aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-03-06 15:33:10 -0800
committerzotlabs <mike@macgirvin.com>2017-03-06 15:35:17 -0800
commit751c4c3169df6238aad561d00b8c8b92bb9b676e (patch)
treec359309a00843ab1a7cb4734cfcbbd7accf6763e
parentf783d594cc2820d82600187353a9e2afbf555c2f (diff)
downloadvolse-hubzilla-751c4c3169df6238aad561d00b8c8b92bb9b676e.tar.gz
volse-hubzilla-751c4c3169df6238aad561d00b8c8b92bb9b676e.tar.bz2
volse-hubzilla-751c4c3169df6238aad561d00b8c8b92bb9b676e.zip
correct fix for wiki anonymous read issue (items_permissions_sql checks item.public_policy which was set for posts, not wikis)
-rw-r--r--Zotlabs/Lib/NativeWikiPage.php12
-rwxr-xr-xinclude/items.php3
2 files changed, 6 insertions, 9 deletions
diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php
index 157c74807..4086a023e 100644
--- a/Zotlabs/Lib/NativeWikiPage.php
+++ b/Zotlabs/Lib/NativeWikiPage.php
@@ -64,6 +64,8 @@ class NativeWikiPage {
$arr['deny_cid'] = $w['wiki']['deny_cid'];
$arr['deny_gid'] = $w['wiki']['deny_gid'];
+ $arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel_id,'view_wiki'),true);
+
// We may wish to change this some day.
$arr['item_unpublished'] = 1;
@@ -232,10 +234,7 @@ class NativeWikiPage {
}
}
- $sql_extra = '';
-
- if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid'])
- $sql_extra .= item_permissions_sql($channel_id,$observer_hash);
+ $sql_extra = item_permissions_sql($channel_id,$observer_hash);
if($revision == (-1))
$sql_extra .= " order by revision desc ";
@@ -288,10 +287,7 @@ class NativeWikiPage {
}
}
- $sql_extra = '';
-
- if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid'])
- $sql_extra .= item_permissions_sql($channel_id,$observer_hash);
+ $sql_extra = item_permissions_sql($channel_id,$observer_hash);
$sql_extra .= " order by revision desc ";
diff --git a/include/items.php b/include/items.php
index 6d21953a9..a297a1090 100755
--- a/include/items.php
+++ b/include/items.php
@@ -328,7 +328,8 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) {
return $ret;
}
- $arr['public_policy'] = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true));
+ $arr['public_policy'] = ((array_key_exists('public_policy',$arr)) ? escape_tags($arr['public_policy']) : map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true));
+
if($arr['public_policy'])
$arr['item_private'] = 1;