From a16382529135a76c5afaf4d4189856734a8e7f58 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 21 May 2012 22:54:39 -0700 Subject: [PATCH] redir links for permission controlled attachments --- include/conversation.php | 1 + include/text.php | 38 ++++++++++++++++++++++---------------- mod/item.php | 16 ++++++---------- mod/redir.php | 2 +- 4 files changed, 30 insertions(+), 27 deletions(-) diff --git a/include/conversation.php b/include/conversation.php index 6bf673b97..dc574ddff 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -174,6 +174,7 @@ function localize_item(&$item){ } } + } /** diff --git a/include/text.php b/include/text.php index e3c683338..e93c24ef4 100644 --- a/include/text.php +++ b/include/text.php @@ -901,24 +901,30 @@ function prepare_body($item,$attach = false) { foreach($arr as $r) { $matches = false; $icon = ''; - $cnt = preg_match('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"\[\/attach\]|',$r,$matches); + $cnt = preg_match_all('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"\[\/attach\]|',$r,$matches, PREG_SET_ORDER); if($cnt) { - $icontype = strtolower(substr($matches[3],0,strpos($matches[3],'/'))); - switch($icontype) { - case 'video': - case 'audio': - case 'image': - case 'text': - $icon = '
'; - break; - default: - $icon = '
'; - break; - } - $title = ((strlen(trim($matches[4]))) ? escape_tags(trim($matches[4])) : escape_tags($matches[1])); - $title .= ' ' . $matches[2] . ' ' . t('bytes'); + foreach($matches as $mtch) { + $icontype = strtolower(substr($mtch[3],0,strpos($mtch[3],'/'))); + switch($icontype) { + case 'video': + case 'audio': + case 'image': + case 'text': + $icon = '
'; + break; + default: + $icon = '
'; + break; + } + $title = ((strlen(trim($mtch[4]))) ? escape_tags(trim($mtch[4])) : escape_tags($mtch[1])); + $title .= ' ' . $mtch[2] . ' ' . t('bytes'); + if((local_user() == $item['uid']) && $item['contact-id'] != $a->contact['id']) + $the_url = $a->get_baseurl() . '/redir/' . $item['contact-id'] . '?f=1&url=' . $mtch[1]; + else + $the_url = $mtch[1]; - $s .= '' . $icon . ''; + $s .= '' . $icon . ''; + } } } $s .= '
'; diff --git a/mod/item.php b/mod/item.php index 9f6b2aef4..81dd553cd 100644 --- a/mod/item.php +++ b/mod/item.php @@ -290,18 +290,16 @@ function item_post(&$a) { $author = null; $self = false; - if(($_SESSION['uid']) && ($_SESSION['uid'] == $profile_uid)) { + if((local_user()) && (local_user() == $profile_uid)) { $self = true; $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid']) ); } - else { - if((x($_SESSION,'visitor_id')) && (intval($_SESSION['visitor_id']))) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", - intval($_SESSION['visitor_id']) - ); - } + elseif(remote_user()) { + $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", + intval(remote_user()) + ); } if(count($r)) { @@ -311,7 +309,7 @@ function item_post(&$a) { // get contact info for owner - if($profile_uid == $_SESSION['uid']) { + if($profile_uid == local_user()) { $contact_record = $author; } else { @@ -322,8 +320,6 @@ function item_post(&$a) { $contact_record = $r[0]; } - - $post_type = notags(trim($_REQUEST['type'])); if($post_type === 'net-comment') { diff --git a/mod/redir.php b/mod/redir.php index 9223e5483..0f7b5cc23 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -6,7 +6,7 @@ function redir_init(&$a) { // traditional DFRN - if(local_user() && $a->argc == 2 && intval($a->argv[1])) { + if(local_user() && $a->argc > 1 && intval($a->argv[1])) { $cid = $a->argv[1];