diff options
| author | friendica <info@friendica.com> | 2012-03-06 17:21:14 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2012-03-06 17:21:14 -0800 |
| commit | 88cd5800cf2e22f365bc38f567fcc1627e9278a7 (patch) | |
| tree | 6c73c3b9db3b7ca267a379b291af90df91839d21 | |
| parent | 39a49d51e370f6421a065cd78594e849ef92ff73 (diff) | |
| download | volse-hubzilla-88cd5800cf2e22f365bc38f567fcc1627e9278a7.tar.gz volse-hubzilla-88cd5800cf2e22f365bc38f567fcc1627e9278a7.tar.bz2 volse-hubzilla-88cd5800cf2e22f365bc38f567fcc1627e9278a7.zip | |
[privacy] rework latest fix
| -rwxr-xr-x | include/security.php | 4 | ||||
| -rwxr-xr-x | mod/display.php | 3 |
2 files changed, 3 insertions, 4 deletions
diff --git a/include/security.php b/include/security.php index 6b8128bdd..c04491570 100755 --- a/include/security.php +++ b/include/security.php @@ -159,6 +159,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { AND allow_gid = '' AND deny_cid = '' AND deny_gid = '' + AND private = 0 "; /** @@ -199,10 +200,11 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { } $sql = sprintf( - " AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) + " AND (( allow_cid = '' OR allow_cid REGEXP '<%d>' ) AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) AND ( allow_gid = '' OR allow_gid REGEXP '%s' ) AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s') + OR private = 0 ) ", intval($remote_user), intval($remote_user), diff --git a/mod/display.php b/mod/display.php index 00f8b503a..f510f793d 100755 --- a/mod/display.php +++ b/mod/display.php @@ -87,9 +87,6 @@ function display_content(&$a) { $sql_extra = permissions_sql($a->profile['uid'],$remote_contact,$groups); - if(! local_user() && ! remote_user()) - $sql_extra .= " and `item`.`private` = 0 "; - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, |