diff options
| author | friendica <info@friendica.com> | 2014-01-09 15:45:17 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-01-09 15:45:17 -0800 |
| commit | db8ebc9f375478bddc0f48d972e3acfbde80685a (patch) | |
| tree | 62063483f438fbab8e399e5a5a3550f953f09d13 /mod | |
| parent | ba0fdde51cbaf12d0bf9f28c6f95421e5fadc695 (diff) | |
| download | volse-hubzilla-db8ebc9f375478bddc0f48d972e3acfbde80685a.tar.gz volse-hubzilla-db8ebc9f375478bddc0f48d972e3acfbde80685a.tar.bz2 volse-hubzilla-db8ebc9f375478bddc0f48d972e3acfbde80685a.zip | |
some minor cleanup on plinks for some very subtle permissions issues
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/channel.php | 24 | ||||
| -rw-r--r-- | mod/item.php | 6 | ||||
| -rwxr-xr-x | mod/like.php | 1 | ||||
| -rwxr-xr-x | mod/mood.php | 7 | ||||
| -rw-r--r-- | mod/photos.php | 9 |
5 files changed, 24 insertions, 23 deletions
diff --git a/mod/channel.php b/mod/channel.php index 8e44a329b..20f6fec18 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -104,7 +104,7 @@ function channel_content(&$a, $update = 0, $load = false) { ); - if($perms['post_wall'] && (!$mid)) { + if($perms['post_wall']) { $x = array( 'is_owner' => $is_owner, @@ -135,8 +135,9 @@ function channel_content(&$a, $update = 0, $load = false) { if(($update) && (! $load)) { if ($mid) { - $r = q("SELECT parent AS item_id from item where mid = '%s' limit 1", - dbesc($mid) + $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d $sql_extra limit 1", + dbesc($mid), + intval($a->profile['profile_uid']) ); } else { $r = q("SELECT distinct parent AS `item_id` from item @@ -201,23 +202,6 @@ function channel_content(&$a, $update = 0, $load = false) { } } - if ($mid && $r) { - // make sure we don't show other people's posts from our matrix - // as $a->profile['channel_hash'] isn't set when a JS query comes in - // we have to do that with a join - $ismine = q("SELECT * from item - join channel on item.owner_xchan = channel.channel_hash - where item.id = %d and channel.channel_id = %d", - dbesc($r[0]['item_id']), - intval($a->profile['profile_uid']) - ); - if (!$ismine) { - if ($load) - notice( t('Permission denied.') . EOL); - $r = array(); - } - } - if($r) { $parents_str = ids_to_querystr($r,'item_id'); diff --git a/mod/item.php b/mod/item.php index 037c24835..915bed706 100644 --- a/mod/item.php +++ b/mod/item.php @@ -79,6 +79,7 @@ function item_post(&$a) { $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); + /* Check service class limits */ @@ -605,9 +606,12 @@ function item_post(&$a) { $datarray = array(); if(! $parent) { - $datarray['parent_mid'] = $mid; $item_flags = $item_flags | ITEM_THREAD_TOP; } + + if ((! $plink) && ($item_flags & ITEM_THREAD_TOP)) { + $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid; + } $datarray['aid'] = $channel['channel_account_id']; $datarray['uid'] = $profile_uid; diff --git a/mod/like.php b/mod/like.php index 84b0a6592..007d1aee1 100755 --- a/mod/like.php +++ b/mod/like.php @@ -171,6 +171,7 @@ function like_content(&$a) { $arr['deny_cid'] = $item['deny_cid']; $arr['deny_gid'] = $item['deny_gid']; + $post = item_store($arr); $post_id = $post['item_id']; diff --git a/mod/mood.php b/mod/mood.php index 83b8bfb57..5075f622d 100755 --- a/mod/mood.php +++ b/mod/mood.php @@ -11,6 +11,7 @@ function mood_init(&$a) { return; $uid = local_user(); + $channel = $a->get_channel(); $verb = notags(trim($_GET['verb'])); if(! $verb) @@ -48,7 +49,6 @@ function mood_init(&$a) { else { $private = 0; - $channel = $a->get_channel(); $allow_cid = $channel['channel_allow_cid']; $allow_gid = $channel['channel_allow_gid']; @@ -84,6 +84,11 @@ function mood_init(&$a) { $arr['verb'] = $activity; $arr['body'] = $action; + if ((! $arr['plink']) && ($arr['item_flags'] & ITEM_THREAD_TOP)) { + $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; + } + + $post = item_store($arr); $item_id = $post['item_id']; diff --git a/mod/photos.php b/mod/photos.php index 51a680828..8099c71e6 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -472,7 +472,7 @@ function photos_post(&$a) { $mid = item_message_id(); $arr = array(); - +//FIXME $arr['uid'] = $page_owner_uid; $arr['mid'] = $mid; $arr['parent_mid'] = $mid; @@ -511,6 +511,13 @@ function photos_post(&$a) { . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '</id>'; $arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource_id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>'; + if ((! $arr['plink']) && ($arr['item_flags'] & ITEM_THREAD_TOP)) { + $arr['plink'] = z_root() . '/channel/' . $owner_record['channel_address'] . '/?f=&mid=' . $arr['mid']; + } + + + + $post = item_store($arr); $item_id = $post['item_id']; |