Beispiel #1
0
function item_store_update($arr, $allow_exec = false)
{
    $d = array('item' => $arr, 'allow_exec' => $allow_exec);
    call_hooks('item_store_update', $d);
    $arr = $d['item'];
    $allow_exec = $d['allow_exec'];
    $ret = array('success' => false, 'item_id' => 0);
    if (!intval($arr['uid'])) {
        logger('item_store_update: no uid');
        $ret['message'] = 'no uid.';
        return $ret;
    }
    if (!intval($arr['id'])) {
        logger('item_store_update: no id');
        $ret['message'] = 'no id.';
        return $ret;
    }
    $orig_post_id = $arr['id'];
    $uid = $arr['uid'];
    $orig = q("select * from item where id = %d and uid = %d limit 1", intval($orig_post_id), intval($uid));
    if (!$orig) {
        logger('item_store_update: original post not found: ' . $orig_post_id);
        $ret['message'] = 'no original';
        return $ret;
    }
    // override the unseen flag with the original
    if (intval($arr['item_flags'])) {
        $arr['item_unseen'] = 0;
    }
    if ($orig[0]['item_flags'] & ITEM_VERIFIED) {
        $orig[0]['item_flags'] = $orig[0]['item_flags'] ^ ITEM_VERIFIED;
    }
    if ($orig[0]['item_flags'] & ITEM_OBSCURED) {
        $orig[0]['item_flags'] = $orig[0]['item_flags'] ^ ITEM_OBSCURED;
    }
    $arr['item_flags'] = intval($arr['item_flags']) | $orig[0]['item_flags'];
    $arr['item_restrict'] = intval($arr['item_restrict']) | $orig[0]['item_restrict'];
    if (array_key_exists('edit', $arr)) {
        unset($arr['edit']);
    }
    $arr['mimetype'] = x($arr, 'mimetype') ? notags(trim($arr['mimetype'])) : 'text/bbcode';
    if ($arr['mimetype'] == 'application/x-php' && !$allow_exec) {
        logger('item_store: php mimetype but allow_exec is denied.');
        $ret['message'] = 'exec denied.';
        return $ret;
    }
    if (!($arr['item_flags'] & ITEM_OBSCURED)) {
        $arr['lang'] = detect_language($arr['body']);
        // apply the input filter here - if it is obscured it has been filtered already
        $arr['body'] = trim(z_input_filter($arr['uid'], $arr['body'], $arr['mimetype']));
        if (local_channel() && !$arr['sig']) {
            $channel = get_app()->get_channel();
            if ($channel['channel_hash'] === $arr['author_xchan']) {
                $arr['sig'] = base64url_encode(rsa_sign($arr['body'], $channel['channel_prvkey']));
                $arr['item_flags'] |= ITEM_VERIFIED;
            }
        }
        $allowed_languages = get_pconfig($arr['uid'], 'system', 'allowed_languages');
        if (is_array($allowed_languages) && $arr['lang'] && !array_key_exists($arr['lang'], $allowed_languages)) {
            $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
            call_hooks('item_translate', $translate);
            if (!$translate['translated'] && intval(get_pconfig($arr['uid'], 'system', 'reject_disallowed_languages'))) {
                logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
                $ret['message'] = 'language not accepted';
                return $ret;
            }
            $arr = $translate['item'];
        }
        if ($arr['item_private']) {
            $key = get_config('system', 'pubkey');
            $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
            if ($arr['title']) {
                $arr['title'] = json_encode(crypto_encapsulate($arr['title'], $key));
            }
