aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/identity.php4
-rwxr-xr-xinclude/items.php10
-rwxr-xr-xinclude/text.php2
-rw-r--r--mod/channel.php31
4 files changed, 36 insertions, 11 deletions
diff --git a/include/identity.php b/include/identity.php
index 5e25244e6..9fba55da5 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -1023,7 +1023,7 @@ function zid_init(&$a) {
dbesc($tmp_str)
);
// try to avoid recursion - but send them home to do a proper magic auth
- $dest = '/' . $a->query_string;
+ $dest = '/' . urlencode($a->query_string);
$dest = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$dest);
if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&dest=' . z_root() . $dest);
@@ -1140,4 +1140,4 @@ function is_foreigner($s) {
function is_member($s) {
return((is_foreigner($s)) ? false : true);
-} \ No newline at end of file
+}
diff --git a/include/items.php b/include/items.php
index 781956882..d5eea1e6f 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1602,8 +1602,14 @@ function item_store($arr,$allow_exec = false) {
$arr['llink'] = z_root() . '/display/' . $arr['mid'];
- if(! $arr['plink'])
- $arr['plink'] = $arr['llink'];
+ if((! $arr['plink'])) {
+ if (local_user() && ($arr['item_flags'] & ITEM_THREAD_TOP)) {
+ $channel = get_app()->get_channel();
+ $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?mid=' . $arr['mid'];
+ } else {
+ $arr['plink'] = $arr['llink'];
+ }
+ }
if($arr['parent_mid'] === $arr['mid']) {
$parent_id = 0;
diff --git a/include/text.php b/include/text.php
index 8b71fbddf..b47f0518a 100755
--- a/include/text.php
+++ b/include/text.php
@@ -1391,7 +1391,7 @@ function feed_salmonlinks($nick) {
function get_plink($item,$mode) {
$a = get_app();
- if($mode == 'display')
+ if(($mode == 'display') || ($mode == 'channel') || ($mode == 'network'))
$key = 'plink';
else
$key = 'llink';
diff --git a/mod/channel.php b/mod/channel.php
index 205a89fa3..8e44a329b 100644
--- a/mod/channel.php
+++ b/mod/channel.php
@@ -177,6 +177,10 @@ function channel_content(&$a, $update = 0, $load = false) {
$r = q("SELECT parent AS item_id from item where mid = '%s' limit 1",
dbesc($mid)
);
+ if (! $r) {
+ notice( t('Item not found.') . EOL);
+ }
+
} else {
$r = q("SELECT distinct id AS item_id FROM item
left join abook on item.author_xchan = abook.abook_xchan
@@ -197,6 +201,23 @@ function channel_content(&$a, $update = 0, $load = false) {
}
}
+ if ($mid && $r) {
+ // make sure we don't show other people's posts from our matrix
+ // as $a->profile['channel_hash'] isn't set when a JS query comes in
+ // we have to do that with a join
+ $ismine = q("SELECT * from item
+ join channel on item.owner_xchan = channel.channel_hash
+ where item.id = %d and channel.channel_id = %d",
+ dbesc($r[0]['item_id']),
+ intval($a->profile['profile_uid'])
+ );
+ if (!$ismine) {
+ if ($load)
+ notice( t('Permission denied.') . EOL);
+ $r = array();
+ }
+ }
+
if($r) {
$parents_str = ids_to_querystr($r,'item_id');
@@ -214,12 +235,10 @@ function channel_content(&$a, $update = 0, $load = false) {
$items = fetch_post_tags($items, true);
$items = conv_sort($items,'created');
- if ($mid && (! count($items))) {
- // This will happen if channel is called with a mid from another
- // channel, if we don't have sufficient permissions to view the
- // item, or if it doesn't exist.
- // Do we need separate error messages for that?
- notice( t('Item not found.') . EOL);
+ if ($load && $mid && (! count($items))) {
+ // This will happen if we don't have sufficient permissions
+ // to view the parent item (or the item itself if it is toplevel)
+ notice( t('Permission denied.') . EOL);
}
} else {