streams/mod/editwebpage.php

<?php

require_once('include/identity.php');
require_once('include/acl_selectors.php');

function editwebpage_init(&$a) {

	if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) {
		$sys = get_sys_channel();
		if($sys && intval($sys['channel_id'])) {
			$a->is_sys = true;
		}
	}

	if(argc() > 1)
		$which = argv(1);
	else
		return;

	profile_load($a,$which);

}


function editwebpage_content(&$a) {

	if(! $a->profile) {
		notice( t('Requested profile is not available.') . EOL );
		$a->error = 404;
		return;
	}

	$which = argv(1);

	$uid = local_channel();
	$owner = 0;
	$channel = null;
	$observer = $a->get_observer();

	$channel = $a->get_channel();

	if($a->is_sys && is_site_admin()) {
		$sys = get_sys_channel();
		if($sys && intval($sys['channel_id'])) {
			$uid = $owner = intval($sys['channel_id']);
			$channel = $sys;
			$observer = $sys;
		}
	}

	if(! $owner) {
		// Figure out who the page owner is.
		$r = q("select channel_id from channel where channel_address = '%s'",
			dbesc($which)
		);
		if($r) {
			$owner = intval($r[0]['channel_id']);
		}
	}

	$ob_hash = (($observer) ? $observer['xchan_hash'] : '');

	if(! perm_is_allowed($owner,$ob_hash,'write_pages')) {
		notice( t('Permission denied.') . EOL);
		return;
	}

	$is_owner = (($uid && $uid == $owner) ? true : false);
			
	$o = '';

	// Figure out which post we're editing
	$post_id = ((argc() > 2) ? intval(argv(2)) : 0);


	if(! $post_id) {
		notice( t('Item not found') . EOL);
		return;
	}

	$ob_hash = (($observer) ? $observer['xchan_hash'] : '');

	$perms = get_all_perms($owner,$ob_hash);

	if(! $perms['write_pages']) {
		notice( t('Permission denied.') . EOL);
		return;
	}

	// We've already figured out which item we want and whose copy we need, 
	// so we don't need anything fancy here

	$sql_extra = item_permissions_sql($owner);

	$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s $sql_extra LIMIT 1",
		intval($post_id),
		intval($owner)
	);

	if(! $itm) {
		notice( t('Permission denied.') . EOL);
		return;
	}

	if($itm[0]['item_flags'] & ITEM_OBSCURED) {
		$key = get_config('system','prvkey');
		if($itm[0]['title'])
			$itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key);
		if($itm[0]['body'])
			$itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key);
	}

	$item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1",
		intval($itm[0]['id'])
	);
	if($item_id)
		$page_title = $item_id[0]['sid'];

	$plaintext = true;

	$mimetype = $itm[0]['mimetype'];

	if($mimetype === 'application/x-php') {
		if((! $uid) || ($uid != $itm[0]['uid'])) {
			notice( t('Permission denied.') . EOL);
			return;
		}
	}
	
	$mimeselect = '';

	if($mimetype != 'text/bbcode')
		$plaintext = true;

	if(get_config('system','page_mimetype'))
		$mimeselect = '<input type="hidden" name="mimetype" value="' . $mimetype . '" />';
	else
		$mimeselect = mimetype_select($itm[0]['uid'],$mimetype); 

	$layout = get_config('system','page_layout');
	if($layout)
		$layoutselect = '<input type="hidden" name="layout_mid" value="' . $layout . '" />'; 			
	else
		$layoutselect = layout_select($itm[0]['uid'],$itm[0]['layout_mid']);

	$a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array(
		'$baseurl' => $a->get_baseurl(),
		'$editselect' =>  (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'),
		'$ispublic' => '&nbsp;', // t('Visible to <strong>everybody</strong>'),
		'$geotag' => $geotag,
		'$nickname' => $channel['channel_address'],
		'$confirmdelete' => t('Delete webpage?')
	));

	$tpl = get_markup_template("jot.tpl");
		
	$jotplugins = '';
	$jotnets = '';

	call_hooks('jot_tool', $jotplugins);
	call_hooks('jot_networks', $jotnets);
	
	// FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD 
	// instead of loading a sensible page.  So, send folk to the webpage list.

