mimetype']));
if(! $mimetype)
$mimetype = 'text/bbcode';
-
- $execflag = ((intval($uid) == intval($profile_uid)
+
+ $execflag = ((intval($uid) == intval($profile_uid)
&& ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
if($preview) {
$summary = z_input_filter($summary,$mimetype,$execflag);
$body = z_input_filter($body,$mimetype,$execflag);
}
-
+
$arr = [ 'profile_uid' => $profile_uid, 'summary' => $summary, 'content' => $body, 'mimetype' => $mimetype ];
call_hooks('post_content',$arr);
@@ -773,7 +773,7 @@ class Item extends Controller {
$body = $arr['content'];
$mimetype = $arr['mimetype'];
-
+
$gacl = $acl->get();
$str_contact_allow = $gacl['allow_cid'];
$str_group_allow = $gacl['allow_gid'];
@@ -784,7 +784,7 @@ class Item extends Controller {
$groupww = false;
// if this is a wall-to-wall post to a group, turn it into a direct message
-
+
$role = get_pconfig($profile_uid,'system','permissions_role');
$rolesettings = PermissionRoles::role_perms($role);
@@ -793,19 +793,19 @@ class Item extends Controller {
$is_group = (($channel_type === 'group') ? true : false);
- if (($is_group) && ($walltowall) && (! $walltowall_comment)) {
+ if (($is_group) && ($walltowall) && (! $walltowall_comment)) {
$groupww = true;
$str_contact_allow = $owner_xchan['xchan_hash'];
$str_group_allow = '';
}
$post_tags = [];
-
+
if($mimetype === 'text/bbcode') {
-
- require_once('include/text.php');
-
-
+
+ require_once('include/text.php');
+
+
// BBCODE alert: the following functions assume bbcode input
// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)
// we may need virtual or template classes to implement the possible alternatives
@@ -819,31 +819,31 @@ class Item extends Controller {
$body_content = preg_replace("/\[summary\](.*?)\[\/summary\]/ism", '',$body);
$body = trim($body_content);
}
-
+
$summary = cleanup_bbcode($summary);
$body = cleanup_bbcode($body);
-
+
// Look for tags and linkify them
$results = linkify_tags($summary, ($uid) ? $uid : $profile_uid);
$results = linkify_tags($body, ($uid) ? $uid : $profile_uid);
if($results) {
-
+
// Set permissions based on tag replacements
set_linkified_perms($results, $str_contact_allow, $str_group_allow, $profile_uid, $parent_item, $private);
-
+
foreach($results as $result) {
$success = $result['success'];
if($success['replaced']) {
$post_tags[] = array(
- 'uid' => $profile_uid,
+ 'uid' => $profile_uid,
'ttype' => $success['termtype'],
'otype' => TERM_OBJ_POST,
'term' => $success['term'],
'url' => $success['url']
- );
+ );
}
}
@@ -854,10 +854,10 @@ class Item extends Controller {
$private = 2;
}
-
+
/**
*
- * When a photo was uploaded into the message using the (profile wall) ajax
+ * When a photo was uploaded into the message using the (profile wall) ajax
* uploader, The permissions are initially set to disallow anybody but the
* owner from seeing it. This is because the permissions may not yet have been
* set for the post. If it's private, the photo permissions should be set
@@ -867,27 +867,27 @@ class Item extends Controller {
*
* If the post was end-to-end encrypted we can't find images and attachments in the body,
* use our media_str input instead which only contains these elements - but only do this
- * when encrypted content exists because the photo/attachment may have been removed from
+ * when encrypted content exists because the photo/attachment may have been removed from
* the post and we should keep it private. If it's encrypted we have no way of knowing
- * so we'll set the permissions regardless and realise that the media may not be
- * referenced in the post.
+ * so we'll set the permissions regardless and realise that the media may not be
+ * referenced in the post.
