friendica-github/mod/item.php
Andrej Stieben db949bb802 Updated modules to allow for partial overrides without errors
Only define functions if they have not been defined before, e.g. in themes. This makes it possible to override parts of a module and still use the other functions.
2016-02-05 21:52:39 +01:00

1293 lines
41 KiB
PHP

<?php
/**
*
* This is the POST destination for most all locally posted
* text stuff. This function handles status, wall-to-wall status,
* local comments, and remote coments that are posted on this site
* (as opposed to being delivered in a feed).
* Also processed here are posts and comments coming through the
* statusnet/twitter API.
* All of these become an "item" which is our basic unit of
* information.
* Posts that originate externally or do not fall into the above
* posting categories go through item_store() instead of this function.
*
*/
require_once('include/crypto.php');
require_once('include/enotify.php');
require_once('include/email.php');
require_once('include/tags.php');
require_once('include/files.php');
require_once('include/threads.php');
require_once('include/text.php');
require_once('include/items.php');
require_once('include/Scrape.php');
if(! function_exists('item_post')) {
function item_post(&$a) {
if((! local_user()) && (! remote_user()) && (! x($_REQUEST,'commenter')))
return;
require_once('include/security.php');
$uid = local_user();
if(x($_REQUEST,'dropitems')) {
$arr_drop = explode(',',$_REQUEST['dropitems']);
drop_items($arr_drop);
$json = array('success' => 1);
echo json_encode($json);
killme();
}
call_hooks('post_local_start', $_REQUEST);
// logger('postinput ' . file_get_contents('php://input'));
logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
$message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : '');
$return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : '');
$preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0);
// Check for doubly-submitted posts, and reject duplicates
// Note that we have to ignore previews, otherwise nothing will post
// after it's been previewed
if(!$preview && x($_REQUEST['post_id_random'])) {
if(x($_SESSION['post-random']) && $_SESSION['post-random'] == $_REQUEST['post_id_random']) {
logger("item post: duplicate post", LOGGER_DEBUG);
item_post_return($a->get_baseurl(), $api_source, $return_path);
}
else
$_SESSION['post-random'] = $_REQUEST['post_id_random'];
}
/**
* Is this a reply to something?
*/
$parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0);
$parent_uri = ((x($_REQUEST,'parent_uri')) ? trim($_REQUEST['parent_uri']) : '');
$parent_item = null;
$parent_contact = null;
$thr_parent = '';
$parid = 0;
$r = false;
$objecttype = null;
if($parent || $parent_uri) {
$objecttype = ACTIVITY_OBJ_COMMENT;
if(! x($_REQUEST,'type'))
$_REQUEST['type'] = 'net-comment';
if($parent) {
$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
intval($parent)
);
} elseif($parent_uri && local_user()) {
// This is coming from an API source, and we are logged in
$r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($parent_uri),
intval(local_user())
);
}
// if this isn't the real parent of the conversation, find it
if($r !== false && count($r)) {
$parid = $r[0]['parent'];
$parent_uri = $r[0]['uri'];
if($r[0]['id'] != $r[0]['parent']) {
$r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1",
intval($parid)
);
}
}
if(($r === false) || (! count($r))) {
notice( t('Unable to locate original post.') . EOL);
if(x($_REQUEST,'return'))
goaway($a->get_baseurl() . "/" . $return_path );
killme();
}
$parent_item = $r[0];
$parent = $r[0]['id'];
// multi-level threading - preserve the info but re-parent to our single level threading
//if(($parid) && ($parid != $parent))
$thr_parent = $parent_uri;
if($parent_item['contact-id'] && $uid) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($parent_item['contact-id']),
intval($uid)
);
if(count($r))
$parent_contact = $r[0];
// If the contact id doesn't fit with the contact, then set the contact to null
$thrparent = q("SELECT `author-link`, `network` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($thr_parent));
if (count($thrparent) AND ($thrparent[0]["network"] === NETWORK_OSTATUS)
AND (normalise_link($parent_contact["url"]) != normalise_link($thrparent[0]["author-link"]))) {
$parent_contact = null;
$r = q("SELECT * FROM `gcontact` WHERE `nurl` = '%s' LIMIT 1",
dbesc(normalise_link($thrparent[0]["author-link"])));
if (count($r)) {
$parent_contact = $r[0];
$parent_contact["thumb"] = $parent_contact["photo"];
$parent_contact["micro"] = $parent_contact["photo"];
unset($parent_contact["id"]);
}
if (!isset($parent_contact["nick"])) {
require_once("include/Scrape.php");
$probed_contact = probe_url($thrparent[0]["author-link"]);
if ($probed_contact["network"] != NETWORK_FEED) {
$parent_contact = $probed_contact;
$parent_contact["nurl"] = normalise_link($probed_contact["url"]);
$parent_contact["thumb"] = $probed_contact["photo"];
$parent_contact["micro"] = $probed_contact["photo"];
$parent_contact["addr"] = $probed_contact["addr"];
}
}
logger('no contact found: '.print_r($thrparent, true), LOGGER_DEBUG);
} else
logger('parent contact: '.print_r($parent_contact, true), LOGGER_DEBUG);
}
}
if($parent) logger('mod_item: item_post parent=' . $parent);
$profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0);
$post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0);
$app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : '');
$extid = ((x($_REQUEST,'extid')) ? strip_tags($_REQUEST['extid']) : '');
$allow_moderated = false;
// here is where we are going to check for permission to post a moderated comment.
