use Friendica\Core\Hook;
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
-use Friendica\Core\Renderer;
use Friendica\Core\Session;
use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Model\Conversation;
use Friendica\Model\FileTag;
use Friendica\Model\Item;
+use Friendica\Model\Notify;
use Friendica\Model\Notify\Type;
use Friendica\Model\Photo;
+use Friendica\Model\Post;
use Friendica\Model\Tag;
+use Friendica\Model\User;
use Friendica\Network\HTTPException;
use Friendica\Object\EMail\ItemCCEMail;
use Friendica\Protocol\Activity;
use Friendica\Protocol\Diaspora;
use Friendica\Util\DateTimeFormat;
use Friendica\Security\Security;
-use Friendica\Util\Strings;
use Friendica\Worker\Delivery;
function item_post(App $a) {
$api_source = $_REQUEST['api_source'] ?? false;
- $message_id = ((!empty($_REQUEST['message_id']) && $api_source) ? strip_tags($_REQUEST['message_id']) : '');
-
$return_path = $_REQUEST['return'] ?? '';
$preview = intval($_REQUEST['preview'] ?? 0);
}
// Is this a reply to something?
- $toplevel_item_id = intval($_REQUEST['parent'] ?? 0);
+ $parent_item_id = intval($_REQUEST['parent'] ?? 0);
$thr_parent_uri = trim($_REQUEST['parent_uri'] ?? '');
+ $parent_item = null;
$toplevel_item = null;
- $parent_user = null;
+ $toplevel_item_id = 0;
+ $toplevel_user_id = null;
$objecttype = null;
$profile_uid = ($_REQUEST['profile_uid'] ?? 0) ?: local_user();
$posttype = ($_REQUEST['post_type'] ?? '') ?: Item::PT_ARTICLE;
- if ($toplevel_item_id || $thr_parent_uri) {
- if ($toplevel_item_id) {
- $toplevel_item = Item::selectFirst([], ['id' => $toplevel_item_id]);
+ if ($parent_item_id || $thr_parent_uri) {
+ if ($parent_item_id) {
+ $parent_item = Item::selectFirst([], ['id' => $parent_item_id]);
} elseif ($thr_parent_uri) {
- $toplevel_item = Item::selectFirst([], ['uri' => $thr_parent_uri, 'uid' => $profile_uid]);
+ $parent_item = Item::selectFirst([], ['uri' => $thr_parent_uri, 'uid' => $profile_uid]);
}
// if this isn't the top-level parent of the conversation, find it
- if (DBA::isResult($toplevel_item)) {
+ if (DBA::isResult($parent_item)) {
// The URI and the contact is taken from the direct parent which needn't to be the top parent
- $thr_parent_uri = $toplevel_item['uri'];
+ $thr_parent_uri = $parent_item['uri'];
+ $toplevel_item = $parent_item;
- if ($toplevel_item['gravity'] != GRAVITY_PARENT) {
+ if ($parent_item['gravity'] != GRAVITY_PARENT) {
$toplevel_item = Item::selectFirst([], ['id' => $toplevel_item['parent']]);
}
}
}
$toplevel_item_id = $toplevel_item['id'];
- $parent_user = $toplevel_item['uid'];
+ $toplevel_user_id = $toplevel_item['uid'];
$objecttype = Activity\ObjectType::COMMENT;
}
}
// Ensure that the user id in a thread always stay the same
- if (!is_null($parent_user) && in_array($parent_user, [local_user(), 0])) {
- $profile_uid = $parent_user;
- }
-
- // Check for multiple posts with the same message id (when the post was created via API)
- if (($message_id != '') && ($profile_uid != 0)) {
- if (Item::exists(['uri' => $message_id, 'uid' => $profile_uid])) {
- Logger::info('Message already exists for user', ['uri' => $message_id, 'uid' => $profile_uid]);
- return 0;
- }
+ if (!is_null($toplevel_user_id) && in_array($toplevel_user_id, [local_user(), 0])) {
+ $profile_uid = $toplevel_user_id;
}
// Allow commenting if it is an answer to a public post
$orig_post = Item::selectFirst(Item::ITEM_FIELDLIST, ['id' => $post_id]);
}
- $user = DBA::selectFirst('user', [], ['uid' => $profile_uid]);
-
+ $user = User::getById($profile_uid, ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid']);
if (!DBA::isResult($user) && !$toplevel_item_id) {
return 0;
}
$guid = $orig_post['guid'];
$extid = $orig_post['extid'];
} else {
- $str_contact_allow = '';
- $str_group_allow = '';
- $str_contact_deny = '';
- $str_group_deny = '';
-
- if (($_REQUEST['visibility'] ?? '') !== 'public') {
- $aclFormatter = DI::aclFormatter();
- $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
- $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? '';
- $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? '';
- $str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
+ $aclFormatter = DI::aclFormatter();
+ $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
+ $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? '';
+ $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? '';
+ $str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
+
+ $visibility = $_REQUEST['visibility'] ?? '';
+ if ($visibility === 'public') {
+ // The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
+ $str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
+ } else if ($visibility === 'custom') {
+ // Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
+ // case that would make it public. So we always append the author's contact id to the allowed contacts.
