diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/comanche.php | 12 | ||||
| -rw-r--r-- | include/conversation.php | 19 | ||||
| -rwxr-xr-x | include/items.php | 21 | ||||
| -rw-r--r-- | include/notifier.php | 4 | ||||
| -rwxr-xr-x | include/text.php | 63 |
5 files changed, 101 insertions, 18 deletions
diff --git a/include/comanche.php b/include/comanche.php index cf7ecd7c5..bdce0c5e2 100644 --- a/include/comanche.php +++ b/include/comanche.php @@ -17,16 +17,10 @@ function pdl_selector($uid,$current="") { $o = ''; - // You can use anybody's Comanche layouts on this site that haven't been protected in some way - $sql_extra = item_permissions_sql($uid); - // By default order by title (therefore at this time pdl's need a unique title across this system), - // though future work may allow categorisation - // based on taxonomy terms - - $r = q("select title, mid from item where (item_restrict & %d) $sql_extra order by title", - intval(ITEM_PDL) + $r = q("select item_id.*, mid from item_id left join item on iid = item.id where item_id.uid = %d and item_id.uid = item.uid and service = 'PDL' order by sid asc", + intval($owner) ); $arr = array('channel_id' => $uid, 'current' => $current, 'entries' => $r); @@ -39,7 +33,7 @@ function pdl_selector($uid,$current="") { $entries[] = array('title' => t('Default'), 'mid' => ''); foreach($entries as $selection) { $selected = (($selection == $current) ? ' selected="selected" ' : ''); - $o .= "<option value=\"{$selection['mid']}\" $selected >{$selection['title']}</option>"; + $o .= "<option value=\"{$selection['mid']}\" $selected >{$selection['sid']}</option>"; } $o .= '</select>'; diff --git a/include/conversation.php b/include/conversation.php index 2157f8291..299cc1431 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1009,9 +1009,22 @@ function status_editor($a,$x,$popup=false) { $geotag = (($x['allow_location']) ? replace_macros(get_markup_template('jot_geotag.tpl'), array()) : ''); $plaintext = true; + if(feature_enabled(local_user(),'richtext')) $plaintext = false; + $mimeselct = ''; + if(array_key_exists('mimetype',$x) && $x['mimetype']) { + if($x['mimetype'] != 'text/bbcode') + $plaintext = true; + if($x['mimetype'] === 'choose') { + $mimeselect = mimetype_select($x['profile_uid']); + } + else + $mimeselect = '<input name="mimetype" value="' . $x['mimetype'] . '" />'; + } + + $tpl = get_markup_template('jot-header.tpl'); $a->page['htmlhead'] .= replace_macros($tpl, array( @@ -1042,7 +1055,7 @@ function status_editor($a,$x,$popup=false) { '$return_path' => $a->query_string, '$action' => $a->get_baseurl(true) . '/item', '$share' => (x($x,'button') ? $x['button'] : t('Share')), - '$webpage' => (x($x,'webpage') ? '1' : ''), + '$webpage' => (x($x,'webpage') ? $x['webpage'] : ''), '$placeholdpagetitle' => t('Page link title'), '$pagetitle' => (x($x,'pagetitle') ? $x['pagetitle'] : ''), '$upload' => t('Upload photo'), @@ -1079,6 +1092,7 @@ function status_editor($a,$x,$popup=false) { '$emtitle' => t('Example: bob@example.com, mary@example.com'), '$lockstate' => $x['lockstate'], '$acl' => $x['acl'], + '$mimeselect' => $mimeselect, '$showacl' => ((array_key_exists('showacl',$x)) ? $x['showacl'] : 'yes'), '$bang' => $x['bang'], '$profile_uid' => $x['profile_uid'], @@ -1234,12 +1248,13 @@ function render_location_default($item) { function prepare_page($item) { + return replace_macros(get_markup_template('page_display.tpl'),array( '$author' => $item['author']['xchan_name'], '$auth_url' => $item['author']['xchan_url'], '$date' => datetime_convert('UTC',date_default_timezone_get(),$item['created'],'Y-m-d H:i'), '$title' => smilies(bbcode($item['title'])), - '$body' => smilies(bbcode($item['body'])) + '$body' => prepare_text($item['body'],$item['mimetype']) )); } diff --git a/include/items.php b/include/items.php index c695a9b72..66172ade3 100755 --- a/include/items.php +++ b/include/items.php @@ -1361,6 +1361,17 @@ function item_store($arr,$allow_exec = false) { return 0; } + // If a page layout is provided, ensure it exists and belongs to us. + + if(array_key_exists('layout_mid',$arr) && $arr['layout_mid']) { + $l = q("select item_restrict from item where mid = '%s' and uid = %d limit 1", + dbesc($arr['layout_mid']), + intval($arr['uid']) + ); + if((! $l) || (! ($l[0]['item_restrict'] & ITEM_PDL))) + unset($arr['layout_mid']); + } + // Don't let anybody set these, either intentionally or accidentally if(array_key_exists('id',$arr)) @@ -1386,14 +1397,10 @@ function item_store($arr,$allow_exec = false) { $arr['item_private'] = ((x($arr,'item_private')) ? intval($arr['item_private']) : 0 ); $arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 ); - // this is a bit messy - we really need an input filter chain that temporarily undoes obscuring - if($arr['mimetype'] != 'text/html' && $arr['mimetype'] != 'application/x-php') { - if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) - $arr['body'] = escape_tags($arr['body']); - if((strpos($arr['title'],'<') !== false) || (strpos($arr['title'],'>') !== false)) - $arr['title'] = escape_tags($arr['title']); - } + $arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']); + $arr['title'] = escape_tags($arr['title']); + // only detect language if we have text content, and if the post is private but not yet // obscured, make it so. diff --git a/include/notifier.php b/include/notifier.php index 2a0301357..5dcd7b58c 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -257,6 +257,10 @@ function notifier_run($argv, $argc){ return; } + if($target_item['item_restrict'] & ITEM_PDL) { + logger('notifier: target item ITEM_PDL', LOGGER_DEBUG); + return; + } $s = q("select * from channel where channel_id = %d limit 1", intval($target_item['uid']) diff --git a/include/text.php b/include/text.php index 99d5c9d78..bbd538f15 100755 --- a/include/text.php +++ b/include/text.php @@ -81,6 +81,34 @@ function escape_tags($string) { } +function z_input_filter($channel_id,$s,$type = 'text/bbcode') { + + if($type === 'text/bbcode') + return escape_tags($s); + if($type === 'text/markdown') + return escape_tags($s); + if($type == 'text/plain') + return escape_tags($s); + $r = q("select account_id, account_roles from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", + intval($channel_id) + ); + if($r && ($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE)) { + if(local_user() && (get_account_id() == $r[0]['account_id'])) { + return $s; + } + } + + if($type === 'text/html') + return purify_html($s); + + return escape_tags($s); + +} + + + + + function purify_html($s) { require_once('library/HTMLPurifier.auto.php'); require_once('include/html2bbcode.php'); @@ -1127,6 +1155,7 @@ function prepare_body(&$item,$attach = false) { function prepare_text($text,$content_type = 'text/bbcode') { + switch($content_type) { case 'text/plain': @@ -1171,6 +1200,8 @@ function prepare_text($text,$content_type = 'text/bbcode') { break; } +//logger('prepare_text: ' . $s); + return $s; } @@ -1291,6 +1322,38 @@ function unamp($s) { } +function mimetype_select($channel_id, $current = 'text/bbcode') { + + $x = array( + 'text/bbcode', + 'text/html', + 'text/markdown', + 'text/plain' + ); + + $r = q("select account_id, account_roles from account left join channel on account_id = channel_account_id where + channel_id = %d limit 1", + intval($channel_id) + ); + + if($r) { + if($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) { + if(local_user() && get_account_id() == $r[0]['account_id']) + $x[] = 'application/x-php'; + } + } + + $o = t('Page content type: '); + $o .= '<select name="mimetype" id="mimetype-select">'; + foreach($x as $y) { + $select = (($y == $current) ? ' selected="selected" ' : ''); + $o .= '<option name="' . $y . '"' . $select . '>' . $y . '</option>'; + } + $o .= '</select>'; + + return $o; + +} |