X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fitem.php;h=7d9cdb0286b6e4772c2d438cf0cde3b283de9b23;hb=60af1314a0ce1e5a9cfa0ad933de6dcee212ddf5;hp=c00faf5dc5b14eb92ba6de7fe7949ce211599c9b;hpb=edf9bdfa144795edb121d04eb0f40dfa6a73bea8;p=friendica.git

diff --git a/mod/item.php b/mod/item.php
index c00faf5dc5..7d9cdb0286 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2022, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -40,13 +40,14 @@ use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
 use Friendica\DI;
+use Friendica\Model\APContact;
 use Friendica\Model\Attach;
 use Friendica\Model\Contact;
 use Friendica\Model\Conversation;
 use Friendica\Model\FileTag;
 use Friendica\Model\Item;
-use Friendica\Model\Notify;
-use Friendica\Model\Notify\Type;
+use Friendica\Model\ItemURI;
+use Friendica\Model\Notification;
 use Friendica\Model\Photo;
 use Friendica\Model\Post;
 use Friendica\Model\Tag;
@@ -54,9 +55,9 @@ use Friendica\Model\User;
 use Friendica\Network\HTTPException;
 use Friendica\Object\EMail\ItemCCEMail;
 use Friendica\Protocol\Activity;
-use Friendica\Protocol\Diaspora;
-use Friendica\Util\DateTimeFormat;
 use Friendica\Security\Security;
+use Friendica\Util\DateTimeFormat;
+use Friendica\Util\ParseUrl;
 use Friendica\Worker\Delivery;
 
 function item_post(App $a) {
@@ -114,9 +115,9 @@ function item_post(App $a) {
 
 	if ($parent_item_id || $thr_parent_uri) {
 		if ($parent_item_id) {
-			$parent_item = Post::selectFirst([], ['id' => $parent_item_id]);
+			$parent_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $parent_item_id]);
 		} elseif ($thr_parent_uri) {
-			$parent_item = Post::selectFirst([], ['uri' => $thr_parent_uri, 'uid' => $profile_uid]);
+			$parent_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['uri' => $thr_parent_uri, 'uid' => $profile_uid]);
 		}
 
 		// if this isn't the top-level parent of the conversation, find it
@@ -126,7 +127,7 @@ function item_post(App $a) {
 			$toplevel_item = $parent_item;
 
 			if ($parent_item['gravity'] != GRAVITY_PARENT) {
-				$toplevel_item = Post::selectFirst([], ['id' => $toplevel_item['parent']]);
+				$toplevel_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $toplevel_item['parent']]);
 			}
 		}
 
@@ -144,7 +145,7 @@ function item_post(App $a) {
 			$stored = Item::storeForUserByUriId($toplevel_item['uri-id'], local_user());
 			Logger::info('Public item stored for user', ['uri-id' => $toplevel_item['uri-id'], 'uid' => $uid, 'stored' => $stored]);
 			if ($stored) {
-				$toplevel_item = Post::selectFirst([], ['id' => $stored]);
+				$toplevel_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $stored]);
 			}
 		}
 
@@ -176,10 +177,11 @@ function item_post(App $a) {
 	}
 
 	// Allow commenting if it is an answer to a public post
-	$allow_comment = local_user() && ($profile_uid == 0) && $toplevel_item_id && in_array($toplevel_item['network'], Protocol::FEDERATED);
+	$allow_comment = local_user() && $toplevel_item_id && in_array($toplevel_item['private'], [Item::PUBLIC, Item::UNLISTED]) && in_array($toplevel_item['network'], Protocol::FEDERATED);
 
 	// Now check that valid personal details have been provided
 	if (!Security::canWriteToUserWall($profile_uid) && !$allow_comment) {
+		Logger::notice('Permission denied.', ['local' => local_user(), 'profile_uid' => $profile_uid, 'toplevel_item_id' => $toplevel_item_id, 'network' => $toplevel_item['network']]);
 		notice(DI::l10n()->t('Permission denied.'));
 		if ($return_path) {
 			DI::baseUrl()->redirect($return_path);
@@ -218,12 +220,16 @@ function item_post(App $a) {
 