            if ($arr['body']) {
                $arr['body'] = json_encode(crypto_encapsulate($arr['body'], $key));
            }
        }
    }
    if (x($arr, 'object') && is_array($arr['object'])) {
        activity_sanitise($arr['object']);
        $arr['object'] = json_encode($arr['object']);
    }
    if (x($arr, 'target') && is_array($arr['target'])) {
        activity_sanitise($arr['target']);
        $arr['target'] = json_encode($arr['target']);
    }
    if (x($arr, 'attach') && is_array($arr['attach'])) {
        activity_sanitise($arr['attach']);
        $arr['attach'] = json_encode($arr['attach']);
    }
    unset($arr['id']);
    unset($arr['uid']);
    unset($arr['aid']);
    unset($arr['mid']);
    unset($arr['parent']);
    unset($arr['parent_mid']);
    unset($arr['created']);
    unset($arr['author_xchan']);
    unset($arr['owner_xchan']);
    unset($arr['thr_parent']);
    unset($arr['llink']);
    $arr['edited'] = x($arr, 'edited') !== false ? datetime_convert('UTC', 'UTC', $arr['edited']) : datetime_convert();
    $arr['expires'] = x($arr, 'expires') !== false ? datetime_convert('UTC', 'UTC', $arr['expires']) : $orig[0]['expires'];
    if (array_key_exists('comments_closed', $arr) && $arr['comments_closed'] != NULL_DATE) {
        $arr['comments_closed'] = datetime_convert('UTC', 'UTC', $arr['comments_closed']);
    } else {
        $arr['comments_closed'] = $orig[0]['comments_closed'];
    }
    $arr['commented'] = $orig[0]['commented'];
    $arr['received'] = datetime_convert();
    $arr['changed'] = datetime_convert();
    $arr['route'] = array_key_exists('route', $arr) ? trim($arr['route']) : $orig[0]['route'];
    $arr['diaspora_meta'] = x($arr, 'diaspora_meta') ? $arr['diaspora_meta'] : $orig[0]['diaspora_meta'];
    $arr['location'] = x($arr, 'location') ? notags(trim($arr['location'])) : $orig[0]['location'];
    $arr['coord'] = x($arr, 'coord') ? notags(trim($arr['coord'])) : $orig[0]['coord'];
    $arr['verb'] = x($arr, 'verb') ? notags(trim($arr['verb'])) : $orig[0]['verb'];
    $arr['obj_type'] = x($arr, 'obj_type') ? notags(trim($arr['obj_type'])) : $orig[0]['obj_type'];
    $arr['object'] = x($arr, 'object') ? trim($arr['object']) : $orig[0]['object'];
    $arr['tgt_type'] = x($arr, 'tgt_type') ? notags(trim($arr['tgt_type'])) : $orig[0]['tgt_type'];
    $arr['target'] = x($arr, 'target') ? trim($arr['target']) : $orig[0]['target'];
    $arr['plink'] = x($arr, 'plink') ? notags(trim($arr['plink'])) : $orig[0]['plink'];
    $arr['allow_cid'] = array_key_exists('allow_cid', $arr) ? trim($arr['allow_cid']) : $orig[0]['allow_cid'];
    $arr['allow_gid'] = array_key_exists('allow_gid', $arr) ? trim($arr['allow_gid']) : $orig[0]['allow_gid'];
    $arr['deny_cid'] = array_key_exists('deny_cid', $arr) ? trim($arr['deny_cid']) : $orig[0]['deny_cid'];
    $arr['deny_gid'] = array_key_exists('deny_gid', $arr) ? trim($arr['deny_gid']) : $orig[0]['deny_gid'];
    $arr['item_private'] = array_key_exists('item_private', $arr) ? intval($arr['item_private']) : $orig[0]['item_private'];
    $arr['title'] = array_key_exists('title', $arr) ? trim($arr['title']) : $orig[0]['title'];
    $arr['body'] = array_key_exists('body', $arr) ? trim($arr['body']) : $orig[0]['body'];
    $arr['attach'] = x($arr, 'attach') ? notags(trim($arr['attach'])) : $orig[0]['attach'];
    $arr['app'] = x($arr, 'app') ? notags(trim($arr['app'])) : $orig[0]['app'];
