diff options
author | friendica <info@friendica.com> | 2014-09-14 17:07:39 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-09-14 17:07:39 -0700 |
commit | 6be6b41a421f86579164288ea2fa7cebb6edd9d4 (patch) | |
tree | e82ce8564325e20db545ee0162c7b8000985a8d8 | |
parent | c27b60d98107e3949df3e48b9f5886483bf7ce57 (diff) | |
download | volse-hubzilla-6be6b41a421f86579164288ea2fa7cebb6edd9d4.tar.gz volse-hubzilla-6be6b41a421f86579164288ea2fa7cebb6edd9d4.tar.bz2 volse-hubzilla-6be6b41a421f86579164288ea2fa7cebb6edd9d4.zip |
privacy issue - restrictive stream permission setting with a non-targetted post cannot be enforced on remote networks. Restrict these posts to zot network.
-rwxr-xr-x | include/items.php | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/include/items.php b/include/items.php index 166303cac..beec65d8a 100755 --- a/include/items.php +++ b/include/items.php @@ -68,13 +68,31 @@ function collect_recipients($item,&$private_envelope) { $private_envelope = false; if(array_key_exists('public_policy',$item) && $item['public_policy'] !== 'self') { - $r = q("select abook_xchan from abook where abook_channel = %d and not (abook_flags & %d) ", + $r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d) ", intval($item['uid']), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED) ); if($r) { + + // filter out restrictive public_policy settings from remote networks + // which don't have this concept and will treat them as public. + + $policy = substr($item['public_policy'],0,3); foreach($r as $rr) { - $recipients[] = $rr['abook_xchan']; + switch($policy) { + case 'net': + case 'aut': + case 'sit': + case 'any': + case 'con': + if($rr['xchan_network'] != 'zot') + break; + case 'pub': + case '': + default: + $recipients[] = $rr['abook_xchan']; + break; + } } } } |