// First check that the parent exists and it is a wall item.
if((x($_REQUEST,'commenter')) && ((! $parent) || (! $parent_item['wall']))) {
notice( t('Permission denied.') . EOL) ;
if(x($_REQUEST,'return'))
goaway($a->get_baseurl() . "/" . $return_path );
killme();
}
// Now check that it is a page_type of PAGE_BLOG, and that valid personal details
// have been provided, and run any anti-spam plugins
if((! can_write_wall($a,$profile_uid)) && (! $allow_moderated)) {
notice( t('Permission denied.') . EOL) ;
if(x($_REQUEST,'return'))
goaway($a->get_baseurl() . "/" . $return_path );
killme();
}
// is this an edited post?
$orig_post = null;
if($post_id) {
$i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1",
intval($profile_uid),
intval($post_id)
);
if(! count($i))
killme();
$orig_post = $i[0];
}
$user = null;
$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
intval($profile_uid)
);
if(count($r))
$user = $r[0];
if($orig_post) {
$str_group_allow = $orig_post['allow_gid'];
$str_contact_allow = $orig_post['allow_cid'];
$str_group_deny = $orig_post['deny_gid'];
$str_contact_deny = $orig_post['deny_cid'];
$location = $orig_post['location'];
$coord = $orig_post['coord'];
$verb = $orig_post['verb'];
$objecttype = $orig_post['object-type'];
$emailcc = $orig_post['emailcc'];
$app = $orig_post['app'];
$categories = $orig_post['file'];
$title = notags(trim($_REQUEST['title']));
$body = escape_tags(trim($_REQUEST['body']));
$private = $orig_post['private'];
$pubmail_enable = $orig_post['pubmail'];
$network = $orig_post['network'];
$guid = $orig_post['guid'];
$extid = $orig_post['extid'];
} else {
// if coming from the API and no privacy settings are set,
// use the user default permissions - as they won't have
// been supplied via a form.
if(($api_source)
&& (! array_key_exists('contact_allow',$_REQUEST))
&& (! array_key_exists('group_allow',$_REQUEST))
&& (! array_key_exists('contact_deny',$_REQUEST))
&& (! array_key_exists('group_deny',$_REQUEST))) {
$str_group_allow = $user['allow_gid'];
$str_contact_allow = $user['allow_cid'];
$str_group_deny = $user['deny_gid'];
$str_contact_deny = $user['deny_cid'];
}
else {
// use the posted permissions
$str_group_allow = perms2str($_REQUEST['group_allow']);
$str_contact_allow = perms2str($_REQUEST['contact_allow']);
$str_group_deny = perms2str($_REQUEST['group_deny']);
$str_contact_deny = perms2str($_REQUEST['contact_deny']);
}
$title = notags(trim($_REQUEST['title']));
$location = notags(trim($_REQUEST['location']));
$coord = notags(trim($_REQUEST['coord']));
$verb = notags(trim($_REQUEST['verb']));
$emailcc = notags(trim($_REQUEST['emailcc']));
$body = escape_tags(trim($_REQUEST['body']));
$network = notags(trim($_REQUEST['network']));
$guid = get_guid(32);
item_add_language_opt($_REQUEST);
$postopts = $_REQUEST['postopts'] ? $_REQUEST['postopts'] : "";
$private = ((strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) ? 1 : 0);
if($user['hidewall'])
$private = 2;
// If this is a comment, set the permissions from the parent.
