aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xinclude/text.php1
-rw-r--r--mod/item.php20
2 files changed, 20 insertions, 1 deletions
diff --git a/include/text.php b/include/text.php
index b0b519851..53471f460 100755
--- a/include/text.php
+++ b/include/text.php
@@ -1199,6 +1199,7 @@ function prepare_text($text,$content_type = 'text/bbcode') {
$s = zidify_links($s);
break;
}
+//logger('prepare: ' . $s);
return $s;
}
diff --git a/mod/item.php b/mod/item.php
index ce484999b..56fdda887 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -320,6 +320,24 @@ function item_post(&$a) {
$body = z_input_filter($profile_uid,$body,$mimetype);
}
+ $execflag = false;
+
+ if($mimetype === 'application/x-php') {
+ $z = q("select account_id, account_roles from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
+ intval($profile_uid)
+ );
+ if($z && ($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE)) {
+ if(local_user() && (get_account_id() == $z[0]['account_id'])) {
+ $execflag = true;
+ }
+ else {
+ notice( t('Executable content type not permitted to this channel.') . EOL);
+ if(x($_REQUEST,'return'))
+ goaway($a->get_baseurl() . "/" . $return_path );
+ killme();
+ }
+ }
+ }
if($mimetype === 'text/bbcode') {
@@ -655,7 +673,7 @@ function item_post(&$a) {
$post_id = 0;
- $post_id = item_store($datarray);
+ $post_id = item_store($datarray,$execflag);
if($post_id) {
logger('mod_item: saved item ' . $post_id);