function item_store_update($arr, $allow_exec = false)
{
$d = array('item' => $arr, 'allow_exec' => $allow_exec);
call_hooks('item_store_update', $d);
$arr = $d['item'];
$allow_exec = $d['allow_exec'];
$ret = array('success' => false, 'item_id' => 0);
if (!intval($arr['uid'])) {
logger('item_store_update: no uid');
$ret['message'] = 'no uid.';
return $ret;
}
if (!intval($arr['id'])) {
logger('item_store_update: no id');
$ret['message'] = 'no id.';
return $ret;
}
$orig_post_id = $arr['id'];
$uid = $arr['uid'];
$orig = q("select * from item where id = %d and uid = %d limit 1", intval($orig_post_id), intval($uid));
if (!$orig) {
logger('item_store_update: original post not found: ' . $orig_post_id);
$ret['message'] = 'no original';
return $ret;
}
// override the unseen flag with the original
if (intval($arr['item_flags'])) {
$arr['item_unseen'] = 0;
}
if ($orig[0]['item_flags'] & ITEM_VERIFIED) {
$orig[0]['item_flags'] = $orig[0]['item_flags'] ^ ITEM_VERIFIED;
}
if ($orig[0]['item_flags'] & ITEM_OBSCURED) {
$orig[0]['item_flags'] = $orig[0]['item_flags'] ^ ITEM_OBSCURED;
}
$arr['item_flags'] = intval($arr['item_flags']) | $orig[0]['item_flags'];
$arr['item_restrict'] = intval($arr['item_restrict']) | $orig[0]['item_restrict'];
if (array_key_exists('edit', $arr)) {
unset($arr['edit']);
}
$arr['mimetype'] = x($arr, 'mimetype') ? notags(trim($arr['mimetype'])) : 'text/bbcode';
if ($arr['mimetype'] == 'application/x-php' && !$allow_exec) {
logger('item_store: php mimetype but allow_exec is denied.');
$ret['message'] = 'exec denied.';
return $ret;
}
if (!($arr['item_flags'] & ITEM_OBSCURED)) {
$arr['lang'] = detect_language($arr['body']);
// apply the input filter here - if it is obscured it has been filtered already
$arr['body'] = trim(z_input_filter($arr['uid'], $arr['body'], $arr['mimetype']));
if (local_channel() && !$arr['sig']) {
$channel = get_app()->get_channel();
if ($channel['channel_hash'] === $arr['author_xchan']) {
$arr['sig'] = base64url_encode(rsa_sign($arr['body'], $channel['channel_prvkey']));
$arr['item_flags'] |= ITEM_VERIFIED;
}
}
$allowed_languages = get_pconfig($arr['uid'], 'system', 'allowed_languages');
if (is_array($allowed_languages) && $arr['lang'] && !array_key_exists($arr['lang'], $allowed_languages)) {
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
call_hooks('item_translate', $translate);
if (!$translate['translated'] && intval(get_pconfig($arr['uid'], 'system', 'reject_disallowed_languages'))) {
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
$ret['message'] = 'language not accepted';
return $ret;
}
$arr = $translate['item'];
}
if ($arr['item_private']) {
$key = get_config('system', 'pubkey');
$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
if ($arr['title']) {
$arr['title'] = json_encode(crypto_encapsulate($arr['title'], $key));
}
if ($arr['body']) {
$arr['body'] = json_encode(crypto_encapsulate($arr['body'], $key));
}
}
}
if (x($arr, 'object') && is_array($arr['object'])) {
activity_sanitise($arr['object']);
$arr['object'] = json_encode($arr['object']);
}
if (x($arr, 'target') && is_array($arr['target'])) {
activity_sanitise($arr['target']);
$arr['target'] = json_encode($arr['target']);
}
if (x($arr, 'attach') && is_array($arr['attach'])) {
activity_sanitise($arr['attach']);
$arr['attach'] = json_encode($arr['attach']);
}
unset($arr['id']);
unset($arr['uid']);
unset($arr['aid']);
unset($arr['mid']);
unset($arr['parent']);
unset($arr['parent_mid']);
unset($arr['created']);
unset($arr['author_xchan']);
unset($arr['owner_xchan']);
unset($arr['thr_parent']);
unset($arr['llink']);
$arr['edited'] = x($arr, 'edited') !== false ? datetime_convert('UTC', 'UTC', $arr['edited']) : datetime_convert();
$arr['expires'] = x($arr, 'expires') !== false ? datetime_convert('UTC', 'UTC', $arr['expires']) : $orig[0]['expires'];
if (array_key_exists('comments_closed', $arr) && $arr['comments_closed'] != NULL_DATE) {
$arr['comments_closed'] = datetime_convert('UTC', 'UTC', $arr['comments_closed']);
} else {
$arr['comments_closed'] = $orig[0]['comments_closed'];
}
$arr['commented'] = $orig[0]['commented'];
$arr['received'] = datetime_convert();
$arr['changed'] = datetime_convert();
$arr['route'] = array_key_exists('route', $arr) ? trim($arr['route']) : $orig[0]['route'];
