1 files changed, 47 insertions, 5 deletions

diff --git a/mod/share.php b/mod/share.php
index 1f767578d..1e919b99b 100644
--- a/mod/share.php
+++ b/mod/share.php
@@ -1,20 +1,45 @@
 <?php
 
+require_once('include/security.php');
 require_once('bbcode.php');
 
 function share_init(&$a) {
 
 	$post_id = ((argc() > 1) ? intval(argv(1)) : 0);
-	if((! $post_id) || (! local_user()))
+
+	if(! $post_id)
+		killme();
+
+	if(! (local_user() || remote_user()))
 		killme();
 
-	$r = q("SELECT * from item WHERE id = %d AND uid = %d and item_restrict = 0 LIMIT 1",
+
+	$r = q("SELECT * from item WHERE id = %d  LIMIT 1",
 		intval($post_id),
-		intval(local_user())
 	);
 	if((! $r) || $r[0]['item_private'])
 		killme();
 
+	$sql_extra = item_permissions_sql($r[0]['uid']);
+
+	$r = q("select * from item where id = %d $sql_extra",
+		intval($post_id)
+	);
+	if(! $r)
+		killme();
+
+	// FIXME - we only share bbcode
+
+	if($r[0]['mimetype'] !== 'text/bbcode')
+		killme();
+
+	// FIXME - eventually we want to post remotely via rpost
+	// on your home site.
+	// When that works remove this next bit:
+
+	if(! local_user())
+		killme();
+
 	xchan_query($r);
 
 	if (strpos($r[0]['body'], "[/share]") !== false) {
@@ -32,7 +57,24 @@ function share_init(&$a) {
 		$o.= "[/share]";
 	}
 
-	echo $o;
-	killme();
+	if(local_user()) {
+		echo $o;
+		killme();
+	}
+	
+	$observer = $a->get_observer();
+	$parsed = $observer['xchan_url'];
+	if($parsed) {
+		$post_url = $parsed['scheme'] . ':' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '')
+			. '/rpost';
+		// FIXME - we were probably called from JS
+		// so we don't know the return page.
+		// in fact we won't be able to load the remote page.
+		// we might need an iframe
+
+		$x = z_post_url($post_url, array('f' => '', 'body' => $o ));
+		killme();
+	}
+	
 
 }