 		$attachment_img_width  = $_REQUEST['attachment_img_width'] ??  0;
 		$attachment_img_height = $_REQUEST['attachment_img_height'] ?? 0;
-		$attachment = [
-			'type'   => $attachment_type,
-			'title'  => $attachment_title,
-			'text'   => $attachment_text,
-			'url'    => $attachment_url,
-		];
+
+		// Fetch the basic attachment data
+		$attachment = ParseUrl::getSiteinfoCached($attachment_url);
+		unset($attachment['keywords']);
+
+		// Overwrite the basic data with possible changes from the frontend
+		$attachment['type'] = $attachment_type;
+		$attachment['title'] = $attachment_title;
+		$attachment['text'] = $attachment_text;
+		$attachment['url'] = $attachment_url;
 
 		if (!empty($attachment_img_src)) {
 			$attachment['images'] = [
@@ -233,6 +239,8 @@ function item_post(App $a) {
 					'height' => $attachment_img_height
 				]
 			];
+		} else {
+			unset($attachment['images']);
 		}
 
 		$att_bbcode = "\n" . PageInfo::getFooterFromData($attachment);
@@ -252,7 +260,7 @@ function item_post(App $a) {
 		$verb              = $orig_post['verb'];
 		$objecttype        = $orig_post['object-type'];
 		$app               = $orig_post['app'];
-		$categories        = $orig_post['file'] ?? '';
+		$categories        = Post\Category::getTextByURIId($orig_post['uri-id'], $orig_post['uid']);
 		$title             = trim($_REQUEST['title'] ?? '');
 		$body              = trim($body);
 		$private           = $orig_post['private'];
@@ -344,10 +352,8 @@ function item_post(App $a) {
 		$filedas = FileTag::fileToArray($categories);
 	}
 
-	// save old and new categories, so we can determine what needs to be deleted from pconfig
-	$categories_old = $categories;
-	$categories = FileTag::listToFile(trim($_REQUEST['category'] ?? ''), 'category');
-	$categories_new = $categories;
+	$list_array = explode(',', trim($_REQUEST['category'] ?? ''));
+	$categories = FileTag::arrayToFile($list_array, 'category');
 
 	if (!empty($filedas) && is_array($filedas)) {
 		// append the fileas stuff to the new categories list
@@ -385,66 +391,83 @@ function item_post(App $a) {
 	$only_to_forum = false;
 	$forum_contact = [];
 
-	$body = BBCode::performWithEscapedTags($body, ['noparse', 'pre', 'code', 'img'], function ($body) use ($profile_uid, $network, $str_contact_allow, &$inform, &$private_forum, &$private_id, &$only_to_forum, &$forum_contact) {
-		$tags = BBCode::getTags($body);
+	// Personal notes must never be altered to a forum post.
+	if ($posttype != Item::PT_PERSONAL_NOTE) {
+		$body = BBCode::performWithEscapedTags($body, ['noparse', 'pre', 'code', 'img'], function ($body) use ($profile_uid, $network, $str_contact_allow, &$inform, &$private_forum, &$private_id, &$only_to_forum, &$forum_contact) {
+			$tags = BBCode::getTags($body);
 
-		$tagged = [];
+			$tagged = [];
 
-		foreach ($tags as $tag) {
-			$tag_type = substr($tag, 0, 1);
+			foreach ($tags as $tag) {
+				$tag_type = substr($tag, 0, 1);
 
-			if ($tag_type == Tag::TAG_CHARACTER[Tag::HASHTAG]) {
-				continue;
-			}
+				if ($tag_type == Tag::TAG_CHARACTER[Tag::HASHTAG]) {
+					continue;
+				}
 
