<?php
/**
- * @copyright Copyright (C) 2010-2022, the Friendica project
+ * @copyright Copyright (C) 2010-2023, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
*
* This is the POST destination for most all locally posted
* text stuff. This function handles status, wall-to-wall status,
- * local comments, and remote coments that are posted on this site
+ * local comments, and remote comments that are posted on this site
* (as opposed to being delivered in a feed).
* Also processed here are posts and comments coming through the
* statusnet/twitter API.
*/
use Friendica\App;
-use Friendica\Content\PageInfo;
+use Friendica\Content\Conversation;
use Friendica\Content\Text\BBCode;
use Friendica\Core\Hook;
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
-use Friendica\Core\Session;
use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\DI;
-use Friendica\Model\Attach;
use Friendica\Model\Contact;
-use Friendica\Model\Conversation;
-use Friendica\Model\FileTag;
use Friendica\Model\Item;
use Friendica\Model\ItemURI;
-use Friendica\Model\Notification;
-use Friendica\Model\Photo;
use Friendica\Model\Post;
-use Friendica\Model\Tag;
-use Friendica\Model\User;
use Friendica\Network\HTTPException;
-use Friendica\Object\EMail\ItemCCEMail;
-use Friendica\Protocol\Activity;
-use Friendica\Security\Security;
use Friendica\Util\DateTimeFormat;
-use Friendica\Util\ParseUrl;
function item_post(App $a) {
- if (!Session::isAuthenticated()) {
+ $uid = DI::userSession()->getLocalUserId();
+
+ if (!$uid) {
throw new HTTPException\ForbiddenException();
}
- $uid = local_user();
-
if (!empty($_REQUEST['dropitems'])) {
- $arr_drop = explode(',', $_REQUEST['dropitems']);
- foreach ($arr_drop as $item) {
- Item::deleteForUser(['id' => $item], $uid);
- }
-
- $json = ['success' => 1];
- System::jsonExit($json);
+ item_drop($uid, $_REQUEST['dropitems']);
}
Hook::callAll('post_local_start', $_REQUEST);
- Logger::debug('postvars', ['_REQUEST' => $_REQUEST]);
-
- $api_source = $_REQUEST['api_source'] ?? false;
-
$return_path = $_REQUEST['return'] ?? '';
- $preview = intval($_REQUEST['preview'] ?? 0);
+ $preview = intval($_REQUEST['preview'] ?? 0);
/*
* Check for doubly-submitted posts, and reject duplicates
* after it's been previewed
*/
if (!$preview && !empty($_REQUEST['post_id_random'])) {
- if (!empty($_SESSION['post-random']) && $_SESSION['post-random'] == $_REQUEST['post_id_random']) {
+ if (DI::session()->get('post-random') == $_REQUEST['post_id_random']) {
Logger::warning('duplicate post');
- item_post_return(DI::baseUrl(), $api_source, $return_path);
+ item_post_return(DI::baseUrl(), $return_path);
} else {
- $_SESSION['post-random'] = $_REQUEST['post_id_random'];
- }
- }
-
- // Is this a reply to something?
- $parent_item_id = intval($_REQUEST['parent'] ?? 0);
- $thr_parent_uri = trim($_REQUEST['parent_uri'] ?? '');
-
- $parent_item = null;
- $toplevel_item = null;
- $toplevel_item_id = 0;
- $toplevel_user_id = null;
-
- $objecttype = null;
- $profile_uid = ($_REQUEST['profile_uid'] ?? 0) ?: local_user();
- $posttype = ($_REQUEST['post_type'] ?? '') ?: Item::PT_ARTICLE;
-
- if ($parent_item_id || $thr_parent_uri) {
- if ($parent_item_id) {
- $parent_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $parent_item_id]);
- } elseif ($thr_parent_uri) {
- $parent_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['uri' => $thr_parent_uri, 'uid' => $profile_uid]);
- }
-
- // if this isn't the top-level parent of the conversation, find it
- if (DBA::isResult($parent_item)) {
- // The URI and the contact is taken from the direct parent which needn't to be the top parent
- $thr_parent_uri = $parent_item['uri'];
- $toplevel_item = $parent_item;
-
- if ($parent_item['gravity'] != Item::GRAVITY_PARENT) {
- $toplevel_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $toplevel_item['parent']]);
- }
- }
-
- if (!DBA::isResult($toplevel_item)) {
- DI::sysmsg()->addNotice(DI::l10n()->t('Unable to locate original post.'));
- if ($return_path) {
- DI::baseUrl()->redirect($return_path);
- }
