Some safety precautions
This commit is contained in:
parent
b8c4332a20
commit
670e2ad271
13
mod/item.php
13
mod/item.php
|
@ -440,6 +440,7 @@ function item_post(App $a) {
|
||||||
|
|
||||||
$match = null;
|
$match = null;
|
||||||
|
|
||||||
|
/// @todo these lines should be moved to Model/Photo
|
||||||
if (!$preview && preg_match_all("/\[img([\=0-9x]*?)\](.*?)\[\/img\]/",$body,$match)) {
|
if (!$preview && preg_match_all("/\[img([\=0-9x]*?)\](.*?)\[\/img\]/",$body,$match)) {
|
||||||
$images = $match[2];
|
$images = $match[2];
|
||||||
if (count($images)) {
|
if (count($images)) {
|
||||||
|
@ -456,7 +457,7 @@ function item_post(App $a) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// @todo these lines should be moved to Model/Photo
|
// Ensure to only modify photos that you own
|
||||||
$srch = '<' . intval($original_contact_id) . '>';
|
$srch = '<' . intval($original_contact_id) . '>';
|
||||||
|
|
||||||
$condition = ['allow_cid' => $srch, 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '',
|
$condition = ['allow_cid' => $srch, 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '',
|
||||||
|
@ -479,10 +480,20 @@ function item_post(App $a) {
|
||||||
*/
|
*/
|
||||||
$match = false;
|
$match = false;
|
||||||
|
|
||||||
|
/// @todo these lines should be moved to Model/Attach (Once it exists)
|
||||||
if (!$preview && preg_match_all("/\[attachment\](.*?)\[\/attachment\]/", $body, $match)) {
|
if (!$preview && preg_match_all("/\[attachment\](.*?)\[\/attachment\]/", $body, $match)) {
|
||||||
$attaches = $match[1];
|
$attaches = $match[1];
|
||||||
if (count($attaches)) {
|
if (count($attaches)) {
|
||||||
foreach ($attaches as $attach) {
|
foreach ($attaches as $attach) {
|
||||||
|
// Ensure to only modify attachments that you own
|
||||||
|
$srch = '<' . intval($original_contact_id) . '>';
|
||||||
|
|
||||||
|
$condition = ['allow_cid' => $srch, 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '',
|
||||||
|
'id' => $attach];
|
||||||
|
if (!dba::exists('attach', $condition)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
$fields = ['allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow,
|
$fields = ['allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow,
|
||||||
'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny];
|
'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny];
|
||||||
$condition = ['id' => $attach];
|
$condition = ['id' => $attach];
|
||||||
|
|
Loading…
Reference in New Issue
Block a user