friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Merge pull request #967 from fabrixxm/issue_737 

add check for expiration time in item_store()
This commit is contained in:
Michael Vogel 2014-05-13 10:16:15 +02:00
parent 0774a5c5fd f55a22cb19
commit 6253d61803
1 changed files with 80 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

143
include/items.php
View File

@ -176,7 +176,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
'$thumb' => xmlify($owner['thumb']), '$thumb' => xmlify($owner['thumb']),
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
'$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''), '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''),
'$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '') '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
)); ));
@ -261,7 +261,7 @@ function construct_activity_object($item) {
} }
return ''; return '';
} }
function construct_activity_target($item) { function construct_activity_target($item) {
@ -425,7 +425,7 @@ function get_atom_elements($feed, $item, $contact = array()) {
$res = array(); $res = array();
$author = $item->get_author(); $author = $item->get_author();
if($author) { if($author) {
$res['author-name'] = unxmlify($author->get_name()); $res['author-name'] = unxmlify($author->get_name());
$res['author-link'] = unxmlify($author->get_link()); $res['author-link'] = unxmlify($author->get_link());
} }
@ -554,14 +554,14 @@ function get_atom_elements($feed, $item, $contact = array()) {
$res['body'] = limit_body_size($res['body']); $res['body'] = limit_body_size($res['body']);
// It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust // It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust
// the content type. Our own network only emits text normally, though it might have been converted to // the content type. Our own network only emits text normally, though it might have been converted to
// html if we used a pubsubhubbub transport. But if we see even one html tag in our text, we will // html if we used a pubsubhubbub transport. But if we see even one html tag in our text, we will
// have to assume it is all html and needs to be purified. // have to assume it is all html and needs to be purified.
// It doesn't matter all that much security wise - because before this content is used anywhere, we are // It doesn't matter all that much security wise - because before this content is used anywhere, we are
// going to escape any tags we find regardless, but this lets us import a limited subset of html from // going to escape any tags we find regardless, but this lets us import a limited subset of html from
// the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining // the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining
// html. // html.
if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) { if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) {
@ -720,7 +720,7 @@ function get_atom_elements($feed, $item, $contact = array()) {
if(! $type) if(! $type)
$type = 'application/octet-stream'; $type = 'application/octet-stream';
$att_arr[] = '[attach]href="' . $link . '" length="' . $len . '" type="' . $type . '" title="' . $title . '"[/attach]'; $att_arr[] = '[attach]href="' . $link . '" length="' . $len . '" type="' . $type . '" title="' . $title . '"[/attach]';
} }
$res['attach'] = implode(',', $att_arr); $res['attach'] = implode(',', $att_arr);
} }
@ -989,6 +989,23 @@ function item_store($arr,$force_parent = false) {
if(! x($arr,'type')) if(! x($arr,'type'))
$arr['type'] = 'remote'; $arr['type'] = 'remote';
/* check for create date and expire time */
$uid = intval($arr['uid']);
$r = q("SELECT expire FROM user WHERE uid = %d", $uid);
if(count($r)) {
$expire_interval = $r[0]['expire'];
if ($expire_interval>0) {
$expire_date = new DateTime( '- '.$expire_interval.' days', new DateTimeZone('UTC'));
$created_date = new DateTime($arr['created'], new DateTimeZone('UTC'));
if ($created_date < $expire_date) {
logger('item-store: item created ('.$arr['created'].') before expiration time ('.$expire_date->format(DateTime::W3C).'). ignored. ' . print_r($arr,true), LOGGER_DEBUG);
return 0;
}
}
}
// Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin. // Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin.
