diff options
Diffstat (limited to 'mod/events.php')
-rwxr-xr-x | mod/events.php | 44 |
1 files changed, 29 insertions, 15 deletions
diff --git a/mod/events.php b/mod/events.php index 8c509cfea..2a6067e65 100755 --- a/mod/events.php +++ b/mod/events.php @@ -1,5 +1,6 @@ <?php +require_once('include/conversation.php'); require_once('include/bbcode.php'); require_once('include/datetime.php'); require_once('include/event.php'); @@ -11,7 +12,7 @@ function events_post(&$a) { return; $event_id = ((x($_POST,'event_id')) ? intval($_POST['event_id']) : 0); - $cid = ((x($_POST,'cid')) ? intval($_POST['cid']) : 0); + $xchan = ((x($_POST,'xchan')) ? dbesc($_POST['xchan']) : ''); $uid = local_user(); $startyear = intval($_POST['startyear']); $startmonth = intval($_POST['startmonth']); @@ -28,6 +29,11 @@ function events_post(&$a) { $adjust = intval($_POST['adjust']); $nofinish = intval($_POST['nofinish']); + // only allow editing your own events. + + if(($xchan) && ($xchan !== get_observer_hash())) + return; + // The default setting for the `private` field in event_store() is false, so mirror that $private_event = false; @@ -102,7 +108,7 @@ function events_post(&$a) { $datarray['start'] = $start; $datarray['finish'] = $finish; $datarray['summary'] = $summary; - $datarray['desc'] = $desc; + $datarray['description'] = $desc; $datarray['location'] = $location; $datarray['type'] = $type; $datarray['adjust'] = $adjust; @@ -135,6 +141,8 @@ function events_content(&$a) { return; } + nav_set_selected('all_events'); + if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) { $r = q("update event set ignore = 1 where id = %d and uid = %d limit 1", intval(argv(2)), @@ -229,9 +237,9 @@ function events_content(&$a) { $adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start); $adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish); - if (x($_GET,'id')){ - $r = q("SELECT * from event left join item on resource_id = event_hash where resource_type = 'event' and event.uid = %d and event.id = %d limit 1", + $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan + from event left join item on resource_id = event_hash where resource_type = 'event' and event.uid = %d and event.id = %d limit 1", intval(local_user()), intval($_GET['id']) ); @@ -242,8 +250,8 @@ function events_content(&$a) { // Noting this for now - it will need to be fixed here and in Friendica. // Ultimately the finish date shouldn't be involved in the query. - - $r = q("SELECT * from event left join item on event_hash = resource_id + $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan + from event left join item on event_hash = resource_id where resource_type = 'event' and event.uid = %d and event.ignore = %d AND (( `adjust` = 0 AND ( `finish` >= '%s' or nofinish ) AND `start` <= '%s' ) OR ( `adjust` = 1 AND ( `finish` >= '%s' or nofinish ) AND `start` <= '%s' )) ", @@ -339,6 +347,7 @@ function events_content(&$a) { else { $tpl = get_markup_template("events-js.tpl"); } + $o = replace_macros($tpl, array( '$baseurl' => $a->get_baseurl(), '$tabs' => $tabs, @@ -346,8 +355,7 @@ function events_content(&$a) { '$new_event'=> array($a->get_baseurl().'/events/new',t('Create New Event'),'',''), '$previus' => array($a->get_baseurl()."/events/$prevyear/$prevmonth",t('Previous'),'',''), '$next' => array($a->get_baseurl()."/events/$nextyear/$nextmonth",t('Next'),'',''), - '$calendar' => cal($y,$m,$links, ' eventcal'), - + '$calendar' => cal($y,$m,$links, ' eventcal'), '$events' => $events, @@ -379,18 +387,16 @@ function events_content(&$a) { $l_orig = ((x($orig_event)) ? $orig_event['location'] : ''); $eid = ((x($orig_event)) ? $orig_event['id'] : 0); $event_xchan = ((x($orig_event)) ? $orig_event['event_xchan'] : $channel['channel_hash']); - $uri = ((x($orig_event)) ? $orig_event['uri'] : ''); + $mid = ((x($orig_event)) ? $orig_event['mid'] : ''); if(! x($orig_event)) $sh_checked = ''; else $sh_checked = (($orig_event['allow_cid'] === '<' . $channel['channel_hash'] . '>' && (! $orig_event['allow_gid']) && (! $orig_event['deny_cid']) && (! $orig_event['deny_gid'])) ? '' : ' checked="checked" ' ); - if($cid) + if($orig_event['event_xchan']) $sh_checked .= ' disabled="disabled" '; - - $tpl = get_markup_template('event_form.tpl'); $sdt = ((x($orig_event)) ? $orig_event['start'] : 'now'); @@ -423,11 +429,20 @@ function events_content(&$a) { require_once('include/acl_selectors.php'); + $perm_defaults = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + + $o .= replace_macros($tpl,array( '$post' => $a->get_baseurl() . '/events', '$eid' => $eid, '$xchan' => $event_xchan, - '$uri' => $uri, + '$mid' => $mid, '$title' => t('Event details'), '$desc' => sprintf( t('Format is %s %s. Starting date and Title are required.'),$dateformat,$timeformat), @@ -450,8 +465,7 @@ function events_content(&$a) { '$t_orig' => $t_orig, '$sh_text' => t('Share this event'), '$sh_checked' => $sh_checked, -// FIXME - '$acl' => (($cid) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $a->user),false)), + '$acl' => (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults))), '$submit' => t('Submit') )); |