diff options
| author | Mario <mario@mariovavti.com> | 2021-03-12 10:07:15 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2021-03-12 10:07:15 +0000 |
| commit | 3f053611bdbbd4a26a5d9c76a294b7ada07f0726 (patch) | |
| tree | b8b16b780d0353ede8580b41ec9e16f622c94c87 /Zotlabs/Module/Display.php | |
| parent | c29261487cdecda4282df25769540bc4fa20631d (diff) | |
| parent | 1582b8bc9620a661823c608c0c7023a70554214b (diff) | |
| download | volse-hubzilla-3f053611bdbbd4a26a5d9c76a294b7ada07f0726.tar.gz volse-hubzilla-3f053611bdbbd4a26a5d9c76a294b7ada07f0726.tar.bz2 volse-hubzilla-3f053611bdbbd4a26a5d9c76a294b7ada07f0726.zip | |
Merge branch 'dev' into air
Diffstat (limited to 'Zotlabs/Module/Display.php')
| -rw-r--r-- | Zotlabs/Module/Display.php | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 2aa4f6548..15dfb0dc9 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -243,7 +243,7 @@ class Display extends \Zotlabs\Web\Controller { $item_normal = item_normal(); $item_normal_update = item_normal_update(); - $sql_extra = public_permissions_sql($observer_hash); + $sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash)); if($noscript_content || $load) { @@ -260,8 +260,7 @@ class Display extends \Zotlabs\Web\Controller { ); } - if(! $r) { - + if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner uid can't match @@ -269,20 +268,18 @@ class Display extends \Zotlabs\Web\Controller { $sysid = 0; $r = q("SELECT item.id as item_id from item - WHERE ( (mid = '%s' + WHERE ((mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - OR uid = %d ) ) ) OR - (mid = '%s' $sql_extra ) ) + OR uid = %d ))) OR + (mid = '%s' $sql_extra )) $item_normal limit 1", dbesc($target_item['parent_mid']), intval($sysid), dbesc($target_item['parent_mid']) ); - - } } @@ -306,20 +303,22 @@ class Display extends \Zotlabs\Web\Controller { if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner_xchan can't match + if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) $sysid = 0; - $r = q("SELECT item.parent AS item_id from item - WHERE parent_mid = '%s' + + $r = q("SELECT item.id as item_id from item + WHERE ((parent_mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - OR uid = %d ) - $sql_extra ) - $item_normal_update - $simple_update + OR uid = %d ))) OR + (parent_mid = '%s' $sql_extra )) + $item_normal limit 1", dbesc($target_item['parent_mid']), - intval($sysid) + intval($sysid), + dbesc($target_item['parent_mid']) ); } } |