if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
@ -1647,7 +1664,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$final_dfrn_id = ''; $final_dfrn_id = '';
if($perm) { if($perm) {
if((($perm == 'rw') && (! intval($contact['writable']))) if((($perm == 'rw') && (! intval($contact['writable'])))
|| (($perm == 'r') && (intval($contact['writable'])))) { || (($perm == 'r') && (intval($contact['writable'])))) {
q("update contact set writable = %d where id = %d", q("update contact set writable = %d where id = %d",
intval(($perm == 'rw') ? 1 : 0), intval(($perm == 'rw') ? 1 : 0),
@ -1657,7 +1674,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
} }
} }
if(($contact['duplex'] && strlen($contact['pubkey'])) if(($contact['duplex'] && strlen($contact['pubkey']))
|| ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))
|| ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey']))) { || ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey']))) {
openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']); openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
@ -1675,7 +1692,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
if($final_dfrn_id != $orig_id) { if($final_dfrn_id != $orig_id) {
logger('dfrn_deliver: wrong dfrn_id.'); logger('dfrn_deliver: wrong dfrn_id.');
// did not decode properly - cannot trust this site // did not decode properly - cannot trust this site
return 3; return 3;
} }
@ -1698,16 +1715,16 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
if($page) if($page)
$postvars['page'] = $page; $postvars['page'] = $page;
if($rino && $rino_allowed && (! $dissolve)) { if($rino && $rino_allowed && (! $dissolve)) {
$key = substr(random_string(),0,16); $key = substr(random_string(),0,16);
$data = bin2hex(aes_encrypt($postvars['data'],$key)); $data = bin2hex(aes_encrypt($postvars['data'],$key));
$postvars['data'] = $data; $postvars['data'] = $data;
logger('rino: sent key = ' . $key, LOGGER_DEBUG); logger('rino: sent key = ' . $key, LOGGER_DEBUG);
if($dfrn_version >= 2.1) { if($dfrn_version >= 2.1) {
if(($contact['duplex'] && strlen($contact['pubkey'])) if(($contact['duplex'] && strlen($contact['pubkey']))
|| ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))
|| ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey']))) { || ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey']))) {
@ -1758,7 +1775,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$res = parse_xml_string($xml); $res = parse_xml_string($xml);
return $res->status; return $res->status;
} }
@ -1791,12 +1808,12 @@ function edited_timestamp_is_newer($existing, $update) {
* $importer = the contact_record (joined to user_record) of the local user who owns this relationship. * $importer = the contact_record (joined to user_record) of the local user who owns this relationship.
* It is this person's stuff that is going to be updated. * It is this person's stuff that is going to be updated.
* $contact = the person who is sending us stuff. If not set, we MAY be processing a "follow" activity * $contact = the person who is sending us stuff. If not set, we MAY be processing a "follow" activity
* from an external network and MAY create an appropriate contact record. Otherwise, we MUST * from an external network and MAY create an appropriate contact record. Otherwise, we MUST
* have a contact record. * have a contact record.
* $hub = should we find a hub declation in the feed, pass it back to our calling process, who might (or * $hub = should we find a hub declation in the feed, pass it back to our calling process, who might (or
* might not) try and subscribe to it. * might not) try and subscribe to it.
* $datedir sorts in reverse order * $datedir sorts in reverse order
* $pass - by default ($pass = 0) we cannot guarantee that a parent item has been * $pass - by default ($pass = 0) we cannot guarantee that a parent item has been
* imported prior to its children being seen in the stream unless we are certain * imported prior to its children being seen in the stream unless we are certain
* of how the feed is arranged/ordered. * of how the feed is arranged/ordered.
* With $pass = 1, we only pull parent items out of the stream. * With $pass = 1, we only pull parent items out of the stream.
@ -1957,7 +1974,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
* *
* $bdtext is just a readable placeholder in case the event is shared * $bdtext is just a readable placeholder in case the event is shared
* with others. We will replace it during presentation to our $importer * with others. We will replace it during presentation to our $importer
* to contain a sparkle link and perhaps a photo. * to contain a sparkle link and perhaps a photo.