if($parent_item) {
$private = 0;
// for non native networks use the network of the original post as network of the item
if (($parent_item['network'] != NETWORK_DIASPORA)
AND ($parent_item['network'] != NETWORK_OSTATUS)
AND ($network == ""))
$network = $parent_item['network'];
if(($parent_item['private'])
|| strlen($parent_item['allow_cid'])
|| strlen($parent_item['allow_gid'])
|| strlen($parent_item['deny_cid'])
|| strlen($parent_item['deny_gid'])) {
$private = (($parent_item['private']) ? $parent_item['private'] : 1);
}
$str_contact_allow = $parent_item['allow_cid'];
$str_group_allow = $parent_item['allow_gid'];
$str_contact_deny = $parent_item['deny_cid'];
$str_group_deny = $parent_item['deny_gid'];
}
$pubmail_enable = ((x($_REQUEST,'pubmail_enable') && intval($_REQUEST['pubmail_enable']) && (! $private)) ? 1 : 0);
// if using the API, we won't see pubmail_enable - figure out if it should be set
if($api_source && $profile_uid && $profile_uid == local_user() && (! $private)) {
$mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
if(! $mail_disabled) {
$r = q("SELECT * FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1",
intval(local_user())
);
if(count($r) && intval($r[0]['pubmail']))
$pubmail_enabled = true;
}
}
if(! strlen($body)) {
if($preview)
killme();
info( t('Empty post discarded.') . EOL );
if(x($_REQUEST,'return'))
goaway($a->get_baseurl() . "/" . $return_path );
killme();
}
}
if(strlen($categories)) {
// get the "fileas" tags for this post
$filedas = file_tag_file_to_list($categories, 'file');
}
// save old and new categories, so we can determine what needs to be deleted from pconfig
$categories_old = $categories;
$categories = file_tag_list_to_file(trim($_REQUEST['category']), 'category');
$categories_new = $categories;
if(strlen($filedas)) {
// append the fileas stuff to the new categories list
$categories .= file_tag_list_to_file($filedas, 'file');
}
// Work around doubled linefeeds in Tinymce 3.5b2
// First figure out if it's a status post that would've been
// created using tinymce. Otherwise leave it alone.
/* $plaintext = (local_user() ? intval(get_pconfig(local_user(),'system','plaintext')) || !feature_enabled($profile_uid,'richtext') : 0);
if((! $parent) && (! $api_source) && (! $plaintext)) {
$body = fix_mce_lf($body);
}*/
$plaintext = (local_user() ? !feature_enabled($profile_uid,'richtext') : 0);
if((! $parent) && (! $api_source) && (! $plaintext)) {
$body = fix_mce_lf($body);
}
// get contact info for poster
$author = null;
$self = false;
$contact_id = 0;
if((local_user()) && (local_user() == $profile_uid)) {
$self = true;
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
intval($_SESSION['uid']));
}
elseif(remote_user()) {
if(is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $profile_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if($contact_id) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
intval($contact_id)
);
}
}
if(count($r)) {
$author = $r[0];
$contact_id = $author['id'];
}
// get contact info for owner
if($profile_uid == local_user()) {
$contact_record = $author;
}
else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
intval($profile_uid)
);
if(count($r))
$contact_record = $r[0];
}
$post_type = notags(trim($_REQUEST['type']));
if($post_type === 'net-comment') {
if($parent_item !== null) {
if($parent_item['wall'] == 1)
$post_type = 'wall-comment';
else
$post_type = 'remote-comment';
}
}
/**
*
* When a photo was uploaded into the message using the (profile wall) ajax
* uploader, The permissions are initially set to disallow anybody but the
* owner from seeing it. This is because the permissions may not yet have been
* set for the post. If it's private, the photo permissions should be set
* appropriately. But we didn't know the final permissions on the post until
* now. So now we'll look for links of uploaded messages that are in the
* post and set them to the same permissions as the post itself.
*
*/
$match = null;
if((! $preview) && preg_match_all("/\[img([\=0-9x]*?)\](.*?)\[\/img\]/",$body,$match)) {
$images = $match[2];
if(count($images)) {
$objecttype = ACTIVITY_OBJ_IMAGE;
foreach($images as $image) {
if(! stristr($image,$a->get_baseurl() . '/photo/'))
continue;
$image_uri = substr($image,strrpos($image,'/') + 1);
$image_uri = substr($image_uri,0, strpos($image_uri,'-'));
if(! strlen($image_uri))
continue;
$srch = '<' . intval($contact_id) . '>';
$r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = ''
AND `resource-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($srch),
dbesc($image_uri),
intval($profile_uid)
);
if(! count($r))
continue;
$r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
WHERE `resource-id` = '%s' AND `uid` = %d AND `album` = '%s' ",
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
dbesc($str_group_deny),
dbesc($image_uri),
intval($profile_uid),
dbesc( t('Wall Photos'))
);
}
}
}
/**
* Next link in any attachment references we find in the post.
