diff options
| -rwxr-xr-x | include/text.php | 1 | ||||
| -rw-r--r-- | mod/item.php | 20 |
2 files changed, 20 insertions, 1 deletions
diff --git a/include/text.php b/include/text.php index b0b519851..53471f460 100755 --- a/include/text.php +++ b/include/text.php @@ -1199,6 +1199,7 @@ function prepare_text($text,$content_type = 'text/bbcode') { $s = zidify_links($s); break; } +//logger('prepare: ' . $s); return $s; } diff --git a/mod/item.php b/mod/item.php index ce484999b..56fdda887 100644 --- a/mod/item.php +++ b/mod/item.php @@ -320,6 +320,24 @@ function item_post(&$a) { $body = z_input_filter($profile_uid,$body,$mimetype); } + $execflag = false; + + if($mimetype === 'application/x-php') { + $z = q("select account_id, account_roles from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", + intval($profile_uid) + ); + if($z && ($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE)) { + if(local_user() && (get_account_id() == $z[0]['account_id'])) { + $execflag = true; + } + else { + notice( t('Executable content type not permitted to this channel.') . EOL); + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } + } + } if($mimetype === 'text/bbcode') { @@ -655,7 +673,7 @@ function item_post(&$a) { $post_id = 0; - $post_id = item_store($datarray); + $post_id = item_store($datarray,$execflag); if($post_id) { logger('mod_item: saved item ' . $post_id); |