preserve code blocks on item import if channel has code rights. When importing the channel itself,
turn code access off unless this is the admin.
This commit is contained in:
		| @@ -896,6 +896,55 @@ require_once('include/items.php'); | |||||||
| 	api_register_func('api/red/item/new','red_item_new', true); | 	api_register_func('api/red/item/new','red_item_new', true); | ||||||
|  |  | ||||||
|  |  | ||||||
|  | 	function red_item(&$a, $type) { | ||||||
|  |  | ||||||
|  | 		if (api_user() === false) { | ||||||
|  | 			logger('api_red_item_new: no user'); | ||||||
|  | 			return false; | ||||||
|  | 		} | ||||||
|  |  | ||||||
|  | 		if($_REQUEST['mid']) { | ||||||
|  | 			$arr = array('mid' => $_REQUEST['mid']); | ||||||
|  | 		} | ||||||
|  | 		elseif($_REQUEST['item_id']) { | ||||||
|  | 			$arr = array('item_id' => $_REQUEST['item_id']); | ||||||
|  | 		} | ||||||
|  | 		else | ||||||
|  | 			json_return_and_die(array()); | ||||||
|  |  | ||||||
|  | 		$arr['start'] = 0; | ||||||
|  | 		$arr['records'] = 999999; | ||||||
|  | 		$arr['item_type'] = '*'; | ||||||
|  |  | ||||||
|  | 		$i = items_fetch($arr,$a->get_channel(),get_observer_hash()); | ||||||
|  |  | ||||||
|  | 		if(! $i) | ||||||
|  | 			json_return_and_die(array()); | ||||||
|  |  | ||||||
|  | 		$ret = array(); | ||||||
|  | 		$tmp = array(); | ||||||
|  | 		$str = ''; | ||||||
|  | 		foreach($i as $ii) { | ||||||
|  | 			$tmp[] = encode_item($ii,true); | ||||||
|  | 			if($str) | ||||||
|  | 				$str .= ','; | ||||||
|  | 			$str .= $ii['id']; | ||||||
|  | 		} | ||||||
|  | 		$ret['item'] = $tmp;	 | ||||||
|  | 		if($str) { | ||||||
|  | 			$r = q("select item_id.*, item.mid from item_id left join item on item_id.iid = item.id where item.id in ( $str ) "); | ||||||
|  |  | ||||||
|  | 		    if($r) | ||||||
|  |         		$ret['item_id'] = $r; | ||||||
|  | 		} | ||||||
|  | 					  | ||||||
|  | 		json_return_and_die($ret); | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	api_register_func('api/red/item/full','red_item', true); | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| 	function api_get_status($xchan_hash) { | 	function api_get_status($xchan_hash) { | ||||||
| 		require_once('include/security.php'); | 		require_once('include/security.php'); | ||||||
|  |  | ||||||
|   | |||||||
| @@ -51,6 +51,11 @@ function import_channel($channel) { | |||||||
| 	$channel['channel_account_id'] = get_account_id(); | 	$channel['channel_account_id'] = get_account_id(); | ||||||
| 	$channel['channel_primary'] = (($seize) ? 1 : 0); | 	$channel['channel_primary'] = (($seize) ? 1 : 0); | ||||||
|  |  | ||||||
|  | 	if($channel['channel_pageflags'] & PAGE_ALLOWCODE) { | ||||||
|  | 		if(! is_site_admin()) | ||||||
|  | 			$channel['channel_pageflags'] = $channel['channel_pageflags'] ^ PAGE_ALLOWCODE; | ||||||
|  | 	} | ||||||
|  | 	 | ||||||
| 	dbesc_array($channel); | 	dbesc_array($channel); | ||||||
|  |  | ||||||
| 	$r = dbq("INSERT INTO channel (`"  | 	$r = dbq("INSERT INTO channel (`"  | ||||||
| @@ -480,8 +485,19 @@ function sync_chatrooms($channel,$chatrooms) { | |||||||
| function import_items($channel,$items) { | function import_items($channel,$items) { | ||||||
|  |  | ||||||
| 	if($channel && $items) { | 	if($channel && $items) { | ||||||
|  | 		$allow_code = false; | ||||||