*/
$match = false;
if((! $preview) && preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",$body,$match)) {
$attaches = $match[1];
if(count($attaches)) {
foreach($attaches as $attach) {
$r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
intval($profile_uid),
intval($attach)
);
if(count($r)) {
$r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
WHERE `uid` = %d AND `id` = %d",
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
dbesc($str_group_deny),
intval($profile_uid),
intval($attach)
);
}
}
}
}
// embedded bookmark in post? set bookmark flag
$bookmark = 0;
if(preg_match_all("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism",$body,$match,PREG_SET_ORDER)) {
$objecttype = ACTIVITY_OBJ_BOOKMARK;
$bookmark = 1;
}
$body = bb_translate_video($body);
/**
* Fold multi-line [code] sequences
*/
$body = preg_replace('/\[\/code\]\s*\[code\]/ism',"\n",$body);
$body = scale_external_images($body,false);
// Setting the object type if not defined before
if (!$objecttype) {
$objecttype = ACTIVITY_OBJ_NOTE; // Default value
require_once("include/plaintext.php");
$objectdata = get_attached_data($body);
if ($post["type"] == "link")
$objecttype = ACTIVITY_OBJ_BOOKMARK;
elseif ($post["type"] == "video")
$objecttype = ACTIVITY_OBJ_VIDEO;
elseif ($post["type"] == "photo")
$objecttype = ACTIVITY_OBJ_IMAGE;
}
/**
* Look for any tags and linkify them
*/
$str_tags = '';
$inform = '';
$tags = get_tags($body);
/**
* add a statusnet style reply tag if the original post was from there
* and we are replying, and there isn't one already
*/
if($parent AND ($parent_contact['network'] === NETWORK_OSTATUS)) {
if ($parent_contact['id'] != "")
$contact = '@'.$parent_contact['nick'].'+'.$parent_contact['id'];
else
$contact = '@[url='.$parent_contact['url'].']'.$parent_contact['nick'].'[/url]';
if (!in_array($contact,$tags)) {
$body = $contact.' '.$body;
$tags[] = $contact;
}
$toplevel_contact = "";
$toplevel_parent = q("SELECT `contact`.* FROM `contact`
INNER JOIN `item` ON `item`.`contact-id` = `contact`.`id` AND `contact`.`url` = `item`.`author-link`
WHERE `item`.`id` = `item`.`parent` AND `item`.`parent` = %d", intval($parent));
if ($toplevel_parent)
$toplevel_contact = '@'.$toplevel_parent[0]['nick'].'+'.$toplevel_parent[0]['id'];
else {
$toplevel_parent = q("SELECT `author-link`, `author-name` FROM `item` WHERE `id` = `parent` AND `parent` = %d", intval($parent));
$toplevel_contact = '@[url='.$toplevel_parent[0]['author-link'].']'.$toplevel_parent[0]['author-name'].'[/url]';
}
if (!in_array($toplevel_contact,$tags))
$tags[] = $toplevel_contact;
}
$tagged = array();
$private_forum = false;
if(count($tags)) {
foreach($tags as $tag) {
if(strpos($tag,'#') === 0)
continue;
// If we already tagged 'Robert Johnson', don't try and tag 'Robert'.
// Robert Johnson should be first in the $tags array
$fullnametagged = false;
for($x = 0; $x < count($tagged); $x ++) {
if(stristr($tagged[$x],$tag . ' ')) {
$fullnametagged = true;
break;
}
}
if($fullnametagged)
continue;
$success = handle_tag($a, $body, $inform, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag, $network);
if($success['replaced'])
$tagged[] = $tag;
if(is_array($success['contact']) && intval($success['contact']['prv'])) {
$private_forum = true;
$private_id = $success['contact']['id'];
}
}
}
if(($private_forum) && (! $parent) && (! $private)) {
// we tagged a private forum in a top level post and the message was public.
// Restrict it.
$private = 1;
$str_contact_allow = '<' . $private_id . '>';
}
$attachments = '';
$match = false;
if(preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/',$body,$match)) {
foreach($match[2] as $mtch) {
$r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
intval($profile_uid),
intval($mtch)
);
if(count($r)) {
if(strlen($attachments))
$attachments .= ',';
$attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['id'] . '" length="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . (($r[0]['filename']) ? $r[0]['filename'] : '') . '"[/attach]';
}
$body = str_replace($match[1],'',$body);
}
}
$wall = 0;
if($post_type === 'wall' || $post_type === 'wall-comment')
$wall = 1;
if(! strlen($verb))
$verb = ACTIVITY_POST ;
if ($network == "")
$network = NETWORK_DFRN;
$gravity = (($parent) ? 6 : 0 );
// even if the post arrived via API we are considering that it
// originated on this site by default for determining relayability.
$origin = ((x($_REQUEST,'origin')) ? intval($_REQUEST['origin']) : 1);
$notify_type = (($parent) ? 'comment-new' : 'wall-new' );
$uri = (($message_id) ? $message_id : item_new_uri($a->get_hostname(),$profile_uid, $guid));
// Fallback so that we alway have a thr-parent
if(!$thr_parent)
$thr_parent = $uri;
$datarray = array();
$datarray['uid'] = $profile_uid;
$datarray['type'] = $post_type;
$datarray['wall'] = $wall;
$datarray['gravity'] = $gravity;
$datarray['network'] = $network;
$datarray['contact-id'] = $contact_id;
$datarray['owner-name'] = $contact_record['name'];
$datarray['owner-link'] = $contact_record['url'];
$datarray['owner-avatar'] = $contact_record['thumb'];
$datarray['author-name'] = $author['name'];
$datarray['author-link'] = $author['url'];
$datarray['author-avatar'] = $author['thumb'];
$datarray['created'] = datetime_convert();
$datarray['edited'] = datetime_convert();
$datarray['commented'] = datetime_convert();
$datarray['received'] = datetime_convert();
$datarray['changed'] = datetime_convert();
$datarray['extid'] = $extid;
$datarray['guid'] = $guid;
$datarray['uri'] = $uri;
$datarray['title'] = $title;
$datarray['body'] = $body;
$datarray['app'] = $app;
$datarray['location'] = $location;
$datarray['coord'] = $coord;
$datarray['tag'] = $str_tags;
$datarray['file'] = $categories;
$datarray['inform'] = $inform;
$datarray['verb'] = $verb;
$datarray['object-type'] = $objecttype;
$datarray['allow_cid'] = $str_contact_allow;
$datarray['allow_gid'] = $str_group_allow;
$datarray['deny_cid'] = $str_contact_deny;
$datarray['deny_gid'] = $str_group_deny;
$datarray['private'] = $private;
$datarray['pubmail'] = $pubmail_enable;
$datarray['attach'] = $attachments;
$datarray['bookmark'] = intval($bookmark);
$datarray['thr-parent'] = $thr_parent;
$datarray['postopts'] = $postopts;
$datarray['origin'] = $origin;
$datarray['moderated'] = $allow_moderated;
$datarray['gcontact-id'] = get_gcontact_id(array("url" => $datarray['author-link'], "network" => $datarray['network'],
"photo" => $datarray['author-avatar'], "name" => $datarray['author-name']));
/**
* These fields are for the convenience of plugins...
