aboutsummaryrefslogtreecommitdiffstats
path: root/mod/item.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/item.php')
-rw-r--r--mod/item.php275
1 files changed, 152 insertions, 123 deletions
diff --git a/mod/item.php b/mod/item.php
index bff312cfe..591dc8407 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -96,7 +96,7 @@ function item_post(&$a) {
$owner_hash = null;
$message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : '');
- $created = ((x($_REQUEST,'created')) ? datetime_convert('UTC','UTC',$_REQUEST['created']) : datetime_convert());
+ $created = ((x($_REQUEST,'created')) ? datetime_convert(date_default_timezone_get(),'UTC',$_REQUEST['created']) : datetime_convert());
$post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0);
$app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : '');
$return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : '');
@@ -107,7 +107,6 @@ function item_post(&$a) {
$layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): '');
$plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : '');
$obj_type = ((x($_REQUEST,'obj_type')) ? escape_tags($_REQUEST['obj_type']) : ACTIVITY_OBJ_NOTE);
-
// allow API to bulk load a bunch of imported items with sending out a bunch of posts.
$nopush = ((x($_REQUEST,'nopush')) ? intval($_REQUEST['nopush']) : 0);
@@ -115,7 +114,7 @@ function item_post(&$a) {
* Check service class limits
*/
if ($uid && !(x($_REQUEST,'parent')) && !(x($_REQUEST,'post_id'))) {
- $ret = item_check_service_class($uid,(($_REQUEST['webpage'] == ITEM_WEBPAGE) ? true : false));
+ $ret = item_check_service_class($uid,(($_REQUEST['webpage'] == ITEM_TYPE_WEBPAGE) ? true : false));
if (!$ret['success']) {
notice( t($ret['message']) . EOL) ;
if(x($_REQUEST,'return'))
@@ -197,7 +196,7 @@ function item_post(&$a) {
if($parent) {
logger('mod_item: item_post parent=' . $parent);
$can_comment = false;
- if((array_key_exists('owner',$parent_item)) && ($parent_item['owner']['abook_flags'] & ABOOK_FLAG_SELF))
+ if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self']))
$can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments');
else
$can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item);
@@ -295,7 +294,7 @@ function item_post(&$a) {
// For comments, We need to additionally look at the parent and see if it's a wall post that originated locally.
if($observer['xchan_name'] != $owner_xchan['xchan_name']) {
- if($parent_item && ($parent_item['item_flags'] & (ITEM_WALL|ITEM_ORIGIN)) == (ITEM_WALL|ITEM_ORIGIN)) {
+ if(($parent_item) && ($parent_item['item_wall'] && $parent_item['item_origin'])) {
$walltowall_comment = true;
$walltowall = true;
}
@@ -305,6 +304,8 @@ function item_post(&$a) {
}
}
+ $acl = new AccessList($channel);
+
$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true));
if($webpage)
@@ -316,28 +317,17 @@ function item_post(&$a) {
$private = 0;
// webpages are allowed to change ACLs after the fact. Normal conversation items aren't.