|  | 		$r = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id  | ||||||
|  | 			where channel_id = %d limit 1", | ||||||
|  | 			intval($channel['channel_id']) | ||||||
|  | 		); | ||||||
|  | 		if($r) { | ||||||
|  | 			if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { | ||||||
|  | 				$allow_code = true; | ||||||
|  | 			} | ||||||
|  | 		} | ||||||
|  |  | ||||||
| 		foreach($items as $i) { | 		foreach($items as $i) { | ||||||
| 			$item = get_item_elements($i); | 			$item = get_item_elements($i,$allow_code); | ||||||
| 			if(! $item) | 			if(! $item) | ||||||
| 				continue; | 				continue; | ||||||
|  |  | ||||||
|   | |||||||
| @@ -833,9 +833,12 @@ function title_is_body($title, $body) { | |||||||
| } | } | ||||||
|  |  | ||||||
|  |  | ||||||
| function get_item_elements($x) { | function get_item_elements($x,$allow_code = false) { | ||||||
|  |  | ||||||
| 	$arr = array(); | 	$arr = array(); | ||||||
|  | 	if($allow_code) | ||||||
|  | 		$arr['body'] = $x['body']; | ||||||
|  | 	else | ||||||
| 		$arr['body']         = (($x['body']) ? htmlspecialchars($x['body'],ENT_COMPAT,'UTF-8',false) : ''); | 		$arr['body']         = (($x['body']) ? htmlspecialchars($x['body'],ENT_COMPAT,'UTF-8',false) : ''); | ||||||
|  |  | ||||||
| 	$key = get_config('system','pubkey'); | 	$key = get_config('system','pubkey'); | ||||||
| @@ -4732,6 +4735,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C | |||||||
| 	if($arr['wall']) | 	if($arr['wall']) | ||||||
| 		$sql_options .= " and item_wall = 1 "; | 		$sql_options .= " and item_wall = 1 "; | ||||||
|  |  | ||||||
|  | 	if($arr['item_id']) | ||||||
|  | 		$sql_options .= " and parent = " . intval($arr['item_id']) . " "; | ||||||
|  |  | ||||||
|  | 	if($arr['mid']) | ||||||
|  | 		$sql_options .= " and parent_mid = '" . dbesc($arr['mid']) . "' "; | ||||||
|  | 									 | ||||||
| 	$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE item_thread_top = 1 $sql_options ) "; | 	$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE item_thread_top = 1 $sql_options ) "; | ||||||
| 	 | 	 | ||||||
| 	if($arr['since_id']) | 	if($arr['since_id']) | ||||||
| @@ -4857,11 +4866,15 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C | |||||||
| 	require_once('include/security.php'); | 	require_once('include/security.php'); | ||||||
| 	$sql_extra .= item_permissions_sql($channel['channel_id'],$observer_hash); | 	$sql_extra .= item_permissions_sql($channel['channel_id'],$observer_hash); | ||||||
|  |  | ||||||
|  |  | ||||||
| 	if($arr['pages']) | 	if($arr['pages']) | ||||||
| 		$item_restrict = " AND item_type = " . ITEM_TYPE_WEBPAGE . " "; | 		$item_restrict = " AND item_type = " . ITEM_TYPE_WEBPAGE . " "; | ||||||
| 	else | 	else | ||||||
| 		$item_restrict = " AND item_type = 0 "; | 		$item_restrict = " AND item_type = 0 "; | ||||||
|  |  | ||||||
|  | 	if($arr['item_type'] === '*') | ||||||
|  | 		$item_restrict = ''; | ||||||
|  |  | ||||||
| 	if ($arr['nouveau'] && ($client_mode & CLIENT_MODE_LOAD) && $channel) { | 	if ($arr['nouveau'] && ($client_mode & CLIENT_MODE_LOAD) && $channel) { | ||||||
| 		// "New Item View" - show all items unthreaded in reverse created date order | 		// "New Item View" - show all items unthreaded in reverse created date order | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user