diff options
author | zotlabs <mike@macgirvin.com> | 2017-03-06 15:33:10 -0800 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-03-06 15:35:17 -0800 |
commit | 751c4c3169df6238aad561d00b8c8b92bb9b676e (patch) | |
tree | c359309a00843ab1a7cb4734cfcbbd7accf6763e | |
parent | f783d594cc2820d82600187353a9e2afbf555c2f (diff) | |
download | volse-hubzilla-751c4c3169df6238aad561d00b8c8b92bb9b676e.tar.gz volse-hubzilla-751c4c3169df6238aad561d00b8c8b92bb9b676e.tar.bz2 volse-hubzilla-751c4c3169df6238aad561d00b8c8b92bb9b676e.zip |
correct fix for wiki anonymous read issue (items_permissions_sql checks item.public_policy which was set for posts, not wikis)
-rw-r--r-- | Zotlabs/Lib/NativeWikiPage.php | 12 | ||||
-rwxr-xr-x | include/items.php | 3 |
2 files changed, 6 insertions, 9 deletions
diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index 157c74807..4086a023e 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -64,6 +64,8 @@ class NativeWikiPage { $arr['deny_cid'] = $w['wiki']['deny_cid']; $arr['deny_gid'] = $w['wiki']['deny_gid']; + $arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel_id,'view_wiki'),true); + // We may wish to change this some day. $arr['item_unpublished'] = 1; @@ -232,10 +234,7 @@ class NativeWikiPage { } } - $sql_extra = ''; - - if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) - $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + $sql_extra = item_permissions_sql($channel_id,$observer_hash); if($revision == (-1)) $sql_extra .= " order by revision desc "; @@ -288,10 +287,7 @@ class NativeWikiPage { } } - $sql_extra = ''; - - if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) - $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + $sql_extra = item_permissions_sql($channel_id,$observer_hash); $sql_extra .= " order by revision desc "; diff --git a/include/items.php b/include/items.php index 6d21953a9..a297a1090 100755 --- a/include/items.php +++ b/include/items.php @@ -328,7 +328,8 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) { return $ret; } - $arr['public_policy'] = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true)); + $arr['public_policy'] = ((array_key_exists('public_policy',$arr)) ? escape_tags($arr['public_policy']) : map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true)); + if($arr['public_policy']) $arr['item_private'] = 1; |