aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-09-22 20:55:55 -0700
committerfriendica <info@friendica.com>2013-09-22 20:55:55 -0700
commit44354c1aa82796fae1e0180703ae335b394a8adf (patch)
tree0a49a5aeac17265cb89d6f3b7de24f982e933d03
parentcdfb5f9dc740734fbd95363a026ab44ae1dd9d94 (diff)
downloadvolse-hubzilla-44354c1aa82796fae1e0180703ae335b394a8adf.tar.gz
volse-hubzilla-44354c1aa82796fae1e0180703ae335b394a8adf.tar.bz2
volse-hubzilla-44354c1aa82796fae1e0180703ae335b394a8adf.zip
bug #150, if deny access is present but nobody has been allowed, create an allow list containing everybody in your address book. Then subtract those who are denied.
-rwxr-xr-xinclude/items.php23
1 files changed, 22 insertions, 1 deletions
diff --git a/include/items.php b/include/items.php
index 44917233f..4aecf9174 100755
--- a/include/items.php
+++ b/include/items.php
@@ -24,10 +24,31 @@ function collect_recipients($item,&$private) {
if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid']) {
$allow_people = expand_acl($item['allow_cid']);
$allow_groups = expand_groups(expand_acl($item['allow_gid']));
+
+ $recipients = array_unique(array_merge($allow_people,$allow_groups));
+
+ // if you specifically deny somebody but haven't allowed anybody, we'll allow everybody in your
+ // address book minus the denied connections. The post is still private and can't be seen publicly
+ // as that would allow the denied person to see the post by logging out.
+
+ if((! $item['allow_cid']) && (! $item['allow_gid'])) {
+ $r = q("select * from abook where abook_channel = %d and not (abook_flags & %d) and not (abook_flags & %d) and not (abook_flags & %d)",
+ intval($item['uid']),
+ intval(ABOOK_FLAG_SELF),
+ intval(ABOOK_FLAG_PENDING),
+ intval(ABOOK_FLAG_ARCHIVED)
+ );
+
+ if($r) {
+ foreach($r as $rr) {
+ $recipients[] = $rr['abook_xchan'];
+ }
+ }
+ }
+
$deny_people = expand_acl($item['deny_cid']);
$deny_groups = expand_groups(expand_acl($item['deny_gid']));
- $recipients = array_unique(array_merge($allow_people,$allow_groups));
$deny = array_unique(array_merge($deny_people,$deny_groups));
$recipients = array_diff($recipients,$deny);
$private = true;