add $deliver flag to item_store() and item_store_update() [default true]. If false, do not send any notifications or process tag_deliver. This should avoid any network activity from happening as the result of a channel (actually item) import. Other minor fixes in the handling of the $allow_exec flag and further protecting CSS passed to widgets from rogue code and XSS.
This commit is contained in:
redmatrix
@@ -496,6 +496,8 @@ function import_items($channel,$items) {
|
||||
}
|
||||
}
|
||||
|
||||
$deliver = false; // Don't deliver any messages or notifications when importing
|
||||
|
||||
foreach($items as $i) {
|
||||
$item = get_item_elements($i,$allow_code);
|
||||
if(! $item)
|
||||
@@ -509,16 +511,15 @@ function import_items($channel,$items) {
|
||||
if($item['edited'] > $r[0]['edited']) {
|
||||
$item['id'] = $r[0]['id'];
|
||||
$item['uid'] = $channel['channel_id'];
|
||||
item_store_update($item);
|
||||
item_store_update($item,$allow_code,$deliver);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$item['aid'] = $channel['channel_account_id'];
|
||||
$item['uid'] = $channel['channel_id'];
|
||||
$item_result = item_store($item);
|
||||
$item_result = item_store($item,$allow_code,$deliver);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user