X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fitem.php;h=f40f6ad45d30fb37f3851f55b8bbf7bed8ac8d10;hb=865006682a3952565035207898b80dfbd6d390b1;hp=f192d9525a0e56489400938dc3ec95ee29031bb8;hpb=e32d3969c8effc490cd2c8307e7fbebe6e1ff888;p=friendica.git diff --git a/mod/item.php b/mod/item.php index f192d9525a..f40f6ad45d 100644 --- a/mod/item.php +++ b/mod/item.php @@ -1,6 +1,6 @@ $parent_item_id]); + $parent_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $parent_item_id]); } elseif ($thr_parent_uri) { - $parent_item = Item::selectFirst([], ['uri' => $thr_parent_uri, 'uid' => $profile_uid]); + $parent_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['uri' => $thr_parent_uri, 'uid' => $profile_uid]); } // if this isn't the top-level parent of the conversation, find it @@ -127,7 +127,7 @@ function item_post(App $a) { $toplevel_item = $parent_item; if ($parent_item['gravity'] != GRAVITY_PARENT) { - $toplevel_item = Item::selectFirst([], ['id' => $toplevel_item['parent']]); + $toplevel_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $toplevel_item['parent']]); } } @@ -145,7 +145,7 @@ function item_post(App $a) { $stored = Item::storeForUserByUriId($toplevel_item['uri-id'], local_user()); Logger::info('Public item stored for user', ['uri-id' => $toplevel_item['uri-id'], 'uid' => $uid, 'stored' => $stored]); if ($stored) { - $toplevel_item = Item::selectFirst([], ['id' => $stored]); + $toplevel_item = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $stored]); } } @@ -176,19 +176,12 @@ function item_post(App $a) { $profile_uid = $toplevel_user_id; } - // Check for multiple posts with the same message id (when the post was created via API) - if (($message_id != '') && ($profile_uid != 0)) { - if (Item::exists(['uri' => $message_id, 'uid' => $profile_uid])) { - Logger::info('Message already exists for user', ['uri' => $message_id, 'uid' => $profile_uid]); - return 0; - } - } - // Allow commenting if it is an answer to a public post - $allow_comment = local_user() && ($profile_uid == 0) && $toplevel_item_id && in_array($toplevel_item['network'], Protocol::FEDERATED); + $allow_comment = local_user() && $toplevel_item_id && in_array($toplevel_item['private'], [Item::PUBLIC, Item::UNLISTED]) && in_array($toplevel_item['network'], Protocol::FEDERATED); // Now check that valid personal details have been provided if (!Security::canWriteToUserWall($profile_uid) && !$allow_comment) { + Logger::notice('Permission denied.', ['local' => local_user(), 'profile_uid' => $profile_uid, 'toplevel_item_id' => $toplevel_item_id, 'network' => $toplevel_item['network']]); notice(DI::l10n()->t('Permission denied.')); if ($return_path) { DI::baseUrl()->redirect($return_path); @@ -202,11 +195,10 @@ function item_post(App $a) { // is this an edited post? if ($post_id > 0) { - $orig_post = Item::selectFirst(Item::ITEM_FIELDLIST, ['id' => $post_id]); + $orig_post = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $post_id]); } - $user = DBA::selectFirst('user', [], ['uid' => $profile_uid]); - + $user = User::getById($profile_uid, ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid']); if (!DBA::isResult($user) && !$toplevel_item_id) { return 0; } @@ -228,12 +220,16 @@ function item_post(App $a) { $attachment_img_width = $_REQUEST['attachment_img_width'] ?? 0; $attachment_img_height = $_REQUEST['attachment_img_height'] ?? 0; - $attachment = [ - 'type' => $attachment_type, - 'title' => $attachment_title, - 'text' => $attachment_text, - 'url' => $attachment_url, - ]; + + // Fetch the basic attachment data + $attachment = ParseUrl::getSiteinfoCached($attachment_url); + unset($attachment['keywords']); + + // Overwrite the basic data with possible changes from the frontend + $attachment['type'] = $attachment_type; + $attachment['title'] = $attachment_title; + $attachment['text'] = $attachment_text; + $attachment['url'] = $attachment_url; if (!empty($attachment_img_src)) { $attachment['images'] = [ @@ -243,6 +239,8 @@ function item_post(App $a) { 'height' => $attachment_img_height ] ]; + } else { + unset($attachment['images']); } $att_bbcode = "\n" . PageInfo::getFooterFromData($attachment); @@ -262,7 +260,7 @@ function item_post(App $a) { $verb = $orig_post['verb']; $objecttype = $orig_post['object-type']; $app = $orig_post['app']; - $categories = $orig_post['file'] ?? ''; + $categories = Post\Category::getTextByURIId($orig_post['uri-id'], $orig_post['uid']); $title = trim($_REQUEST['title'] ?? ''); $body = trim($body); $private = $orig_post['private']; @@ -271,17 +269,21 @@ function item_post(App $a) { $guid = $orig_post['guid']; $extid = $orig_post['extid']; } else { - $str_contact_allow = ''; - $str_group_allow = ''; - $str_contact_deny = ''; - $str_group_deny = ''; - - if (($_REQUEST['visibility'] ?? '') !== 'public') { - $aclFormatter = DI::aclFormatter(); - $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? ''; - $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? ''; - $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? ''; - $str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? ''; + $aclFormatter = DI::aclFormatter(); + $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? ''; + $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? ''; + $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? ''; + $str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? ''; + + $visibility = $_REQUEST['visibility'] ?? ''; + if ($visibility === 'public') { + // The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected + $str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = ''; + } else if ($visibility === 'custom') { + // Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL + // case that would make it public. So we always append the author's contact id to the allowed contacts. + // See https://github.com/friendica/friendica/issues/9672 + $str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid)); } $title = trim($_REQUEST['title'] ?? ''); @@ -350,10 +352,7 @@ function item_post(App $a) { $filedas = FileTag::fileToArray($categories); } - // save old and new categories, so we can determine what needs to be deleted from pconfig - $categories_old = $categories; $categories = FileTag::listToFile(trim($_REQUEST['category'] ?? ''), 'category'); - $categories_new = $categories; if (!empty($filedas) && is_array($filedas)) { // append the fileas stuff to the new categories list @@ -412,21 +411,22 @@ function item_post(App $a) { } } - $success = ItemHelper::replaceTag($body, $inform, local_user() ? local_user() : $profile_uid, $tag, $network); - if ($success['replaced']) { - $tagged[] = $tag; - } - // When the forum is private or the forum is addressed with a "!" make the post private - if (!empty($success['contact']['prv']) || ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION])) { - $private_forum = $success['contact']['prv']; - $only_to_forum = ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION]); - $private_id = $success['contact']['id']; - $forum_contact = $success['contact']; - } elseif (!empty($success['contact']['forum']) && ($str_contact_allow == '<' . $success['contact']['id'] . '>')) { - $private_forum = false; - $only_to_forum = true; - $private_id = $success['contact']['id']; - $forum_contact = $success['contact']; + if ($success = ItemHelper::replaceTag($body, $inform, local_user() ? local_user() : $profile_uid, $tag, $network)) { + if ($success['replaced']) { + $tagged[] = $tag; + } + // When the forum is private or the forum is addressed with a "!" make the post private + if (!empty($success['contact']['prv']) || ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION])) { + $private_forum = $success['contact']['prv']; + $only_to_forum = ($tag_type == Tag::TAG_CHARACTER[Tag::EXCLUSIVE_MENTION]); + $private_id = $success['contact']['id']; + $forum_contact = $success['contact']; + } elseif (!empty($success['contact']['forum']) && ($str_contact_allow == '<' . $success['contact']['id'] . '>')) { + $private_forum = false; + $only_to_forum = true; + $private_id = $success['contact']['id']; + $forum_contact = $success['contact']; + } } } @@ -437,20 +437,33 @@ function item_post(App $a) { if (!