$arr['diaspora_meta'] = x($arr, 'diaspora_meta') ? $arr['diaspora_meta'] : $orig[0]['diaspora_meta'];
$arr['location'] = x($arr, 'location') ? notags(trim($arr['location'])) : $orig[0]['location'];
$arr['coord'] = x($arr, 'coord') ? notags(trim($arr['coord'])) : $orig[0]['coord'];
$arr['verb'] = x($arr, 'verb') ? notags(trim($arr['verb'])) : $orig[0]['verb'];
$arr['obj_type'] = x($arr, 'obj_type') ? notags(trim($arr['obj_type'])) : $orig[0]['obj_type'];
$arr['object'] = x($arr, 'object') ? trim($arr['object']) : $orig[0]['object'];
$arr['tgt_type'] = x($arr, 'tgt_type') ? notags(trim($arr['tgt_type'])) : $orig[0]['tgt_type'];
$arr['target'] = x($arr, 'target') ? trim($arr['target']) : $orig[0]['target'];
$arr['plink'] = x($arr, 'plink') ? notags(trim($arr['plink'])) : $orig[0]['plink'];
$arr['allow_cid'] = array_key_exists('allow_cid', $arr) ? trim($arr['allow_cid']) : $orig[0]['allow_cid'];
$arr['allow_gid'] = array_key_exists('allow_gid', $arr) ? trim($arr['allow_gid']) : $orig[0]['allow_gid'];
$arr['deny_cid'] = array_key_exists('deny_cid', $arr) ? trim($arr['deny_cid']) : $orig[0]['deny_cid'];
$arr['deny_gid'] = array_key_exists('deny_gid', $arr) ? trim($arr['deny_gid']) : $orig[0]['deny_gid'];
$arr['item_private'] = array_key_exists('item_private', $arr) ? intval($arr['item_private']) : $orig[0]['item_private'];
$arr['title'] = array_key_exists('title', $arr) ? trim($arr['title']) : $orig[0]['title'];
$arr['body'] = array_key_exists('body', $arr) ? trim($arr['body']) : $orig[0]['body'];
$arr['attach'] = x($arr, 'attach') ? notags(trim($arr['attach'])) : $orig[0]['attach'];
$arr['app'] = x($arr, 'app') ? notags(trim($arr['app'])) : $orig[0]['app'];
// $arr['item_restrict'] = ((x($arr,'item_restrict')) ? intval($arr['item_restrict']) : $orig[0]['item_restrict'] );
// $arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : $orig[0]['item_flags'] );
$arr['sig'] = x($arr, 'sig') ? $arr['sig'] : '';
$arr['layout_mid'] = array_key_exists('layout_mid', $arr) ? dbesc($arr['layout_mid']) : $orig[0]['layout_mid'];
$arr['public_policy'] = x($arr, 'public_policy') ? notags(trim($arr['public_policy'])) : $orig[0]['public_policy'];
$arr['comment_policy'] = x($arr, 'comment_policy') ? notags(trim($arr['comment_policy'])) : $orig[0]['comment_policy'];
call_hooks('post_remote_update', $arr);
if (x($arr, 'cancel')) {
logger('item_store_update: post cancelled by plugin.');
$ret['message'] = 'cancelled.';
return $ret;
}
// pull out all the taxonomy stuff for separate storage
$terms = null;
if (array_key_exists('term', $arr)) {
$terms = $arr['term'];
unset($arr['term']);
}
dbesc_array($arr);
logger('item_store_update: ' . print_r($arr, true), LOGGER_DATA);
$str = '';
foreach ($arr as $k => $v) {
if ($str) {
$str .= ",";
}
$str .= " `" . $k . "` = '" . $v . "' ";
}
$r = dbq("update `item` set " . $str . " where id = " . $orig_post_id);
if ($r) {
logger('item_store_update: updated item ' . $orig_post_id, LOGGER_DEBUG);
} else {
logger('item_store_update: could not update item');
$ret['message'] = 'DB update failed.';
return $ret;
}
$r = q("delete from term where oid = %d and otype = %d", intval($orig_post_id), intval(TERM_OBJ_POST));
if (is_array($terms)) {
foreach ($terms as $t) {
q("insert into term (uid,oid,otype,type,term,url)\n\t\t\t\tvalues(%d,%d,%d,%d,'%s','%s') ", intval($uid), intval($orig_post_id), intval(TERM_OBJ_POST), intval($t['type']), dbesc($t['term']), dbesc($t['url']));
}
$arr['term'] = $terms;
}
call_hooks('post_remote_update_end', $arr);
send_status_notifications($orig_post_id, $arr);
tag_deliver($uid, $orig_post_id);
$ret['success'] = true;
$ret['item_id'] = $orig_post_id;
return $ret;
}
function diaspora_comment($importer, $xml, $msg)
{
$a = get_app();
$guid = notags(unxmlify($xml->guid));
$parent_guid = notags(unxmlify($xml->parent_guid));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
$target_type = notags(unxmlify($xml->target_type));
$text = unxmlify($xml->text);
$author_signature = notags(unxmlify($xml->author_signature));
$parent_author_signature = $xml->parent_author_signature ? notags(unxmlify($xml->parent_author_signature)) : '';
$contact = diaspora_get_contact_by_handle($importer['channel_id'], $msg['author']);
if (!$contact) {
logger('diaspora_comment: cannot find contact: ' . $msg['author']);
return;
}
if (!perm_is_allowed($importer['channel_id'], $contact['xchan_hash'], 'post_comments')) {
