From 9be4fcce551f32b19af0ba8cbbc71c6e3ef66632 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 11 Nov 2014 22:55:24 -0800 Subject: uid not set in webpages.php, start on editwebpage.php --- mod/editwebpage.php | 108 ++++++++++++++++++++++++++++++++++------------------ mod/webpages.php | 2 +- 2 files changed, 72 insertions(+), 38 deletions(-) diff --git a/mod/editwebpage.php b/mod/editwebpage.php index 41b5bb3e7..7b5f9f602 100644 --- a/mod/editwebpage.php +++ b/mod/editwebpage.php @@ -1,26 +1,74 @@ 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + +} -require_once('acl_selectors.php'); function editwebpage_content(&$a) { - // We first need to figure out who owns the webpage, grab it from an argument + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } $which = argv(1); - // $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves. - - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) - ); - if($r) { - $owner = intval($r[0]['channel_id']); - //logger('owner: ' . print_r($owner,true)); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } } - $is_owner = ((local_user() && local_user() == $owner) ? true : false); + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + + $is_owner = (($uid && $uid == $owner) ? true : false); $o = ''; @@ -33,9 +81,6 @@ function editwebpage_content(&$a) { return; } - // Now we've got a post and an owner, let's find out if we're allowed to edit it - - $observer = $a->get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); $perms = get_all_perms($owner,$ob_hash); @@ -45,14 +90,13 @@ function editwebpage_content(&$a) { return; } + // We've already figured out which item we want and whose copy we need, + // so we don't need anything fancy here - - // We've already figured out which item we want and whose copy we need, so we don't need anything fancy here $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), intval($owner) - ); - + ); if($itm[0]['item_flags'] & ITEM_OBSCURED) { $key = get_config('system','prvkey'); @@ -63,23 +107,17 @@ function editwebpage_content(&$a) { } $item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", - $itm[0]['id'] + intval($itm[0]['id']) ); if($item_id) $page_title = $item_id[0]['sid']; - - - $plaintext = true; -// if(feature_enabled($itm[0]['uid'],'richtext')) -// $plaintext = false; - $mimetype = $itm[0]['mimetype']; if($mimetype === 'application/x-php') { - if((! local_user()) || (local_user() != $itm[0]['uid'])) { + if((! $uid) || ($uid != $itm[0]['uid'])) { notice( t('Permission denied.') . EOL); return; } @@ -101,7 +139,6 @@ function editwebpage_content(&$a) { else $layoutselect = layout_select($itm[0]['uid'],$itm[0]['layout_mid']); - $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( '$title' => t('Edit Webpage') )); @@ -112,7 +149,7 @@ function editwebpage_content(&$a) { '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), '$ispublic' => ' ', // t('Visible to everybody'), '$geotag' => $geotag, - '$nickname' => $a->user['nickname'], + '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete webpage?') )); @@ -124,12 +161,9 @@ function editwebpage_content(&$a) { call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); - - $channel = $a->get_channel(); - - //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); -//FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list. + // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD + // instead of loading a sensible page. So, send folk to the webpage list. $rp = 'webpages/' . $which; @@ -171,16 +205,16 @@ function editwebpage_content(&$a) { 'lockstate' => (((strlen($itm[0]['allow_cid'])) || (strlen($itm[0]['allow_gid'])) || (strlen($itm[0]['deny_cid'])) || (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'), '$bang' => '', '$profile_uid' => (intval($owner)), - '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), + '$preview' => ((feature_enabled($uid,'preview')) ? t('Preview') : ''), '$jotplugins' => $jotplugins, - '$sourceapp' => t($a->sourcename), + '$sourceapp' => $a->sourcename, '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date'), )); - $ob = get_observer_hash(); + $ob = (($observer) ? $observer['xchan_hash'] : ''); if(($itm[0]['author_xchan'] === $ob) || ($itm[0]['owner_xchan'] === $ob)) $o .= '

' . t('Delete Webpage') . '
'; diff --git a/mod/webpages.php b/mod/webpages.php index aca7559f9..baddebec8 100644 --- a/mod/webpages.php +++ b/mod/webpages.php @@ -33,7 +33,7 @@ function webpages_content(&$a) { $which = argv(1); - $uid = 0; + $uid = local_user(); $owner = 0; $channel = null; $observer = $a->get_observer(); -- cgit v1.2.3