diff options
| author | friendica <info@friendica.com> | 2014-01-10 12:38:23 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-01-10 12:38:23 -0800 |
| commit | 069ea5fee98e1ffcbaaca28fc279a6904e9735e7 (patch) | |
| tree | a9331bc60834d3190715f6a77d1e3927e309306d | |
| parent | c9879edb3e1c7058dca083b11a13840cf7cbe609 (diff) | |
| parent | ecbe798294600cf3387eb951f13c6f4358d4691c (diff) | |
| download | volse-hubzilla-069ea5fee98e1ffcbaaca28fc279a6904e9735e7.tar.gz volse-hubzilla-069ea5fee98e1ffcbaaca28fc279a6904e9735e7.tar.bz2 volse-hubzilla-069ea5fee98e1ffcbaaca28fc279a6904e9735e7.zip | |
Merge https://github.com/friendica/red into zpull
| -rw-r--r-- | mod/channel.php | 9 | ||||
| -rw-r--r-- | mod/filestorage.php | 4 |
2 files changed, 8 insertions, 5 deletions
diff --git a/mod/channel.php b/mod/channel.php index dac4ba2bf..6e82eb1e7 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -177,11 +177,14 @@ function channel_content(&$a, $update = 0, $load = false) { if($load || ($_COOKIE['jsAvailable'] != 1)) { if ($mid) { - $r = q("SELECT parent AS item_id from item where mid = '%s' limit 1", - dbesc($mid) + $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0 + AND (item_flags & %d) $sql_extra limit 1", + dbesc($mid), + intval($a->profile['profile_uid']), + intval(ITEM_WALL) ); if (! $r) { - notice( t('Item not found.') . EOL); + notice( t('Permission denied.') . EOL); } } else { diff --git a/mod/filestorage.php b/mod/filestorage.php index 3e87dccb8..18760dd45 100644 --- a/mod/filestorage.php +++ b/mod/filestorage.php @@ -84,12 +84,12 @@ function filestorage_content(&$a) { ); if(! $r) { notice( t('File not found.') . EOL); - goaway(z_root() . '/filestorage' . $which); + goaway(z_root() . '/filestorage/' . $which); } attach_delete($owner,$r[0]['hash']); - goaway(z_root() . '/filestorage' . $which); + goaway(z_root() . '/filestorage/' . $which); } |