From d7b514c2c079e8e3f960ef5c23ccd4105c25f722 Mon Sep 17 00:00:00 2001 From: Fabrixxm Date: Mon, 12 May 2014 15:33:20 +0200 Subject: [PATCH] add check for expiration time in item_store() --- include/items.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/include/items.php b/include/items.php index 27be613d70..f6779bc1ab 100755 --- a/include/items.php +++ b/include/items.php @@ -989,6 +989,21 @@ function item_store($arr,$force_parent = false) { if(! x($arr,'type')) $arr['type'] = 'remote'; + + + /* check for create date and expire time */ + $uid = intval($arr['uid']); + $r = q("SELECT expire FROM user WHERE expire != 0 AND uid = %d", $uid); + if(count($r)) { + $expire_interval = $r[0]['expire']; + $expire_date = new DateTime( '- '.$expire_interval.' days', new DateTimeZone('UTC')); + $created_date = new DateTime($arr['created'], new DateTimeZone('UTC')); + if ($created_date < $expire_date) { + logger('item-store: item created ('.$arr['created'].') before expiration time ('.$expire_date->format(DateTime::W3C).'). ignored. ' . print_r($arr,true), LOGGER_DEBUG); + return 0; + } + } + // Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin. if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) -- 2.39.5