1
1
Fork 0

Merge pull request #4111 from annando/comment-public

Preparation for being able to comment every public item
This commit is contained in:
Hypolite Petovan 2017-12-21 17:18:14 -05:00 committed by GitHub
commit 98c2cdb49a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 257 additions and 341 deletions

View file

@ -497,7 +497,6 @@ function conversation(App $a, $items, $mode, $update, $preview = false) {
$ssl_state = ((local_user()) ? true : false);
$profile_owner = 0;
$page_writeable = false;
$live_update_div = '';
$arr_blocked = null;
@ -517,7 +516,6 @@ function conversation(App $a, $items, $mode, $update, $preview = false) {
if ($mode === 'network') {
$profile_owner = local_user();
$page_writeable = true;
if (!$update) {
/*
* The special div is needed for liveUpdate to kick in for this page.
@ -545,7 +543,6 @@ function conversation(App $a, $items, $mode, $update, $preview = false) {
}
} elseif ($mode === 'profile') {
$profile_owner = $a->profile['profile_uid'];
$page_writeable = can_write_wall($a,$profile_owner);
if (!$update) {
$tab = notags(trim($_GET['tab']));
@ -563,7 +560,6 @@ function conversation(App $a, $items, $mode, $update, $preview = false) {
}
} elseif ($mode === 'notes') {
$profile_owner = local_user();
$page_writeable = true;
if (!$update) {
$live_update_div = '<div id="live-notes"></div>' . "\r\n"
. "<script> var profile_uid = " . local_user()
@ -571,7 +567,6 @@ function conversation(App $a, $items, $mode, $update, $preview = false) {
}
} elseif ($mode === 'display') {
$profile_owner = $a->profile['uid'];
$page_writeable = can_write_wall($a,$profile_owner);
if (!$update) {
$live_update_div = '<div id="live-display"></div>' . "\r\n"
. "<script> var profile_uid = " . $_SESSION['uid'] . ";"
@ -579,7 +574,6 @@ function conversation(App $a, $items, $mode, $update, $preview = false) {
}
} elseif ($mode === 'community') {
$profile_owner = 0;
$page_writeable = false;
if (!$update) {
$live_update_div = '<div id="live-community"></div>' . "\r\n"
. "<script> var profile_uid = -1; var netargs = '/?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
@ -617,6 +611,12 @@ function conversation(App $a, $items, $mode, $update, $preview = false) {
$page_template = get_markup_template("conversation.tpl");
if ($items && count($items)) {
// Currently behind a config value. This allows the commenting and sharing of every public item.
if (Config::get('system', 'comment_public') && local_user()) {
$writable = ($items[0]['uid'] == 0) && in_array($items[0]['network'], array(NETWORK_OSTATUS, NETWORK_DIASPORA));
} else {
$writable = false;
}
if ($mode === 'network-new' || $mode === 'search' || $mode === 'community') {
@ -832,7 +832,7 @@ function conversation(App $a, $items, $mode, $update, $preview = false) {
// Normal View
$page_template = get_markup_template("threaded_conversation.tpl");
$conv = new Thread($mode, $preview);
$conv = new Thread($mode, $preview, $writable);
/*
* get all the topmost parents