*
*/
-
+
if(! $preview) {
fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
-
+
fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($summary,'[/crypt]')) ? $_POST['media_str'] : $summary),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
-
+
}
-
-
+
+
$attachments = '';
$match = false;
-
+
if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) {
$attachments = array();
$i = 0;
@@ -910,10 +910,9 @@ class Item extends Controller {
}
}
-
if(preg_match_all('/(\[share=(.*?)\](.*?)\[\/share\])/',$body,$match)) {
- // process share by id
+ // process share by id
$i = 0;
foreach($match[2] as $mtch) {
@@ -922,11 +921,11 @@ class Item extends Controller {
$i++;
}
}
-
+
}
-
+
// BBCODE end alert
-
+
if(strlen($categories)) {
$cats = explode(',',$categories);
@@ -943,15 +942,15 @@ class Item extends Controller {
}
$post_tags[] = array(
- 'uid' => $profile_uid,
+ 'uid' => $profile_uid,
'ttype' => TERM_CATEGORY,
'otype' => TERM_OBJ_POST,
'term' => trim($cat),
'url' => $catlink
- );
+ );
}
}
-
+
if($orig_post) {
// preserve original tags
$t = q("select * from term where oid = %d and otype = %d and uid = %d and ttype in ( %d, %d, %d )",
@@ -965,26 +964,26 @@ class Item extends Controller {
if($t) {
foreach($t as $t1) {
$post_tags[] = array(
- 'uid' => $profile_uid,
+ 'uid' => $profile_uid,
'ttype' => $t1['ttype'],
'otype' => TERM_OBJ_POST,
'term' => $t1['term'],
'url' => $t1['url'],
- );
+ );
}
}
- }
-
-
+ }
+
+
$item_unseen = ((local_channel() != $profile_uid) ? 1 : 0);
$item_wall = (($post_type === 'wall' || $post_type === 'wall-comment') ? 1 : 0);
$item_origin = (($origin) ? 1 : 0);
$item_consensus = (($consensus) ? 1 : 0);
$item_nocomment = (($nocomment) ? 1 : 0);
-
-
+
+
// determine if this is a wall post
-
+
if($parent) {
$item_wall = $parent_item['item_wall'];
}
@@ -993,20 +992,20 @@ class Item extends Controller {
$item_wall = 1;
}
}
-
-
+
+
if($moderated)
$item_blocked = ITEM_MODERATED;
-
-
+
+
if(! strlen($verb))
$verb = ACTIVITY_POST ;
-
+
$notify_type = (($parent) ? 'comment-new' : 'wall-new' );
-
+
if(! $mid) {
$uuid = (($message_id) ? $message_id : item_message_id());
- $mid = z_root() . '/item/' . $uuid;
+ $mid = z_root() . '/item/' . $uuid;
}
@@ -1034,23 +1033,23 @@ class Item extends Controller {
if(! $parent_mid) {
$parent_mid = $mid;
}
-
+
if($parent_item)
$parent_mid = $parent_item['mid'];
// Fallback so that we alway have a thr_parent
-
+
if(!$thr_parent)
$thr_parent = $mid;
-
+
$item_thread_top = ((! $parent) ? 1 : 0);
-
+
// fix permalinks for cards
-
+
if($webpage == ITEM_TYPE_CARD) {
$plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : $uuid);
}
@@ -1138,27 +1137,27 @@ class Item extends Controller {
$datarray['item_unpublished'] = intval($item_unpublished);
$datarray['item_delayed'] = intval($item_delayed);
$datarray['item_pending_remove'] = intval($item_pending_remove);
- $datarray['item_blocked'] = intval($item_blocked);
+ $datarray['item_blocked'] = intval($item_blocked);
$datarray['layout_mid'] = $layout_mid;
$datarray['public_policy'] = $public_policy;
- $datarray['comment_policy'] = map_scope($comment_policy);
+ $datarray['comment_policy'] = map_scope($comment_policy);
$datarray['term'] = array_unique($post_tags, SORT_REGULAR);
$datarray['plink'] = $plink;
$datarray['route'] = $route;
// A specific ACL over-rides public_policy completely
-
+
if(! empty_acl($datarray))
$datarray['public_policy'] = '';
if($iconfig)
$datarray['iconfig'] = $iconfig;
-
+
// preview mode - prepare the body for display and send it via json
-
+
if($preview) {
require_once('include/conversation.php');
-
+
$datarray['owner'] = $owner_xchan;
$datarray['author'] = $observer;
$datarray['attach'] = json_encode($datarray['attach']);
@@ -1169,45 +1168,45 @@ class Item extends Controller {
}
if($orig_post)
$datarray['edit'] = true;
-
+
// suppress duplicates, *unless* you're editing an existing post. This could get picked up
// as a duplicate if you're editing it very soon after posting it initially and you edited
- // some attribute besides the content, such as title or categories.
