diff options
Diffstat (limited to 'mod/item.php')
-rw-r--r-- | mod/item.php | 275 |
1 files changed, 152 insertions, 123 deletions
diff --git a/mod/item.php b/mod/item.php index bff312cfe..591dc8407 100644 --- a/mod/item.php +++ b/mod/item.php @@ -96,7 +96,7 @@ function item_post(&$a) { $owner_hash = null; $message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : ''); - $created = ((x($_REQUEST,'created')) ? datetime_convert('UTC','UTC',$_REQUEST['created']) : datetime_convert()); + $created = ((x($_REQUEST,'created')) ? datetime_convert(date_default_timezone_get(),'UTC',$_REQUEST['created']) : datetime_convert()); $post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0); $app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''); $return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : ''); @@ -107,7 +107,6 @@ function item_post(&$a) { $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); $obj_type = ((x($_REQUEST,'obj_type')) ? escape_tags($_REQUEST['obj_type']) : ACTIVITY_OBJ_NOTE); - // allow API to bulk load a bunch of imported items with sending out a bunch of posts. $nopush = ((x($_REQUEST,'nopush')) ? intval($_REQUEST['nopush']) : 0); @@ -115,7 +114,7 @@ function item_post(&$a) { * Check service class limits */ if ($uid && !(x($_REQUEST,'parent')) && !(x($_REQUEST,'post_id'))) { - $ret = item_check_service_class($uid,(($_REQUEST['webpage'] == ITEM_WEBPAGE) ? true : false)); + $ret = item_check_service_class($uid,(($_REQUEST['webpage'] == ITEM_TYPE_WEBPAGE) ? true : false)); if (!$ret['success']) { notice( t($ret['message']) . EOL) ; if(x($_REQUEST,'return')) @@ -197,7 +196,7 @@ function item_post(&$a) { if($parent) { logger('mod_item: item_post parent=' . $parent); $can_comment = false; - if((array_key_exists('owner',$parent_item)) && ($parent_item['owner']['abook_flags'] & ABOOK_FLAG_SELF)) + if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self'])) $can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments'); else $can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item); @@ -295,7 +294,7 @@ function item_post(&$a) { // For comments, We need to additionally look at the parent and see if it's a wall post that originated locally. if($observer['xchan_name'] != $owner_xchan['xchan_name']) { - if($parent_item && ($parent_item['item_flags'] & (ITEM_WALL|ITEM_ORIGIN)) == (ITEM_WALL|ITEM_ORIGIN)) { + if(($parent_item) && ($parent_item['item_wall'] && $parent_item['item_origin'])) { $walltowall_comment = true; $walltowall = true; } @@ -305,6 +304,8 @@ function item_post(&$a) { } } + $acl = new AccessList($channel); + $public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true)); if($webpage) @@ -316,28 +317,17 @@ function item_post(&$a) { $private = 0; // webpages are allowed to change ACLs after the fact. Normal conversation items aren't. if($webpage) { - $str_group_allow = perms2str($_REQUEST['group_allow']); - $str_contact_allow = perms2str($_REQUEST['contact_allow']); - $str_group_deny = perms2str($_REQUEST['group_deny']); - $str_contact_deny = perms2str($_REQUEST['contact_deny']); + $acl->set_from_array($_REQUEST); } else { - $str_group_allow = $orig_post['allow_gid']; - $str_contact_allow = $orig_post['allow_cid']; - $str_group_deny = $orig_post['deny_gid']; - $str_contact_deny = $orig_post['deny_cid']; + $acl->set($orig_post); $public_policy = $orig_post['public_policy']; $private = $orig_post['item_private']; } - if((strlen($str_group_allow)) - || strlen($str_contact_allow) - || strlen($str_group_deny) - || strlen($str_contact_deny) - || strlen($public_policy) - || $private) { + if($private || $public_policy || $acl->is_private()) $private = 1; - } + $location = $orig_post['location']; $coord = $orig_post['coord']; @@ -347,12 +337,32 @@ function item_post(&$a) { $body = trim($_REQUEST['body']); $item_flags = $orig_post['item_flags']; - // force us to recalculate if we need to obscure this post + $item_origin = $orig_post['item_origin']; + $item_unseen = $orig_post['item_unseen']; + $item_starred = $orig_post['item_starred']; + $item_uplink = $orig_post['item_uplink']; + $item_consensus = $orig_post['item_consensus']; + $item_wall = $orig_post['item_wall']; + $item_thread_top = $orig_post['item_thread_top']; + $item_notshown = $orig_post['item_notshown']; + $item_nsfw = $orig_post['item_nsfw']; + $item_relay = $orig_post['item_relay']; + $item_mentionsme = $orig_post['item_mentionsme']; + $item_nocomment = $orig_post['item_nocomment']; + $item_obscured = $orig_post['item_obscured']; + $item_verified = $orig_post['item_verified']; + $item_retained = $orig_post['item_retained']; + $item_rss = $orig_post['item_rss']; + $item_deleted = $orig_post['item_deleted']; + $item_type = $orig_post['item_type']; + $item_hidden = $orig_post['item_hidden']; + $item_unpublished = $orig_post['item_unpublished']; + $item_delayed = $orig_post['item_delayed']; + $item_pending_remove = $orig_post['item_pending_remove']; + $item_blocked = $orig_post['item_blocked']; + - if($item_flags & ITEM_OBSCURED) - $item_flags = ($item_flags ^ ITEM_OBSCURED); - $item_restrict = $orig_post['item_restrict']; $postopts = $orig_post['postopts']; $created = $orig_post['created']; $mid = $orig_post['mid']; @@ -361,38 +371,23 @@ function item_post(&$a) { } else { + if(! $walltowall) { + if((array_key_exists('contact_allow',$_REQUEST)) + || (array_key_exists('group_allow',$_REQUEST)) + || (array_key_exists('contact_deny',$_REQUEST)) + || (array_key_exists('group_deny',$_REQUEST))) { + $acl->set_from_array($_REQUEST); + } + elseif(! $api_source) { - // if coming from the API and no privacy settings are set, - // use the user default permissions - as they won't have - // been supplied via a form. - - if(($api_source) - && (! array_key_exists('contact_allow',$_REQUEST)) - && (! array_key_exists('group_allow',$_REQUEST)) - && (! array_key_exists('contact_deny',$_REQUEST)) - && (! array_key_exists('group_deny',$_REQUEST))) { - $str_group_allow = $channel['channel_allow_gid']; - $str_contact_allow = $channel['channel_allow_cid']; - $str_group_deny = $channel['channel_deny_gid']; - $str_contact_deny = $channel['channel_deny_cid']; - } - elseif($walltowall) { - - // use the channel owner's default permissions - - $str_group_allow = $channel['channel_allow_gid']; - $str_contact_allow = $channel['channel_allow_cid']; - $str_group_deny = $channel['channel_deny_gid']; - $str_contact_deny = $channel['channel_deny_cid']; - } - else { - - // use the posted permissions + // if no ACL has been defined and we aren't using the API, the form + // didn't send us any parameters. This means there's no ACL or it has + // been reset to the default audience. + // If $api_source is set and there are no ACL parameters, we default + // to the channel permissions which were set in the ACL contructor. - $str_group_allow = perms2str($_REQUEST['group_allow']); - $str_contact_allow = perms2str($_REQUEST['contact_allow']); - $str_group_deny = perms2str($_REQUEST['group_deny']); - $str_contact_deny = perms2str($_REQUEST['contact_deny']); + $acl->set(array('allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '')); + } } @@ -404,33 +399,15 @@ function item_post(&$a) { $body .