aboutsummaryrefslogtreecommitdiffstats
path: root/mod/item.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/item.php')
-rw-r--r--mod/item.php73
1 files changed, 46 insertions, 27 deletions
diff --git a/mod/item.php b/mod/item.php
index b3ef57529..038a967b2 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -210,7 +210,7 @@ function item_post(&$a) {
}
}
else {
- if(! perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_wall')) {
+ if(! perm_is_allowed($profile_uid,$observer['xchan_hash'],($webpage) ? 'write_pages' : 'post_wall')) {
notice( t('Permission denied.') . EOL) ;
if(x($_REQUEST,'return'))
goaway($a->get_baseurl() . "/" . $return_path );
@@ -233,6 +233,8 @@ function item_post(&$a) {
$post_id = $i[0]['iid'];
}
+ $iconfig = null;
+
if($post_id) {
$i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1",
intval($profile_uid),
@@ -241,6 +243,9 @@ function item_post(&$a) {
if(! count($i))
killme();
$orig_post = $i[0];
+ $iconfig = q("select * from iconfig where iid = %d",
+ intval($post_id)
+ );
}
@@ -305,7 +310,7 @@ function item_post(&$a) {
}
}
- $acl = new AccessList($channel);
+ $acl = new Zotlabs\Access\AccessList($channel);
$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true));
@@ -446,7 +451,7 @@ function item_post(&$a) {
$execflag = false;
- if($mimetype === 'application/x-php') {
+ if($mimetype !== 'text/bbcode') {
$z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
intval($profile_uid)
);
@@ -472,15 +477,28 @@ function item_post(&$a) {
if($mimetype === 'text/bbcode') {
require_once('include/text.php');
- if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
- require_once('include/bb2diaspora.php');
- $body = escape_tags(trim($body));
- $body = str_replace("\n",'<br />', $body);
-
- $body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body);
- $body = diaspora2bb($body,true);
- $body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body);
- }
+
+ // Markdown doesn't work correctly. Do not re-enable unless you're willing to fix it and support it.
+
+ // Sample that will probably give you grief - you must preserve the linebreaks
+ // and provide the correct markdown interpretation and you cannot allow unfiltered HTML
+
+ // Markdown
+ // ========
+ //
+ // **bold** abcde
+ // fghijkl
+ // *italic*
+ // <img src="javascript:alert('hacked');" />
+
+// if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
+// require_once('include/bb2diaspora.php');
+// $body = escape_tags(trim($body));
+// $body = str_replace("\n",'<br />', $body);
+// $body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body);
+// $body = diaspora2bb($body,true);
+// $body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body);
+// }
// BBCODE alert: the following functions assume bbcode input
// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)
@@ -720,8 +738,7 @@ function item_post(&$a) {
$datarray = array();
- $item_thead_top = ((! $parent) ? 1 : 0);
-
+ $item_thread_top = ((! $parent) ? 1 : 0);
if ((! $plink) && ($item_thread_top)) {
$plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid;
@@ -793,6 +810,9 @@ function item_post(&$a) {
$datarray['plink'] = $plink;
$datarray['route'] = $route;
+ if($iconfig)
+ $datarray['iconfig'] = $iconfig;
+
// preview mode - prepare the body for display and send it via json
if($preview) {
@@ -809,8 +829,6 @@ function item_post(&$a) {
if($orig_post)
$datarray['edit'] = true;
-
-
if(feature_enabled($profile_uid,'suppress_duplicates') && (! $orig_post)) {
$z = q("select created from item where uid = %d and body = '%s'",
@@ -818,25 +836,26 @@ function item_post(&$a) {
dbesc($body)
);
- if($z && $z[0]['created'] > datetime_convert('UTC','UTC', 'now - 2 minutes')) {
- $datarray['cancel'] = 1;
- notice( t('Duplicate post suppressed.') . EOL);
- logger('Duplicate post. Faking plugin cancel.');
+ if($z) {
+ foreach($z as $zz) {
+ if($zz['created'] > datetime_convert('UTC','UTC', 'now - 2 minutes')) {
+ $datarray['cancel'] = 1;
+ notice( t('Duplicate post suppressed.') . EOL);
+ logger('Duplicate post. Faking plugin cancel.');
+ }
+ }
}
}
call_hooks('post_local',$datarray);
if(x($datarray,'cancel')) {
- logger('mod_item: post cancelled by plugin.');
- if($return_path) {
+ logger('mod_item: post cancelled by plugin or duplicate suppressed.');
+ if($return_path)
goaway($a->get_baseurl() . "/" . $return_path);
- }
$json = array('cancel' => 1);
- if(x($_REQUEST,'jsreload') && strlen($_REQUEST['jsreload']))
- $json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload'];
-
+ $json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload'];
echo json_encode($json);
killme();
}
@@ -919,7 +938,7 @@ function item_post(&$a) {
else {
$parent = $post_id;
- if($datarray['owner_xchan'] != $datarray['author_xchan']) {
+ if(($datarray['owner_xchan'] != $datarray['author_xchan']) && ($datarray['item_type'] == ITEM_TYPE_POST)) {
notification(array(
'type' => NOTIFY_WALL,
'from_xchan' => $datarray['author_xchan'],
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-30 18:59:22 +0000