X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=include%2Fitems.php;h=0a8bc12c0893911e9e414acfb1d993949f8861b3;hb=91d1ef36d8e2bd117160418cb82a39c7b2353c91;hp=2af2b5f55c8ec41b149b8e1d119dc2164638070f;hpb=3d9a9614e232a3ff207803be1092b1d42bcadde6;p=friendica.git
diff --git a/include/items.php b/include/items.php
index 2af2b5f55c..0a8bc12c08 100644
--- a/include/items.php
+++ b/include/items.php
@@ -7,14 +7,11 @@ require_once('include/crypto.php');
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) {
- // default permissions - anonymous user
-
- if(! strlen($owner_nick))
- killme();
+ $sitefeed = ((strlen($owner_nick)) ? false : true); // not yet implemented, need to rewrite huge chunks of following logic
$public_feed = (($dfrn_id) ? false : true);
- $starred = false;
- $converse = false;
+ $starred = false; // not yet implemented, possible security issues
+ $converse = false;
if($public_feed && $a->argc > 2) {
for($x = 2; $x < $a->argc; $x++) {
@@ -22,13 +19,20 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
$converse = true;
if($a->argv[$x] == 'starred')
$starred = true;
+ if($a->argv[$x] === 'category' && $a->argc > ($x + 1) && strlen($a->argv[$x+1]))
+ $category = $a->argv[$x+1];
}
+
+
}
+
+
+ // default permissions - anonymous user
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
- $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`
+ $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`
FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1",
dbesc($owner_nick)
@@ -103,6 +107,10 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
if(! strlen($last_update))
$last_update = 'now -30 days';
+ if(isset($category)) {
+ $sql_extra .= file_tag_file_query('item',$category,'category');
+ }
+
if($public_feed) {
if(! $converse)
$sql_extra .= " AND `contact`.`self` = 1 ";
@@ -118,7 +126,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
`sign`.`signed_text`, `sign`.`signature`, `sign`.`signer`
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
LEFT JOIN `sign` ON `sign`.`iid` = `item`.`id`
- WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`parent` != 0
+ WHERE `item`.`uid` = %d AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`parent` != 0
AND `item`.`wall` = 1 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
AND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' )
$sql_extra
@@ -143,7 +151,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
$salmon = feed_salmonlinks($owner_nick);
$atom .= replace_macros($feed_template, array(
- '$version' => xmlify(FRIENDIKA_VERSION),
+ '$version' => xmlify(FRIENDICA_VERSION),
'$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick),
'$feed_title' => xmlify($owner['name']),
'$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now' , ATOM_TIME)) ,
@@ -156,7 +164,8 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
- '$birthday' => ((strlen($birthday)) ? '' . xmlify($birthday) . '' : '')
+ '$birthday' => ((strlen($birthday)) ? '' . xmlify($birthday) . '' : ''),
+ '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '1' : '')
));
call_hooks('atom_feed', $atom);
@@ -295,6 +304,11 @@ function get_atom_elements($feed,$item) {
$res['body'] = unxmlify($item->get_content());
$res['plink'] = unxmlify($item->get_link(0));
+ if($res['plink'])
+ $base_url = implode('/', array_slice(explode('/',$res['plink']),0,3));
+ else
+ $base_url = '';
+
// look for a photo. We should check media size and find the best one,
// but for now let's just find any author photo
@@ -303,7 +317,7 @@ function get_atom_elements($feed,$item) {
if($rawauthor && $rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) {
$base = $rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'];
foreach($base as $link) {
- if(! $res['author-avatar']) {
+ if(!x($res, 'author-avatar') || !$res['author-avatar']) {
if($link['attribs']['']['rel'] === 'photo' || $link['attribs']['']['rel'] === 'avatar')
$res['author-avatar'] = unxmlify($link['attribs']['']['href']);
}
@@ -318,7 +332,7 @@ function get_atom_elements($feed,$item) {
foreach($base as $link) {
if($link['attribs']['']['rel'] === 'alternate' && (! $res['author-link']))
$res['author-link'] = unxmlify($link['attribs']['']['href']);
- if(! $res['author-avatar']) {
+ if(!x($res, 'author-avatar') || !$res['author-avatar']) {
if($link['attribs']['']['rel'] === 'avatar' || $link['attribs']['']['rel'] === 'photo')
$res['author-avatar'] = unxmlify($link['attribs']['']['href']);
}
@@ -412,7 +426,9 @@ function get_atom_elements($feed,$item) {
// the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining
// html.
- if((strpos($res['body'],'<') !== false) || (strpos($res['body'],'>') !== false)) {
+ if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) {
+
+ $res['body'] = reltoabs($res['body'],$base_url);
$res['body'] = html2bb_video($res['body']);
@@ -423,14 +439,22 @@ function get_atom_elements($feed,$item) {
// we shouldn't need a whitelist, because the bbcode converter
// will strip out any unsupported tags.
- // $config->set('HTML.Allowed', 'p,b,a[href],i');
$purifier = new HTMLPurifier($config);
$res['body'] = $purifier->purify($res['body']);
- $res['body'] = html2bbcode($res['body']);
+ $res['body'] = @html2bbcode($res['body']);
+ }
+ elseif(! $have_real_body) {
+
+ // it's not one of our messages and it has no tags
+ // so it's probably just text. We'll escape it just to be safe.
+
+ $res['body'] = escape_tags($res['body']);
}
+ // this tag is obsolete but we keep it for really old sites
+
$allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');
if($allow && $allow[0]['data'] == 1)
$res['last-child'] = 1;
@@ -496,7 +520,7 @@ function get_atom_elements($feed,$item) {
$base = $rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'];
foreach($base as $link) {
- if(! $res['owner-avatar']) {
+ if(!x($res, 'owner-avatar') || !$res['owner-avatar']) {
if($link['attribs']['']['rel'] === 'photo' || $link['attribs']['']['rel'] === 'avatar')
$res['owner-avatar'] = unxmlify($link['attribs']['']['href']);
}
@@ -564,20 +588,21 @@ function get_atom_elements($feed,$item) {
if($rawobj) {
$res['object'] = '