X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=include%2Fitems.php;h=0a8bc12c0893911e9e414acfb1d993949f8861b3;hb=91d1ef36d8e2bd117160418cb82a39c7b2353c91;hp=5268dfc1d8bb859bfa66e898bd89f43ed40b710f;hpb=3d249f0eddb058f74b33d8205202b17ab7555aa6;p=friendica.git
diff --git a/include/items.php b/include/items.php
old mode 100755
new mode 100644
index 5268dfc1d8..0a8bc12c08
--- a/include/items.php
+++ b/include/items.php
@@ -7,14 +7,11 @@ require_once('include/crypto.php');
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) {
- // default permissions - anonymous user
-
- if(! strlen($owner_nick))
- killme();
+ $sitefeed = ((strlen($owner_nick)) ? false : true); // not yet implemented, need to rewrite huge chunks of following logic
$public_feed = (($dfrn_id) ? false : true);
- $starred = false;
- $converse = false;
+ $starred = false; // not yet implemented, possible security issues
+ $converse = false;
if($public_feed && $a->argc > 2) {
for($x = 2; $x < $a->argc; $x++) {
@@ -22,13 +19,20 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
$converse = true;
if($a->argv[$x] == 'starred')
$starred = true;
+ if($a->argv[$x] === 'category' && $a->argc > ($x + 1) && strlen($a->argv[$x+1]))
+ $category = $a->argv[$x+1];
}
+
+
}
+
+
+ // default permissions - anonymous user
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
- $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`
+ $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`
FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1",
dbesc($owner_nick)
@@ -103,6 +107,10 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
if(! strlen($last_update))
$last_update = 'now -30 days';
+ if(isset($category)) {
+ $sql_extra .= file_tag_file_query('item',$category,'category');
+ }
+
if($public_feed) {
if(! $converse)
$sql_extra .= " AND `contact`.`self` = 1 ";
@@ -156,7 +164,8 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
- '$birthday' => ((strlen($birthday)) ? '' . xmlify($birthday) . '' : '')
+ '$birthday' => ((strlen($birthday)) ? '' . xmlify($birthday) . '' : ''),
+ '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '1' : '')
));
call_hooks('atom_feed', $atom);
@@ -417,7 +426,7 @@ function get_atom_elements($feed,$item) {
// the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining
// html.
- if((strpos($res['body'],'<') !== false) || (strpos($res['body'],'>') !== false)) {
+ if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) {
$res['body'] = reltoabs($res['body'],$base_url);
@@ -430,14 +439,22 @@ function get_atom_elements($feed,$item) {
// we shouldn't need a whitelist, because the bbcode converter
// will strip out any unsupported tags.
- // $config->set('HTML.Allowed', 'p,b,a[href],i');
$purifier = new HTMLPurifier($config);
$res['body'] = $purifier->purify($res['body']);
- $res['body'] = html2bbcode($res['body']);
+ $res['body'] = @html2bbcode($res['body']);
+ }
+ elseif(! $have_real_body) {
+
+ // it's not one of our messages and it has no tags
+ // so it's probably just text. We'll escape it just to be safe.
+
+ $res['body'] = escape_tags($res['body']);
}
+ // this tag is obsolete but we keep it for really old sites
+
$allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');
if($allow && $allow[0]['data'] == 1)
$res['last-child'] = 1;
@@ -571,20 +588,21 @@ function get_atom_elements($feed,$item) {
if($rawobj) {
$res['object'] = '