aboutsummaryrefslogtreecommitdiffstats
path: root/include/items.php
diff options
context:
space:
mode:
authorThomas Willingham <founder@kakste.com>2013-08-14 20:44:17 +0100
committerThomas Willingham <founder@kakste.com>2013-08-14 20:44:17 +0100
commita0dfd44f9178796eaf55e4a2ab0194c12e7dfd21 (patch)
tree31a43380cbe93e28f27c69a7d676fe6bfafbb0f4 /include/items.php
parent94335f237fdadd93b86b271526c25c2a77de9c40 (diff)
parentde4e4c5ebd1ab746432b21d122b5f0cfb70a9bdd (diff)
downloadvolse-hubzilla-a0dfd44f9178796eaf55e4a2ab0194c12e7dfd21.tar.gz
volse-hubzilla-a0dfd44f9178796eaf55e4a2ab0194c12e7dfd21.tar.bz2
volse-hubzilla-a0dfd44f9178796eaf55e4a2ab0194c12e7dfd21.zip
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'include/items.php')
-rwxr-xr-xinclude/items.php81
1 files changed, 52 insertions, 29 deletions
diff --git a/include/items.php b/include/items.php
index e71fd0350..6d853323f 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1342,7 +1342,7 @@ function encode_rel_links($links) {
return xmlify($o);
}
-function item_store($arr,$force_parent = false) {
+function item_store($arr,$allow_exec = false) {
if(! $arr['uid']) {
logger('item_store: no uid');
@@ -1357,6 +1357,13 @@ function item_store($arr,$force_parent = false) {
unset($arr['parent']);
$arr['mimetype'] = ((x($arr,'mimetype')) ? notags(trim($arr['mimetype'])) : 'text/bbcode');
+
+ if(($arr['mimetype'] == 'application/x-php') && (! $allow_exec)) {
+ logger('item_store: php mimetype but allow_exec is denied.');
+ return 0;
+ }
+
+
$arr['title'] = ((x($arr,'title')) ? notags(trim($arr['title'])) : '');
$arr['body'] = ((x($arr,'body')) ? trim($arr['body']) : '');
@@ -1369,7 +1376,7 @@ function item_store($arr,$force_parent = false) {
// this is a bit messy - we really need an input filter chain that temporarily undoes obscuring
- if($arr['mimetype'] != 'text/html') {
+ if($arr['mimetype'] != 'text/html' && $arr['mimetype'] != 'application/x-php') {
if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
$arr['body'] = escape_tags($arr['body']);
if((strpos($arr['title'],'<') !== false) || (strpos($arr['title'],'>') !== false))
@@ -1665,7 +1672,7 @@ function item_store($arr,$force_parent = false) {
-function item_store_update($arr,$force_parent = false) {
+function item_store_update($arr,$allow_exec = false) {
if(! intval($arr['uid'])) {
logger('item_store_update: no uid');
@@ -1696,24 +1703,35 @@ function item_store_update($arr,$force_parent = false) {
$arr = $translate['item'];
}
+ $arr['mimetype'] = ((x($arr,'mimetype')) ? notags(trim($arr['mimetype'])) : 'text/bbcode');
+
+ if(($arr['mimetype'] == 'application/x-php') && (! $allow_exec)) {
+ logger('item_store: php mimetype but allow_exec is denied.');
+ return 0;
+ }
+
+
// Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin.
- if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
- $arr['body'] = escape_tags($arr['body']);
+ if($arr['mimetype'] != 'text/html' && $arr['mimetype'] != 'application/x-php') {
- if((x($arr,'object')) && is_array($arr['object'])) {
- activity_sanitise($arr['object']);
- $arr['object'] = json_encode($arr['object']);
- }
+ if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
+ $arr['body'] = escape_tags($arr['body']);
- if((x($arr,'target')) && is_array($arr['target'])) {
- activity_sanitise($arr['target']);
- $arr['target'] = json_encode($arr['target']);
- }
+ if((x($arr,'object')) && is_array($arr['object'])) {
+ activity_sanitise($arr['object']);
+ $arr['object'] = json_encode($arr['object']);
+ }
- if((x($arr,'attach')) && is_array($arr['attach'])) {
- activity_sanitise($arr['attach']);
- $arr['attach'] = json_encode($arr['attach']);
+ if((x($arr,'target')) && is_array($arr['target'])) {
+ activity_sanitise($arr['target']);
+ $arr['target'] = json_encode($arr['target']);
+ }
+
+ if((x($arr,'attach')) && is_array($arr['attach'])) {
+ activity_sanitise($arr['attach']);
+ $arr['attach'] = json_encode($arr['attach']);
+ }
}
$orig = q("select * from item where id = %d and uid = %d limit 1",
@@ -1740,7 +1758,6 @@ function item_store_update($arr,$force_parent = false) {
$arr['commented'] = datetime_convert();
$arr['received'] = datetime_convert();
$arr['changed'] = datetime_convert();
- $arr['mimetype'] = ((x($arr,'mimetype')) ? notags(trim($arr['mimetype'])) : 'text/bbcode');
$arr['title'] = ((x($arr,'title')) ? notags(trim($arr['title'])) : '');
$arr['location'] = ((x($arr,'location')) ? notags(trim($arr['location'])) : '');
$arr['coord'] = ((x($arr,'coord')) ? notags(trim($arr['coord'])) : '');
@@ -2692,7 +2709,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
}
}
- $r = item_store($datarray,$force_parent);
+ $r = item_store($datarray);
continue;
}
@@ -3127,21 +3144,28 @@ function item_expire($uid,$days) {
// and just expire conversations started by others
$expire_network_only = get_pconfig($uid,'expire','network_only');
- $sql_extra = ((intval($expire_network_only)) ? " AND wall = 0 " : "");
+ $sql_extra = ((intval($expire_network_only)) ? " AND not (item_flags & " . intval(ITEM_WALL) . ") " : "");
$r = q("SELECT * FROM `item`
WHERE `uid` = %d
AND `created` < UTC_TIMESTAMP() - INTERVAL %d DAY
AND `id` = `parent`
$sql_extra
- AND `deleted` = 0",
+ AND NOT (item_restrict & %d )
+ AND NOT (item_restrict & %d )
+ AND NOT (item_restrict & %d ) ",
intval($uid),
- intval($days)
+ intval($days),
+ intval(ITEM_DELETED),
+ intval(ITEM_WEBPAGE),
+ intval(ITEM_BUILDBLOCK)
);
- if(! count($r))
+ if(! $r)
return;
+ $r = fetch_post_tags($r,true);
+
$expire_items = get_pconfig($uid, 'expire','items');
$expire_items = (($expire_items===false)?1:intval($expire_items)); // default if not set: 1
@@ -3158,20 +3182,19 @@ function item_expire($uid,$days) {
foreach($r as $item) {
+
+
// don't expire filed items
- if(strpos($item['file'],'[') !== false)
+ $terms = get_terms_oftype($item['term'],TERM_FILE);
+ if($terms)
continue;
// Only expire posts, not photos and photo comments
- if($expire_photos==0 && strlen($item['resource_id']))
- continue;
- if($expire_starred==0 && intval($item['starred']))
- continue;
- if($expire_notes==0 && $item['type']=='note')
+ if($expire_photos==0 && ($item['resource_type'] === 'photo'))
continue;
- if($expire_items==0 && $item['type']!='note')
+ if($expire_starred==0 && ($item['item_flags'] & ITEM_STARRED))
continue;
drop_item($item['id'],false);