= trim($_REQUEST['attachment']); $postopts = ''; - $private = ( - ( strlen($str_group_allow) - || strlen($str_contact_allow) - || strlen($str_group_deny) - || strlen($str_contact_deny) - || strlen($public_policy) - ) ? 1 : 0); + $private = intval($acl->is_private() || ($public_policy)); // If this is a comment, set the permissions from the parent. if($parent_item) { $private = 0; - - if(($parent_item['item_private']) - || strlen($parent_item['allow_cid']) - || strlen($parent_item['allow_gid']) - || strlen($parent_item['deny_cid']) - || strlen($parent_item['deny_gid']) - || strlen($parent_item['public_policy'])) { - $private = (($parent_item['item_private']) ? $parent_item['item_private'] : 1); - } - + $acl->set($parent_item); + $private = intval($acl->is_private() || $parent_item['item_private']); $public_policy = $parent_item['public_policy']; - $str_contact_allow = $parent_item['allow_cid']; - $str_group_allow = $parent_item['allow_gid']; - $str_contact_deny = $parent_item['deny_cid']; - $str_group_deny = $parent_item['deny_gid']; $owner_hash = $parent_item['owner_xchan']; } @@ -485,6 +462,11 @@ function item_post(&$a) { } } + $gacl = $acl->get(); + $str_contact_allow = $gacl['allow_cid']; + $str_group_allow = $gacl['allow_gid']; + $str_contact_deny = $gacl['deny_cid']; + $str_group_deny = $gacl['deny_gid']; if($mimetype === 'text/bbcode') { @@ -549,9 +531,6 @@ function item_post(&$a) { $body = preg_replace_callback('/\[img(.*?)\](.*?)\[\/img\]/ism','red_zrlify_img_callback',$body); - - - $body = bb_translate_video($body); /** @@ -628,7 +607,9 @@ function item_post(&$a) { if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { $attachments = array(); + $i = 0; foreach($match[2] as $mtch) { + $attach_link = ''; $hash = substr($mtch,0,strpos($mtch,',')); $rev = intval(substr($mtch,strpos($mtch,','))); $r = attach_by_hash_nodata($hash,$rev); @@ -641,7 +622,13 @@ function item_post(&$a) { 'revision' => $r['data']['revision'] ); } - $body = str_replace($match[1],'',$body); + $ext = substr($r['data']['filename'],strrpos($r['data']['filename'],'.')); + if(strpos($r['data']['filetype'],'audio/') !== false) + $attach_link = '[audio]' . z_root() . '/attach/' . $r['data']['hash'] . '/' . $r['data']['revision'] . (($ext) ? $ext : '') . '[/audio]'; + elseif(strpos($r['data']['filetype'],'video/') !== false) + $attach_link = '[video]' . z_root() . '/attach/' . $r['data']['hash'] . '/' . $r['data']['revision'] . (($ext) ? $ext : '') . '[/video]'; + $body = str_replace($match[1][$i],$attach_link,$body); + $i++; } } @@ -662,31 +649,28 @@ function item_post(&$a) { } } - $item_unseen = 1; - + + $item_unseen = ((local_channel() != $profile_uid) ? 1 : 0); + $item_wall = (($post_type === 'wall' || $post_type === 'wall-comment') ? 1 : 0); + $item_origin = (($origin) ? 1 : 0); + $item_consensus = (($consensus) ? 1 : 0); + // determine if this is a wall post if($parent) { - if($parent_item['item_flags'] & ITEM_WALL) { - $item_flags = $item_flags | ITEM_WALL; - } + $item_wall = $parent_item['item_wall']; } else { if(! $webpage) { - $item_flags = $item_flags | ITEM_WALL; + $item_wall = 1; } } - if($origin) - $item_flags = $item_flags | ITEM_ORIGIN; if($moderated) - $item_restrict = $item_restrict | ITEM_MODERATED; + $item_blocked = ITEM_MODERATED; - if($webpage) - $item_restrict = $item_restrict | $webpage; - if(! strlen($verb)) $verb = ACTIVITY_POST ; @@ -710,14 +694,10 @@ function item_post(&$a) { $datarray = array(); - if(! $parent) { - $item_flags = $item_flags | ITEM_THREAD_TOP; - } + $item_thead_top = ((! $parent) ? 