* 'self' if true indicates the owner is posting on their own wall
* If parent is 0 it is a top-level post.
*/
$datarray['parent'] = $parent;
$datarray['self'] = $self;
// $datarray['prvnets'] = $user['prvnets'];
if($orig_post)
$datarray['edit'] = true;
// Search for hashtags
item_body_set_hashtags($datarray);
// preview mode - prepare the body for display and send it via json
if($preview) {
require_once('include/conversation.php');
$o = conversation($a,array(array_merge($contact_record,$datarray)),'search', false, true);
logger('preview: ' . $o);
echo json_encode(array('preview' => $o));
killme();
}
call_hooks('post_local',$datarray);
if(x($datarray,'cancel')) {
logger('mod_item: post cancelled by plugin.');
if($return_path) {
goaway($a->get_baseurl() . "/" . $return_path);
}
$json = array('cancel' => 1);
if(x($_REQUEST,'jsreload') && strlen($_REQUEST['jsreload']))
$json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload'];
echo json_encode($json);
killme();
}
// Fill the cache field
put_item_in_cache($datarray);
if($orig_post) {
$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `attach` = '%s', `file` = '%s', `rendered-html` = '%s', `rendered-hash` = '%s', `edited` = '%s', `changed` = '%s' WHERE `id` = %d AND `uid` = %d",
dbesc($datarray['title']),
dbesc($datarray['body']),
dbesc($datarray['tag']),
dbesc($datarray['attach']),
dbesc($datarray['file']),
dbesc($datarray['rendered-html']),
dbesc($datarray['rendered-hash']),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($post_id),
intval($profile_uid)
);
create_tags_from_item($post_id);
create_files_from_item($post_id);
update_thread($post_id);
// update filetags in pconfig
file_tag_update_pconfig($uid,$categories_old,$categories_new,'category');
proc_run('php', "include/notifier.php", 'edit_post', "$post_id");
if((x($_REQUEST,'return')) && strlen($return_path)) {
logger('return: ' . $return_path);
goaway($a->get_baseurl() . "/" . $return_path );
}
killme();
}
else
$post_id = 0;
$r = q("INSERT INTO `item` (`guid`, `extid`, `uid`,`type`,`wall`,`gravity`, `network`, `contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `author-name`, `author-link`, `author-avatar`,
`created`, `edited`, `commented`, `received`, `changed`, `uri`, `thr-parent`, `title`, `body`, `app`, `location`, `coord`, `tag`, `inform`, `verb`, `object-type`, `postopts`,
`allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach`, `bookmark`,`origin`, `moderated`, `file`, `rendered-html`, `rendered-hash`)
VALUES( '%s', '%s', %d, '%s', %d, %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s')",
dbesc($datarray['guid']),
dbesc($datarray['extid']),
intval($datarray['uid']),
dbesc($datarray['type']),
intval($datarray['wall']),
intval($datarray['gravity']),
dbesc($datarray['network']),
intval($datarray['contact-id']),
dbesc($datarray['owner-name']),
dbesc($datarray['owner-link']),
dbesc($datarray['owner-avatar']),
dbesc($datarray['author-name']),
dbesc($datarray['author-link']),
dbesc($datarray['author-avatar']),
dbesc($datarray['created']),
dbesc($datarray['edited']),
dbesc($datarray['commented']),
dbesc($datarray['received']),
dbesc($datarray['changed']),
dbesc($datarray['uri']),
dbesc($datarray['thr-parent']),
dbesc($datarray['title']),
dbesc($datarray['body']),
dbesc($datarray['app']),
dbesc($datarray['location']),
dbesc($datarray['coord']),
dbesc($datarray['tag']),
dbesc($datarray['inform']),
dbesc($datarray['verb']),
dbesc($datarray['object-type']),
dbesc($datarray['postopts']),
dbesc($datarray['allow_cid']),
dbesc($datarray['allow_gid']),
dbesc($datarray['deny_cid']),
dbesc($datarray['deny_gid']),
intval($datarray['private']),
intval($datarray['pubmail']),
dbesc($datarray['attach']),
intval($datarray['bookmark']),
intval($datarray['origin']),
intval($datarray['moderated']),
dbesc($datarray['file']),
dbesc($datarray['rendered-html']),
dbesc($datarray['rendered-hash'])
);
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
dbesc($datarray['uri']));
if(!count($r)) {
logger('mod_item: unable to retrieve post that was just stored.');
notice( t('System error. Post not saved.') . EOL);
goaway($a->get_baseurl() . "/" . $return_path );
// NOTREACHED
}
// Store the guid and other relevant data
add_guid($datarray);
$post_id = $r[0]['id'];
logger('mod_item: saved item ' . $post_id);
$datarray["id"] = $post_id;
$datarray["plink"] = $a->get_baseurl().'/display/'.urlencode($datarray["guid"]);
// update filetags in pconfig
file_tag_update_pconfig($uid,$categories_old,$categories_new,'category');
if($parent) {
// This item is the last leaf and gets the comment box, clear any ancestors
$r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent` = %d ",
dbesc(datetime_convert()),
intval($parent)
);
update_thread($parent, true);
// Inherit ACLs from the parent item.
