preserve code blocks on item import if channel has code rights. When importing the channel itself,

turn code access off unless this is the admin.

include/api.php

@@ -896,6 +896,55 @@ require_once('include/items.php');
 	api_register_func('api/red/item/new','red_item_new', true);
 
 
+	function red_item(&$a, $type) {
+
+		if (api_user() === false) {
+			logger('api_red_item_new: no user');
+			return false;
+		}
+
+		if($_REQUEST['mid']) {
+			$arr = array('mid' => $_REQUEST['mid']);
+		}
+		elseif($_REQUEST['item_id']) {
+			$arr = array('item_id' => $_REQUEST['item_id']);
+		}
+		else
+			json_return_and_die(array());
+
+		$arr['start'] = 0;
+		$arr['records'] = 999999;
+		$arr['item_type'] = '*';
+
+		$i = items_fetch($arr,$a->get_channel(),get_observer_hash());
+
+		if(! $i)
+			json_return_and_die(array());
+
+		$ret = array();
+		$tmp = array();
+		$str = '';
+		foreach($i as $ii) {
+			$tmp[] = encode_item($ii,true);
+			if($str)
+				$str .= ',';
+			$str .= $ii['id'];
+		}
+		$ret['item'] = $tmp;	
+		if($str) {
+			$r = q("select item_id.*, item.mid from item_id left join item on item_id.iid = item.id where item.id in ( $str ) ");
+
+		    if($r)
+        		$ret['item_id'] = $r;
+		}
+					 
+		json_return_and_die($ret);
+	}
+
+	api_register_func('api/red/item/full','red_item', true);
+
+
+
 	function api_get_status($xchan_hash) {
 		require_once('include/security.php');
 

include/import.php

@@ -51,6 +51,11 @@ function import_channel($channel) {
 	$channel['channel_account_id'] = get_account_id();
 	$channel['channel_primary'] = (($seize) ? 1 : 0);
 
+	if($channel['channel_pageflags'] & PAGE_ALLOWCODE) {
+		if(! is_site_admin())
+			$channel['channel_pageflags'] = $channel['channel_pageflags'] ^ PAGE_ALLOWCODE;
+	}
+	
 	dbesc_array($channel);
 
 	$r = dbq("INSERT INTO channel (`" 
@@ -480,8 +485,19 @@ function sync_chatrooms($channel,$chatrooms) {
 function import_items($channel,$items) {
 
 	if($channel && $items) {
+		$allow_code = false;
+		$r = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id 
+			where channel_id = %d limit 1",
+			intval($channel['channel_id'])
+		);
+		if($r) {
+			if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
+				$allow_code = true;
+			}
+		}
+
 		foreach($items as $i) {
-			$item = get_item_elements($i);
+			$item = get_item_elements($i,$allow_code);
 			if(! $item)
 				continue;
 

include/items.php

@@ -833,9 +833,12 @@ function title_is_body($title, $body) {
 }
 
 
-function get_item_elements($x) {
+function get_item_elements($x,$allow_code = false) {
 
 	$arr = array();
+	if($allow_code)
+		$arr['body'] = $x['body'];
+	else
 		$arr['body']         = (($x['body']) ? htmlspecialchars($x['body'],ENT_COMPAT,'UTF-8',false) : '');
 
 	$key = get_config('system','pubkey');
@@ -4732,6 +4735,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 	if($arr['wall'])
 		$sql_options .= " and item_wall = 1 ";
 
+	if($arr['item_id'])
+		$sql_options .= " and parent = " . intval($arr['item_id']) . " ";
+
+	if($arr['mid'])
+		$sql_options .= " and parent_mid = '" . dbesc($arr['mid']) . "' ";
+									
 	$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE item_thread_top = 1 $sql_options ) ";
 	
 	if($arr['since_id'])
@@ -4857,11 +4866,15 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 	require_once('include/security.php');
 	$sql_extra .= item_permissions_sql($channel['channel_id'],$observer_hash);
 
+
 	if($arr['pages'])
 		$item_restrict = " AND item_type = " . ITEM_TYPE_WEBPAGE . " ";
 	else
 		$item_restrict = " AND item_type = 0 ";
 
+	if($arr['item_type'] === '*')
+		$item_restrict = '';
+
 	if ($arr['nouveau'] && ($client_mode & CLIENT_MODE_LOAD) && $channel) {
 		// "New Item View" - show all items unthreaded in reverse created date order