* *
*/ */
@ -1988,7 +2005,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
); );
// This function is called twice without reloading the contact // This function is called twice without reloading the contact
// Make sure we only create one event. This is why &$contact // Make sure we only create one event. This is why &$contact
// is a reference var in this function // is a reference var in this function
$contact['bdyear'] = substr($birthday,0,4); $contact['bdyear'] = substr($birthday,0,4);
@ -2027,7 +2044,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
$when = datetime_convert('UTC','UTC','now','Y-m-d H:i:s'); $when = datetime_convert('UTC','UTC','now','Y-m-d H:i:s');
} }
if($deleted && is_array($contact)) { if($deleted && is_array($contact)) {
$r = q("SELECT `item`.*, `contact`.`self` FROM `item` INNER JOIN `contact` on `item`.`contact-id` = `contact`.`id` $r = q("SELECT `item`.*, `contact`.`self` FROM `item` INNER JOIN `contact` on `item`.`contact-id` = `contact`.`id`
WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1", WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1",
dbesc($uri), dbesc($uri),
intval($importer['uid']), intval($importer['uid']),
@ -2441,19 +2458,19 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
$datarray['contact-id'] = $contact['id']; $datarray['contact-id'] = $contact['id'];
if(! link_compare($datarray['owner-link'],$contact['url'])) { if(! link_compare($datarray['owner-link'],$contact['url'])) {
// The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery, // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
// but otherwise there's a possible data mixup on the sender's system. // but otherwise there's a possible data mixup on the sender's system.
// the tgroup delivery code called from item_store will correct it if it's a forum, // the tgroup delivery code called from item_store will correct it if it's a forum,
// but we're going to unconditionally correct it here so that the post will always be owned by our contact. // but we're going to unconditionally correct it here so that the post will always be owned by our contact.
logger('consume_feed: Correcting item owner.', LOGGER_DEBUG); logger('consume_feed: Correcting item owner.', LOGGER_DEBUG);
$datarray['owner-name'] = $contact['name']; $datarray['owner-name'] = $contact['name'];
$datarray['owner-link'] = $contact['url']; $datarray['owner-link'] = $contact['url'];
$datarray['owner-avatar'] = $contact['thumb']; $datarray['owner-avatar'] = $contact['thumb'];
} }
// We've allowed "followers" to reach this point so we can decide if they are // We've allowed "followers" to reach this point so we can decide if they are
// posting an @-tag delivery, which followers are allowed to do for certain // posting an @-tag delivery, which followers are allowed to do for certain
// page types. Now that we've parsed the post, let's check if it is legit. Otherwise ignore it. // page types. Now that we've parsed the post, let's check if it is legit. Otherwise ignore it.
if(($contact['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['uid'],$datarray))) if(($contact['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['uid'],$datarray)))
continue; continue;
@ -2811,7 +2828,7 @@ function local_delivery($importer,$data) {
dbesc_array($msg); dbesc_array($msg);
$r = dbq("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg)) $r = dbq("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg))
. "`) VALUES ('" . implode("', '", array_values($msg)) . "')" ); . "`) VALUES ('" . implode("', '", array_values($msg)) . "')" );
// send notifications. // send notifications.
@ -2895,18 +2912,18 @@ function local_delivery($importer,$data) {
} }
else else
$sql_extra = " and contact.self = 1 and item.wall = 1 "; $sql_extra = " and contact.self = 1 and item.wall = 1 ";
// was the top-level post for this reply written by somebody on this site? // was the top-level post for this reply written by somebody on this site?
// Specifically, the recipient? // Specifically, the recipient?
$is_a_remote_delete = false; $is_a_remote_delete = false;
// POSSIBLE CLEANUP --> Why select so many fields when only forum_mode and wall are used? // POSSIBLE CLEANUP --> Why select so many fields when only forum_mode and wall are used?
$r = q("select `item`.`id`, `item`.`uri`, `item`.`tag`, `item`.`forum_mode`,`item`.`origin`,`item`.`wall`, $r = q("select `item`.`id`, `item`.`uri`, `item`.`tag`, `item`.`forum_mode`,`item`.`origin`,`item`.`wall`,
`contact`.`name`, `contact`.`url`, `contact`.`thumb` from `item` `contact`.`name`, `contact`.`url`, `contact`.`thumb` from `item`
INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
WHERE `item`.`uri` = '%s' AND (`item`.`parent-uri` = '%s' or `item`.`thr-parent` = '%s') WHERE `item`.`uri` = '%s' AND (`item`.`parent-uri` = '%s' or `item`.`thr-parent` = '%s')
AND `item`.`uid` = %d AND `item`.`uid` = %d
$sql_extra $sql_extra
LIMIT 1", LIMIT 1",
dbesc($parent_uri), dbesc($parent_uri),
@ -2918,8 +2935,8 @@ function local_delivery($importer,$data) {
$is_a_remote_delete = true; $is_a_remote_delete = true;
// Does this have the characteristics of a community or private group comment? // Does this have the characteristics of a community or private group comment?
