Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
friendica/mod/item.php

1302 lines
40 KiB

13 years ago
<?php
/**
*
* This is the POST destination for most all locally posted
* text stuff. This function handles status, wall-to-wall status,
* local comments, and remote coments that are posted on this site
* (as opposed to being delivered in a feed).
* Also processed here are posts and comments coming through the
* statusnet/twitter API.
* All of these become an "item" which is our basic unit of
* information.
* Posts that originate externally or do not fall into the above
* posting categories go through item_store() instead of this function.
*
*/
12 years ago
require_once('include/crypto.php');
require_once('include/enotify.php');
require_once('include/email.php');
require_once('include/tags.php');
require_once('include/files.php');
require_once('include/threads.php');
require_once('include/text.php');
require_once('include/items.php');
require_once('include/Scrape.php');
require_once('include/diaspora.php');
require_once('include/Contact.php');
13 years ago
function item_post(&$a) {
13 years ago
if((! local_user()) && (! remote_user()) && (! x($_REQUEST,'commenter')))
13 years ago
return;
require_once('include/security.php');
$uid = local_user();
13 years ago
if(x($_REQUEST,'dropitems')) {
$arr_drop = explode(',',$_REQUEST['dropitems']);
drop_items($arr_drop);
$json = array('success' => 1);
echo json_encode($json);
killme();
}
call_hooks('post_local_start', $_REQUEST);
// logger('postinput ' . file_get_contents('php://input'));
logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
10 years ago
$message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : '');
$return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : '');
$preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0);
12 years ago
// Check for doubly-submitted posts, and reject duplicates
// Note that we have to ignore previews, otherwise nothing will post
// after it's been previewed
if (!$preview && x($_REQUEST['post_id_random'])) {
if (x($_SESSION['post-random']) && $_SESSION['post-random'] == $_REQUEST['post_id_random']) {
logger("item post: duplicate post", LOGGER_DEBUG);
item_post_return(App::get_baseurl(), $api_source, $return_path);
}
else {
$_SESSION['post-random'] = $_REQUEST['post_id_random'];
}
}
12 years ago
/**
* Is this a reply to something?
*/
$parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0);
$parent_uri = ((x($_REQUEST,'parent_uri')) ? trim($_REQUEST['parent_uri']) : '');
$parent_item = null;
$parent_contact = null;
12 years ago
$thr_parent = '';
$parid = 0;
$r = false;
$objecttype = null;
if ($parent || $parent_uri) {
$objecttype = ACTIVITY_OBJ_COMMENT;
if (! x($_REQUEST,'type')) {
$_REQUEST['type'] = 'net-comment';
}
if ($parent) {
$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
intval($parent)
);
} elseif ($parent_uri && local_user()) {
// This is coming from an API source, and we are logged in
$r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($parent_uri),
intval(local_user())
);
}
$thr_parent_item = $r[0];
// if this isn't the real parent of the conversation, find it
if (dbm::is_result($r)) {
$parid = $r[0]['parent'];
$parent_uri = $r[0]['uri'];
if ($r[0]['id'] != $r[0]['parent']) {
12 years ago
$r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1",
intval($parid)
);
}
}
if (! dbm::is_result($r)) {
notice( t('Unable to locate original post.') . EOL);
if (x($_REQUEST,'return')) {
goaway($return_path);
}
killme();
}
$parent_item = $r[0];
$parent = $r[0]['id'];
12 years ago
// multi-level threading - preserve the info but re-parent to our single level threading
//if(($parid) && ($parid != $parent))
$thr_parent = $parent_uri;
12 years ago
if ($parent_item['contact-id'] && $uid) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($parent_item['contact-id']),
intval($uid)
);
if (dbm::is_result($r))
$parent_contact = $r[0];
// If the contact id doesn't fit with the contact, then set the contact to null
$thrparent = q("SELECT `author-link`, `network` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($thr_parent));
if (count($thrparent) AND ($thrparent[0]["network"] === NETWORK_OSTATUS)
AND (normalise_link($parent_contact["url"]) != normalise_link($thrparent[0]["author-link"]))) {
$parent_contact = get_contact_details_by_url($thrparent[0]["author-link"]);
if (!isset($parent_contact["nick"])) {
require_once("include/Scrape.php");
$probed_contact = probe_url($thrparent[0]["author-link"]);
if ($probed_contact["network"] != NETWORK_FEED) {
$parent_contact = $probed_contact;
$parent_contact["nurl"] = normalise_link($probed_contact["url"]);
$parent_contact["thumb"] = $probed_contact["photo"];
$parent_contact["micro"] = $probed_contact["photo"];
$parent_contact["addr"] = $probed_contact["addr"];
}
}
logger('no contact found: '.print_r($thrparent, true), LOGGER_DEBUG);
} else
logger('parent contact: '.print_r($parent_contact, true), LOGGER_DEBUG);
if ($parent_contact["nick"] == "")
$parent_contact["nick"] = $parent_contact["name"];
}
}
if($parent) logger('mod_item: item_post parent=' . $parent);
$profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0);
$post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0);
$app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : '');
$extid = ((x($_REQUEST,'extid')) ? strip_tags($_REQUEST['extid']) : '');
$object = ((x($_REQUEST,'object')) ? $_REQUEST['object'] : '');
// Check for multiple posts with the same message id (when the post was created via API)
if (($message_id != '') AND ($profile_uid != 0)) {
$r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($message_id),
intval($profile_uid)
);
if (dbm::is_result($r)) {
logger("Message with URI ".$message_id." already exists for user ".$profile_uid, LOGGER_DEBUG);
return;
}
}
$allow_moderated = false;
// here is where we are going to check for permission to post a moderated comment.
