diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/api.php | 2 | ||||
| -rw-r--r-- | include/attach.php | 67 | ||||
| -rw-r--r-- | include/auth.php | 1 | ||||
| -rw-r--r-- | include/channel.php | 11 | ||||
| -rw-r--r-- | include/connections.php | 6 | ||||
| -rw-r--r-- | include/import.php | 222 | ||||
| -rwxr-xr-x | include/items.php | 2 | ||||
| -rw-r--r-- | include/menu.php | 10 | ||||
| -rw-r--r-- | include/permissions.php | 53 | ||||
| -rw-r--r-- | include/security.php | 102 | ||||
| -rw-r--r-- | include/text.php | 28 | ||||
| -rw-r--r-- | include/widgets.php | 14 |
12 files changed, 494 insertions, 24 deletions
diff --git a/include/api.php b/include/api.php index f52b03240..2587a72bb 100644 --- a/include/api.php +++ b/include/api.php @@ -13,7 +13,7 @@ require_once('include/api_auth.php'); /* * - * Red API. Loosely based on and possibly compatible with a Twitter-Like API but all similarities end there. + * Hubzilla API. Loosely based on and possibly compatible with Twitter-Like (v1.0) API but all similarities end there. * */ diff --git a/include/attach.php b/include/attach.php index 7123d59fe..f3fb12293 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1911,3 +1911,70 @@ function get_attach_binname($s) { } return $p; } + + +function get_dirpath_by_cloudpath($channel, $path) { + + // Warning: Do not edit the following line. The first symbol is UTF-8 @ + $path = str_replace('@','@',notags(trim($path))); + + $h = @parse_url($path); + + if(! $h || !x($h, 'path')) { + return null; + } + if(substr($h['path'],-1,1) === '/') { + $h['path'] = substr($h['path'],0,-1); + } + if(substr($h['path'],0,1) === '/') { + $h['path'] = substr($h['path'],1); + } + $folders = explode('/', $h['path']); + $f = array_shift($folders); + + $nick = $channel['channel_address']; + //check to see if the absolute path was provided (/cloud/channelname/path/to/folder) + if($f === 'cloud' ) { + $g = array_shift($folders); + if( $g !== $nick) { + // if nick does not follow "cloud", then the top level folder must be called "cloud" + // and the given path must be relative to "/cloud/channelname/". + $folders = array_unshift(array_unshift($folders, $g), $f); + } + } else { + array_unshift($folders, $f); + } + $clouddir = 'store/' . $nick . '/' ; + $subdir = '/'; + $valid = true; + while($folders && $valid && is_dir($clouddir . $subdir) && is_readable($clouddir . $subdir)) { + $valid = false; + $f = array_shift($folders); + $items = array_diff(scandir($clouddir . $subdir), array('.', '..')); // hashed names + foreach($items as $item) { + $filename = find_filename_by_hash($channel['channel_id'], $item); + if($filename === $f) { + $subdir .= $item . '/'; + $valid = true; + } + } + } + if(!$valid) { + return null; + } else { + return $clouddir . $subdir; + } + + +} + +function get_filename_by_cloudname($cloudname, $channel, $storepath) { + $items = array_diff(scandir($storepath), array('.', '..')); // hashed names + foreach($items as $item) { + $filename = find_filename_by_hash($channel['channel_id'], $item); + if($filename === $cloudname) { + return $item; + } + } + return null; +}
\ No newline at end of file diff --git a/include/auth.php b/include/auth.php index f3592cee3..fdcecec36 100644 --- a/include/auth.php +++ b/include/auth.php @@ -57,6 +57,7 @@ function account_verify_password($login, $pass) { ); if($x) { $ret['xchan'] = atoken_xchan($x[0]); + atoken_create_xchan($ret['xchan']); return $ret; } } diff --git a/include/channel.php b/include/channel.php index 88dd818e6..c07cd14e2 100644 --- a/include/channel.php +++ b/include/channel.php @@ -640,19 +640,10 @@ function identity_basic_export($channel_id, $items = false) { for($y = 0; $y < count($x); $y ++) { $m = menu_fetch($x[$y]['menu_name'],$channel_id,$ret['channel']['channel_hash']); if($m) - $ret['menu'][] = menu_element($m); + $ret['menu'][] = menu_element($ret['channel'],$m); } } - $x = menu_list($channel_id); - if($x) { - $ret['menu'] = array(); - for($y = 0; $y < count($x); $y ++) { - $m = menu_fetch($x[$y]['menu_name'],$channel_id,$ret['channel']['channel_hash']); - if($m) - $ret['menu'][] = menu_element($m); - } - } $addon = array('channel_id' => $channel_id,'data' => $ret); call_hooks('identity_basic_export',$addon); diff --git a/include/connections.php b/include/connections.php index 9f55820cc..4f685388c 100644 --- a/include/connections.php +++ b/include/connections.php @@ -566,6 +566,7 @@ function contact_remove($channel_id, $abook_id) { drop_item($rr['id'],false); } } + q("delete from abook where abook_id = %d and abook_channel = %d", intval($abook['abook_id']), @@ -588,6 +589,11 @@ function contact_remove($channel_id, $abook_id) { intval($channel_id) ); + $r = q("delete from abconfig where chan = %d and xchan = '%s'", + intval($channel_id), + dbesc($abook['abook_xchan']) + ); + return true; } diff --git a/include/import.php b/include/import.php index 42c902a0a..5bbed828f 100644 --- a/include/import.php +++ b/include/import.php @@ -784,7 +784,11 @@ function import_menus($channel,$menus) { foreach($menu['items'] as $it) { $mitem = array(); + $mitem['mitem_link'] = str_replace('[channelurl]',z_root() . '/channel/' . $channel['channel_address'],$it['link']); + $mitem['mitem_link'] = str_replace('[pageurl]',z_root() . '/page/' . $channel['channel_address'],$it['link']); + $mitem['mitem_link'] = str_replace('[cloudurl]',z_root() . '/cloud/' . $channel['channel_address'],$it['link']); $mitem['mitem_link'] = str_replace('[baseurl]',z_root(),$it['link']); + $mitem['mitem_desc'] = escape_tags($it['desc']); $mitem['mitem_order'] = intval($it['order']); if(is_array($it['flags'])) { @@ -864,7 +868,12 @@ function sync_menus($channel,$menus) { foreach($menu['items'] as $it) { $mitem = array(); + + $mitem['mitem_link'] = str_replace('[channelurl]',z_root() . '/channel/' . $channel['channel_address'],$it['link']); + $mitem['mitem_link'] = str_replace('[pageurl]',z_root() . '/page/' . $channel['channel_address'],$it['link']); + $mitem['mitem_link'] = str_replace('[cloudurl]',z_root() . '/cloud/' . $channel['channel_address'],$it['link']); $mitem['mitem_link'] = str_replace('[baseurl]',z_root(),$it['link']); + $mitem['mitem_desc'] = escape_tags($it['desc']); $mitem['mitem_order'] = intval($it['order']); if(is_array($it['flags'])) { @@ -1246,3 +1255,216 @@ function convert_oldfields(&$arr,$old,$new) { unset($arr[$old]); } } + +function scan_webpage_elements($path, $type, $cloud = false) { + $channel = \App::get_channel(); + $dirtoscan = $path; + switch ($type) { + case 'page': + $dirtoscan .= '/pages/'; + $json_filename = 'page.json'; + break; + case 'layout': + $dirtoscan .= '/layouts/'; + $json_filename = 'layout.json'; + break; + case 'block': + $dirtoscan .= '/blocks/'; + $json_filename = 'block.json'; + break; + default : + return array(); + } + if($cloud) { + $dirtoscan = get_dirpath_by_cloudpath($channel, $dirtoscan); + } + $elements = []; + if (is_dir($dirtoscan)) { + $dirlist = scandir($dirtoscan); + if ($dirlist) { + foreach ($dirlist as $element) { + if ($element === '.' || $element === '..') { + continue; + } + $folder = $dirtoscan . '/' . $element; + if (is_dir($folder)) { + if($cloud) { + $jsonfilepath = $folder . '/' . get_filename_by_cloudname($json_filename, $channel, $folder); + } else { + $jsonfilepath = $folder . '/' . $json_filename; + } + if (is_file($jsonfilepath)) { + $metadata = json_decode(file_get_contents($jsonfilepath), true); + if($cloud) { + $contentfilename = get_filename_by_cloudname($metadata['contentfile'], $channel, $folder); + $metadata['path'] = $folder . '/' . $contentfilename; + } else { + $contentfilename = $metadata['contentfile']; + $metadata['path'] = $folder . '/' . $contentfilename; + } + if ($metadata['contentfile'] === '') { + logger('Invalid ' . $type . ' content file'); + return false; + } + $content = file_get_contents($folder . '/' . $contentfilename); + if (!