X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=74b4aaf6e1d85e5cedbf998194c7c57c2813f1bc;hb=030e1e82c32a3061abf71ffb90e65f2b9197d8a4;hp=1f58a6baae3e77a264789d754ebe95003bc1949e;hpb=fcf45db075e13d7889715b715406abbccf012fc8;p=friendica.git

diff --git a/include/api.php b/include/api.php
index 1f58a6baae..74b4aaf6e1 100644
--- a/include/api.php
+++ b/include/api.php
@@ -55,7 +55,7 @@
 		// process normal login request
 
 		$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) 
-			AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
+			AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
 			dbesc(trim($user)),
 			dbesc(trim($user)),
 			dbesc($encrypted)
@@ -466,6 +466,7 @@
 		}
 		return null;
 	}
+
 	// TODO - media uploads
 	function api_statuses_update(&$a, $type) {
 		if (local_user()===false) return false;
@@ -475,7 +476,32 @@
 
 		// logger('api_post: ' . print_r($_POST,true));
 
-		$_POST['body'] = urldecode(requestdata('status'));
+		if(requestdata('htmlstatus')) {
+			require_once('library/HTMLPurifier.auto.php');
+			require_once('include/html2bbcode.php');
+
+			$txt = requestdata('htmlstatus');
+			if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) {
+
+				$txt = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
+					'[youtube]$1[/youtube]', $txt);
+
+				$txt = preg_replace('#<iframe[^>].+?' . 'http://www.youtube.com/embed/([A-Za-z0-9\-_=]+).+?</iframe>#s',
+					'[youtube]$1[/youtube]', $txt);
+
+				$config = HTMLPurifier_Config::createDefault();
+				$config->set('Cache.DefinitionImpl', null);
+
+
+				$purifier = new HTMLPurifier($config);
+				$txt = $purifier->purify($txt);
+
+				$_POST['body'] = html2bbcode($txt);
+			}
+
+		}
+		else
+			$_POST['body'] = urldecode(requestdata('status'));
 
 		$parent = requestdata('in_reply_to_status_id');
 		if(ctype_digit($parent))