if($webpage) {
- $str_group_allow = perms2str($_REQUEST['group_allow']);
- $str_contact_allow = perms2str($_REQUEST['contact_allow']);
- $str_group_deny = perms2str($_REQUEST['group_deny']);
- $str_contact_deny = perms2str($_REQUEST['contact_deny']);
+ $acl->set_from_array($_REQUEST);
}
else {
- $str_group_allow = $orig_post['allow_gid'];
- $str_contact_allow = $orig_post['allow_cid'];
- $str_group_deny = $orig_post['deny_gid'];
- $str_contact_deny = $orig_post['deny_cid'];
+ $acl->set($orig_post);
$public_policy = $orig_post['public_policy'];
$private = $orig_post['item_private'];
}
- if((strlen($str_group_allow))
- || strlen($str_contact_allow)
- || strlen($str_group_deny)
- || strlen($str_contact_deny)
- || strlen($public_policy)
- || $private) {
+ if($private || $public_policy || $acl->is_private())
$private = 1;
- }
+
$location = $orig_post['location'];
$coord = $orig_post['coord'];
@@ -347,12 +337,32 @@ function item_post(&$a) {
$body = trim($_REQUEST['body']);
$item_flags = $orig_post['item_flags'];
- // force us to recalculate if we need to obscure this post
+ $item_origin = $orig_post['item_origin'];
+ $item_unseen = $orig_post['item_unseen'];
+ $item_starred = $orig_post['item_starred'];
+ $item_uplink = $orig_post['item_uplink'];
+ $item_consensus = $orig_post['item_consensus'];
+ $item_wall = $orig_post['item_wall'];
+ $item_thread_top = $orig_post['item_thread_top'];
+ $item_notshown = $orig_post['item_notshown'];
+ $item_nsfw = $orig_post['item_nsfw'];
+ $item_relay = $orig_post['item_relay'];
+ $item_mentionsme = $orig_post['item_mentionsme'];
+ $item_nocomment = $orig_post['item_nocomment'];
+ $item_obscured = $orig_post['item_obscured'];
+ $item_verified = $orig_post['item_verified'];
+ $item_retained = $orig_post['item_retained'];
+ $item_rss = $orig_post['item_rss'];
+ $item_deleted = $orig_post['item_deleted'];
+ $item_type = $orig_post['item_type'];
+ $item_hidden = $orig_post['item_hidden'];
+ $item_unpublished = $orig_post['item_unpublished'];
+ $item_delayed = $orig_post['item_delayed'];
+ $item_pending_remove = $orig_post['item_pending_remove'];
+ $item_blocked = $orig_post['item_blocked'];
+
- if($item_flags & ITEM_OBSCURED)
- $item_flags = ($item_flags ^ ITEM_OBSCURED);
- $item_restrict = $orig_post['item_restrict'];
$postopts = $orig_post['postopts'];
$created = $orig_post['created'];
$mid = $orig_post['mid'];
@@ -361,38 +371,23 @@ function item_post(&$a) {
}
else {
+ if(! $walltowall) {
+ if((array_key_exists('contact_allow',$_REQUEST))
+ || (array_key_exists('group_allow',$_REQUEST))
+ || (array_key_exists('contact_deny',$_REQUEST))
+ || (array_key_exists('group_deny',$_REQUEST))) {
+ $acl->set_from_array($_REQUEST);
+ }
+ elseif(! $api_source) {
- // if coming from the API and no privacy settings are set,
- // use the user default permissions - as they won't have
- // been supplied via a form.
-
- if(($api_source)
- && (! array_key_exists('contact_allow',$_REQUEST))
- && (! array_key_exists('group_allow',$_REQUEST))
- && (! array_key_exists('contact_deny',$_REQUEST))
- && (! array_key_exists('group_deny',$_REQUEST))) {
- $str_group_allow = $channel['channel_allow_gid'];
- $str_contact_allow = $channel['channel_allow_cid'];
- $str_group_deny = $channel['channel_deny_gid'];
- $str_contact_deny = $channel['channel_deny_cid'];
- }
- elseif($walltowall) {
-
- // use the channel owner's default permissions
-
- $str_group_allow = $channel['channel_allow_gid'];
- $str_contact_allow = $channel['channel_allow_cid'];
- $str_group_deny = $channel['channel_deny_gid'];
- $str_contact_deny = $channel['channel_deny_cid'];
- }
- else {
-
- // use the posted permissions
+ // if no ACL has been defined and we aren't using the API, the form
+ // didn't send us any parameters. This means there's no ACL or it has
+ // been reset to the default audience.
+ // If $api_source is set and there are no ACL parameters, we default
+ // to the channel permissions which were set in the ACL contructor.
- $str_group_allow = perms2str($_REQUEST['group_allow']);
- $str_contact_allow = perms2str($_REQUEST['contact_allow']);
- $str_group_deny = perms2str($_REQUEST['group_deny']);
- $str_contact_deny = perms2str($_REQUEST['contact_deny']);
+ $acl->set(array('allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => ''));
+ }
}
@@ -404,33 +399,15 @@ function item_post(&$a) {
$body .= trim($_REQUEST['attachment']);
$postopts = '';
- $private = (
- ( strlen($str_group_allow)
- || strlen($str_contact_allow)
- || strlen($str_group_deny)
- || strlen($str_contact_deny)
- || strlen($public_policy)
- ) ? 1 : 0);
+ $private = intval($acl->is_private() || ($public_policy));
// If this is a comment, set the permissions from the parent.