- throw new HTTPException\NotFoundException(DI::l10n()->t('Unable to locate original post.'));
- }
-
- // When commenting on a public post then store the post for the current user
- // This enables interaction like starring and saving into folders
- if ($toplevel_item['uid'] == 0) {
- $stored = Item::storeForUserByUriId($toplevel_item['uri-id'], local_user(), ['post-reason' => Item::PR_ACTIVITY]);
- Logger::info('Public item stored for user', ['uri-id' => $toplevel_item['uri-id'], 'uid' => $uid, 'stored' => $stored]);
- if ($stored) {
- $toplevel_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $stored]);
- }
+ DI::session()->set('post-random', $_REQUEST['post_id_random']);
}
-
- $toplevel_item_id = $toplevel_item['id'];
- $toplevel_user_id = $toplevel_item['uid'];
-
- $objecttype = Activity\ObjectType::COMMENT;
}
- if ($toplevel_item_id) {
- Logger::info('mod_item: item_post', ['parent' => $toplevel_item_id]);
- }
-
- $post_id = intval($_REQUEST['post_id'] ?? 0);
- $app = strip_tags($_REQUEST['source'] ?? '');
- $extid = strip_tags($_REQUEST['extid'] ?? '');
- $object = $_REQUEST['object'] ?? '';
-
- // Don't use "defaults" here. It would turn 0 to 1
- if (!isset($_REQUEST['wall'])) {
- $wall = 1;
+ if (empty($_REQUEST['post_id'])) {
+ item_insert($uid, $_REQUEST, $preview, $return_path);
} else {
- $wall = $_REQUEST['wall'];
+ item_edit($uid, $_REQUEST, $preview, $return_path);
}
+}
- // Ensure that the user id in a thread always stay the same
- if (!is_null($toplevel_user_id) && in_array($toplevel_user_id, [local_user(), 0])) {
- $profile_uid = $toplevel_user_id;
+function item_drop(int $uid, string $dropitems)
+{
+ $arr_drop = explode(',', $dropitems);
+ foreach ($arr_drop as $item) {
+ Item::deleteForUser(['id' => $item], $uid);
}
- // Allow commenting if it is an answer to a public post
- $allow_comment = local_user() && $toplevel_item_id && in_array($toplevel_item['private'], [Item::PUBLIC, Item::UNLISTED]) && in_array($toplevel_item['network'], Protocol::FEDERATED);
+ System::jsonExit(['success' => 1]);
+}
- // Now check that valid personal details have been provided
- if (!Security::canWriteToUserWall($profile_uid) && !$allow_comment) {
- Logger::warning('Permission denied.', ['local' => local_user(), 'profile_uid' => $profile_uid, 'toplevel_item_id' => $toplevel_item_id, 'network' => $toplevel_item['network']]);
- DI::sysmsg()->addNotice(DI::l10n()->t('Permission denied.'));
+function item_edit(int $uid, array $request, bool $preview, string $return_path)
+{
+ $post = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $request['post_id'], 'uid' => $uid]);
+ if (!DBA::isResult($post)) {
if ($return_path) {
+ DI::sysmsg()->addNotice(DI::l10n()->t('Unable to locate original post.'));
DI::baseUrl()->redirect($return_path);
}
-
- throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.'));
+ throw new HTTPException\NotFoundException(DI::l10n()->t('Unable to locate original post.'));
}
- // Init post instance
- $orig_post = null;
+ $post['edit'] = $post;
+ $post['file'] = Post\Category::getTextByURIId($post['uri-id'], $post['uid']);
- // is this an edited post?
- if ($post_id > 0) {
- $orig_post = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $post_id]);
- }
+ Post\Media::deleteByURIId($post['uri-id'], [Post\Media::AUDIO, Post\Media::VIDEO, Post\Media::IMAGE, Post\Media::HTML]);
+ $post = item_process($post, $request, $preview, $return_path);
- $user = User::getById($profile_uid, ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid']);
- if (!DBA::isResult($user) && !$toplevel_item_id) {
- return 0;
- }
+ $fields = [
+ 'title' => $post['title'],
+ 'body' => $post['body'],
+ 'attach' => $post['attach'],
+ 'file' => $post['file'],
+ 'location' => $post['location'],
+ 'coord' => $post['coord'],
+ 'edited' => DateTimeFormat::utcNow(),
+ 'changed' => DateTimeFormat::utcNow()
+ ];
- $categories = '';
- $postopts = '';
- $emailcc = '';
- $body = $_REQUEST['body'] ?? '';
- $has_attachment = $_REQUEST['has_attachment'] ?? 0;
-
- // If we have a speparate attachment, we need to add it to the body.