// First check that the parent exists and it is a wall item.
if((x($_REQUEST,'commenter')) && ((! $parent) || (! $parent_item['wall']))) {
notice( t('Permission denied.') . EOL) ;
if(x($_REQUEST,'return'))
goaway($return_path);
killme();
}
// Now check that it is a page_type of PAGE_BLOG, and that valid personal details
// have been provided, and run any anti-spam plugins
if((! can_write_wall($a,$profile_uid)) && (! $allow_moderated)) {
notice( t('Permission denied.') . EOL) ;
if(x($_REQUEST,'return'))
goaway($return_path);
killme();
13 years ago
}
// is this an edited post?
$orig_post = null;
if($post_id) {
$i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1",
intval($profile_uid),
intval($post_id)
);
if(! count($i))
killme();
$orig_post = $i[0];
}
$user = null;
$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
intval($profile_uid)
);
if (dbm::is_result($r))
$user = $r[0];
if($orig_post) {
$str_group_allow = $orig_post['allow_gid'];
$str_contact_allow = $orig_post['allow_cid'];
$str_group_deny = $orig_post['deny_gid'];
$str_contact_deny = $orig_post['deny_cid'];
$location = $orig_post['location'];
$coord = $orig_post['coord'];
$verb = $orig_post['verb'];
$objecttype = $orig_post['object-type'];
$emailcc = $orig_post['emailcc'];
$app = $orig_post['app'];
$categories = $orig_post['file'];
$title = notags(trim($_REQUEST['title']));
$body = escape_tags(trim($_REQUEST['body']));
$private = $orig_post['private'];
$pubmail_enable = $orig_post['pubmail'];
$network = $orig_post['network'];
$guid = $orig_post['guid'];
$extid = $orig_post['extid'];
} else {
// if coming from the API and no privacy settings are set,
// use the user default permissions - as they won't have
// been supplied via a form.
if(($api_source)
&& (! array_key_exists('contact_allow',$_REQUEST))
&& (! array_key_exists('group_allow',$_REQUEST))
&& (! array_key_exists('contact_deny',$_REQUEST))
&& (! array_key_exists('group_deny',$_REQUEST))) {
$str_group_allow = $user['allow_gid'];
$str_contact_allow = $user['allow_cid'];
$str_group_deny = $user['deny_gid'];
$str_contact_deny = $user['deny_cid'];
}
else {
// use the posted permissions
$str_group_allow = perms2str($_REQUEST['group_allow']);
$str_contact_allow = perms2str($_REQUEST['contact_allow']);
$str_group_deny = perms2str($_REQUEST['group_deny']);
$str_contact_deny = perms2str($_REQUEST['contact_deny']);
}
$title = notags(trim($_REQUEST['title']));
$location = notags(trim($_REQUEST['location']));
$coord = notags(trim($_REQUEST['coord']));
$verb = notags(trim($_REQUEST['verb']));
$emailcc = notags(trim($_REQUEST['emailcc']));
$body = escape_tags(trim($_REQUEST['body']));
$network = notags(trim($_REQUEST['network']));
$guid = get_guid(32);
item_add_language_opt($_REQUEST);
$postopts = $_REQUEST['postopts'] ? $_REQUEST['postopts'] : "";
$private = ((strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) ? 1 : 0);
if($user['hidewall'])
$private = 2;
// If this is a comment, set the permissions from the parent.
