aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Display.php
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-03-12 10:07:15 +0000
committerMario <mario@mariovavti.com>2021-03-12 10:07:15 +0000
commit3f053611bdbbd4a26a5d9c76a294b7ada07f0726 (patch)
treeb8b16b780d0353ede8580b41ec9e16f622c94c87 /Zotlabs/Module/Display.php
parentc29261487cdecda4282df25769540bc4fa20631d (diff)
parent1582b8bc9620a661823c608c0c7023a70554214b (diff)
downloadvolse-hubzilla-3f053611bdbbd4a26a5d9c76a294b7ada07f0726.tar.gz
volse-hubzilla-3f053611bdbbd4a26a5d9c76a294b7ada07f0726.tar.bz2
volse-hubzilla-3f053611bdbbd4a26a5d9c76a294b7ada07f0726.zip
Merge branch 'dev' into air
Diffstat (limited to 'Zotlabs/Module/Display.php')
-rw-r--r--Zotlabs/Module/Display.php29
1 files changed, 14 insertions, 15 deletions
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 2aa4f6548..15dfb0dc9 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -243,7 +243,7 @@ class Display extends \Zotlabs\Web\Controller {
$item_normal = item_normal();
$item_normal_update = item_normal_update();
- $sql_extra = public_permissions_sql($observer_hash);
+ $sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash));
if($noscript_content || $load) {
@@ -260,8 +260,7 @@ class Display extends \Zotlabs\Web\Controller {
);
}
- if(! $r) {
-
+ if($r === null) {
// in case somebody turned off public access to sys channel content using permissions
// make that content unsearchable by ensuring the owner uid can't match
@@ -269,20 +268,18 @@ class Display extends \Zotlabs\Web\Controller {
$sysid = 0;
$r = q("SELECT item.id as item_id from item
- WHERE ( (mid = '%s'
+ WHERE ((mid = '%s'
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
- OR uid = %d ) ) ) OR
- (mid = '%s' $sql_extra ) )
+ OR uid = %d ))) OR
+ (mid = '%s' $sql_extra ))
$item_normal
limit 1",
dbesc($target_item['parent_mid']),
intval($sysid),
dbesc($target_item['parent_mid'])
);
-
-
}
}
@@ -306,20 +303,22 @@ class Display extends \Zotlabs\Web\Controller {
if($r === null) {
// in case somebody turned off public access to sys channel content using permissions
// make that content unsearchable by ensuring the owner_xchan can't match
+
if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
$sysid = 0;
- $r = q("SELECT item.parent AS item_id from item
- WHERE parent_mid = '%s'
+
+ $r = q("SELECT item.id as item_id from item
+ WHERE ((parent_mid = '%s'
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
- OR uid = %d )
- $sql_extra )
- $item_normal_update
- $simple_update
+ OR uid = %d ))) OR
+ (parent_mid = '%s' $sql_extra ))
+ $item_normal
limit 1",
dbesc($target_item['parent_mid']),
- intval($sysid)
+ intval($sysid),
+ dbesc($target_item['parent_mid'])
);
}
}