diff options
author | Mario <mario@mariovavti.com> | 2021-03-10 20:34:47 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2021-03-15 09:42:41 +0100 |
commit | 79d48dc92b923a27ace82720a14ba5e2a88e845e (patch) | |
tree | 6c747c5dc8eb4df73ff773a45fd20da784cb8a9b | |
parent | 82192d1ead943e71c616d4eb2de03aebe4782118 (diff) | |
download | volse-hubzilla-79d48dc92b923a27ace82720a14ba5e2a88e845e.tar.gz volse-hubzilla-79d48dc92b923a27ace82720a14ba5e2a88e845e.tar.bz2 volse-hubzilla-79d48dc92b923a27ace82720a14ba5e2a88e845e.zip |
fix mod display query
(cherry picked from commit b51049227f28bc1badf9387ea5bff16bfd7debcd)
-rw-r--r-- | Zotlabs/Module/Display.php | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 2aa4f6548..15dfb0dc9 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -243,7 +243,7 @@ class Display extends \Zotlabs\Web\Controller { $item_normal = item_normal(); $item_normal_update = item_normal_update(); - $sql_extra = public_permissions_sql($observer_hash); + $sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash)); if($noscript_content || $load) { @@ -260,8 +260,7 @@ class Display extends \Zotlabs\Web\Controller { ); } - if(! $r) { - + if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner uid can't match @@ -269,20 +268,18 @@ class Display extends \Zotlabs\Web\Controller { $sysid = 0; $r = q("SELECT item.id as item_id from item - WHERE ( (mid = '%s' + WHERE ((mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - OR uid = %d ) ) ) OR - (mid = '%s' $sql_extra ) ) + OR uid = %d ))) OR + (mid = '%s' $sql_extra )) $item_normal limit 1", dbesc($target_item['parent_mid']), intval($sysid), dbesc($target_item['parent_mid']) ); - - } } @@ -306,20 +303,22 @@ class Display extends \Zotlabs\Web\Controller { if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner_xchan can't match + if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) $sysid = 0; - $r = q("SELECT item.parent AS item_id from item - WHERE parent_mid = '%s' + + $r = q("SELECT item.id as item_id from item + WHERE ((parent_mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - OR uid = %d ) - $sql_extra ) - $item_normal_update - $simple_update + OR uid = %d ))) OR + (parent_mid = '%s' $sql_extra )) + $item_normal limit 1", dbesc($target_item['parent_mid']), - intval($sysid) + intval($sysid), + dbesc($target_item['parent_mid']) ); } } |