X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fitems.php;h=06ff8f2894e128cee7fafdff941621d9ac598ff5;hb=ca21f1bbc81ee2f9118995f26d31270d41dd46eb;hp=a2b0fe053c4c1e015edb9df936c93701bd1f589c;hpb=51802b0ae828c0b2e01b27523f271431e47aff6d;p=friendica.git

diff --git a/include/items.php b/include/items.php
index a2b0fe053c..06ff8f2894 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1184,6 +1184,15 @@ function tag_deliver($uid,$item_id) {
 
 	// send a notification
 
+	// use a local photo if we have one
+
+	$r = q("select * from contact where uid = %d and nurl = '%s' limit 1",
+		intval($u[0]['uid']),
+		dbesc(normalise_link($item['author-link']))
+	);
+	$photo = (($r && count($r)) ? $r[0]['thumb'] : $item['author-avatar']);
+
+
 	require_once('include/enotify.php');
 	notification(array(
 		'type'         => NOTIFY_TAGSELF,
@@ -1196,11 +1205,16 @@ function tag_deliver($uid,$item_id) {
 		'link'         => $a->get_baseurl() . '/display/' . $u[0]['nickname'] . '/' . $item['id'],
 		'source_name'  => $item['author-name'],
 		'source_link'  => $item['author-link'],
-		'source_photo' => $item['author-avatar'],
+		'source_photo' => $photo,
 		'verb'         => ACTIVITY_TAG,
 		'otype'        => 'item'
 	));
 
+
+	$arr = array('item' => $item, 'user' => $u[0], 'contact' => $r[0]);
+
+	call_hooks('tagged', $arr);
+
 	if((! $community_page) && (! $prvgroup))
 		return;
 
@@ -1247,6 +1261,59 @@ function tag_deliver($uid,$item_id) {
 
 
 
+function tgroup_check($uid,$item) {
+
+	$a = get_app();
+
+	$mention = false;
+
+	// check that the message originated elsewhere and is a top-level post
+
+	if(($item['wall']) || ($item['origin']) || ($item['uri'] != $item['parent-uri']))
+		return false;
+
+
+	$u = q("select * from user where uid = %d limit 1",
+		intval($uid)
+	);
+	if(! count($u))
+		return false;
+
+	$community_page = (($u[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
+	$prvgroup = (($u[0]['page-flags'] == PAGE_PRVGROUP) ? true : false);
+
+
+	$link = normalise_link($a->get_baseurl() . '/profile/' . $u[0]['nickname']);
+
+	// Diaspora uses their own hardwired link URL in @-tags
+	// instead of the one we supply with webfinger
+
+	$dlink = normalise_link($a->get_baseurl() . '/u/' . $u[0]['nickname']);
+
+	$cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism',$item['body'],$matches,PREG_SET_ORDER);
+	if($cnt) {
+		foreach($matches as $mtch) {
+			if(link_compare($link,$mtch[1]) || link_compare($dlink,$mtch[1])) {
+				$mention = true;
+				logger('tgroup_check: mention found: ' . $mtch[2]);
+			}
+		}
+	}
+
+	if(! $mention)
+		return false;
+
+	if((! $community_page) && (! $prvgroup))
+		return false;
+
+
+
+	return true;
+
+}
+
+
+
 
 
 
@@ -1803,6 +1870,12 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
 				if($pass == 1)
 					continue;
 
+				// not allowed to post
+
+				if($contact['rel'] == CONTACT_IS_FOLLOWER)
+					continue;
+
+
 				// Have we seen it? If not, import it.
 
 				$item_id  = $item->get_id();
@@ -2077,6 +2150,14 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
 					$datarray['owner-avatar'] = $contact['thumb'];
 				}
 
+				// We've allowed "followers" to reach this point so we can decide if they are 
+				// posting an @-tag delivery, which followers are allowed to do for certain
+				// page types. Now that we've parsed the post, let's check if it is legit. Otherwise ignore it. 
+
+				if(($contact['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['uid'],$datarray)))
+					continue;
+
+
 				$r = item_store($datarray);
 				continue;
 
@@ -2122,8 +2203,11 @@ function local_delivery($importer,$data) {
 
 
 	$rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'owner');
-	if(! $rawtags)
-		$rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author');
+
+// Fallback should not be needed here. If it isn't DFRN it won't have DFRN updated tags
+//	if(! $rawtags)
+//		$rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author');
+
 	if($rawtags) {
 		$elems = $rawtags[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10];
 		if($elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated']) {
@@ -2696,15 +2780,6 @@ function local_delivery($importer,$data) {
 				}
 
 
-				// TODO: make this next part work against both delivery threads of a community post
-
-//				if((! link_compare($datarray['author-link'],$importer['url'])) && (! $community)) {
-//					logger('local_delivery: received relay claiming to be from ' . $importer['url'] . ' however comment author url is ' . $datarray['author-link'] ); 
-					// they won't know what to do so don't report an error. Just quietly die.
-//					return 0;
-//				}					
-
-				// our user with $importer['importer_uid'] is the owner
 
 				$own = q("select name,url,thumb from contact where uid = %d and self = 1 limit 1",
 					intval($importer['importer_uid'])
@@ -2774,15 +2849,6 @@ function local_delivery($importer,$data) {
 					}
 				}
 
-// 				if($community) {
-//					$newtag = '@[url=' . $a->get_baseurl() . '/profile/' . $importer['nickname'] . ']' . $importer['username'] . '[/url]';
-//					if(! stristr($datarray['tag'],$newtag)) {
-//						if(strlen($datarray['tag']))
-//							$datarray['tag'] .= ',';
-//						$datarray['tag'] .= $newtag;
-//					}
-//				}
-
 
 				$posted_id = item_store($datarray);
 				$parent = 0;
@@ -2852,6 +2918,9 @@ function local_delivery($importer,$data) {
 				$item_id  = $item->get_id();
 				$datarray = get_atom_elements($feed,$item);
 
+				if($importer['rel'] == CONTACT_IS_FOLLOWER)
+					continue;
+
 				$r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
 					dbesc($item_id),
 					intval($importer['importer_uid'])
@@ -3086,6 +3155,9 @@ function local_delivery($importer,$data) {
 				$datarray['owner-avatar'] = $importer['thumb'];
 			}
 
+			if(($importer['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['importer_uid'],$datarray)))
+				continue;
+
 			$posted_id = item_store($datarray);
 
 			if(stristr($datarray['verb'],ACTIVITY_POKE)) {
@@ -3712,9 +3784,21 @@ function drop_item($id,$interactive = true) {
 
 	$owner = $item['uid'];
 
+	$cid = 0;
+
 	// check if logged in user is either the author or owner of this item
 
-	if((local_user() == $item['uid']) || (remote_user() == $item['contact-id']) || (! $interactive)) {
+	if(is_array($_SESSION['remote'])) {
+		foreach($_SESSION['remote'] as $visitor) {
+			if($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
+				$cid = $visitor['cid'];
+				break;
+			}
+		}
+	}
+
+
+	if((local_user() == $item['uid']) || ($cid) || (! $interactive)) {
 
 		logger('delete item: ' . $item['id'], LOGGER_DEBUG);
 		// delete the item