aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Module/Impel.php14
-rw-r--r--Zotlabs/Module/Item.php13
-rwxr-xr-xboot.php1
-rw-r--r--doc/database/db_account.bb1
-rw-r--r--include/channel.php17
-rw-r--r--include/import.php34
-rw-r--r--include/text.php26
7 files changed, 28 insertions, 78 deletions
diff --git a/Zotlabs/Module/Impel.php b/Zotlabs/Module/Impel.php
index 197d9f859..77f488d26 100644
--- a/Zotlabs/Module/Impel.php
+++ b/Zotlabs/Module/Impel.php
@@ -144,18 +144,8 @@ class Impel extends \Zotlabs\Web\Controller {
// Verify ability to use html or php!!!
- $execflag = false;
-
- if($arr['mimetype'] === 'application/x-php') {
- $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
- intval(local_channel())
- );
-
- if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
- $execflag = true;
- }
- }
-
+ $execflag = ((intval($channel['channel_id']) == intval(local_channel()) && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
+
$i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1",
dbesc($arr['mid']),
intval(local_channel())
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 6f54d3bb1..43cf535a4 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -478,17 +478,8 @@ class Item extends \Zotlabs\Web\Controller {
// Verify ability to use html or php!!!
- $execflag = false;
-
- $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
- intval($profile_uid)
- );
- if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
- if($uid && (get_account_id() == $z[0]['account_id'])) {
- $execflag = true;
- }
- }
-
+ $execflag = ((intval($channel['channel_id']) == intval($profile_uid) && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
+
$gacl = $acl->get();
$str_contact_allow = $gacl['allow_cid'];
$str_group_allow = $gacl['allow_gid'];
diff --git a/boot.php b/boot.php
index edd483e82..6c6078173 100755
--- a/boot.php
+++ b/boot.php
@@ -549,7 +549,6 @@ define ( 'ACCOUNT_PENDING', 0x0010 );
* Account roles
*/
-define ( 'ACCOUNT_ROLE_ALLOWCODE', 0x0001 );
define ( 'ACCOUNT_ROLE_SYSTEM', 0x0002 );
define ( 'ACCOUNT_ROLE_DEVELOPER', 0x0004 );
define ( 'ACCOUNT_ROLE_ADMIN', 0x1000 );
diff --git a/doc/database/db_account.bb b/doc/database/db_account.bb
index 354f2d3a8..35d7a9eb3 100644
--- a/doc/database/db_account.bb
+++ b/doc/database/db_account.bb
@@ -58,7 +58,6 @@ define ( 'ACCOUNT_PENDING', 0x0010 );
* Account roles
*/
-define ( 'ACCOUNT_ROLE_ALLOWCODE', 0x0001 ); // 1 - this account can create content with PHP/Javascript
define ( 'ACCOUNT_ROLE_SYSTEM', 0x0002 ); // 2 - this is the special system account
define ( 'ACCOUNT_ROLE_DEVELOPER', 0x0004 );
define ( 'ACCOUNT_ROLE_ADMIN', 0x1000 ); // 4096 - this account is an administrator
diff --git a/include/channel.php b/include/channel.php
index 7cf78cb8b..f88a2f8aa 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -2247,3 +2247,20 @@ function channel_remove($channel_id, $local = true, $unset_session=false) {
}
}
+
+/*
+ * This checks if a channel is allowed to publish executable code.
+ * It is up to the caller to determine if the observer or local_channel
+ * is in fact the resource owner whose channel_id is being checked
+ */
+
+function channel_codeallowed($channel_id) {
+
+ if(! intval($channel_id))
+ return false;
+
+ $x = channelx_by_n($channel_id);
+ if(($x) && ($x['channel_pageflags'] & PAGE_ALLOWCODE))
+ return true;
+ return false;
+} \ No newline at end of file
diff --git a/include/import.php b/include/import.php
index ac634639e..d0e15c89d 100644
--- a/include/import.php
+++ b/include/import.php
@@ -528,16 +528,8 @@ function sync_chatrooms($channel,$chatrooms) {
function import_items($channel,$items,$sync = false,$relocate = null) {
if($channel && $items) {
- $allow_code = false;
- $r = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id
- where channel_id = %d limit 1",
- intval($channel['channel_id'])
- );
- if($r) {
- if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
- $allow_code = true;
- }
- }
+
+ $allow_code = channel_codeallowed($channel['channel_id']);
$deliver = false; // Don't deliver any messages or notifications when importing
@@ -1352,28 +1344,8 @@ function import_webpage_element($element, $channel, $type) {
}
// Verify ability to use html or php!!!
- $execflag = false;
- if($arr['mimetype'] === 'application/x-php' || $arr['mimetype'] === 'text/html') {
- $z = q("select account_id, account_roles, channel_pageflags from account "
- . "left join channel on channel_account_id = account_id where channel_id = %d limit 1",
- intval(local_channel())
- );
- if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
- $execflag = true;
- }
- else {
- logger('Unable to import element "' . $name .'" because AllowCode permission is denied.');
- notice( t('Unable to import element "' . $name .'" because AllowCode permission is denied.') . EOL);
- $element['import_success'] = 0;
- return $element;
- }
- }
-
-// $z = q("select * from iconfig where v = '%s' and k = '%s' and cat = 'system' limit 1",
-// dbesc($name),
-// dbesc($namespace)
-// );
+ $execflag = channel_codeallowed(local_channel());
$i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1",
dbesc($arr['mid']),
diff --git a/include/text.php b/include/text.php
index 911334a15..14ca19cef 100644
--- a/include/text.php
+++ b/include/text.php
@@ -104,15 +104,11 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
return $s;
}
- $r = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
+ $r = q("select channel_pageflags from channel where channel_id = %d limit 1",
intval($channel_id)
);
- if($r) {
- if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
- if(local_channel() && (get_account_id() == $r[0]['account_id'])) {
- return $s;
- }
- }
+ if(($r) && (local_channel() == $channel_id) && ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
+ return $s;
}
if($type === 'text/html')
@@ -1812,23 +1808,9 @@ function mimetype_select($channel_id, $current = 'text/bbcode') {
);
- if(App::$is_sys) {
+ if((App::$is_sys) || (channel_codeallowed($channel_id) && $channel_id == local_channel())){
$x[] = 'application/x-php';
}
- else {
- $r = q("select account_id, account_roles, channel_pageflags from account left join channel on account_id = channel_account_id where
- channel_id = %d limit 1",
- intval($channel_id)
- );
-
- if($r) {
- if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
- if(local_channel() && get_account_id() == $r[0]['account_id']) {
- $x[] = 'application/x-php';
- }
- }
- }
- }
foreach($x as $y) {
$selected = (($y == $current) ? ' selected="selected" ' : '');