From 7639157a4907e9dbdffe6dd24f4f687f4cce6f01 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 21 Nov 2020 20:15:05 +0000 Subject: restrict returned html usage to local_channel() until some issues will be worked out --- Zotlabs/Module/Item.php | 28 +++++++++----- Zotlabs/Module/Like.php | 101 +++++++++++++++++++++++++----------------------- view/js/main.js | 54 ++++++++++++++++---------- view/tpl/head.tpl | 2 +- 4 files changed, 104 insertions(+), 81 deletions(-) diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 66c18fefd..ce344ee82 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -1374,16 +1374,24 @@ class Item extends Controller { goaway(z_root() . "/" . $return_path); } - $item[] = $datarray; - $item[0]['owner'] = $owner_xchan; - $item[0]['author'] = $observer; - $item[0]['attach'] = json_encode($datarray['attach']); - - $json = [ - 'success' => 1, - 'id' => $post_id, - 'html' => conversation($item,'network',true,'r_preview'), - ]; + + if(local_channel()) { + $item[] = $datarray; + $item[0]['owner'] = $owner_xchan; + $item[0]['author'] = $observer; + $item[0]['attach'] = json_encode($datarray['attach']); + + $json = [ + 'success' => 1, + 'id' => $post_id, + 'html' => conversation($item,'network',true,'r_preview'), + ]; + } + else { + $json = [ + 'success' => 1 + ]; + } if(x($_REQUEST,'jsreload') && strlen($_REQUEST['jsreload'])) $json['reload'] = z_root() . '/' . $_REQUEST['jsreload']; diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 638ec6a78..02fc87756 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -368,31 +368,33 @@ class Like extends \Zotlabs\Web\Controller { return; if(! $multi_undo) { - $item_normal = item_normal(); - $activities = q("SELECT item.*, item.id AS item_id FROM item - WHERE uid = %d $item_normal - AND thr_parent = '%s' - AND verb IN ('%s', '%s', '%s', '%s', '%s')", - intval($owner_uid), - dbesc($item['mid']), - dbesc(ACTIVITY_LIKE), - dbesc(ACTIVITY_DISLIKE), - dbesc(ACTIVITY_ATTEND), - dbesc(ACTIVITY_ATTENDNO), - dbesc(ACTIVITY_ATTENDMAYBE) - ); - xchan_query($activities,true); - $convitems[] = $item; - $convitems = array_merge($convitems, $activities); - - $json = [ - 'success' => 1, - 'orig_id' => $item_id, - 'id' => $item['id'], - 'html' => conversation($convitems,'network',true,'r_preview'), - ]; - - echo json_encode($json); + if(local_channel()) { + $item_normal = item_normal(); + $activities = q("SELECT item.*, item.id AS item_id FROM item + WHERE uid = %d $item_normal + AND thr_parent = '%s' + AND verb IN ('%s', '%s', '%s', '%s', '%s')", + intval($owner_uid), + dbesc($item['mid']), + dbesc(ACTIVITY_LIKE), + dbesc(ACTIVITY_DISLIKE), + dbesc(ACTIVITY_ATTEND), + dbesc(ACTIVITY_ATTENDNO), + dbesc(ACTIVITY_ATTENDMAYBE) + ); + xchan_query($activities,true); + $convitems[] = $item; + $convitems = array_merge($convitems, $activities); + + $json = [ + 'success' => 1, + 'orig_id' => $item_id, + 'id' => $item['id'], + 'html' => conversation($convitems,'network',true,'r_preview'), + ]; + + echo json_encode($json); + } killme(); } @@ -531,33 +533,34 @@ class Like extends \Zotlabs\Web\Controller { call_hooks('post_local',$arr); - $post = item_store($arr); $post_id = $post['item_id']; - $item_normal = item_normal(); - $activities = q("SELECT item.*, item.id AS item_id FROM item - WHERE uid = %d $item_normal - AND thr_parent = '%s' - AND verb IN ('%s', '%s', '%s', '%s', '%s')", - intval($owner_uid), - dbesc($item['mid']), - dbesc(ACTIVITY_LIKE), - dbesc(ACTIVITY_DISLIKE), - dbesc(ACTIVITY_ATTEND), - dbesc(ACTIVITY_ATTENDNO), - dbesc(ACTIVITY_ATTENDMAYBE) - ); - xchan_query($activities,true); - $convitems[] = $item; - $convitems = array_merge($convitems, $activities); - - $json = [ - 'success' => 1, - 'orig_id' => $item_id, //this is required for pubstream where $item_id != $item['id'] - 'id' => $item['id'], - 'html' => conversation($convitems,'network',true,'r_preview'), - ]; + if(local_channel()) { + $item_normal = item_normal(); + $activities = q("SELECT item.