From 110ef6201e0a3731967a662afed1606b7077d0b0 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 16 Jan 2016 14:00:22 -0800 Subject: add $deliver flag to item_store() and item_store_update() [default true]. If false, do not send any notifications or process tag_deliver. This should avoid any network activity from happening as the result of a channel (actually item) import. Other minor fixes in the handling of the $allow_exec flag and further protecting CSS passed to widgets from rogue code and XSS. --- mod/item.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod/item.php') diff --git a/mod/item.php b/mod/item.php index b6d00e030..f100c9dfe 100644 --- a/mod/item.php +++ b/mod/item.php @@ -446,7 +446,7 @@ function item_post(&$a) { $execflag = false; - if($mimetype === 'application/x-php') { + if($mimetype !== 'text/bbcode') { $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", intval($profile_uid) ); -- cgit v1.2.3