preparation for some possibly killer features

This commit is contained in:
friendica 2012-03-26 17:57:27 -07:00
parent 03b95c9a09
commit b5d0315d55
3 changed files with 23 additions and 15 deletions

View File

@ -7,13 +7,10 @@ require_once('include/crypto.php');
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) { function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) {
// default permissions - anonymous user
if(! strlen($owner_nick))
killme();
$sitefeed = ((strlen($owner_nick)) ? false : true); // not yet implemented, need to rewrite huge chunks of following logic
$public_feed = (($dfrn_id) ? false : true); $public_feed = (($dfrn_id) ? false : true);
$starred = false; $starred = false; // not yet implemented, possible security issues
$converse = false; $converse = false;
if($public_feed && $a->argc > 2) { if($public_feed && $a->argc > 2) {
@ -25,6 +22,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
} }
} }
// default permissions - anonymous user
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";

View File

@ -26,21 +26,24 @@ function dfrn_poll_init(&$a) {
$dfrn_id = substr($dfrn_id,2); $dfrn_id = substr($dfrn_id,2);
} }
if(($dfrn_id === '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) { if(($dfrn_id === '') && (! x($_POST,'dfrn_id'))) {
if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
killme(); killme();
} }
$user = '';
if($a->argc > 1) {
$r = q("SELECT `hidewall` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1", $r = q("SELECT `hidewall` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
dbesc($a->argv[1]) dbesc($a->argv[1])
); );
if(count($r) && $r[0]['hidewall']) if((! count($r)) || (count($r) && $r[0]['hidewall']))
killme(); killme();
$user = $r[0]['nickname'];
}
logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] ); logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $user);
header("Content-type: application/atom+xml"); header("Content-type: application/atom+xml");
$o = get_feed_for($a, '', $a->argv[1],$last_update); echo get_feed_for($a, '', $user,$last_update);
echo $o;
killme(); killme();
} }

View File

@ -15,6 +15,13 @@ function message_post(&$a) {
$body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : ''); $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : '');
$recipient = ((x($_REQUEST,'messageto')) ? intval($_REQUEST['messageto']) : 0 ); $recipient = ((x($_REQUEST,'messageto')) ? intval($_REQUEST['messageto']) : 0 );
// Work around doubled linefeeds in Tinymce 3.5b2
$plaintext = intval(get_pconfig(local_user(),'system','plaintext'));
if(! $plaintext) {
$body = str_replace("\r\n","\n",$body);
$body = str_replace("\n\n","\n",$body);
}
$ret = send_message($recipient, $body, $subject, $replyto); $ret = send_message($recipient, $body, $subject, $replyto);
$norecip = false; $norecip = false;