logger('diaspora_comment: Ignoring this author.');
return 202;
}
// Friendica is currently truncating guids at 64 chars
$search_guid = $guid;
if (strlen($guid) == 64) {
$search_guid = $guid . '%';
}
$r = q("SELECT * FROM item WHERE uid = %d AND mid like '%s' LIMIT 1", intval($importer['channel_id']), dbesc($search_guid));
if ($r) {
logger('diaspora_comment: our comment just got relayed back to us (or there was a guid collision) : ' . $guid);
return;
}
$search_guid = $parent_guid;
if (strlen($parent_guid) == 64) {
$search_guid = $parent_guid . '%';
}
$r = q("SELECT * FROM item WHERE uid = %d AND mid LIKE '%s' LIMIT 1", intval($importer['channel_id']), dbesc($search_guid));
if (!$r) {
logger('diaspora_comment: parent item not found: parent: ' . $parent_guid . ' item: ' . $guid);
return;
}
$parent_item = $r[0];
/* How Diaspora performs comment signature checking:
- If an item has been sent by the comment author to the top-level post owner to relay on
to the rest of the contacts on the top-level post, the top-level post owner should check
the author_signature, then create a parent_author_signature before relaying the comment on
- If an item has been relayed on by the top-level post owner, the contacts who receive it
check only the parent_author_signature. Basically, they trust that the top-level post
owner has already verified the authenticity of anything he/she sends out
- In either case, the signature that get checked is the signature created by the person
who sent the psuedo-salmon
*/
$signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $diaspora_handle;
$key = $msg['key'];
if ($parent_author_signature) {
// If a parent_author_signature exists, then we've received the comment
// relayed from the top-level post owner. There's no need to check the
// author_signature if the parent_author_signature is valid
$parent_author_signature = base64_decode($parent_author_signature);
if (!rsa_verify($signed_data, $parent_author_signature, $key, 'sha256')) {
logger('diaspora_comment: top-level owner verification failed.');
return;
}
} else {
// If there's no parent_author_signature, then we've received the comment
// from the comment creator. In that case, the person is commenting on
// our post, so he/she must be a contact of ours and his/her public key
// should be in $msg['key']
$author_signature = base64_decode($author_signature);
if (!rsa_verify($signed_data, $author_signature, $key, 'sha256')) {
logger('diaspora_comment: comment author verification failed.');
return;
}
}
// Phew! Everything checks out. Now create an item.
// Find the original comment author information.
// We need this to make sure we display the comment author
// information (name and avatar) correctly.
if (strcasecmp($diaspora_handle, $msg['author']) == 0) {
$person = $contact;
} else {
$person = find_diaspora_person_by_handle($diaspora_handle);
if (!is_array($person)) {
logger('diaspora_comment: unable to find author details');
return;
}
}
$body = diaspora2bb($text);
$datarray = array();
$tags = get_tags($body);
if (count($tags)) {
$datarray['term'] = array();
foreach ($tags as $tag) {
if (strpos($tag, '#') === 0) {
if (strpos($tag, '[url=')) {
continue;
}
// don't link tags that are already embedded in links
if (preg_match('/\\[(.*?)' . preg_quote($tag, '/') . '(.*?)\\]/', $body)) {
continue;
}
if (preg_match('/\\[(.*?)\\]\\((.*?)' . preg_quote($tag, '/') . '(.*?)\\)/', $body)) {
continue;
}
$basetag = str_replace('_', ' ', substr($tag, 1));
$body = str_replace($tag, '#[url=' . $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/url]', $body);
$datarray['term'][] = array('uid' => $importer['channel_id'], 'type' => TERM_HASHTAG, 'otype' => TERM_OBJ_POST, 'term' => $basetag, 'url' => z_root() . '/search?tag=' . rawurlencode($basetag));
}
}
}
$cnt = preg_match_all('/@\\[url=(.*?)\\](.*?)\\[\\/url\\]/ism', $body, $matches, PREG_SET_ORDER);
if ($cnt) {
foreach ($matches as $mtch) {
$datarray['term'][] = array('uid' => $importer['channel_id'], 'type' => TERM_MENTION, 'otype' => TERM_OBJ_POST, 'term' => $mtch[2], 'url' => $mtch[1]);
}
}
$datarray['uid'] = $importer['channel_id'];
$datarray['verb'] = ACTIVITY_POST;
$datarray['mid'] = $guid;
$datarray['parent_mid'] = $parent_item['mid'];
// No timestamps for comments? OK, we'll the use current time.