+ // some attribute besides the content, such as title or categories.
if(feature_enabled($profile_uid,'suppress_duplicates') && (! $orig_post)) {
-
+
$z = q("select created from item where uid = %d and created > %s - INTERVAL %s and body = '%s' limit 1",
intval($profile_uid),
db_utcnow(),
db_quoteinterval('2 MINUTE'),
dbesc($body)
);
-
+
if($z) {
$datarray['cancel'] = 1;
notice( t('Duplicate post suppressed.') . EOL);
logger('Duplicate post. Faking plugin cancel.');
}
}
-
+
call_hooks('post_local',$datarray);
-
+
if(x($datarray,'cancel')) {
logger('mod_item: post cancelled by plugin or duplicate suppressed.');
if($return_path)
goaway(z_root() . "/" . $return_path);
if($api_source)
- return ( [ 'success' => false, 'message' => 'operation cancelled' ] );
+ return ( [ 'success' => false, 'message' => 'operation cancelled' ] );
$json = array('cancel' => 1);
$json['reload'] = z_root() . '/' . $_REQUEST['jsreload'];
echo json_encode($json);
killme();
}
-
-
+
+
if(mb_strlen($datarray['title']) > 191)
$datarray['title'] = mb_substr($datarray['title'],0,191);
-
+
if($webpage) {
IConfig::Set($datarray,'system', webpage_to_namespace($webpage),
(($pagetitle) ? $pagetitle : basename($datarray['mid'])), true);
@@ -1220,20 +1219,20 @@ class Item extends Controller {
if($orig_post) {
$datarray['id'] = $post_id;
-
+
$x = item_store_update($datarray,$execflag);
-
+
// We only need edit activities for other federated protocols
- // which do not support edits natively. While this does federate
+ // which do not support edits natively. While this does federate
// edits, it presents a number of issues locally - such as #757 and #758.
// The SQL check for an edit activity would not perform that well so to fix these issues
- // requires an additional item flag (perhaps 'item_edit_activity') that we can add to the
+ // requires an additional item flag (perhaps 'item_edit_activity') that we can add to the
// query for searches and notifications.
- // For now we'll just forget about trying to make edits work on network protocols that
- // don't support them.
+ // For now we'll just forget about trying to make edits work on network protocols that
+ // don't support them.
- // item_create_edit_activity($x);
+ // item_create_edit_activity($x);
if(! $parent) {
$r = q("select * from item where id = %d",
@@ -1247,7 +1246,7 @@ class Item extends Controller {
}
if(! $nopush)
Master::Summon([ 'Notifier', 'edit_post', $post_id ]);
-
+
if($api_source)
return($x);
@@ -1260,18 +1259,18 @@ class Item extends Controller {
}
else
$post_id = 0;
-
+
$post = item_store($datarray,$execflag);
-
+
$post_id = $post['item_id'];
$datarray = $post['item'];
if($post_id) {
logger('mod_item: saved item ' . $post_id);
-
+
if($parent) {
-
+
// prevent conversations which you are involved from being expired
if(local_channel())
@@ -1279,7 +1278,7 @@ class Item extends Controller {
// only send comment notification if this is a wall-to-wall comment,
// otherwise it will happen during delivery
-
+
if(($datarray['owner_xchan'] != $datarray['author_xchan']) && (intval($parent_item['item_wall']))) {
Enotify::submit(array(
'type' => NOTIFY_COMMENT,
@@ -1292,12 +1291,12 @@ class Item extends Controller {
'parent' => $parent,
'parent_mid' => $parent_item['mid']
));
-
+
}
}
else {
$parent = $post_id;
-
+
if(($datarray['owner_xchan'] != $datarray['author_xchan']) && ($datarray['item_type'] == ITEM_TYPE_POST)) {
Enotify::submit(array(
'type' => NOTIFY_WALL,
@@ -1309,7 +1308,7 @@ class Item extends Controller {
'otype' => 'item'
));
}
-
+
if($uid && $uid == $profile_uid && (is_item_normal($datarray))) {
q("update channel set channel_lastpost = '%s' where channel_id = %d",
dbesc(datetime_convert()),
@@ -1317,11 +1316,11 @@ class Item extends Controller {
);
}
}
-
+
// photo comments turn the corresponding item visible to the profile wall
// This way we don't see every picture in your new photo album posted to your wall at once.
