diff options
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/blocks.php | 82 | ||||
| -rw-r--r-- | mod/editblock.php | 139 | ||||
| -rw-r--r-- | mod/editlayout.php | 139 | ||||
| -rw-r--r-- | mod/item.php | 355 | ||||
| -rw-r--r-- | mod/layouts.php | 82 | ||||
| -rw-r--r-- | mod/page.php | 13 | ||||
| -rw-r--r-- | mod/webpages.php | 8 |
7 files changed, 654 insertions, 164 deletions
diff --git a/mod/blocks.php b/mod/blocks.php new file mode 100644 index 000000000..29117eae8 --- /dev/null +++ b/mod/blocks.php @@ -0,0 +1,82 @@ +<?php + +function blocks_content(&$a) { + + if(argc() > 1) + $which = argv(1); + else { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + profile_load($a,$which,0); + + + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + +// Get the observer, check their permissions + + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + +// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages +// Nickname is set to the observers xchan, and profile_uid to the owners. This lets you post pages at other people's channels. +require_once ('include/conversation.php'); + $x = array( + 'webpage' => ITEM_BUILDBLOCK, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'bang' => (($group || $cid) ? '!' : ''), + 'visitor' => 'block', + 'profile_uid' => intval($owner), + ); + + $o .= status_editor($a,$x); + + //Get a list of blocks. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. +//TODO - this should be replaced with pagelist_widget + +$r = q("select * from item_id where uid = %d and service = 'BUILDBLOCK' order by sid asc", + intval($owner) +); + + $pages = null; + + if($r) { + $pages = array(); + foreach($r as $rr) { + $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']); + } + } + + +//Build the base URL for edit links + $url = z_root() . "/editblock/" . $which; +// This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM). + return $o . replace_macros(get_markup_template("webpagelist.tpl"), array( + '$baseurl' => $url, + '$edit' => t('Edit'), + '$pages' => $pages, + '$channel' => $which, + '$view' => t('View'), + '$preview' => '1', + + )); + + +} diff --git a/mod/editblock.php b/mod/editblock.php new file mode 100644 index 000000000..25ae8d8b6 --- /dev/null +++ b/mod/editblock.php @@ -0,0 +1,139 @@ + +<?php + +// What is this here for? I think it's cruft, but comment out for now in case it's here for a reason +// require_once('acl_selectors.php'); + +function editblock_content(&$a) { + +// We first need to figure out who owns the webpage, grab it from an argument + $which = argv(1); + +// $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + //logger('owner: ' . print_r($owner,true)); + } + + + + + if((local_user()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; + } + + + $o = ''; + + +// Figure out which post we're editing + $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + + + if(! $post_id) { + notice( t('Item not found') . EOL); + return; + } + +// Now we've got a post and an owner, let's find out if we're allowed to edit it + + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + + +// We've already figured out which item we want and whose copy we need, so we don't need anything fancy here + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", + intval($post_id), + intval($owner) + ); + + + + $plaintext = true; +// You may or may not be a local user. This won't work, + if(feature_enabled(local_user(),'richtext')) + $plaintext = false; + + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( + '$title' => t('Edit block') + )); + + + $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => $geotag, + '$nickname' => $a->user['nickname'] + )); + + + $tpl = get_markup_template("jot.tpl"); + + $jotplugins = ''; + $jotnets = ''; + + call_hooks('jot_tool', $jotplugins); + call_hooks('jot_networks', $jotnets); + + $channel = $a->get_channel(); + + //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); + +//FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list. + + $rp = '/blocks/' . $which; + + $o .