From fc533107ed49735aad5ba39bf02b87ed7ac870b6 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sun, 12 Mar 2017 21:55:24 -0700
Subject: better handling of mimetype security

---
 Zotlabs/Lib/System.php         |  2 --
 Zotlabs/Module/Editwebpage.php |  2 --
 Zotlabs/Module/Item.php        | 23 +++++++----------------
 3 files changed, 7 insertions(+), 20 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Lib/System.php b/Zotlabs/Lib/System.php
index 865cb9a30..3d5b18506 100644
--- a/Zotlabs/Lib/System.php
+++ b/Zotlabs/Lib/System.php
@@ -54,8 +54,6 @@ class System {
 		return 'https://github.com/redmatrix/hubzilla';
 	}
 
-
-
 	static public function get_server_role() {
 		return 'pro';
 	}
diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php
index 3d4af107d..97f4a32ff 100644
--- a/Zotlabs/Module/Editwebpage.php
+++ b/Zotlabs/Module/Editwebpage.php
@@ -130,8 +130,6 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 	
 		$layout = $itm[0]['layout_mid'];
 	
-		$tpl = get_markup_template("jot.tpl");
-
 		$rp = 'webpages/' . $which;
 
 		$x = array(
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 4725ecb38..afac1542d 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -480,22 +480,13 @@ class Item extends \Zotlabs\Web\Controller {
 	
 		$execflag = false;
 	
-		if($mimetype !== 'text/bbcode') {
-			$z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
-				intval($profile_uid)
-			);
-			if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
-				if($uid && (get_account_id() == $z[0]['account_id'])) {
-					$execflag = true;
-				}
-				else {
-					notice( t('Executable content type not permitted to this channel.') . EOL);
-					if($api_source)
-						return ( [ 'success' => false, 'message' => 'forbidden content type' ] );	
-					if(x($_REQUEST,'return')) 
-						goaway(z_root() . "/" . $return_path );
-					killme();
-				}
+		$z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id 
+			where channel_id = %d limit 1",
+			intval($profile_uid)
+		);
+		if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
+			if($uid && (intval(get_account_id()) == intval($z[0]['account_id']))) {
+				$execflag = true;
 			}
 		}
 	
-- 
cgit v1.2.3