*, item.id AS item_id FROM item + WHERE uid = %d $item_normal + AND thr_parent = '%s' + AND verb IN ('%s', '%s', '%s', '%s', '%s')", + intval($owner_uid), + dbesc($item['mid']), + dbesc(ACTIVITY_LIKE), + dbesc(ACTIVITY_DISLIKE), + dbesc(ACTIVITY_ATTEND), + dbesc(ACTIVITY_ATTENDNO), + dbesc(ACTIVITY_ATTENDMAYBE) + ); + xchan_query($activities,true); + $convitems[] = $item; + $convitems = array_merge($convitems, $activities); + + $json = [ + 'success' => 1, + 'orig_id' => $item_id, //this is required for pubstream where $item_id != $item['id'] + 'id' => $item['id'], + 'html' => conversation($convitems,'network',true,'r_preview'), + ]; + } // save the conversation from expiration diff --git a/view/js/main.js b/view/js/main.js index b7cfb75db..5b6431858 100644 --- a/view/js/main.js +++ b/view/js/main.js @@ -1148,24 +1148,30 @@ function justifyPhotosAjax(id) { function dolike(ident, verb) { $('#like-rotator-' + ident.toString()).show(); - $.get('like/' + ident.toString() + '?verb=' + verb, function (data) { - data = JSON.parse(data); - if(data.success) { - // this is a bit tricky since the top level thread wrapper wraps the whole thread - if($('#thread-wrapper-' + data.orig_id).hasClass('toplevel_item')) { - var wrapper = $('
').html( data.html ).find('#wall-item-outside-wrapper-' + data.id); - $('#wall-item-outside-wrapper-' + data.orig_id).html(wrapper[0].innerHTML); - // those were not replaced - swap the id - $('#thread-wrapper-' + data.orig_id).attr('id', 'thread-wrapper-' + data.id); - $('#wall-item-outside-wrapper-' + data.orig_id).attr('id', 'wall-item-outside-wrapper-' + data.id); - } - else { - $('#thread-wrapper-' + data.orig_id).replaceWith(data.html); + + if(! localUser) { + $.get('like/' + ident.toString() + '?verb=' + verb, updateInit); + } + else { + $.get('like/' + ident.toString() + '?verb=' + verb, function (data) { + data = JSON.parse(data); + if(data.success) { + // this is a bit tricky since the top level thread wrapper wraps the whole thread + if($('#thread-wrapper-' + data.orig_id).hasClass('toplevel_item')) { + var wrapper = $('
').html( data.html ).find('#wall-item-outside-wrapper-' + data.id); + $('#wall-item-outside-wrapper-' + data.orig_id).html(wrapper[0].innerHTML); + // those were not replaced - swap the id + $('#thread-wrapper-' + data.orig_id).attr('id', 'thread-wrapper-' + data.id); + $('#wall-item-outside-wrapper-' + data.orig_id).attr('id', 'wall-item-outside-wrapper-' + data.id); + } + else { + $('#thread-wrapper-' + data.orig_id).replaceWith(data.html); + } + $('#wall-item-ago-' + data.id + ' .autotime').timeago(); + liking = 0; } - $('#wall-item-ago-' + data.id + ' .autotime').timeago(); - liking = 0; - } - }); + }); + } liking = 1; } @@ -1374,10 +1380,16 @@ function post_comment(id) { localStorage.removeItem("comment_body-" + id); $("#comment-edit-preview-" + id).hide(); $("#comment-edit-text-" + id).val('').blur().attr('placeholder', aStr.comment); - $('#wall-item-comment-wrapper-' + id).before(data.html); - $('#wall-item-ago-' + data.id + ' .autotime').timeago(); - $('body').css('cursor', 'unset'); - commentBusy = false; + + if(! localUser) { + updateInit(); + } + else { + $('#wall-item-comment-wrapper-' + id).before(data.html); + $('#wall-item-ago-' + data.id + ' .autotime').timeago(); + $('body').css('cursor', 'unset'); + commentBusy = false; + } var tarea = document.getElementById("comment-edit-text-" + id); if(tarea) { diff --git a/view/tpl/head.tpl b/view/tpl/head.tpl index 0d212e029..ecb30afd3 100755 --- a/view/tpl/head.tpl +++ b/view/tpl/head.tpl @@ -14,7 +14,7 @@ var zid = {{if $zid}}'{{$zid}}'{{else}}null{{/if}}; var justifiedGalleryActive = false; {{if $channel_hash}}var channelHash = '{{$channel_hash}}';{{/if}} - {{if $channel_id}}var channelId = '{{$channel_id}}';{{/if}}{{* Used in e.g. autocomplete *}} + var channelId = {{if $channel_id}}{{$channel_id}}{{else}}false{{/if}};{{* Used in e.g. autocomplete *}} var preloadImages = {{$preload_images}}; var auto_save_draft = {{$auto_save_draft}}; -- cgit v1.2.3