- if (!empty($has_attachment)) {
- $attachment_type = $_REQUEST['attachment_type'] ?? '';
- $attachment_title = $_REQUEST['attachment_title'] ?? '';
- $attachment_text = $_REQUEST['attachment_text'] ?? '';
-
- $attachment_url = hex2bin($_REQUEST['attachment_url'] ?? '');
- $attachment_img_src = hex2bin($_REQUEST['attachment_img_src'] ?? '');
-
- $attachment_img_width = $_REQUEST['attachment_img_width'] ?? 0;
- $attachment_img_height = $_REQUEST['attachment_img_height'] ?? 0;
-
- // Fetch the basic attachment data
- $attachment = ParseUrl::getSiteinfoCached($attachment_url);
- unset($attachment['keywords']);
-
- // Overwrite the basic data with possible changes from the frontend
- $attachment['type'] = $attachment_type;
- $attachment['title'] = $attachment_title;
- $attachment['text'] = $attachment_text;
- $attachment['url'] = $attachment_url;
-
- if (!empty($attachment_img_src)) {
- $attachment['images'] = [
- 0 => [
- 'src' => $attachment_img_src,
- 'width' => $attachment_img_width,
- 'height' => $attachment_img_height
- ]
- ];
- } else {
- unset($attachment['images']);
- }
+ $fields['body'] = Item::setHashtags($fields['body']);
- $att_bbcode = "\n" . PageInfo::getFooterFromData($attachment);
- $body .= $att_bbcode;
+ $quote_uri_id = Item::getQuoteUriId($fields['body'], $post['uid']);
+ if (!empty($quote_uri_id)) {
+ $fields['quote-uri-id'] = $quote_uri_id;
+ $fields['body'] = BBCode::removeSharedData($post['body']);
}
- // Convert links with empty descriptions to links without an explicit description
- $body = preg_replace('#\[url=([^\]]*?)\]\[/url\]#ism', '[url]$1[/url]', $body);
-
- if (!empty($orig_post)) {
- $str_group_allow = $orig_post['allow_gid'];
- $str_contact_allow = $orig_post['allow_cid'];
- $str_group_deny = $orig_post['deny_gid'];
- $str_contact_deny = $orig_post['deny_cid'];
- $location = $orig_post['location'];
- $coord = $orig_post['coord'];
- $verb = $orig_post['verb'];
- $objecttype = $orig_post['object-type'];
- $app = $orig_post['app'];
- $categories = Post\Category::getTextByURIId($orig_post['uri-id'], $orig_post['uid']);
- $title = trim($_REQUEST['title'] ?? '');
- $body = trim($body);
- $private = $orig_post['private'];
- $pubmail_enabled = $orig_post['pubmail'];
- $network = $orig_post['network'];
- $guid = $orig_post['guid'];
- $extid = $orig_post['extid'];
- } else {
- $aclFormatter = DI::aclFormatter();
- $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
- $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? '';
- $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? '';
- $str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
-
- $visibility = $_REQUEST['visibility'] ?? '';
- if ($visibility === 'public') {
- // The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
- $str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
- } else if ($visibility === 'custom') {
- // Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
- // case that would make it public. So we always append the author's contact id to the allowed contacts.
- // See https://github.com/friendica/friendica/issues/9672
- $str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid));
- }
-
- $title = trim($_REQUEST['title'] ?? '');
- $location = trim($_REQUEST['location'] ?? '');
- $coord = trim($_REQUEST['coord'] ?? '');
- $verb = trim($_REQUEST['verb'] ?? '');
- $emailcc = trim($_REQUEST['emailcc'] ?? '');
- $body = trim($body);
- $network = trim(($_REQUEST['network'] ?? '') ?: Protocol::DFRN);
- $guid = System::createUUID();
-
- $postopts = $_REQUEST['postopts'] ?? '';
-
- if (strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) {
- $private = Item::PRIVATE;
- } elseif (DI::pConfig()->get($profile_uid, 'system', 'unlisted')) {
- $private = Item::UNLISTED;
- } else {
- $private = Item::PUBLIC;
- }
-
- // If this is a comment, set the permissions from the parent.
+ Item::update($fields, ['id' => $post['id']]);
+ Item::updateDisplayCache($post['uri-id']);
- if ($toplevel_item) {
- // for non native networks use the network of the original post as network of the item
- if (($toplevel_item['network'] != Protocol::DIASPORA)
- && ($toplevel_item['network'] != Protocol::OSTATUS)
- && ($network == '')) {
- $network = $toplevel_item['network'];
- }
-
- $str_contact_allow = $toplevel_item['allow_cid'] ?? '';
- $str_group_allow = $toplevel_item['allow_gid'] ?? '';
- $str_contact_deny = $toplevel_item['deny_cid'] ?? '';
- $str_group_deny = $toplevel_item['deny_gid'] ?? '';
- $private = $toplevel_item['private'];
-
- $wall = $toplevel_item['wall'];
- }
+ if ($return_path) {
+ DI::baseUrl()->redirect($return_path);
+ }
- $pubmail_enabled = ($_REQUEST['pubmail_enable'] ?? false) && !$private;
+ throw new HTTPException\OKException(DI::l10n()->t('Post updated.'));
+}
- // if using the API, we won't see pubmail_enable - figure out if it should be set
- if ($api_source && $profile_uid && $profile_uid == local_user() && !$private) {
- if (function_exists('imap_open') && !DI::config()->get('system', 'imap_disabled')) {
- $pubmail_enabled = DBA::exists('mailacct', ["`uid` = ? AND `server` != ? AND `pubmail`", local_user(), '']);
