From ed7712cfbf9835368de79f8686954b536c12e4d1 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 21 Oct 2014 16:33:35 -0700
Subject: private forum issues

---
 mod/item.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'mod/item.php')

diff --git a/mod/item.php b/mod/item.php
index ac15e50e8..589e3beb1 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -257,10 +257,16 @@ function item_post(&$a) {
 		killme();
 	}
 
+	$walltowall = false;
+
 	if($observer) {
 		logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG);
+		if($observer['xchan_name'] != $owner_xchan['xchan_name'])
+			$walltowall = true;		
 	}
 		
+
+
 	$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true));
 	if($webpage)
 		$public_policy = '';
@@ -329,6 +335,15 @@ function item_post(&$a) {
 			$str_group_deny    = $channel['channel_deny_gid'];
 			$str_contact_deny  = $channel['channel_deny_cid'];
 		}
+		elseif($walltowall) {
+
+			// use the channel owner's default permissions
+
+			$str_group_allow   = $channel['channel_allow_gid'];
+			$str_contact_allow = $channel['channel_allow_cid'];
+			$str_group_deny    = $channel['channel_deny_gid'];
+			$str_contact_deny  = $channel['channel_deny_cid'];
+		}
 		else {
 
 			// use the posted permissions
-- 
cgit v1.2.3


From 58c692e3897a7807fed23e2633496c4960f022ca Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 22 Oct 2014 20:39:49 -0700
Subject: improved wall-to-wall detection for comments so we can handle
 Diaspora signing and wall-to-wall attribution correctly. Do it at the point
 of submission. This also fixes a potential bug in yesterday's wall-to-wall
 permission setting, if it was a local comment to a remote post.

---
 mod/item.php | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

(limited to 'mod/item.php')

diff --git a/mod/item.php b/mod/item.php
index 589e3beb1..ad567b21f 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -258,15 +258,26 @@ function item_post(&$a) {
 	}
 
 	$walltowall = false;
+	$walltowall_comment = false;
 
 	if($observer) {
 		logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG);
-		if($observer['xchan_name'] != $owner_xchan['xchan_name'])
-			$walltowall = true;		
-	}
-		
 
+		// wall-to-wall detection.
+		// For top-level posts, if the author and owner are different it's a wall-to-wall
+		// For comments, We need to additionally look at the parent and see if it's a wall post that originated locally.
 
+		if($observer['xchan_name'] != $owner_xchan['xchan_name'])  {
+			if($parent_item && ($parent_item['item_flags'] & (ITEM_WALL|ITEM_ORIGIN)) == (ITEM_WALL|ITEM_ORIGIN)) {
+				$walltowall_comment = true;
+				$walltowall = true;
+			}
+			if(! $parent) {
+				$walltowall = true;		
+			}
+		}
+	}
+		
 	$public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true));
 	if($webpage)
 		$public_policy = '';
@@ -874,10 +885,9 @@ function item_post(&$a) {
 
 	if($parent) {
 		// Store the comment signature information in case we need to relay to Diaspora
-//FIXME
 		$ditem = $datarray;
 		$ditem['author'] = $observer;
-		store_diaspora_comment_sig($ditem,$channel,$parent_item, $post_id);
+		store_diaspora_comment_sig($ditem,$channel,$parent_item, $post_id, (($walltowall_comment) ? 1 : 0));
 	}
 
 	update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid);
-- 
cgit v1.2.3


From 38801f802f9fd0eedd68e00ddf6707ace7220eba Mon Sep 17 00:00:00 2001
From: Thomas Willingham <beardyunixer@beardyunixer.com>
Date: Fri, 24 Oct 2014 17:46:31 +0100
Subject: Issue #661

---
 mod/item.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'mod/item.php')

diff --git a/mod/item.php b/mod/item.php
index ad567b21f..dd6d0e217 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -77,7 +77,7 @@ function item_post(&$a) {
 	$preview     = ((x($_REQUEST,'preview'))     ? intval($_REQUEST['preview'])        : 0);
 	$categories  = ((x($_REQUEST,'category'))    ? escape_tags($_REQUEST['category'])  : '');
 	$webpage     = ((x($_REQUEST,'webpage'))     ? intval($_REQUEST['webpage'])        : 0);
-	$pagetitle   = ((x($_REQUEST,'pagetitle'))   ? escape_tags($_REQUEST['pagetitle']) : '');
+    $pagetitle   = ((x($_REQUEST,'pagetitle'))   ? escape_tags(urlencode($_REQUEST['pagetitle'])) : '');
 	$layout_mid  = ((x($_REQUEST,'layout_mid'))  ? escape_tags($_REQUEST['layout_mid']): '');
 	$plink       = ((x($_REQUEST,'permalink'))   ? escape_tags($_REQUEST['permalink']) : '');
 
-- 
cgit v1.2.3


From 9cc76cb33da489c01731ecb5195f8bb3d51ce513 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 27 Oct 2014 19:21:41 -0700
Subject: several unrelated things - auto_follow wasn't working for new
 accounts, error returned in private mention to a collection, and added
 auto-completion to photo tags; though it only matches people so the hover
 text is now wrong. Also made the photo edit form XHTML (XML) compliant.