// If it's a reply to a wall post on a community/prvgroup page it's a // If it's a reply to a wall post on a community/prvgroup page it's a
// valid community comment. Also forum_mode makes it valid for sure. // valid community comment. Also forum_mode makes it valid for sure.
// If neither, it's not. // If neither, it's not.
if($is_a_remote_delete && $community) { if($is_a_remote_delete && $community) {
@ -3094,8 +3111,8 @@ function local_delivery($importer,$data) {
} }
// Does this have the characteristics of a community or private group comment? // Does this have the characteristics of a community or private group comment?
// If it's a reply to a wall post on a community/prvgroup page it's a // If it's a reply to a wall post on a community/prvgroup page it's a
// valid community comment. Also forum_mode makes it valid for sure. // valid community comment. Also forum_mode makes it valid for sure.
// If neither, it's not. // If neither, it's not.
if($is_a_remote_comment && $community) { if($is_a_remote_comment && $community) {
@ -3275,7 +3292,7 @@ function local_delivery($importer,$data) {
'link' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id, 'link' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id,
'source_name' => stripslashes($datarray['author-name']), 'source_name' => stripslashes($datarray['author-name']),
'source_link' => $datarray['author-link'], 'source_link' => $datarray['author-link'],
'source_photo' => ((link_compare($datarray['author-link'],$importer['url'])) 'source_photo' => ((link_compare($datarray['author-link'],$importer['url']))
? $importer['thumb'] : $datarray['author-avatar']), ? $importer['thumb'] : $datarray['author-avatar']),
'verb' => ACTIVITY_POST, 'verb' => ACTIVITY_POST,
'otype' => 'item', 'otype' => 'item',
@ -3439,7 +3456,7 @@ function local_delivery($importer,$data) {
'link' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id, 'link' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id,
'source_name' => stripslashes($datarray['author-name']), 'source_name' => stripslashes($datarray['author-name']),
'source_link' => $datarray['author-link'], 'source_link' => $datarray['author-link'],
'source_photo' => ((link_compare($datarray['author-link'],$importer['url'])) 'source_photo' => ((link_compare($datarray['author-link'],$importer['url']))
? $importer['thumb'] : $datarray['author-avatar']), ? $importer['thumb'] : $datarray['author-avatar']),
'verb' => ACTIVITY_POST, 'verb' => ACTIVITY_POST,
'otype' => 'item', 'otype' => 'item',
@ -3539,10 +3556,10 @@ function local_delivery($importer,$data) {
if(! link_compare($datarray['owner-link'],$importer['url'])) { if(! link_compare($datarray['owner-link'],$importer['url'])) {
// The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery, // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
// but otherwise there's a possible data mixup on the sender's system. // but otherwise there's a possible data mixup on the sender's system.
// the tgroup delivery code called from item_store will correct it if it's a forum, // the tgroup delivery code called from item_store will correct it if it's a forum,
// but we're going to unconditionally correct it here so that the post will always be owned by our contact. // but we're going to unconditionally correct it here so that the post will always be owned by our contact.