    //	$arr['item_restrict'] = ((x($arr,'item_restrict')) ? intval($arr['item_restrict'])       : $orig[0]['item_restrict'] );
    //	$arr['item_flags']    = ((x($arr,'item_flags'))    ? intval($arr['item_flags'])          : $orig[0]['item_flags'] );
    $arr['sig'] = x($arr, 'sig') ? $arr['sig'] : '';
    $arr['layout_mid'] = array_key_exists('layout_mid', $arr) ? dbesc($arr['layout_mid']) : $orig[0]['layout_mid'];
    $arr['public_policy'] = x($arr, 'public_policy') ? notags(trim($arr['public_policy'])) : $orig[0]['public_policy'];
    $arr['comment_policy'] = x($arr, 'comment_policy') ? notags(trim($arr['comment_policy'])) : $orig[0]['comment_policy'];
    call_hooks('post_remote_update', $arr);
    if (x($arr, 'cancel')) {
        logger('item_store_update: post cancelled by plugin.');
        $ret['message'] = 'cancelled.';
        return $ret;
    }
    // pull out all the taxonomy stuff for separate storage
    $terms = null;
    if (array_key_exists('term', $arr)) {
        $terms = $arr['term'];
        unset($arr['term']);
    }
    dbesc_array($arr);
    logger('item_store_update: ' . print_r($arr, true), LOGGER_DATA);
    $str = '';
    foreach ($arr as $k => $v) {
        if ($str) {
            $str .= ",";
        }
        $str .= " `" . $k . "` = '" . $v . "' ";
    }
    $r = dbq("update `item` set " . $str . " where id = " . $orig_post_id);
    if ($r) {
        logger('item_store_update: updated item ' . $orig_post_id, LOGGER_DEBUG);
    } else {
        logger('item_store_update: could not update item');
        $ret['message'] = 'DB update failed.';
        return $ret;
    }
    $r = q("delete from term where oid = %d and otype = %d", intval($orig_post_id), intval(TERM_OBJ_POST));
    if (is_array($terms)) {
        foreach ($terms as $t) {
            q("insert into term (uid,oid,otype,type,term,url)\n\t\t\t\tvalues(%d,%d,%d,%d,'%s','%s') ", intval($uid), intval($orig_post_id), intval(TERM_OBJ_POST), intval($t['type']), dbesc($t['term']), dbesc($t['url']));
        }
        $arr['term'] = $terms;
    }
    call_hooks('post_remote_update_end', $arr);
    send_status_notifications($orig_post_id, $arr);
    tag_deliver($uid, $orig_post_id);
    $ret['success'] = true;
    $ret['item_id'] = $orig_post_id;
    return $ret;
}
Beispiel #2
0
function item_store_update($arr, $allow_exec = false, $deliver = true)
{
    $d = array('item' => $arr, 'allow_exec' => $allow_exec);
    call_hooks('item_store_update', $d);
    $arr = $d['item'];
    $allow_exec = $d['allow_exec'];
    $ret = array('success' => false, 'item_id' => 0);
    if (!intval($arr['uid'])) {
        logger('item_store_update: no uid');
        $ret['message'] = 'no uid.';
        return $ret;
    }
    if (!intval($arr['id'])) {
        logger('item_store_update: no id');
        $ret['message'] = 'no id.';
        return $ret;
    }
    $orig_post_id = $arr['id'];
    $uid = $arr['uid'];
    $orig = q("select * from item where id = %d and uid = %d limit 1", intval($orig_post_id), intval($uid));
    if (!$orig) {
        logger('item_store_update: original post not found: ' . $orig_post_id);
        $ret['message'] = 'no original';
        return $ret;
    }
    // override the unseen flag with the original
    $arr['item_unseen'] = $orig[0]['item_unseen'];
    if (array_key_exists('edit', $arr)) {
        unset($arr['edit']);
    }
