aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xinclude/items.php11
-rw-r--r--js/fk.autocomplete.js6
-rw-r--r--mod/item.php81
3 files changed, 58 insertions, 40 deletions
diff --git a/include/items.php b/include/items.php
index c695a9b72..712c416de 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1361,6 +1361,17 @@ function item_store($arr,$allow_exec = false) {
return 0;
}
+ // If a page layout is provided, ensure it exists and belongs to us.
+
+ if(array_key_exists('layout_mid',$arr) && $arr['layout_mid']) {
+ $l = q("select item_restrict from item where mid = '%s' and uid = %d limit 1",
+ dbesc($arr['layout_mid']),
+ intval($arr['uid'])
+ );
+ if((! $l) || (! ($l[0]['item_restrict'] & ITEM_PDL)))
+ unset($arr['layout_mid']);
+ }
+
// Don't let anybody set these, either intentionally or accidentally
if(array_key_exists('id',$arr))
diff --git a/js/fk.autocomplete.js b/js/fk.autocomplete.js
index cd0a1c044..8bac41936 100644
--- a/js/fk.autocomplete.js
+++ b/js/fk.autocomplete.js
@@ -32,6 +32,12 @@ function ACPopup(elm,backend_url){
}
}
+ if(! w)
+ w = 530;
+
+ if(! h)
+ h = 130;
+
style.top=style.top+h;
style.width = w;
style.position = 'absolute';
diff --git a/mod/item.php b/mod/item.php
index e22ecd197..060f36fdd 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -62,14 +62,15 @@ function item_post(&$a) {
$message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : '');
- $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0);
- $post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0);
- $app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : '');
- $return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : '');
- $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0);
- $categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : '');
- $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0);
- $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags($_REQUEST['pagetitle']): '');
+ $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0);
+ $post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0);
+ $app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : '');
+ $return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : '');
+ $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0);
+ $categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : '');
+ $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0);
+ $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags($_REQUEST['pagetitle']) : '');
+ $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): '');
if($pagetitle) {
require_once('library/urlify/URLify.php');
@@ -516,38 +517,38 @@ function item_post(&$a) {
$item_flags = $item_flags | ITEM_THREAD_TOP;
}
- $datarray['aid'] = $channel['channel_account_id'];
- $datarray['uid'] = $profile_uid;
-
- $datarray['owner_xchan'] = (($owner_hash) ? $owner_hash : $owner_xchan['xchan_hash']);
- $datarray['author_xchan'] = $observer['xchan_hash'];
- $datarray['created'] = datetime_convert();
- $datarray['edited'] = datetime_convert();
- $datarray['expires'] = $expires;
- $datarray['commented'] = datetime_convert();
- $datarray['received'] = datetime_convert();
- $datarray['changed'] = datetime_convert();
- $datarray['mid'] = $mid;
- $datarray['parent_mid'] = $parent_mid;
- $datarray['mimetype'] = $content_type;
- $datarray['title'] = $title;
- $datarray['body'] = $body;
- $datarray['app'] = $app;
- $datarray['location'] = $location;
- $datarray['coord'] = $coord;
- $datarray['inform'] = $inform;
- $datarray['verb'] = $verb;
- $datarray['allow_cid'] = $str_contact_allow;
- $datarray['allow_gid'] = $str_group_allow;
- $datarray['deny_cid'] = $str_contact_deny;
- $datarray['deny_gid'] = $str_group_deny;
- $datarray['item_private'] = $private;
- $datarray['attach'] = $attachments;
- $datarray['thr_parent'] = $thr_parent;
- $datarray['postopts'] = '';
- $datarray['item_restrict'] = $item_restrict;
- $datarray['item_flags'] = $item_flags;
-
+ $datarray['aid'] = $channel['channel_account_id'];
+ $datarray['uid'] = $profile_uid;
+
+ $datarray['owner_xchan'] = (($owner_hash) ? $owner_hash : $owner_xchan['xchan_hash']);
+ $datarray['author_xchan'] = $observer['xchan_hash'];
+ $datarray['created'] = datetime_convert();
+ $datarray['edited'] = datetime_convert();
+ $datarray['expires'] = $expires;
+ $datarray['commented'] = datetime_convert();
+ $datarray['received'] = datetime_convert();
+ $datarray['changed'] = datetime_convert();
+ $datarray['mid'] = $mid;
+ $datarray['parent_mid'] = $parent_mid;
+ $datarray['mimetype'] = $content_type;
+ $datarray['title'] = $title;
+ $datarray['body'] = $body;
+ $datarray['app'] = $app;
+ $datarray['location'] = $location;
+ $datarray['coord'] = $coord;
+ $datarray['inform'] = $inform;
+ $datarray['verb'] = $verb;
+ $datarray['allow_cid'] = $str_contact_allow;
+ $datarray['allow_gid'] = $str_group_allow;
+ $datarray['deny_cid'] = $str_contact_deny;
+ $datarray['deny_gid'] = $str_group_deny;
+ $datarray['item_private'] = $private;
+ $datarray['attach'] = $attachments;
+ $datarray['thr_parent'] = $thr_parent;
+ $datarray['postopts'] = '';
+ $datarray['item_restrict'] = $item_restrict;
+ $datarray['item_flags'] = $item_flags;
+ $datarray['layout_mid'] = $layout_mid;
$datarray['comment_policy'] = map_scope($channel['channel_w_comment']);
// preview mode - prepare the body for display and send it via json