-			/* If we already tagged 'Robert Johnson', don't try and tag 'Robert'.
-			 * Robert Johnson should be first in the $tags array
-			 */
-			foreach ($tagged as $nextTag) {
-				if (stristr($nextTag, $tag . ' ')) {
-					continue 2;
+				/* If we already tagged 'Robert Johnson', don't try and tag 'Robert'.
+				* Robert Johnson should be first in the $tags array
+				*/
+				foreach ($tagged as $nextTag) {
+					if (stristr($nextTag, $tag . ' ')) {
+						continue 2;
+					}
 				}
-			}
 
-			$success = ItemHelper::replaceTag($body, $inform, local_user() ? local_user() : $profile_uid, $tag, $network);
-			if ($success['replaced']) {
-				$tagged[] = $tag;
-			}
-			// When the forum is private or the forum is addressed with a "!" make the post private
-			if (!empty($success['contact']['prv']) || ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION])) {
-				$private_forum = $success['contact']['prv'];
-				$only_to_forum = ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION]);
-				$private_id = $success['contact']['id'];
-				$forum_contact = $success['contact'];
-			} elseif (!empty($success['contact']['forum']) && ($str_contact_allow == '<' . $success['contact']['id'] . '>')) {
-				$private_forum = false;
-				$only_to_forum = true;
-				$private_id = $success['contact']['id'];
-				$forum_contact = $success['contact'];
+				if ($success = ItemHelper::replaceTag($body, $inform, local_user() ? local_user() : $profile_uid, $tag, $network)) {
+					if ($success['replaced']) {
+						$tagged[] = $tag;
+					}
+					// When the forum is private or the forum is addressed with a "!" make the post private
+					if (!empty($success['contact']['prv']) || ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION])) {
+						$private_forum = $success['contact']['prv'];
+						$only_to_forum = ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION]);
+						$private_id = $success['contact']['id'];
+						$forum_contact = $success['contact'];
+					} elseif (!empty($success['contact']['forum']) && ($str_contact_allow == '<' . $success['contact']['id'] . '>')) {
+						$private_forum = false;
+						$only_to_forum = true;
+						$private_id = $success['contact']['id'];
+						$forum_contact = $success['contact'];
+					}
+				}
 			}
-		}
 
-		return $body;
-	});
+			return $body;
+		});
+	}
 
 	$original_contact_id = $contact_id;
 
 	if (!$toplevel_item_id && !empty($forum_contact) && ($private_forum || $only_to_forum)) {
 		// we tagged a forum in a top level post. Now we change the post
-		$private = $private_forum;
+		$private = $private_forum ? Item::PRIVATE : Item::UNLISTED;
 
-		$str_group_allow = '';
-		$str_contact_deny = '';
-		$str_group_deny = '';
-		if ($private_forum) {
-			$str_contact_allow = '<' . $private_id . '>';
-		} else {
+		if ($only_to_forum) {
+			$postopts = '';
+		}
+
+		if (!$private_forum) {
 			$str_contact_allow = '';
+			$str_group_allow   = '';
+			$str_contact_deny  = '';
+			$str_group_deny    = '';
+		}
+
+		if ($private_forum || !APContact::getByURL($forum_contact['url'])) {
+			$str_group_allow = '';
+			$str_contact_deny = '';
+			$str_group_deny = '';
+			if ($private_forum) {
+				$str_contact_allow = '<' . $private_id . '>';
+			} else {
+				$str_contact_allow = '';
+			}
+			$contact_id = $private_id;
+			$contact_record = $forum_contact;
+			$_REQUEST['origin'] = false;
+			$wall = 0;
 		}
-		$contact_id = $private_id;
-		$contact_record = $forum_contact;
-		$_REQUEST['origin'] = false;
-		$wall = 0;
 	}
 
 	/*
@@ -466,7 +489,7 @@ function item_post(App $a) {
 	/*
 	 * Next link in any attachment references we find in the post.
 	 */
-	$match = false;
+	$match = [];
 