$datarray['changed'] = $datarray['created'] = $datarray['edited'] = datetime_convert();
$datarray['item_private'] = $parent_item['item_private'];
$datarray['owner_xchan'] = $parent_item['owner_xchan'];
$datarray['author_xchan'] = $person['xchan_hash'];
$datarray['body'] = $body;
$datarray['app'] = 'Diaspora';
if (!$parent_author_signature) {
$datarray['diaspora_meta'] = array('signer' => $diaspora_handle, 'body' => $text, 'signed_text' => $signed_data, 'signature' => base64_encode($author_signature));
}
$result = item_store($datarray);
if ($result && $result['success']) {
$message_id = $result['item_id'];
}
if ($parent_item['item_flags'] & ITEM_ORIGIN && !$parent_author_signature) {
q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", intval($message_id), dbesc($signed_data), dbesc(base64_encode($author_signature)), dbesc($diaspora_handle));
// if the message isn't already being relayed, notify others
// the existence of parent_author_signature means the parent_author or owner
// is already relaying.
proc_run('php', 'include/notifier.php', 'comment-import', $message_id);
}
if ($result['item_id']) {
$r = q("select * from item where id = %d limit 1", intval($result['item_id']));
if ($r) {
send_status_notifications($result['item_id'], $r[0]);
}
}
return;
}
function diaspora_comment($importer, $xml, $msg)
{
$a = get_app();
$guid = notags(unxmlify($xml->guid));
$parent_guid = notags(unxmlify($xml->parent_guid));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
$target_type = notags(unxmlify($xml->target_type));
$text = unxmlify($xml->text);
$author_signature = notags(unxmlify($xml->author_signature));
$parent_author_signature = $xml->parent_author_signature ? notags(unxmlify($xml->parent_author_signature)) : '';
$contact = diaspora_get_contact_by_handle($importer['channel_id'], $msg['author']);
if (!$contact) {
logger('diaspora_comment: cannot find contact: ' . $msg['author']);
return;
}
$pubcomment = get_pconfig($importer['channel_id'], 'system', 'diaspora_public_comments');
// by default comments on public posts are allowed from anybody on Diaspora. That is their policy.
// Once this setting is set to something we'll track your preference and it will over-ride the default.
if ($pubcomment === false) {
$pubcomment = 1;
}
// Friendica is currently truncating guids at 64 chars
$search_guid = $parent_guid;
if (strlen($parent_guid) == 64) {
$search_guid = $parent_guid . '%';
}
$r = q("SELECT * FROM item WHERE uid = %d AND mid LIKE '%s' LIMIT 1", intval($importer['channel_id']), dbesc($search_guid));
if (!$r) {
logger('diaspora_comment: parent item not found: parent: ' . $parent_guid . ' item: ' . $guid);
return;
}
$parent_item = $r[0];
if (intval($parent_item['item_private'])) {
$pubcomment = 0;
}
$search_guid = $guid;
if (strlen($guid) == 64) {
$search_guid = $guid . '%';
}
$r = q("SELECT * FROM item WHERE uid = %d AND mid like '%s' LIMIT 1", intval($importer['channel_id']), dbesc($search_guid));
if ($r) {
logger('diaspora_comment: our comment just got relayed back to us (or there was a guid collision) : ' . $guid);
return;
}
/* How Diaspora performs comment signature checking:
- If an item has been sent by the comment author to the top-level post owner to relay on
to the rest of the contacts on the top-level post, the top-level post owner should check
the author_signature, then create a parent_author_signature before relaying the comment on
- If an item has been relayed on by the top-level post owner, the contacts who receive it
check only the parent_author_signature. Basically, they trust that the top-level post
owner has already verified the authenticity of anything he/she sends out
- In either case, the signature that get checked is the signature created by the person
who sent the psuedo-salmon
*/
$signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $diaspora_handle;
$key = $msg['key'];
if ($parent_author_signature) {
// If a parent_author_signature exists, then we've received the comment
// relayed from the top-level post owner. There's no need to check the
// author_signature if the parent_author_signature is valid
$parent_author_signature = base64_decode($parent_author_signature);
if (!rsa_verify($signed_data, $parent_author_signature, $key, 'sha256')) {
logger('diaspora_comment: top-level owner verification failed.');
return;
}
} else {
// If there's no parent_author_signature, then we've received the comment
// from the comment creator. In that case, the person is commenting on
// our post, so he/she must be a contact of ours and his/her public key
// should be in $msg['key']
if ($importer['system']) {
// don't relay to the sys channel
logger('diaspora_comment: relay to sys channel blocked.');
return;
}
$author_signature = base64_decode($author_signature);
if (!rsa_verify($signed_data, $author_signature, $key, 'sha256')) {
logger('diaspora_comment: comment author verification failed.');
return;
}
}
// Phew! Everything checks out. Now create an item.