	$rp = 'webpages/' . $which;

	logger('canwrite: ' . (perm_is_allowed($owner, get_observer_hash(), 'post_photos') || perm_is_allowed($owner, get_observer_hash(), 'write_storage')));

	$editor = replace_macros($tpl,array(
		'$return_path' => $rp,
		'$webpage' => ITEM_WEBPAGE,
		'$placeholdpagetitle' => t('Page link title'),
		'$pagetitle' => $page_title,
		'$writefiles' => (perm_is_allowed($owner, get_observer_hash(), 'post_photos') || perm_is_allowed($owner, get_observer_hash(), 'write_storage')),

		'$action' => 'item',
		'$share' => t('Edit'),
		'$bold' => t('Bold'),
		'$italic' => t('Italic'),
		'$underline' => t('Underline'),
		'$quote' => t('Quote'),
		'$code' => t('Code'),
		'$upload' => t('Upload photo'),
		'$attach' => t('Attach file'),
		'$weblink' => t('Insert web link'),
		'$youtube' => t('Insert YouTube video'),
		'$video' => t('Insert Vorbis [.ogg] video'),
		'$audio' => t('Insert Vorbis [.ogg] audio'),
		'$setloc' => t('Set your location'),
		'$noloc' => t('Clear browser location'),
		'$wait' => t('Please wait'),
		'$permset' => t('Permission settings'),
		'$ptyp' => $itm[0]['type'],
		'$content' => undo_post_tagging($itm[0]['body']),
		'$post_id' => $post_id,
		'$baseurl' => $a->get_baseurl(),
		'$defloc' => $itm[0]['location'],
		'$visitor' => ($is_owner) ? true : false,
		'$acl' => populate_acl($itm[0],false),
		'$showacl' => ($is_owner) ? true : false,
		'$public' => t('Public post'),
		'$jotnets' => $jotnets,
		'$mimeselect' => $mimeselect,
		'$layoutselect' => $layoutselect,
		'$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
		'$placeholdertitle' => t('Title (optional)'),
		'$category' => '',
		'$placeholdercategory' => t('Categories (optional, comma-separated list)'),
		'$emtitle' => t('Example: bob@example.com, mary@example.com'),
		'lockstate' => (((strlen($itm[0]['allow_cid'])) || (strlen($itm[0]['allow_gid'])) || (strlen($itm[0]['deny_cid'])) || (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'),
		'$bang' => '',
		'$profile_uid' => (intval($owner)),
		'$preview' => t('Preview'),
		'$jotplugins' => $jotplugins,
		'$sourceapp' => $a->sourcename,
		'$defexpire' => '',
		'$feature_expire' => false,
		'$expires' => t('Set expiration date'),

	));

	$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
		'$title' => t('Edit Webpage'),
		'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
		'$editor' => $editor,
		'$id' => $itm[0]['id']
	));

	return $o;

}
Minimum value webpages 2013-07-10 18:36:53 +00:00			`<?php`

uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`require_once('include/identity.php');`
			`require_once('include/acl_selectors.php');`

			`function editwebpage_init(&$a) {`

			`if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) {`
			`$sys = get_sys_channel();`
			`if($sys && intval($sys['channel_id'])) {`
			`$a->is_sys = true;`
			`}`
			`}`

			`if(argc() > 1)`
			`$which = argv(1);`
			`else`
			`return;`

			`profile_load($a,$which);`

			`}`
security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00
Minimum value webpages 2013-07-10 18:36:53 +00:00
			`function editwebpage_content(&$a) {`

uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`if(! $a->profile) {`
			`notice( t('Requested profile is not available.') . EOL );`
			`$a->error = 404;`
			`return;`
			`}`
security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00
			`$which = argv(1);`
"Can edit my webpages" permissions 2013-08-01 17:40:50 +00:00
local_user => local_channel 2015-01-29 04:56:04 +00:00			`$uid = local_channel();`
uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`$owner = 0;`
			`$channel = null;`
			`$observer = $a->get_observer();`

