aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xinclude/items.php10
-rwxr-xr-xmod/dfrn_poll.php21
-rwxr-xr-xmod/message.php7
3 files changed, 23 insertions, 15 deletions
diff --git a/include/items.php b/include/items.php
index 7b9b7315f..708fd8121 100755
--- a/include/items.php
+++ b/include/items.php
@@ -7,14 +7,11 @@ require_once('include/crypto.php');
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) {
- // default permissions - anonymous user
-
- if(! strlen($owner_nick))
- killme();
+ $sitefeed = ((strlen($owner_nick)) ? false : true); // not yet implemented, need to rewrite huge chunks of following logic
$public_feed = (($dfrn_id) ? false : true);
- $starred = false;
- $converse = false;
+ $starred = false; // not yet implemented, possible security issues
+ $converse = false;
if($public_feed && $a->argc > 2) {
for($x = 2; $x < $a->argc; $x++) {
@@ -25,6 +22,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
}
}
+ // default permissions - anonymous user
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
index fe5cd4906..6030587ce 100755
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -26,21 +26,24 @@ function dfrn_poll_init(&$a) {
$dfrn_id = substr($dfrn_id,2);
}
- if(($dfrn_id === '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
+ if(($dfrn_id === '') && (! x($_POST,'dfrn_id'))) {
if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
killme();
}
- $r = q("SELECT `hidewall` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
- dbesc($a->argv[1])
- );
- if(count($r) && $r[0]['hidewall'])
- killme();
+ $user = '';
+ if($a->argc > 1) {
+ $r = q("SELECT `hidewall` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
+ dbesc($a->argv[1])
+ );
+ if((! count($r)) || (count($r) && $r[0]['hidewall']))
+ killme();
+ $user = $r[0]['nickname'];
+ }
- logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] );
+ logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $user);
header("Content-type: application/atom+xml");
- $o = get_feed_for($a, '', $a->argv[1],$last_update);
- echo $o;
+ echo get_feed_for($a, '', $user,$last_update);
killme();
}
diff --git a/mod/message.php b/mod/message.php
index 0907abd77..8991f643d 100755
--- a/mod/message.php
+++ b/mod/message.php
@@ -15,6 +15,13 @@ function message_post(&$a) {
$body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : '');
$recipient = ((x($_REQUEST,'messageto')) ? intval($_REQUEST['messageto']) : 0 );
+ // Work around doubled linefeeds in Tinymce 3.5b2
+
+ $plaintext = intval(get_pconfig(local_user(),'system','plaintext'));
+ if(! $plaintext) {
+ $body = str_replace("\r\n","\n",$body);
+ $body = str_replace("\n\n","\n",$body);
+ }
$ret = send_message($recipient, $body, $subject, $replyto);
$norecip = false;