aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xinclude/diaspora.php26
-rwxr-xr-xinclude/items.php6
-rw-r--r--mod/item.php6
-rw-r--r--version.inc2
4 files changed, 33 insertions, 7 deletions
diff --git a/include/diaspora.php b/include/diaspora.php
index 33ad4211b..77a400604 100755
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -2371,6 +2371,24 @@ function diaspora_profile($importer,$xml,$msg) {
function diaspora_share($owner,$contact) {
$a = get_app();
+
+ $enabled = intval(get_config('system','diaspora_enabled'));
+ if(! $enabled) {
+ logger('diaspora_share: disabled');
+ return;
+ }
+
+ $allowed = get_pconfig($owner['channel_id'],'system','diaspora_allowed');
+ if($allowed === false)
+ $allowed = 1;
+
+ if(! intval($allowed)) {
+ logger('diaspora_share: disallowed for channel ' . $importer['channel_name']);
+ return;
+ }
+
+
+
$myaddr = $owner['channel_address'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
if(! array_key_exists('xchan_hash',$contact)) {
@@ -2947,6 +2965,14 @@ function diaspora_transmit($owner,$contact,$slap,$public_batch,$queue_run=false)
return 200;
}
+ $allowed = get_pconfig($owner['channel_id'],'system','diaspora_allowed');
+ if($allowed === false)
+ $allowed = 1;
+
+ if(! intval($allowed)) {
+ return 200;
+ }
+
if($public_batch)
$dest_url = $contact['hubloc_callback'] . '/public';
else
diff --git a/include/items.php b/include/items.php
index eb4ad1ead..229512ead 100755
--- a/include/items.php
+++ b/include/items.php
@@ -423,7 +423,7 @@ function post_activity_item($arr) {
if(array_key_exists('item_private',$arr) && $arr['item_private']) {
- $arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']);
+ $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
if($channel) {
if($channel['channel_hash'] === $arr['author_xchan']) {
@@ -2064,7 +2064,7 @@ function item_store($arr, $allow_exec = false) {
$arr['lang'] = detect_language($arr['body']);
// apply the input filter here - if it is obscured it has been filtered already
- $arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']);
+ $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
if(local_channel() && (! $arr['sig'])) {
$channel = get_app()->get_channel();
@@ -2461,7 +2461,7 @@ function item_store_update($arr,$allow_exec = false) {
$arr['lang'] = detect_language($arr['body']);
// apply the input filter here - if it is obscured it has been filtered already
- $arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']);
+ $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
if(local_channel() && (! $arr['sig'])) {
$channel = get_app()->get_channel();
diff --git a/mod/item.php b/mod/item.php
index 3ff286268..8a73974c6 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -343,8 +343,8 @@ function item_post(&$a) {
$coord = $orig_post['coord'];
$verb = $orig_post['verb'];
$app = $orig_post['app'];
- $title = $_REQUEST['title'];
- $body = $_REQUEST['body'];
+ $title = escape_tags(trim($_REQUEST['title']));
+ $body = trim($_REQUEST['body']);
$item_flags = $orig_post['item_flags'];
// force us to recalculate if we need to obscure this post
@@ -798,7 +798,7 @@ function item_post(&$a) {
if(array_key_exists('item_private',$datarray) && $datarray['item_private']) {
- $datarray['body'] = z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']);
+ $datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']));
if($uid) {
if($channel['channel_hash'] === $datarray['author_xchan']) {
diff --git a/version.inc b/version.inc
index 03a0995b5..cbaf6aa9c 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2015-06-21.1070
+2015-06-22.1071