aboutsummaryrefslogtreecommitdiffstats
path: root/include/items.php
diff options
context:
space:
mode:
authorChristian Vogeley <christian.vogeley@hotmail.de>2013-10-20 01:22:51 +0200
committerChristian Vogeley <christian.vogeley@hotmail.de>2013-10-20 01:22:51 +0200
commit2db45695e8067e49eb4c8a6d8044cd9cac7f07e5 (patch)
tree7a1029e10578e99f0dbbef6e22c42eb784ddd9d1 /include/items.php
parentc0789bdb4fc7412efd5e2fb1e15b63d359a74cfa (diff)
parent49fb6326e0e978f57b2f988935af6e8e3d2f4417 (diff)
downloadvolse-hubzilla-2db45695e8067e49eb4c8a6d8044cd9cac7f07e5.tar.gz
volse-hubzilla-2db45695e8067e49eb4c8a6d8044cd9cac7f07e5.tar.bz2
volse-hubzilla-2db45695e8067e49eb4c8a6d8044cd9cac7f07e5.zip
Merge upstream
Diffstat (limited to 'include/items.php')
-rwxr-xr-xinclude/items.php33
1 files changed, 29 insertions, 4 deletions
diff --git a/include/items.php b/include/items.php
index 800684ae2..2229da5db 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1429,6 +1429,8 @@ function item_store($arr,$allow_exec = false) {
return ret;
}
+ $uplinked_comment = false;
+
// If a page layout is provided, ensure it exists and belongs to us.
if(array_key_exists('layout_mid',$arr) && $arr['layout_mid']) {
@@ -1620,6 +1622,16 @@ function item_store($arr,$allow_exec = false) {
if($r[0]['item_flags'] & ITEM_WALL)
$arr['item_flags'] = $arr['item_flags'] | ITEM_WALL;
+
+ // An uplinked comment might arrive with a downstream owner.
+ // Fix it.
+
+ if($r[0]['owner_xchan'] !== $arr['owner_xchan']) {
+ $arr['owner_xchan'] = $r[0]['owner_xchan'];
+ $uplinked_comment = true;
+ }
+
+
// if the parent is private, force privacy for the entire conversation
// This differs from the above settings as it subtly allows comments from
// email correspondents to be private even if the overall thread is not.
@@ -1813,6 +1825,7 @@ function item_store_update($arr,$allow_exec = false) {
unset($arr['id']);
unset($arr['uid']);
+
if(array_key_exists('edit',$arr))
unset($arr['edit']);
$arr['mimetype'] = ((x($arr,'mimetype')) ? notags(trim($arr['mimetype'])) : 'text/bbcode');
@@ -2136,11 +2149,9 @@ function tag_deliver($uid,$item_id) {
intval($uid)
);
-// issue #59
-// FIXME - check security on post and allowed senders, right now we just allow it. The author *may* be foreign and the original owner is lost on our copy of the post. So this could be very hard to verify. For instance what happens if the top-level post was a wall-to-wall?
-// if(($x) && ($x[0]['item_flags'] & ITEM_UPLINK) && ($x[0]['author_xchan'] == $item['author_xchan'])) {
+
if(($x) && ($x[0]['item_flags'] & ITEM_UPLINK)) {
-// logger('tag_deliver: creating second delivery chain for owner comment.');
+
logger('tag_deliver: creating second delivery chain for comment to tagged post.');
// now change this copy of the post to a forum head message and deliver to all the tgroup members
@@ -2150,6 +2161,14 @@ function tag_deliver($uid,$item_id) {
$flag_bits = ITEM_WALL|ITEM_ORIGIN;
+ // maintain the original source, which will be the original item owner and was stored in source_xchan
+ // when we created the delivery fork
+
+ $r = q("update item set source_xchan = '%s' where id = %d limit 1",
+ dbesc($x[0]['source_xchan']),
+ intval($item_id)
+ );
+
$r = q("update item set item_flags = ( item_flags | %d ), owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s',
deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d limit 1",
intval($flag_bits),
@@ -2249,6 +2268,12 @@ function tag_deliver($uid,$item_id) {
$flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK;
+ // preserve the source
+
+ $r = q("update item set source_xchan = owner_xchan where id = %d limit 1",
+ intval($item_id)
+ );
+
$r = q("update item set item_flags = ( item_flags | %d ), owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s',
deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d limit 1",
intval($flag_bits),