aboutsummaryrefslogtreecommitdiffstats
path: root/mod/item.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/item.php')
-rw-r--r--mod/item.php52
1 files changed, 47 insertions, 5 deletions
diff --git a/mod/item.php b/mod/item.php
index ac15e50e8..e7d886b00 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -77,7 +77,7 @@ function item_post(&$a) {
$preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0);
$categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : '');
$webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0);
- $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags($_REQUEST['pagetitle']) : '');
+ $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags(urlencode($_REQUEST['pagetitle'])) : '');
$layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): '');
$plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : '');
@@ -112,6 +112,7 @@ function item_post(&$a) {
$parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0);
$parent_mid = ((x($_REQUEST,'parent_mid')) ? trim($_REQUEST['parent_mid']) : '');
+ $route = '';
$parent_item = null;
$parent_contact = null;
$thr_parent = '';
@@ -163,6 +164,7 @@ function item_post(&$a) {
$thr_parent = $parent_mid;
+ $route = $parent_item['route'];
}
@@ -257,8 +259,25 @@ function item_post(&$a) {
killme();
}
+ $walltowall = false;
+ $walltowall_comment = false;
+
if($observer) {
logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG);
+
+ // wall-to-wall detection.
+ // For top-level posts, if the author and owner are different it's a wall-to-wall
+ // For comments, We need to additionally look at the parent and see if it's a wall post that originated locally.
+
+ if($observer['xchan_name'] != $owner_xchan['xchan_name']) {
+ if($parent_item && ($parent_item['item_flags'] & (ITEM_WALL|ITEM_ORIGIN)) == (ITEM_WALL|ITEM_ORIGIN)) {
+ $walltowall_comment = true;
+ $walltowall = true;
+ }
+ if(! $parent) {
+ $walltowall = true;
+ }
+ }
}
$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true));
@@ -329,6 +348,15 @@ function item_post(&$a) {
$str_group_deny = $channel['channel_deny_gid'];
$str_contact_deny = $channel['channel_deny_cid'];
}
+ elseif($walltowall) {
+
+ // use the channel owner's default permissions
+
+ $str_group_allow = $channel['channel_allow_gid'];
+ $str_contact_allow = $channel['channel_allow_cid'];
+ $str_group_deny = $channel['channel_deny_gid'];
+ $str_contact_deny = $channel['channel_deny_cid'];
+ }
else {
// use the posted permissions
@@ -570,7 +598,14 @@ function item_post(&$a) {
logger('handle_tag: ' . print_r($success,tue), LOGGER_DATA);
if(($access_tag) && (! $parent_item)) {
logger('access_tag: ' . $tag . ' ' . print_r($access_tag,true), LOGGER_DATA);
- if ($first_access_tag) {
+ if ($first_access_tag && (! get_pconfig($profile_uid,'system','no_private_mention_acl_override'))) {
+
+ // This is a tough call, hence configurable. The issue is that one can type in a @!privacy mention
+ // and also have a default ACL (perhaps from viewing a collection) and could be suprised that the
+ // privacy mention wasn't the only recipient. So the default is to wipe out the existing ACL if a
+ // private mention is found. This can be over-ridden if you wish private mentions to be in
+ // addition to the current ACL settings.
+
$str_contact_allow = '';
$str_group_allow = '';
$first_access_tag = false;
@@ -720,6 +755,7 @@ function item_post(&$a) {
$datarray['comment_policy'] = map_scope($channel['channel_w_comment']);
$datarray['term'] = $post_tags;
$datarray['plink'] = $plink;
+ $datarray['route'] = $route;
// preview mode - prepare the body for display and send it via json
@@ -859,10 +895,9 @@ function item_post(&$a) {
if($parent) {
// Store the comment signature information in case we need to relay to Diaspora
-//FIXME
$ditem = $datarray;
$ditem['author'] = $observer;
- store_diaspora_comment_sig($ditem,$channel,$parent_item, $post_id);
+ store_diaspora_comment_sig($ditem,$channel,$parent_item, $post_id, (($walltowall_comment) ? 1 : 0));
}
update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid);
@@ -1137,6 +1172,8 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) {
// $r is set if we found something
+ $channel = get_app()->get_channel();
+
if($r) {
$profile = $r[0]['xchan_url'];
$newname = $r[0]['xchan_name'];
@@ -1156,9 +1193,10 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) {
if(local_user() && local_user() == $profile_uid) {
require_once('include/group.php');
$grp = group_byname($profile_uid,$name);
+
if($grp) {
$g = q("select hash from groups where id = %d and visible = 1 limit 1",
- intval($grp[0]['id'])
+ intval($grp)
);
if($g && $exclusive) {
$access_tag .= 'gid:' . $g[0]['hash'];
@@ -1172,6 +1210,10 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) {
}
}
+ if(($exclusive) && (! $access_tag)) {
+ $access_tag .= 'cid:' . $channel['channel_hash'];
+ }
+
// if there is an url for this channel
if(isset($profile)) {