aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Item.php
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Module/Item.php')
-rw-r--r--Zotlabs/Module/Item.php95
1 files changed, 52 insertions, 43 deletions
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 4725ecb38..9e64528fa 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -33,7 +33,7 @@ class Item extends \Zotlabs\Web\Controller {
// This will change. Figure out who the observer is and whether or not
// they have permission to post here. Else ignore the post.
- if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'commenter')))
+ if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'anonname')))
return;
$uid = local_channel();
@@ -77,7 +77,7 @@ class Item extends \Zotlabs\Web\Controller {
call_hooks('post_local_start', $_REQUEST);
- // logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
+ // logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
@@ -110,6 +110,7 @@ class Item extends \Zotlabs\Web\Controller {
$preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0);
$categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : '');
$webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0);
+ $item_obscured = ((x($_REQUEST,'obscured')) ? intval($_REQUEST['obscured']) : 0);
$pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags(urlencode($_REQUEST['pagetitle'])) : '');
$layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): '');
$plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : '');
@@ -204,10 +205,29 @@ class Item extends \Zotlabs\Web\Controller {
$route = $parent_item['route'];
}
+
+ $moderated = false;
- if(! $observer)
+ if(! $observer) {
$observer = \App::get_observer();
+ if(! $observer) {
+ $observer = anon_identity_init($_REQUEST);
+ if($observer) {
+ $moderated = true;
+ $remote_xchan = $remote_observer = $observer;
+ }
+ }
+ }
+ if(! $observer) {
+ notice( t('Permission denied.') . EOL) ;
+ if($api_source)
+ return ( [ 'success' => false, 'message' => 'permission denied' ] );
+ if(x($_REQUEST,'return'))
+ goaway(z_root() . "/" . $return_path );
+ killme();
+ }
+
if($parent) {
logger('mod_item: item_post parent=' . $parent);
$can_comment = false;
@@ -311,7 +331,7 @@ class Item extends \Zotlabs\Web\Controller {
$walltowall = false;
$walltowall_comment = false;
- if($remote_xchan)
+ if($remote_xchan && ! $moderated)
$observer = $remote_observer;
if($observer) {
@@ -471,34 +491,16 @@ class Item extends \Zotlabs\Web\Controller {
if(! $mimetype)
$mimetype = 'text/bbcode';
+
+ $execflag = ((intval($uid) == intval($profile_uid)
+ && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
+
if($preview) {
- $body = z_input_filter($profile_uid,$body,$mimetype);
+ $body = z_input_filter($body,$mimetype,$execflag);
}
-
// Verify ability to use html or php!!!
- $execflag = false;
-
- if($mimetype !== 'text/bbcode') {
- $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
- intval($profile_uid)
- );
- if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
- if($uid && (get_account_id() == $z[0]['account_id'])) {
- $execflag = true;
- }
- else {
- notice( t('Executable content type not permitted to this channel.') . EOL);
- if($api_source)
- return ( [ 'success' => false, 'message' => 'forbidden content type' ] );
- if(x($_REQUEST,'return'))
- goaway(z_root() . "/" . $return_path );
- killme();
- }
- }
- }
-
$gacl = $acl->get();
$str_contact_allow = $gacl['allow_cid'];
$str_group_allow = $gacl['allow_gid'];
@@ -816,7 +818,7 @@ class Item extends \Zotlabs\Web\Controller {
$datarray['owner'] = $owner_xchan;
$datarray['author'] = $observer;
$datarray['attach'] = json_encode($datarray['attach']);
- $o = conversation($a,array($datarray),'search',false,'preview');
+ $o = conversation(array($datarray),'search',false,'preview');
// logger('preview: ' . $o, LOGGER_DEBUG);
echo json_encode(array('preview' => $o));
killme();
@@ -859,20 +861,8 @@ class Item extends \Zotlabs\Web\Controller {
}
- if(mb_strlen($datarray['title']) > 255)
- $datarray['title'] = mb_substr($datarray['title'],0,255);
-
- if(array_key_exists('item_private',$datarray) && $datarray['item_private']) {
-
- $datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']));
-
- if($uid) {
- if($channel['channel_hash'] === $datarray['author_xchan']) {
- $datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey']));
- $datarray['item_verified'] = 1;
- }
- }
- }
+ if(mb_strlen($datarray['title']) > 191)
+ $datarray['title'] = mb_substr($datarray['title'],0,191);
if($webpage) {
Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage),
@@ -889,7 +879,17 @@ class Item extends \Zotlabs\Web\Controller {
$x = item_store_update($datarray,$execflag);
- item_create_edit_activity($x);
+ // We only need edit activities for other federated protocols
+ // which do not support edits natively. While this does federate
+ // edits, it presents a number of issues locally - such as #757 and #758.
+ // The SQL check for an edit activity would not perform that well so to fix these issues
+ // requires an additional item flag (perhaps 'item_edit_activity') that we can add to the
+ // query for searches and notifications.
+
+ // For now we'll just forget about trying to make edits work on network protocols that
+ // don't support them.
+
+ // item_create_edit_activity($x);
if(! $parent) {
$r = q("select * from item where id = %d",
@@ -928,6 +928,11 @@ class Item extends \Zotlabs\Web\Controller {
if($parent) {
+ // prevent conversations which you are involved from being expired
+
+ if(local_channel())
+ retain_item($parent);
+
// only send comment notification if this is a wall-to-wall comment,
// otherwise it will happen during delivery
@@ -1015,6 +1020,10 @@ class Item extends \Zotlabs\Web\Controller {
\Zotlabs\Daemon\Master::Summon(array('Notifier', $notify_type, $post_id));
logger('post_complete');
+
+ if($moderated) {
+ info(t('Your comment is awaiting approval.') . EOL);
+ }
// figure out how to return, depending on from whence we came