+function item_insert(int $uid, array $request, bool $preview, string $return_path)
+{
+ $post = ['uid' => $uid];
+ $post = DI::contentItem()->initializePost($post);
+
+ $post['edit'] = null;
+ $post['post-type'] = $request['post_type'] ?? '';
+ $post['wall'] = $request['wall'] ?? true;
+ $post['pubmail'] = $request['pubmail_enable'] ?? false;
+ $post['created'] = $request['created_at'] ?? DateTimeFormat::utcNow();
+ $post['edited'] = $post['changed'] = $post['commented'] = $post['created'];
+ $post['app'] = '';
+ $post['inform'] = '';
+ $post['postopts'] = '';
+ $post['file'] = '';
+
+ if (!empty($request['parent'])) {
+ $parent_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $request['parent']]);
+ if ($parent_item) {
+ // if this isn't the top-level parent of the conversation, find it
+ if ($parent_item['gravity'] != Item::GRAVITY_PARENT) {
+ $toplevel_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $parent_item['parent']]);
+ } else {
+ $toplevel_item = $parent_item;
}
}
- if (!strlen($body)) {
- if ($preview) {
- System::jsonExit(['preview' => '']);
- }
-
- DI::sysmsg()->addNotice(DI::l10n()->t('Empty post discarded.'));
+ if (empty($toplevel_item)) {
if ($return_path) {
+ DI::sysmsg()->addNotice(DI::l10n()->t('Unable to locate original post.'));
DI::baseUrl()->redirect($return_path);
}
-
- throw new HTTPException\BadRequestException(DI::l10n()->t('Empty post discarded.'));
+ throw new HTTPException\NotFoundException(DI::l10n()->t('Unable to locate original post.'));
}
- }
- if (!empty($categories)) {
- // get the "fileas" tags for this post
- $filedas = FileTag::fileToArray($categories);
- }
-
- $list_array = explode(',', trim($_REQUEST['category'] ?? ''));
- $categories = FileTag::arrayToFile($list_array, 'category');
-
- if (!empty($filedas) && is_array($filedas)) {
- // append the fileas stuff to the new categories list
- $categories .= FileTag::arrayToFile($filedas);
- }
-
- // get contact info for poster
-
- $author = null;
- $self = false;
- $contact_id = 0;
-
- if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) {
- $self = true;
- $author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]);
- } elseif (!empty(Session::getRemoteContactID($profile_uid))) {
- $author = DBA::selectFirst('contact', [], ['id' => Session::getRemoteContactID($profile_uid)]);
- }
-
- if (DBA::isResult($author)) {
- $contact_id = $author['id'];
- }
-
- // get contact info for owner
- if ($profile_uid == local_user() || $allow_comment) {
- $contact_record = $author ?: [];
- } else {
- $contact_record = DBA::selectFirst('contact', [], ['uid' => $profile_uid, 'self' => true]) ?: [];
- }
+ // When commenting on a public post then store the post for the current user
+ // This enables interaction like starring and saving into folders
+ if ($toplevel_item['uid'] == 0) {
+ $stored = Item::storeForUserByUriId($toplevel_item['uri-id'], $post['uid'], ['post-reason' => Item::PR_ACTIVITY]);
+ Logger::info('Public item stored for user', ['uri-id' => $toplevel_item['uri-id'], 'uid' => $post['uid'], 'stored' => $stored]);
+ }
- // Personal notes must never be altered to a forum post.
- if ($posttype != Item::PT_PERSONAL_NOTE) {
- // Look for any tags and linkify them
- $item = [
- 'uid' => local_user() ? local_user() : $profile_uid,
- 'gravity' => $toplevel_item_id ? Item::GRAVITY_COMMENT : Item::GRAVITY_PARENT,
- 'network' => $network,
- 'body' => $body,
- 'postopts' => $postopts,
- 'private' => $private,
- 'allow_cid' => $str_contact_allow,
- 'allow_gid' => $str_group_allow,
- 'deny_cid' => $str_contact_deny,
- 'deny_gid' => $str_group_deny,
- ];
-
- $item = DI::contentItem()->expandTags($item);
-
- $body = $item['body'];
- $inform = $item['inform'];
- $postopts = $item['postopts'];
- $private = $item['private'];
- $str_contact_allow = $item['allow_cid'];
- $str_group_allow = $item['allow_gid'];
- $str_contact_deny = $item['deny_cid'];
- $str_group_deny = $item['deny_gid'];
+ $post['parent'] = $toplevel_item['id'];
+ $post['gravity'] = Item::GRAVITY_COMMENT;
+ $post['thr-parent'] = $parent_item['uri'];
+ $post['wall'] = $toplevel_item['wall'];
} else {
- $inform = '';
+ $parent_item = [];
+ $post['parent'] = 0;
+ $post['gravity'] = Item::GRAVITY_PARENT;
+ $post['thr-parent'] = $post['uri'];
}
- /*
- * When a photo was uploaded into the message using the (profile wall) ajax
- * uploader, The permissions are initially set to disallow anybody but the
- * owner from seeing it. This is because the permissions may not yet have been
- * set for the post. If it's private, the photo permissions should be set
- * appropriately. But we didn't know the final permissions on the post until
- * now. So now we'll look for links of uploaded messages that are in the
- * post and set them to the same permissions as the post itself.
- */
-
- $match = null;
+ $post = DI::contentItem()->getACL($post, $parent_item, $request);
- if (!$preview && Photo::setPermissionFromBody($body, $uid, $contact_id, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny)) {
- $objecttype = Activity\ObjectType::IMAGE;
- }
+ $post['pubmail'] = $post['pubmail'] && !$post['private'];
- /*
- * Next link in any attachment references we find in the post.