1 : 0); - if($consensus) - $item_flags |= ITEM_CONSENSUS; - if ((! $plink) && ($item_flags & ITEM_THREAD_TOP)) { + if ((! $plink) && ($item_thread_top)) { $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid; } @@ -747,18 +727,41 @@ function item_post(&$a) { $datarray['deny_cid'] = $str_contact_deny; $datarray['deny_gid'] = $str_group_deny; $datarray['item_private'] = $private; + $datarray['item_wall'] = $item_wall; $datarray['attach'] = $attachments; $datarray['thr_parent'] = $thr_parent; $datarray['postopts'] = $postopts; - $datarray['item_restrict'] = $item_restrict; - $datarray['item_flags'] = $item_flags; + $datarray['item_unseen'] = $item_unseen; + $datarray['item_wall'] = $item_wall; + $datarray['item_origin'] = $item_origin; + $datarray['item_type'] = $webpage; + $datarray['item_thread_top'] = $item_thread_top; + $datarray['item_unseen'] = $item_unseen; + $datarray['item_starred'] = $item_starred; + $datarray['item_uplink'] = $item_uplink; + $datarray['item_consensus'] = $item_consensus; + $datarray['item_notshown'] = $item_notshown; + $datarray['item_nsfw'] = $item_nsfw; + $datarray['item_relay'] = $item_relay; + $datarray['item_mentionsme'] = $item_mentionsme; + $datarray['item_nocomment'] = $item_nocomment; + $datarray['item_obscured'] = $item_obscured; + $datarray['item_verified'] = $item_verified; + $datarray['item_retained'] = $item_retained; + $datarray['item_rss'] = $item_rss; + $datarray['item_deleted'] = $item_deleted; + $datarray['item_hidden'] = $item_hidden; + $datarray['item_unpublished'] = $item_unpublished; + $datarray['item_delayed'] = $item_delayed; + $datarray['item_pending_remove'] = $item_pending_remove; + $datarray['item_blocked'] = $item_blocked; + $datarray['layout_mid'] = $layout_mid; $datarray['public_policy'] = $public_policy; $datarray['comment_policy'] = map_scope($channel['channel_w_comment']); $datarray['term'] = $post_tags; $datarray['plink'] = $plink; $datarray['route'] = $route; - $datarray['item_unseen'] = $item_unseen; // preview mode - prepare the body for display and send it via json @@ -803,17 +806,9 @@ function item_post(&$a) { if($uid) { if($channel['channel_hash'] === $datarray['author_xchan']) { $datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey'])); - $datarray['item_flags'] = $datarray['item_flags'] | ITEM_VERIFIED; + $datarray['item_verified'] = 1; } } - - logger('Encrypting local storage'); - $key = get_config('system','pubkey'); - $datarray['item_flags'] = $datarray['item_flags'] | ITEM_OBSCURED; - if($datarray['title']) - $datarray['title'] = json_encode(crypto_encapsulate($datarray['title'],$key)); - if($datarray['body']) - $datarray['body'] = json_encode(crypto_encapsulate($datarray['body'],$key)); } if($orig_post) { @@ -860,7 +855,7 @@ function item_post(&$a) { // only send comment notification if this is a wall-to-wall comment, // otherwise it will happen during delivery - if(($datarray['owner_xchan'] != $datarray['author_xchan']) && ($parent_item['item_flags'] & ITEM_WALL)) { + if(($datarray['owner_xchan'] != $datarray['author_xchan']) && (intval($parent_item['item_wall']))) { notification(array( 'type' => NOTIFY_COMMENT, 'from_xchan' => $datarray['author_xchan'], @@ -890,7 +885,7 @@ function item_post(&$a) { )); } - if($uid && $uid == $profile_uid && (! $datarray['item_restrict'])) { + if($uid && $uid == $profile_uid && (is_item_normal($datarray))) { q("update channel set channel_lastpost = '%s' where channel_id = %d", dbesc(datetime_convert()), intval($uid) @@ -902,9 +897,8 @@ function item_post(&$a) { // This way we don't see every picture in your new photo album posted to your wall at once. // They will show up as people comment on them. - if($parent_item['item_restrict'] & ITEM_HIDDEN) { - $r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d", - intval($parent_item['item_restrict'] - ITEM_HIDDEN), + if(intval($parent_item['item_hidden'])) { + $r = q("UPDATE item SET item_hidden = 0 WHERE id = %d", intval($parent_item['id']) ); } @@ -949,6 +943,11 @@ function item_post(&$a) { logger('post_complete'); + + + + + // figure out how to return, depending on from whence we came if($api_source) @@ -983,7 +982,7 @@ function item_content(&$a) { if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) { require_once('include/items.php'); - $i = q("select id, uid, author_xchan, owner_xchan, source_xchan, item_restrict from item where id = %d limit 1", + $i = q("select id, uid, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1", intval(argv(2)) ); @@ -1009,7 +1008,7 @@ function item_content(&$a) { // if this is a different page type or it's just a local delete // but not by the item author or owner, do a simple deletion - if($i[0]['item_restrict'] || ($local_delete && (! $can_delete))) { + if(intval($i[0]['item_type']) || ($local_delete && (! $can_delete))) { drop_item($i[0]['id']); } else { @@ -1045,6 +1044,23 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body, if(! strlen($image_uri)) continue; $srch = '<' . $xchan_hash . '>'; + + $r = q("select folder from attach where hash = '%s' and uid = %d limit 1", + dbesc($image_uri), + intval($uid) + ); + if($r && $r[0]['folder']) { + $f = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1", + dbesc($r[0]['folder']), + intval($uid) + ); + if(($f) && (($f[0]['allow_cid']) || ($f[0]['allow_gid']) || ($f[0]['deny_cid']) || ($f[0]['deny_gid']))) { + $str_contact_allow = $f[0]['allow_cid']; + $str_group_allow = $f[0]['allow_gid']; + $str_contact_deny = $f[0]['deny_cid']; + $str_group_deny = $f[0]['deny_gid']; + } + } $r = q("SELECT id FROM photo WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = '' @@ -1088,6 +1104,21 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body, intval($uid) ); } + $r = q("select id from attach where hash = '%s' and uid = %d limit 1", + dbesc($image_uri), + intval($uid) + ); + if($r) { + q("update attach SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' + WHERE id = %d AND uid = %d", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + intval($r[0]['id']), + intval($uid) + ); + } } } } @@ -1127,17 +1158,15 @@ function item_check_service_class($channel_id,$iswebpage) { $ret = array('success' => false, 'message' => ''); if ($iswebpage) { - // note: we aren't counting comanche templates and blocks, only webpages - $r = q("select count(id) as total from item where parent = id - and ( item_restrict & %d ) > 0 and ( item_restrict & %d ) = 0 and uid = %d ", - intval(ITEM_WEBPAGE), - intval(ITEM_DELETED), + $r = q("select count(i.id) as total from item i + right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id ) + and i.parent=i.id and i.item_type = %d and i.item_deleted = 0 and i.uid= %d ", + intval(ITEM_TYPE_WEBPAGE), intval($channel_id) ); } else { - $r = q("select count(id) as total from item where parent = id and item_restrict = 0 and (item_flags & %d) > 0 and uid = %d ", - intval(ITEM_WALL), + $r = q("select count(id) as total from item where parent = id and item_wall = 1 and uid = %d " . item_normal(), intval($channel_id) ); } |