aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2022-11-10 17:57:26 +0000
committerMario <mario@mariovavti.com>2022-11-10 17:57:26 +0000
commit9eb332f03265821b8f9f2965e9977aef69e0413f (patch)
treefd48344155afd06c7d8037e49f6fe7b0900629a3
parent30ddee65a4b4cc52a5cfb6cef77ac43b9ad7f299 (diff)
downloadvolse-hubzilla-9eb332f03265821b8f9f2965e9977aef69e0413f.tar.gz
volse-hubzilla-9eb332f03265821b8f9f2965e9977aef69e0413f.tar.bz2
volse-hubzilla-9eb332f03265821b8f9f2965e9977aef69e0413f.zip
allow to look for pubstream items if we do not own one but make sure the permissons are checked correctly
-rw-r--r--Zotlabs/Module/Display.php21
1 files changed, 9 insertions, 12 deletions
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 0aac96f4a..1a1c09d7c 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -213,27 +213,27 @@ class Display extends \Zotlabs\Web\Controller {
$observer_hash = get_observer_hash();
$item_normal = item_normal();
$item_normal_update = item_normal_update();
-
- $sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash));
+ $sql_extra = '';
+ $r = [];
if($noscript_content || $load) {
-
require_once('include/channel.php');
$sys = get_sys_channel();
// in case somebody turned off public access to sys channel content using permissions
// make that content unsearchable by ensuring the owner uid can't match
$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
- $r = null;
-
if(local_channel()) {
$r = q("SELECT item.id AS item_id FROM item WHERE uid = %d AND mid = '%s' $item_normal LIMIT 1",
intval(local_channel()),
dbesc($target_item['parent_mid'])
);
+
}
- if($r === null) {
+ if(!$r) {
+ $sql_extra = item_permissions_sql(0, $observer_hash);
+
$r = q("SELECT item.id AS item_id FROM item
WHERE ((mid = '%s'
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
@@ -257,7 +257,6 @@ class Display extends \Zotlabs\Web\Controller {
// make that content unsearchable by ensuring the owner uid can't match
$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
- $r = null;
if(local_channel()) {
$r = q("SELECT item.parent AS item_id from item
WHERE uid = %d
@@ -270,7 +269,9 @@ class Display extends \Zotlabs\Web\Controller {
);
}
- if($r === null) {
+ if(!$r) {
+ $sql_extra = item_permissions_sql(0, $observer_hash);
+
$r = q("SELECT item.id as item_id from item
WHERE ((parent_mid = '%s'
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
@@ -287,10 +288,6 @@ class Display extends \Zotlabs\Web\Controller {
}
}
- else {
- $r = [];
- }
-
if($r) {
$parents_str = ids_to_querystr($r,'item_id');
if($parents_str) {