aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-12-19 00:28:36 -0800
committerfriendica <info@friendica.com>2014-12-19 00:28:36 -0800
commit9c445e98175b55e369f06220a46cf36893960cdc (patch)
tree5f7af9b01029677cecdef2218f1a4c650b852111
parentbe9143447d44de926a107a73c765f8cd235764e6 (diff)
downloadvolse-hubzilla-9c445e98175b55e369f06220a46cf36893960cdc.tar.gz
volse-hubzilla-9c445e98175b55e369f06220a46cf36893960cdc.tar.bz2
volse-hubzilla-9c445e98175b55e369f06220a46cf36893960cdc.zip
incorrect check for sys ownership
-rw-r--r--mod/display.php9
1 files changed, 5 insertions, 4 deletions
diff --git a/mod/display.php b/mod/display.php
index 55f7c1306..7d7f4ca13 100644
--- a/mod/display.php
+++ b/mod/display.php
@@ -157,6 +157,7 @@ function display_content(&$a, $update = 0, $load = false) {
require_once('include/identity.php');
$sys = get_sys_channel();
+ $sysid = $sys['channel_id'];
if(local_user()) {
$r = q("SELECT * from item
@@ -178,8 +179,8 @@ function display_content(&$a, $update = 0, $load = false) {
// in case somebody turned off public access to sys channel content using permissions
// make that content unsearchable by ensuring the owner_xchan can't match
- if(! perm_is_allowed($sys['channel_id'],$observer_hash,'view_stream'))
- $sys['xchan_hash'] .= 'disabled';
+ if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
+ $sysid = 0;
$r = q("SELECT * from item
@@ -188,11 +189,11 @@ function display_content(&$a, $update = 0, $load = false) {
AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = ''
AND `item`.`deny_gid` = '' AND item_private = 0 )
and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
- OR owner_xchan = '%s')
+ OR uid = %d )
$sql_extra )
limit 1",
dbesc($target_item['parent_mid']),
- dbesc($sys['xchan_hash'])
+ intval($sysid)
);
}