    $arr['mimetype'] = x($arr, 'mimetype') ? notags(trim($arr['mimetype'])) : 'text/bbcode';
    if ($arr['mimetype'] == 'application/x-php' && !$allow_exec) {
        logger('item_store: php mimetype but allow_exec is denied.');
        $ret['message'] = 'exec denied.';
        return $ret;
    }
    if (!array_key_exists('item_obscured', $arr) || $arr['item_obscured'] == 0) {
        $arr['lang'] = detect_language($arr['body']);
        // apply the input filter here - if it is obscured it has been filtered already
        $arr['body'] = trim(z_input_filter($arr['uid'], $arr['body'], $arr['mimetype']));
        if (local_channel() && !$arr['sig']) {
            $channel = App::get_channel();
            if ($channel['channel_hash'] === $arr['author_xchan']) {
                $arr['sig'] = base64url_encode(rsa_sign($arr['body'], $channel['channel_prvkey']));
                $arr['item_verified'] = 1;
            }
        }
        $allowed_languages = get_pconfig($arr['uid'], 'system', 'allowed_languages');
        if (is_array($allowed_languages) && $arr['lang'] && !array_key_exists($arr['lang'], $allowed_languages)) {
            $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
            call_hooks('item_translate', $translate);
            if (!$translate['translated'] && intval(get_pconfig($arr['uid'], 'system', 'reject_disallowed_languages'))) {
                logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
                $ret['message'] = 'language not accepted';
                return $ret;
            }
            $arr = $translate['item'];
        }
    }
    if (x($arr, 'obj') && is_array($arr['obj'])) {
        activity_sanitise($arr['obj']);
        $arr['obj'] = json_encode($arr['obj']);
    }
    if (x($arr, 'target') && is_array($arr['target'])) {
        activity_sanitise($arr['target']);
        $arr['target'] = json_encode($arr['target']);
    }
    if (x($arr, 'attach') && is_array($arr['attach'])) {
        activity_sanitise($arr['attach']);
        $arr['attach'] = json_encode($arr['attach']);
    }
    unset($arr['id']);
    unset($arr['uid']);
    unset($arr['aid']);
    unset($arr['mid']);
    unset($arr['parent']);
    unset($arr['parent_mid']);
    unset($arr['created']);
    unset($arr['author_xchan']);
    unset($arr['owner_xchan']);
    unset($arr['thr_parent']);
    unset($arr['llink']);
    $arr['edited'] = x($arr, 'edited') !== false ? datetime_convert('UTC', 'UTC', $arr['edited']) : datetime_convert();
    $arr['expires'] = x($arr, 'expires') !== false ? datetime_convert('UTC', 'UTC', $arr['expires']) : $orig[0]['expires'];
    if (array_key_exists('comments_closed', $arr) && $arr['comments_closed'] > NULL_DATE) {
        $arr['comments_closed'] = datetime_convert('UTC', 'UTC', $arr['comments_closed']);
    } else {
        $arr['comments_closed'] = $orig[0]['comments_closed'];
    }
    $arr['commented'] = $orig[0]['commented'];
    if ($deliver) {
        $arr['received'] = datetime_convert();
        $arr['changed'] = datetime_convert();
    } else {
        // When deliver flag is false, we are *probably* performing an import or bulk migration.
        // If one updates the changed timestamp it will be made available to zotfeed and delivery
        // will still take place through backdoor methods. Since these fields are rarely used
        // otherwise, just preserve the original timestamp.