View file

@ -8,8 +8,7 @@ use Friendica\Model\Contact;
use Friendica\Protocol\DFRN;
function display_init(App $a) {
if ((Config::get('system','block_public')) && (! local_user()) && (! remote_user())) {
if (Config::get('system','block_public') && !local_user() && !remote_user()) {
return;
}
@ -30,10 +29,11 @@ function display_init(App $a) {
}
}
$r = false;
// If there is only one parameter, then check if this parameter could be a guid
if ($a->argc == 2) {
$nick = "";
$itemuid = 0;
$r = false;
// Does the local user have this item?
@ -44,7 +44,6 @@ function display_init(App $a) {
AND `guid` = ? AND `uid` = ? LIMIT 1", $a->argv[1], local_user());
if (DBM::is_result($r)) {
$nick = $a->user["nickname"];
$itemuid = local_user();
}
}
@ -53,68 +52,60 @@ function display_init(App $a) {
$r = dba::fetch_first("SELECT `id`, `parent`, `author-name`, `author-link`,
`author-avatar`, `network`, `body`, `uid`, `owner-link`
FROM `item` WHERE `visible` AND NOT `deleted` AND NOT `moderated`
AND `allow_cid` = '' AND `allow_gid` = ''
AND `deny_cid` = '' AND `deny_gid` = ''
AND NOT `private` AND `uid` = 0
AND `guid` = ? LIMIT 1", $a->argv[1]);
}
// Or is it anywhere on the server?
if (!DBM::is_result($r)) {
$r = dba::fetch_first("SELECT `item`.`id`, `item`.`parent`, `item`.`author-name`, `item`.`author-link`,
`item`.`author-avatar`, `item`.`network`, `item`.`body`, `item`.`uid`, `item`.`owner-link`
FROM `item` STRAIGHT_JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
AND NOT `item`.`private` AND NOT `user`.`hidewall`
AND `item`.`guid` = ? LIMIT 1", $a->argv[1]);
}
if (DBM::is_result($r)) {
if (strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) {
logger('Directly serving XML for id '.$r["id"], LOGGER_DEBUG);
displayShowFeed($r["id"], false);
}
if ($r["id"] != $r["parent"]) {
$r = dba::fetch_first("SELECT `id`, `author-name`, `author-link`, `author-avatar`, `network`, `body`, `uid`, `owner-link` FROM `item`
WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `id` = ?", $r["parent"]);
}
$profiledata = display_fetchauthor($a, $r);
if (strstr(normalise_link($profiledata["url"]), normalise_link(System::baseUrl()))) {
$nickname = str_replace(normalise_link(System::baseUrl())."/profile/", "", normalise_link($profiledata["url"]));
if (($nickname != $a->user["nickname"])) {
$r = dba::fetch_first("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `contact`.`avatar-date` AS picdate, `user`.* FROM `profile`
INNER JOIN `contact` on `contact`.`uid` = `profile`.`uid` INNER JOIN `user` ON `profile`.`uid` = `user`.`uid`
WHERE `user`.`nickname` = ? AND `profile`.`is-default` AND `contact`.`self` LIMIT 1",
$nickname
);
if (DBM::is_result($r)) {
$profiledata = $r;
}
$profiledata["network"] = NETWORK_DFRN;
} else {
$profiledata = array();
}
}
} else {
$a->error = 404;
notice(t('Item not found.') . EOL);
return;
}
} elseif (($a->argc == 3) && ($nick == 'feed-item')) {
$r = dba::fetch_first("SELECT `id`, `parent`, `author-name`, `author-link`,
`author-avatar`, `network`, `body`, `uid`, `owner-link`
FROM `item` WHERE `visible` AND NOT `deleted` AND NOT `moderated`
AND NOT `private` AND `uid` = 0
AND `id` = ? LIMIT 1", $a->argv[2]);
}
if (DBM::is_result($r)) {
if (strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) {
logger('Directly serving XML for id '.$r["id"], LOGGER_DEBUG);
displayShowFeed($r["id"], false);
}
if ($r["id"] != $r["parent"]) {
$r = dba::fetch_first("SELECT `id`, `author-name`, `author-link`, `author-avatar`, `network`, `body`, `uid`, `owner-link` FROM `item`
WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `id` = ?", $r["parent"]);
}
$profiledata = display_fetchauthor($a, $r);
if (strstr(normalise_link($profiledata["url"]), normalise_link(System::baseUrl()))) {
$nickname = str_replace(normalise_link(System::baseUrl())."/profile/", "", normalise_link($profiledata["url"]));
if (($nickname != $a->user["nickname"])) {
$r = dba::fetch_first("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `contact`.`avatar-date` AS picdate, `user`.* FROM `profile`
INNER JOIN `contact` on `contact`.`uid` = `profile`.`uid` INNER JOIN `user` ON `profile`.`uid` = `user`.`uid`
WHERE `user`.`nickname` = ? AND `profile`.`is-default` AND `contact`.`self` LIMIT 1",
$nickname
);
if (DBM::is_result($r)) {
$profiledata = $r;
}
$profiledata["network"] = NETWORK_DFRN;
} else {
$profiledata = array();
}
}
}
profile_load($a, $nick, 0, $profiledata);
}
function display_fetchauthor($a, $item) {
$profiledata = array();
$profiledata["uid"] = -1;
$profiledata["nickname"] = $item["author-name"];
@ -196,34 +187,27 @@ function display_fetchauthor($a, $item) {
return($profiledata);
}
function display_content(App $a, $update = 0) {
if ((Config::get('system','block_public')) && (! local_user()) && (! remote_user())) {
function display_content(App $a, $update = false, $update_uid = 0) {
if (Config::get('system','block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once('include/security.php');
require_once('include/conversation.php');
require_once('include/acl_selectors.php');
require_once 'include/security.php';
require_once 'include/conversation.php';
require_once 'include/acl_selectors.php';
$o = '';
if ($update) {
$nick = $_REQUEST['nick'];
} else {
$nick = (($a->argc > 1) ? $a->argv[1] : '');
}
if ($update) {
$item_id = $_REQUEST['item_id'];
$a->profile = array('uid' => intval($update), 'profile_uid' => intval($update));
$item = dba::select('item', ['uid'], ['id' => $item_id], ['limit' => 1]);
$a->profile = array('uid' => intval($item['uid']), 'profile_uid' => intval($item['uid']));
} else {
$item_id = (($a->argc > 2) ? $a->argv[2] : 0);
if ($a->argc == 2) {
