aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorredmatrix <redmatrix@redmatrix.me>2015-09-08 22:46:34 -0700
committerredmatrix <redmatrix@redmatrix.me>2015-09-08 22:46:34 -0700
commit0a051ff2cd13eb33ecffc3c4e34a1a56a3fcf29a (patch)
treea698e3b4ce0721b5824d141868316ce81d6572a9 /include
parentd702133ded36f23a79f7aed22c7d20ad263cff7b (diff)
downloadvolse-hubzilla-0a051ff2cd13eb33ecffc3c4e34a1a56a3fcf29a.tar.gz
volse-hubzilla-0a051ff2cd13eb33ecffc3c4e34a1a56a3fcf29a.tar.bz2
volse-hubzilla-0a051ff2cd13eb33ecffc3c4e34a1a56a3fcf29a.zip
preserve code blocks on item import if channel has code rights. When importing the channel itself,
turn code access off unless this is the admin.
Diffstat (limited to 'include')
-rw-r--r--include/api.php49
-rw-r--r--include/import.php18
-rwxr-xr-xinclude/items.php17
3 files changed, 81 insertions, 3 deletions
diff --git a/include/api.php b/include/api.php
index 6d71cfc33..a77bf15f7 100644
--- a/include/api.php
+++ b/include/api.php
@@ -896,6 +896,55 @@ require_once('include/items.php');
api_register_func('api/red/item/new','red_item_new', true);
+ function red_item(&$a, $type) {
+
+ if (api_user() === false) {
+ logger('api_red_item_new: no user');
+ return false;
+ }
+
+ if($_REQUEST['mid']) {
+ $arr = array('mid' => $_REQUEST['mid']);
+ }
+ elseif($_REQUEST['item_id']) {
+ $arr = array('item_id' => $_REQUEST['item_id']);
+ }
+ else
+ json_return_and_die(array());
+
+ $arr['start'] = 0;
+ $arr['records'] = 999999;
+ $arr['item_type'] = '*';
+
+ $i = items_fetch($arr,$a->get_channel(),get_observer_hash());
+
+ if(! $i)
+ json_return_and_die(array());
+
+ $ret = array();
+ $tmp = array();
+ $str = '';
+ foreach($i as $ii) {
+ $tmp[] = encode_item($ii,true);
+ if($str)
+ $str .= ',';
+ $str .= $ii['id'];
+ }
+ $ret['item'] = $tmp;
+ if($str) {
+ $r = q("select item_id.*, item.mid from item_id left join item on item_id.iid = item.id where item.id in ( $str ) ");
+
+ if($r)
+ $ret['item_id'] = $r;
+ }
+
+ json_return_and_die($ret);
+ }
+
+ api_register_func('api/red/item/full','red_item', true);
+
+
+
function api_get_status($xchan_hash) {
require_once('include/security.php');
diff --git a/include/import.php b/include/import.php
index e468889b4..168446be9 100644
--- a/include/import.php
+++ b/include/import.php
@@ -50,6 +50,11 @@ function import_channel($channel) {
unset($channel['channel_id']);
$channel['channel_account_id'] = get_account_id();
$channel['channel_primary'] = (($seize) ? 1 : 0);
+
+ if($channel['channel_pageflags'] & PAGE_ALLOWCODE) {
+ if(! is_site_admin())
+ $channel['channel_pageflags'] = $channel['channel_pageflags'] ^ PAGE_ALLOWCODE;
+ }
dbesc_array($channel);
@@ -480,8 +485,19 @@ function sync_chatrooms($channel,$chatrooms) {
function import_items($channel,$items) {
if($channel && $items) {
+ $allow_code = false;
+ $r = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id
+ where channel_id = %d limit 1",
+ intval($channel['channel_id'])
+ );
+ if($r) {
+ if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
+ $allow_code = true;
+ }
+ }
+
foreach($items as $i) {
- $item = get_item_elements($i);
+ $item = get_item_elements($i,$allow_code);
if(! $item)
continue;
diff --git a/include/items.php b/include/items.php
index 4c21d55a1..28fd8502b 100755
--- a/include/items.php
+++ b/include/items.php
@@ -833,10 +833,13 @@ function title_is_body($title, $body) {
}
-function get_item_elements($x) {
+function get_item_elements($x,$allow_code = false) {
$arr = array();
- $arr['body'] = (($x['body']) ? htmlspecialchars($x['body'],ENT_COMPAT,'UTF-8',false) : '');
+ if($allow_code)
+ $arr['body'] = $x['body'];
+ else
+ $arr['body'] = (($x['body']) ? htmlspecialchars($x['body'],ENT_COMPAT,'UTF-8',false) : '');
$key = get_config('system','pubkey');
@@ -4731,6 +4734,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
if($arr['wall'])
$sql_options .= " and item_wall = 1 ";
+
+ if($arr['item_id'])
+ $sql_options .= " and parent = " . intval($arr['item_id']) . " ";
+
+ if($arr['mid'])
+ $sql_options .= " and parent_mid = '" . dbesc($arr['mid']) . "' ";
$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE item_thread_top = 1 $sql_options ) ";
@@ -4857,11 +4866,15 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
require_once('include/security.php');
$sql_extra .= item_permissions_sql($channel['channel_id'],$observer_hash);
+
if($arr['pages'])
$item_restrict = " AND item_type = " . ITEM_TYPE_WEBPAGE . " ";
else
$item_restrict = " AND item_type = 0 ";
+ if($arr['item_type'] === '*')
+ $item_restrict = '';
+
if ($arr['nouveau'] && ($client_mode & CLIENT_MODE_LOAD) && $channel) {
// "New Item View" - show all items unthreaded in reverse created date order