diff options
author | friendica <info@friendica.com> | 2013-12-16 18:07:41 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-12-16 18:07:41 -0800 |
commit | 7b5a42568a7f4cf90e81036b4ed5d93ec3f6e3e2 (patch) | |
tree | 26399cedb93bfcb74ecc5dd4b7d5f718868d4579 | |
parent | 50731fa6a6edbd5d4223de239ae791cc03efe9be (diff) | |
download | volse-hubzilla-7b5a42568a7f4cf90e81036b4ed5d93ec3f6e3e2.tar.gz volse-hubzilla-7b5a42568a7f4cf90e81036b4ed5d93ec3f6e3e2.tar.bz2 volse-hubzilla-7b5a42568a7f4cf90e81036b4ed5d93ec3f6e3e2.zip |
Tricky little bug. Allowed somebody to bypass comment permissions. Hopefully the fix will have no undesired side effects.
-rwxr-xr-x | include/items.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/include/items.php b/include/items.php index 2cec6bc36..b328ca2d1 100755 --- a/include/items.php +++ b/include/items.php @@ -2362,12 +2362,13 @@ function tgroup_check($uid,$item) { $mention = false; // check that the message originated elsewhere and is a top-level post - // or is a followup and we have already accepted the top level post + // or is a followup and we have already accepted the top level post as an uplink if($item['mid'] != $item['parent_mid']) { - $r = q("select id from item where mid = '%s' and uid = %d limit 1", + $r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d ) limit 1", dbesc($item['parent_mid']), - intval($uid) + intval($uid), + intval(ITEM_UPLINK) ); if($r) return true; |