// They will show up as people comment on them.
-
+
if(intval($parent_item['item_hidden'])) {
$r = q("UPDATE item SET item_hidden = 0 WHERE id = %d",
intval($parent_item['id'])
@@ -1337,7 +1336,7 @@ class Item extends Controller {
return ( [ 'success' => false, 'message' => 'system error' ] );
killme();
}
-
+
if(($parent == $post_id) || ($datarray['item_private'] == 1)) {
$r = q("select * from item where id = %d",
intval($post_id)
@@ -1348,10 +1347,10 @@ class Item extends Controller {
Libsync::build_sync_packet($profile_uid,array('item' => array(encode_item($sync_item[0],true))));
}
}
-
+
$datarray['id'] = $post_id;
$datarray['llink'] = z_root() . '/display/' . gen_link_id($datarray['mid']);
-
+
call_hooks('post_local_end', $datarray);
if ($groupww) {
@@ -1360,18 +1359,18 @@ class Item extends Controller {
if(! $nopush)
Master::Summon([ 'Notifier', $notify_type, $post_id ]);
-
+
logger('post_complete');
if($moderated) {
info(t('Your comment is awaiting approval.') . EOL);
}
-
+
// figure out how to return, depending on from whence we came
-
+
if($api_source)
return $post;
-
+
if($return_path) {
goaway(z_root() . "/" . $return_path);
}
@@ -1382,7 +1381,7 @@ class Item extends Controller {
$item[] = $datarray;
$item[0]['owner'] = $owner_xchan;
$item[0]['author'] = $observer;
- $item[0]['attach'] = json_encode($datarray['attach']);
+ $item[0]['attach'] = $datarray['attach'];
$json = [
'success' => 1,
@@ -1392,29 +1391,29 @@ class Item extends Controller {
if(x($_REQUEST,'jsreload') && strlen($_REQUEST['jsreload']))
$json['reload'] = z_root() . '/' . $_REQUEST['jsreload'];
-
+
logger('post_json: ' . print_r($json,true), LOGGER_DEBUG);
-
+
echo json_encode($json);
killme();
// NOTREACHED
}
-
-
+
+
function get() {
-
+
if((! local_channel()) && (! remote_channel()))
return;
-
+
if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) {
-
+
require_once('include/items.php');
$i = q("select id, uid, item_origin, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1",
intval(argv(2))
);
-
+
if($i) {
$can_delete = false;
$local_delete = false;
@@ -1422,14 +1421,14 @@ class Item extends Controller {
if(local_channel() && local_channel() == $i[0]['uid']) {
$local_delete = true;
}
-
+
$ob_hash = get_observer_hash();
if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) {
$can_delete = true;
}
// The site admin can delete any post/item on the site.
- // If the item originated on this site+channel the deletion will propagate downstream.
+ // If the item originated on this site+channel the deletion will propagate downstream.
// Otherwise just the local copy is removed.