        $arr['received'] = $orig[0]['received'];
        $arr['changed'] = $orig[0]['changed'];
    }
    $arr['route'] = array_key_exists('route', $arr) ? trim($arr['route']) : $orig[0]['route'];
    $arr['diaspora_meta'] = x($arr, 'diaspora_meta') ? $arr['diaspora_meta'] : $orig[0]['diaspora_meta'];
    $arr['location'] = x($arr, 'location') ? notags(trim($arr['location'])) : $orig[0]['location'];
    $arr['coord'] = x($arr, 'coord') ? notags(trim($arr['coord'])) : $orig[0]['coord'];
    $arr['verb'] = x($arr, 'verb') ? notags(trim($arr['verb'])) : $orig[0]['verb'];
    $arr['obj_type'] = x($arr, 'obj_type') ? notags(trim($arr['obj_type'])) : $orig[0]['obj_type'];
    $arr['obj'] = x($arr, 'obj') ? trim($arr['obj']) : $orig[0]['obj'];
    $arr['tgt_type'] = x($arr, 'tgt_type') ? notags(trim($arr['tgt_type'])) : $orig[0]['tgt_type'];
    $arr['target'] = x($arr, 'target') ? trim($arr['target']) : $orig[0]['target'];
    $arr['plink'] = x($arr, 'plink') ? notags(trim($arr['plink'])) : $orig[0]['plink'];
    $arr['allow_cid'] = array_key_exists('allow_cid', $arr) ? trim($arr['allow_cid']) : $orig[0]['allow_cid'];
    $arr['allow_gid'] = array_key_exists('allow_gid', $arr) ? trim($arr['allow_gid']) : $orig[0]['allow_gid'];
    $arr['deny_cid'] = array_key_exists('deny_cid', $arr) ? trim($arr['deny_cid']) : $orig[0]['deny_cid'];
    $arr['deny_gid'] = array_key_exists('deny_gid', $arr) ? trim($arr['deny_gid']) : $orig[0]['deny_gid'];
    $arr['item_private'] = array_key_exists('item_private', $arr) ? intval($arr['item_private']) : $orig[0]['item_private'];
    $arr['title'] = array_key_exists('title', $arr) && strlen($arr['title']) ? trim($arr['title']) : '';
    $arr['body'] = array_key_exists('body', $arr) && strlen($arr['body']) ? trim($arr['body']) : '';
    $arr['html'] = array_key_exists('html', $arr) && strlen($arr['html']) ? trim($arr['html']) : '';
    $arr['attach'] = array_key_exists('attach', $arr) ? notags(trim($arr['attach'])) : $orig[0]['attach'];
    $arr['app'] = array_key_exists('app', $arr) ? notags(trim($arr['app'])) : $orig[0]['app'];
    $arr['item_origin'] = array_key_exists('item_origin', $arr) ? intval($arr['item_origin']) : $orig[0]['item_origin'];
    $arr['item_unseen'] = array_key_exists('item_unseen', $arr) ? intval($arr['item_unseen']) : $orig[0]['item_unseen'];
    $arr['item_starred'] = array_key_exists('item_starred', $arr) ? intval($arr['item_starred']) : $orig[0]['item_starred'];
    $arr['item_uplink'] = array_key_exists('item_uplink', $arr) ? intval($arr['item_uplink']) : $orig[0]['item_uplink'];
    $arr['item_consensus'] = array_key_exists('item_consensus', $arr) ? intval($arr['item_consensus']) : $orig[0]['item_consensus'];
    $arr['item_wall'] = array_key_exists('item_wall', $arr) ? intval($arr['item_wall']) : $orig[0]['item_wall'];
    $arr['item_thread_top'] = array_key_exists('item_thread_top', $arr) ? intval($arr['item_thread_top']) : $orig[0]['item_thread_top'];
    $arr['item_notshown'] = array_key_exists('item_notshown', $arr) ? intval($arr['item_notshown']) : $orig[0]['item_notshown'];
    $arr['item_nsfw'] = array_key_exists('item_nsfw', $arr) ? intval($arr['item_nsfw']) : $orig[0]['item_nsfw'];
    $arr['item_relay'] = array_key_exists('item_relay', $arr) ? intval($arr['item_relay']) : $orig[0]['item_relay'];
    $arr['item_mentionsme'] = array_key_exists('item_mentionsme', $arr) ? intval($arr['item_mentionsme']) : $orig[0]['item_mentionsme'];
    $arr['item_nocomment'] = array_key_exists('item_nocomment', $arr) ? intval($arr['item_nocomment']) : $orig[0]['item_nocomment'];
    $arr['item_obscured'] = array_key_exists('item_obscured', $arr) ? intval($arr['item_obscured']) : $orig[0]['item_obscured'];
    $arr['item_verified'] = array_key_exists('item_verified', $arr) ? intval($arr['item_verified']) : $orig[0]['item_verified'];
