aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--mod/share.php52
1 files changed, 47 insertions, 5 deletions
diff --git a/mod/share.php b/mod/share.php
index 1f767578d..1e919b99b 100644
--- a/mod/share.php
+++ b/mod/share.php
@@ -1,20 +1,45 @@
<?php
+require_once('include/security.php');
require_once('bbcode.php');
function share_init(&$a) {
$post_id = ((argc() > 1) ? intval(argv(1)) : 0);
- if((! $post_id) || (! local_user()))
+
+ if(! $post_id)
+ killme();
+
+ if(! (local_user() || remote_user()))
killme();
- $r = q("SELECT * from item WHERE id = %d AND uid = %d and item_restrict = 0 LIMIT 1",
+
+ $r = q("SELECT * from item WHERE id = %d LIMIT 1",
intval($post_id),
- intval(local_user())
);
if((! $r) || $r[0]['item_private'])
killme();
+ $sql_extra = item_permissions_sql($r[0]['uid']);
+
+ $r = q("select * from item where id = %d $sql_extra",
+ intval($post_id)
+ );
+ if(! $r)
+ killme();
+
+ // FIXME - we only share bbcode
+
+ if($r[0]['mimetype'] !== 'text/bbcode')
+ killme();
+
+ // FIXME - eventually we want to post remotely via rpost
+ // on your home site.
+ // When that works remove this next bit:
+
+ if(! local_user())
+ killme();
+
xchan_query($r);
if (strpos($r[0]['body'], "[/share]") !== false) {
@@ -32,7 +57,24 @@ function share_init(&$a) {
$o.= "[/share]";
}
- echo $o;
- killme();
+ if(local_user()) {
+ echo $o;
+ killme();
+ }
+
+ $observer = $a->get_observer();
+ $parsed = $observer['xchan_url'];
+ if($parsed) {
+ $post_url = $parsed['scheme'] . ':' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '')
+ . '/rpost';
+ // FIXME - we were probably called from JS
+ // so we don't know the return page.
+ // in fact we won't be able to load the remote page.
+ // we might need an iframe
+
+ $x = z_post_url($post_url, array('f' => '', 'body' => $o ));
+ killme();
+ }
+
}