MrPetovan/friendica
2
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #5144 from annando/deleted-item

Browse source 
Fix for not being able to delete items you don't own
This commit is contained in:
Hypolite Petovan 2018-05-29 15:14:51 -04:00 committed by GitHub
commit 2e97cbe728
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 123 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

9
mod/admin.php
View file

@ -555,14 +555,9 @@ function admin_page_deleteitem_post(App $a)
if (strpos($guid, '/')) {
$guid = substr($guid, strrpos($guid, '/') + 1);
}
// Now that we have the GUID get all IDs of the associated entries in the
// item table of the DB and drop those items, which will also delete the
// Now that we have the GUID, drop those items, which will also delete the
// associated threads.
$r = dba::select('item', ['id'], ['guid' => $guid]);
while ($row = dba::fetch($r)) {
Item::deleteById($row['id']);
}
dba::close($r);
Item::delete(['guid' => $guid]);
}
info(L10n::t('Item marked for deletion.') . EOL);

2
mod/community.php
View file

@ -171,7 +171,7 @@ function community_content(App $a, $update = 0)
$s = $r;
}
$o .= conversation($a, $s, 'community', $update);
$o .= conversation($a, $s, 'community', $update, false, 'commented', local_user());
if (!$update) {
$o .= alt_pager($a, count($r));

4
mod/display.php
View file

@ -346,7 +346,7 @@ function display_content(App $a, $update = false, $update_uid = 0) {
return '';
}
$r = dba::p(item_query()."AND `item`.`parent-uri` = (SELECT `parent-uri` FROM `item` WHERE `id` = ?)
$r = dba::p(item_query(local_user())."AND `item`.`parent-uri` = (SELECT `parent-uri` FROM `item` WHERE `id` = ?)
AND `item`.`uid` IN (0, ?) $sql_extra
ORDER BY `item`.`uid` ASC, `parent` DESC, `gravity` ASC, `id` ASC",
$item_id, local_user()
@ -369,7 +369,7 @@ function display_content(App $a, $update = false, $update_uid = 0) {
if (!$update) {
$o .= "<script> var netargs = '?f=&item_id=" . $item_id . "'; </script>";
}
$o .= conversation($a, $items, 'display', $update_uid);
$o .= conversation($a, $items, 'display', $update_uid, false, 'commented', local_user());
// Preparing the meta header
$description = trim(HTML::toPlaintext(BBCode::convert($s[0]["body"], false), 0, true));

2
mod/events.php
View file

@ -545,7 +545,7 @@ function events_content(App $a) {
// Delete only real events (no birthdays)
if (DBM::is_result($ev) && $ev[0]['type'] == 'event') {
$del = Item::deleteById($ev[0]['itemid']);
$del = Item::deleteForUser(['id' => $ev[0]['itemid']], local_user());
}
if ($del == 0) {

2
mod/item.php
View file

@ -877,7 +877,7 @@ function item_content(App $a) {
$o = '';
if (($a->argc == 3) && ($a->argv[1] === 'drop') && intval($a->argv[2])) {
if (is_ajax()) {
$o = Item::deleteById($a->argv[2]);
$o = Item::deleteForUser(['id' => $a->argv[2]], local_user());
} else {
$o = drop_item($a->argv[2]);
}

