diff options
Diffstat (limited to 'mod/item.php')
-rw-r--r-- | mod/item.php | 52 |
1 files changed, 47 insertions, 5 deletions
diff --git a/mod/item.php b/mod/item.php index ac15e50e8..e7d886b00 100644 --- a/mod/item.php +++ b/mod/item.php @@ -77,7 +77,7 @@ function item_post(&$a) { $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0); $categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : ''); $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0); - $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags($_REQUEST['pagetitle']) : ''); + $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags(urlencode($_REQUEST['pagetitle'])) : ''); $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); @@ -112,6 +112,7 @@ function item_post(&$a) { $parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0); $parent_mid = ((x($_REQUEST,'parent_mid')) ? trim($_REQUEST['parent_mid']) : ''); + $route = ''; $parent_item = null; $parent_contact = null; $thr_parent = ''; @@ -163,6 +164,7 @@ function item_post(&$a) { $thr_parent = $parent_mid; + $route = $parent_item['route']; } @@ -257,8 +259,25 @@ function item_post(&$a) { killme(); } + $walltowall = false; + $walltowall_comment = false; + if($observer) { logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG); + + // wall-to-wall detection. + // For top-level posts, if the author and owner are different it's a wall-to-wall + // For comments, We need to additionally look at the parent and see if it's a wall post that originated locally. + + if($observer['xchan_name'] != $owner_xchan['xchan_name']) { + if($parent_item && ($parent_item['item_flags'] & (ITEM_WALL|ITEM_ORIGIN)) == (ITEM_WALL|ITEM_ORIGIN)) { + $walltowall_comment = true; + $walltowall = true; + } + if(! $parent) { + $walltowall = true; + } + } } $public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true)); @@ -329,6 +348,15 @@ function item_post(&$a) { $str_group_deny = $channel['channel_deny_gid']; $str_contact_deny = $channel['channel_deny_cid']; } + elseif($walltowall) { + + // use the channel owner's default permissions + + $str_group_allow = $channel['channel_allow_gid']; + $str_contact_allow = $channel['channel_allow_cid']; + $str_group_deny = $channel['channel_deny_gid']; + $str_contact_deny = $channel['channel_deny_cid']; + } else { // use the posted permissions @@ -570,7 +598,14 @@ function item_post(&$a) { logger('handle_tag: ' . print_r($success,tue), LOGGER_DATA); if(($access_tag) && (! $parent_item)) { logger('access_tag: ' . $tag . ' ' . print_r($access_tag,true), LOGGER_DATA); - if ($first_access_tag) { + if ($first_access_tag && (! get_pconfig($profile_uid,'system','no_private_mention_acl_override'))) { + + // This is a tough call, hence configurable. The issue is that one can type in a @!privacy mention + // and also have a default ACL (perhaps from viewing a collection) and could be suprised that the + // privacy mention wasn't the only recipient. So the default is to wipe out the existing ACL if a + // private mention is found. This can be over-ridden if you wish private mentions to be in + // addition to the current ACL settings. + $str_contact_allow = ''; $str_group_allow = ''; $first_access_tag = false; @@ -720,6 +755,7 @@ function item_post(&$a) { $datarray['comment_policy'] = map_scope($channel['channel_w_comment']); $datarray['term'] = $post_tags; $datarray['plink'] = $plink; + $datarray['route'] = $route; // preview mode - prepare the body for display and send it via json @@ -859,10 +895,9 @@ function item_post(&$a) { if($parent) { // Store the comment signature information in case we need to relay to Diaspora -//FIXME $ditem = $datarray; $ditem['author'] = $observer; - store_diaspora_comment_sig($ditem,$channel,$parent_item, $post_id); + store_diaspora_comment_sig($ditem,$channel,$parent_item, $post_id, (($walltowall_comment) ? 1 : 0)); } update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid); @@ -1137,6 +1172,8 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) { // $r is set if we found something + $channel = get_app()->get_channel(); + if($r) { $profile = $r[0]['xchan_url']; $newname = $r[0]['xchan_name']; @@ -1156,9 +1193,10 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) { if(local_user() && local_user() == $profile_uid) { require_once('include/group.php'); $grp = group_byname($profile_uid,$name); + if($grp) { $g = q("select hash from groups where id = %d and visible = 1 limit 1", - intval($grp[0]['id']) + intval($grp) ); if($g && $exclusive) { $access_tag .= 'gid:' . $g[0]['hash']; @@ -1172,6 +1210,10 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) { } } + if(($exclusive) && (! $access_tag)) { + $access_tag .= 'cid:' . $channel['channel_hash']; + } + // if there is an url for this channel if(isset($profile)) { |