- */
- $match = [];
-
- /// @todo these lines should be moved to Model/Attach (Once it exists)
- if (!$preview && preg_match_all("/\[attachment\](.*?)\[\/attachment\]/", $body, $match)) {
- $attaches = $match[1];
- if (count($attaches)) {
- foreach ($attaches as $attach) {
- // Ensure to only modify attachments that you own
- $srch = '<' . intval($contact_id) . '>';
-
- $condition = [
- 'allow_cid' => $srch,
- 'allow_gid' => '',
- 'deny_cid' => '',
- 'deny_gid' => '',
- 'id' => $attach,
- ];
- if (!Attach::exists($condition)) {
- continue;
- }
+ $post = item_process($post, $request, $preview, $return_path);
- $fields = ['allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow,
- 'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny];
- $condition = ['id' => $attach];
- Attach::update($fields, $condition);
- }
+ $post_id = Item::insert($post);
+ if (!$post_id) {
+ if ($return_path) {
+ DI::sysmsg()->addNotice(DI::l10n()->t('Item wasn\'t stored.'));
+ DI::baseUrl()->redirect($return_path);
}
- }
- // embedded bookmark or attachment in post? set bookmark flag
-
- $data = BBCode::getAttachmentData($body);
- $match = [];
- if ((preg_match_all("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism", $body, $match, PREG_SET_ORDER) || isset($data['type']))
- && ($posttype != Item::PT_PERSONAL_NOTE)) {
- $posttype = Item::PT_PAGE;
- $objecttype = Activity\ObjectType::BOOKMARK;
+ throw new HTTPException\InternalServerErrorException(DI::l10n()->t('Item wasn\'t stored.'));
}
- $body = DI::bbCodeVideo()->transform($body);
-
- $body = BBCode::scaleExternalImages($body);
-
- // Setting the object type if not defined before
- if (!$objecttype) {
- $objecttype = Activity\ObjectType::NOTE; // Default value
- $objectdata = BBCode::getAttachedData($body);
-
- if ($objectdata['type'] == 'link') {
- $objecttype = Activity\ObjectType::BOOKMARK;
- } elseif ($objectdata['type'] == 'video') {
- $objecttype = Activity\ObjectType::VIDEO;
- } elseif ($objectdata['type'] == 'photo') {
- $objecttype = Activity\ObjectType::IMAGE;
+ $post = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $post_id]);
+ if (!$post) {
+ Logger::error('Item couldn\'t be fetched.', ['post_id' => $post_id]);
+ if ($return_path) {
+ DI::baseUrl()->redirect($return_path);
}
+ throw new HTTPException\InternalServerErrorException(DI::l10n()->t('Item couldn\'t be fetched.'));
}
- $attachments = '';
- $match = [];
-
- if (preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/',$body,$match)) {
- foreach ($match[2] as $mtch) {
- $fields = ['id', 'filename', 'filesize', 'filetype'];
- $attachment = Attach::selectFirst($fields, ['id' => $mtch]);
- if ($attachment !== false) {
- if (strlen($attachments)) {
- $attachments .= ',';
- }
- $attachments .= Post\Media::getAttachElement(DI::baseUrl() . '/attach/' . $attachment['id'],
- $attachment['filesize'], $attachment['filetype'], $attachment['filename'] ?? '');
- }
- $body = str_replace($match[1],'',$body);
- }
- }
-
- if (!strlen($verb)) {
- $verb = Activity::POST;
- }
+ $recipients = explode(',', $request['emailcc'] ?? '');
- if ($network == '') {
- $network = Protocol::DFRN;
- }
+ DI::contentItem()->postProcessPost($post, $recipients);
- $gravity = ($toplevel_item_id ? Item::GRAVITY_COMMENT : Item::GRAVITY_PARENT);
+ Logger::debug('post_complete');
- // even if the post arrived via API we are considering that it
- // originated on this site by default for determining relayability.
+ item_post_return(DI::baseUrl(), $return_path);
+ // NOTREACHED
+}
- // Don't use "defaults" here. It would turn 0 to 1
- if (!isset($_REQUEST['origin'])) {
- $origin = 1;
- } else {
- $origin = $_REQUEST['origin'];
- }
+function item_process(array $post, array $request, bool $preview, string $return_path): array
+{
+ $post['self'] = true;
+ $post['api_source'] = false;
+ $post['attach'] = '';
+ $post['title'] = trim($request['title'] ?? '');
+ $post['body'] = $request['body'] ?? '';
+ $post['location'] = trim($request['location'] ?? '');
+ $post['coord'] = trim($request['coord'] ?? '');
- $uri = Item::newURI($guid);
+ $post = DI::contentItem()->addCategories($post, $request['category'] ?? '');
- // Fallback so that we alway have a parent uri
- if (!$thr_parent_uri || !$toplevel_item_id) {
- $thr_parent_uri = $uri;
+ // Add the attachment to the body.
