aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-03-10 20:34:47 +0000
committerMario <mario@mariovavti.com>2021-03-15 09:42:41 +0100
commit79d48dc92b923a27ace82720a14ba5e2a88e845e (patch)
tree6c747c5dc8eb4df73ff773a45fd20da784cb8a9b
parent82192d1ead943e71c616d4eb2de03aebe4782118 (diff)
downloadvolse-hubzilla-79d48dc92b923a27ace82720a14ba5e2a88e845e.tar.gz
volse-hubzilla-79d48dc92b923a27ace82720a14ba5e2a88e845e.tar.bz2
volse-hubzilla-79d48dc92b923a27ace82720a14ba5e2a88e845e.zip
fix mod display query
(cherry picked from commit b51049227f28bc1badf9387ea5bff16bfd7debcd)
-rw-r--r--Zotlabs/Module/Display.php29
1 files changed, 14 insertions, 15 deletions
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 2aa4f6548..15dfb0dc9 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -243,7 +243,7 @@ class Display extends \Zotlabs\Web\Controller {
$item_normal = item_normal();
$item_normal_update = item_normal_update();
- $sql_extra = public_permissions_sql($observer_hash);
+ $sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash));
if($noscript_content || $load) {
@@ -260,8 +260,7 @@ class Display extends \Zotlabs\Web\Controller {
);
}
- if(! $r) {
-
+ if($r === null) {
// in case somebody turned off public access to sys channel content using permissions
// make that content unsearchable by ensuring the owner uid can't match
@@ -269,20 +268,18 @@ class Display extends \Zotlabs\Web\Controller {
$sysid = 0;
$r = q("SELECT item.id as item_id from item
- WHERE ( (mid = '%s'
+ WHERE ((mid = '%s'
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
- OR uid = %d ) ) ) OR
- (mid = '%s' $sql_extra ) )
+ OR uid = %d ))) OR
+ (mid = '%s' $sql_extra ))
$item_normal
limit 1",
dbesc($target_item['parent_mid']),
intval($sysid),
dbesc($target_item['parent_mid'])
);
-
-
}
}
@@ -306,20 +303,22 @@ class Display extends \Zotlabs\Web\Controller {
if($r === null) {
// in case somebody turned off public access to sys channel content using permissions
// make that content unsearchable by ensuring the owner_xchan can't match
+
if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
$sysid = 0;
- $r = q("SELECT item.parent AS item_id from item
- WHERE parent_mid = '%s'
+
+ $r = q("SELECT item.id as item_id from item
+ WHERE ((parent_mid = '%s'
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
- OR uid = %d )
- $sql_extra )
- $item_normal_update
- $simple_update
+ OR uid = %d ))) OR
+ (parent_mid = '%s' $sql_extra ))
+ $item_normal
limit 1",
dbesc($target_item['parent_mid']),
- intval($sysid)
+ intval($sysid),
+ dbesc($target_item['parent_mid'])
);
}
}