some minor cleanup on plinks for some very subtle permissions issues
This commit is contained in:
friendica
parent
ba0fdde51c
commit
db8ebc9f37
@ -25,6 +25,8 @@ function profile_activity($changed, $value) {
|
||||
$arr['verb'] = ACTIVITY_UPDATE;
|
||||
$arr['obj_type'] = ACTIVITY_OBJ_PROFILE;
|
||||
|
||||
$arr['$plink'] = z_root() . '/channel/' . $self['channel_address'] . '/?f=&mid=' . $arr['mid'];
|
||||
|
||||
$A = '[url=' . z_root() . '/channel/' . $self['channel_address'] . ']' . $self['channel_name'] . '[/url]';
|
||||
|
||||
|
||||
|
||||
@ -337,6 +337,8 @@ function event_store($arr) {
|
||||
$item_arr['obj_type'] = ACTIVITY_OBJ_EVENT;
|
||||
$item_arr['body'] = format_event_bbcode($arr);
|
||||
|
||||
$item_arr['plink'] = z_root() . '/channel/' . $z[0]['channel_address'] . '/?f=&mid=' . $item_arr['mid'];
|
||||
|
||||
$x = q("select * from xchan where xchan_hash = '%s' limit 1",
|
||||
dbesc($arr['event_xchan'])
|
||||
);
|
||||
|
||||
@ -243,6 +243,12 @@ function post_activity_item($arr) {
|
||||
|
||||
$arr['comment_policy'] = map_scope($channel['channel_w_comment']);
|
||||
|
||||
|
||||
if ((! $arr['plink']) && ($arr['item_flags'] & ITEM_THREAD_TOP)) {
|
||||
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
|
||||
}
|
||||
|
||||
|
||||
// for the benefit of plugins, we will behave as if this is an API call rather than a normal online post
|
||||
|
||||
$_REQUEST['api_source'] = 1;
|
||||
@ -1602,14 +1608,10 @@ function item_store($arr,$allow_exec = false) {
|
||||
|
||||
$arr['llink'] = z_root() . '/display/' . $arr['mid'];
|
||||
|
||||
if((! $arr['plink'])) {
|
||||
if (local_user() && ($arr['item_flags'] & ITEM_THREAD_TOP)) {
|
||||
$channel = get_app()->get_channel();
|
||||
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?mid=' . $arr['mid'];
|
||||
} else {
|
||||
$arr['plink'] = $arr['llink'];
|
||||
}
|
||||
}
|
||||
if(! $arr['plink'])
|
||||
$arr['plink'] = $arr['llink'];
|
||||
|
||||
|
||||
|
||||
if($arr['parent_mid'] === $arr['mid']) {
|
||||
$parent_id = 0;
|
||||
|
||||
@ -216,6 +216,9 @@ function photo_upload($channel, $observer, $args) {
|
||||
$arr['deny_gid'] = $str_group_deny;
|
||||
$arr['verb'] = ACTIVITY_POST;
|
||||
|
||||
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
|
||||
|
||||
|
||||
$arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']'
|
||||
. '[zmg]' . z_root() . "/photo/{$photo_hash}-{$smallest}.".$ph->getExt() . '[/zmg]'
|
||||
. '[/zrl]';
|
||||
@ -408,6 +411,8 @@ function photos_create_item($channel, $creator_hash, $photo, $visible = false) {
|
||||
$arr['deny_cid'] = $photo['deny_cid'];
|
||||
$arr['deny_gid'] = $photo['deny_gid'];
|
||||
|
||||
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
|
||||
|
||||
$arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo['resource_id'] . ']'
|
||||
. '[zmg]' . z_root() . '/photo/' . $photo['resource_id'] . '-' . $photo['scale'] . '[/zmg]'
|
||||
. '[/zrl]';
|
||||
|
||||
@ -104,7 +104,7 @@ function channel_content(&$a, $update = 0, $load = false) {
|
||||
);
|
||||
|
||||
|
||||
if($perms['post_wall'] && (!$mid)) {
|
||||
if($perms['post_wall']) {
|
||||
|
||||
$x = array(
|
||||
'is_owner' => $is_owner,
|
||||
@ -135,8 +135,9 @@ function channel_content(&$a, $update = 0, $load = false) {
|
||||
|
||||
if(($update) && (! $load)) {
|
||||
if ($mid) {
|
||||
$r = q("SELECT parent AS item_id from item where mid = '%s' limit 1",
|
||||
dbesc($mid)
|
||||
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d $sql_extra limit 1",
|
||||
dbesc($mid),
|
||||