$nick = "";
$item_parent = 0;
if (local_user()) {
$r = dba::fetch_first("SELECT `id`, `parent` FROM `item`
@ -232,28 +216,12 @@ function display_content(App $a, $update = 0) {
if (DBM::is_result($r)) {
$item_id = $r["id"];
$item_parent = $r["parent"];
$nick = $a->user["nickname"];
}
}
if ($nick == "") {
$r = dba::fetch_first("SELECT `user`.`nickname`, `item`.`id`, `item`.`parent` FROM `item` STRAIGHT_JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
AND NOT `item`.`private` AND NOT `user`.`hidewall`
AND `item`.`guid` = ?", $a->argv[1]);
if (DBM::is_result($r)) {
$item_id = $r["id"];
$item_parent = $r["parent"];
$nick = $r["nickname"];
}
}
if ($nick == "") {
if ($item_parent == 0) {
$r = dba::fetch_first("SELECT `item`.`id`, `item`.`parent` FROM `item`
WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
AND NOT `item`.`private` AND `item`.`uid` = 0
AND `item`.`guid` = ?", $a->argv[1]);
if (DBM::is_result($r)) {
@ -264,16 +232,6 @@ function display_content(App $a, $update = 0) {
}
}
if ($item_id && !is_numeric($item_id)) {
$r = dba::select('item', array('id', 'parent'), array('uri' => $item_id, 'uid' => $a->profile['uid']), array('limit' => 1));
if (DBM::is_result($r)) {
$item_id = $r["id"];
$item_parent = $r["parent"];
} else {
$item_id = false;
}
}
if (!$item_id) {
$a->error = 404;
notice(t('Item not found.').EOL);
@ -283,8 +241,9 @@ function display_content(App $a, $update = 0) {
// We are displaying an "alternate" link if that post was public. See issue 2864
$is_public = dba::exists('item', array('id' => $item_id, 'private' => false));
if ($is_public) {
$alternate = System::baseUrl().'/display/'.$nick.'/'.$item_id.'.atom';
$conversation = System::baseUrl().'/display/'.$nick.'/'.$item_parent.'/conversation.atom';
// For the atom feed the nickname doesn't matter at all, we only need the item id.
$alternate = System::baseUrl().'/display/feed-item/'.$item_id.'.atom';
$conversation = System::baseUrl().'/display/feed-item/'.$item_parent.'/conversation.atom';
} else {
$alternate = '';
$conversation = '';
@ -333,22 +292,21 @@ function display_content(App $a, $update = 0) {
if (DBM::is_result($r)) {
$a->page_contact = $r;
}
$is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false);
$is_owner = (local_user() && (in_array($a->profile['profile_uid'], [local_user(), 0])) ? true : false);
if ($a->profile['hidewall'] && (! $is_owner) && (! $remote_contact)) {
if ($a->profile['hidewall'] && !$is_owner && !$remote_contact) {
notice(t('Access to this profile has been restricted.') . EOL);
return;
}
// We need the editor here to be able to reshare an item.
if ($is_owner) {
$x = array(
'is_owner' => true,
'allow_location' => $a->user['allow_location'],
'default_location' => $a->user['default-location'],
'nickname' => $a->user['nickname'],
'lockstate' => ( (is_array($a->user)) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid']))) ? 'lock' : 'unlock'),
'lockstate' => (is_array($a->user) && (strlen($a->user['allow_cid']) || strlen($a->user['allow_gid']) || strlen($a->user['deny_cid']) || strlen($a->user['deny_gid'])) ? 'lock' : 'unlock'),
'acl' => populate_acl($a->user, true),
'bang' => '',
'visitor' => 'block',
@ -358,13 +316,12 @@ function display_content(App $a, $update = 0) {
$o .= status_editor($a,$x,0,true);
}
$sql_extra = item_permissions_sql($a->profile['uid'],$remote_contact,$groups);
$sql_extra = item_permissions_sql($a->profile['uid'], $remote_contact, $groups);
if ($update) {
$r = dba::p("SELECT `id` FROM `item` WHERE `item`.`uid` = ?
AND `item`.`parent` = (SELECT `parent` FROM `item` WHERE `id` = ?)
$r = dba::p("SELECT `id` FROM `item` WHERE
`item`.`parent` = (SELECT `parent` FROM `item` WHERE `id` = ?)
$sql_extra AND `unseen`",
$a->profile['uid'],
$item_id
);
@ -379,114 +336,81 @@ function display_content(App $a, $update = 0) {
$item_id
);
if (!DBM::is_result($r) && local_user()) {
// Check if this is another person's link to a post that we have
$r = dba::fetch_first("SELECT `item`.uri FROM `item`
WHERE (`item`.`id` = ? OR `item`.`uri` = ?)
LIMIT 1",
$item_id,
$item_id
);
if (DBM::is_result($r)) {
$item_uri = $r['uri'];
$r = dba::p(item_query()." AND `item`.`uid` = ?
AND `item`.`parent` = (SELECT `parent` FROM `item` WHERE `uri` = ? AND uid = ?)
ORDER BY `parent` DESC, `gravity` ASC, `id` ASC",
local_user(),
$item_uri,
local_user()
);
}
}
if (DBM::is_result($r)) {
$s = dba::inArray($r);
if ((local_user()) && (local_user() == $a->profile['uid'])) {
$unseen = dba::select('item', array('id'), array('parent' => $s[0]['parent'], 'unseen' => true), array('limit' => 1));
if (DBM::is_result($unseen)) {
dba::update('item', array('unseen' => false), array('parent' => $s[0]['parent'], 'unseen' => true));
}
}
$items = conv_sort($s, "`commented`");
if (!$update) {
$o .= "<script> var netargs = '?f=&nick=" . $nick . "&item_id=" . $item_id . "'; </script>";
}
$o .= conversation($a, $items, 'display', $update);
// Preparing the meta header
require_once('include/bbcode.php');
require_once("include/html2plain.php");
$description = trim(html2plain(bbcode($s[0]["body"], false, false), 0, true));
$title = trim(html2plain(bbcode($s[0]["title"], false, false), 0, true));
$author_name = $s[0]["author-name"];
$image = $a->remove_baseurl($s[0]["author-thumb"]);
if ($title == "") {
$title = $author_name;
}
// Limit the description to 160 characters
if (strlen($description) > 160) {
$description = substr($description, 0, 157) . '...';
}
$description = htmlspecialchars($description, ENT_COMPAT, 'UTF-8', true); // allow double encoding here
$title = htmlspecialchars($title, ENT_COMPAT, 'UTF-8', true); // allow double encoding here