// Find the original comment author information.
// We need this to make sure we display the comment author
// information (name and avatar) correctly.
if (strcasecmp($diaspora_handle, $msg['author']) == 0) {
$person = $contact;
} else {
$person = find_diaspora_person_by_handle($diaspora_handle);
if (!is_array($person)) {
logger('diaspora_comment: unable to find author details');
return;
}
}
$body = diaspora2bb($text);
$maxlen = get_max_import_size();
if ($maxlen && mb_strlen($body) > $maxlen) {
$body = mb_substr($body, 0, $maxlen, 'UTF-8');
logger('message length exceeds max_import_size: truncated');
}
$datarray = array();
// Look for tags and linkify them
$results = linkify_tags(get_app(), $body, $importer['channel_id'], true);
$datarray['term'] = array();
if ($results) {
foreach ($results as $result) {
$success = $result['success'];
if ($success['replaced']) {
$datarray['term'][] = array('uid' => $importer['channel_id'], 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
}
}
}
$cnt = preg_match_all('/@\\[url=(.*?)\\](.*?)\\[\\/url\\]/ism', $body, $matches, PREG_SET_ORDER);
if ($cnt) {
foreach ($matches as $mtch) {
$datarray['term'][] = array('uid' => $importer['channel_id'], 'type' => TERM_MENTION, 'otype' => TERM_OBJ_POST, 'term' => $mtch[2], 'url' => $mtch[1]);
}
}
$cnt = preg_match_all('/@\\[zrl=(.*?)\\](.*?)\\[\\/zrl\\]/ism', $body, $matches, PREG_SET_ORDER);
if ($cnt) {
foreach ($matches as $mtch) {
// don't include plustags in the term
$term = substr($mtch[2], -1, 1) === '+' ? substr($mtch[2], 0, -1) : $mtch[2];
$datarray['term'][] = array('uid' => $importer['channel_id'], 'type' => TERM_MENTION, 'otype' => TERM_OBJ_POST, 'term' => $term, 'url' => $mtch[1]);
}
}
$datarray['uid'] = $importer['channel_id'];
$datarray['verb'] = ACTIVITY_POST;
$datarray['mid'] = $guid;
$datarray['parent_mid'] = $parent_item['mid'];
// set the route to that of the parent so downstream hubs won't reject it.
$datarray['route'] = $parent_item['route'];
// No timestamps for comments? OK, we'll the use current time.
$datarray['changed'] = $datarray['created'] = $datarray['edited'] = datetime_convert();
$datarray['item_private'] = $parent_item['item_private'];
$datarray['owner_xchan'] = $parent_item['owner_xchan'];
$datarray['author_xchan'] = $person['xchan_hash'];
$datarray['body'] = $body;
if (strstr($person['xchan_network'], 'friendica')) {
$app = 'Friendica';
} else {
$app = 'Diaspora';
}
$datarray['app'] = $app;
if (!$parent_author_signature) {
$key = get_config('system', 'pubkey');
$x = array('signer' => $diaspora_handle, 'body' => $text, 'signed_text' => $signed_data, 'signature' => base64_encode($author_signature));
$datarray['diaspora_meta'] = json_encode(crypto_encapsulate(json_encode($x), $key));
}
// So basically if something arrives at the sys channel it's by definition public and we allow it.
// If $pubcomment and the parent was public, we allow it.
// In all other cases, honour the permissions for this Diaspora connection
$tgroup = tgroup_check($importer['channel_id'], $datarray);
if (!$importer['system'] && !$pubcomment && !perm_is_allowed($importer['channel_id'], $contact['xchan_hash'], 'post_comments') && !$tgroup) {
logger('diaspora_comment: Ignoring this author.');
return 202;
}
$result = item_store($datarray);
if ($result && $result['success']) {
$message_id = $result['item_id'];
}
if ($parent_item['item_flags'] & ITEM_ORIGIN && !$parent_author_signature) {
// if the message isn't already being relayed, notify others
// the existence of parent_author_signature means the parent_author or owner
// is already relaying.