			`$channel = $a->get_channel();`

			`if($a->is_sys && is_site_admin()) {`
			`$sys = get_sys_channel();`
			`if($sys && intval($sys['channel_id'])) {`
			`$uid = $owner = intval($sys['channel_id']);`
			`$channel = $sys;`
			`$observer = $sys;`
			`}`
security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00			`}`
improve editing ability of webpages - acls, photos, location, page link title, etc. 2013-12-07 23:20:12 +00:00
uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`if(! $owner) {`
			`// Figure out who the page owner is.`
			`$r = q("select channel_id from channel where channel_address = '%s'",`
			`dbesc($which)`
			`);`
			`if($r) {`
			`$owner = intval($r[0]['channel_id']);`
			`}`
			`}`

			`$ob_hash = (($observer) ? $observer['xchan_hash'] : '');`

this should make all the 'sys' webpage design tools useable by the admin 2014-11-13 02:04:00 +00:00			`if(! perm_is_allowed($owner,$ob_hash,'write_pages')) {`
uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`notice( t('Permission denied.') . EOL);`
			`return;`
			`}`

			`$is_owner = (($uid && $uid == $owner) ? true : false);`
security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00
Minimum value webpages 2013-07-10 18:36:53 +00:00			`$o = '';`

security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00			`// Figure out which post we're editing`
"Can edit my webpages" permissions 2013-08-01 17:40:50 +00:00			`$post_id = ((argc() > 2) ? intval(argv(2)) : 0);`

Minimum value webpages 2013-07-10 18:36:53 +00:00
			`if(! $post_id) {`
			`notice( t('Item not found') . EOL);`
			`return;`
			`}`

security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00			`$ob_hash = (($observer) ? $observer['xchan_hash'] : '');`
"Can edit my webpages" permissions 2013-08-01 17:40:50 +00:00
security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00			`$perms = get_all_perms($owner,$ob_hash);`
"Can edit my webpages" permissions 2013-08-01 17:40:50 +00:00
security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00			`if(! $perms['write_pages']) {`
			`notice( t('Permission denied.') . EOL);`
			`return;`
			`}`
"Can edit my webpages" permissions 2013-08-01 17:40:50 +00:00
uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`// We've already figured out which item we want and whose copy we need,`
			`// so we don't need anything fancy here`
"Can edit my webpages" permissions 2013-08-01 17:40:50 +00:00
fix webpage perms 2015-04-22 10:00:15 +00:00			`$sql_extra = item_permissions_sql($owner);`

			$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s $sql_extra LIMIT 1",
security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00			`intval($post_id),`
			`intval($owner)`
uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`);`
Minimum value webpages 2013-07-10 18:36:53 +00:00
fix webpage perms 2015-04-22 10:00:15 +00:00			`if(! $itm) {`
			`notice( t('Permission denied.') . EOL);`
			`return;`
			`}`

improve editing ability of webpages - acls, photos, location, page link title, etc. 2013-12-07 23:20:12 +00:00			`if($itm[0]['item_flags'] & ITEM_OBSCURED) {`
			`$key = get_config('system','prvkey');`
			`if($itm[0]['title'])`
			`$itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key);`
			`if($itm[0]['body'])`
			`$itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key);`
			`}`

			`$item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1",`
uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`intval($itm[0]['id'])`
improve editing ability of webpages - acls, photos, location, page link title, etc. 2013-12-07 23:20:12 +00:00			`);`
			`if($item_id)`
			`$page_title = $item_id[0]['sid'];`

Minimum value webpages 2013-07-10 18:36:53 +00:00			`$plaintext = true;`
preserve mimetype on page edits 2013-09-03 00:48:48 +00:00
			`$mimetype = $itm[0]['mimetype'];`

security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00			`if($mimetype === 'application/x-php') {`
uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`if((! $uid) \|\| ($uid != $itm[0]['uid'])) {`
security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00			`notice( t('Permission denied.') . EOL);`
			`return;`
			`}`
			`}`

