aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xinclude/items.php3
-rwxr-xr-xmod/item.php28
-rwxr-xr-xmod/notifications.php4
3 files changed, 31 insertions, 4 deletions
diff --git a/include/items.php b/include/items.php
index 21ee994dc..62f1f2ce5 100755
--- a/include/items.php
+++ b/include/items.php
@@ -2755,6 +2755,9 @@ function item_expire($uid,$days) {
function drop_items($items) {
$uid = 0;
+ if((! local_user()) && (! $remote_user()))
+ return;
+
if(count($items)) {
foreach($items as $item) {
$owner = drop_item($item,false);
diff --git a/mod/item.php b/mod/item.php
index f7eb0961c..ed3d7749c 100755
--- a/mod/item.php
+++ b/mod/item.php
@@ -20,7 +20,7 @@ require_once('include/enotify.php');
function item_post(&$a) {
- if((! local_user()) && (! remote_user()))
+ if((! local_user()) && (! remote_user()) && (! x($_REQUEST,'commenter')))
return;
require_once('include/security.php');
@@ -110,11 +110,35 @@ function item_post(&$a) {
if($parent) logger('mod_post: parent=' . $parent);
+
+
$profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0);
$post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0);
$app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : '');
- if(! can_write_wall($a,$profile_uid)) {
+ $allow_moderated = false;
+
+ // here is where we are going to check for permission to post a moderated comment.
+
+ // First check that the parent exists and it is a wall item.
+
+ if((x($_REQUEST,'commenter')) && ((! $parent) || (! $parent_item['wall']))) {
+ notice( t('Permission denied.') . EOL) ;
+ if(x($_REQUEST,'return'))
+ goaway($a->get_baseurl() . "/" . $return_path );
+ killme();
+ }
+
+ // Now check that it is a page_type of PAGE_BLOG, and that valid personal details
+ // have been provided, and run any anti-spam plugins
+
+
+ // TODO
+
+
+
+
+ if((! can_write_wall($a,$profile_uid)) && (! $allow_moderated)) {
notice( t('Permission denied.') . EOL) ;
if(x($_REQUEST,'return'))
goaway($a->get_baseurl() . "/" . $return_path );
diff --git a/mod/notifications.php b/mod/notifications.php
index 910b84e32..82d450a88 100755
--- a/mod/notifications.php
+++ b/mod/notifications.php
@@ -42,12 +42,12 @@ function notifications_post(&$a) {
intval(local_user())
);
}
- return;
+ goaway($a->get_baseurl() . '/notifications/intros');
}
if($_POST['submit'] == t('Ignore')) {
$r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1",
intval($intro_id));
- return;
+ goaway($a->get_baseurl() . '/notifications/intros');
}
}
}