From 17b081f9f79c30fb792912a884fd65984eb7c391 Mon Sep 17 00:00:00 2001
From: Friendika <info@friendika.com>
Date: Sun, 11 Sep 2011 21:52:50 -0700
Subject: [PATCH] allow html post to api

---
 include/api.php | 28 +++++++++++++++++++++++++++-
 mod/item.php    | 13 ++++---------
 2 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/include/api.php b/include/api.php
index 1f58a6baae..5d008c2909 100644
--- a/include/api.php
+++ b/include/api.php
@@ -466,6 +466,7 @@
 		}
 		return null;
 	}
+
 	// TODO - media uploads
 	function api_statuses_update(&$a, $type) {
 		if (local_user()===false) return false;
@@ -475,7 +476,32 @@
 
 		// logger('api_post: ' . print_r($_POST,true));
 
-		$_POST['body'] = urldecode(requestdata('status'));
+		if(requestdata('htmlstatus')) {
+			require_once('library/HTMLPurifier.auto.php');
+			require_once('include/html2bbcode.php');
+
+			$txt = requestdata('htmlstatus');
+			if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) {
+
+				$txt = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
+					'[youtube]$1[/youtube]', $txt);
+
+				$txt = preg_replace('#<iframe[^>].+?' . 'http://www.youtube.com/embed/([A-Za-z0-9\-_=]+).+?</iframe>#s',
+					'[youtube]$1[/youtube]', $txt);
+
+				$config = HTMLPurifier_Config::createDefault();
+				$config->set('Cache.DefinitionImpl', null);
+
+
+				$purifier = new HTMLPurifier($config);
+				$txt = $purifier->purify($txt);
+
+				$_POST['body'] = html2bbcode($txt);
+			}
+
+		}
+		else
+			$_POST['body'] = urldecode(requestdata('status'));
 
 		$parent = requestdata('in_reply_to_status_id');
 		if(ctype_digit($parent))
diff --git a/mod/item.php b/mod/item.php
index b4ec7666fd..e6ce1ea6f8 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -38,6 +38,7 @@ function item_post(&$a) {
 	call_hooks('post_local_start', $_POST);
 
 	$api_source = ((x($_POST,'api_source') && $_POST['api_source']) ? true : false);
+	$return_path = ((x($_POST,'return')) ? $_POST['return'] : '');
 
 	/**
 	 * Is this a reply to something?
@@ -834,12 +835,6 @@ function item_post(&$a) {
 		}
 	}
 
-
-
-
-
-
-
 	logger('post_complete');
 
 	// figure out how to return, depending on from whence we came
@@ -847,10 +842,10 @@ function item_post(&$a) {
 	if($api_source)
 		return;
 
-	if((x($_POST,'return')) && strlen($_POST['return'])) {
-		logger('return: ' . $_POST['return']);
-		goaway($a->get_baseurl() . "/" . $_POST['return'] );
+	if($return_path) {
+		goaway($a->get_baseurl() . "/" . $return_path);
 	}
+
 	$json = array('success' => 1);
 	if(x($_POST,'jsreload') && strlen($_POST['jsreload']))
 		$json['reload'] = $a->get_baseurl() . '/' . $_POST['jsreload'];