preserve mimetype on page edits 2013-09-03 00:48:48 +00:00			`$mimeselect = '';`

			`if($mimetype != 'text/bbcode')`
			`$plaintext = true;`
provide mimetype selector on edit (pages and blocks) 2013-09-06 10:10:25 +00:00
			`if(get_config('system','page_mimetype'))`
some more on webpages 2015-04-14 09:50:21 +00:00			`$mimeselect = '<input type="hidden" name="mimetype" value="' . $mimetype . '" />';`
provide mimetype selector on edit (pages and blocks) 2013-09-06 10:10:25 +00:00			`else`
fix mimeselect on edit 2013-09-06 10:56:47 +00:00			`$mimeselect = mimetype_select($itm[0]['uid'],$mimetype);`
preserve mimetype on page edits 2013-09-03 00:48:48 +00:00
security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00			`$layout = get_config('system','page_layout');`
			`if($layout)`
			`$layoutselect = '<input type="hidden" name="layout_mid" value="' . $layout . '" />';`
			`else`
Fix page layout selector 2014-01-11 23:49:23 +00:00			`$layoutselect = layout_select($itm[0]['uid'],$itm[0]['layout_mid']);`
Minimum value webpages 2013-07-10 18:36:53 +00:00
			`$a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array(`
			`'$baseurl' => $a->get_baseurl(),`
			`'$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text\|prvmail-text)/'),`
			`'$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'),`
			`'$geotag' => $geotag,`
uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`'$nickname' => $channel['channel_address'],`
Confirm webpage deletion prompt 2014-01-01 15:18:39 +00:00			`'$confirmdelete' => t('Delete webpage?')`
Minimum value webpages 2013-07-10 18:36:53 +00:00			`));`

			`$tpl = get_markup_template("jot.tpl");`

			`$jotplugins = '';`
			`$jotnets = '';`

			`call_hooks('jot_tool', $jotplugins);`
			`call_hooks('jot_networks', $jotnets);`

uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`// FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD`
			`// instead of loading a sensible page. So, send folk to the webpage list.`
"Can edit my webpages" permissions 2013-08-01 17:40:50 +00:00
Spare / and an undeclared var in editwebpage. 2014-03-26 19:49:08 +00:00			`$rp = 'webpages/' . $which;`
Minimum value webpages 2013-07-10 18:36:53 +00:00
allow jot to be displayed expanded, remove deprected datetimepicker js and some random fixes 2015-04-17 09:20:22 +00:00			`logger('canwrite: ' . (perm_is_allowed($owner, get_observer_hash(), 'post_photos') \|\| perm_is_allowed($owner, get_observer_hash(), 'write_storage')));`