= replace_macros($tpl,array( + '$return_path' => $rp, + '$action' => 'item', + '$share' => t('Edit'), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => t('Clear browser location'), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$baseurl' => $a->get_baseurl(), + '$defloc' => $channel['channel_location'], + '$visitor' => 'none', + '$pvisit' => 'none', + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$title' => htmlspecialchars($itm[0]['title']), + '$placeholdertitle' => t('Set title'), + '$category' => '', + '$placeholdercategory' => t('Categories (comma-separated list)'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + '$lockstate' => $lockstate, + '$acl' => '', + '$bang' => '', + '$profile_uid' => (intval($owner)), + '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), + '$jotplugins' => $jotplugins, + '$sourceapp' => t($a->sourcename), + )); + + return $o; + +} + + diff --git a/mod/editlayout.php b/mod/editlayout.php new file mode 100644 index 000000000..1cebdc845 --- /dev/null +++ b/mod/editlayout.php @@ -0,0 +1,139 @@ + +<?php + +// What is this here for? I think it's cruft, but comment out for now in case it's here for a reason +// require_once('acl_selectors.php'); + +function editlayout_content(&$a) { + +// We first need to figure out who owns the webpage, grab it from an argument + $which = argv(1); + +// $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + //logger('owner: ' . print_r($owner,true)); + } + + + + + if((local_user()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; + } + + + $o = ''; + + +// Figure out which post we're editing + $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + + + if(! $post_id) { + notice( t('Item not found') . EOL); + return; + } + +// Now we've got a post and an owner, let's find out if we're allowed to edit it + + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + + +// We've already figured out which item we want and whose copy we need, so we don't need anything fancy here + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", + intval($post_id), + intval($owner) + ); + + + + $plaintext = true; +// You may or may not be a local user. This won't work, + if(feature_enabled(local_user(),'richtext')) + $plaintext = false; + + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( + '$title' => t('Edit block') + )); + + + $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => $geotag, + '$nickname' => $a->user['nickname'] + )); + + + $tpl = get_markup_template("jot.tpl"); + + $jotplugins = ''; + $jotnets = ''; + + call_hooks('jot_tool', $jotplugins); + call_hooks('jot_networks', $jotnets); + + $channel = $a->get_channel(); + + //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); + +//FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list. + + $rp = '/layouts/' . $which; + + $o .= replace_macros($tpl,array( + '$return_path' => $rp, + '$action' => 'item', + '$share' => t('Edit'), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => t('Clear browser location'), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$baseurl' => $a->get_baseurl(), + '$defloc' => $channel['channel_location'], + '$visitor' => 'none', + '$pvisit' => 'none', + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$title' => htmlspecialchars($itm[0]['title']), + '$placeholdertitle' => t('Set title'), + '$category' => '', + '$placeholdercategory' => t('Categories (comma-separated list)'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + '$lockstate' => $lockstate, + '$acl' => '', + '$bang' => '', + '$profile_uid' => (intval($owner)), + '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), + '$jotplugins' => $jotplugins, + '$sourceapp' => t($a->sourcename), + )); + + return $o; + +} + + diff --git a/mod/item.php b/mod/item.php index 1893a6ef4..56fdda887 100644 --- a/mod/item.php +++ b/mod/item.php @@ -62,15 +62,15 @@ function item_post(&$a) { $message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : ''); - $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0); - $post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0); - $app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''); - $return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : ''); - $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0); - $categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : ''); - $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0); - $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags($_REQUEST['pagetitle']): ''); - $buildblock = ((x($_REQUEST,'buildblock')) ? intval($_REQUEST['buildblock']) : 0); + $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0); + $post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0); + $app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''); + $return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : ''); + $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0); + $categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : ''); + $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0); + $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags($_REQUEST['pagetitle']) : ''); + $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); if($pagetitle) { require_once('library/urlify/URLify.php'); @@ -221,7 +221,7 @@ function item_post(&$a) { $verb = $orig_post['verb']; $app = $orig_post['app']; $title = escape_tags(trim($_REQUEST['title'])); - $body = escape_tags(trim($_REQUEST['body'])); + $body = $_REQUEST['body']; $private = $orig_post['item_private']; } @@ -255,7 +255,7 @@ function item_post(&$a) { $coord = notags(trim($_REQUEST['coord'])); $verb = notags(trim($_REQUEST['verb'])); $title = escape_tags(trim($_REQUEST['title'])); - $body = escape_tags(trim($_REQUEST['body'])); + $body = $_REQUEST['body']; $private = ( ( strlen($str_group_allow) @@ -310,154 +310,179 @@ function item_post(&$a) { $post_type = notags(trim($_REQUEST['type'])); - $content_type = notags(trim($_REQUEST['content_type'])); - if(! $content_type) - $content_type = 'text/bbcode'; + $mimetype = notags(trim($_REQUEST['mimetype'])); + if(! $mimetype) + $mimetype = 'text/bbcode'; + // Verify ability to use html or php!!! -// BBCODE alert: the following functions assume bbcode input -// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.) -// we may need virtual or template classes to implement the possible alternatives - - // Work around doubled linefeeds in Tinymce 3.5b2 - // First figure out if it's a status post that would've been - // created using tinymce. Otherwise leave it alone. - - $plaintext = ((feature_enabled($profile_uid,'richtext')) ? false : true); - if((! $parent) && (! $api_source) && (! $plaintext)) { - $body = fix_mce_lf($body); + if($preview) { + $body = z_input_filter($profile_uid,$body,$mimetype); } - // If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it. + $execflag = false; - if((! $parent) && (substr_count($str_contact_allow,'<') == 1) && ($str_group_allow == '') && ($str_contact_deny == '') && ($str_group_deny == '')) { - $x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1", - dbesc(str_replace(array('<','>'),array('',''),$str_contact_allow)), + if($mimetype === 'application/x-php') { + $z = q("select account_id, account_roles from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", intval($profile_uid) ); - if($x && ($x[0]['abook_their_perms'] & PERMS_W_TAGWALL)) - $body .= "\n\n@group+" . $x[0]['abook_id'] . "\n"; + if($z && ($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE)) { + if(local_user() && (get_account_id() == $z[0]['account_id'])) { + $execflag = true; + } + else { + notice( t('Executable content type not permitted to this channel.') . EOL); + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } + } } - /** - * fix naked links by passing through a callback to see if this is a red site - * (already known to us) which will get a zrl, otherwise link with url - */ + if($mimetype === 'text/bbcode') { - $body = preg_replace_callback("/([^\]\='".'"'."]|^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", 'red_zrl_callback', $body); + // BBCODE alert: the following functions assume bbcode input + // and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.) + // we may need virtual or template classes to implement the possible alternatives - /** - * - * When a photo was uploaded into the message using the (profile wall) ajax - * uploader, The permissions are initially set to disallow anybody but the - * owner from seeing it. This is because the permissions may not yet have been - * set for the post. If it's private, the photo permissions should be set - * appropriately. But we didn't know the final permissions on the post until - * now. So now we'll look for links of uploaded messages that are in the - * post and set them to the same permissions as the post itself. - * - */ + // Work around doubled linefeeds in Tinymce 3.5b2 + // First figure out if it's a status post that would've been + // created using tinymce. Otherwise leave it alone. - if(! $preview) { - fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],$body, - $str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); + $plaintext = ((feature_enabled($profile_uid,'richtext')) ? false : true); + if((! $parent) && (! $api_source) && (! $plaintext)) { + $body = fix_mce_lf($body); + } - fix_attached_file_permissions($channel,$observer['xchan_hash'],$body, - $str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); + // If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it. - } + if((! $parent) && (substr_count($str_contact_allow,'<') == 1) && ($str_group_allow == '') && ($str_contact_deny == '') && ($str_group_deny == '')) { + $x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc(str_replace(array('<','>'),array('',''),$str_contact_allow)), + intval($profile_uid) + ); + if($x && ($x[0]['abook_their_perms'] & PERMS_W_TAGWALL)) + $body .