diff options
author | zotlabs <mike@macgirvin.com> | 2017-03-12 21:55:24 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-03-12 21:55:24 -0700 |
commit | fc533107ed49735aad5ba39bf02b87ed7ac870b6 (patch) | |
tree | 9122edfb24f8d24d5baf1f024d9715e895cff3d1 /Zotlabs/Module | |
parent | 1ee76cb5066870db9ea427e00e5c18edfb292496 (diff) | |
download | volse-hubzilla-fc533107ed49735aad5ba39bf02b87ed7ac870b6.tar.gz volse-hubzilla-fc533107ed49735aad5ba39bf02b87ed7ac870b6.tar.bz2 volse-hubzilla-fc533107ed49735aad5ba39bf02b87ed7ac870b6.zip |
better handling of mimetype security
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r-- | Zotlabs/Module/Editwebpage.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Item.php | 23 |
2 files changed, 7 insertions, 18 deletions
diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php index 3d4af107d..97f4a32ff 100644 --- a/Zotlabs/Module/Editwebpage.php +++ b/Zotlabs/Module/Editwebpage.php @@ -130,8 +130,6 @@ class Editwebpage extends \Zotlabs\Web\Controller { $layout = $itm[0]['layout_mid']; - $tpl = get_markup_template("jot.tpl"); - $rp = 'webpages/' . $which; $x = array( diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 4725ecb38..afac1542d 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -480,22 +480,13 @@ class Item extends \Zotlabs\Web\Controller { $execflag = false; - if($mimetype !== 'text/bbcode') { - $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", - intval($profile_uid) - ); - if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) { - if($uid && (get_account_id() == $z[0]['account_id'])) { - $execflag = true; - } - else { - notice( t('Executable content type not permitted to this channel.') . EOL); - if($api_source) - return ( [ 'success' => false, 'message' => 'forbidden content type' ] ); - if(x($_REQUEST,'return')) - goaway(z_root() . "/" . $return_path ); - killme(); - } + $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id + where channel_id = %d limit 1", + intval($profile_uid) + ); + if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) { + if($uid && (intval(get_account_id()) == intval($z[0]['account_id']))) { + $execflag = true; } } |