if($parent_item) {
$private = 0;
-
- if(($parent_item['item_private'])
- || strlen($parent_item['allow_cid'])
- || strlen($parent_item['allow_gid'])
- || strlen($parent_item['deny_cid'])
- || strlen($parent_item['deny_gid'])
- || strlen($parent_item['public_policy'])) {
- $private = (($parent_item['item_private']) ? $parent_item['item_private'] : 1);
- }
-
+ $acl->set($parent_item);
+ $private = intval($acl->is_private() || $parent_item['item_private']);
$public_policy = $parent_item['public_policy'];
- $str_contact_allow = $parent_item['allow_cid'];
- $str_group_allow = $parent_item['allow_gid'];
- $str_contact_deny = $parent_item['deny_cid'];
- $str_group_deny = $parent_item['deny_gid'];
$owner_hash = $parent_item['owner_xchan'];
}
@@ -485,6 +462,11 @@ function item_post(&$a) {
}
}
+ $gacl = $acl->get();
+ $str_contact_allow = $gacl['allow_cid'];
+ $str_group_allow = $gacl['allow_gid'];
+ $str_contact_deny = $gacl['deny_cid'];
+ $str_group_deny = $gacl['deny_gid'];
if($mimetype === 'text/bbcode') {
@@ -549,9 +531,6 @@ function item_post(&$a) {
$body = preg_replace_callback('/\[img(.*?)\](.*?)\[\/img\]/ism','red_zrlify_img_callback',$body);
-
-
-
$body = bb_translate_video($body);
/**
@@ -628,7 +607,9 @@ function item_post(&$a) {
if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) {
$attachments = array();
+ $i = 0;
foreach($match[2] as $mtch) {
+ $attach_link = '';
$hash = substr($mtch,0,strpos($mtch,','));
$rev = intval(substr($mtch,strpos($mtch,',')));
$r = attach_by_hash_nodata($hash,$rev);
@@ -641,7 +622,13 @@ function item_post(&$a) {
'revision' => $r['data']['revision']
);
}
- $body = str_replace($match[1],'',$body);
+ $ext = substr($r['data']['filename'],strrpos($r['data']['filename'],'.'));
+ if(strpos($r['data']['filetype'],'audio/') !== false)
+ $attach_link = '[audio]' . z_root() . '/attach/' . $r['data']['hash'] . '/' . $r['data']['revision'] . (($ext) ? $ext : '') . '[/audio]';
+ elseif(strpos($r['data']['filetype'],'video/') !== false)
+ $attach_link = '[video]' . z_root() . '/attach/' . $r['data']['hash'] . '/' . $r['data']['revision'] . (($ext) ? $ext : '') . '[/video]';
+ $body = str_replace($match[1][$i],$attach_link,$body);
+ $i++;
}
}
@@ -662,31 +649,28 @@ function item_post(&$a) {
}
}
- $item_unseen = 1;
-
+
+ $item_unseen = ((local_channel() != $profile_uid) ? 1 : 0);
+ $item_wall = (($post_type === 'wall' || $post_type === 'wall-comment') ? 1 : 0);
+ $item_origin = (($origin) ? 1 : 0);
+ $item_consensus = (($consensus) ? 1 : 0);
+
// determine if this is a wall post
if($parent) {
- if($parent_item['item_flags'] & ITEM_WALL) {
- $item_flags = $item_flags | ITEM_WALL;
- }
+ $item_wall = $parent_item['item_wall'];
}
else {
if(! $webpage) {
- $item_flags = $item_flags | ITEM_WALL;
+ $item_wall = 1;
}
}
- if($origin)
- $item_flags = $item_flags | ITEM_ORIGIN;
if($moderated)
- $item_restrict = $item_restrict | ITEM_MODERATED;
+ $item_blocked = ITEM_MODERATED;
- if($webpage)
- $item_restrict = $item_restrict | $webpage;
-
if(! strlen($verb))
$verb = ACTIVITY_POST ;
@@ -710,14 +694,10 @@ function item_post(&$a) {
$datarray = array();
- if(! $parent) {
- $item_flags = $item_flags | ITEM_THREAD_TOP;
- }
+ $item_thead_top = ((! $parent) ? 1 : 0);
- if($consensus)
- $item_flags |= ITEM_CONSENSUS;
- if ((! $plink) && ($item_flags & ITEM_THREAD_TOP)) {
+ if ((! $plink) && ($item_thread_top)) {
$plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid;