 	/// @todo these lines should be moved to Model/Attach (Once it exists)
 	if (!$preview && preg_match_all("/\[attachment\](.*?)\[\/attachment\]/", $body, $match)) {
@@ -493,6 +516,7 @@ function item_post(App $a) {
 	// embedded bookmark or attachment in post? set bookmark flag
 
 	$data = BBCode::getAttachmentData($body);
+	$match = [];
 	if ((preg_match_all("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism", $body, $match, PREG_SET_ORDER) || isset($data["type"]))
 		&& ($posttype != Item::PT_PERSONAL_NOTE)) {
 		$posttype = Item::PT_PAGE;
@@ -519,7 +543,7 @@ function item_post(App $a) {
 	}
 
 	$attachments = '';
-	$match = false;
+	$match = [];
 
 	if (preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/',$body,$match)) {
 		foreach ($match[2] as $mtch) {
@@ -607,9 +631,10 @@ function item_post(App $a) {
 
 	$datarray['postopts']      = $postopts;
 	$datarray['origin']        = $origin;
-	$datarray['moderated']     = false;
 	$datarray['object']        = $object;
 
+	$datarray['attachments']   = $_REQUEST['attachments'] ?? [];
+
 	/*
 	 * These fields are for the convenience of addons...
 	 * 'self' if true indicates the owner is posting on their own wall
@@ -655,16 +680,32 @@ function item_post(App $a) {
 		// doesn't have an ID.
 		$datarray["id"] = -1;
 		$datarray["uri-id"] = -1;
-		$datarray["item_id"] = -1;
 		$datarray["author-network"] = Protocol::DFRN;
 
-		$o = conversation($a, [array_merge($contact_record, $datarray)], 'search', false, true);
+		$o = DI::conversation()->create([array_merge($contact_record, $datarray)], 'search', false, true);
 
 		System::jsonExit(['preview' => $o]);
 	}
 
 	Hook::callAll('post_local',$datarray);
 
+	if (!empty($_REQUEST['scheduled_at'])) {
+		$scheduled_at = DateTimeFormat::convert($_REQUEST['scheduled_at'], 'UTC', $a->getTimeZone());
+		if ($scheduled_at > DateTimeFormat::utcNow()) {
+			unset($datarray['created']);
+			unset($datarray['edited']);
+			unset($datarray['commented']);
+			unset($datarray['received']);
+			unset($datarray['changed']);
+			unset($datarray['edit']);
+			unset($datarray['self']);
+			unset($datarray['api_source']);
+
+			Post\Delayed::add($datarray['uri'], $datarray, PRIORITY_HIGH, Post\Delayed::PREPARED_NO_HOOK, $scheduled_at);
+			item_post_return(DI::baseUrl(), $api_source, $return_path);
+		}
+	}
+
 	if (!empty($datarray['cancel'])) {
 		Logger::info('mod_item: post cancelled by addon.');
 		if ($return_path) {
@@ -679,6 +720,8 @@ function item_post(App $a) {
 		System::jsonExit($json);
 	}
 
+	$datarray['uri-id'] = ItemURI::getIdByURI($datarray['uri']);
+
 	if ($orig_post)	{
 		// Fill the cache field
 		// This could be done in Item::update as well - but we have to check for the existance of some fields.
@@ -696,9 +739,6 @@ function item_post(App $a) {
 
 		Item::update($fields, ['id' => $post_id]);
 
-		// update filetags in pconfig
-		FileTag::updatePconfig($uid, $categories_old, $categories_new, 'category');
-
 		if ($return_path) {
 			DI::baseUrl()->redirect($return_path);
 		}
@@ -710,13 +750,6 @@ function item_post(App $a) {
 	unset($datarray['self']);
 	unset($datarray['api_source']);
 