			`$editor = replace_macros($tpl,array(`
"Can edit my webpages" permissions 2013-08-01 17:40:50 +00:00			`'$return_path' => $rp,`
a few fixes to webpage editing 2014-01-04 21:44:43 +00:00			`'$webpage' => ITEM_WEBPAGE,`
improve editing ability of webpages - acls, photos, location, page link title, etc. 2013-12-07 23:20:12 +00:00			`'$placeholdpagetitle' => t('Page link title'),`
			`'$pagetitle' => $page_title,`
title of preview button incorrect, fix ability to upload to webpages 2015-03-31 02:41:42 +00:00			`'$writefiles' => (perm_is_allowed($owner, get_observer_hash(), 'post_photos') \|\| perm_is_allowed($owner, get_observer_hash(), 'write_storage')),`
improve editing ability of webpages - acls, photos, location, page link title, etc. 2013-12-07 23:20:12 +00:00
Minimum value webpages 2013-07-10 18:36:53 +00:00			`'$action' => 'item',`
			`'$share' => t('Edit'),`
remove the now redundant audio/video buttons and label the editor text style buttons which didn't have them. Unused editor buttons were commented in case we need to bring them back. If things go smoothly we can remove them. Use the link icon going forward - for all links. 2015-03-12 01:56:28 +00:00			`'$bold' => t('Bold'),`
			`'$italic' => t('Italic'),`
			`'$underline' => t('Underline'),`
			`'$quote' => t('Quote'),`
			`'$code' => t('Code'),`
Minimum value webpages 2013-07-10 18:36:53 +00:00			`'$upload' => t('Upload photo'),`
			`'$attach' => t('Attach file'),`
			`'$weblink' => t('Insert web link'),`
			`'$youtube' => t('Insert YouTube video'),`
			`'$video' => t('Insert Vorbis [.ogg] video'),`
			`'$audio' => t('Insert Vorbis [.ogg] audio'),`
			`'$setloc' => t('Set your location'),`
			`'$noloc' => t('Clear browser location'),`
			`'$wait' => t('Please wait'),`
			`'$permset' => t('Permission settings'),`
			`'$ptyp' => $itm[0]['type'],`
			`'$content' => undo_post_tagging($itm[0]['body']),`
			`'$post_id' => $post_id,`
			`'$baseurl' => $a->get_baseurl(),`
improve editing ability of webpages - acls, photos, location, page link title, etc. 2013-12-07 23:20:12 +00:00			`'$defloc' => $itm[0]['location'],`
change the way jot tools are displayed/hidden 2014-04-08 20:07:06 +00:00			`'$visitor' => ($is_owner) ? true : false,`
only show jotnets when posting conversation items 2014-06-15 03:16:40 +00:00			`'$acl' => populate_acl($itm[0],false),`
use $showacl to show/hide acl in jot.tpl - remove $pvisit and repair editblock and editlayout which still depended on it. 2014-04-09 16:29:22 +00:00			`'$showacl' => ($is_owner) ? true : false,`
Minimum value webpages 2013-07-10 18:36:53 +00:00			`'$public' => t('Public post'),`
			`'$jotnets' => $jotnets,`
preserve mimetype on page edits 2013-09-03 00:48:48 +00:00			`'$mimeselect' => $mimeselect,`
security fix and ability to change layout on webpage edit form 2013-09-03 23:31:59 +00:00			`'$layoutselect' => $layoutselect,`
check that every invocation of htmlspecialchars has the right arg list 2013-12-12 10:01:42 +00:00			`'$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),`
Make it clear that title and categories are optional 2014-12-08 15:49:48 +00:00			`'$placeholdertitle' => t('Title (optional)'),`
Minimum value webpages 2013-07-10 18:36:53 +00:00			`'$category' => '',`
Make it clear that title and categories are optional 2014-12-08 15:49:48 +00:00			`'$placeholdercategory' => t('Categories (optional, comma-separated list)'),`
Minimum value webpages 2013-07-10 18:36:53 +00:00			`'$emtitle' => t('Example: bob@example.com, mary@example.com'),`
improve editing ability of webpages - acls, photos, location, page link title, etc. 2013-12-07 23:20:12 +00:00			`'lockstate' => (((strlen($itm[0]['allow_cid'])) \|\| (strlen($itm[0]['allow_gid'])) \|\| (strlen($itm[0]['deny_cid'])) \|\| (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'),`
Minimum value webpages 2013-07-10 18:36:53 +00:00			`'$bang' => '',`
"Can edit my webpages" permissions 2013-08-01 17:40:50 +00:00			`'$profile_uid' => (intval($owner)),`
title of preview button incorrect, fix ability to upload to webpages 2015-03-31 02:41:42 +00:00			`'$preview' => t('Preview'),`
Minimum value webpages 2013-07-10 18:36:53 +00:00			`'$jotplugins' => $jotplugins,`
uid not set in webpages.php, start on editwebpage.php 2014-11-12 06:55:24 +00:00			`'$sourceapp' => $a->sourcename,`
provide expire feature on post and comments as well as private messages. This requires a feature setting and is currently unmaskable - if the author says it's gone, there's not a lot you can do to stop it or try and save it. It's gone. 2013-11-07 08:47:50 +00:00			`'$defexpire' => '',`
change the way jot tools are displayed/hidden 2014-04-08 20:07:06 +00:00			`'$feature_expire' => false,`
provide expire feature on post and comments as well as private messages. This requires a feature setting and is currently unmaskable - if the author says it's gone, there's not a lot you can do to stop it or try and save it. It's gone. 2013-11-07 08:47:50 +00:00			`'$expires' => t('Set expiration date'),`

Minimum value webpages 2013-07-10 18:36:53 +00:00			`));`

allow jot to be displayed expanded, remove deprected datetimepicker js and some random fixes 2015-04-17 09:20:22 +00:00			`$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(`
			`'$title' => t('Edit Webpage'),`
			`'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) \|\| ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),`
			`'$editor' => $editor,`
			`'$id' => $itm[0]['id']`
			`));`
provide ability to delete webpages, layouts and blocks 2013-09-06 11:07:43 +00:00
Minimum value webpages 2013-07-10 18:36:53 +00:00			`return $o;`

			`}`