diff options
Diffstat (limited to 'mod/item.php')
| -rw-r--r-- | mod/item.php | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/mod/item.php b/mod/item.php index ce484999b..56fdda887 100644 --- a/mod/item.php +++ b/mod/item.php @@ -320,6 +320,24 @@ function item_post(&$a) { $body = z_input_filter($profile_uid,$body,$mimetype); } + $execflag = false; + + if($mimetype === 'application/x-php') { + $z = q("select account_id, account_roles from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", + intval($profile_uid) + ); + if($z && ($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE)) { + if(local_user() && (get_account_id() == $z[0]['account_id'])) { + $execflag = true; + } + else { + notice( t('Executable content type not permitted to this channel.') . EOL); + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } + } + } if($mimetype === 'text/bbcode') { @@ -655,7 +673,7 @@ function item_post(&$a) { $post_id = 0; - $post_id = item_store($datarray); + $post_id = item_store($datarray,$execflag); if($post_id) { logger('mod_item: saved item ' . $post_id); |