$r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `private` = %d
WHERE `id` = %d",
dbesc($parent_item['allow_cid']),
dbesc($parent_item['allow_gid']),
dbesc($parent_item['deny_cid']),
dbesc($parent_item['deny_gid']),
intval($parent_item['private']),
intval($post_id)
);
if($contact_record != $author) {
notification(array(
'type' => NOTIFY_COMMENT,
'notify_flags' => $user['notify-flags'],
'language' => $user['language'],
'to_name' => $user['username'],
'to_email' => $user['email'],
'uid' => $user['uid'],
'item' => $datarray,
'link' => $a->get_baseurl().'/display/'.urlencode($datarray['guid']),
'source_name' => $datarray['author-name'],
'source_link' => $datarray['author-link'],
'source_photo' => $datarray['author-avatar'],
'verb' => ACTIVITY_POST,
'otype' => 'item',
'parent' => $parent,
'parent_uri' => $parent_item['uri']
));
}
// Store the comment signature information in case we need to relay to Diaspora
store_diaspora_comment_sig($datarray, $author, ($self ? $user['prvkey'] : false), $parent_item, $post_id);
} else {
$parent = $post_id;
if($contact_record != $author) {
notification(array(
'type' => NOTIFY_WALL,
'notify_flags' => $user['notify-flags'],
'language' => $user['language'],
'to_name' => $user['username'],
'to_email' => $user['email'],
'uid' => $user['uid'],
'item' => $datarray,
'link' => $a->get_baseurl().'/display/'.urlencode($datarray['guid']),
'source_name' => $datarray['author-name'],
'source_link' => $datarray['author-link'],
'source_photo' => $datarray['author-avatar'],
'verb' => ACTIVITY_POST,
'otype' => 'item'
));
}
}
// fallback so that parent always gets set to non-zero.
if(! $parent)
$parent = $post_id;
$r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `plink` = '%s', `changed` = '%s', `last-child` = 1, `visible` = 1
WHERE `id` = %d",
intval($parent),
dbesc(($parent == $post_id) ? $uri : $parent_item['uri']),
dbesc($a->get_baseurl().'/display/'.urlencode($datarray['guid'])),
dbesc(datetime_convert()),
intval($post_id)
);
// photo comments turn the corresponding item visible to the profile wall
// This way we don't see every picture in your new photo album posted to your wall at once.
// They will show up as people comment on them.