proc_run('php', 'include/notifier.php', 'comment-import', $message_id);
}
if ($result['item_id']) {
$r = q("select * from item where id = %d limit 1", intval($result['item_id']));
if ($r) {
send_status_notifications($result['item_id'], $r[0]);
}
}
return;
}
function item_store_update($arr, $allow_exec = false, $deliver = true)
{
$d = array('item' => $arr, 'allow_exec' => $allow_exec);
call_hooks('item_store_update', $d);
$arr = $d['item'];
$allow_exec = $d['allow_exec'];
$ret = array('success' => false, 'item_id' => 0);
if (!intval($arr['uid'])) {
logger('item_store_update: no uid');
$ret['message'] = 'no uid.';
return $ret;
}
if (!intval($arr['id'])) {
logger('item_store_update: no id');
$ret['message'] = 'no id.';
return $ret;
}
$orig_post_id = $arr['id'];
$uid = $arr['uid'];
$orig = q("select * from item where id = %d and uid = %d limit 1", intval($orig_post_id), intval($uid));
if (!$orig) {
logger('item_store_update: original post not found: ' . $orig_post_id);
$ret['message'] = 'no original';
return $ret;
}
// override the unseen flag with the original
$arr['item_unseen'] = $orig[0]['item_unseen'];
if (array_key_exists('edit', $arr)) {
unset($arr['edit']);
}
$arr['mimetype'] = x($arr, 'mimetype') ? notags(trim($arr['mimetype'])) : 'text/bbcode';
if ($arr['mimetype'] == 'application/x-php' && !$allow_exec) {
logger('item_store: php mimetype but allow_exec is denied.');
$ret['message'] = 'exec denied.';
return $ret;
}
if (!array_key_exists('item_obscured', $arr) || $arr['item_obscured'] == 0) {
$arr['lang'] = detect_language($arr['body']);
// apply the input filter here - if it is obscured it has been filtered already
$arr['body'] = trim(z_input_filter($arr['uid'], $arr['body'], $arr['mimetype']));
if (local_channel() && !$arr['sig']) {
$channel = App::get_channel();
if ($channel['channel_hash'] === $arr['author_xchan']) {
$arr['sig'] = base64url_encode(rsa_sign($arr['body'], $channel['channel_prvkey']));
$arr['item_verified'] = 1;
}
}
$allowed_languages = get_pconfig($arr['uid'], 'system', 'allowed_languages');
if (is_array($allowed_languages) && $arr['lang'] && !array_key_exists($arr['lang'], $allowed_languages)) {
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
call_hooks('item_translate', $translate);
if (!$translate['translated'] && intval(get_pconfig($arr['uid'], 'system', 'reject_disallowed_languages'))) {
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
$ret['message'] = 'language not accepted';
return $ret;
}
$arr = $translate['item'];
}
}
if (x($arr, 'obj') && is_array($arr['obj'])) {
activity_sanitise($arr['obj']);
$arr['obj'] = json_encode($arr['obj']);
}
if (x($arr, 'target') && is_array($arr['target'])) {
activity_sanitise($arr['target']);
$arr['target'] = json_encode($arr['target']);
}
if (x($arr, 'attach') && is_array($arr['attach'])) {
activity_sanitise($arr['attach']);
$arr['attach'] = json_encode($arr['attach']);
}
unset($arr['id']);
unset($arr['uid']);
unset($arr['aid']);
unset($arr['mid']);
unset($arr['parent']);
unset($arr['parent_mid']);
unset($arr['created']);
unset($arr['author_xchan']);
unset($arr['owner_xchan']);
unset($arr['thr_parent']);
unset($arr['llink']);
$arr['edited'] = x($arr, 'edited') !== false ? datetime_convert('UTC', 'UTC', $arr['edited']) : datetime_convert();
$arr['expires'] = x($arr, 'expires') !== false ? datetime_convert('UTC', 'UTC', $arr['expires']) : $orig[0]['expires'];
if (array_key_exists('comments_closed', $arr) && $arr['comments_closed'] > NULL_DATE) {
$arr['comments_closed'] = datetime_convert('UTC', 'UTC', $arr['comments_closed']);
} else {
$arr['comments_closed'] = $orig[0]['comments_closed'];
}
$arr['commented'] = $orig[0]['commented'];
if ($deliver) {
$arr['received'] = datetime_convert();
$arr['changed'] = datetime_convert();
} else {
// When deliver flag is false, we are *probably* performing an import or bulk migration.
// If one updates the changed timestamp it will be made available to zotfeed and delivery
// will still take place through backdoor methods. Since these fields are rarely used
// otherwise, just preserve the original timestamp.