$author_name = htmlspecialchars($author_name, ENT_COMPAT, 'UTF-8', true); // allow double encoding here
//<meta name="keywords" content="">
$a->page['htmlhead'] .= '<meta name="author" content="'.$author_name.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="title" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="fulltitle" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="description" content="'.$description.'" />'."\n";
// Schema.org microdata
$a->page['htmlhead'] .= '<meta itemprop="name" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta itemprop="description" content="'.$description.'" />'."\n";
$a->page['htmlhead'] .= '<meta itemprop="image" content="'.$image.'" />'."\n";
$a->page['htmlhead'] .= '<meta itemprop="author" content="'.$author_name.'" />'."\n";
// Twitter cards
$a->page['htmlhead'] .= '<meta name="twitter:card" content="summary" />'."\n";
$a->page['htmlhead'] .= '<meta name="twitter:title" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="twitter:description" content="'.$description.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="twitter:image" content="'.System::baseUrl().'/'.$image.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="twitter:url" content="'.$s[0]["plink"].'" />'."\n";
// Dublin Core
$a->page['htmlhead'] .= '<meta name="DC.title" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="DC.description" content="'.$description.'" />'."\n";
// Open Graph
$a->page['htmlhead'] .= '<meta property="og:type" content="website" />'."\n";
$a->page['htmlhead'] .= '<meta property="og:title" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta property="og:image" content="'.System::baseUrl().'/'.$image.'" />'."\n";
$a->page['htmlhead'] .= '<meta property="og:url" content="'.$s[0]["plink"].'" />'."\n";
$a->page['htmlhead'] .= '<meta property="og:description" content="'.$description.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="og:article:author" content="'.$author_name.'" />'."\n";
// article:tag
if (!DBM::is_result($r)) {
notice(t('Item not found.') . EOL);
return $o;
}
$r = dba::fetch_first("SELECT `id`,`deleted` FROM `item` WHERE `id` = ? OR `uri` = ? LIMIT 1",
$item_id,
$item_id
);
if (DBM::is_result($r)) {
if ($r['deleted']) {
notice(t('Item has been removed.') . EOL);
} else {
notice(t('Permission denied.') . EOL);
$s = dba::inArray($r);
if (local_user() && (local_user() == $a->profile['uid'])) {
$unseen = dba::select('item', array('id'), array('parent' => $s[0]['parent'], 'unseen' => true), array('limit' => 1));
if (DBM::is_result($unseen)) {
dba::update('item', array('unseen' => false), array('parent' => $s[0]['parent'], 'unseen' => true));
}
} else {
notice(t('Item not found.') . EOL);
}
$items = conv_sort($s, "`commented`");
if (!$update) {
$o .= "<script> var netargs = '?f=&item_id=" . $item_id . "'; </script>";
}
$o .= conversation($a, $items, 'display', $update_uid);
// Preparing the meta header
require_once 'include/bbcode.php';
require_once 'include/html2plain.php';
$description = trim(html2plain(bbcode($s[0]["body"], false, false), 0, true));
$title = trim(html2plain(bbcode($s[0]["title"], false, false), 0, true));
$author_name = $s[0]["author-name"];
$image = $a->remove_baseurl($s[0]["author-thumb"]);
if ($title == "") {
$title = $author_name;
}
// Limit the description to 160 characters
if (strlen($description) > 160) {
$description = substr($description, 0, 157) . '...';
}
$description = htmlspecialchars($description, ENT_COMPAT, 'UTF-8', true); // allow double encoding here
$title = htmlspecialchars($title, ENT_COMPAT, 'UTF-8', true); // allow double encoding here
$author_name = htmlspecialchars($author_name, ENT_COMPAT, 'UTF-8', true); // allow double encoding here
//<meta name="keywords" content="">
$a->page['htmlhead'] .= '<meta name="author" content="'.$author_name.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="title" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="fulltitle" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="description" content="'.$description.'" />'."\n";
// Schema.org microdata
$a->page['htmlhead'] .= '<meta itemprop="name" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta itemprop="description" content="'.$description.'" />'."\n";
$a->page['htmlhead'] .= '<meta itemprop="image" content="'.$image.'" />'."\n";
$a->page['htmlhead'] .= '<meta itemprop="author" content="'.$author_name.'" />'."\n";
// Twitter cards
$a->page['htmlhead'] .= '<meta name="twitter:card" content="summary" />'."\n";
$a->page['htmlhead'] .= '<meta name="twitter:title" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="twitter:description" content="'.$description.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="twitter:image" content="'.System::baseUrl().'/'.$image.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="twitter:url" content="'.$s[0]["plink"].'" />'."\n";
// Dublin Core
$a->page['htmlhead'] .= '<meta name="DC.title" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="DC.description" content="'.$description.'" />'."\n";
// Open Graph
$a->page['htmlhead'] .= '<meta property="og:type" content="website" />'."\n";
$a->page['htmlhead'] .= '<meta property="og:title" content="'.$title.'" />'."\n";
$a->page['htmlhead'] .= '<meta property="og:image" content="'.System::baseUrl().'/'.$image.'" />'."\n";
$a->page['htmlhead'] .= '<meta property="og:url" content="'.$s[0]["plink"].'" />'."\n";
$a->page['htmlhead'] .= '<meta property="og:description" content="'.$description.'" />'."\n";
$a->page['htmlhead'] .= '<meta name="og:article:author" content="'.$author_name.'" />'."\n";
// article:tag
return $o;
}

