diff options
| author | friendica <info@friendica.com> | 2014-12-19 00:28:36 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-12-19 00:28:36 -0800 |
| commit | 9c445e98175b55e369f06220a46cf36893960cdc (patch) | |
| tree | 5f7af9b01029677cecdef2218f1a4c650b852111 | |
| parent | be9143447d44de926a107a73c765f8cd235764e6 (diff) | |
| download | volse-hubzilla-9c445e98175b55e369f06220a46cf36893960cdc.tar.gz volse-hubzilla-9c445e98175b55e369f06220a46cf36893960cdc.tar.bz2 volse-hubzilla-9c445e98175b55e369f06220a46cf36893960cdc.zip | |
incorrect check for sys ownership
| -rw-r--r-- | mod/display.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/mod/display.php b/mod/display.php index 55f7c1306..7d7f4ca13 100644 --- a/mod/display.php +++ b/mod/display.php @@ -157,6 +157,7 @@ function display_content(&$a, $update = 0, $load = false) { require_once('include/identity.php'); $sys = get_sys_channel(); + $sysid = $sys['channel_id']; if(local_user()) { $r = q("SELECT * from item @@ -178,8 +179,8 @@ function display_content(&$a, $update = 0, $load = false) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner_xchan can't match - if(! perm_is_allowed($sys['channel_id'],$observer_hash,'view_stream')) - $sys['xchan_hash'] .= 'disabled'; + if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) + $sysid = 0; $r = q("SELECT * from item @@ -188,11 +189,11 @@ function display_content(&$a, $update = 0, $load = false) { AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - OR owner_xchan = '%s') + OR uid = %d ) $sql_extra ) limit 1", dbesc($target_item['parent_mid']), - dbesc($sys['xchan_hash']) + intval($sysid) ); } |