fix some issues that showed up in the logs.

2 files changed, 16 insertions, 8 deletions

diff --git a/include/items.php b/include/items.php
index 898fc9ff8..4a560afc9 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1306,6 +1306,13 @@ function item_store($arr,$force_parent = false) {
 		return 0;
 	}
 
+	// Don't let anybody set these, either intentionally or accidentally
+
+	if(array_key_exists('id',$arr))
+		unset($arr['id']);
+	if(array_key_exists('parent',$arr))
+		unset($arr['parent']);
+
 	$arr['lang'] = detect_language($arr['body']);
 
 	$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
diff --git a/mod/acl.php b/mod/acl.php
index df6de13b2..382d9d90c 100644
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -60,16 +60,17 @@ function acl_init(&$a){
 
 		// autocomplete for Private Messages
 
-		$r = q("SELECT COUNT(`id`) AS c FROM `contact` 
-				WHERE `uid` = %d AND `self` = 0 
-				AND `blocked` = 0 AND `pending` = 0 AND `archive` = 0 
-				AND `network` IN ('%s','%s','%s') $sql_extra2" ,
+
+		$r = q("SELECT count xchan_hash as c
+			FROM abook left join xchan on abook_xchan = xchan_hash
+			WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d ))
+			$sql_extra2 ",
 			intval(local_user()),
-			dbesc(NETWORK_DFRN),
-			dbesc(NETWORK_ZOT),
-			dbesc(NETWORK_DIASPORA)
+			intval(PERMS_W_MAIL)
 		);
-		$contact_count = (int)$r[0]['c'];
+
+		if($r)
+			$contact_count = (int)$r[0]['c'];
 
 	}
 	elseif ($type == 'a') {