+ // See https://github.com/friendica/friendica/issues/9672
+ $str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid));
}
$title = trim($_REQUEST['title'] ?? '');
if (strlen($attachments)) {
$attachments .= ',';
}
- $attachments .= '[attach]href="' . DI::baseUrl() . '/attach/' . $attachment['id'] .
- '" length="' . $attachment['filesize'] . '" type="' . $attachment['filetype'] .
- '" title="' . ($attachment['filename'] ? $attachment['filename'] : '') . '"[/attach]';
+ $attachments .= Post\Media::getAttachElement(DI::baseUrl() . '/attach/' . $attachment['id'],
+ $attachment['filesize'], $attachment['filetype'], $attachment['filename'] ?? '');
}
$body = str_replace($match[1],'',$body);
}
$origin = $_REQUEST['origin'];
}
- $uri = ($message_id ? $message_id : Item::newURI($api_source ? $profile_uid : $uid, $guid));
+ $uri = Item::newURI($api_source ? $profile_uid : $uid, $guid);
// Fallback so that we alway have a parent uri
if (!$thr_parent_uri || !$toplevel_item_id) {
$datarray['pubmail'] = $pubmail_enabled;
$datarray['attach'] = $attachments;
- // This is not a bug. The item store function changes 'parent-uri' to 'thr-parent' and fetches 'parent-uri' new. (We should change this)
- $datarray['parent-uri'] = $thr_parent_uri;
+ $datarray['thr-parent'] = $thr_parent_uri;
$datarray['postopts'] = $postopts;
$datarray['origin'] = $origin;
$datarray['api_source'] = $api_source;
// This field is for storing the raw conversation data
- $datarray['protocol'] = Conversation::PARCEL_DFRN;
+ $datarray['protocol'] = Conversation::PARCEL_DIRECT;
+ $datarray['direction'] = Conversation::PUSH;
- $conversation = DBA::selectFirst('conversation', ['conversation-uri', 'conversation-href'], ['item-uri' => $datarray['parent-uri']]);
+ $conversation = DBA::selectFirst('conversation', ['conversation-uri', 'conversation-href'], ['item-uri' => $datarray['thr-parent']]);
if (DBA::isResult($conversation)) {
if ($conversation['conversation-uri'] != '') {
$datarray['conversation-uri'] = $conversation['conversation-uri'];
if ($contact_record != $author) {
if ($toplevel_item_id) {
notification([
- 'type' => Type::COMMENT,
- 'notify_flags' => $user['notify-flags'],
- 'language' => $user['language'],
- 'to_name' => $user['username'],
- 'to_email' => $user['email'],
- 'uid' => $user['uid'],
- 'item' => $datarray,
- 'link' => DI::baseUrl().'/display/'.urlencode($datarray['guid']),
- 'source_name' => $datarray['author-name'],
- 'source_link' => $datarray['author-link'],
- 'source_photo' => $datarray['author-avatar'],
- 'verb' => Activity::POST,
- 'otype' => 'item',
- 'parent' => $toplevel_item_id,
- 'parent_uri' => $toplevel_item['uri']
+ 'type' => Type::COMMENT,
+ 'otype' => Notify\ObjectType::ITEM,
+ 'verb' => Activity::POST,
+ 'uid' => $profile_uid,
+ 'cid' => $datarray['author-id'],
+ 'item' => $datarray,
+ 'link' => DI::baseUrl() . '/display/' . urlencode($datarray['guid']),
]);
} elseif (empty($forum_contact)) {
notification([
- 'type' => Type::WALL,
- 'notify_flags' => $user['notify-flags'],
- 'language' => $user['language'],
- 'to_name' => $user['username'],
- 'to_email' => $user['email'],
- 'uid' => $user['uid'],
- 'item' => $datarray,
- 'link' => DI::baseUrl().'/display/'.urlencode($datarray['guid']),
- 'source_name' => $datarray['author-name'],
- 'source_link' => $datarray['author-link'],
- 'source_photo' => $datarray['author-avatar'],
- 'verb' => Activity::POST,
- 'otype' => 'item'
+ 'type' => Type::WALL,
+ 'otype' => Notify\ObjectType::ITEM,
+ 'verb' => Activity::POST,
+ 'uid' => $profile_uid,
+ 'cid' => $datarray['author-id'],
+ 'item' => $datarray,
+ 'link' => DI::baseUrl() . '/display/' . urlencode($datarray['guid']),
]);
}
}
}
}
- // Insert an item entry for UID=0 for global entries.
- // We now do it in the background to save some time.
- // This is important in interactive environments like the frontend or the API.
- // We don't fork a new process since this is done anyway with the following command
- Worker::add(['priority' => PRIORITY_HIGH, 'dont_fork' => true], "CreateShadowEntry", $post_id);
-
// When we are doing some forum posting via ! we have to start the notifier manually.
// These kind of posts don't initiate the notifier call in the item class.
if ($only_to_forum) {