= "\n\n@group+" . $x[0]['abook_id'] . "\n"; + } + /** + * fix naked links by passing through a callback to see if this is a red site + * (already known to us) which will get a zrl, otherwise link with url + */ + $body = preg_replace_callback("/([^\]\='".'"'."]|^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", 'red_zrl_callback', $body); - $body = bb_translate_video($body); + /** + * + * When a photo was uploaded into the message using the (profile wall) ajax + * uploader, The permissions are initially set to disallow anybody but the + * owner from seeing it. This is because the permissions may not yet have been + * set for the post. If it's private, the photo permissions should be set + * appropriately. But we didn't know the final permissions on the post until + * now. So now we'll look for links of uploaded messages that are in the + * post and set them to the same permissions as the post itself. + * + */ - /** - * Fold multi-line [code] sequences - */ + if(! $preview) { + fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],$body,$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - $body = preg_replace('/\[\/code\]\s*\[code\]/ism',"\n",$body); + fix_attached_file_permissions($channel,$observer['xchan_hash'],$body,$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - $body = scale_external_images($body,false); + } - /** - * Look for any tags and linkify them - */ - $str_tags = ''; - $inform = ''; - $post_tags = array(); - $tags = get_tags($body); + $body = bb_translate_video($body); + + /** + * Fold multi-line [code] sequences + */ + + $body = preg_replace('/\[\/code\]\s*\[code\]/ism',"\n",$body); + + $body = scale_external_images($body,false); - $tagged = array(); + /** + * Look for any tags and linkify them + */ - $private_forum = false; + $str_tags = ''; + $inform = ''; + $post_tags = array(); - if(count($tags)) { - foreach($tags as $tag) { + $tags = get_tags($body); - // If we already tagged 'Robert Johnson', don't try and tag 'Robert'. - // Robert Johnson should be first in the $tags array + $tagged = array(); - $fullnametagged = false; - for($x = 0; $x < count($tagged); $x ++) { - if(stristr($tagged[$x],$tag . ' ')) { - $fullnametagged = true; - break; + $private_forum = false; + + if(count($tags)) { + foreach($tags as $tag) { + + // If we already tagged 'Robert Johnson', don't try and tag 'Robert'. + // Robert Johnson should be first in the $tags array + + $fullnametagged = false; + for($x = 0; $x < count($tagged); $x ++) { + if(stristr($tagged[$x],$tag . ' ')) { + $fullnametagged = true; + break; + } + } + if($fullnametagged) + continue; + + $success = handle_tag($a, $body, $inform, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag); + logger('handle_tag: ' . print_r($success,tue)); + + if($success['replaced']) { + $tagged[] = $tag; + $post_tags[] = array( + 'uid' => $profile_uid, + 'type' => $success['termtype'], + 'otype' => TERM_OBJ_POST, + 'term' => $success['term'], + 'url' => $success['url'] + ); + } + if(is_array($success['contact']) && intval($success['contact']['prv'])) { + $private_forum = true; + $private_id = $success['contact']['id']; } - } - if($fullnametagged) - continue; - - $success = handle_tag($a, $body, $inform, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag); - logger('handle_tag: ' . print_r($success,tue)); - - if($success['replaced']) { - $tagged[] = $tag; - $post_tags[] = array( - 'uid' => $profile_uid, - 'type' => $success['termtype'], - 'otype' => TERM_OBJ_POST, - 'term' => $success['term'], - 'url' => $success['url'] - ); - } - if(is_array($success['contact']) && intval($success['contact']['prv'])) { - $private_forum = true; - $private_id = $success['contact']['id']; } } - } // logger('post_tags: ' . print_r($post_tags,true)); - if(($private_forum) && (! $parent) && (! $private)) { - // we tagged a private forum in a top level post and the message was public. - // Restrict it. - $private = 1; - $str_contact_allow = '<' . $private_id . '>'; - } - - $attachments = ''; - $match = false; + if(($private_forum) && (! $parent) && (! $private)) { + // we tagged a private forum in a top level post and the message was public. + // Restrict it. + $private = 1; + $str_contact_allow = '<' . $private_id . '>'; + } - if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { - $attachments = array(); - foreach($match[2] as $mtch) { - $hash = substr($mtch,0,strpos($mtch,',')); - $rev = intval(substr($mtch,strpos($mtch,','))); - $r = attach_by_hash_nodata($hash,$rev); - if($r['success']) { - $attachments[] = array( - 'href' => $a->get_baseurl() . '/attach/' . $r['data']['hash'], - 'length' => $r['data']['filesize'], - 'type' => $r['data']['filetype'], - 'title' => urlencode($r['data']['filename']), - 'revision' => $r['data']['revision'] - ); + $attachments = ''; + $match = false; + + if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { + $attachments = array(); + foreach($match[2] as $mtch) { + $hash = substr($mtch,0,strpos($mtch,',')); + $rev = intval(substr($mtch,strpos($mtch,','))); + $r = attach_by_hash_nodata($hash,$rev); + if($r['success']) { + $attachments[] = array( + 'href' => $a->get_baseurl() . '/attach/' . $r['data']['hash'], + 'length' => $r['data']['filesize'], + 'type' => $r['data']['filetype'], + 'title' => urlencode($r['data']['filename']), + 'revision' => $r['data']['revision'] + ); + } + $body = str_replace($match[1],'',$body); } - $body = str_replace($match[1],'',$body); } } @@ -477,7 +502,6 @@ function item_post(&$a) { } } - $item_flags = ITEM_UNSEEN; $item_restrict = ITEM_VISIBLE; @@ -491,10 +515,7 @@ function item_post(&$a) { $item_restrict = $item_restrict | ITEM_MODERATED; if($webpage) - $item_restrict = $item_restrict | ITEM_WEBPAGE; - - if($buildblock) - $item_restrict = $item_restrict | ITEM_BUILDBLOCK; + $item_restrict = $item_restrict | $webpage; if(! strlen($verb)) @@ -520,38 +541,38 @@ function item_post(&$a) { $item_flags = $item_flags | ITEM_THREAD_TOP; } - $datarray['aid'] = $channel['channel_account_id']; - $datarray['uid'] = $profile_uid; - - $datarray['owner_xchan'] = (($owner_hash) ? $owner_hash : $owner_xchan['xchan_hash']); - $datarray['author_xchan'] = $observer['xchan_hash']; - $datarray['created'] = datetime_convert(); - $datarray['edited'] = datetime_convert(); - $datarray['expires'] = $expires; - $datarray['commented'] = datetime_convert(); - $datarray['received'] = datetime_convert(); - $datarray['changed'] = datetime_convert(); - $datarray['mid'] = $mid; - $datarray['parent_mid'] = $parent_mid; - $datarray['mimetype'] = $content_type; - $datarray['title'] = $title; - $datarray['body'] = $body; - $datarray['app'] = $app; - $datarray['location'] = $location; - $datarray['coord'] = $coord; - $datarray['inform'] = $inform; - $datarray['verb'] = $verb; - $datarray['allow_cid'] = $str_contact_allow; - $datarray['allow_gid'] = $str_group_allow; - $datarray['deny_cid'] = $str_contact_deny; - $datarray['deny_gid'] = $str_group_deny; - $datarray['item_private'] = $private; - $datarray['attach'] = $attachments; - $datarray['thr_parent'] = $thr_parent; - $datarray['postopts'] = ''; - $datarray['item_restrict'] = $item_restrict; - $datarray['item_flags'] = $item_flags; - + $datarray['aid'] = $channel['channel_account_id']; + $datarray['uid'] = $profile_uid; + + $datarray['owner_xchan'] = (($owner_hash) ? $owner_hash : $owner_xchan['xchan_hash']); + $datarray['author_xchan'] = $observer['xchan_hash']; + $datarray['created'] = datetime_convert(); + $datarray['edited'] = datetime_convert(); + $datarray['expires'] = $expires; + $datarray['commented'] = datetime_convert(); + $datarray['received'] = datetime_convert(); + $datarray['changed'] = datetime_convert(); + $datarray['mid'] = $mid; + $datarray['parent_mid'] = $parent_mid; + $datarray['mimetype'] = $mimetype; + $datarray['title'] = $title; + $datarray['body'] = $body; + $datarray['app'] = $app; + $datarray['location'] = $location; + $datarray['coord'] = $coord; + $datarray['inform'] = $inform; + $datarray['verb'] = $verb; + $datarray['allow_cid'] = $str_contact_allow; + $datarray['allow_gid'] = $str_group_allow; + $datarray['deny_cid'] = $str_contact_deny; + $datarray['deny_gid'] = $str_group_deny; + $datarray['item_private'] = $private; + $datarray['attach'] = $attachments; + $datarray['thr_parent'] = $thr_parent; + $datarray['postopts'] = ''; + $datarray['item_restrict'] = $item_restrict; + $datarray['item_flags'] = $item_flags; + $datarray['layout_mid'] = $layout_mid; $datarray['comment_policy'] = map_scope($channel['channel_w_comment']); // preview