16
mod/network.php
View file

@ -345,7 +345,7 @@ function networkConversation($a, $items, $mode, $update, $ordering = '')
// Set this so that the conversation function can find out contact info for our wall-wall items
$a->page_contact = $a->contact;
$o = conversation($a, $items, $mode, $update, false, $ordering);
$o = conversation($a, $items, $mode, $update, false, $ordering, local_user());
if (!$update) {
if (PConfig::get(local_user(), 'system', 'infinite_scroll')) {
@ -456,8 +456,8 @@ function networkFlatView(App $a, $update = 0)
$items = q("SELECT %s FROM `item` $sql_post_table %s
WHERE %s AND `item`.`uid` = %d
ORDER BY `item`.`id` DESC $pager_sql ",
item_fieldlists(), item_joins(), item_condition(),
intval($_SESSION['uid'])
item_fieldlists(), item_joins(local_user()), item_condition(),
intval(local_user())
);
$condition = ['unseen' => true, 'uid' => local_user()];
@ -610,7 +610,7 @@ function networkThreadedView(App $a, $update, $parent)
$sql_tag_nets = (($nets) ? sprintf(" AND `item`.`network` = '%s' ", dbesc($nets)) : '');
if ($gid) {
$group = dba::selectFirst('group', ['name'], ['id' => $gid, 'uid' => $_SESSION['uid']]);
$group = dba::selectFirst('group', ['name'], ['id' => $gid, 'uid' => local_user()]);
if (!DBM::is_result($group)) {
if ($update) {
killme();
@ -626,7 +626,7 @@ function networkThreadedView(App $a, $update, $parent)
$contact_str_self = '';
$contact_str = implode(',', $contacts);
$self = dba::selectFirst('contact', ['id'], ['uid' => $_SESSION['uid'], 'self' => true]);
$self = dba::selectFirst('contact', ['id'], ['uid' => local_user(), 'self' => true]);
if (DBM::is_result($self)) {
$contact_str_self = $self['id'];
}
@ -774,12 +774,15 @@ function networkThreadedView(App $a, $update, $parent)
AND (`item`.`parent-uri` != `item`.`uri`
OR `contact`.`uid` = `item`.`uid` AND `contact`.`self`
OR `contact`.`rel` IN (%d, %d) AND NOT `contact`.`readonly`)
LEFT JOIN `user-item` ON `user-item`.`iid` = `item`.`id` AND `user-item`.`uid` = %d
WHERE `item`.`uid` = %d AND `item`.`visible` AND NOT `item`.`deleted`
AND (`user-item`.`hidden` IS NULL OR NOT `user-item`.`hidden`)
AND NOT `item`.`moderated` AND $sql_extra4
$sql_extra3 $sql_extra $sql_range $sql_nets
ORDER BY `order_date` DESC LIMIT 100",
intval(CONTACT_IS_SHARING),
intval(CONTACT_IS_FRIEND),
intval(local_user()),
intval(local_user())
);
} else {
@ -791,12 +794,15 @@ function networkThreadedView(App $a, $update, $parent)
AND (`item`.`parent-uri` != `item`.`uri`
OR `contact`.`uid` = `item`.`uid` AND `contact`.`self`
OR `contact`.`rel` IN (%d, %d) AND NOT `contact`.`readonly`)
LEFT JOIN `user-item` ON `user-item`.`iid` = `item`.`id` AND `user-item`.`uid` = %d
WHERE `thread`.`uid` = %d AND `thread`.`visible` AND NOT `thread`.`deleted`
AND NOT `thread`.`moderated`
AND (`user-item`.`hidden` IS NULL OR NOT `user-item`.`hidden`)
$sql_extra2 $sql_extra3 $sql_range $sql_extra $sql_nets
ORDER BY `order_date` DESC $pager_sql",
intval(CONTACT_IS_SHARING),
intval(CONTACT_IS_FRIEND),
intval(local_user()),
intval(local_user())
);
}

6
mod/notes.php
View file

@ -82,7 +82,7 @@ function notes_content(App $a, $update = false)
WHERE %s AND `item`.`uid` = %d AND `item`.`type` = 'note'
AND `contact`.`self` AND `item`.`id` = `item`.`parent` AND NOT `item`.`wall`
$sql_extra ",
item_joins(),
item_joins(local_user()),
item_condition(),
intval(local_user())
);
@ -97,7 +97,7 @@ function notes_content(App $a, $update = false)
AND `item`.`id` = `item`.`parent` AND NOT `item`.`wall`
$sql_extra
ORDER BY `item`.`created` DESC LIMIT %d ,%d ",
item_joins(),
item_joins(local_user()),
item_condition(),
intval(local_user()),
intval($a->pager['start']),
@ -119,7 +119,7 @@ function notes_content(App $a, $update = false)
$sql_extra
ORDER BY `parent` DESC, `gravity` ASC, `item`.`id` ASC ",
item_fieldlists(),
item_joins(),
item_joins(local_user()),
item_condition(),
intval(local_user()),
dbesc($parents_str)

