aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-09-14 17:07:39 -0700
committerfriendica <info@friendica.com>2014-09-14 17:07:39 -0700
commit6be6b41a421f86579164288ea2fa7cebb6edd9d4 (patch)
treee82ce8564325e20db545ee0162c7b8000985a8d8
parentc27b60d98107e3949df3e48b9f5886483bf7ce57 (diff)
downloadvolse-hubzilla-6be6b41a421f86579164288ea2fa7cebb6edd9d4.tar.gz
volse-hubzilla-6be6b41a421f86579164288ea2fa7cebb6edd9d4.tar.bz2
volse-hubzilla-6be6b41a421f86579164288ea2fa7cebb6edd9d4.zip
privacy issue - restrictive stream permission setting with a non-targetted post cannot be enforced on remote networks. Restrict these posts to zot network.
-rwxr-xr-xinclude/items.php22
1 files changed, 20 insertions, 2 deletions
diff --git a/include/items.php b/include/items.php
index 166303cac..beec65d8a 100755
--- a/include/items.php
+++ b/include/items.php
@@ -68,13 +68,31 @@ function collect_recipients($item,&$private_envelope) {
$private_envelope = false;
if(array_key_exists('public_policy',$item) && $item['public_policy'] !== 'self') {
- $r = q("select abook_xchan from abook where abook_channel = %d and not (abook_flags & %d) ",
+ $r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d) ",
intval($item['uid']),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED)
);
if($r) {
+
+ // filter out restrictive public_policy settings from remote networks
+ // which don't have this concept and will treat them as public.
+
+ $policy = substr($item['public_policy'],0,3);
foreach($r as $rr) {
- $recipients[] = $rr['abook_xchan'];
+ switch($policy) {
+ case 'net':
+ case 'aut':
+ case 'sit':
+ case 'any':
+ case 'con':
+ if($rr['xchan_network'] != 'zot')
+ break;
+ case 'pub':
+ case '':
+ default:
+ $recipients[] = $rr['abook_xchan'];
+ break;
+ }
}
}
}