aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-03-10 20:34:47 +0000
committerMario <mario@mariovavti.com>2021-03-10 20:34:47 +0000
commitb51049227f28bc1badf9387ea5bff16bfd7debcd (patch)
tree8c1dc6d351cbca42b3951e7d47dfe6f3eac25c41
parent15bc5c64f3f4c3226e6329f8b8aa73df4aeb5e0b (diff)
downloadvolse-hubzilla-b51049227f28bc1badf9387ea5bff16bfd7debcd.tar.gz
volse-hubzilla-b51049227f28bc1badf9387ea5bff16bfd7debcd.tar.bz2
volse-hubzilla-b51049227f28bc1badf9387ea5bff16bfd7debcd.zip
fix mod display query
-rw-r--r--Zotlabs/Module/Display.php29
1 files changed, 14 insertions, 15 deletions
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 2aa4f6548..15dfb0dc9 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -243,7 +243,7 @@ class Display extends \Zotlabs\Web\Controller {
$item_normal = item_normal();
$item_normal_update = item_normal_update();
- $sql_extra = public_permissions_sql($observer_hash);
+ $sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash));
if($noscript_content || $load) {
@@ -260,8 +260,7 @@ class Display extends \Zotlabs\Web\Controller {
);
}
- if(! $r) {
-
+ if($r === null) {
// in case somebody turned off public access to sys channel content using permissions
// make that content unsearchable by ensuring the owner uid can't match
@@ -269,20 +268,18 @@ class Display extends \Zotlabs\Web\Controller {
$sysid = 0;
$r = q("SELECT item.id as item_id from item
- WHERE ( (mid = '%s'
+ WHERE ((mid = '%s'
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
- OR uid = %d ) ) ) OR
- (mid = '%s' $sql_extra ) )
+ OR uid = %d ))) OR
+ (mid = '%s' $sql_extra ))
$item_normal
limit 1",
dbesc($target_item['parent_mid']),
intval($sysid),
dbesc($target_item['parent_mid'])
);
-
-
}
}
@@ -306,20 +303,22 @@ class Display extends \Zotlabs\Web\Controller {
if($r === null) {
// in case somebody turned off public access to sys channel content using permissions
// make that content unsearchable by ensuring the owner_xchan can't match
+
if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
$sysid = 0;
- $r = q("SELECT item.parent AS item_id from item
- WHERE parent_mid = '%s'
+
+ $r = q("SELECT item.id as item_id from item
+ WHERE ((parent_mid = '%s'
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
- OR uid = %d )
- $sql_extra )
- $item_normal_update
- $simple_update
+ OR uid = %d ))) OR
+ (parent_mid = '%s' $sql_extra ))
+ $item_normal
limit 1",
dbesc($target_item['parent_mid']),
- intval($sysid)
+ intval($sysid),
+ dbesc($target_item['parent_mid'])
);
}
}