$content) { + logger('Failed to get file content for ' . $metadata['contentfile']); + return false; + } + $elements[] = $metadata; + } + } + } + } + } + return $elements; + } + + + function import_webpage_element($element, $channel, $type) { + + $arr = array(); // construct information for the webpage element item table record + + switch ($type) { + // + // PAGES + // + case 'page': + $arr['item_type'] = ITEM_TYPE_WEBPAGE; + $namespace = 'WEBPAGE'; + $name = $element['pagelink']; + if($name) { + require_once('library/urlify/URLify.php'); + $name = strtolower(\URLify::transliterate($name)); + } + $arr['title'] = $element['title']; + $arr['term'] = $element['term']; + $arr['layout_mid'] = ''; // by default there is no layout associated with the page + // If a layout was specified, find it in the database and get its info. If + // it does not exist, leave layout_mid empty + if($element['layout'] !== '') { + $liid = q("select iid from iconfig where k = 'PDL' and v = '%s' and cat = 'system'", + dbesc($element['layout']) + ); + if($liid) { + $linfo = q("select mid from item where id = %d", + intval($liid[0]['iid']) + ); + $arr['layout_mid'] = $linfo[0]['mid']; + } + } + break; + // + // LAYOUTS + // + case 'layout': + $arr['item_type'] = ITEM_TYPE_PDL; + $namespace = 'PDL'; + $name = $element['name']; + $arr['title'] = $element['description']; + $arr['term'] = $element['term']; + break; + // + // BLOCKS + // + case 'block': + $arr['item_type'] = ITEM_TYPE_BLOCK; + $namespace = 'BUILDBLOCK'; + $name = $element['name']; + $arr['title'] = $element['title']; + + break; + default : + return null; // return null if invalid element type + } + + $arr['uid'] = $channel['channel_id']; + $arr['aid'] = $channel['channel_account_id']; + + // Check if an item already exists based on the name + $iid = q("select iid from iconfig where k = '" . $namespace . "' and v = '%s' and cat = 'system'", + dbesc($name) + ); + if($iid) { // If the item does exist, get the item metadata + $iteminfo = q("select mid,created,edited from item where id = %d", + intval($iid[0]['iid']) + ); + $arr['mid'] = $arr['parent_mid'] = $iteminfo[0]['mid']; + $arr['created'] = $iteminfo[0]['created']; + $arr['edited'] = (($element['edited']) ? datetime_convert('UTC', 'UTC', $element['edited']) : datetime_convert()); + } else { // otherwise, generate the creation times and unique id + $arr['created'] = (($element['created']) ? datetime_convert('UTC', 'UTC', $element['created']) : datetime_convert()); + $arr['edited'] = datetime_convert('UTC', 'UTC', '0000-00-00 00:00:00'); + $arr['mid'] = $arr['parent_mid'] = item_message_id(); + } + // Import the actual element content + $arr['body'] = file_get_contents($element['path']); + // The element owner is the channel importing the elements + $arr['owner_xchan'] = get_observer_hash(); + // The author is either the owner or whomever was specified + $arr['author_xchan'] = (($element['author_xchan']) ? $element['author_xchan'] : get_observer_hash()); + // Import mimetype if it is a valid mimetype for the element + $mimetypes = [ 'text/bbcode', + 'text/html', + 'text/markdown', + 'text/plain', + 'application/x-pdl', + 'application/x-php' + ]; + // Blocks and pages can have any mimetype, but layouts must be text/bbcode + if((in_array($element['mimetype'], $mimetypes)) && ($type === 'page' || $type === 'block') ) { + $arr['mimetype'] = $element['mimetype']; + } else { + $arr['mimetype'] = 'text/bbcode'; + } + + // Verify ability to use html or php!!! + $execflag = false; + if ($arr['mimetype'] === 'application/x-php') { + $z = q("select