View file

@ -39,7 +39,7 @@ require_once 'include/items.php';
function item_post(App $a) {
if ((! local_user()) && (! remote_user()) && (! x($_REQUEST, 'commenter'))) {
if (!local_user() && !remote_user() && !x($_REQUEST, 'commenter')) {
return;
}
@ -81,8 +81,8 @@ function item_post(App $a) {
}
// Is this a reply to something?
$parent = ((x($_REQUEST, 'parent')) ? intval($_REQUEST['parent']) : 0);
$parent_uri = ((x($_REQUEST, 'parent_uri')) ? trim($_REQUEST['parent_uri']) : '');
$parent = (x($_REQUEST, 'parent') ? intval($_REQUEST['parent']) : 0);
$parent_uri = (x($_REQUEST, 'parent_uri') ? trim($_REQUEST['parent_uri']) : '');
$parent_item = null;
$parent_contact = null;
@ -122,7 +122,7 @@ function item_post(App $a) {
}
}
if (! DBM::is_result($r)) {
if (!DBM::is_result($r)) {
notice( t('Unable to locate original post.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($return_path);
@ -201,7 +201,7 @@ function item_post(App $a) {
// First check that the parent exists and it is a wall item.
if ((x($_REQUEST, 'commenter')) && ((! $parent) || (! $parent_item['wall']))) {
if (x($_REQUEST, 'commenter') && (!$parent || !$parent_item['wall'])) {
notice(t('Permission denied.') . EOL) ;
if (x($_REQUEST, 'return')) {
goaway($return_path);
@ -209,11 +209,14 @@ function item_post(App $a) {
killme();
}
// Allow commenting if it is an answer to a public post
$allow_comment = ($profile_uid == 0) && $parent && in_array($parent_item['network'], [NETWORK_OSTATUS, NETWORK_DIASPORA]);
/*
* Now check that it is a page_type of PAGE_BLOG, and that valid personal details
* have been provided, and run any anti-spam plugins
*/
if ((! can_write_wall($a, $profile_uid)) && (! $allow_moderated)) {
if (!(can_write_wall($a, $profile_uid) || $allow_comment) && !$allow_moderated) {
notice(t('Permission denied.') . EOL) ;
if (x($_REQUEST, 'return')) {
goaway($return_path);
@ -377,11 +380,11 @@ function item_post(App $a) {
$self = false;
$contact_id = 0;
if ((local_user()) && (local_user() == $profile_uid)) {
if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) {
$self = true;
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` LIMIT 1",
intval($_SESSION['uid']));
} elseif(remote_user()) {
} elseif (remote_user()) {
if (x($_SESSION, 'remote') && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $profile_uid) {
@ -404,10 +407,10 @@ function item_post(App $a) {
// get contact info for owner
if ($profile_uid == local_user()) {
if ($profile_uid == local_user() || $allow_comment) {
$contact_record = $author;
} else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` LIMIT 1",
intval($profile_uid)
);
if (DBM::is_result($r)) {

View file

@ -4,28 +4,26 @@ use Friendica\App;
use Friendica\Database\DBM;
function share_init(App $a) {
$post_id = (($a->argc > 1) ? intval($a->argv[1]) : 0);
if((! $post_id) || (! local_user()))
if (!$post_id || !local_user()) {
killme();
}
$r = q("SELECT item.*, contact.network FROM `item`
inner join contact on `item`.`contact-id` = `contact`.`id`
WHERE `item`.`id` = %d AND `item`.`uid` = %d LIMIT 1",
intval($post_id),
intval(local_user())
INNER JOIN `contact` ON `item`.`contact-id` = `contact`.`id`
WHERE `item`.`id` = %d LIMIT 1",
intval($post_id)
);
if(! DBM::is_result($r) || ($r[0]['private'] == 1))
if (!DBM::is_result($r) || ($r[0]['private'] == 1)) {
killme();
}
if (strpos($r[0]['body'], "[/share]") !== false) {
$pos = strpos($r[0]['body'], "[share");
$o = substr($r[0]['body'], $pos);
} else {
$o = share_header($r[0]['author-name'], $r[0]['author-link'], $r[0]['author-avatar'], $r[0]['guid'], $r[0]['created'], $r[0]['plink']);
if($r[0]['title'])
if ($r[0]['title'])
$o .= '[b]'.$r[0]['title'].'[/b]'."\n";
$o .= $r[0]['body'];
$o.= "[/share]";
@ -36,17 +34,17 @@ function share_init(App $a) {
}
function share_header($author, $profile, $avatar, $guid, $posted, $link) {
$header = "[share author='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"),$author).
"' profile='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"),$profile).
"' avatar='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"),$avatar);
$header = "[share author='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"), $author).
"' profile='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"), $profile).
"' avatar='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"), $avatar);
if ($guid)
$header .= "' guid='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"),$guid);
if ($posted)
$header .= "' posted='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"),$posted);
$header .= "' link='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"),$link)."']";
if ($guid) {
$header .= "' guid='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"), $guid);
}
if ($posted) {
$header .= "' posted='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"), $posted);
}
$header .= "' link='".str_replace(array("'", "[", "]"), array("&#x27;", "&#x5B;", "&#x5D;"), $link)."']";
return $header;
}

View file

@ -15,7 +15,7 @@ function update_display_content(App $a)
echo "<!DOCTYPE html><html><body>\r\n";
echo "<section>";
$text = display_content($a, $profile_uid);
$text = display_content($a, true, $profile_uid);
$pattern = "/<img([^>]*) src=\"([^\"]*)\"/";
$replace = "<img\${1} dst=\"\${2}\"";
$text = preg_replace($pattern, $replace, $text);

