aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-12-16 18:07:41 -0800
committerfriendica <info@friendica.com>2013-12-16 18:07:41 -0800
commit7b5a42568a7f4cf90e81036b4ed5d93ec3f6e3e2 (patch)
tree26399cedb93bfcb74ecc5dd4b7d5f718868d4579
parent50731fa6a6edbd5d4223de239ae791cc03efe9be (diff)
downloadvolse-hubzilla-7b5a42568a7f4cf90e81036b4ed5d93ec3f6e3e2.tar.gz
volse-hubzilla-7b5a42568a7f4cf90e81036b4ed5d93ec3f6e3e2.tar.bz2
volse-hubzilla-7b5a42568a7f4cf90e81036b4ed5d93ec3f6e3e2.zip
Tricky little bug. Allowed somebody to bypass comment permissions. Hopefully the fix will have no undesired side effects.
-rwxr-xr-xinclude/items.php7
1 files changed, 4 insertions, 3 deletions
diff --git a/include/items.php b/include/items.php
index 2cec6bc36..b328ca2d1 100755
--- a/include/items.php
+++ b/include/items.php
@@ -2362,12 +2362,13 @@ function tgroup_check($uid,$item) {
$mention = false;
// check that the message originated elsewhere and is a top-level post
- // or is a followup and we have already accepted the top level post
+ // or is a followup and we have already accepted the top level post as an uplink
if($item['mid'] != $item['parent_mid']) {
- $r = q("select id from item where mid = '%s' and uid = %d limit 1",
+ $r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d ) limit 1",
dbesc($item['parent_mid']),
- intval($uid)
+ intval($uid),
+ intval(ITEM_UPLINK)
);
if($r)
return true;