- $str_group_allow = perms2str($_POST['group_allow']);
- $str_contact_allow = perms2str($_POST['contact_allow']);
- $str_group_deny = perms2str($_POST['group_deny']);
- $str_contact_deny = perms2str($_POST['contact_deny']);
- $title = notags(trim($_POST['title']));
- $location = notags(trim($_POST['location']));
- $coord = notags(trim($_POST['coord']));
- $verb = notags(trim($_POST['verb']));
- $emailcc = notags(trim($_POST['emailcc']));
-
- $body = escape_tags(trim($_POST['body']));
+
+ // if coming from the API and no privacy settings are set,
+ // use the user default permissions - as they won't have
+ // been supplied via a form.
+
+ if(($api_source)
+ && (! array_key_exists('contact_allow',$_REQUEST))
+ && (! array_key_exists('group_allow',$_REQUEST))
+ && (! array_key_exists('contact_deny',$_REQUEST))
+ && (! array_key_exists('group_deny',$_REQUEST))) {
+ $str_group_allow = $user['allow_gid'];
+ $str_contact_allow = $user['allow_cid'];
+ $str_group_deny = $user['deny_gid'];
+ $str_contact_deny = $user['deny_cid'];
+ }
+ else {
+
+ // use the posted permissions
+
+ $str_group_allow = perms2str($_REQUEST['group_allow']);
+ $str_contact_allow = perms2str($_REQUEST['contact_allow']);
+ $str_group_deny = perms2str($_REQUEST['group_deny']);
+ $str_contact_deny = perms2str($_REQUEST['contact_deny']);
+ }
+
+ $title = notags(trim($_REQUEST['title']));
+ $location = notags(trim($_REQUEST['location']));
+ $coord = notags(trim($_REQUEST['coord']));
+ $verb = notags(trim($_REQUEST['verb']));
+ $emailcc = notags(trim($_REQUEST['emailcc']));
+
+ $body = escape_tags(trim($_REQUEST['body']));