diff options
author | Mario <mario@mariovavti.com> | 2022-11-10 17:57:26 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2022-11-10 17:57:26 +0000 |
commit | 9eb332f03265821b8f9f2965e9977aef69e0413f (patch) | |
tree | fd48344155afd06c7d8037e49f6fe7b0900629a3 | |
parent | 30ddee65a4b4cc52a5cfb6cef77ac43b9ad7f299 (diff) | |
download | volse-hubzilla-9eb332f03265821b8f9f2965e9977aef69e0413f.tar.gz volse-hubzilla-9eb332f03265821b8f9f2965e9977aef69e0413f.tar.bz2 volse-hubzilla-9eb332f03265821b8f9f2965e9977aef69e0413f.zip |
allow to look for pubstream items if we do not own one but make sure the permissons are checked correctly
-rw-r--r-- | Zotlabs/Module/Display.php | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 0aac96f4a..1a1c09d7c 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -213,27 +213,27 @@ class Display extends \Zotlabs\Web\Controller { $observer_hash = get_observer_hash(); $item_normal = item_normal(); $item_normal_update = item_normal_update(); - - $sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash)); + $sql_extra = ''; + $r = []; if($noscript_content || $load) { - require_once('include/channel.php'); $sys = get_sys_channel(); // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner uid can't match $sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0; - $r = null; - if(local_channel()) { $r = q("SELECT item.id AS item_id FROM item WHERE uid = %d AND mid = '%s' $item_normal LIMIT 1", intval(local_channel()), dbesc($target_item['parent_mid']) ); + } - if($r === null) { + if(!$r) { + $sql_extra = item_permissions_sql(0, $observer_hash); + $r = q("SELECT item.id AS item_id FROM item WHERE ((mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' @@ -257,7 +257,6 @@ class Display extends \Zotlabs\Web\Controller { // make that content unsearchable by ensuring the owner uid can't match $sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0; - $r = null; if(local_channel()) { $r = q("SELECT item.parent AS item_id from item WHERE uid = %d @@ -270,7 +269,9 @@ class Display extends \Zotlabs\Web\Controller { ); } - if($r === null) { + if(!$r) { + $sql_extra = item_permissions_sql(0, $observer_hash); + $r = q("SELECT item.id as item_id from item WHERE ((parent_mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' @@ -287,10 +288,6 @@ class Display extends \Zotlabs\Web\Controller { } } - else { - $r = []; - } - if($r) { $parents_str = ids_to_querystr($r,'item_id'); if($parents_str) { |