aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rwxr-xr-xinclude/html2bbcode.php2
-rwxr-xr-xinclude/items.php24
-rwxr-xr-xinclude/security.php7
-rwxr-xr-xinclude/template_processor.php29
4 files changed, 45 insertions, 17 deletions
diff --git a/include/html2bbcode.php b/include/html2bbcode.php
index 51d629940..32a90d7d6 100755
--- a/include/html2bbcode.php
+++ b/include/html2bbcode.php
@@ -212,7 +212,7 @@ function html2bbcode($message)
node2bbcode($doc, 'audio', array('src'=>'/(.+)/'), '[audio]$1', '[/audio]');
node2bbcode($doc, 'iframe', array('src'=>'/(.+)/'), '[iframe]$1', '[/iframe]');
- node2bbcode($doc, 'code', array(), '[code]$1', '[/code]');
+ node2bbcode($doc, 'code', array(), '[code]', '[/code]');
$message = $doc->saveHTML();
diff --git a/include/items.php b/include/items.php
index a1254e165..3c55fbb4f 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1747,6 +1747,18 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
$datarray['parent-uri'] = $item_id;
$datarray['uid'] = $importer['uid'];
$datarray['contact-id'] = $contact['id'];
+
+ if(x($datarray,'owner-link') && strlen($datarray['owner-link']) && (! link_compare($datarray['owner-link'],$contact['url']))) {
+ // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
+ // but otherwise there's a possible data mixup on the sender's system.
+ // the tgroup delivery code called from item_store will correct it if it's a forum,
+ // but we're going to unconditionally correct it here so that the post will always be owned by our contact.
+ logger('local_delivery: Correcting item owner.', LOGGER_DEBUG);
+ $datarray['owner-name'] = $contact['name'];
+ $datarray['owner-link'] = $contact['url'];
+ $datarray['owner-avatar'] = $contact['thumb'];
+ }
+
$r = item_store($datarray);
continue;
@@ -2439,6 +2451,18 @@ function local_delivery($importer,$data) {
$datarray['parent-uri'] = $item_id;
$datarray['uid'] = $importer['importer_uid'];
$datarray['contact-id'] = $importer['id'];
+
+ if(x($datarray,'owner-link') && strlen($datarray['owner-link']) && (! link_compare($datarray['owner-link'],$importer['url']))) {
+ // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
+ // but otherwise there's a possible data mixup on the sender's system.
+ // the tgroup delivery code called from item_store will correct it if it's a forum,
+ // but we're going to unconditionally correct it here so that the post will always be owned by our contact.
+ logger('local_delivery: Correcting item owner.', LOGGER_DEBUG);
+ $datarray['owner-name'] = $importer['senderName'];
+ $datarray['owner-link'] = $importer['url'];
+ $datarray['owner-avatar'] = $importer['thumb'];
+ }
+
$r = item_store($datarray);
continue;
}
diff --git a/include/security.php b/include/security.php
index bc2c9f0bf..6b8128bdd 100755
--- a/include/security.php
+++ b/include/security.php
@@ -108,14 +108,18 @@ function can_write_wall(&$a,$owner) {
if(remote_user()) {
- // user remembered decision and avoid a DB lookup for each and every display item
+ // use remembered decision and avoid a DB lookup for each and every display item
// DO NOT use this function if there are going to be multiple owners
+ // We have a contact-id for an authenticated remote user, this block determines if the contact
+ // belongs to this page owner, and has the necessary permissions to post content
+
if($verified === 2)
return true;
elseif($verified === 1)
return false;
else {
+
$r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid`
WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
@@ -125,6 +129,7 @@ function can_write_wall(&$a,$owner) {
intval(CONTACT_IS_FRIEND),
intval(PAGE_COMMUNITY)
);
+
if(count($r)) {
$verified = 2;
return true;
diff --git a/include/template_processor.php b/include/template_processor.php
index 90c6b2e65..8671587fc 100755
--- a/include/template_processor.php
+++ b/include/template_processor.php
@@ -160,25 +160,24 @@
private function var_replace($s){
$m = array();
- if (preg_match_all('/(\$\[{0,1}([a-zA-Z0-9-_]+\.*)+)(\|[a-zA-Z0-9-_]+)*\]{0,1}/', $s,$m)){
- foreach($m[1] as $id=>$var){
- $var = str_replace("[", "", $var);
- $val = $this->_get_var($var, true);
-
- // apply filters
- if ($m[3][$id]!=""){
- $filters = explode("|",trim($m[3][$id],"|"));
- foreach($filters as $filter)
- if (function_exists($filter))
- $val=$filter($val);
- }
+ /** regexp:
+ * \$ literal $
+ * (\[)? optional open square bracket
+ * ([a-zA-Z0-9-_]+\.?)+ var name, followed by optional
+ * dot, repeated at least 1 time
+ * (?(1)\]) if there was opened square bracket
+ * (subgrup 1), match close bracket
+ */
+ if (preg_match_all('/\$(\[)?([a-zA-Z0-9-_]+\.?)+(?(1)\])/', $s,$m)){
+
+ foreach($m[0] as $var){
+ $varn = str_replace(array("[","]"), array("",""), $var);
+ $val = $this->_get_var($varn, true);
if ($val!=KEY_NOT_EXISTS)
- $s = str_replace($m[0][$id], $val, $s);
+ $s = str_replace($var, $val, $s);
}
}
-
-
return $s;
}