}
@@ -747,18 +727,41 @@ function item_post(&$a) {
$datarray['deny_cid'] = $str_contact_deny;
$datarray['deny_gid'] = $str_group_deny;
$datarray['item_private'] = $private;
+ $datarray['item_wall'] = $item_wall;
$datarray['attach'] = $attachments;
$datarray['thr_parent'] = $thr_parent;
$datarray['postopts'] = $postopts;
- $datarray['item_restrict'] = $item_restrict;
- $datarray['item_flags'] = $item_flags;
+ $datarray['item_unseen'] = $item_unseen;
+ $datarray['item_wall'] = $item_wall;
+ $datarray['item_origin'] = $item_origin;
+ $datarray['item_type'] = $webpage;
+ $datarray['item_thread_top'] = $item_thread_top;
+ $datarray['item_unseen'] = $item_unseen;
+ $datarray['item_starred'] = $item_starred;
+ $datarray['item_uplink'] = $item_uplink;
+ $datarray['item_consensus'] = $item_consensus;
+ $datarray['item_notshown'] = $item_notshown;
+ $datarray['item_nsfw'] = $item_nsfw;
+ $datarray['item_relay'] = $item_relay;
+ $datarray['item_mentionsme'] = $item_mentionsme;
+ $datarray['item_nocomment'] = $item_nocomment;
+ $datarray['item_obscured'] = $item_obscured;
+ $datarray['item_verified'] = $item_verified;
+ $datarray['item_retained'] = $item_retained;
+ $datarray['item_rss'] = $item_rss;
+ $datarray['item_deleted'] = $item_deleted;
+ $datarray['item_hidden'] = $item_hidden;
+ $datarray['item_unpublished'] = $item_unpublished;
+ $datarray['item_delayed'] = $item_delayed;
+ $datarray['item_pending_remove'] = $item_pending_remove;
+ $datarray['item_blocked'] = $item_blocked;
+
$datarray['layout_mid'] = $layout_mid;
$datarray['public_policy'] = $public_policy;
$datarray['comment_policy'] = map_scope($channel['channel_w_comment']);
$datarray['term'] = $post_tags;
$datarray['plink'] = $plink;
$datarray['route'] = $route;
- $datarray['item_unseen'] = $item_unseen;
// preview mode - prepare the body for display and send it via json
@@ -803,17 +806,9 @@ function item_post(&$a) {
if($uid) {
if($channel['channel_hash'] === $datarray['author_xchan']) {
$datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey']));
- $datarray['item_flags'] = $datarray['item_flags'] | ITEM_VERIFIED;
+ $datarray['item_verified'] = 1;
}
}
-
- logger('Encrypting local storage');
- $key = get_config('system','pubkey');
- $datarray['item_flags'] = $datarray['item_flags'] | ITEM_OBSCURED;
- if($datarray['title'])
- $datarray['title'] = json_encode(crypto_encapsulate($datarray['title'],$key));
- if($datarray['body'])
- $datarray['body'] = json_encode(crypto_encapsulate($datarray['body'],$key));
}
if($orig_post) {
@@ -860,7 +855,7 @@ function item_post(&$a) {
// only send comment notification if this is a wall-to-wall comment,
// otherwise it will happen during delivery
- if(($datarray['owner_xchan'] != $datarray['author_xchan']) && ($parent_item['item_flags'] & ITEM_WALL)) {
+ if(($datarray['owner_xchan'] != $datarray['author_xchan']) && (intval($parent_item['item_wall']))) {
notification(array(
'type' => NOTIFY_COMMENT,
'from_xchan' => $datarray['author_xchan'],
@@ -890,7 +885,7 @@ function item_post(&$a) {
));
}
- if($uid && $uid == $profile_uid && (! $datarray['item_restrict'])) {
+ if($uid && $uid == $profile_uid && (is_item_normal($datarray))) {
q("update channel set channel_lastpost = '%s' where channel_id = %d",
dbesc(datetime_convert()),
intval($uid)
@@ -902,9 +897,8 @@ function item_post(&$a) {
// This way we don't see every picture in your new photo album posted to your wall at once.
