Fixed max value check, improved request value fetching

[friendica.git] / mod / item.php

diff --git a/mod/item.php b/mod/item.php
index 00248df4306c40e5b86b2157278bab5eea36b79a..a531d40936a82b918d1f179c5174dd1e01edf37d 100644 (file)
--- a/mod/item.php
+++ b/mod/item.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2010-2021, the Friendica project
+ * @copyright Copyright (C) 2010-2022, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -177,10 +177,11 @@ function item_post(App $a) {
        }
 
        // Allow commenting if it is an answer to a public post
-       $allow_comment = local_user() && ($profile_uid == 0) && $toplevel_item_id && in_array($toplevel_item['network'], Protocol::FEDERATED);
+       $allow_comment = local_user() && $toplevel_item_id && in_array($toplevel_item['private'], [Item::PUBLIC, Item::UNLISTED]) && in_array($toplevel_item['network'], Protocol::FEDERATED);
 
        // Now check that valid personal details have been provided
        if (!Security::canWriteToUserWall($profile_uid) && !$allow_comment) {
+               Logger::notice('Permission denied.', ['local' => local_user(), 'profile_uid' => $profile_uid, 'toplevel_item_id' => $toplevel_item_id, 'network' => $toplevel_item['network']]);
                notice(DI::l10n()->t('Permission denied.'));
                if ($return_path) {
                        DI::baseUrl()->redirect($return_path);
@@ -351,7 +352,8 @@ function item_post(App $a) {
                $filedas = FileTag::fileToArray($categories);
        }
 
-       $categories = FileTag::listToFile(trim($_REQUEST['category'] ?? ''), 'category');
+       $list_array = explode(',', trim($_REQUEST['category'] ?? ''));
+       $categories = FileTag::arrayToFile($list_array, 'category');
 
        if (!empty($filedas) && is_array($filedas)) {
                // append the fileas stuff to the new categories list
@@ -685,7 +687,7 @@ function item_post(App $a) {
        Hook::callAll('post_local',$datarray);
 
        if (!empty($_REQUEST['scheduled_at'])) {
-               $scheduled_at = DateTimeFormat::convert($_REQUEST['scheduled_at'], 'UTC', $a->getTimezone());
+               $scheduled_at = DateTimeFormat::convert($_REQUEST['scheduled_at'], 'UTC', $a->getTimeZone());
                if ($scheduled_at > DateTimeFormat::utcNow()) {
                        unset($datarray['created']);
                        unset($datarray['edited']);
@@ -776,7 +778,7 @@ function item_post(App $a) {
        // These notifications are sent if someone else is commenting other your wall
        if ($contact_record != $author) {
                if ($toplevel_item_id) {
-                       notification([
+                       DI::notify()->createFromArray([
                                'type'  => Notification\Type::COMMENT,
                                'otype' => Notification\ObjectType::ITEM,
                                'verb'  => Activity::POST,
@@ -786,7 +788,7 @@ function item_post(App $a) {
                                'link'  => DI::baseUrl() . '/display/' . urlencode($datarray['guid']),
                        ]);
                } elseif (empty($forum_contact)) {
-                       notification([
+                       DI::notify()->createFromArray([
                                'type'  => Notification\Type::WALL,
                                'otype' => Notification\ObjectType::ITEM,
                                'verb'  => Activity::POST,
@@ -931,6 +933,7 @@ function drop_item(int $id, string $return = '')
 
                item_redirect_after_action($item, $return);
        } else {
+               Logger::notice('Permission denied.', ['local' => local_user(), 'uid' => $item['uid'], 'cid' => $contact_id]);
                notice(DI::l10n()->t('Permission denied.'));
                DI::baseUrl()->redirect('display/' . $item['guid']);
                //NOTREACHED