if(! $parent_item['visible']) {
$r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d",
intval($parent_item['id'])
);
update_thread($parent_item['id']);
}
// update the commented timestamp on the parent
q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d",
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($parent)
);
if ($post_id != $parent)
update_thread($parent);
call_hooks('post_local_end', $datarray);
if(strlen($emailcc) && $profile_uid == local_user()) {
$erecips = explode(',', $emailcc);
if(count($erecips)) {
foreach($erecips as $recip) {
$addr = trim($recip);
if(! strlen($addr))
continue;
$disclaimer = '<hr />' . sprintf( t('This message was sent to you by %s, a member of the Friendica social network.'),$a->user['username'])
. '<br />';
$disclaimer .= sprintf( t('You may visit them online at %s'), $a->get_baseurl() . '/profile/' . $a->user['nickname']) . EOL;
$disclaimer .= t('Please contact the sender by replying to this post if you do not wish to receive these messages.') . EOL;
if (!$datarray['title']=='') {
$subject = email_header_encode($datarray['title'],'UTF-8');
} else {
$subject = email_header_encode('[Friendica]' . ' ' . sprintf( t('%s posted an update.'),$a->user['username']),'UTF-8');
}
$link = '<a href="' . $a->get_baseurl() . '/profile/' . $a->user['nickname'] . '"><img src="' . $author['thumb'] . '" alt="' . $a->user['username'] . '" /></a><br /><br />';
$html = prepare_body($datarray);
$message = '<html><body>' . $link . $html . $disclaimer . '</body></html>';
include_once('include/html2plain.php');
$params = array (
'fromName' => $a->user['username'],
'fromEmail' => $a->user['email'],
'toEmail' => $addr,
'replyTo' => $a->user['email'],
'messageSubject' => $subject,
'htmlVersion' => $message,
'textVersion' => html2plain($html.$disclaimer),
);
Emailer::send($params);
}
}
}
create_tags_from_item($post_id);
create_files_from_item($post_id);
if ($post_id == $parent)
add_thread($post_id);
// This is a real juggling act on shared hosting services which kill your processes
// e.g. dreamhost. We used to start delivery to our native delivery agents in the background
// and then run our plugin delivery from the foreground. We're now doing plugin delivery first,
// because as soon as you start loading up a bunch of remote delivey processes, *this* page is
// likely to get killed off. If you end up looking at an /item URL and a blank page,
// it's very likely the delivery got killed before all your friends could be notified.
// Currently the only realistic fixes are to use a reliable server - which precludes shared hosting,
// or cut back on plugins which do remote deliveries.
proc_run('php', "include/notifier.php", $notify_type, "$post_id");
logger('post_complete');
item_post_return($a->get_baseurl(), $api_source, $return_path);
// NOTREACHED
}
}
if(! function_exists('item_post_return')) {
function item_post_return($baseurl, $api_source, $return_path) {
// figure out how to return, depending on from whence we came
if($api_source)
return;
if($return_path) {
goaway($baseurl . "/" . $return_path);
}
$json = array('success' => 1);
if(x($_REQUEST,'jsreload') && strlen($_REQUEST['jsreload']))
$json['reload'] = $baseurl . '/' . $_REQUEST['jsreload'];
logger('post_json: ' . print_r($json,true), LOGGER_DEBUG);
echo json_encode($json);
killme();
}
}
if(! function_exists('item_content')) {
function item_content(&$a) {
if((! local_user()) && (! remote_user()))
return;
require_once('include/security.php');
$o = '';
if(($a->argc == 3) && ($a->argv[1] === 'drop') && intval($a->argv[2])) {
$o = drop_item($a->argv[2], !is_ajax());
if (is_ajax()){
// ajax return: [<item id>, 0 (no perm) | <owner id>]
echo json_encode(array(intval($a->argv[2]), intval($o)));
killme();
}
}
return $o;
}
}
/**
* This function removes the tag $tag from the text $body and replaces it with
* the appropiate link.
*
* @param unknown_type $body the text to replace the tag in
* @param unknown_type $inform a comma-seperated string containing everybody to inform
* @param unknown_type $str_tags string to add the tag to
* @param unknown_type $profile_uid
* @param unknown_type $tag the tag to replace
*
* @return boolean true if replaced, false if not replaced
*/
if(! function_exists('handle_tag')) {
function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag, $network = "") {
require_once("include/Scrape.php");
require_once("include/socgraph.php");
$replaced = false;
$r = null;
//is it a person tag?
if(strpos($tag,'@') === 0) {
//is it already replaced?
if(strpos($tag,'[url=')) {
//append tag to str_tags
if(!stristr($str_tags,$tag)) {
if(strlen($str_tags))
$str_tags .= ',';
$str_tags .= $tag;
}
// Checking for the alias that is used for OStatus
$pattern = "/@\[url\=(.*?)\](.*?)\[\/url\]/ism";
if (preg_match($pattern, $tag, $matches)) {
$data = probe_url($matches[1]);
if ($data["alias"] != "") {
$newtag = '@[url='.$data["alias"].']'.$data["name"].'[/url]';
if(!stristr($str_tags,$newtag)) {
if(strlen($str_tags))
$str_tags .= ',';
$str_tags .= $newtag;
}
}
}
return $replaced;
}
$stat = false;
//get the person's name
$name = substr($tag,1);
// Sometimes the tag detection doesn't seem to work right
// This is some workaround
$nameparts = explode(" ", $name);
$name = $nameparts[0];
// Try to detect the contact in various ways
if ((strpos($name,'@')) || (strpos($name,'http://'))) {
// Is it in format @user@domain.tld or @http://domain.tld/...?
