diff options
author | friendica <info@friendica.com> | 2012-03-09 00:31:17 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2012-03-09 00:31:17 -0800 |
commit | 312c17504515b0f6c77b2e59ef8569dbf8d048fa (patch) | |
tree | 4698b1b827d7859d1c418485fe530803064783d1 | |
parent | 2050f886cc020c50684df14830bc98e40200309c (diff) | |
download | volse-hubzilla-312c17504515b0f6c77b2e59ef8569dbf8d048fa.tar.gz volse-hubzilla-312c17504515b0f6c77b2e59ef8569dbf8d048fa.tar.bz2 volse-hubzilla-312c17504515b0f6c77b2e59ef8569dbf8d048fa.zip |
bug in check for private email comment to public conversation prevents authenticated visitor from seeing comments that should be allowed
-rwxr-xr-x | include/conversation.php | 31 | ||||
-rwxr-xr-x | include/security.php | 1 |
2 files changed, 9 insertions, 23 deletions
diff --git a/include/conversation.php b/include/conversation.php index f1134975a..526c6ea00 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -179,9 +179,11 @@ function localize_item(&$item){ * that are based on unique features of the calling module. * */ - if(!function_exists('conversation')){ + +if(!function_exists('conversation')) { function conversation(&$a, $items, $mode, $update, $preview = false) { + require_once('bbcode.php'); $profile_owner = 0; @@ -418,26 +420,6 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { $toplevelprivate = (($toplevelpost && $item['private']) ? true : false); $item_writeable = (($item['writable'] || $item['self']) ? true : false); - // DISABLED - /* - if($blowhard == $item['cid'] && (! $item['self']) && ($mode != 'profile') && ($mode != 'notes')) { - $blowhard_count ++; - if($blowhard_count == 3) { - $o .= '<div class="icollapse-wrapper fakelink" id="icollapse-wrapper-' . $item['parent'] - . '" onclick="openClose(' . '\'icollapse-' . $item['parent'] . '\'); $(\'#icollapse-wrapper-' . $item['parent'] . '\').hide();" >' - . t('See more posts like this') . '</div>' . '<div class="icollapse" id="icollapse-' - . $item['parent'] . '" style="display: none;" >'; - } - } - else { - $blowhard = $item['cid']; - if($blowhard_count >= 3) - $o .= '</div>'; - $blowhard_count = 0; - } - // END DISABLED - */ - $comments_seen = 0; $comments_collapsed = false; $comment_lastcollapsed = false; @@ -445,13 +427,16 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { $threadsid++; $threads[$threadsid]['id'] = $item['item_id']; + $threads[$threadsid]['private'] = $item['private']; $threads[$threadsid]['items'] = array(); } else { - // prevent private email from leaking into public conversation - if((! $toplevelpost) && (! $toplevelprivate) && ($item['private']) && ($profile_owner != local_user())) + + // prevent private email reply to public conversation from leaking. + if($item['private'] && ! $threads[$threadsid]['private']) continue; + $comments_seen ++; $comment_lastcollapsed = false; $comment_firstcollapsed = false; diff --git a/include/security.php b/include/security.php index f469dad66..8c536b656 100755 --- a/include/security.php +++ b/include/security.php @@ -283,6 +283,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) ); } } + return $sql; } |