<?php
-function sanitise_acl(&$item) {
- $item = '<' . intval(notags(trim($item))) . '>';
-}
-
function item_post(&$a) {
if((! local_user()) && (! remote_user()))
$uid = $_SESSION['uid'];
- if(($a->argc == 3) && ($a->argv[1] == 'drop') && intval($a->argv[2])) {
- $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
- intval($argv[2])
- );
- if(! count($r)) {
- notice("Permission denied." . EOL);
- goway($a->get_baseurl() . $_SESSION['return_url']);
- }
- $item = $r[0];
- if(($_SESSION['visitor_id'] == $item['contact-id']) || ($_SESSION['uid'] == $item['uid'])) {
- $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s' WHERE `id` = %d LIMIT 1",
- dbesc(datetime_convert()),
- intval($item['id'])
- );
- if($item['uri'] == $item['parent-uri']) {
- $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s' WHERE `parent-uri` = '%s',
- dbesc(datetime_convert()),
- dbesc($item['parent-uri'])
- );
- }
-
- $url = $a->get_baseurl();
- $drop_id = intval($item['id'])l
-
- proc_close(proc_open("php include/notifier.php \"$url\" \"$drop" \"$drop_id\" > notify.log &",
- array(),$foo));
-
- goway($a->get_baseurl() . $_SESSION['return_url']);
-
- }
$parent = ((x($_POST,'parent')) ? intval($_POST['parent']) : 0);
intval($parent)
);
if(! count($r)) {
- notice("Unable to locate original post." . EOL);
+ notice( t('Unable to locate original post.') . EOL);
goaway($a->get_baseurl() . "/" . $_POST['return'] );
}
$parent_item = $r[0];
$str_contact_deny = implode('',$contact_deny);
}
-
+ $title = notags(trim($_POST['title']));
$body = escape_tags(trim($_POST['body']));
if(! strlen($body)) {
- notice("Empty post discarded." . EOL );
+ notice( t('Empty post discarded.') . EOL );
goaway($a->get_baseurl() . "/" . $_POST['return'] );
}
$post_type == notags(trim($_POST['type']));
if($post_type == 'net-comment') {
- if($parent_item !== null && $parent_item['type'] != 'remote')
- $post_type = 'wall-comment';
+ if($parent_item !== null) {
+ if($parent_item['type'] == 'remote')
+ $post_type = 'remote-comment';
+ else
+ $post_type = 'wall-comment';
+ }
}
$notify_type = (($parent) ? 'comment-new' : 'wall-new' );
$r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `created`,
- `edited`, `uri`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)
- VALUES( %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
+ `edited`, `uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)
+ VALUES( %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
intval($profile_uid),
dbesc($_POST['type']),
intval($contact_id),
datetime_convert(),
datetime_convert(),
dbesc($uri),
- dbesc(escape_tags(trim($_POST['body']))),
+ dbesc($title),
+ dbesc($body),
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
dbesc(($parent == $post_id) ? $uri : $parent_item['uri']),
intval($post_id)
);
+ // photo comments turn the corresponding item visible to the profile wall
+ if(! $parent_item['visible']) {
+ $r = q("UPDATE `item` SET `visible = 1 WHERE `id` = %d LIMIT 1",
+ intval($parent_item['id'])
+ );
+ }
+
}
$url = $a->get_baseurl();
}
goaway($a->get_baseurl() . "/" . $_POST['return'] );
return; // NOTREACHED
+}
+
+function item_content(&$a) {
+
+ if((! local_user()) && (! remote_user()))
+ return;
+
+ require_once('include/security.php');
+
+ $uid = $_SESSION['uid'];
+
+ if(($a->argc == 3) && ($a->argv[1] == 'drop') && intval($a->argv[2])) {
+
+ // locate item to be deleted
+
+ $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
+ intval($a->argv[2])
+ );
+
+ if(! count($r)) {
+ notice("Item not found." . EOL);
+ goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+ }
+ $item = $r[0];
+
+ // check if logged in user is either the author or owner of this item
+
+ if(($_SESSION['visitor_id'] == $item['contact-id']) || ($_SESSION['uid'] == $item['uid'])) {
+
+ // delete the item
+
+ $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s' WHERE `id` = %d LIMIT 1",
+ dbesc(datetime_convert()),
+ intval($item['id'])
+ );
+
+ // If item is a link to a photo resource, nuke all the associated photos
+ // (visitors will not have photo resources)
+ // This only applies to photos uploaded from the photos page. Photos inserted into a post do not
+ // generate a resource-id and therefore aren't intimately linked to the item.
+
+ if(strlen($item['resource-id'])) {
+ $q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ",
+ dbesc($item['resource-id']),
+ intval($item['uid'])
+ );
+ // ignore the result
+ }
+
+ // If it's the parent of a comment thread, kill all the kids
+
+ if($item['uri'] == $item['parent-uri']) {
+ $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s'
+ WHERE `parent-uri` = '%s' AND `uid` = %d ",
+ dbesc(datetime_convert()),
+ dbesc($item['parent-uri']),
+ intval($item['uid'])
+ );
+ // ignore the result
+ }
+
+ $url = $a->get_baseurl();
+ $drop_id = intval($item['id']);
+
+ // send the notification upstream/downstream as the case may be
+
+ proc_close(proc_open("php include/notifier.php \"$url\" \"drop\" \"$drop_id\" > notify.log &",
+ array(),$foo));
+
+ goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+ return; //NOTREACHED
+ }
+ else {
+ notice("Permission denied." . EOL);
+ goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+ return; //NOTREACHED
+ }
+ }
}
\ No newline at end of file