logger('local_delivery: Correcting item owner.', LOGGER_DEBUG); logger('local_delivery: Correcting item owner.', LOGGER_DEBUG);
$datarray['owner-name'] = $importer['senderName']; $datarray['owner-name'] = $importer['senderName'];
$datarray['owner-link'] = $importer['url']; $datarray['owner-link'] = $importer['url'];
@ -3569,7 +3586,7 @@ function local_delivery($importer,$data) {
foreach($links->link as $l) { foreach($links->link as $l) {
$atts = $l->attributes(); $atts = $l->attributes();
switch($atts['rel']) { switch($atts['rel']) {
case "alternate": case "alternate":
$Blink = $atts['href']; $Blink = $atts['href'];
break; break;
default: default:
@ -3592,7 +3609,7 @@ function local_delivery($importer,$data) {
'link' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id, 'link' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id,
'source_name' => stripslashes($datarray['author-name']), 'source_name' => stripslashes($datarray['author-name']),
'source_link' => $datarray['author-link'], 'source_link' => $datarray['author-link'],
'source_photo' => ((link_compare($datarray['author-link'],$importer['url'])) 'source_photo' => ((link_compare($datarray['author-link'],$importer['url']))
? $importer['thumb'] : $datarray['author-avatar']), ? $importer['thumb'] : $datarray['author-avatar']),
'verb' => $datarray['verb'], 'verb' => $datarray['verb'],
'otype' => 'person', 'otype' => 'person',
@ -3601,7 +3618,7 @@ function local_delivery($importer,$data) {
)); ));
} }
} }
} }
continue; continue;
} }
@ -3637,7 +3654,7 @@ function new_follower($importer,$contact,$datarray,$item,$sharing = false) {
// create contact record // create contact record
$r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `nurl`, `name`, `nick`, `photo`, `network`, `rel`, $r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `nurl`, `name`, `nick`, `photo`, `network`, `rel`,
`blocked`, `readonly`, `pending`, `writable` ) `blocked`, `readonly`, `pending`, `writable` )
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, 0, 0, 1, 1 ) ", VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, 0, 0, 1, 1 ) ",
intval($importer['uid']), intval($importer['uid']),
@ -3689,7 +3706,7 @@ function new_follower($importer,$contact,$datarray,$item,$sharing = false) {
'$siteurl' => $a->get_baseurl(), '$siteurl' => $a->get_baseurl(),
'$sitename' => $a->config['sitename'] '$sitename' => $a->config['sitename']
)); ));
$res = mail($r[0]['email'], $res = mail($r[0]['email'],
email_header_encode((($sharing) ? t('A new person is sharing with you at ') : t("You have a new follower at ")) . $a->config['sitename'],'UTF-8'), email_header_encode((($sharing) ? t('A new person is sharing with you at ') : t("You have a new follower at ")) . $a->config['sitename'],'UTF-8'),
$email, $email,
'From: ' . 'Administrator' . '@' . $_SERVER['SERVER_NAME'] . "\n" 'From: ' . 'Administrator' . '@' . $_SERVER['SERVER_NAME'] . "\n"
@ -3738,7 +3755,7 @@ function subscribe_to_hub($url,$importer,$contact,$hubmode = 'subscribe') {
); );
} }
// Diaspora has different message-ids in feeds than they do // Diaspora has different message-ids in feeds than they do
// through the direct Diaspora protocol. If we try and use // through the direct Diaspora protocol. If we try and use
// the feed, we'll get duplicates. So don't. // the feed, we'll get duplicates. So don't.
@ -3934,7 +3951,7 @@ function fix_private_photos($s, $uid, $item = null, $cid = 0) {
// Check to see if we should replace this photo link with an embedded image // Check to see if we should replace this photo link with an embedded image
// 1. No need to do so if the photo is public // 1. No need to do so if the photo is public
// 2. If there's a contact-id provided, see if they're in the access list // 2. If there's a contact-id provided, see if they're in the access list
// for the photo. If so, embed it. // for the photo. If so, embed it.
// 3. Otherwise, if we have an item, see if the item permissions match the photo // 3. Otherwise, if we have an item, see if the item permissions match the photo
// permissions, regardless of order but first check to see if they're an exact // permissions, regardless of order but first check to see if they're an exact
// match to save some processing overhead. // match to save some processing overhead.
