From fff30b1c3d7030ff63c880c13bcb47e2932cd1b8 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 15 Nov 2015 19:36:17 -0800 Subject: permission issues editing wall-to-wall posts --- doc/hooklist.bb | 3 +++ include/text.php | 11 +++++++++-- mod/editpost.php | 14 +++++++------- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/doc/hooklist.bb b/doc/hooklist.bb index 2285ef1cf..45a4861d9 100644 --- a/doc/hooklist.bb +++ b/doc/hooklist.bb @@ -263,6 +263,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the [zrl=[baseurl]/help/hook/logged_in]logged_in[/zrl] Called when authentication by any means has succeeeded +[zrl=[baseurl]/help/hook/logger]logger[/zrl] + Called when making an entry to the application logfile + [zrl=[baseurl]/help/hook/logging_out]logging_out[/zrl] Called when logging out diff --git a/include/text.php b/include/text.php index ed0e21a71..166dbb4fb 100644 --- a/include/text.php +++ b/include/text.php @@ -531,11 +531,12 @@ function attribute_contains($attr, $s) { * LOGGER_DATA and LOGGER_ALL. * * Since PHP5.4 we get the file, function and line automatically where the logger - * was caleld, so no need to add it to the message anymore. + * was called, so no need to add it to the message anymore. * * @param string $msg Message to log * @param int $level A log level. */ + function logger($msg, $level = 0) { // turn off logger in install mode global $a; @@ -557,7 +558,13 @@ function logger($msg, $level = 0) { $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; } - @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $where . $msg . PHP_EOL, FILE_APPEND); + $s = datetime_convert() . ':' . session_id() . ' ' . $where . $msg . PHP_EOL; + $pluginfo = array('filename' => $logfile, 'loglevel' => $level, 'message' => $s,'logged' => false); + + call_hooks('logger',$pluginfo); + + if(! $pluginfo['logged']) + @file_put_contents($logfile, $s, FILE_APPEND); } /** diff --git a/mod/editpost.php b/mod/editpost.php index 2f999858f..bd46ac14a 100644 --- a/mod/editpost.php +++ b/mod/editpost.php @@ -21,9 +21,9 @@ function editpost_content(&$a) { return; } - $itm = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d and author_xchan = '%s' LIMIT 1", + $itm = q("SELECT * FROM `item` WHERE `id` = %d AND ( owner_xchan = '%s' OR author_xchan = '%s' ) LIMIT 1", intval($post_id), - intval(local_channel()), + dbesc(get_observer_hash()), dbesc(get_observer_hash()) ); @@ -37,6 +37,8 @@ function editpost_content(&$a) { } + $owner_uid = $itm[0]['uid']; + $plaintext = true; // if(feature_enabled(local_channel(),'richtext')) @@ -71,14 +73,12 @@ function editpost_content(&$a) { call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); - $channel = $a->get_channel(); - //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); - $voting = feature_enabled(local_channel(),'consensus_tools'); + $voting = feature_enabled($owner_uid,'consensus_tools'); $category = ''; - $catsenabled = ((feature_enabled(local_channel(),'categories')) ? 'categories' : ''); + $catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : ''); if ($catsenabled){ $itm = fetch_post_tags($itm); @@ -145,7 +145,7 @@ function editpost_content(&$a) { '$lockstate' => $lockstate, '$acl' => '', '$bang' => '', - '$profile_uid' => local_channel(), + '$profile_uid' => $owner_uid, '$preview' => t('Preview'), '$jotplugins' => $jotplugins, '$sourceapp' => t($a->sourcename), -- cgit v1.2.3