harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some minor cleanup on plinks for some very subtle permissions issues

Browse Source
This commit is contained in:
friendica 2014-01-09 15:45:17 -08:00
parent ba0fdde51c
commit db8ebc9f37
9 changed files with 43 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/activities.php
View File

@ -24,6 +24,8 @@ function profile_activity($changed, $value) {
$arr['item_flags'] = ITEM_WALL|ITEM_ORIGIN|ITEM_THREAD_TOP; $arr['item_flags'] = ITEM_WALL|ITEM_ORIGIN|ITEM_THREAD_TOP;
$arr['verb'] = ACTIVITY_UPDATE; $arr['verb'] = ACTIVITY_UPDATE;
$arr['obj_type'] = ACTIVITY_OBJ_PROFILE; $arr['obj_type'] = ACTIVITY_OBJ_PROFILE;
$arr['$plink'] = z_root() . '/channel/' . $self['channel_address'] . '/?f=&mid=' . $arr['mid'];
$A = '[url=' . z_root() . '/channel/' . $self['channel_address'] . ']' . $self['channel_name'] . '[/url]'; $A = '[url=' . z_root() . '/channel/' . $self['channel_address'] . ']' . $self['channel_name'] . '[/url]';

2
include/event.php
View File

@ -337,6 +337,8 @@ function event_store($arr) {
$item_arr['obj_type'] = ACTIVITY_OBJ_EVENT; $item_arr['obj_type'] = ACTIVITY_OBJ_EVENT;
$item_arr['body'] = format_event_bbcode($arr); $item_arr['body'] = format_event_bbcode($arr);
$item_arr['plink'] = z_root() . '/channel/' . $z[0]['channel_address'] . '/?f=&mid=' . $item_arr['mid'];
$x = q("select * from xchan where xchan_hash = '%s' limit 1", $x = q("select * from xchan where xchan_hash = '%s' limit 1",
dbesc($arr['event_xchan']) dbesc($arr['event_xchan'])
); );

18
include/items.php
View File

@ -243,6 +243,12 @@ function post_activity_item($arr) {
$arr['comment_policy'] = map_scope($channel['channel_w_comment']); $arr['comment_policy'] = map_scope($channel['channel_w_comment']);
if ((! $arr['plink']) && ($arr['item_flags'] & ITEM_THREAD_TOP)) {
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
}
// for the benefit of plugins, we will behave as if this is an API call rather than a normal online post // for the benefit of plugins, we will behave as if this is an API call rather than a normal online post
$_REQUEST['api_source'] = 1; $_REQUEST['api_source'] = 1;
@ -1602,14 +1608,10 @@ function item_store($arr,$allow_exec = false) {
$arr['llink'] = z_root() . '/display/' . $arr['mid']; $arr['llink'] = z_root() . '/display/' . $arr['mid'];
if((! $arr['plink'])) { if(! $arr['plink'])
if (local_user() && ($arr['item_flags'] & ITEM_THREAD_TOP)) { $arr['plink'] = $arr['llink'];
$channel = get_app()->get_channel();
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?mid=' . $arr['mid'];
} else {
$arr['plink'] = $arr['llink'];
}
}
if($arr['parent_mid'] === $arr['mid']) { if($arr['parent_mid'] === $arr['mid']) {
$parent_id = 0; $parent_id = 0;

5
include/photos.php
View File

@ -216,6 +216,9 @@ function photo_upload($channel, $observer, $args) {
$arr['deny_gid'] = $str_group_deny; $arr['deny_gid'] = $str_group_deny;
$arr['verb'] = ACTIVITY_POST; $arr['verb'] = ACTIVITY_POST;
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
$arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' $arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']'
. '[zmg]' . z_root() . "/photo/{$photo_hash}-{$smallest}.".$ph->getExt() . '[/zmg]' . '[zmg]' . z_root() . "/photo/{$photo_hash}-{$smallest}.".$ph->getExt() . '[/zmg]'
. '[/zrl]'; . '[/zrl]';
@ -407,6 +410,8 @@ function photos_create_item($channel, $creator_hash, $photo, $visible = false) {
$arr['allow_gid'] = $photo['allow_gid']; $arr['allow_gid'] = $photo['allow_gid'];
$arr['deny_cid'] = $photo['deny_cid']; $arr['deny_cid'] = $photo['deny_cid'];
$arr['deny_gid'] = $photo['deny_gid']; $arr['deny_gid'] = $photo['deny_gid'];
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
$arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo['resource_id'] . ']' $arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo['resource_id'] . ']'
. '[zmg]' . z_root() . '/photo/' . $photo['resource_id'] . '-' . $photo['scale'] . '[/zmg]' . '[zmg]' . z_root() . '/photo/' . $photo['resource_id'] . '-' . $photo['scale'] . '[/zmg]'

