From 9d5b6858ea627b5eb6115cacd870ef0277f87b2a Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 21 Aug 2017 02:01:41 -0700 Subject: stream_perms_xchans wasn't working which has effects in mod_display and there are also issues with the oembed provider for mod_display. This is a first cut for the second but hasn't yet been tested --- Zotlabs/Module/Oep.php | 64 +++++++++++++++++++++++++++++++++----------------- include/security.php | 3 ++- 2 files changed, 45 insertions(+), 22 deletions(-) diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index 07094c1de..a3453ff31 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -67,44 +67,66 @@ class Oep extends \Zotlabs\Web\Controller { $maxwidth = intval($args['maxwidth']); $maxheight = intval($args['maxheight']); - if(preg_match('#//(.*?)/(.*?)/(.*?)/(.*?)mid\=(.*?)(&|$)#',$url,$matches)) { - $chn = $matches[3]; - $res = $matches[5]; + if(preg_match('#//display/(.*?)(&|\?|$)#',$url,$matches)) { + $res = $matches[1]; } - - if(! ($chn && $res)) - return; - $c = q("select * from channel where channel_address = '%s' limit 1", - dbesc($chn) + + if(strpos($res,'b64.') === 0) { + $res = base64url_decode(substr($res,4)); + } + + $item_normal = item_normal(); + + $p = q("select * from item where mid like '%s' limit 1", + dbesc($res . '%'), ); + + if(! $p) + return; + + $c = channelx_by_n($p[0]['uid']); + - if(! $c) + if(! ($c && $res)) return; - $sql_extra = item_permissions_sql($c[0]['channel_id']); + $sql_extra = item_permissions_sql($c['channel_id']); - $p = q("select * from item where mid = '%s' and uid = %d $sql_extra limit 1", - dbesc($res), - intval($c[0]['channel_id']) + $p = q("select * from item where mid like '%s' and uid = %d $sql_extra $item_normal limit 1", + dbesc($res . '%'), + intval($c['channel_id']) ); + if(! $p) return; xchan_query($p,true); $p = fetch_post_tags($p,true); + + // This function can get tripped up if the item is already a reshare + // (the multiple share declarations do not parse cleanly if nested) + // So build a template with a known nonsense string as the content, and then + // replace that known string with the actual rendered content, sending + // each content layer through bbcode() separately. + + $x = '2eGriplW^*Jmf4'; + $o = "[share author='".urlencode($p[0]['author']['xchan_name']). - "' profile='".$p[0]['author']['xchan_url'] . - "' avatar='".$p[0]['author']['xchan_photo_s']. - "' link='".$p[0]['plink']. - "' posted='".$p[0]['created']. - "' message_id='".$p[0]['mid']."']"; + "' profile='".$p[0]['author']['xchan_url'] . + "' avatar='".$p[0]['author']['xchan_photo_s']. + "' link='".$p[0]['plink']. + "' posted='".$p[0]['created']. + "' message_id='".$p[0]['mid']."']"; if($p[0]['title']) - $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; - $o .= $p[0]['body']; - $o .= "[/share]"; + $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; + + $o .= $x; + $o .= "[/share]"; $o = bbcode($o); + $o = str_replace($x,bbcode($p[0]['body']),$o); + $ret['type'] = 'rich'; $w = (($maxwidth) ? $maxwidth : 640); diff --git a/include/security.php b/include/security.php index 6e7b3dbb2..16c6f1680 100644 --- a/include/security.php +++ b/include/security.php @@ -640,7 +640,7 @@ function stream_perms_xchans($perms = NULL ) { if(local_channel()) $ret[] = get_observer_hash(); - $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' "); + $x = q("select uid, v from pconfig where cat = 'perm_limits' and k = 'view_stream' "); if($x) { $y = []; foreach($x as $xv) { @@ -650,6 +650,7 @@ function stream_perms_xchans($perms = NULL ) { } if($y) { $ids = ids_to_querystr($y,'uid'); + $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ", intval(PAGE_ADULT|PAGE_CENSORED) ); -- cgit v1.2.3