diff options
| author | friendica <info@friendica.com> | 2013-01-14 14:26:41 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-01-14 14:26:41 -0800 |
| commit | b429a9496a32338542c2223329ee00b3b67c98e3 (patch) | |
| tree | d339aed4fcce977c59a78827cc34ecc0f369bfb7 | |
| parent | 1259a6e753f10c023accb647dd193254ff473d1a (diff) | |
| parent | 730c9ebc5793fe7d87406406bc82d0560227eadb (diff) | |
| download | volse-hubzilla-b429a9496a32338542c2223329ee00b3b67c98e3.tar.gz volse-hubzilla-b429a9496a32338542c2223329ee00b3b67c98e3.tar.bz2 volse-hubzilla-b429a9496a32338542c2223329ee00b3b67c98e3.zip | |
Merge https://github.com/friendica/red into zpull
| -rw-r--r-- | boot.php | 26 |
1 files changed, 15 insertions, 11 deletions
@@ -1249,19 +1249,23 @@ function profile_load(&$a, $nickname, $profile = 0) { return; } - if(remote_user() && count($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $visitor) { - if($visitor['uid'] == $user[0]['channel_id']) { - $r = q("SELECT `profile_id` FROM `contact` WHERE `id` = %d LIMIT 1", - intval($visitor['cid']) - ); - if(count($r)) - $profile = $r[0]['profile_id']; - break; - } - } + // get the current observer + $observer = $a->get_observer(); + + // Can the observer see our profile? + require_once('include/permissions.php'); + if(! perm_is_allowed($user[0]['channel_id'],$observer['xchan_hash'],'view_profile')) { + // permission denied + //TODO: place error message + return; } + $r = q("SELECT abook_profile FROM abook WHERE abook_xchan = '%s' limit 1", + dbesc($observer['xchan_hash']) + ); + if($r) + $profile = $r[0]['abook_profile']; + $r = null; |