-	if ($origin) {
-		$signed = Diaspora::createCommentSignature($uid, $datarray);
-		if (!empty($signed)) {
-			$datarray['diaspora_signed_text'] = json_encode($signed);
-		}
-	}
-
 	$post_id = Item::insert($datarray);
 
 	if (!$post_id) {
@@ -745,15 +778,12 @@ function item_post(App $a) {
 		Tag::createImplicitMentions($datarray['uri-id'], $datarray['thr-parent-id']);
 	}
 
-	// update filetags in pconfig
-	FileTag::updatePconfig($uid, $categories_old, $categories_new, 'category');
-
 	// These notifications are sent if someone else is commenting other your wall
 	if ($contact_record != $author) {
 		if ($toplevel_item_id) {
-			notification([
-				'type'  => Type::COMMENT,
-				'otype' => Notify\ObjectType::ITEM,
+			DI::notify()->createFromArray([
+				'type'  => Notification\Type::COMMENT,
+				'otype' => Notification\ObjectType::ITEM,
 				'verb'  => Activity::POST,
 				'uid'   => $profile_uid,
 				'cid'   => $datarray['author-id'],
@@ -761,9 +791,9 @@ function item_post(App $a) {
 				'link'  => DI::baseUrl() . '/display/' . urlencode($datarray['guid']),
 			]);
 		} elseif (empty($forum_contact)) {
-			notification([
-				'type'  => Type::WALL,
-				'otype' => Notify\ObjectType::ITEM,
+			DI::notify()->createFromArray([
+				'type'  => Notification\Type::WALL,
+				'otype' => Notification\ObjectType::ITEM,
 				'verb'  => Activity::POST,
 				'uid'   => $profile_uid,
 				'cid'   => $datarray['author-id'],
@@ -792,7 +822,7 @@ function item_post(App $a) {
 	// When we are doing some forum posting via ! we have to start the notifier manually.
 	// These kind of posts don't initiate the notifier call in the item class.
 	if ($only_to_forum) {
-		Worker::add(['priority' => PRIORITY_HIGH, 'dont_fork' => false], "Notifier", Delivery::POST, $post_id);
+		Worker::add(['priority' => PRIORITY_HIGH, 'dont_fork' => false], "Notifier", Delivery::POST, (int)$datarray['uri-id'], (int)$datarray['uid']);
 	}
 
 	Logger::info('post_complete');
@@ -828,24 +858,45 @@ function item_post_return($baseurl, $api_source, $return_path)
 function item_content(App $a)
 {
 	if (!Session::isAuthenticated()) {
-		return;
+		throw new HTTPException\UnauthorizedException();
 	}
 
-	$o = '';
+	$args = DI::args();
 
-	if (($a->argc >= 3) && ($a->argv[1] === 'drop') && intval($a->argv[2])) {
-		if (DI::mode()->isAjax()) {
-			Item::deleteForUser(['id' => $a->argv[2]], local_user());
-			// ajax return: [<item id>, 0 (no perm) | <owner id>]
-			System::jsonExit([intval($a->argv[2]), local_user()]);
-		} else {
-			if (!empty($a->argv[3])) {
-				$o = drop_item($a->argv[2], $a->argv[3]);
+	if (!$args->has(3)) {
+		throw new HTTPException\BadRequestException();
+	}
+
+	$o = '';
+	switch ($args->get(1)) {
+		case 'drop':
+			if (DI::mode()->isAjax()) {
+				Item::deleteForUser(['id' => $args->get(2)], local_user());
+				// ajax return: [<item id>, 0 (no perm) | <owner id>]
+				System::jsonExit([intval($args->get(2)), local_user()]);
+			} else {
+				if (!empty($args->get(3))) {
+					$o = drop_item($args->get(2), $args->get(3));
+				} else {
+					$o = drop_item($args->get(2));
+				}
 			}
-			else {
-				$o = drop_item($a->argv[2]);
+			break;
+		case 'block':
+			$item = Post::selectFirstForUser(local_user(), ['guid', 'author-id', 'parent', 'gravity'], ['id' => $args->get(2)]);
+			if (empty($item['author-id'])) {
+				throw new HTTPException\NotFoundException('Item not found');
 			}
-		}
+
+			Contact\User::setBlocked($item['author-id'], local_user(), true);
+
+			if (DI::mode()->isAjax()) {
+				// ajax return: [<item id>, 0 (no perm) | <owner id>]
+				System::jsonExit([intval($args->get(2)), local_user()]);
+			} else {
+				item_redirect_after_action($item, $args->get(3));
+			}
+			break;
 	}
 