if($parent_item) {
// for non native networks use the network of the original post as network of the item
if (($parent_item['network'] != NETWORK_DIASPORA)
AND ($parent_item['network'] != NETWORK_OSTATUS)
AND ($network == ""))
$network = $parent_item['network'];
$str_contact_allow = $parent_item['allow_cid'];
$str_group_allow = $parent_item['allow_gid'];
$str_contact_deny = $parent_item['deny_cid'];
$str_group_deny = $parent_item['deny_gid'];
$private = $parent_item['private'];
}
$pubmail_enable = ((x($_REQUEST,'pubmail_enable') && intval($_REQUEST['pubmail_enable']) && (! $private)) ? 1 : 0);
// if using the API, we won't see pubmail_enable - figure out if it should be set
if($api_source && $profile_uid && $profile_uid == local_user() && (! $private)) {
$mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
if(! $mail_disabled) {
$r = q("SELECT * FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1",
intval(local_user())
);
if (dbm::is_result($r) && intval($r[0]['pubmail']))
$pubmail_enabled = true;
}
}
if(! strlen($body)) {
11 years ago
if($preview)
killme();
info( t('Empty post discarded.') . EOL );
if(x($_REQUEST,'return'))
goaway($return_path);
killme();
}
13 years ago
}
if(strlen($categories)) {
// get the "fileas" tags for this post
$filedas = file_tag_file_to_list($categories, 'file');
}
// save old and new categories, so we can determine what needs to be deleted from pconfig
$categories_old = $categories;
$categories = file_tag_list_to_file(trim($_REQUEST['category']), 'category');
$categories_new = $categories;
if(strlen($filedas)) {
// append the fileas stuff to the new categories list
$categories .= file_tag_list_to_file($filedas, 'file');
}
// Work around doubled linefeeds in Tinymce 3.5b2
// First figure out if it's a status post that would've been
// created using tinymce. Otherwise leave it alone.
/* $plaintext = (local_user() ? intval(get_pconfig(local_user(),'system','plaintext')) || !feature_enabled($profile_uid,'richtext') : 0);
if((! $parent) && (! $api_source) && (! $plaintext)) {
$body = fix_mce_lf($body);
}*/
$plaintext = (local_user() ? !feature_enabled($profile_uid,'richtext') : 0);
if((! $parent) && (! $api_source) && (! $plaintext)) {
$body = fix_mce_lf($body);
}
// get contact info for poster
$author = null;
$self = false;
$contact_id = 0;
if((local_user()) && (local_user() == $profile_uid)) {
$self = true;
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
intval($_SESSION['uid']));
}
elseif(remote_user()) {
if(is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $profile_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if($contact_id) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
intval($contact_id)
);
}
}
if (dbm::is_result($r)) {
$author = $r[0];
$contact_id = $author['id'];
}
// get contact info for owner
if($profile_uid == local_user()) {
$contact_record = $author;
}
else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
intval($profile_uid)
);
if (dbm::is_result($r))
$contact_record = $r[0];
}
$post_type = notags(trim($_REQUEST['type']));
if($post_type === 'net-comment') {
if($parent_item !== null) {
if($parent_item['wall'] == 1)
$post_type = 'wall-comment';
else
$post_type = 'remote-comment';
}
}
13 years ago
/**
*
* When a photo was uploaded into the message using the (profile wall) ajax
* uploader, The permissions are initially set to disallow anybody but the
* owner from seeing it. This is because the permissions may not yet have been
* set for the post. If it's private, the photo permissions should be set
* appropriately. But we didn't know the final permissions on the post until
* now. So now we'll look for links of uploaded messages that are in the
* post and set them to the same permissions as the post itself.
*
*/
$match = null;
if((! $preview) && preg_match_all("/\[img([\=0-9x]*?)\](.*?)\[\/img\]/",$body,$match)) {
$images = $match[2];
if(count($images)) {
$objecttype = ACTIVITY_OBJ_IMAGE;
foreach ($images as $image) {
if (! stristr($image,App::get_baseurl() . '/photo/')) {
continue;
}
$image_uri = substr($image,strrpos($image,'/') + 1);
$image_uri = substr($image_uri,0, strpos($image_uri,'-'));
if (! strlen($image_uri)) {
continue;
}
$srch = '<' . intval($contact_id) . '>';
$r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = ''
AND `resource-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($srch),
dbesc($image_uri),
intval($profile_uid)
);
if (! dbm::is_result($r)) {
continue;
}
$r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
WHERE `resource-id` = '%s' AND `uid` = %d AND `album` = '%s' ",
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
dbesc($str_group_deny),
dbesc($image_uri),
intval($profile_uid),
dbesc( t('Wall Photos'))
);
}
}
}
12 years ago
/**
* Next link in any attachment references we find in the post.