View file

@ -145,7 +145,8 @@ class Post extends BaseObject
|| strlen($item['deny_cid']) || strlen($item['deny_gid']))))
? t('Private Message')
: false);
$shareable = ((($conv->getProfileOwner() == local_user()) && ($item['private'] != 1)) ? true : false);
$shareable = ((in_array($conv->getProfileOwner(), [0, local_user()]) && ($item['private'] != 1)) ? true : false);
if (local_user() && link_compare($a->contact['url'], $item['author-link'])) {
if ($item["event-id"] != 0) {
$edpost = array("events/event/".$item['event-id'], t("Edit"));

View file

@ -27,11 +27,12 @@ class Thread extends BaseObject
* Constructor
*
* @param string $mode The mode
* @param boolean $preview boolean value
* @param boolean $preview Are we in the preview mode?
* @param boolean $writable Override the writable check
*/
public function __construct($mode, $preview)
public function __construct($mode, $preview, $writable = false)
{
$this->setMode($mode);
$this->setMode($mode, $writable);
$this->preview = $preview;
}
@ -39,10 +40,11 @@ class Thread extends BaseObject
* Set the mode we'll be displayed on
*
* @param string $mode The mode to set
* @param boolean $writable Override the writable check
*
* @return void
*/
private function setMode($mode)
private function setMode($mode, $writable)
{
if ($this->getMode() == $mode) {
return;
@ -62,7 +64,7 @@ class Thread extends BaseObject
break;
case 'display':
$this->profile_owner = $a->profile['uid'];
$this->writable = can_write_wall($a, $this->profile_owner);
$this->writable = can_write_wall($a, $this->profile_owner) || $writable;
break;
default:
logger('[ERROR] Conversation::setMode : Unhandled mode ('. $mode .').', LOGGER_DEBUG);

View file

@ -15,6 +15,7 @@ use Friendica\Database\DBM;
use Friendica\Model\Contact;
use Friendica\Model\GContact;
use Friendica\Model\Profile;
use Friendica\Model\User;
use Friendica\Object\Image;
use Friendica\Protocol\OStatus;
use Friendica\Util\XML;
@ -341,19 +342,15 @@ class DFRN
$items = $r;
$item = $r[0];
$r = q(
"SELECT `contact`.*, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`, `user`.`account-type`
FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `contact`.`self` AND `user`.`uid` = %d LIMIT 1",
intval($item['uid'])
);
if (!DBM::is_result($r)) {
killme();
if ($item['uid'] != 0) {
$owner = User::getOwnerDataById($item['uid']);
if (!$owner) {
killme();
}
} else {
$owner = ['uid' => 0, 'nick' => 'feed-item'];
}
$owner = $r[0];
$doc = new DOMDocument('1.0', 'utf-8');
$doc->formatOutput = true;
$type = 'html';

