aboutsummaryrefslogtreecommitdiffstats
path: root/mod/item.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-09-02 16:29:52 -0700
committerfriendica <info@friendica.com>2013-09-02 16:29:52 -0700
commit56e408f4679862a0d7d9d8fa46a1875f2cbf3574 (patch)
treef010f84e13043a88b2558ffa50b8d2796ddcbe8b /mod/item.php
parent7c775db9d6b9dc68bc05cded7ab93357aeeb9c3f (diff)
downloadvolse-hubzilla-56e408f4679862a0d7d9d8fa46a1875f2cbf3574.tar.gz
volse-hubzilla-56e408f4679862a0d7d9d8fa46a1875f2cbf3574.tar.bz2
volse-hubzilla-56e408f4679862a0d7d9d8fa46a1875f2cbf3574.zip
pass execflag - Working for preview but not yet executing on page render
Diffstat (limited to 'mod/item.php')
-rw-r--r--mod/item.php20
1 files changed, 19 insertions, 1 deletions
diff --git a/mod/item.php b/mod/item.php
index ce484999b..56fdda887 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -320,6 +320,24 @@ function item_post(&$a) {
$body = z_input_filter($profile_uid,$body,$mimetype);
}
+ $execflag = false;
+
+ if($mimetype === 'application/x-php') {
+ $z = q("select account_id, account_roles from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
+ intval($profile_uid)
+ );
+ if($z && ($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE)) {
+ if(local_user() && (get_account_id() == $z[0]['account_id'])) {
+ $execflag = true;
+ }
+ else {
+ notice( t('Executable content type not permitted to this channel.') . EOL);
+ if(x($_REQUEST,'return'))
+ goaway($a->get_baseurl() . "/" . $return_path );
+ killme();
+ }
+ }
+ }
if($mimetype === 'text/bbcode') {
@@ -655,7 +673,7 @@ function item_post(&$a) {
$post_id = 0;
- $post_id = item_store($datarray);
+ $post_id = item_store($datarray,$execflag);
if($post_id) {
logger('mod_item: saved item ' . $post_id);