$toplevel_item_id && !empty($forum_contact) && ($private_forum || $only_to_forum)) { // we tagged a forum in a top level post. Now we change the post - $private = $private_forum; + $private = $private_forum ? Item::PRIVATE : Item::UNLISTED; - $str_group_allow = ''; - $str_contact_deny = ''; - $str_group_deny = ''; - if ($private_forum) { - $str_contact_allow = '<' . $private_id . '>'; - } else { + if ($only_to_forum) { + $postopts = ''; + } + + if (!$private_forum) { $str_contact_allow = ''; + $str_group_allow = ''; + $str_contact_deny = ''; + $str_group_deny = ''; + } + + if ($private_forum || !APContact::getByURL($forum_contact['url'])) { + $str_group_allow = ''; + $str_contact_deny = ''; + $str_group_deny = ''; + if ($private_forum) { + $str_contact_allow = '<' . $private_id . '>'; + } else { + $str_contact_allow = ''; + } + $contact_id = $private_id; + $contact_record = $forum_contact; + $_REQUEST['origin'] = false; + $wall = 0; } - $contact_id = $private_id; - $contact_record = $forum_contact; - $_REQUEST['origin'] = false; - $wall = 0; } /* @@ -472,7 +485,7 @@ function item_post(App $a) { /* * Next link in any attachment references we find in the post. */ - $match = false; + $match = []; /// @todo these lines should be moved to Model/Attach (Once it exists) if (!$preview && preg_match_all("/\[attachment\](.*?)\[\/attachment\]/", $body, $match)) { @@ -499,6 +512,7 @@ function item_post(App $a) { // embedded bookmark or attachment in post? set bookmark flag $data = BBCode::getAttachmentData($body); + $match = []; if ((preg_match_all("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism", $body, $match, PREG_SET_ORDER) || isset($data["type"])) && ($posttype != Item::PT_PERSONAL_NOTE)) { $posttype = Item::PT_PAGE; @@ -525,7 +539,7 @@ function item_post(App $a) { } $attachments = ''; - $match = false; + $match = []; if (preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/',$body,$match)) { foreach ($match[2] as $mtch) { @@ -562,7 +576,7 @@ function item_post(App $a) { $origin = $_REQUEST['origin']; } - $uri = ($message_id ? $message_id : Item::newURI($api_source ? $profile_uid : $uid, $guid)); + $uri = Item::newURI($api_source ? $profile_uid : $uid, $guid); // Fallback so that we alway have a parent uri if (!$thr_parent_uri || !$toplevel_item_id) { @@ -613,9 +627,10 @@ function item_post(App $a) { $datarray['postopts'] = $postopts; $datarray['origin'] = $origin; - $datarray['moderated'] = false; $datarray['object'] = $object; + $datarray['attachments'] = $_REQUEST['attachments'] ?? []; + /* * These fields are for the convenience of addons... * 'self' if true indicates the owner is posting on their own wall @@ -628,7 +643,8 @@ function item_post(App $a) { $datarray['api_source'] = $api_source; // This field is for storing the raw conversation data - $datarray['protocol'] = Conversation::PARCEL_DFRN; + $datarray['protocol'] = Conversation::PARCEL_DIRECT; + $datarray['direction'] = Conversation::PUSH; $conversation = DBA::selectFirst('conversation', ['conversation-uri', 'conversation-href'], ['item-uri' => $datarray['thr-parent']]); if (DBA::isResult($conversation)) { @@ -660,16 +676,32 @@ function item_post(App $a) { // doesn't have an ID. $datarray["id"] = -1; $datarray["uri-id"] = -1; - $datarray["item_id"] = -1; $datarray["author-network"] = Protocol::DFRN; - $o = conversation($a, [array_merge($contact_record, $datarray)], 'search', false, true); + $o = DI::conversation()->create([array_merge($contact_record, $datarray)], 'search', false, true); System::jsonExit(['preview' => $o]); } Hook::callAll('post_local',$datarray); + if (!empty($_REQUEST['scheduled_at'])) { + $scheduled_at = DateTimeFormat::convert($_REQUEST['scheduled_at'], 'UTC', $a->getTimezone()); + if ($scheduled_at > DateTimeFormat::utcNow()) { + unset($datarray['created']); + unset($datarray['edited']); + unset($datarray['commented']); + unset($datarray['received']); + unset($datarray['changed']); + unset($datarray['edit']); + unset($datarray['self']); + unset($datarray['api_source']); + + Post\Delayed::add($datarray['uri'], $datarray, PRIORITY_HIGH, Post\Delayed::PREPARED_NO_HOOK, $scheduled_at); + item_post_return(DI::baseUrl(), $api_source, $return_path); + } + } + if (!empty($datarray['cancel'])) { Logger::info('mod_item: post cancelled by addon.'); if ($return_path) { @@ -684,6 +716,8 @@ function item_post(App $a) { System::jsonExit($json); } + $datarray['uri-id'] = ItemURI::getIdByURI($datarray['uri']); + if ($orig_post) { // Fill the cache field // This could be done in Item::update as well - but we have to check for the existance of some fields. @@ -701,9 +735,6 @@ function item_post(App $a) { Item::update($fields, ['id' => $post_id]); - // update filetags in pconfig - FileTag::updatePconfig($uid, $categories_old, $categories_new, 'category'); - if ($return_path) { DI::baseUrl()->redirect($return_path); } @@ -715,13 +746,6 @@ function item_post(App $a) { unset($datarray['self']); unset($datarray['api_source']); - if ($origin) { - $signed = Diaspora::createCommentSignature($uid, $datarray); - if (!empty($signed)) { - $datarray['diaspora_signed_text'] = json_encode($signed); - } - } - $post_id = Item::insert($datarray); if (!$post_id) { @@ -733,7 +757,7 @@ function item_post(App $a) { throw new HTTPException\InternalServerErrorException(DI::l10n()->t('Item wasn\'t stored.')); } - $datarray = Item::selectFirst(Item::ITEM_FIELDLIST, ['id' => $post_id]); + $datarray = Post::selectFirst(Item::ITEM_FIELDLIST, ['id' => $post_id]); if (!DBA::isResult($datarray)) { Logger::error('Item couldn\'t be fetched.', ['post_id' => $post_id]); @@ -750,27 +774,24 @@ function item_post(App $a) { Tag::createImplicitMentions($datarray['uri-id'], $datarray['thr-parent-id']); } - // update filetags in pconfig - FileTag::updatePconfig($uid, $categories_old, $categories_new, 'category'); - // These notifications are sent if someone else is commenting other your wall if ($contact_record != $author) { if ($toplevel_item_id) { notification([ - 'type' => Type::COMMENT, - 'otype' => Notify\ObjectType::ITEM, + 'type' => Notification\Type::COMMENT, + 'otype' => Notification\ObjectType::ITEM, 'verb' => Activity::POST, - 'uid' => $user['uid'], + 'uid' => $profile_uid, 'cid' => $datarray['author-id'], 'item' => $datarray, 'link' => DI::baseUrl() . '/display/' . urlencode($datarray['guid']), ]); } elseif (empty($forum_contact)) { notification([ - 'type' => Type::WALL, - 'otype' => Notify\ObjectType::ITEM, + 'type' => Notification\Type::WALL, + 'otype' => Notification\ObjectType::ITEM, 'verb' => Activity::POST, - 'uid' => $user['uid'], + 'uid' => $profile_uid, 'cid' => $datarray['author-id'], 'item' => $datarray, 'link' => DI::baseUrl() . '/display/' . urlencode($datarray['guid']), @@ -797,7 +818,7 @@ function item_post(App $a) { // When we are doing some forum posting via ! we have to start the notifier manually. // These kind of posts don't initiate the notifier call in the item class. if ($only_to_forum) { - Worker::add(['priority' => PRIORITY_HIGH, 'dont_fork' => false], "Notifier", Delivery::POST, $post_id); + Worker::add(['priority' => PRIORITY_HIGH, 'dont_fork' => false], "Notifier", Delivery::POST, (int)$datarray['uri-id'], (int)$datarray['uid']); } Logger::info('post_complete'); @@ -833,24 +854,45 @@ function item_post_return($baseurl, $api_source, $return_path) function item_content(App $a) { if (!Session::isAuthenticated()) { - return; + throw new HTTPException\UnauthorizedException(); } - $o = ''; + $args = DI::args(); - if (($a->argc >= 3) && ($a->argv[1] === 'drop') && intval($a->argv[2])) { - if (DI::mode()->isAjax()) { - Item::deleteForUser(['id' => $a->argv[2]], local_user()); - // ajax return: [, 0 (no perm) | ] - System::jsonExit([intval($a->argv[2]), local_user()]); - } else { - if (!empty($a->argv[3])) { - $o = drop_item($a->argv[2], $a->argv[3]); + if (!