24
mod/channel.php
View File

@ -104,7 +104,7 @@ function channel_content(&$a, $update = 0, $load = false) {
); );
if($perms['post_wall'] && (!$mid)) { if($perms['post_wall']) {
$x = array( $x = array(
'is_owner' => $is_owner, 'is_owner' => $is_owner,
@ -135,8 +135,9 @@ function channel_content(&$a, $update = 0, $load = false) {
if(($update) && (! $load)) { if(($update) && (! $load)) {
if ($mid) { if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' limit 1", $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d $sql_extra limit 1",
dbesc($mid) dbesc($mid),
intval($a->profile['profile_uid'])
); );
} else { } else {
$r = q("SELECT distinct parent AS `item_id` from item $r = q("SELECT distinct parent AS `item_id` from item
@ -201,23 +202,6 @@ function channel_content(&$a, $update = 0, $load = false) {
} }
} }
if ($mid && $r) {
// make sure we don't show other people's posts from our matrix
// as $a->profile['channel_hash'] isn't set when a JS query comes in
// we have to do that with a join
$ismine = q("SELECT * from item
join channel on item.owner_xchan = channel.channel_hash
where item.id = %d and channel.channel_id = %d",
dbesc($r[0]['item_id']),
intval($a->profile['profile_uid'])
);
if (!$ismine) {
if ($load)
notice( t('Permission denied.') . EOL);
$r = array();
}
}
if($r) { if($r) {
$parents_str = ids_to_querystr($r,'item_id'); $parents_str = ids_to_querystr($r,'item_id');

6
mod/item.php
View File

@ -79,6 +79,7 @@ function item_post(&$a) {
$layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): '');
$plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : '');
/* /*
Check service class limits Check service class limits
*/ */
@ -605,9 +606,12 @@ function item_post(&$a) {
$datarray = array(); $datarray = array();
if(! $parent) { if(! $parent) {
$datarray['parent_mid'] = $mid;
$item_flags = $item_flags | ITEM_THREAD_TOP; $item_flags = $item_flags | ITEM_THREAD_TOP;
} }
if ((! $plink) && ($item_flags & ITEM_THREAD_TOP)) {
$plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid;
}
$datarray['aid'] = $channel['channel_account_id']; $datarray['aid'] = $channel['channel_account_id'];
$datarray['uid'] = $profile_uid; $datarray['uid'] = $profile_uid;

1
mod/like.php
View File

@ -171,6 +171,7 @@ function like_content(&$a) {
$arr['deny_cid'] = $item['deny_cid']; $arr['deny_cid'] = $item['deny_cid'];
$arr['deny_gid'] = $item['deny_gid']; $arr['deny_gid'] = $item['deny_gid'];
$post = item_store($arr); $post = item_store($arr);
$post_id = $post['item_id']; $post_id = $post['item_id'];

7
mod/mood.php
View File

@ -11,6 +11,7 @@ function mood_init(&$a) {
return; return;
$uid = local_user(); $uid = local_user();
$channel = $a->get_channel();
$verb = notags(trim($_GET['verb'])); $verb = notags(trim($_GET['verb']));
if(! $verb) if(! $verb)
@ -48,7 +49,6 @@ function mood_init(&$a) {
else { else {
$private = 0; $private = 0;
$channel = $a->get_channel();
$allow_cid = $channel['channel_allow_cid']; $allow_cid = $channel['channel_allow_cid'];
$allow_gid = $channel['channel_allow_gid']; $allow_gid = $channel['channel_allow_gid'];
@ -84,6 +84,11 @@ function mood_init(&$a) {
$arr['verb'] = $activity; $arr['verb'] = $activity;
$arr['body'] = $action; $arr['body'] = $action;
if ((! $arr['plink']) && ($arr['item_flags'] & ITEM_THREAD_TOP)) {
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
}
$post = item_store($arr); $post = item_store($arr);
$item_id = $post['item_id']; $item_id = $post['item_id'];

9
mod/photos.php
View File

@ -472,7 +472,7 @@ function photos_post(&$a) {
$mid = item_message_id(); $mid = item_message_id();
$arr = array(); $arr = array();
//FIXME
$arr['uid'] = $page_owner_uid; $arr['uid'] = $page_owner_uid;
$arr['mid'] = $mid; $arr['mid'] = $mid;
$arr['parent_mid'] = $mid; $arr['parent_mid'] = $mid;
@ -511,6 +511,13 @@ function photos_post(&$a) {
. $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '</id>'; . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '</id>';
$arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource_id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>'; $arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource_id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
if ((! $arr['plink']) && ($arr['item_flags'] & ITEM_THREAD_TOP)) {
$arr['plink'] = z_root() . '/channel/' . $owner_record['channel_address'] . '/?f=&mid=' . $arr['mid'];
}
$post = item_store($arr); $post = item_store($arr);
$item_id = $post['item_id']; $item_id = $post['item_id'];