diff options
Diffstat (limited to 'include')
-rwxr-xr-x | include/html2bbcode.php | 2 | ||||
-rwxr-xr-x | include/items.php | 24 | ||||
-rwxr-xr-x | include/security.php | 7 | ||||
-rwxr-xr-x | include/template_processor.php | 29 |
4 files changed, 45 insertions, 17 deletions
diff --git a/include/html2bbcode.php b/include/html2bbcode.php index 51d629940..32a90d7d6 100755 --- a/include/html2bbcode.php +++ b/include/html2bbcode.php @@ -212,7 +212,7 @@ function html2bbcode($message) node2bbcode($doc, 'audio', array('src'=>'/(.+)/'), '[audio]$1', '[/audio]'); node2bbcode($doc, 'iframe', array('src'=>'/(.+)/'), '[iframe]$1', '[/iframe]'); - node2bbcode($doc, 'code', array(), '[code]$1', '[/code]'); + node2bbcode($doc, 'code', array(), '[code]', '[/code]'); $message = $doc->saveHTML(); diff --git a/include/items.php b/include/items.php index a1254e165..3c55fbb4f 100755 --- a/include/items.php +++ b/include/items.php @@ -1747,6 +1747,18 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) $datarray['parent-uri'] = $item_id; $datarray['uid'] = $importer['uid']; $datarray['contact-id'] = $contact['id']; + + if(x($datarray,'owner-link') && strlen($datarray['owner-link']) && (! link_compare($datarray['owner-link'],$contact['url']))) { + // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery, + // but otherwise there's a possible data mixup on the sender's system. + // the tgroup delivery code called from item_store will correct it if it's a forum, + // but we're going to unconditionally correct it here so that the post will always be owned by our contact. + logger('local_delivery: Correcting item owner.', LOGGER_DEBUG); + $datarray['owner-name'] = $contact['name']; + $datarray['owner-link'] = $contact['url']; + $datarray['owner-avatar'] = $contact['thumb']; + } + $r = item_store($datarray); continue; @@ -2439,6 +2451,18 @@ function local_delivery($importer,$data) { $datarray['parent-uri'] = $item_id; $datarray['uid'] = $importer['importer_uid']; $datarray['contact-id'] = $importer['id']; + + if(x($datarray,'owner-link') && strlen($datarray['owner-link']) && (! link_compare($datarray['owner-link'],$importer['url']))) { + // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery, + // but otherwise there's a possible data mixup on the sender's system. + // the tgroup delivery code called from item_store will correct it if it's a forum, + // but we're going to unconditionally correct it here so that the post will always be owned by our contact. + logger('local_delivery: Correcting item owner.', LOGGER_DEBUG); + $datarray['owner-name'] = $importer['senderName']; + $datarray['owner-link'] = $importer['url']; + $datarray['owner-avatar'] = $importer['thumb']; + } + $r = item_store($datarray); continue; } diff --git a/include/security.php b/include/security.php index bc2c9f0bf..6b8128bdd 100755 --- a/include/security.php +++ b/include/security.php @@ -108,14 +108,18 @@ function can_write_wall(&$a,$owner) { if(remote_user()) { - // user remembered decision and avoid a DB lookup for each and every display item + // use remembered decision and avoid a DB lookup for each and every display item // DO NOT use this function if there are going to be multiple owners + // We have a contact-id for an authenticated remote user, this block determines if the contact + // belongs to this page owner, and has the necessary permissions to post content + if($verified === 2) return true; elseif($verified === 1) return false; else { + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", @@ -125,6 +129,7 @@ function can_write_wall(&$a,$owner) { intval(CONTACT_IS_FRIEND), intval(PAGE_COMMUNITY) ); + if(count($r)) { $verified = 2; return true; diff --git a/include/template_processor.php b/include/template_processor.php index 90c6b2e65..8671587fc 100755 --- a/include/template_processor.php +++ b/include/template_processor.php @@ -160,25 +160,24 @@ private function var_replace($s){ $m = array(); - if (preg_match_all('/(\$\[{0,1}([a-zA-Z0-9-_]+\.*)+)(\|[a-zA-Z0-9-_]+)*\]{0,1}/', $s,$m)){ - foreach($m[1] as $id=>$var){ - $var = str_replace("[", "", $var); - $val = $this->_get_var($var, true); - - // apply filters - if ($m[3][$id]!=""){ - $filters = explode("|",trim($m[3][$id],"|")); - foreach($filters as $filter) - if (function_exists($filter)) - $val=$filter($val); - } + /** regexp: + * \$ literal $ + * (\[)? optional open square bracket + * ([a-zA-Z0-9-_]+\.?)+ var name, followed by optional + * dot, repeated at least 1 time + * (?(1)\]) if there was opened square bracket + * (subgrup 1), match close bracket + */ + if (preg_match_all('/\$(\[)?([a-zA-Z0-9-_]+\.?)+(?(1)\])/', $s,$m)){ + + foreach($m[0] as $var){ + $varn = str_replace(array("[","]"), array("",""), $var); + $val = $this->_get_var($varn, true); if ($val!=KEY_NOT_EXISTS) - $s = str_replace($m[0][$id], $val, $s); + $s = str_replace($var, $val, $s); } } - - return $s; } |