View file

@ -14,6 +14,7 @@ use Friendica\Model\User;
use Friendica\Protocol\Diaspora;
use Friendica\Protocol\DFRN;
use Friendica\Protocol\Email;
use dba;
require_once 'include/queue_fn.php';
require_once 'include/html2plain.php';
@ -85,18 +86,17 @@ class Delivery {
$uid = $item_id;
} else {
// find ancestors
$r = q("SELECT * FROM `item` WHERE `id` = %d AND visible = 1 AND moderated = 0 LIMIT 1",
intval($item_id)
);
$target_item = dba::fetch_first("SELECT `item`.*, `contact`.`uid` AS `cuid` FROM `item`
INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
WHERE `item`.`id` = ? AND `visible` AND NOT `moderated`", $item_id);
if (!DBM::is_result($r) || !intval($r[0]['parent'])) {
if (!DBM::is_result($target_item) || !intval($target_item['parent'])) {
return;
}
$target_item = $r[0];
$parent_id = intval($r[0]['parent']);
$uid = $r[0]['uid'];
$updated = $r[0]['edited'];
$parent_id = intval($target_item['parent']);
$uid = $target_item['cuid'];
$updated = $target_item['edited'];
$items = q("SELECT `item`.*, `sign`.`signed_text`,`sign`.`signature`,`sign`.`signer`
FROM `item` LEFT JOIN `sign` ON `sign`.`iid` = `item`.`id` WHERE `parent` = %d AND visible = 1 AND moderated = 0 ORDER BY `id` ASC",
@ -150,7 +150,7 @@ class Delivery {
$public_message = true;
if (!($mail || $fsuggest || $relocate)) {
if (!$mail && !$fsuggest && !$relocate) {
$parent = $items[0];
// This is IMPORTANT!!!!
@ -195,10 +195,10 @@ class Delivery {
$followup = true;
}
if ((strlen($parent['allow_cid']))
|| (strlen($parent['allow_gid']))
|| (strlen($parent['deny_cid']))
|| (strlen($parent['deny_gid']))
if (strlen($parent['allow_cid'])
|| strlen($parent['allow_gid'])
|| strlen($parent['deny_cid'])
|| strlen($parent['deny_gid'])
|| $parent["private"]) {
$public_message = false; // private recipients, not public
}
@ -283,7 +283,6 @@ class Delivery {
// perform local delivery if we are on the same site
if (link_compare($basepath,System::baseUrl())) {
$nickname = basename($contact['url']);
if ($contact['issued-id']) {
$sql_extra = sprintf(" AND `dfrn-id` = '%s' ", dbesc($contact['issued-id']));
@ -378,34 +377,35 @@ class Delivery {
}
if ($cmd === 'wall-new' || $cmd === 'comment-new') {
$it = null;
if ($cmd === 'wall-new') {
$it = $items[0];
} else {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($item_id),
intval($uid)
$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
intval($item_id)
);
if (DBM::is_result($r))
if (DBM::is_result($r)) {
$it = $r[0];
}
}
if (!$it)
if (!$it) {
break;
}
$local_user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
intval($uid)
);
if (!count($local_user))
if (!count($local_user)) {
break;
}
$reply_to = '';
$r1 = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1",
intval($uid)
);
if ($r1 && $r1[0]['reply_to'])
if ($r1 && $r1[0]['reply_to']) {
$reply_to = $r1[0]['reply_to'];
}
$subject = (($it['title']) ? Email::encodeHeader($it['title'],'UTF-8') : t("\x28no subject\x29")) ;
@ -435,8 +435,9 @@ class Delivery {
$headers .= "References: <".Email::iri2msgid($it["parent-uri"]).">";
// If Threading is enabled, write down the correct parent
if (($it["thr-parent"] != "") && ($it["thr-parent"] != $it["parent-uri"]))
if (($it["thr-parent"] != "") && ($it["thr-parent"] != $it["parent-uri"])) {
$headers .= " <".Email::iri2msgid($it["thr-parent"]).">";
}
$headers .= "\n";
if (!$it['title']) {
@ -451,39 +452,42 @@ class Delivery {
dbesc($it['parent-uri']),
intval($uid));
if (DBM::is_result($r) && ($r[0]['title'] != ''))
if (DBM::is_result($r) && ($r[0]['title'] != '')) {
$subject = $r[0]['title'];
}
}
}
if (strncasecmp($subject,'RE:',3))
if (strncasecmp($subject,'RE:',3)) {
$subject = 'Re: '.$subject;
}
}
Email::send($addr, $subject, $headers, $it);
}
break;
case NETWORK_DIASPORA:
if ($public_message)
if ($public_message) {
$loc = 'public batch '.$contact['batch'];
else
} else {
$loc = $contact['name'];
}
logger('delivery: diaspora batch deliver: '.$loc);
if (Config::get('system','dfrn_only') || !Config::get('system','diaspora_enabled'))
if (Config::get('system','dfrn_only') || !Config::get('system','diaspora_enabled')) {
break;
}
if ($mail) {
Diaspora::sendMail($item,$owner,$contact);
break;
}
if (!$normal_mode)
if (!$normal_mode) {
break;
if (!$contact['pubkey'] && !$public_message)
}
if (!$contact['pubkey'] && !$public_message) {
break;
}
if (($target_item['deleted']) && (($target_item['uri'] === $target_item['parent-uri']) || $followup)) {
// top-level retraction
logger('diaspora retract: '.$loc);