if(is_site_admin()) {
@@ -1443,11 +1442,11 @@ class Item extends Controller {
notice( t('Permission denied.') . EOL);
return;
}
-
+
// if this is a different page type or it's just a local delete
// but not by the item author or owner, do a simple deletion
- $complex = false;
+ $complex = false;
if(intval($i[0]['item_type']) || ($local_delete && (! $can_delete))) {
drop_item($i[0]['id']);
@@ -1473,15 +1472,15 @@ class Item extends Controller {
}
}
}
-
-
-
+
+
+
function item_check_service_class($channel_id,$iswebpage) {
$ret = array('success' => false, 'message' => '');
-
+
if ($iswebpage) {
- $r = q("select count(i.id) as total from item i
- right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id )
+ $r = q("select count(i.id) as total from item i
+ right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id )
and i.parent=i.id and i.item_type = %d and i.item_deleted = 0 and i.uid= %d ",
intval(ITEM_TYPE_WEBPAGE),
intval($channel_id)
@@ -1492,11 +1491,11 @@ class Item extends Controller {
intval($channel_id)
);
}
-
+
if(! $r) {
$ret['message'] = t('Unable to obtain post information from database.');
return $ret;
- }
+ }
if (!$iswebpage) {
$max = engr_units_to_bytes(service_class_fetch($channel_id,'total_items'));
@@ -1510,13 +1509,13 @@ class Item extends Controller {
if(! service_class_allows($channel_id,'total_pages',$r[0]['total'])) {
$result['message'] .= upgrade_message() . sprintf( t('You have reached your limit of %1$.0f webpages.'),$max);
return $result;
- }
+ }
}
-
+
$ret['success'] = true;
return $ret;
}
-
+
function extract_bb_poll_data(&$body,$item) {
$multiple = false;
@@ -1550,7 +1549,7 @@ class Item extends Controller {
}
$matches = null;
-
+
if (preg_match('/\[question=multiple\](.*?)\[\/question\]/ism',$body,$matches)) {
$obj['content'] = bbcode($matches[1]);
$body = str_replace('[question=multiple]' . $matches[1] . '[/question]', $matches[1], $body);
@@ -1558,7 +1557,7 @@ class Item extends Controller {
}
$matches = null;
-
+
if (preg_match('/\[ends\](.*?)\[\/ends\]/ism',$body,$matches)) {
$obj['endTime'] = datetime_convert(date_default_timezone_get(),'UTC', $matches[1],ATOM_TIME);
$body = str_replace('[ends]' . $matches[1] . '[/ends]', EMPTY_STR, $body);
diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php
index 8c8519c57..11c781df0 100644
--- a/Zotlabs/Module/Lockview.php
+++ b/Zotlabs/Module/Lockview.php
@@ -19,22 +19,22 @@ class Lockview extends \Zotlabs\Web\Controller {
}
}
}
-
+
$type = ((argc() > 1) ? argv(1) : 0);
if (is_numeric($type)) {
$item_id = intval($type);
$type='item';
- }
+ }
else {
$item_id = ((argc() > 2) ? intval(argv(2)) : 0);
}
-
+
if(! $item_id)
killme();
-
+
if (! in_array($type, array('item', 'photo', 'attach', 'event', 'menu_item', 'chatroom')))
killme();
-
+
// we have different naming in in menu_item table and chatroom table
switch($type) {
case 'menu_item':
@@ -47,17 +47,17 @@ class Lockview extends \Zotlabs\Web\Controller {
$id = 'id';
break;
}
-
+
$r = q("SELECT * FROM %s WHERE $id = %d LIMIT 1",
dbesc($type),
intval($item_id)
);
-
+
if(! $r)
killme();
-
+
$item = $r[0];
-
+
//we have different naming in in menu_item table and chatroom table
switch($type) {
case 'menu_item':
@@ -70,37 +70,37 @@ class Lockview extends \Zotlabs\Web\Controller {
$uid = $item['uid'];
break;
}
-
+
if($uid != local_channel()) {
echo '<div class="dropdown-item">' . t('Remote privacy information not available.') . '</div>';
killme();
}
-
- if(intval($item['item_private']) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid']))
+
+ if(intval($item['item_private']) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid']))
&& (! strlen($item['deny_cid'])) && (! strlen($item['deny_gid']))) {
-
+
// if the post is private, but public_policy is blank ("visible to the internet"), and there aren't any
// specific recipients, we're the recipient of a post with "bcc" or targeted recipients; so we'll just show it
// as unknown specific recipients. The sender will have the visibility list and will fall through to the
// next section.