+ if (!empty($request['has_attachment'])) {
+ $post['body'] .= DI::contentItem()->storeAttachmentFromRequest($request);
}
- $datarray = [
- 'uid' => $profile_uid,
- 'wall' => $wall,
- 'gravity' => $gravity,
- 'network' => $network,
- 'contact-id' => $contact_id,
- 'owner-name' => $contact_record['name'] ?? '',
- 'owner-link' => $contact_record['url'] ?? '',
- 'owner-avatar' => $contact_record['thumb'] ?? '',
- 'author-name' => $author['name'],
- 'author-link' => $author['url'],
- 'author-avatar' => $author['thumb'],
- 'created' => empty($_REQUEST['created_at']) ? DateTimeFormat::utcNow() : $_REQUEST['created_at'],
- 'received' => DateTimeFormat::utcNow(),
- 'extid' => $extid,
- 'guid' => $guid,
- 'uri' => $uri,
- 'title' => $title,
- 'body' => $body,
- 'app' => $app,
- 'location' => $location,
- 'coord' => $coord,
- 'file' => $categories,
- 'inform' => $inform,
- 'verb' => $verb,
- 'post-type' => $posttype,
- 'object-type' => $objecttype,
- 'allow_cid' => $str_contact_allow,
- 'allow_gid' => $str_group_allow,
- 'deny_cid' => $str_contact_deny,
- 'deny_gid' => $str_group_deny,
- 'private' => $private,
- 'pubmail' => $pubmail_enabled,
- 'attach' => $attachments,
- 'thr-parent' => $thr_parent_uri,
- 'postopts' => $postopts,
- 'origin' => $origin,
- 'object' => $object,
- 'attachments' => $_REQUEST['attachments'] ?? [],
- /*
- * These fields are for the convenience of addons...
- * 'self' if true indicates the owner is posting on their own wall
- * If parent is 0 it is a top-level post.
- */
- 'parent' => $toplevel_item_id,
- 'self' => $self,
- // This triggers posts via API and the mirror functions
- 'api_source' => $api_source,
- // This field is for storing the raw conversation data
- 'protocol' => Conversation::PARCEL_DIRECT,
- 'direction' => Conversation::PUSH,
- ];
+ $post = DI::contentItem()->finalizePost($post);
- // These cannot be part of above initialization ...
- $datarray['edited'] = $datarray['created'];
- $datarray['commented'] = $datarray['created'];
- $datarray['changed'] = $datarray['created'];
- $datarray['owner-id'] = Contact::getIdForURL($datarray['owner-link']);
- $datarray['author-id'] = Contact::getIdForURL($datarray['author-link']);
+ if (!strlen($post['body'])) {
+ if ($preview) {
+ System::jsonExit(['preview' => '']);
+ }
- $datarray['edit'] = $orig_post;
+ if ($return_path) {
+ DI::sysmsg()->addNotice(DI::l10n()->t('Empty post discarded.'));
+ DI::baseUrl()->redirect($return_path);
+ }
- // Check for hashtags in the body and repair or add hashtag links
- if ($preview || $orig_post) {
- $datarray['body'] = Item::setHashtags($datarray['body']);
+ throw new HTTPException\BadRequestException(DI::l10n()->t('Empty post discarded.'));
}
// preview mode - prepare the body for display and send it via json
if ($preview) {
- // We set the datarray ID to -1 because in preview mode the dataray
- // doesn't have an ID.
- $datarray['id'] = -1;
- $datarray['uri-id'] = -1;
- $datarray['author-network'] = Protocol::DFRN;
- $datarray['author-updated'] = '';
- $datarray['author-gsid'] = 0;
- $datarray['author-uri-id'] = ItemURI::getIdByURI($datarray['author-link']);
- $datarray['owner-updated'] = '';
- $datarray['has-media'] = false;
- $datarray['body'] = Item::improveSharedDataInBody($datarray);
-
- $o = DI::conversation()->create([array_merge($contact_record, $datarray)], 'search', false, true);
+ // We have to preset some fields, so that the conversation can be displayed
+ $post['id'] = -1;
+ $post['uri-id'] = -1;
+ $post['author-network'] = Protocol::DFRN;
+ $post['author-updated'] = '';
+ $post['author-gsid'] = 0;
+ $post['author-uri-id'] = ItemURI::getIdByURI($post['author-link']);
+ $post['owner-updated'] = '';
+ $post['has-media'] = false;
+ $post['quote-uri-id'] = Item::getQuoteUriId($post['body'], $post['uid']);
+ $post['body'] = BBCode::removeSharedData(Item::setHashtags($post['body']));
+ $post['writable'] = true;
+
+ $o = DI::conversation()->create([$post], Conversation::MODE_SEARCH, false, true);
System::jsonExit(['preview' => $o]);
}
- Hook::callAll('post_local',$datarray);
+ Hook::callAll('post_local',$post);
+
+ unset($post['edit']);
+ unset($post['self']);
+ unset($post['api_source']);
- if (!empty($_REQUEST['scheduled_at'])) {
- $scheduled_at = DateTimeFormat::convert($_REQUEST['scheduled_at'], 'UTC', $a->getTimeZone());