---
 mod/item.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'mod/item.php')

diff --git a/mod/item.php b/mod/item.php
index dd6d0e217..22d285571 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -1181,9 +1181,10 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) {
 			if(local_user() && local_user() == $profile_uid) {
 				require_once('include/group.php');
 				$grp = group_byname($profile_uid,$name);
+
 				if($grp) {
 					$g = q("select hash from groups where id = %d and visible = 1 limit 1",
-						intval($grp[0]['id'])
+						intval($grp)
 					);
 					if($g && $exclusive) {
 						$access_tag .= 'gid:' . $g[0]['hash'];
-- 
cgit v1.2.3


From 7d9f785758ee6e4c19838e532f9930e227e95fc6 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 28 Oct 2014 20:01:44 -0700
Subject: if any privacy tags are created on a top level post, restrict the
 post; since it could have been quite sensitive. If there were errors
 processing the actual tag restrict the post to the profile owner. Also make
 the "privacy tag over-rides ACL" behaviour configurable. Default is that
 privacy tags over-ride the ACL.

---
 mod/item.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'mod/item.php')

diff --git a/mod/item.php b/mod/item.php
index 22d285571..3dea8809c 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -596,7 +596,14 @@ function item_post(&$a) {
 				logger('handle_tag: ' . print_r($success,tue), LOGGER_DATA);
 				if(($access_tag) && (! $parent_item)) {
 					logger('access_tag: ' . $tag . ' ' . print_r($access_tag,true), LOGGER_DATA);
-					if ($first_access_tag) {
+					if ($first_access_tag && (! get_pconfig($profile_uid,'system','no_private_mention_acl_override'))) {
+
+						// This is a tough call, hence configurable. The issue is that one can type in a @!privacy mention
+						// and also have a default ACL (perhaps from viewing a collection) and could be suprised that the 
+						// privacy mention wasn't the only recipient. So the default is to wipe out the existing ACL if a
+						// private mention is found. This can be over-ridden if you wish private mentions to be in 
+						// addition to the current ACL settings.
+
 						$str_contact_allow = '';
 						$str_group_allow = '';
 						$first_access_tag = false;
@@ -1162,6 +1169,8 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) {
 
 		// $r is set if we found something
 
+		$channel = get_app()->get_channel();
+
 		if($r) {
 			$profile = $r[0]['xchan_url'];
 			$newname = $r[0]['xchan_name'];
@@ -1198,6 +1207,10 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) {
 			}
 		}
 
+		if(($exclusive) && (! $access_tag)) {
+			$access_tag .= 'cid:' . $channel['channel_hash'];
+		}			
+
 		// if there is an url for this channel
 
 		if(isset($profile)) {
-- 
cgit v1.2.3


From a80e696b772d75a6b2bc5c1846f84ba538ee6289 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 3 Nov 2014 17:35:42 -0800
Subject: wall posted comment to a top-level wall post which arrived via a
 route (e.g. was posted to a forum) had no route, hence downstream recipients
 report route mismatch

---
 mod/item.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'mod/item.php')

diff --git a/mod/item.php b/mod/item.php
index 3dea8809c..e7d886b00 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -112,6 +112,7 @@ function item_post(&$a) {
 	$parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0);
 	$parent_mid = ((x($_REQUEST,'parent_mid')) ? trim($_REQUEST['parent_mid']) : '');
 
+	$route = '';
 	$parent_item = null;
 	$parent_contact = null;
 	$thr_parent = '';
@@ -163,6 +164,7 @@ function item_post(&$a) {
 
 		$thr_parent = $parent_mid;
 
+		$route = $parent_item['route'];
 
 	}
 
@@ -753,6 +755,7 @@ function item_post(&$a) {
 	$datarray['comment_policy'] = map_scope($channel['channel_w_comment']); 
 	$datarray['term']           = $post_tags;
 	$datarray['plink']          = $plink;
+	$datarray['route']          = $route;
 
 	// preview mode - prepare the body for display and send it via json
 
-- 
cgit v1.2.3