View file

@ -9,6 +9,7 @@ use Friendica\Core\Worker;
use Friendica\Database\DBM;
use Friendica\Model\Contact;
use Friendica\Model\Group;
use Friendica\Model\User;
use Friendica\Network\Probe;
use Friendica\Protocol\Diaspora;
use Friendica\Protocol\OStatus;
@ -76,7 +77,7 @@ class Notifier {
$message = q("SELECT * FROM `mail` WHERE `id` = %d LIMIT 1",
intval($item_id)
);
if (! count($message)) {
if (!count($message)) {
return;
}
$uid = $message[0]['uid'];
@ -92,7 +93,7 @@ class Notifier {
);
$uid = $item_id;
$item_id = 0;
if (! count($items)) {
if (!count($items)) {
return;
}
} elseif ($cmd === 'suggest') {
@ -102,7 +103,7 @@ class Notifier {
$suggest = q("SELECT * FROM `fsuggest` WHERE `id` = %d LIMIT 1",
intval($item_id)
);
if (! count($suggest)) {
if (!count($suggest)) {
return;
}
$uid = $suggest[0]['uid'];
@ -115,9 +116,9 @@ class Notifier {
FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `contact`.`uid` = %d AND `contact`.`self` LIMIT 1",
intval($item_id));
if (!$r)
if (!$r) {
return;
}
$user = $r[0];
$r = q("SELECT * FROM `contact` WHERE NOT `self` AND `uid` = %d", intval($item_id));
@ -137,30 +138,28 @@ class Notifier {
intval($uid), NETWORK_DFRN, NETWORK_DIASPORA);
} else {
// find ancestors
$r = q("SELECT * FROM `item` WHERE `id` = %d AND visible = 1 AND moderated = 0 LIMIT 1",
intval($item_id)
);
$target_item = dba::fetch_first("SELECT `item`.*, `contact`.`uid` AS `cuid` FROM `item`
INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
WHERE `item`.`id` = ? AND `visible` AND NOT `moderated`", $item_id);
if ((! DBM::is_result($r)) || (! intval($r[0]['parent']))) {
if (!DBM::is_result($target_item) || !intval($target_item['parent'])) {
return;
}
$target_item = $r[0];
$parent_id = intval($r[0]['parent']);
$uid = $r[0]['uid'];
$updated = $r[0]['edited'];
$parent_id = intval($target_item['parent']);
$uid = $target_item['cuid'];
$updated = $target_item['edited'];
$items = q("SELECT `item`.*, `sign`.`signed_text`,`sign`.`signature`,`sign`.`signer`
FROM `item` LEFT JOIN `sign` ON `sign`.`iid` = `item`.`id` WHERE `parent` = %d AND visible = 1 AND moderated = 0 ORDER BY `id` ASC",
FROM `item` LEFT JOIN `sign` ON `sign`.`iid` = `item`.`id` WHERE `parent` = %d AND visible AND NOT moderated ORDER BY `id` ASC",
intval($parent_id)
);
if (! count($items)) {
if (!count($items)) {
return;
}
// avoid race condition with deleting entries
if ($items[0]['deleted']) {
foreach ($items as $item) {
$item['deleted'] = 1;
@ -171,24 +170,14 @@ class Notifier {
logger('notifier: top level post');
$top_level = true;
}
}
$r = q("SELECT `contact`.*, `user`.`prvkey` AS `uprvkey`,
`user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`,
`user`.`page-flags`, `user`.`prvnets`, `user`.`account-type`
FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `contact`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1",
intval($uid)
);
if (! DBM::is_result($r)) {
$owner = User::getOwnerDataById($uid);
if (!$owner) {
return;
}
$owner = $r[0];
$walltowall = ((($top_level) && ($owner['id'] != $items[0]['contact-id'])) ? true : false);
$walltowall = ($top_level && ($owner['id'] != $items[0]['contact-id']) ? true : false);
// Should the post be transmitted to Diaspora?
$diaspora_delivery = true;
@ -264,7 +253,7 @@ class Notifier {
// we will just use it as a fallback test
// later we will be able to use it as the primary test of whether or not to relay.
if (! $target_item['origin']) {
if (!$target_item['origin']) {
$relay_to_owner = false;
}
if ($parent['origin']) {
@ -306,7 +295,6 @@ class Notifier {
$push_notify = true;
if (($thr_parent && ($thr_parent[0]['network'] == NETWORK_OSTATUS)) || ($parent['network'] == NETWORK_OSTATUS)) {
$push_notify = true;
if ($parent["network"] == NETWORK_OSTATUS) {
@ -336,15 +324,15 @@ class Notifier {
// don't send deletions onward for other people's stuff
if ($target_item['deleted'] && (! intval($target_item['wall']))) {
if ($target_item['deleted'] && !intval($target_item['wall'])) {
logger('notifier: ignoring delete notification for non-wall item');
return;
}
if ((strlen($parent['allow_cid']))
|| (strlen($parent['allow_gid']))
|| (strlen($parent['deny_cid']))
|| (strlen($parent['deny_gid']))) {
if (strlen($parent['allow_cid'])
|| strlen($parent['allow_gid'])
|| strlen($parent['deny_cid'])
|| strlen($parent['deny_gid'])) {
$public_message = false; // private recipients, not public
}
@ -356,7 +344,7 @@ class Notifier {
// if our parent is a public forum (forum_mode == 1), uplink to the origional author causing
// a delivery fork. private groups (forum_mode == 2) do not uplink
if ((intval($parent['forum_mode']) == 1) && (! $top_level) && ($cmd !== 'uplink')) {
if ((intval($parent['forum_mode']) == 1) && !$top_level && ($cmd !== 'uplink')) {
Worker::add($a->queue['priority'], 'Notifier', 'uplink', $item_id);
}
@ -379,12 +367,12 @@ class Notifier {
}
}
if (count($url_recipients))
if (count($url_recipients)) {
logger('notifier: '.$target_item["guid"].' url_recipients ' . print_r($url_recipients,true));
}
$conversants = array_unique($conversants);
$recipients = array_unique(array_merge($recipients,$allow_people,$allow_groups));
$deny = array_unique(array_merge($deny_people,$deny_groups));
$recipients = array_diff($recipients,$deny);
@ -395,7 +383,6 @@ class Notifier {
// If the thread parent is OStatus then do some magic to distribute the messages.
// We have not only to look at the parent, since it could be a Friendica thread.
if (($thr_parent && ($thr_parent[0]['network'] == NETWORK_OSTATUS)) || ($parent['network'] == NETWORK_OSTATUS)) {
$diaspora_delivery = false;
logger('Some parent is OStatus for '.$target_item["guid"]." - Author: ".$thr_parent[0]['author-link']." - Owner: ".$thr_parent[0]['owner-link'], LOGGER_DEBUG);
@ -457,10 +444,10 @@ class Notifier {
$mail_disabled = ((function_exists('imap_open') && (!Config::get('system','imap_disabled'))) ? 0 : 1);
if (! $mail_disabled) {
if ((! strlen($target_item['allow_cid'])) && (! strlen($target_item['allow_gid']))
&& (! strlen($target_item['deny_cid'])) && (! strlen($target_item['deny_gid']))
&& (intval($target_item['pubmail']))) {
if (!$mail_disabled) {
if (!strlen($target_item['allow_cid']) && !strlen($target_item['allow_gid'])
&& !strlen($target_item['deny_cid']) && !strlen($target_item['deny_gid'])
&& intval($target_item['pubmail'])) {
$r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `network` = '%s'",
intval($uid),
dbesc(NETWORK_MAIL)
@ -558,7 +545,7 @@ class Notifier {
continue;
}
if ((! $mail) && (! $fsuggest) && (! $followup)) {
if (!$mail && !$fsuggest && !$followup) {
logger('notifier: delivery agent: '.$rr['name'].' '.$rr['id'].' '.$rr['network'].' '.$target_item["guid"]);
Worker::add(array('priority' => $a->queue['priority'], 'created' => $a->queue['created'], 'dont_fork' => true),
'Delivery', $cmd, $item_id, (int)$rr['id']);