+ if (!empty($request['scheduled_at'])) {
+ $scheduled_at = DateTimeFormat::convert($request['scheduled_at'], 'UTC', DI::app()->getTimeZone());
if ($scheduled_at > DateTimeFormat::utcNow()) {
- unset($datarray['created']);
- unset($datarray['edited']);
- unset($datarray['commented']);
- unset($datarray['received']);
- unset($datarray['changed']);
- unset($datarray['edit']);
- unset($datarray['self']);
- unset($datarray['api_source']);
-
- Post\Delayed::add($datarray['uri'], $datarray, Worker::PRIORITY_HIGH, Post\Delayed::PREPARED_NO_HOOK, $scheduled_at);
- item_post_return(DI::baseUrl(), $api_source, $return_path);
+ unset($post['created']);
+ unset($post['edited']);
+ unset($post['commented']);
+ unset($post['received']);
+ unset($post['changed']);
+
+ Post\Delayed::add($post['uri'], $post, Worker::PRIORITY_HIGH, Post\Delayed::PREPARED_NO_HOOK, $scheduled_at);
+ item_post_return(DI::baseUrl(), $return_path);
}
}
- if (!empty($datarray['cancel'])) {
+ if (!empty($post['cancel'])) {
Logger::info('mod_item: post cancelled by addon.');
if ($return_path) {
DI::baseUrl()->redirect($return_path);
}
$json = ['cancel' => 1];
- if (!empty($_REQUEST['jsreload'])) {
- $json['reload'] = DI::baseUrl() . '/' . $_REQUEST['jsreload'];
+ if (!empty($request['jsreload'])) {
+ $json['reload'] = DI::baseUrl() . '/' . $request['jsreload'];
}
System::jsonExit($json);
}
- $datarray['uri-id'] = ItemURI::getIdByURI($datarray['uri']);
- $datarray['body'] = Item::improveSharedDataInBody($datarray);
-
- if ($orig_post) {
- $fields = [
- 'title' => $datarray['title'],
- 'body' => $datarray['body'],
- 'attach' => $datarray['attach'],
- 'file' => $datarray['file'],
- 'edited' => DateTimeFormat::utcNow(),
- 'changed' => DateTimeFormat::utcNow()
- ];
-
- Item::update($fields, ['id' => $post_id]);
- Item::updateDisplayCache($datarray['uri-id']);
-
- if ($return_path) {
- DI::baseUrl()->redirect($return_path);
- }
-
- throw new HTTPException\OKException(DI::l10n()->t('Post updated.'));
- }
-
- unset($datarray['edit']);
- unset($datarray['self']);
- unset($datarray['api_source']);
-
- $post_id = Item::insert($datarray);
-
- if (!$post_id) {
- DI::sysmsg()->addNotice(DI::l10n()->t('Item wasn\'t stored.'));
- if ($return_path) {
- DI::baseUrl()->redirect($return_path);
- }
-
- throw new HTTPException\InternalServerErrorException(DI::l10n()->t('Item wasn\'t stored.'));
- }
-
- $datarray = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $post_id]);
-
- if (!DBA::isResult($datarray)) {
- Logger::error('Item couldn\'t be fetched.', ['post_id' => $post_id]);
- if ($return_path) {
- DI::baseUrl()->redirect($return_path);
- }
-
- throw new HTTPException\InternalServerErrorException(DI::l10n()->t('Item couldn\'t be fetched.'));
- }
-
- Tag::storeFromBody($datarray['uri-id'], $datarray['body']);
-
- if (!\Friendica\Content\Feature::isEnabled($uid, 'explicit_mentions') && ($datarray['gravity'] == Item::GRAVITY_COMMENT)) {
- Tag::createImplicitMentions($datarray['uri-id'], $datarray['thr-parent-id']);
- }
-
- // These notifications are sent if someone else is commenting other your wall
- if ($contact_record != $author) {
- if ($toplevel_item_id) {
- DI::notify()->createFromArray([
- 'type' => Notification\Type::COMMENT,
- 'otype' => Notification\ObjectType::ITEM,
- 'verb' => Activity::POST,
- 'uid' => $profile_uid,
- 'cid' => $datarray['author-id'],
- 'item' => $datarray,
- 'link' => DI::baseUrl() . '/display/' . urlencode($datarray['guid']),
- ]);
- } elseif (empty($forum_contact)) {
- DI::notify()->createFromArray([
- 'type' => Notification\Type::WALL,
- 'otype' => Notification\ObjectType::ITEM,
- 'verb' => Activity::POST,
- 'uid' => $profile_uid,
- 'cid' => $datarray['author-id'],
- 'item' => $datarray,
- 'link' => DI::baseUrl() . '/display/' . urlencode($datarray['guid']),
- ]);
- }
- }
-
- Hook::callAll('post_local_end', $datarray);
-
- if (strlen($emailcc) && $profile_uid == local_user()) {
- $recipients = explode(',', $emailcc);
- if (count($recipients)) {
- foreach ($recipients as $recipient) {
- $address = trim($recipient);
- if (!strlen($address)) {
- continue;
- }
- DI::emailer()->send(new ItemCCEMail(DI::app(), DI::l10n(), DI::baseUrl(),
- $datarray, $address, $author['thumb'] ?? ''));
- }
- }
- }
-
