diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/channel.php | 17 | ||||
-rw-r--r-- | include/import.php | 34 | ||||
-rw-r--r-- | include/text.php | 26 |
3 files changed, 24 insertions, 53 deletions
diff --git a/include/channel.php b/include/channel.php index b838f8393..ceb5eeb7a 100644 --- a/include/channel.php +++ b/include/channel.php @@ -2252,3 +2252,20 @@ function channel_remove($channel_id, $local = true, $unset_session=false) { } } + +/* + * This checks if a channel is allowed to publish executable code. + * It is up to the caller to determine if the observer or local_channel + * is in fact the resource owner whose channel_id is being checked + */ + +function channel_codeallowed($channel_id) { + + if(! intval($channel_id)) + return false; + + $x = channelx_by_n($channel_id); + if(($x) && ($x['channel_pageflags'] & PAGE_ALLOWCODE)) + return true; + return false; +}
\ No newline at end of file diff --git a/include/import.php b/include/import.php index 5c73b7ca3..bbe930864 100644 --- a/include/import.php +++ b/include/import.php @@ -534,16 +534,8 @@ function sync_chatrooms($channel,$chatrooms) { function import_items($channel,$items,$sync = false,$relocate = null) { if($channel && $items) { - $allow_code = false; - $r = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id - where channel_id = %d limit 1", - intval($channel['channel_id']) - ); - if($r) { - if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { - $allow_code = true; - } - } + + $allow_code = channel_codeallowed($channel['channel_id']); $deliver = false; // Don't deliver any messages or notifications when importing @@ -1358,28 +1350,8 @@ function import_webpage_element($element, $channel, $type) { } // Verify ability to use html or php!!! - $execflag = false; - if($arr['mimetype'] === 'application/x-php' || $arr['mimetype'] === 'text/html') { - $z = q("select account_id, account_roles, channel_pageflags from account " - . "left join channel on channel_account_id = account_id where channel_id = %d limit 1", - intval(local_channel()) - ); - if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) { - $execflag = true; - } - else { - logger('Unable to import element "' . $name .'" because AllowCode permission is denied.'); - notice( t('Unable to import element "' . $name .'" because AllowCode permission is denied.') . EOL); - $element['import_success'] = 0; - return $element; - } - } - -// $z = q("select * from iconfig where v = '%s' and k = '%s' and cat = 'system' limit 1", -// dbesc($name), -// dbesc($namespace) -// ); + $execflag = channel_codeallowed(local_channel()); $i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1", dbesc($arr['mid']), diff --git a/include/text.php b/include/text.php index fe3206b32..6715eca22 100644 --- a/include/text.php +++ b/include/text.php @@ -104,15 +104,11 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') { return $s; } - $r = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", + $r = q("select channel_pageflags from channel where channel_id = %d limit 1", intval($channel_id) ); - if($r) { - if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { - if(local_channel() && (get_account_id() == $r[0]['account_id'])) { - return $s; - } - } + if(($r) && (local_channel() == $channel_id) && ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { + return $s; } if($type === 'text/html') @@ -1795,23 +1791,9 @@ function mimetype_select($channel_id, $current = 'text/bbcode') { ); - if(App::$is_sys) { + if((App::$is_sys) || (channel_codeallowed($channel_id) && $channel_id == local_channel())){ $x[] = 'application/x-php'; } - else { - $r = q("select account_id, account_roles, channel_pageflags from account left join channel on account_id = channel_account_id where - channel_id = %d limit 1", - intval($channel_id) - ); - - if($r) { - if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { - if(local_channel() && get_account_id() == $r[0]['account_id']) { - $x[] = 'application/x-php'; - } - } - } - } foreach($x as $y) { $selected = (($y == $current) ? ' selected="selected" ' : ''); |