diff options
author | friendica <info@friendica.com> | 2014-07-26 18:48:25 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-07-26 18:48:25 -0700 |
commit | 3d7d6ec21f1b348221ad6f25d9865213339a6b47 (patch) | |
tree | dec787be84f3811aa49873e9036afd988fbbbdb8 | |
parent | 4f90070e5e8f5dc92bddc5a07754900b5049a178 (diff) | |
download | volse-hubzilla-3d7d6ec21f1b348221ad6f25d9865213339a6b47.tar.gz volse-hubzilla-3d7d6ec21f1b348221ad6f25d9865213339a6b47.tar.bz2 volse-hubzilla-3d7d6ec21f1b348221ad6f25d9865213339a6b47.zip |
honour sys channel permissions for who can view the sys owned content
-rw-r--r-- | mod/display.php | 13 | ||||
-rw-r--r-- | mod/search.php | 8 | ||||
-rw-r--r-- | version.inc | 2 |
3 files changed, 19 insertions, 4 deletions
diff --git a/mod/display.php b/mod/display.php index 31cce95d3..c389eb976 100644 --- a/mod/display.php +++ b/mod/display.php @@ -139,7 +139,9 @@ function display_content(&$a, $update = 0, $load = false) { } - $sql_extra = public_permissions_sql(get_observer_hash()); + $observer_hash = get_observer_hash(); + + $sql_extra = public_permissions_sql($observer_hash); if(($update && $load) || ($_COOKIE['jsAvailable'] != 1)) { @@ -170,12 +172,19 @@ function display_content(&$a, $update = 0, $load = false) { } if($r === null) { + // in case somebody turned off public access to sys channel content using permissions + // make that content unsearchable by ensuring the owner_xchan can't match + + if(! perm_is_allowed($sys['channel_id'],$observer_hash,'view_stream')) + $sys['xchan_hash'] .= 'disabled'; + + $r = q("SELECT * from item WHERE item_restrict = 0 and mid = '%s' AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) - and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR owner_xchan = '%s') $sql_extra ) group by mid limit 1", diff --git a/mod/search.php b/mod/search.php index 663d355e2..15ac71376 100644 --- a/mod/search.php +++ b/mod/search.php @@ -23,6 +23,7 @@ function search_content(&$a,$update = 0, $load = false) { $observer = $a->get_observer(); + $observer_hash = (($observer) ? $observer['xchan_hash'] : ''); $o = '<div id="live-search"></div>' . "\r\n"; @@ -113,7 +114,7 @@ function search_content(&$a,$update = 0, $load = false) { } - $pub_sql = public_permissions_sql(get_observer_hash()); + $pub_sql = public_permissions_sql($observer_hash); require_once('include/identity.php'); @@ -124,6 +125,11 @@ function search_content(&$a,$update = 0, $load = false) { $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); + // in case somebody turned off public access to sys channel content with permissions + + if(! perm_is_allowed($sys['channel_id'],$observer_hash,'view_stream')) + $sys['xchan_hash'] .= 'disabled'; + if($load) { $r = null; diff --git a/version.inc b/version.inc index 17beec5df..ac8053138 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2014-07-25.747 +2014-07-26.748 |