diff options
| author | friendica <info@friendica.com> | 2013-09-22 22:58:59 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-09-22 23:00:55 -0700 |
| commit | a2b20bd58f0b1c466235a96c41846aba613ea31b (patch) | |
| tree | 32b131945dc26c22e6bf4d51c051f5daea0fa142 | |
| parent | 956d275693c451c4d9ba60751704b80257f37433 (diff) | |
| download | volse-hubzilla-a2b20bd58f0b1c466235a96c41846aba613ea31b.tar.gz volse-hubzilla-a2b20bd58f0b1c466235a96c41846aba613ea31b.tar.bz2 volse-hubzilla-a2b20bd58f0b1c466235a96c41846aba613ea31b.zip | |
one more edge case in the public perms - don't match perms = 0 which is private, this and prior checkin are for issue #114
| -rw-r--r-- | include/security.php | 5 | ||||
| -rw-r--r-- | mod/display.php | 6 | ||||
| -rw-r--r-- | mod/search.php | 2 |
3 files changed, 7 insertions, 6 deletions
diff --git a/include/security.php b/include/security.php index 632b8d607..1181e6bf2 100644 --- a/include/security.php +++ b/include/security.php @@ -412,7 +412,7 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) { $ret = array(); if(local_user()) $ret[] = local_user(); - $r = q("select channel_id from channel where channel_r_stream <= %d", + $r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d", intval($perms_min) ); if($r) @@ -435,7 +435,8 @@ function stream_perms_xchans($perms_min = PERMS_SITE) { $ret = array(); if(local_user()) $ret[] = get_observer_hash(); - $r = q("select channel_hash from channel where channel_r_stream <= %d", + + $r = q("select channel_hash from channel where channel_r_stream > 0 and channel_r_stream <= %d", intval($perms_min) ); if($r) diff --git a/mod/display.php b/mod/display.php index 476087ce7..c9f6595c6 100644 --- a/mod/display.php +++ b/mod/display.php @@ -113,18 +113,18 @@ function display_content(&$a, $update = 0, $load = false) { } } if($r === null) { -dbg(1); + $r = q("SELECT * from item WHERE item_restrict = 0 and mid = '%s' AND ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) - and owner_xchan in ( " . stream_perms_xchans() . " )) + and owner_xchan in ( " . stream_perms_xchans(($observer) ? PERMS_NETWORK : PERMS_PUBLIC) . " )) $sql_extra ) group by mid limit 1", dbesc($target_item['parent_mid']) ); -dbg(0); + } } diff --git a/mod/search.php b/mod/search.php index 1cb6cb461..9930db288 100644 --- a/mod/search.php +++ b/mod/search.php @@ -208,7 +208,7 @@ function search_content(&$a,$update = 0, $load = false) { WHERE item_restrict = 0 AND ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) - and owner_xchan in ( " . stream_perms_xchans() . " )) + and owner_xchan in ( " . stream_perms_xchans(($observer) ? PERMS_NETWORK : PERMS_PUBLIC) . " )) $pub_sql ) $sql_extra group by mid ORDER BY created DESC $pager_sql" |