$args->has(3)) { + throw new HTTPException\BadRequestException(); + } + + $o = ''; + switch ($args->get(1)) { + case 'drop': + if (DI::mode()->isAjax()) { + Item::deleteForUser(['id' => $args->get(2)], local_user()); + // ajax return: [, 0 (no perm) | ] + System::jsonExit([intval($args->get(2)), local_user()]); + } else { + if (!empty($args->get(3))) { + $o = drop_item($args->get(2), $args->get(3)); + } else { + $o = drop_item($args->get(2)); + } } - else { - $o = drop_item($a->argv[2]); + break; + case 'block': + $item = Post::selectFirstForUser(local_user(), ['guid', 'author-id', 'parent', 'gravity'], ['id' => $args->get(2)]); + if (empty($item['author-id'])) { + throw new HTTPException\NotFoundException('Item not found'); } - } + + Contact\User::setBlocked($item['author-id'], local_user(), true); + + if (DI::mode()->isAjax()) { + // ajax return: [, 0 (no perm) | ] + System::jsonExit([intval($args->get(2)), local_user()]); + } else { + item_redirect_after_action($item, $args->get(3)); + } + break; } return $o; @@ -866,7 +908,7 @@ function drop_item(int $id, string $return = '') { // locate item to be deleted $fields = ['id', 'uid', 'guid', 'contact-id', 'deleted', 'gravity', 'parent']; - $item = Item::selectFirstForUser(local_user(), $fields, ['id' => $id]); + $item = Post::selectFirstForUser(local_user(), $fields, ['id' => $id]); if (!DBA::isResult($item)) { notice(DI::l10n()->t('Item not found.')); @@ -885,40 +927,12 @@ function drop_item(int $id, string $return = '') } if ((local_user() == $item['uid']) || $contact_id) { - if (!empty($item['parent'])) { - $parentitem = Item::selectFirstForUser(local_user(), ['guid'], ['id' => $item['parent']]); - } - // delete the item Item::deleteForUser(['id' => $item['id']], local_user()); - $return_url = hex2bin($return); - - // removes update_* from return_url to ignore Ajax refresh - $return_url = str_replace("update_", "", $return_url); - - // Check if delete a comment - if ($item['gravity'] == GRAVITY_COMMENT) { - // Return to parent guid - if (!empty($parentitem)) { - DI::baseUrl()->redirect('display/' . $parentitem['guid']); - //NOTREACHED - } // In case something goes wrong - else { - DI::baseUrl()->redirect('network'); - //NOTREACHED - } - } else { - // if unknown location or deleting top level post called from display - if (empty($return_url) || strpos($return_url, 'display') !== false) { - DI::baseUrl()->redirect('network'); - //NOTREACHED - } else { - DI::baseUrl()->redirect($return_url); - //NOTREACHED - } - } + item_redirect_after_action($item, $return); } else { + Logger::notice('Permission denied.', ['local' => local_user(), 'uid' => $item['uid'], 'cid' => $contact_id]); notice(DI::l10n()->t('Permission denied.')); DI::baseUrl()->redirect('display/' . $item['guid']); //NOTREACHED @@ -926,3 +940,37 @@ function drop_item(int $id, string $return = '') return ''; } + +function item_redirect_after_action($item, $returnUrlHex) +{ + $return_url = hex2bin($returnUrlHex); + + // removes update_* from return_url to ignore Ajax refresh + $return_url = str_replace("update_", "", $return_url); + + // Check if delete a comment + if ($item['gravity'] == GRAVITY_COMMENT) { + if (!empty($item['parent'])) { + $parentitem = Post::selectFirstForUser(local_user(), ['guid'], ['id' => $item['parent']]); + } + + // Return to parent guid + if (!empty($parentitem)) { + DI::baseUrl()->redirect('display/' . $parentitem['guid']); + //NOTREACHED + } // In case something goes wrong + else { + DI::baseUrl()->redirect('network'); + //NOTREACHED + } + } else { + // if unknown location or deleting top level post called from display + if (empty($return_url) || strpos($return_url, 'display') !== false) { + DI::baseUrl()->redirect('network'); + //NOTREACHED + } else { + DI::baseUrl()->redirect($return_url); + //NOTREACHED + } + } +}