$arr['received'] = $orig[0]['received'];
$arr['changed'] = $orig[0]['changed'];
}
$arr['route'] = array_key_exists('route', $arr) ? trim($arr['route']) : $orig[0]['route'];
$arr['diaspora_meta'] = x($arr, 'diaspora_meta') ? $arr['diaspora_meta'] : $orig[0]['diaspora_meta'];
$arr['location'] = x($arr, 'location') ? notags(trim($arr['location'])) : $orig[0]['location'];
$arr['coord'] = x($arr, 'coord') ? notags(trim($arr['coord'])) : $orig[0]['coord'];
$arr['verb'] = x($arr, 'verb') ? notags(trim($arr['verb'])) : $orig[0]['verb'];
$arr['obj_type'] = x($arr, 'obj_type') ? notags(trim($arr['obj_type'])) : $orig[0]['obj_type'];
$arr['obj'] = x($arr, 'obj') ? trim($arr['obj']) : $orig[0]['obj'];
$arr['tgt_type'] = x($arr, 'tgt_type') ? notags(trim($arr['tgt_type'])) : $orig[0]['tgt_type'];
$arr['target'] = x($arr, 'target') ? trim($arr['target']) : $orig[0]['target'];
$arr['plink'] = x($arr, 'plink') ? notags(trim($arr['plink'])) : $orig[0]['plink'];
$arr['allow_cid'] = array_key_exists('allow_cid', $arr) ? trim($arr['allow_cid']) : $orig[0]['allow_cid'];
$arr['allow_gid'] = array_key_exists('allow_gid', $arr) ? trim($arr['allow_gid']) : $orig[0]['allow_gid'];
$arr['deny_cid'] = array_key_exists('deny_cid', $arr) ? trim($arr['deny_cid']) : $orig[0]['deny_cid'];
$arr['deny_gid'] = array_key_exists('deny_gid', $arr) ? trim($arr['deny_gid']) : $orig[0]['deny_gid'];
$arr['item_private'] = array_key_exists('item_private', $arr) ? intval($arr['item_private']) : $orig[0]['item_private'];
$arr['title'] = array_key_exists('title', $arr) && strlen($arr['title']) ? trim($arr['title']) : '';
$arr['body'] = array_key_exists('body', $arr) && strlen($arr['body']) ? trim($arr['body']) : '';
$arr['html'] = array_key_exists('html', $arr) && strlen($arr['html']) ? trim($arr['html']) : '';
$arr['attach'] = array_key_exists('attach', $arr) ? notags(trim($arr['attach'])) : $orig[0]['attach'];
$arr['app'] = array_key_exists('app', $arr) ? notags(trim($arr['app'])) : $orig[0]['app'];
$arr['item_origin'] = array_key_exists('item_origin', $arr) ? intval($arr['item_origin']) : $orig[0]['item_origin'];
$arr['item_unseen'] = array_key_exists('item_unseen', $arr) ? intval($arr['item_unseen']) : $orig[0]['item_unseen'];
$arr['item_starred'] = array_key_exists('item_starred', $arr) ? intval($arr['item_starred']) : $orig[0]['item_starred'];
$arr['item_uplink'] = array_key_exists('item_uplink', $arr) ? intval($arr['item_uplink']) : $orig[0]['item_uplink'];
$arr['item_consensus'] = array_key_exists('item_consensus', $arr) ? intval($arr['item_consensus']) : $orig[0]['item_consensus'];
$arr['item_wall'] = array_key_exists('item_wall', $arr) ? intval($arr['item_wall']) : $orig[0]['item_wall'];
$arr['item_thread_top'] = array_key_exists('item_thread_top', $arr) ? intval($arr['item_thread_top']) : $orig[0]['item_thread_top'];
$arr['item_notshown'] = array_key_exists('item_notshown', $arr) ? intval($arr['item_notshown']) : $orig[0]['item_notshown'];
$arr['item_nsfw'] = array_key_exists('item_nsfw', $arr) ? intval($arr['item_nsfw']) : $orig[0]['item_nsfw'];
$arr['item_relay'] = array_key_exists('item_relay', $arr) ? intval($arr['item_relay']) : $orig[0]['item_relay'];
$arr['item_mentionsme'] = array_key_exists('item_mentionsme', $arr) ? intval($arr['item_mentionsme']) : $orig[0]['item_mentionsme'];
$arr['item_nocomment'] = array_key_exists('item_nocomment', $arr) ? intval($arr['item_nocomment']) : $orig[0]['item_nocomment'];
$arr['item_obscured'] = array_key_exists('item_obscured', $arr) ? intval($arr['item_obscured']) : $orig[0]['item_obscured'];
$arr['item_verified'] = array_key_exists('item_verified', $arr) ? intval($arr['item_verified']) : $orig[0]['item_verified'];
$arr['item_retained'] = array_key_exists('item_retained', $arr) ? intval($arr['item_retained']) : $orig[0]['item_retained'];