mode - prepare the body for display and send it via json @@ -652,7 +673,7 @@ function item_post(&$a) { $post_id = 0; - $post_id = item_store($datarray); + $post_id = item_store($datarray,$execflag); if($post_id) { logger('mod_item: saved item ' . $post_id); @@ -764,20 +785,28 @@ function item_post(&$a) { intval($parent) ); - if($webpage) { + $page_type = ''; + + if($webpage & ITEM_WEBPAGE) + $page_type = 'WEBPAGE'; + elseif($webpage & ITEM_BUILDBLOCK) + $page_type = 'BUILDBLOCK'; + elseif($webpage & ITEM_PDL) + $page_type = 'PDL'; + + if($page_type) { // store page info as an alternate message_id so we can access it via // https://sitename/page/$channelname/$pagetitle // if no pagetitle was given or it couldn't be transliterated into a url, use the first // sixteen bytes of the mid - which makes the link portable and not quite as daunting // as the entire mid. If it were the post_id the link would be less portable. - // We should have the ability to edit this and arrange pages into menus via the pages module q("insert into item_id ( iid, uid, sid, service ) values ( %d, %d, '%s','%s' )", intval($post_id), intval($channel['channel_id']), dbesc(($pagetitle) ? $pagetitle : substr($mid,0,16)), - dbesc('WEBPAGE') + dbesc($page_type) ); } diff --git a/mod/layouts.php b/mod/layouts.php new file mode 100644 index 000000000..78d142c47 --- /dev/null +++ b/mod/layouts.php @@ -0,0 +1,82 @@ +<?php + +function layouts_content(&$a) { + + if(argc() > 1) + $which = argv(1); + else { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + profile_load($a,$which,0); + + + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + +// Get the observer, check their permissions + + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + +// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages +// Nickname is set to the observers xchan, and profile_uid to the owners. This lets you post pages at other people's channels. +require_once ('include/conversation.php'); + $x = array( + 'webpage' => ITEM_PDL, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'bang' => (($group || $cid) ? '!' : ''), + 'visitor' => 'block', + 'profile_uid' => intval($owner), + ); + + $o .= status_editor($a,$x); + + //Get a list of blocks. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. +//TODO - this should be replaced with pagelist_widget + +$r = q("select * from item_id where uid = %d and service = 'PDL' order by sid asc", + intval($owner) +); + + $pages = null; + + if($r) { + $pages = array(); + foreach($r as $rr) { + $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']); + } + } + + +//Build the base URL for edit links + $url = z_root() . "/editlayout/" . $which; +// This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM). + return $o . replace_macros(get_markup_template("webpagelist.tpl"), array( + '$baseurl' => $url, + '$edit' => t('Edit'), + '$pages' => $pages, + '$channel' => $which, + '$view' => t('View'), + '$preview' => '1', + + )); + + +} diff --git a/mod/page.php b/mod/page.php index c63932b5e..b227227bb 100644 --- a/mod/page.php +++ b/mod/page.php @@ -61,6 +61,19 @@ function page_content(&$a) { return; } + if($r[0]['layout_mid']) { + $l = q("select body from item where mid = '%s' and uid = %d limit 1", + dbesc($r[0]['layout_mid']), + intval($u[0]['channel_id']) + ); + + if($l) { + require_once('include/comanche.php'); + comanche_parser(get_app(),$l[0]['body']); + } + } + + // Use of widgets should be determined by Comanche, but we don't have it yet, so... if ($perms['write_pages']) { diff --git a/mod/webpages.php b/mod/webpages.php index fb133eccf..559b176fc 100644 --- a/mod/webpages.php +++ b/mod/webpages.php @@ -41,21 +41,27 @@ function webpages_content(&$a) { return; } + $mimetype = get_config('system','page_mimetype'); + if(! $mimetype) + $mimetype = 'choose'; + // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages // Nickname is set to the observers xchan, and profile_uid to the owners. This lets you post pages at other people's channels. require_once ('include/conversation.php'); $x = array( - 'webpage' => 1, + 'webpage' => ITEM_WEBPAGE, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), 'bang' => (($group || $cid) ? '!' : ''), 'visitor' => 'block', 'profile_uid' => intval($owner), + 'mimetype' => $mimetype, ); $o .= status_editor($a,$x); + //Get a list of webpages. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. //TODO - this should be replaced with pagelist_widget |