From e0deb633f0e7dea3085be2412dbf8eb2da6103cb Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 28 Apr 2019 01:13:39 -0400 Subject: [PATCH] Move item feed display after permission checking in mod/display --- mod/display.php | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/mod/display.php b/mod/display.php index 6723a77e9d..acc2a5b090 100644 --- a/mod/display.php +++ b/mod/display.php @@ -36,20 +36,6 @@ function display_init(App $a) $nick = (($a->argc > 1) ? $a->argv[1] : ''); - if ($a->argc == 3) { - if (substr($a->argv[2], -5) == '.atom') { - $item_id = substr($a->argv[2], 0, -5); - displayShowFeed($item_id, false); - } - } - - if ($a->argc == 4) { - if ($a->argv[3] == 'conversation.atom') { - $item_id = $a->argv[2]; - displayShowFeed($item_id, true); - } - } - $item = null; $item_user = local_user(); @@ -81,14 +67,22 @@ function display_init(App $a) if (!DBA::isResult($item)) { $item = Item::selectFirstForUser(local_user(), $fields, ['guid' => $a->argv[1], 'private' => [0, 2], 'uid' => 0]); } - } elseif (($a->argc == 3) && ($nick == 'feed-item')) { - $item = Item::selectFirstForUser(local_user(), $fields, ['id' => $a->argv[2], 'private' => [0, 2], 'uid' => 0]); + } elseif ($a->argc >= 3 && $nick == 'feed-item') { + $item_id = $a->argv[2]; + if (substr($item_id, -5) == '.atom') { + $item_id = substr($item_id, 0, -5); + } + $item = Item::selectFirstForUser(local_user(), $fields, ['id' => $item_id, 'private' => [0, 2], 'uid' => 0]); } if (!DBA::isResult($item)) { System::httpExit(404); } + if ($a->argc >= 3 && $nick == 'feed-item') { + displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom'); + } + if (!empty($_SERVER['HTTP_ACCEPT']) && strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) { Logger::log('Directly serving XML for id '.$item["id"], Logger::DEBUG); displayShowFeed($item["id"], false); -- 2.39.5