$arr['item_rss'] = array_key_exists('item_rss', $arr) ? intval($arr['item_rss']) : $orig[0]['item_rss'];
$arr['item_deleted'] = array_key_exists('item_deleted', $arr) ? intval($arr['item_deleted']) : $orig[0]['item_deleted'];
$arr['item_type'] = array_key_exists('item_type', $arr) ? intval($arr['item_type']) : $orig[0]['item_type'];
$arr['item_hidden'] = array_key_exists('item_hidden', $arr) ? intval($arr['item_hidden']) : $orig[0]['item_hidden'];
$arr['item_unpublished'] = array_key_exists('item_unpublished', $arr) ? intval($arr['item_unpublished']) : $orig[0]['item_unpublished'];
$arr['item_delayed'] = array_key_exists('item_delayed', $arr) ? intval($arr['item_delayed']) : $orig[0]['item_delayed'];
$arr['item_pending_remove'] = array_key_exists('item_pending_remove', $arr) ? intval($arr['item_pending_remove']) : $orig[0]['item_pending_remove'];
$arr['item_blocked'] = array_key_exists('item_blocked', $arr) ? intval($arr['item_blocked']) : $orig[0]['item_blocked'];
$arr['sig'] = x($arr, 'sig') ? $arr['sig'] : '';
$arr['layout_mid'] = array_key_exists('layout_mid', $arr) ? dbesc($arr['layout_mid']) : $orig[0]['layout_mid'];
$arr['public_policy'] = x($arr, 'public_policy') ? notags(trim($arr['public_policy'])) : $orig[0]['public_policy'];
$arr['comment_policy'] = x($arr, 'comment_policy') ? notags(trim($arr['comment_policy'])) : $orig[0]['comment_policy'];
call_hooks('post_remote_update', $arr);
if (x($arr, 'cancel')) {
logger('item_store_update: post cancelled by plugin.');
$ret['message'] = 'cancelled.';
return $ret;
}
// pull out all the taxonomy stuff for separate storage
$terms = null;
if (array_key_exists('term', $arr)) {
$terms = $arr['term'];
unset($arr['term']);
}
$meta = null;
if (array_key_exists('iconfig', $arr)) {
$meta = $arr['iconfig'];
unset($arr['iconfig']);
}
dbesc_array($arr);
logger('item_store_update: ' . print_r($arr, true), LOGGER_DATA);
$str = '';
foreach ($arr as $k => $v) {
if ($str) {
$str .= ",";
}
$str .= " `" . $k . "` = '" . $v . "' ";
}
$r = dbq("update `item` set " . $str . " where id = " . $orig_post_id);
if ($r) {
logger('item_store_update: updated item ' . $orig_post_id, LOGGER_DEBUG);
} else {
logger('item_store_update: could not update item');
$ret['message'] = 'DB update failed.';
return $ret;
}
// fetch an unescaped complete copy of the stored item
$r = q("select * from item where id = %d", intval($orig_post_id));
if ($r) {
$arr = $r[0];
}
$r = q("delete from term where oid = %d and otype = %d", intval($orig_post_id), intval(TERM_OBJ_POST));
if (is_array($terms)) {
foreach ($terms as $t) {
q("insert into term (uid,oid,otype,ttype,term,url)\n\t\t\t\tvalues(%d,%d,%d,%d,'%s','%s') ", intval($uid), intval($orig_post_id), intval(TERM_OBJ_POST), intval($t['ttype']), dbesc($t['term']), dbesc($t['url']));
}
$arr['term'] = $terms;
}
$r = q("delete from iconfig where iid = %d", intval($orig_post_id));
if ($meta) {
foreach ($meta as $m) {
set_iconfig($orig_post_id, $m['cat'], $m['k'], $m['v'], $m['sharing']);
}
$arr['iconfig'] = $meta;
}
$ret['item'] = $arr;
call_hooks('post_remote_update_end', $arr);
if ($deliver) {
send_status_notifications($orig_post_id, $arr);
tag_deliver($uid, $orig_post_id);
}
$ret['success'] = true;
$ret['item_id'] = $orig_post_id;
return $ret;
}
$data['RECPR_PAGERANK'] = get_page_rank($data['RECPR_URL']);
}
}
$data['ID'] = $id;
if (!isset($data['RECPR_REQUIRED'])) {
$data['RECPR_REQUIRED'] = 0;
}
if (db_replace('link', $data, 'ID') > 0) {
$tpl->assign('posted', true);
if ($action == 'N') {
$cid = $data['CATEGORY_ID'];
$data = array();
$data['STATUS'] = 2;
$data['CATEGORY_ID'] = $cid;
} else {
send_status_notifications($id);
if (isset($_SESSION['return'])) {
@header('Location: ' . $_SESSION['return']);
@exit;
}
}
} else {
$tpl->assign('sql_error', $db->ErrorMsg());
}
}
}
$tpl->assign($data);
$content = $tpl->fetch('dir_links_edit.tpl');
break;
}
$tpl->assign('content', $content);