// First check the contact table for the address
$r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network`, `notify` FROM `contact` WHERE `addr` = '%s' AND `uid` = %d LIMIT 1",
dbesc($name),
intval($profile_uid)
);
// Then check in the contact table for the url
if (!$r)
$r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `notify`, `network` FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1",
dbesc(normalise_link($name)),
intval($profile_uid)
);
// Then check in the global contacts for the address
if (!$r)
$r = q("SELECT `url`, `name`, `nick`, `network`, `alias`, `notify` FROM `gcontact` WHERE `addr` = '%s' LIMIT 1", dbesc($name));
// Then check in the global contacts for the url
if (!$r)
$r = q("SELECT `url`, `name`, `nick`, `network`, `alias`, `notify` FROM `gcontact` WHERE `nurl` = '%s' LIMIT 1", dbesc(normalise_link($name)));
// If the data isn't complete then refetch the data
if ($r AND ($r[0]["network"] == NETWORK_OSTATUS) AND (($r[0]["notify"] == "") OR ($r[0]["alias"] == "")))
$r = false;
if (!$r) {
$probed = probe_url($name);
if (isset($probed["url"])) {
update_gcontact($probed);
$r = q("SELECT `url`, `name`, `nick`, `network`, `alias`, `notify` FROM `gcontact` WHERE `nurl` = '%s' LIMIT 1",
dbesc(normalise_link($probed["url"])));
}
}
} else {
$r = false;
if (strrpos($name,'+')) {
// Is it in format @nick+number?
$tagcid = intval(substr($name,strrpos($name,'+') + 1));
$r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($tagcid),
intval($profile_uid)
);
}
//select someone by attag or nick and the name passed in the current network
if(!$r AND ($network != ""))
$r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network` FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `network` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
dbesc($name),
dbesc($name),
dbesc($network),
intval($profile_uid)
);
//select someone from this user's contacts by name in the current network
if (!$r AND ($network != ""))
$r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network` FROM `contact` WHERE `name` = '%s' AND `network` = '%s' AND `uid` = %d LIMIT 1",
dbesc($newname),
dbesc($network),
intval($profile_uid)
);
//select someone by attag or nick and the name passed in
if(!$r)
$r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network` FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
dbesc($name),
dbesc($name),
intval($profile_uid)
);
//select someone from this user's contacts by name
if(!$r)
$r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network` FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
dbesc($newname),
intval($profile_uid)
);
}
if ($r) {
if(strlen($inform) AND (isset($r[0]["notify"]) OR isset($r[0]["id"])))
$inform .= ',';
if (isset($r[0]["id"]))
$inform .= 'cid:' . $r[0]["id"];
elseif (isset($r[0]["notify"]))
$inform .= $r[0]["notify"];
$profile = $r[0]["url"];
$alias = $r[0]["alias"];
$newname = $r[0]["nick"];
if (($newname == "") OR (($r[0]["network"] != NETWORK_OSTATUS) AND ($r[0]["network"] != NETWORK_TWITTER)
AND ($r[0]["network"] != NETWORK_STATUSNET) AND ($r[0]["network"] != NETWORK_APPNET)))
$newname = $r[0]["name"];
}
//if there is an url for this persons profile
if(isset($profile)) {
$replaced = true;
//create profile link
$profile = str_replace(',','%2c',$profile);
$newtag = '@[url=' . $profile . ']' . $newname . '[/url]';
$body = str_replace('@' . $name, $newtag, $body);
//append tag to str_tags
if(! stristr($str_tags,$newtag)) {
if(strlen($str_tags))
$str_tags .= ',';
$str_tags .= $newtag;
}
// Status.Net seems to require the numeric ID URL in a mention if the person isn't
// subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both.
if(strlen($alias)) {
$newtag = '@[url=' . $alias . ']' . $newname . '[/url]';
if(! stristr($str_tags,$newtag)) {
if(strlen($str_tags))
$str_tags .= ',';
$str_tags .= $newtag;
}
}
}
}
return array('replaced' => $replaced, 'contact' => $r[0]);
}
}
if(! function_exists('store_diaspora_comment_sig')) {
function store_diaspora_comment_sig($datarray, $author, $uprvkey, $parent_item, $post_id) {
// We won't be able to sign Diaspora comments for authenticated visitors - we don't have their private key
$enabled = intval(get_config('system','diaspora_enabled'));
if(! $enabled) {
logger('mod_item: diaspora support disabled, not storing comment signature', LOGGER_DEBUG);
return;
}
logger('mod_item: storing diaspora comment signature');
require_once('include/bb2diaspora.php');
$signed_body = html_entity_decode(bb2diaspora($datarray['body']));
// Only works for NETWORK_DFRN
$contact_baseurl_start = strpos($author['url'],'://') + 3;
$contact_baseurl_length = strpos($author['url'],'/profile') - $contact_baseurl_start;
$contact_baseurl = substr($author['url'], $contact_baseurl_start, $contact_baseurl_length);
$diaspora_handle = $author['nick'] . '@' . $contact_baseurl;
$signed_text = $datarray['guid'] . ';' . $parent_item['guid'] . ';' . $signed_body . ';' . $diaspora_handle;
if( $uprvkey !== false )
$authorsig = rsa_sign($signed_text,$uprvkey,'sha256');
else
$authorsig = '';
q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
intval($post_id),
dbesc($signed_text),
dbesc(base64_encode($authorsig)),
dbesc($diaspora_handle)
);
return;
}
}