diff options
Diffstat (limited to 'Zotlabs/Module/Editwebpage.php')
| -rw-r--r-- | Zotlabs/Module/Editwebpage.php | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php index 97f4a32ff..db33cd1db 100644 --- a/Zotlabs/Module/Editwebpage.php +++ b/Zotlabs/Module/Editwebpage.php @@ -100,19 +100,14 @@ class Editwebpage extends \Zotlabs\Web\Controller { intval($owner) ); - if(! $itm) { + // don't allow web editing of potentially binary content (item_obscured = 1) + // @FIXME how do we do it instead? + + if((! $itm) || intval($itm[0]['item_obscured'])) { notice( t('Permission denied.') . EOL); return; } - if(intval($itm[0]['item_obscured'])) { - $key = get_config('system','prvkey'); - if($itm[0]['title']) - $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key); - if($itm[0]['body']) - $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key); - } - $item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1", intval($itm[0]['id']) ); @@ -129,6 +124,10 @@ class Editwebpage extends \Zotlabs\Web\Controller { } $layout = $itm[0]['layout_mid']; + + $content = $itm[0]['body']; + if($itm[0]['mimetype'] === 'text/markdown') + $content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']); $rp = 'webpages/' . $which; @@ -145,7 +144,7 @@ class Editwebpage extends \Zotlabs\Web\Controller { 'hide_location' => true, 'hide_voting' => true, 'ptyp' => $itm[0]['type'], - 'body' => undo_post_tagging($itm[0]['body']), + 'body' => undo_post_tagging($content), 'post_id' => $post_id, 'visitor' => ($is_owner) ? true : false, 'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')), |