intval($a->profile['profile_uid'])
|
||||
);
|
||||
} else {
|
||||
$r = q("SELECT distinct parent AS `item_id` from item
|
||||
@ -201,23 +202,6 @@ function channel_content(&$a, $update = 0, $load = false) {
|
||||
}
|
||||
}
|
||||
|
||||
if ($mid && $r) {
|
||||
// make sure we don't show other people's posts from our matrix
|
||||
// as $a->profile['channel_hash'] isn't set when a JS query comes in
|
||||
// we have to do that with a join
|
||||
$ismine = q("SELECT * from item
|
||||
join channel on item.owner_xchan = channel.channel_hash
|
||||
where item.id = %d and channel.channel_id = %d",
|
||||
dbesc($r[0]['item_id']),
|
||||
intval($a->profile['profile_uid'])
|
||||
);
|
||||
if (!$ismine) {
|
||||
if ($load)
|
||||
notice( t('Permission denied.') . EOL);
|
||||
$r = array();
|
||||
}
|
||||
}
|
||||
|
||||
if($r) {
|
||||
|
||||
$parents_str = ids_to_querystr($r,'item_id');
|
||||
|
||||
@ -79,6 +79,7 @@ function item_post(&$a) {
|
||||
$layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): '');
|
||||
$plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : '');
|
||||
|
||||
|
||||
/*
|
||||
Check service class limits
|
||||
*/
|
||||
@ -605,10 +606,13 @@ function item_post(&$a) {
|
||||
$datarray = array();
|
||||
|
||||
if(! $parent) {
|
||||
$datarray['parent_mid'] = $mid;
|
||||
$item_flags = $item_flags | ITEM_THREAD_TOP;
|
||||
}
|
||||
|
||||
if ((! $plink) && ($item_flags & ITEM_THREAD_TOP)) {
|
||||
$plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid;
|
||||
}
|
||||
|
||||
$datarray['aid'] = $channel['channel_account_id'];
|
||||
$datarray['uid'] = $profile_uid;
|
||||
|
||||
|
||||
@ -171,6 +171,7 @@ function like_content(&$a) {
|
||||
$arr['deny_cid'] = $item['deny_cid'];
|
||||
$arr['deny_gid'] = $item['deny_gid'];
|
||||
|
||||
|
||||
$post = item_store($arr);
|
||||
$post_id = $post['item_id'];
|
||||
|
||||
|
||||
@ -11,6 +11,7 @@ function mood_init(&$a) {
|
||||
return;
|
||||
|
||||
$uid = local_user();
|
||||
$channel = $a->get_channel();
|
||||
$verb = notags(trim($_GET['verb']));
|
||||
|
||||
if(! $verb)
|
||||
@ -48,7 +49,6 @@ function mood_init(&$a) {
|
||||
else {
|
||||
|
||||
$private = 0;
|
||||
$channel = $a->get_channel();
|
||||
|
||||
$allow_cid = $channel['channel_allow_cid'];
|
||||
$allow_gid = $channel['channel_allow_gid'];
|
||||
@ -84,6 +84,11 @@ function mood_init(&$a) {
|
||||
$arr['verb'] = $activity;
|
||||
$arr['body'] = $action;
|
||||
|
||||
if ((! $arr['plink']) && ($arr['item_flags'] & ITEM_THREAD_TOP)) {
|
||||
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
|
||||
}
|
||||
|
||||
|
||||
$post = item_store($arr);
|
||||
$item_id = $post['item_id'];
|
||||
|
||||
|
||||
@ -472,7 +472,7 @@ function photos_post(&$a) {
|
||||
$mid = item_message_id();
|
||||
|
||||
$arr = array();
|
||||
|
||||
//FIXME
|
||||
$arr['uid'] = $page_owner_uid;
|
||||
$arr['mid'] = $mid;
|
||||
$arr['parent_mid'] = $mid;
|
||||
@ -511,6 +511,13 @@ function photos_post(&$a) {
|
||||
. $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '</id>';
|
||||
$arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource_id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
|
||||
|
||||
if ((! $arr['plink']) && ($arr['item_flags'] & ITEM_THREAD_TOP)) {
|
||||
$arr['plink'] = z_root() . '/channel/' . $owner_record['channel_address'] . '/?f=&mid=' . $arr['mid'];
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
$post = item_store($arr);
|
||||
$item_id = $post['item_id'];
|
||||
|
||||
|
||||
Reference in New Issue
Block a user