- Logger::debug('post_complete');
-
- if ($api_source) {
- return $post_id;
- }
-
- item_post_return(DI::baseUrl(), $api_source, $return_path);
- // NOTREACHED
+ return $post;
}
-function item_post_return($baseurl, $api_source, $return_path)
+function item_post_return($baseurl, $return_path)
{
- if ($api_source) {
- return;
- }
-
if ($return_path) {
DI::baseUrl()->redirect($return_path);
}
function item_content(App $a)
{
- if (!Session::isAuthenticated()) {
+ if (!DI::userSession()->isAuthenticated()) {
throw new HTTPException\UnauthorizedException();
}
switch ($args->get(1)) {
case 'drop':
if (DI::mode()->isAjax()) {
- Item::deleteForUser(['id' => $args->get(2)], local_user());
+ Item::deleteForUser(['id' => $args->get(2)], DI::userSession()->getLocalUserId());
// ajax return: [<item id>, 0 (no perm) | <owner id>]
- System::jsonExit([intval($args->get(2)), local_user()]);
+ System::jsonExit([intval($args->get(2)), DI::userSession()->getLocalUserId()]);
} else {
if (!empty($args->get(3))) {
$o = drop_item($args->get(2), $args->get(3));
break;
case 'block':
- $item = Post::selectFirstForUser(local_user(), ['guid', 'author-id', 'parent', 'gravity'], ['id' => $args->get(2)]);
+ $item = Post::selectFirstForUser(DI::userSession()->getLocalUserId(), ['guid', 'author-id', 'parent', 'gravity'], ['id' => $args->get(2)]);
+ if (empty($item['author-id'])) {
+ throw new HTTPException\NotFoundException('Item not found');
+ }
+
+ Contact\User::setBlocked($item['author-id'], DI::userSession()->getLocalUserId(), true);
+
+ if (DI::mode()->isAjax()) {
+ // ajax return: [<item id>, 0 (no perm) | <owner id>]
+ System::jsonExit([intval($args->get(2)), DI::userSession()->getLocalUserId()]);
+ } else {
+ item_redirect_after_action($item, $args->get(3));
+ }
+ break;
+
+ case 'ignore':
+ $item = Post::selectFirstForUser(DI::userSession()->getLocalUserId(), ['guid', 'author-id', 'parent', 'gravity'], ['id' => $args->get(2)]);
if (empty($item['author-id'])) {
throw new HTTPException\NotFoundException('Item not found');
}
- Contact\User::setBlocked($item['author-id'], local_user(), true);
+ Contact\User::setIgnored($item['author-id'], DI::userSession()->getLocalUserId(), true);
if (DI::mode()->isAjax()) {
// ajax return: [<item id>, 0 (no perm) | <owner id>]
- System::jsonExit([intval($args->get(2)), local_user()]);
+ System::jsonExit([intval($args->get(2)), DI::userSession()->getLocalUserId()]);
} else {
item_redirect_after_action($item, $args->get(3));
}
function drop_item(int $id, string $return = ''): string
{
// Locate item to be deleted
- $item = Post::selectFirstForUser(local_user(), ['id', 'uid', 'guid', 'contact-id', 'deleted', 'gravity', 'parent'], ['id' => $id]);
+ $item = Post::selectFirstForUser(DI::userSession()->getLocalUserId(), ['id', 'uid', 'guid', 'contact-id', 'deleted', 'gravity', 'parent'], ['id' => $id]);
if (!DBA::isResult($item)) {
DI::sysmsg()->addNotice(DI::l10n()->t('Item not found.'));
$contact_id = 0;
// check if logged in user is either the author or owner of this item
- if (Session::getRemoteContactID($item['uid']) == $item['contact-id']) {
+ if (DI::userSession()->getRemoteContactID($item['uid']) == $item['contact-id']) {
$contact_id = $item['contact-id'];
}
- if ((local_user() == $item['uid']) || $contact_id) {
+ if ((DI::userSession()->getLocalUserId() == $item['uid']) || $contact_id) {
// delete the item
- Item::deleteForUser(['id' => $item['id']], local_user());
+ Item::deleteForUser(['id' => $item['id']], DI::userSession()->getLocalUserId());
item_redirect_after_action($item, $return);
//NOTREACHED
} else {
- Logger::warning('Permission denied.', ['local' => local_user(), 'uid' => $item['uid'], 'cid' => $contact_id]);
+ Logger::warning('Permission denied.', ['local' => DI::userSession()->getLocalUserId(), 'uid' => $item['uid'], 'cid' => $contact_id]);
DI::sysmsg()->addNotice(DI::l10n()->t('Permission denied.'));
DI::baseUrl()->redirect('display/' . $item['guid']);
//NOTREACHED
// Check if delete a comment
if ($item['gravity'] == Item::GRAVITY_COMMENT) {
if (!empty($item['parent'])) {
- $parentitem = Post::selectFirstForUser(local_user(), ['guid'], ['id' => $item['parent']]);
+ $parentitem = Post::selectFirstForUser(DI::userSession()->getLocalUserId(), ['guid'], ['id' => $item['parent']]);
}
// Return to parent guid