account_id, account_roles, channel_pageflags from account " + . "left join channel on channel_account_id = account_id where channel_id = %d limit 1", + intval(local_channel()) + ); + + if ($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) { + $execflag = true; + } + } + + $z = q("select * from iconfig where v = '%s' and k = '%s' and cat = 'service' limit 1", + dbesc($name), + dbesc($namespace) + ); + + $i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1", + dbesc($arr['mid']), + intval(local_channel()) + ); + $remote_id = 0; + if ($z && $i) { + $remote_id = $z[0]['id']; + $arr['id'] = $i[0]['id']; + // don't update if it has the same timestamp as the original + if ($arr['edited'] > $i[0]['edited']) + $x = item_store_update($arr, $execflag); + } else { + if (($i) && (intval($i[0]['item_deleted']))) { + // was partially deleted already, finish it off + q("delete from item where mid = '%s' and uid = %d", + dbesc($arr['mid']), + intval(local_channel()) + ); + } + $x = item_store($arr, $execflag); + } + if ($x['success']) { + $item_id = $x['item_id']; + update_remote_id($channel, $item_id, $arr['item_type'], $name, $namespace, $remote_id, $arr['mid']); + $element['import_success'] = 1; + } else { + $element['import_success'] = 0; + } + + return $element; + +} diff --git a/include/items.php b/include/items.php index 178fb30d6..5bd0b0968 100755 --- a/include/items.php +++ b/include/items.php @@ -421,7 +421,7 @@ function post_activity_item($arr) { $arr['deny_cid'] = ((x($arr,'deny_cid')) ? $arr['deny_cid'] : $channel['channel_deny_cid']); $arr['deny_gid'] = ((x($arr,'deny_gid')) ? $arr['deny_gid'] : $channel['channel_deny_gid']); - $arr['comment_policy'] = map_scope(\Zotlabs\Access/PermissionLimits::Get($channel['channel_id'],'post_comments')); + $arr['comment_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments')); if ((! $arr['plink']) && (intval($arr['item_thread_top']))) { $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; diff --git a/include/menu.php b/include/menu.php index e8f1d8eb8..3b0180d37 100644 --- a/include/menu.php +++ b/include/menu.php @@ -25,7 +25,7 @@ function menu_fetch($name,$uid,$observer_xchan) { return null; } -function menu_element($menu) { +function menu_element($channel,$menu) { $arr = array(); $arr['type'] = 'menu'; @@ -46,7 +46,12 @@ function menu_element($menu) { $arr['items'] = array(); foreach($menu['items'] as $it) { $entry = array(); + + $entry['link'] = str_replace(z_root() . '/channel/' . $channel['channel_address'],'[channelurl]',$it['mitem_link']); + $entry['link'] = str_replace(z_root() . '/page/' . $channel['channel_address'],'[pageurl]',$it['mitem_link']); + $entry['link'] = str_replace(z_root() . '/cloud/' . $channel['channel_address'],'[cloudurl]',$it['mitem_link']); $entry['link'] = str_replace(z_root(),'[baseurl]',$it['mitem_link']); + $entry['desc'] = $it['mitem_desc']; $entry['order'] = $it['mitem_order']; if($it['mitem_flags']) { @@ -389,12 +394,13 @@ function menu_del_item($menu_id,$uid,$item_id) { function menu_sync_packet($uid,$observer_hash,$menu_id,$delete = false) { $r = menu_fetch_id($menu_id,$uid); + $c = channelx_by_n($uid); if($r) { $m = menu_fetch($r['menu_name'],$uid,$observer_hash); if($m) { if($delete) $m['menu_delete'] = 1; - build_sync_packet($uid,array('menu' => array(menu_element($m)))); + build_sync_packet($uid,array('menu' => array(menu_element($c,$m)))); } } } diff --git a/include/permissions.php b/include/permissions.php index 638bedb24..637193973 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -1,4 +1,7 @@ <?php + +require_once('include/security.php'); + /** * @file include/permissions.php * @@ -119,10 +122,21 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { dbesc($observer_xchan) ); if(! $x) { - // not in address book, see if they've got an xchan - $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) - ); + // see if they've got a guest access token; these are treated as connections + $y = atoken_abook($uid,$observer_xchan); + if($y) + $x = array($y); + + if(! $x) { + // not in address book and no guest token, see if they've got an xchan + // these *may* have individual (PERMS_SPECIFIC) permissions, but are not connections + $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", + dbesc($observer_xchan) + ); + if($y) { + $x = array(pseudo_abook($y[0])); + } + } } $abook_checked = true; @@ -184,7 +198,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // If we're still here, we have an observer, check the network. if($channel_perm & PERMS_NETWORK) { - if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) { + if($x && $x[0]['xchan_network'] === 'zot') { $ret[$perm_name] = true; continue; } @@ -232,6 +246,12 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // They're a contact, so they have permission if($channel_perm & PERMS_CONTACTS) { + // it was a fake abook entry, not really a connection + if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) { + $ret[$perm_name] = false; + continue; + } + $ret[$perm_name] = true; continue; } @@ -328,10 +348,21 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { return false; if(! $x) { - // not in address book, see if they've got an xchan - $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) - ); + // see if they've got a guest access token + $y = atoken_abook($uid,$observer_xchan); + if($y) + $x = array($y); + + if(! $x) { + // not in address book and no guest token, see if they've got an xchan + $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", + dbesc($observer_xchan) + ); + if($y) { + $x = array(pseudo_abook($y[0])); + } + } + } $abperms = load_abconfig($uid,$observer_xchan,'my_perms'); } @@ -401,6 +432,10 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { // They're a contact, so they have permission if($channel_perm & PERMS_CONTACTS) { + // it was a fake abook entry, not really a connection + if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) { + return false; + } return true; } diff --git a/include/security.php b/include/security.php index c67a1b400..83bf51bc0 100644 --- a/include/security.php +++ b/include/security.php @@ -108,6 +108,7 @@ function atoken_xchan($atoken) { 'xchan_name' => $atoken['atoken_name'], 'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(), 'xchan_network' => 'unknown', + 'xchan_url' => z_root(), 'xchan_hidden' => 1, 'xchan_photo_mimetype' => 'image/jpeg', 'xchan_photo_l' => get_default_profile_photo(300), @@ -119,6 +120,105 @@ function atoken_xchan($atoken) { return null; } +function atoken_delete($atoken_id) { + + $r = q("select * from atoken where atoken_id = %d", + intval($atoken_id) + ); + if(! $r) + return; + + $c = q("select channel_id, channel_hash from channel where channel_id = %d", + intval($r[0]['atoken_uid']) + ); + if(! $c) + return; + + $atoken_xchan = substr($c[0]['channel_hash'],0,16) . '.' . $r[0]['atoken_name']; + + q("delete from atoken where atoken_id = %d", + intval($atoken_id) + ); + q("delete from abconfig where chan = %d and xchan = '%s'", + intval($c[0]['channel_id']), + dbesc($atoken_xchan) + ); +} + + + +// in order for atoken logins to create content (such as posts) they need a stored xchan. +// we'll create one on the first atoken_login; it can't really ever go away but perhaps +// @fixme we should set xchan_deleted if it's expired or removed + +function atoken_create_xchan($xchan) { + + $r = q("select xchan_hash from xchan where xchan_hash = '%s'", + dbesc($xchan['xchan_hash']) + ); + if($r) + return; + + $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_addr, xchan_url, xchan_name, xchan_network, xchan_photo_mimetype, xchan_photo_l, xchan_photo_m, xchan_photo_s ) + values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", + dbesc($xchan['xchan_hash']), + dbesc($xchan['xchan_hash']), + dbesc($xchan['xchan_addr']), + dbesc($xchan['xchan_url']), + dbesc($xchan['xchan_name']), + dbesc($xchan['xchan_network']), + dbesc($xchan['xchan_photo_mimetype']), + dbesc($xchan['xchan_photo_l']), + dbesc($xchan['xchan_photo_m']), + dbesc($xchan['xchan_photo_s']) + ); + + return true; +} + +function atoken_abook($uid,$xchan_hash) { + + if(substr($xchan_hash,16,1) != '.') + return false; + + $r = q("select channel_hash from channel where channel_id = %d limit 1", + intval($uid) + ); + + if(! $r) + return false; + + $x = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'", + intval($uid), + dbesc(substr($xchan_hash,17)) + ); + + if($x) { + $xchan = atoken_xchan($x[0]); + $xchan['abook_blocked'] = 0; + $xchan['abook_ignored'] = 0; + $xchan['abook_pending'] = 0; + return $xchan; + } + + return false; + +} + + +function pseudo_abook($xchan) { + if(! $xchan) + return false; + + // set abook_pseudo to flag that we aren't really connected. + + $xchan['abook_pseudo'] = 1; + $xchan['abook_blocked'] = 0; + $xchan['abook_ignored'] = 0; + $xchan['abook_pending'] = 0; + return $xchan; + +} /** @@ -396,7 +496,7 @@ function public_permissions_sql($observer_hash) { * In this implementation, a security token is reusable (if the user submits a form, goes back and resubmits the form, maybe with small changes; * or if the security token is used for ajax-calls that happen several times), but only valid for a certain amout of time (3hours). * The "typename" seperates the security tokens of different types of forms. This could be relevant in the following case: - * A security token is used to protekt a link from CSRF (e.g. the "delete this profile"-link). + * A security token is used to protekt a link from CSRF (e.g. the "delete this profile"-link). * If the new page contains by any chance external elements, then the used security token is exposed by the referrer. * Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are, * so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types). diff --git a/include/text.php b/include/text.php index 6d7d0ed8d..d283bb41f 100644 --- a/include/text.php +++ b/include/text.php @@ -2242,6 +2242,34 @@ function design_tools() { )); } +/** + * @brief Creates website import tools menu + * + * @return string + */ +function website_import_tools() { + + $channel = App::get_channel(); + $sys = false; + + if(App::$is_sys && is_site_admin()) { + require_once('include/channel.php'); + $channel = get_sys_channel(); + $sys = true; + } + + return replace_macros(get_markup_template('website_import_tools.tpl'), array( + '$title' => t('Import'), + '$import_label' => t('Import website...'), + '$import_placeholder' => t('Select folder to import'), + '$file_upload_text' => t('Import from a zipped folder:'), + '$file_import_text' => t('Import from cloud files:'), + '$desc' => t('/cloud/channel/path/to/folder'), + '$hint' => t('Enter path to website files'), + '$select' => t('Select folder'), + )); +} + /* case insensitive in_array() */ function in_arrayi($needle, $haystack) { diff --git a/include/widgets.php b/include/widgets.php index 3516e82da..5477dc1e4 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -779,6 +779,20 @@ function widget_design_tools($arr) { return design_tools(); } +function widget_website_import_tools($arr) { + + // mod menu doesn't load a profile. For any modules which load a profile, check it. + // otherwise local_channel() is sufficient for permissions. + + if(App::$profile['profile_uid']) + if((App::$profile['profile_uid'] != local_channel()) && (! App::$is_sys)) + return ''; + + if(! local_channel()) + return ''; + + return website_import_tools(); +} function widget_findpeople($arr) { return findpeople_widget(); |