diff options
Diffstat (limited to 'mod/item.php')
| -rw-r--r-- | mod/item.php | 253 |
1 files changed, 143 insertions, 110 deletions
diff --git a/mod/item.php b/mod/item.php index 8298d3dc0..dc8ee5015 100644 --- a/mod/item.php +++ b/mod/item.php @@ -44,7 +44,7 @@ function item_post(&$a) { call_hooks('post_local_start', $_REQUEST); - logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA); +// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA); $api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false); @@ -60,6 +60,7 @@ function item_post(&$a) { $origin = (($api_source && array_key_exists('origin',$_REQUEST)) ? intval($_REQUEST['origin']) : 1); $owner_hash = null; + $message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : ''); $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0); $post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0); @@ -80,7 +81,7 @@ function item_post(&$a) { */ $parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0); - $parent_uri = ((x($_REQUEST,'parent_uri')) ? trim($_REQUEST['parent_uri']) : ''); + $parent_mid = ((x($_REQUEST,'parent_mid')) ? trim($_REQUEST['parent_mid']) : ''); $parent_item = null; $parent_contact = null; @@ -88,7 +89,7 @@ function item_post(&$a) { $parid = 0; $r = false; - if($parent || $parent_uri) { + if($parent || $parent_mid) { if(! x($_REQUEST,'type')) $_REQUEST['type'] = 'net-comment'; @@ -98,17 +99,17 @@ function item_post(&$a) { intval($parent) ); } - elseif($parent_uri && local_user()) { + elseif($parent_mid && local_user()) { // This is coming from an API source, and we are logged in - $r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", - dbesc($parent_uri), + $r = q("SELECT * FROM `item` WHERE `mid` = '%s' AND `uid` = %d LIMIT 1", + dbesc($parent_mid), intval(local_user()) ); } // if this isn't the real parent of the conversation, find it if($r !== false && count($r)) { $parid = $r[0]['parent']; - $parent_uri = $r[0]['uri']; + $parent_mid = $r[0]['mid']; if($r[0]['id'] != $r[0]['parent']) { $r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1", intval($parid) @@ -127,19 +128,22 @@ function item_post(&$a) { // multi-level threading - preserve the info but re-parent to our single level threading //if(($parid) && ($parid != $parent)) - $thr_parent = $parent_uri; + $thr_parent = $parent_mid; + +// if($parent_item['contact-id'] && $uid) { +// $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", +// intval($parent_item['contact-id']), +// intval($uid) +// ); +// if(count($r)) +// $parent_contact = $r[0]; +// } - if($parent_item['contact-id'] && $uid) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($parent_item['contact-id']), - intval($uid) - ); - if(count($r)) - $parent_contact = $r[0]; - } } - if($parent) logger('mod_item: item_post parent=' . $parent); + if($parent) { + logger('mod_item: item_post parent=' . $parent); + } $observer = $a->get_observer(); @@ -200,6 +204,10 @@ function item_post(&$a) { goaway($a->get_baseurl() . "/" . $return_path ); killme(); } + + if($observer) { + logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG); + } if($orig_post) { @@ -242,10 +250,10 @@ function item_post(&$a) { $str_contact_deny = perms2str($_REQUEST['contact_deny']); } - $title = escape_tags(trim($_REQUEST['title'])); $location = notags(trim($_REQUEST['location'])); $coord = notags(trim($_REQUEST['coord'])); $verb = notags(trim($_REQUEST['verb'])); + $title = escape_tags(trim($_REQUEST['title'])); $body = escape_tags(trim($_REQUEST['body'])); $private = ( @@ -291,13 +299,25 @@ function item_post(&$a) { // expire_quantity, e.g. '3' // expire_units, e.g. days, weeks, months if(x($_REQUEST,'expire_quantity') && (x($_REQUEST,'expire_units'))) { - $expire = datetime_convert(date_default_timezone_get(),'UTC', 'now + ' . $_REQUEST['expire_quantity'] . ' ' . $_REQUEST['expire_units']); + $expire = datetime_convert('UTC','UTC', 'now + ' . $_REQUEST['expire_quantity'] . ' ' . $_REQUEST['expire_units']); if($expires <= datetime_convert()) $expires = '0000-00-00 00:00:00'; } } + + $post_type = notags(trim($_REQUEST['type'])); + + $content_type = notags(trim($_REQUEST['content_type'])); + if(! $content_type) + $content_type = 'text/bbcode'; + + +// BBCODE alert: the following functions assume bbcode input +// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.) +// we may need virtual or template classes to implement the possible alternatives + // Work around doubled linefeeds in Tinymce 3.5b2 // First figure out if it's a status post that would've been // created using tinymce. Otherwise leave it alone. @@ -307,60 +327,23 @@ function item_post(&$a) { $body = fix_mce_lf($body); } + // If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it. - // get contact info for poster - - -/* - $author = null; - $self = false; - $contact_id = 0; - - if((local_user()) && (local_user() == $profile_uid)) { - $self = true; - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", - intval($_SESSION['uid']) - ); - } - elseif(remote_user()) { - if(is_array($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $v) { - if($v['uid'] == $profile_uid) { - $contact_id = $v['cid']; - break; - } - } - } - if($contact_id) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", - intval($contact_id) - ); - } - } - - if(count($r)) { - // FIXME - $author = $r[0]; - $contact_id = $author['id']; - } - - // get contact info for owner - - if($profile_uid == local_user()) { - $contact_record = $author; - } - else { - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", + if((! $parent) && (substr_count($str_contact_allow,'<') == 1) && ($str_group_allow == '') && ($str_contact_deny == '') && ($str_group_deny == '')) { + $x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc(str_replace(array('<','>'),array('',''),$str_contact_allow)), intval($profile_uid) ); - if(count($r)) - $contact_record = $r[0]; + if($x && ($x[0]['abook_their_perms'] & PERMS_W_TAGWALL)) + $body .= "\n\n@group+" . $x[0]['abook_id'] . "\n"; } -*/ - - $post_type = notags(trim($_REQUEST['type'])); + /** + * fix naked links by passing through a callback to see if this is a red site + * (already known to us) which will get a zrl, otherwise link with url + */ + $body = preg_replace_callback("/([^\]\='".'"'."]|^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", 'red_zrl_callback', $body); /** * @@ -445,18 +428,6 @@ function item_post(&$a) { } } - if(strlen($categories)) { - $cats = explode(',',$categories); - foreach($cats as $cat) { - $post_tags[] = array( - 'uid' => $profile_uid, - 'type' => TERM_CATEGORY, - 'otype' => TERM_OBJ_POST, - 'term' => trim($cat), - 'url' => '' - ); - } - } // logger('post_tags: ' . print_r($post_tags,true)); @@ -489,6 +460,23 @@ function item_post(&$a) { } } +// BBCODE end alert + + + if(strlen($categories)) { + $cats = explode(',',$categories); + foreach($cats as $cat) { + $post_tags[] = array( + 'uid' => $profile_uid, + 'type' => TERM_CATEGORY, + 'otype' => TERM_OBJ_POST, + 'term' => trim($cat), + 'url' => '' + ); + } + } + + $item_flags = ITEM_UNSEEN; $item_restrict = ITEM_VISIBLE; @@ -504,7 +492,6 @@ function item_post(&$a) { if($webpage) $item_restrict = $item_restrict | ITEM_WEBPAGE; - if(! strlen($verb)) @@ -512,20 +499,21 @@ function item_post(&$a) { $notify_type = (($parent) ? 'comment-new' : 'wall-new' ); - $uri = item_message_id(); - $parent_uri = $uri; + $mid = (($message_id) ? $message_id : item_message_id()); + + $parent_mid = $mid; if($parent_item) - $parent_uri = $parent_item['uri']; + $parent_mid = $parent_item['mid']; // Fallback so that we alway have a thr_parent if(!$thr_parent) - $thr_parent = $uri; + $thr_parent = $mid; $datarray = array(); if(! $parent) { - $datarray['parent_uri'] = $uri; + $datarray['parent_mid'] = $mid; $item_flags = $item_flags | ITEM_THREAD_TOP; } @@ -540,8 +528,9 @@ function item_post(&$a) { $datarray['commented'] = datetime_convert(); $datarray['received'] = datetime_convert(); $datarray['changed'] = datetime_convert(); - $datarray['uri'] = $uri; - $datarray['parent_uri'] = $parent_uri; + $datarray['mid'] = $mid; + $datarray['parent_mid'] = $parent_mid; + $datarray['mimetype'] = $content_type; $datarray['title'] = $title; $datarray['body'] = $body; $datarray['app'] = $app; @@ -560,6 +549,7 @@ function item_post(&$a) { $datarray['item_restrict'] = $item_restrict; $datarray['item_flags'] = $item_flags; + $datarray['comment_policy'] = map_scope($channel['channel_w_comment']); // preview mode - prepare the body for display and send it via json @@ -573,6 +563,8 @@ function item_post(&$a) { echo json_encode(array('preview' => $o)); killme(); } + if($orig_post) + $datarray['edit'] = true; call_hooks('post_local',$datarray); @@ -591,6 +583,22 @@ function item_post(&$a) { } + if(mb_strlen($datarray['title']) > 255) + $datarray['title'] = mb_substr($datarray['title'],0,255); + + if(array_key_exists('item_private',$datarray) && $datarray['item_private']) { + logger('Encrypting local storage'); + $key = get_config('system','pubkey'); + $datarray['item_flags'] = $datarray['item_flags'] | ITEM_OBSCURED; + if($datarray['title']) + $datarray['title'] = json_encode(aes_encapsulate($datarray['title'],$key)); + if($datarray['body']) + $datarray['body'] = json_encode(aes_encapsulate($datarray['body'],$key)); + } + + + + if($orig_post) { $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `attach` = '%s', `edited` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($datarray['title']), @@ -613,6 +621,23 @@ function item_post(&$a) { ); + if(count($post_tags)) { + foreach($post_tags as $tag) { + if(strlen(trim($tag['term']))) { + q("insert into term (uid,oid,otype,type,term,url) values (%d,%d,%d,%d,'%s','%s')", + intval($tag['uid']), + intval($post_id), + intval($tag['otype']), + intval($tag['type']), + dbesc(trim($tag['term'])), + dbesc(trim($tag['url'])) + ); + } + } + } + + + proc_run('php', "include/notifier.php", 'edit_post', $post_id); if((x($_REQUEST,'return')) && strlen($return_path)) { logger('return: ' . $return_path); @@ -659,7 +684,7 @@ function item_post(&$a) { dbesc($parent_item['allow_gid']), dbesc($parent_item['deny_cid']), dbesc($parent_item['deny_gid']), - intval($parent_item['private']), + intval($parent_item['item_private']), intval($post_id) ); @@ -669,11 +694,11 @@ function item_post(&$a) { 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, - 'link' => $a->get_baseurl() . '/display/' . $datarray['uri'], + 'link' => $a->get_baseurl() . '/display/' . $datarray['mid'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $parent, - 'parent_uri' => $parent_item['uri'] + 'parent_mid' => $parent_item['mid'] )); } @@ -688,7 +713,7 @@ function item_post(&$a) { 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, - 'link' => $a->get_baseurl() . '/display/' . $datarray['uri'], + 'link' => $a->get_baseurl() . '/display/' . $datarray['mid'], 'verb' => ACTIVITY_POST, 'otype' => 'item' )); @@ -700,10 +725,10 @@ function item_post(&$a) { if(! $parent) $parent = $post_id; - $r = q("UPDATE `item` SET `parent` = %d, `parent_uri` = '%s', `changed` = '%s' + $r = q("UPDATE `item` SET `parent` = %d, `parent_mid` = '%s', `changed` = '%s' WHERE `id` = %d LIMIT 1", intval($parent), - dbesc(($parent == $post_id) ? $uri : $parent_item['uri']), + dbesc(($parent == $post_id) ? $mid : $parent_item['mid']), dbesc(datetime_convert()), intval($post_id) ); @@ -741,14 +766,14 @@ function item_post(&$a) { // store page info as an alternate message_id so we can access it via // https://sitename/page/$channelname/$pagetitle // if no pagetitle was given or it couldn't be transliterated into a url, use the first - // sixteen bytes of the uri - which makes the link portable and not quite as daunting - // as the entire uri. If it were the post_id the link would be less portable. + // sixteen bytes of the mid - which makes the link portable and not quite as daunting + // as the entire mid. If it were the post_id the link would be less portable. // We should have the ability to edit this and arrange pages into menus via the pages module q("insert into item_id ( iid, uid, sid, service ) values ( %d, %d, '%s','%s' )", intval($post_id), intval($channel['channel_id']), - dbesc(($pagetitle) ? $pagetitle : substr($uri,0,16)), + dbesc(($pagetitle) ? $pagetitle : substr($mid,0,16)), dbesc('WEBPAGE') ); } @@ -822,18 +847,26 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { //is it a hash tag? if(strpos($tag,'#') === 0) { //if the tag is replaced... - if(strpos($tag,'[url=')) + if(strpos($tag,'[zrl=')) //...do nothing return $replaced; - //base tag has the tags name only - $basetag = str_replace('_',' ',substr($tag,1)); - //create text for link - $url = $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag); - $newtag = '#[url=' . $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; - //replace tag by the link - $body = str_replace($tag, $newtag, $body); - $replaced = true; - + if($tag == '#getzot') { + $basetag = 'getzot'; + $url = 'http://getzot.com'; + $newtag = '#[zrl=' . $url . ']' . $basetag . '[/zrl]'; + $body = str_replace($tag,$newtag,$body); + $replace = true; + } + else { + //base tag has the tags name only + $basetag = str_replace('_',' ',substr($tag,1)); + //create text for link + $url = $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag); + $newtag = '#[zrl=' . $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/zrl]'; + //replace tag by the link + $body = str_replace($tag, $newtag, $body); + $replaced = true; + } //is the link already in str_tags? if(! stristr($str_tags,$newtag)) { //append or set str_tags @@ -846,7 +879,7 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { //is it a person tag? if(strpos($tag,'@') === 0) { //is it already replaced? - if(strpos($tag,'[url=')) + if(strpos($tag,'[zrl=')) return $replaced; $stat = false; //get the person's name @@ -942,7 +975,7 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { //create profile link $profile = str_replace(',','%2c',$profile); $url = $profile; - $newtag = '@[url=' . $profile . ']' . $newname . '[/url]'; + $newtag = '@[zrl=' . $profile . ']' . $newname . '[/zrl]'; $body = str_replace('@' . $name, $newtag, $body); //append tag to str_tags if(! stristr($str_tags,$newtag)) { @@ -962,8 +995,8 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body, $str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny) { $match = null; - - if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) { + // match img and zmg image links + if(preg_match_all("/\[[zi]mg\](.*?)\[\/[zi]mg\]/",$body,$match)) { $images = $match[1]; if($images) { foreach($images as $image) { |