 	return $o;
@@ -861,7 +912,7 @@ function drop_item(int $id, string $return = '')
 {
 	// locate item to be deleted
 	$fields = ['id', 'uid', 'guid', 'contact-id', 'deleted', 'gravity', 'parent'];
-	$item = Item::selectFirstForUser(local_user(), $fields, ['id' => $id]);
+	$item = Post::selectFirstForUser(local_user(), $fields, ['id' => $id]);
 
 	if (!DBA::isResult($item)) {
 		notice(DI::l10n()->t('Item not found.'));
@@ -880,40 +931,12 @@ function drop_item(int $id, string $return = '')
 	}
 
 	if ((local_user() == $item['uid']) || $contact_id) {
-		if (!empty($item['parent'])) {
-			$parentitem = Item::selectFirstForUser(local_user(), ['guid'], ['id' => $item['parent']]);
-		}
-
 		// delete the item
 		Item::deleteForUser(['id' => $item['id']], local_user());
 
-		$return_url = hex2bin($return);
-
-		// removes update_* from return_url to ignore Ajax refresh
-		$return_url = str_replace("update_", "", $return_url);
-
-		// Check if delete a comment
-		if ($item['gravity'] == GRAVITY_COMMENT) {
-			// Return to parent guid
-			if (!empty($parentitem)) {
-				DI::baseUrl()->redirect('display/' . $parentitem['guid']);
-				//NOTREACHED
-			} // In case something goes wrong
-			else {
-				DI::baseUrl()->redirect('network');
-				//NOTREACHED
-			}
-		} else {
-			// if unknown location or deleting top level post called from display
-			if (empty($return_url) || strpos($return_url, 'display') !== false) {
-				DI::baseUrl()->redirect('network');
-				//NOTREACHED
-			} else {
-				DI::baseUrl()->redirect($return_url);
-				//NOTREACHED
-			}
-		}
+		item_redirect_after_action($item, $return);
 	} else {
+		Logger::notice('Permission denied.', ['local' => local_user(), 'uid' => $item['uid'], 'cid' => $contact_id]);
 		notice(DI::l10n()->t('Permission denied.'));
 		DI::baseUrl()->redirect('display/' . $item['guid']);
 		//NOTREACHED
@@ -921,3 +944,37 @@ function drop_item(int $id, string $return = '')
 
 	return '';
 }
+
+function item_redirect_after_action($item, $returnUrlHex)
+{
+	$return_url = hex2bin($returnUrlHex);
+
+	// removes update_* from return_url to ignore Ajax refresh
+	$return_url = str_replace("update_", "", $return_url);
+
+	// Check if delete a comment
+	if ($item['gravity'] == GRAVITY_COMMENT) {
+		if (!empty($item['parent'])) {
+			$parentitem = Post::selectFirstForUser(local_user(), ['guid'], ['id' => $item['parent']]);
+		}
+
+		// Return to parent guid
+		if (!empty($parentitem)) {
+			DI::baseUrl()->redirect('display/' . $parentitem['guid']);
+			//NOTREACHED
+		} // In case something goes wrong
+		else {
+			DI::baseUrl()->redirect('network');
+			//NOTREACHED
+		}
+	} else {
+		// if unknown location or deleting top level post called from display
+		if (empty($return_url) || strpos($return_url, 'display') !== false) {
+			DI::baseUrl()->redirect('network');
+			//NOTREACHED
+		} else {
+			DI::baseUrl()->redirect($return_url);
+			//NOTREACHED
+		}
+	}
+}