*/
$match = false;
12 years ago
if((! $preview) && preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",$body,$match)) {
12 years ago
$attaches = $match[1];
if(count($attaches)) {
foreach($attaches as $attach) {
$r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
intval($profile_uid),
intval($attach)
);
if (dbm::is_result($r)) {
12 years ago
$r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
WHERE `uid` = %d AND `id` = %d",
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
dbesc($str_group_deny),
12 years ago
intval($profile_uid),
intval($attach)
12 years ago
);
}
}
}
}
// embedded bookmark or attachment in post? set bookmark flag
$bookmark = 0;
$data = get_attachment_data($body);
if (preg_match_all("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism", $body, $match, PREG_SET_ORDER) OR isset($data["type"])) {
$objecttype = ACTIVITY_OBJ_BOOKMARK;
$bookmark = 1;
}
$body = bb_translate_video($body);
/**
* Fold multi-line [code] sequences
*/
$body = preg_replace('/\[\/code\]\s*\[code\]/ism',"\n",$body);
$body = scale_external_images($body,false);
// Setting the object type if not defined before
if (!$objecttype) {
$objecttype = ACTIVITY_OBJ_NOTE; // Default value
require_once("include/plaintext.php");
$objectdata = get_attached_data($body);
if ($post["type"] == "link")
$objecttype = ACTIVITY_OBJ_BOOKMARK;
elseif ($post["type"] == "video")
$objecttype = ACTIVITY_OBJ_VIDEO;
elseif ($post["type"] == "photo")
$objecttype = ACTIVITY_OBJ_IMAGE;
}
/**
* Look for any tags and linkify them
*/
$str_tags = '';
$inform = '';
$tags = get_tags($body);
/**
* add a statusnet style reply tag if the original post was from there
* and we are replying, and there isn't one already
*/
if ($parent AND ($parent_contact['network'] == NETWORK_OSTATUS)) {
$contact = '@[url='.$parent_contact['url'].']'.$parent_contact['nick'].'[/url]';
if (!in_array($contact,$tags)) {
$body = $contact.' '.$body;
$tags[] = $contact;
}
$toplevel_contact = "";
8 years ago
$toplevel_parent = q("SELECT `contact`.* FROM `contact`
INNER JOIN `item` ON `item`.`contact-id` = `contact`.`id` AND `contact`.`url` = `item`.`author-link`
WHERE `item`.`id` = `item`.`parent` AND `item`.`parent` = %d", intval($parent));
if ($toplevel_parent)
$toplevel_contact = '@'.$toplevel_parent[0]['nick'].'+'.$toplevel_parent[0]['id'];
else {
$toplevel_parent = q("SELECT `author-link`, `author-name` FROM `item` WHERE `id` = `parent` AND `parent` = %d", intval($parent));
$toplevel_contact = '@[url='.$toplevel_parent[0]['author-link'].']'.$toplevel_parent[0]['author-name'].'[/url]';
}
if (!in_array($toplevel_contact,$tags))
$tags[] = $toplevel_contact;
}
$tagged = array();
$private_forum = false;
if(count($tags)) {
foreach($tags as $tag) {
if(strpos($tag,'#') === 0)
continue;
// If we already tagged 'Robert Johnson', don't try and tag 'Robert'.
// Robert Johnson should be first in the $tags array
$fullnametagged = false;
for($x = 0; $x < count($tagged); $x ++) {
if(stristr($tagged[$x],$tag . ' ')) {
$fullnametagged = true;
break;
}
}
if($fullnametagged)
continue;
$success = handle_tag($a, $body, $inform, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag, $network);
if($success['replaced'])
$tagged[] = $tag;
if(is_array($success['contact']) && intval($success['contact']['prv'])) {
$private_forum = true;
$private_id = $success['contact']['id'];
}
}
}
if(($private_forum) && (! $parent) && (! $private)) {
// we tagged a private forum in a top level post and the message was public.
// Restrict it.
$private = 1;
$str_contact_allow = '<' . $private_id . '>';
}
12 years ago
$attachments = '';
$match = false;
12 years ago
if(preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/',$body,$match)) {
foreach($match[2] as $mtch) {
$r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
intval($profile_uid),
intval($mtch)
);
if (dbm::is_result($r)) {
if (strlen($attachments)) {
12 years ago
$attachments .= ',';
}
$attachments .= '[attach]href="' . App::get_baseurl() . '/attach/' . $r[0]['id'] . '" length="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . (($r[0]['filename']) ? $r[0]['filename'] : '') . '"[/attach]';
12 years ago
}
$body = str_replace($match[1],'',$body);
}
}
$wall = 0;
if ($post_type === 'wall' || $post_type === 'wall-comment') {
$wall = 1;
}
12 years ago
if (! strlen($verb)) {
12 years ago
$verb = ACTIVITY_POST ;
}
if ($network == "") {
$network = NETWORK_DFRN;
}
$gravity = (($parent) ? 6 : 0 );
// even if the post arrived via API we are considering that it
// originated on this site by default for determining relayability.
$origin = ((x($_REQUEST,'origin')) ? intval($_REQUEST['origin']) : 1);
13 years ago