diff options
Diffstat (limited to 'mod/new_channel.php')
| -rw-r--r-- | mod/new_channel.php | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/mod/new_channel.php b/mod/new_channel.php index 047048f0a..630984bf2 100644 --- a/mod/new_channel.php +++ b/mod/new_channel.php @@ -64,7 +64,14 @@ function new_channel_post(&$a) { $arr = $_POST; - if(($arr['account_id'] = get_account_id()) === false) { + $acc = $a->get_account(); + $arr['account_id'] = get_account_id(); + + // prevent execution by delegated channels as well as those not logged in. + // get_account_id() returns the account_id from the session. But $a->account + // may point to the original authenticated account. + + if((! $acc) || ($acc['account_id'] != $arr['account_id'])) { notice( t('Permission denied.') . EOL ); return; } @@ -95,11 +102,25 @@ function new_channel_post(&$a) { function new_channel_content(&$a) { - if(! get_account_id()) { + + $acc = $a->get_account(); + + if((! $acc) || $acc['account_id'] != get_account_id()) { notice( t('Permission denied.') . EOL); return; } + $default_role = ''; + $aid = get_account_id(); + if($aid) { + $r = q("select count(channel_id) as total from channel where channel_account_id = %d", + intval($aid) + ); + if($r && (! intval($r[0]['total']))) { + $default_role = get_config('system','default_permissions_role'); + } + } + $name = ((x($_REQUEST,'name')) ? $_REQUEST['name'] : "" ); $nickname = ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : "" ); $privacy_role = ((x($_REQUEST,'permissions_role')) ? $_REQUEST['permissions_role'] : "" ); @@ -112,11 +133,13 @@ function new_channel_content(&$a) { '$label_name' => t('Channel Name'), '$help_name' => t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group" '), '$label_nick' => t('Choose a short nickname'), + '$nick_hub' => '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')), '$nick_desc' => t('Your nickname will be used to create an easily remembered channel address (like an email address) which you can share with others.'), '$label_import' => t('Or <a href="import">import an existing channel</a> from another location'), '$name' => $name, '$help_role' => t('Please choose a channel type (such as social networking or community forum) and privacy requirements so we can select the best permissions for you'), '$role' => array('permissions_role' , t('Channel Type'), ($privacy_role) ? $privacy_role : 'social', '<a href="help/roles" target="_blank">'.t('Read more about roles').'</a>',get_roles()), + '$default_role' => $default_role, '$nickname' => $nickname, '$submit' => t('Create') )); |