// They will show up as people comment on them.
- if($parent_item['item_restrict'] & ITEM_HIDDEN) {
- $r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d",
- intval($parent_item['item_restrict'] - ITEM_HIDDEN),
+ if(intval($parent_item['item_hidden'])) {
+ $r = q("UPDATE item SET item_hidden = 0 WHERE id = %d",
intval($parent_item['id'])
);
}
@@ -949,6 +943,11 @@ function item_post(&$a) {
logger('post_complete');
+
+
+
+
+
// figure out how to return, depending on from whence we came
if($api_source)
@@ -983,7 +982,7 @@ function item_content(&$a) {
if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) {
require_once('include/items.php');
- $i = q("select id, uid, author_xchan, owner_xchan, source_xchan, item_restrict from item where id = %d limit 1",
+ $i = q("select id, uid, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1",
intval(argv(2))
);
@@ -1009,7 +1008,7 @@ function item_content(&$a) {
// if this is a different page type or it's just a local delete
// but not by the item author or owner, do a simple deletion
- if($i[0]['item_restrict'] || ($local_delete && (! $can_delete))) {
+ if(intval($i[0]['item_type']) || ($local_delete && (! $can_delete))) {
drop_item($i[0]['id']);
}
else {
@@ -1045,6 +1044,23 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body,
if(! strlen($image_uri))
continue;
$srch = '<' . $xchan_hash . '>';
+
+ $r = q("select folder from attach where hash = '%s' and uid = %d limit 1",
+ dbesc($image_uri),
+ intval($uid)
+ );
+ if($r && $r[0]['folder']) {
+ $f = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1",
+ dbesc($r[0]['folder']),
+ intval($uid)
+ );
+ if(($f) && (($f[0]['allow_cid']) || ($f[0]['allow_gid']) || ($f[0]['deny_cid']) || ($f[0]['deny_gid']))) {
+ $str_contact_allow = $f[0]['allow_cid'];
+ $str_group_allow = $f[0]['allow_gid'];
+ $str_contact_deny = $f[0]['deny_cid'];
+ $str_group_deny = $f[0]['deny_gid'];
+ }
+ }
$r = q("SELECT id FROM photo
WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = ''
@@ -1088,6 +1104,21 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body,
intval($uid)
);
}
+ $r = q("select id from attach where hash = '%s' and uid = %d limit 1",
+ dbesc($image_uri),
+ intval($uid)
+ );
+ if($r) {
+ q("update attach SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s'
+ WHERE id = %d AND uid = %d",
+ dbesc($str_contact_allow),
+ dbesc($str_group_allow),
+ dbesc($str_contact_deny),
+ dbesc($str_group_deny),
+ intval($r[0]['id']),
+ intval($uid)
+ );
+ }
}
}
}
@@ -1127,17 +1158,15 @@ function item_check_service_class($channel_id,$iswebpage) {
$ret = array('success' => false, 'message' => '');
if ($iswebpage) {
- // note: we aren't counting comanche templates and blocks, only webpages
- $r = q("select count(id) as total from item where parent = id
- and ( item_restrict & %d ) > 0 and ( item_restrict & %d ) = 0 and uid = %d ",
- intval(ITEM_WEBPAGE),
- intval(ITEM_DELETED),
+ $r = q("select count(i.id) as total from item i
+ right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id )
+ and i.parent=i.id and i.item_type = %d and i.item_deleted = 0 and i.uid= %d ",
+ intval(ITEM_TYPE_WEBPAGE),
intval($channel_id)
);
}
else {
- $r = q("select count(id) as total from item where parent = id and item_restrict = 0 and (item_flags & %d) > 0 and uid = %d ",
- intval(ITEM_WALL),
+ $r = q("select count(id) as total from item where parent = id and item_wall = 1 and uid = %d " . item_normal(),
intval($channel_id)
);
}