@ -3943,7 +3960,7 @@ function fix_private_photos($s, $uid, $item = null, $cid = 0) {
if($cid) { if($cid) {
$recips = enumerate_permissions($r[0]); $recips = enumerate_permissions($r[0]);
if(in_array($cid, $recips)) { if(in_array($cid, $recips)) {
$replace = true; $replace = true;
} }
} }
elseif($item) { elseif($item) {
@ -3976,7 +3993,7 @@ function fix_private_photos($s, $uid, $item = null, $cid = 0) {
} }
} }
} }
} }
$new_body = $new_body . substr($orig_body, 0, $img_start + $img_st_close) . $image . '[/img]'; $new_body = $new_body . substr($orig_body, 0, $img_start + $img_st_close) . $image . '[/img]';
$orig_body = substr($orig_body, $img_start + $img_st_close + $img_len + strlen('[/img]')); $orig_body = substr($orig_body, $img_start + $img_st_close + $img_len + strlen('[/img]'));
@ -4001,7 +4018,7 @@ function has_permissions($obj) {
} }
function compare_permissions($obj1,$obj2) { function compare_permissions($obj1,$obj2) {
// first part is easy. Check that these are exactly the same. // first part is easy. Check that these are exactly the same.
if(($obj1['allow_cid'] == $obj2['allow_cid']) if(($obj1['allow_cid'] == $obj2['allow_cid'])
&& ($obj1['allow_gid'] == $obj2['allow_gid']) && ($obj1['allow_gid'] == $obj2['allow_gid'])
&& ($obj1['deny_cid'] == $obj2['deny_cid']) && ($obj1['deny_cid'] == $obj2['deny_cid'])
@ -4043,14 +4060,14 @@ function item_getfeedtags($item) {
$ret[] = array('#',$matches[1][$x], $matches[2][$x]); $ret[] = array('#',$matches[1][$x], $matches[2][$x]);
} }
} }
$matches = false; $matches = false;
$cnt = preg_match_all('|\@\[url\=(.*?)\](.*?)\[\/url\]|',$item['tag'],$matches); $cnt = preg_match_all('|\@\[url\=(.*?)\](.*?)\[\/url\]|',$item['tag'],$matches);
if($cnt) { if($cnt) {
for($x = 0; $x < $cnt; $x ++) { for($x = 0; $x < $cnt; $x ++) {
if($matches[1][$x]) if($matches[1][$x])
$ret[] = array('@',$matches[1][$x], $matches[2][$x]); $ret[] = array('@',$matches[1][$x], $matches[2][$x]);
} }
} }
return $ret; return $ret;
} }
@ -4087,10 +4104,10 @@ function item_expire($uid,$days) {
$expire_network_only = get_pconfig($uid,'expire','network_only'); $expire_network_only = get_pconfig($uid,'expire','network_only');
$sql_extra = ((intval($expire_network_only)) ? " AND wall = 0 " : ""); $sql_extra = ((intval($expire_network_only)) ? " AND wall = 0 " : "");
$r = q("SELECT * FROM `item` $r = q("SELECT * FROM `item`
WHERE `uid` = %d WHERE `uid` = %d
AND `created` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `created` < UTC_TIMESTAMP() - INTERVAL %d DAY
AND `id` = `parent` AND `id` = `parent`
$sql_extra $sql_extra
AND `deleted` = 0", AND `deleted` = 0",
intval($uid), intval($uid),
@ -4136,7 +4153,7 @@ function item_expire($uid,$days) {
} }
proc_run('php',"include/notifier.php","expire","$uid"); proc_run('php',"include/notifier.php","expire","$uid");
} }
@ -4257,10 +4274,10 @@ function drop_item($id,$interactive = true) {
} }
} }
// If item is a link to a photo resource, nuke all the associated photos // If item is a link to a photo resource, nuke all the associated photos
// (visitors will not have photo resources) // (visitors will not have photo resources)
// This only applies to photos uploaded from the photos page. Photos inserted into a post do not // This only applies to photos uploaded from the photos page. Photos inserted into a post do not
// generate a resource-id and therefore aren't intimately linked to the item. // generate a resource-id and therefore aren't intimately linked to the item.
if(strlen($item['resource-id'])) { if(strlen($item['resource-id'])) {
q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ", q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ",
@ -4400,7 +4417,7 @@ function posted_dates($uid,$wall) {
if(! $dthen) if(! $dthen)
return array(); return array();
// If it's near the end of a long month, backup to the 28th so that in // If it's near the end of a long month, backup to the 28th so that in
// consecutive loops we'll always get a whole month difference. // consecutive loops we'll always get a whole month difference.
if(intval(substr($dnow,8)) > 28) if(intval(substr($dnow,8)) > 28)