diff options
author | redmatrix <redmatrix@redmatrix.me> | 2015-09-08 22:46:34 -0700 |
---|---|---|
committer | redmatrix <redmatrix@redmatrix.me> | 2015-09-08 22:46:34 -0700 |
commit | 0a051ff2cd13eb33ecffc3c4e34a1a56a3fcf29a (patch) | |
tree | a698e3b4ce0721b5824d141868316ce81d6572a9 /include | |
parent | d702133ded36f23a79f7aed22c7d20ad263cff7b (diff) | |
download | volse-hubzilla-0a051ff2cd13eb33ecffc3c4e34a1a56a3fcf29a.tar.gz volse-hubzilla-0a051ff2cd13eb33ecffc3c4e34a1a56a3fcf29a.tar.bz2 volse-hubzilla-0a051ff2cd13eb33ecffc3c4e34a1a56a3fcf29a.zip |
preserve code blocks on item import if channel has code rights. When importing the channel itself,
turn code access off unless this is the admin.
Diffstat (limited to 'include')
-rw-r--r-- | include/api.php | 49 | ||||
-rw-r--r-- | include/import.php | 18 | ||||
-rwxr-xr-x | include/items.php | 17 |
3 files changed, 81 insertions, 3 deletions
diff --git a/include/api.php b/include/api.php index 6d71cfc33..a77bf15f7 100644 --- a/include/api.php +++ b/include/api.php @@ -896,6 +896,55 @@ require_once('include/items.php'); api_register_func('api/red/item/new','red_item_new', true); + function red_item(&$a, $type) { + + if (api_user() === false) { + logger('api_red_item_new: no user'); + return false; + } + + if($_REQUEST['mid']) { + $arr = array('mid' => $_REQUEST['mid']); + } + elseif($_REQUEST['item_id']) { + $arr = array('item_id' => $_REQUEST['item_id']); + } + else + json_return_and_die(array()); + + $arr['start'] = 0; + $arr['records'] = 999999; + $arr['item_type'] = '*'; + + $i = items_fetch($arr,$a->get_channel(),get_observer_hash()); + + if(! $i) + json_return_and_die(array()); + + $ret = array(); + $tmp = array(); + $str = ''; + foreach($i as $ii) { + $tmp[] = encode_item($ii,true); + if($str) + $str .= ','; + $str .= $ii['id']; + } + $ret['item'] = $tmp; + if($str) { + $r = q("select item_id.*, item.mid from item_id left join item on item_id.iid = item.id where item.id in ( $str ) "); + + if($r) + $ret['item_id'] = $r; + } + + json_return_and_die($ret); + } + + api_register_func('api/red/item/full','red_item', true); + + + function api_get_status($xchan_hash) { require_once('include/security.php'); diff --git a/include/import.php b/include/import.php index e468889b4..168446be9 100644 --- a/include/import.php +++ b/include/import.php @@ -50,6 +50,11 @@ function import_channel($channel) { unset($channel['channel_id']); $channel['channel_account_id'] = get_account_id(); $channel['channel_primary'] = (($seize) ? 1 : 0); + + if($channel['channel_pageflags'] & PAGE_ALLOWCODE) { + if(! is_site_admin()) + $channel['channel_pageflags'] = $channel['channel_pageflags'] ^ PAGE_ALLOWCODE; + } dbesc_array($channel); @@ -480,8 +485,19 @@ function sync_chatrooms($channel,$chatrooms) { function import_items($channel,$items) { if($channel && $items) { + $allow_code = false; + $r = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id + where channel_id = %d limit 1", + intval($channel['channel_id']) + ); + if($r) { + if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { + $allow_code = true; + } + } + foreach($items as $i) { - $item = get_item_elements($i); + $item = get_item_elements($i,$allow_code); if(! $item) continue; diff --git a/include/items.php b/include/items.php index 4c21d55a1..28fd8502b 100755 --- a/include/items.php +++ b/include/items.php @@ -833,10 +833,13 @@ function title_is_body($title, $body) { } -function get_item_elements($x) { +function get_item_elements($x,$allow_code = false) { $arr = array(); - $arr['body'] = (($x['body']) ? htmlspecialchars($x['body'],ENT_COMPAT,'UTF-8',false) : ''); + if($allow_code) + $arr['body'] = $x['body']; + else + $arr['body'] = (($x['body']) ? htmlspecialchars($x['body'],ENT_COMPAT,'UTF-8',false) : ''); $key = get_config('system','pubkey'); @@ -4731,6 +4734,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C if($arr['wall']) $sql_options .= " and item_wall = 1 "; + + if($arr['item_id']) + $sql_options .= " and parent = " . intval($arr['item_id']) . " "; + + if($arr['mid']) + $sql_options .= " and parent_mid = '" . dbesc($arr['mid']) . "' "; $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE item_thread_top = 1 $sql_options ) "; @@ -4857,11 +4866,15 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C require_once('include/security.php'); $sql_extra .= item_permissions_sql($channel['channel_id'],$observer_hash); + if($arr['pages']) $item_restrict = " AND item_type = " . ITEM_TYPE_WEBPAGE . " "; else $item_restrict = " AND item_type = 0 "; + if($arr['item_type'] === '*') + $item_restrict = ''; + if ($arr['nouveau'] && ($client_mode & CLIENT_MODE_LOAD) && $channel) { // "New Item View" - show all items unthreaded in reverse created date order |