aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/channel.php17
-rw-r--r--include/import.php34
-rw-r--r--include/text.php26
3 files changed, 24 insertions, 53 deletions
diff --git a/include/channel.php b/include/channel.php
index b838f8393..ceb5eeb7a 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -2252,3 +2252,20 @@ function channel_remove($channel_id, $local = true, $unset_session=false) {
}
}
+
+/*
+ * This checks if a channel is allowed to publish executable code.
+ * It is up to the caller to determine if the observer or local_channel
+ * is in fact the resource owner whose channel_id is being checked
+ */
+
+function channel_codeallowed($channel_id) {
+
+ if(! intval($channel_id))
+ return false;
+
+ $x = channelx_by_n($channel_id);
+ if(($x) && ($x['channel_pageflags'] & PAGE_ALLOWCODE))
+ return true;
+ return false;
+} \ No newline at end of file
diff --git a/include/import.php b/include/import.php
index 5c73b7ca3..bbe930864 100644
--- a/include/import.php
+++ b/include/import.php
@@ -534,16 +534,8 @@ function sync_chatrooms($channel,$chatrooms) {
function import_items($channel,$items,$sync = false,$relocate = null) {
if($channel && $items) {
- $allow_code = false;
- $r = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id
- where channel_id = %d limit 1",
- intval($channel['channel_id'])
- );
- if($r) {
- if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
- $allow_code = true;
- }
- }
+
+ $allow_code = channel_codeallowed($channel['channel_id']);
$deliver = false; // Don't deliver any messages or notifications when importing
@@ -1358,28 +1350,8 @@ function import_webpage_element($element, $channel, $type) {
}
// Verify ability to use html or php!!!
- $execflag = false;
- if($arr['mimetype'] === 'application/x-php' || $arr['mimetype'] === 'text/html') {
- $z = q("select account_id, account_roles, channel_pageflags from account "
- . "left join channel on channel_account_id = account_id where channel_id = %d limit 1",
- intval(local_channel())
- );
- if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
- $execflag = true;
- }
- else {
- logger('Unable to import element "' . $name .'" because AllowCode permission is denied.');
- notice( t('Unable to import element "' . $name .'" because AllowCode permission is denied.') . EOL);
- $element['import_success'] = 0;
- return $element;
- }
- }
-
-// $z = q("select * from iconfig where v = '%s' and k = '%s' and cat = 'system' limit 1",
-// dbesc($name),
-// dbesc($namespace)
-// );
+ $execflag = channel_codeallowed(local_channel());
$i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1",
dbesc($arr['mid']),
diff --git a/include/text.php b/include/text.php
index fe3206b32..6715eca22 100644
--- a/include/text.php
+++ b/include/text.php
@@ -104,15 +104,11 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
return $s;
}
- $r = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
+ $r = q("select channel_pageflags from channel where channel_id = %d limit 1",
intval($channel_id)
);
- if($r) {
- if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
- if(local_channel() && (get_account_id() == $r[0]['account_id'])) {
- return $s;
- }
- }
+ if(($r) && (local_channel() == $channel_id) && ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
+ return $s;
}
if($type === 'text/html')
@@ -1795,23 +1791,9 @@ function mimetype_select($channel_id, $current = 'text/bbcode') {
);
- if(App::$is_sys) {
+ if((App::$is_sys) || (channel_codeallowed($channel_id) && $channel_id == local_channel())){
$x[] = 'application/x-php';
}
- else {
- $r = q("select account_id, account_roles, channel_pageflags from account left join channel on account_id = channel_account_id where
- channel_id = %d limit 1",
- intval($channel_id)
- );
-
- if($r) {
- if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
- if(local_channel() && get_account_id() == $r[0]['account_id']) {
- $x[] = 'application/x-php';
- }
- }
- }
- }
foreach($x as $y) {
$selected = (($y == $current) ? ' selected="selected" ' : '');