-
+
echo '<div class="dropdown-item">' . translate_scope((! $item['public_policy']) ? 'specific' : $item['public_policy']) . '</div>';
killme();
}
-
+
$allowed_users = expand_acl($item['allow_cid']);
$allowed_groups = expand_acl($item['allow_gid']);
$deny_users = expand_acl($item['deny_cid']);
$deny_groups = expand_acl($item['deny_gid']);
-
+
$o = '<div class="dropdown-item">' . t('Visible to:') . '</div>';
$l = array();
-
+
stringify_array_elms($allowed_groups,true);
stringify_array_elms($allowed_users,true);
stringify_array_elms($deny_groups,true);
stringify_array_elms($deny_users,true);
-
+
$profile_groups = [];
if($allowed_groups) {
@@ -113,24 +113,24 @@ class Lockview extends \Zotlabs\Web\Controller {
if(count($profile_groups)) {
$r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )");
if($r)
- foreach($r as $rr)
+ foreach($r as $rr)
$l[] = '<div class="dropdown-item"><b>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</b></div>';
}
if(count($allowed_groups)) {
$r = q("SELECT gname FROM pgrp WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
if($r)
- foreach($r as $rr)
+ foreach($r as $rr)
$l[] = '<div class="dropdown-item"><b>' . $rr['gname'] . '</b></div>';
}
if(count($allowed_users)) {
$r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ',$allowed_users) . " )");
if($r)
- foreach($r as $rr)
+ foreach($r as $rr)
$l[] = '<div class="dropdown-item">' . $rr['xchan_name'] . '</div>';
if($atokens) {
foreach($atokens as $at) {
- if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) {
+ if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) {
$l[] = '<div class="dropdown-item">' . $at['xchan_name'] . '</div>';
}
}
@@ -149,7 +149,7 @@ class Lockview extends \Zotlabs\Web\Controller {
if(count($profile_groups)) {
$r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )");
if($r)
- foreach($r as $rr)
+ foreach($r as $rr)
$l[] = '<div class="dropdown-item"><b><strike>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</strike></b></div>';
}
@@ -158,18 +158,18 @@ class Lockview extends \Zotlabs\Web\Controller {
if(count($deny_groups)) {
$r = q("SELECT gname FROM pgrp WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
if($r)
- foreach($r as $rr)
+ foreach($r as $rr)
$l[] = '<div class="dropdown-item"><b><strike>' . $rr['gname'] . '</strike></b></div>';
}
if(count($deny_users)) {
$r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ', $deny_users) . " )");
if($r)
- foreach($r as $rr)
+ foreach($r as $rr)
$l[] = '<div class="dropdown-item"><strike>' . $rr['xchan_name'] . '</strike></div>';
if($atokens) {
foreach($atokens as $at) {
- if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) {
+ if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) {
$l[] = '<div class="dropdown-item"><strike>' . $at['xchan_name'] . '</strike></div>';
}
}
@@ -177,11 +177,11 @@ class Lockview extends \Zotlabs\Web\Controller {
}
-
+
echo $o . implode($l);
killme();
-
-
+
+
}
-
+
}
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index 561e35754..28c70d168 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -11,9 +11,9 @@ use Zotlabs\Web\Controller;
* See spec/OpenWebAuth/Home.md
* Requests to this endpoint should be signed using HTTP Signatures
* using the 'Authorization: Signature' authentication method
- * If the signature verifies a token is returned.
+ * If the signature verifies a token is returned.
*
- * This token may be exchanged for an authenticated cookie.
+ * This token may be exchanged for an authenticated cookie.
*/
class Owa extends Controller {
@@ -31,17 +31,15 @@ class Owa extends Controller {
if ($sigblock) {
$keyId = $sigblock['keyId'];
if ($keyId) {
- $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
- where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ",
- dbesc(str_replace('acct:','',$keyId)),
+ $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
+ WHERE hubloc_id_url = '%s'",
dbesc($keyId)
);
if (! $r) {
$found = discover_by_webbie(str_replace('acct:','',$keyId));
if ($found) {
- $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
- where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ",
- dbesc(str_replace('acct:','',$keyId)),
+ $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
+ WHERE OR hubloc_id_url = '%s'",
dbesc($keyId)
);
}
@@ -51,16 +49,16 @@ class Owa extends Controller {
$verified = HTTPSig::verify(file_get_contents('php://input'));
if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) {
logger('OWA header: ' . print_r($verified,true),LOGGER_DATA);
- logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA);
+ logger('OWA success: ' . $hubloc['hubloc_id_url'],LOGGER_DATA);
$ret['success'] = true;
$token = random_string(32);
- Verify::create('owt',0,$token,$hubloc['hubloc_addr']);
+ Verify::create('owt',0,$token,$hubloc['hubloc_id_url']);
$result = '';
openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
$ret['encrypted_token'] = base64url_encode($result);
break;
} else {
- logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_addr']);
+ logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']);
}
}
}
diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php
index f03dae2bf..031270845 100644
--- a/Zotlabs/Module/Rpost.php
+++ b/Zotlabs/Module/Rpost.php
@@ -10,7 +10,7 @@ require_once('include/zot.php');
/**
* remote post
- *
+ *
* https://yoursite/rpost?f=&title=&body=&remote_return=
*
* This can be called via either GET or POST, use POST for long body content as suhosin often limits GET parameter length
@@ -20,7 +20,7 @@ require_once('include/zot.php');
* body= Body of post
* url= URL which will be parsed and the results appended to the body
* source= Source application
- * post_id= post_id of post to 'share' (local use only)
+ * post_id= post_id of post to 'share' (local use only)
* remote_return= absolute URL to return after posting is finished
* type= choices are 'html' or 'bbcode', default is 'bbcode'
*
@@ -32,16 +32,16 @@ require_once('include/zot.php');
class Rpost extends \Zotlabs\Web\Controller {
function get() {
-
+
$o = '';
-
+
if(! local_channel()) {
if(remote_channel()) {
// redirect to your own site.