    $arr['item_retained'] = array_key_exists('item_retained', $arr) ? intval($arr['item_retained']) : $orig[0]['item_retained'];
    $arr['item_rss'] = array_key_exists('item_rss', $arr) ? intval($arr['item_rss']) : $orig[0]['item_rss'];
    $arr['item_deleted'] = array_key_exists('item_deleted', $arr) ? intval($arr['item_deleted']) : $orig[0]['item_deleted'];
    $arr['item_type'] = array_key_exists('item_type', $arr) ? intval($arr['item_type']) : $orig[0]['item_type'];
    $arr['item_hidden'] = array_key_exists('item_hidden', $arr) ? intval($arr['item_hidden']) : $orig[0]['item_hidden'];
    $arr['item_unpublished'] = array_key_exists('item_unpublished', $arr) ? intval($arr['item_unpublished']) : $orig[0]['item_unpublished'];
    $arr['item_delayed'] = array_key_exists('item_delayed', $arr) ? intval($arr['item_delayed']) : $orig[0]['item_delayed'];
    $arr['item_pending_remove'] = array_key_exists('item_pending_remove', $arr) ? intval($arr['item_pending_remove']) : $orig[0]['item_pending_remove'];
    $arr['item_blocked'] = array_key_exists('item_blocked', $arr) ? intval($arr['item_blocked']) : $orig[0]['item_blocked'];
    $arr['sig'] = x($arr, 'sig') ? $arr['sig'] : '';
    $arr['layout_mid'] = array_key_exists('layout_mid', $arr) ? dbesc($arr['layout_mid']) : $orig[0]['layout_mid'];
    $arr['public_policy'] = x($arr, 'public_policy') ? notags(trim($arr['public_policy'])) : $orig[0]['public_policy'];
    $arr['comment_policy'] = x($arr, 'comment_policy') ? notags(trim($arr['comment_policy'])) : $orig[0]['comment_policy'];
    call_hooks('post_remote_update', $arr);
    if (x($arr, 'cancel')) {
        logger('item_store_update: post cancelled by plugin.');
        $ret['message'] = 'cancelled.';
        return $ret;
    }
    // pull out all the taxonomy stuff for separate storage
    $terms = null;
    if (array_key_exists('term', $arr)) {
        $terms = $arr['term'];
        unset($arr['term']);
    }
    $meta = null;
    if (array_key_exists('iconfig', $arr)) {
        $meta = $arr['iconfig'];
        unset($arr['iconfig']);
    }
    dbesc_array($arr);
    logger('item_store_update: ' . print_r($arr, true), LOGGER_DATA);
    $str = '';
    foreach ($arr as $k => $v) {
        if ($str) {
            $str .= ",";
        }
        $str .= " `" . $k . "` = '" . $v . "' ";
    }
    $r = dbq("update `item` set " . $str . " where id = " . $orig_post_id);
    if ($r) {
        logger('item_store_update: updated item ' . $orig_post_id, LOGGER_DEBUG);
    } else {
        logger('item_store_update: could not update item');
        $ret['message'] = 'DB update failed.';
        return $ret;
    }
    // fetch an unescaped complete copy of the stored item
    $r = q("select * from item where id = %d", intval($orig_post_id));
    if ($r) {
        $arr = $r[0];
    }
    $r = q("delete from term where oid = %d and otype = %d", intval($orig_post_id), intval(TERM_OBJ_POST));
    if (is_array($terms)) {
        foreach ($terms as $t) {
            q("insert into term (uid,oid,otype,ttype,term,url)\n\t\t\t\tvalues(%d,%d,%d,%d,'%s','%s') ", intval($uid), intval($orig_post_id), intval(TERM_OBJ_POST), intval($t['ttype']), dbesc($t['term']), dbesc($t['url']));
        }
        $arr['term'] = $terms;
    }
    $r = q("delete from iconfig where iid = %d", intval($orig_post_id));
    if ($meta) {
        foreach ($meta as $m) {
            set_iconfig($orig_post_id, $m['cat'], $m['k'], $m['v'], $m['sharing']);
        }
        $arr['iconfig'] = $meta;
    }
    $ret['item'] = $arr;
    call_hooks('post_remote_update_end', $arr);
    if ($deliver) {
        send_status_notifications($orig_post_id, $arr);
        tag_deliver($uid, $orig_post_id);
    }
    $ret['success'] = true;
    $ret['item_id'] = $orig_post_id;
    return $ret;
}