22
mod/photos.php
View file

@ -284,14 +284,7 @@ function photos_post(App $a)
);
// find and delete the corresponding item with all the comments and likes/dislikes
$r = q("SELECT `id` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
intval($page_owner_uid)
);
if (DBM::is_result($r)) {
foreach ($r as $rr) {
Item::deleteById($rr['id']);
}
}
Item::deleteForUser(['resource-id' => $res, 'uid' => $page_owner_uid], $page_owner_uid);
// Update the photo albums cache
Photo::clearAlbumCache($page_owner_uid);
@ -344,16 +337,11 @@ function photos_post(App $a)
intval($page_owner_uid),
dbesc($r[0]['resource-id'])
);
$i = q("SELECT `id` FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($r[0]['resource-id']),
intval($page_owner_uid)
);
if (DBM::is_result($i)) {
Item::deleteById($i[0]['id']);
// Update the photo albums cache
Photo::clearAlbumCache($page_owner_uid);
}
Item::deleteForUser(['resource-id' => $r[0]['resource-id'], 'uid' => $page_owner_uid], $page_owner_uid);
// Update the photo albums cache
Photo::clearAlbumCache($page_owner_uid);
}
goaway('photos/' . $a->data['user']['nickname']);

4
mod/profile.php
View file

@ -339,7 +339,7 @@ function profile_content(App $a, $update = 0)
$parents_str = implode(', ', $parents_arr);
$items = q(item_query() . " AND `item`.`uid` = %d
$items = q(item_query($a->profile['profile_uid']) . " AND `item`.`uid` = %d
AND `item`.`parent` IN (%s)
$sql_extra ",
intval($a->profile['profile_uid']),
@ -365,7 +365,7 @@ function profile_content(App $a, $update = 0)
}
}
$o .= conversation($a, $items, 'profile', $update);
$o .= conversation($a, $items, 'profile', $update, false, 'commented', local_user());
if (!$update) {
$o .= alt_pager($a, count($items));

6
mod/search.php
View file

@ -204,7 +204,7 @@ function search_content(App $a) {
AND `term`.`otype` = %d AND `term`.`type` = %d AND `term`.`term` = '%s' AND `item`.`verb` = '%s'
AND NOT `author`.`blocked` AND NOT `author`.`hidden`
ORDER BY term.created DESC LIMIT %d , %d ",
item_fieldlists(), item_joins(), item_condition(),
item_fieldlists(), item_joins(local_user()), item_condition(),
intval(local_user()),
intval(TERM_OBJ_POST), intval(TERM_HASHTAG), dbesc(protect_sprintf($search)), dbesc(ACTIVITY_POST),
intval($a->pager['start']), intval($a->pager['itemspage']));
@ -219,7 +219,7 @@ function search_content(App $a) {
AND NOT `author`.`blocked` AND NOT `author`.`hidden`
$sql_extra
GROUP BY `item`.`uri`, `item`.`id` ORDER BY `item`.`id` DESC LIMIT %d , %d",
item_fieldlists(), item_joins(), item_condition(),
item_fieldlists(), item_joins(local_user()), item_condition(),
intval(local_user()),
intval($a->pager['start']), intval($a->pager['itemspage']));
}
@ -241,7 +241,7 @@ function search_content(App $a) {
]);
logger("Start Conversation for '".$search."'", LOGGER_DEBUG);
$o .= conversation($a,$r,'search',false);
$o .= conversation($a, $r, 'search', false, false, 'commented', local_user());
$o .= alt_pager($a,count($r));

2
mod/videos.php
View file

@ -169,7 +169,7 @@ function videos_post(App $a) {
);
if (DBM::is_result($i)) {
Item::deleteById($i[0]['id']);
Item::deleteForUser(['id' => $i[0]['id']], local_user());
}
}