// We can only do this with a GET request so you'll need to keep the text short or risk getting truncated
// by the wretched beast called 'suhosin'. All the browsers now allow long GET requests, but suhosin
// blocks them.
-
+
$url = get_rpost_path(\App::get_observer());
// make sure we're not looping to our own hub
if(($url) && (! stristr($url, \App::get_hostname()))) {
@@ -53,10 +53,10 @@ class Rpost extends \Zotlabs\Web\Controller {
goaway($url);
}
}
-
+
// The login procedure is going to bugger our $_REQUEST variables
// so save them in the session.
-
+
if(array_key_exists('body',$_REQUEST)) {
$_SESSION['rpost'] = $_REQUEST;
}
@@ -64,14 +64,14 @@ class Rpost extends \Zotlabs\Web\Controller {
}
nav_set_selected('Post');
-
+
// If we have saved rpost session variables, but nothing in the current $_REQUEST, recover the saved variables
-
+
if((! array_key_exists('body',$_REQUEST)) && (array_key_exists('rpost',$_SESSION))) {
$_REQUEST = $_SESSION['rpost'];
unset($_SESSION['rpost']);
}
-
+
if(array_key_exists('channel',$_REQUEST)) {
$r = q("select channel_id from channel where channel_account_id = %d and channel_address = '%s' limit 1",
intval(get_account_id()),
@@ -82,7 +82,7 @@ class Rpost extends \Zotlabs\Web\Controller {
$change = change_channel($r[0]['channel_id']);
}
}
-
+
if($_REQUEST['remote_return']) {
$_SESSION['remote_return'] = $_REQUEST['remote_return'];
}
@@ -91,21 +91,27 @@ class Rpost extends \Zotlabs\Web\Controller {
goaway($_SESSION['remote_return']);
goaway(z_root() . '/network');
}
-
+
$plaintext = true;
-
+
if(array_key_exists('type', $_REQUEST) && $_REQUEST['type'] === 'html') {
require_once('include/html2bbcode.php');
- $_REQUEST['body'] = html2bbcode($_REQUEST['body']);
+ $_REQUEST['body'] = html2bbcode($_REQUEST['body']);
}
-
+
$channel = \App::get_channel();
-
-
- $acl = new \Zotlabs\Access\AccessList($channel);
-
- $channel_acl = $acl->get();
-
+
+ if($_REQUEST['acl']) {
+ $acl = new \Zotlabs\Access\AccessList([]);
+ $acl->set($_REQUEST['acl']);
+ $channel_acl = $acl->get();
+ }
+ else {
+ $acl = new \Zotlabs\Access\AccessList($channel);
+ $channel_acl = $acl->get();
+ }
+
+
if($_REQUEST['url']) {
$x = z_fetch_url(z_root() . '/linkinfo?f=&url=' . urlencode($_REQUEST['url']));
if($x['success'])
@@ -115,7 +121,7 @@ class Rpost extends \Zotlabs\Web\Controller {
if($_REQUEST['post_id']) {
$_REQUEST['body'] .= '[share=' . intval($_REQUEST['post_id']) . '][/share]';
}
-
+
$x = array(
'is_owner' => true,
'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''),
@@ -137,19 +143,19 @@ class Rpost extends \Zotlabs\Web\Controller {
'bbcode' => true,
'jotnets' => true
);
-
+
$editor = status_editor($a,$x,false,'Rpost');
-
+
$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
'$title' => t('Edit post'),
'$cancel' => '',
'$editor' => $editor
));
-
+
return $o;
-
+
}
-
-
-
+
+
+
}