fix mod display query

author: Mario <mario@mariovavti.com> 2021-03-10 20:34:47 +0000
committer: Mario <mario@mariovavti.com> 2021-03-10 20:34:47 +0000
commit: b51049227f28bc1badf9387ea5bff16bfd7debcd (patch)
tree: 8c1dc6d351cbca42b3951e7d47dfe6f3eac25c41 /Zotlabs/Module/Display.php
parent: 15bc5c64f3f4c3226e6329f8b8aa73df4aeb5e0b (diff)
download: volse-hubzilla-b51049227f28bc1badf9387ea5bff16bfd7debcd.tar.gz
volse-hubzilla-b51049227f28bc1badf9387ea5bff16bfd7debcd.tar.bz2
volse-hubzilla-b51049227f28bc1badf9387ea5bff16bfd7debcd.zip
1 files changed, 14 insertions, 15 deletions
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 2aa4f6548..15dfb0dc9 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -243,7 +243,7 @@ class Display extends \Zotlabs\Web\Controller {
 		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
 
-		$sql_extra = public_permissions_sql($observer_hash);
+		$sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash));
 
 		if($noscript_content || $load) {
 
@@ -260,8 +260,7 @@ class Display extends \Zotlabs\Web\Controller {
 				);
 			}
 
-			if(! $r) {
-
+			if($r === null) {
 				// in case somebody turned off public access to sys channel content using permissions
 				// make that content unsearchable by ensuring the owner uid can't match
 
@@ -269,20 +268,18 @@ class Display extends \Zotlabs\Web\Controller {
 					$sysid = 0;
 
 				$r = q("SELECT item.id as item_id from item
-					WHERE ( (mid = '%s'
+					WHERE ((mid = '%s'
 					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = ''
 					AND item.deny_gid  = '' AND item_private = 0 )
 					and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
-					OR uid = %d ) ) ) OR
-					(mid = '%s' $sql_extra ) )
+					OR uid = %d ))) OR
+					(mid = '%s' $sql_extra ))
 					$item_normal
 					limit 1",
 					dbesc($target_item['parent_mid']),
 					intval($sysid),
 					dbesc($target_item['parent_mid'])
 				);
-
-
 			}
 		}
 
@@ -306,20 +303,22 @@ class Display extends \Zotlabs\Web\Controller {
 			if($r === null) {
 				// in case somebody turned off public access to sys channel content using permissions
 				// make that content unsearchable by ensuring the owner_xchan can't match
+
 				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
 					$sysid = 0;
-				$r = q("SELECT item.parent AS item_id from item
-					WHERE parent_mid = '%s'
+
+				$r = q("SELECT item.id as item_id from item
+					WHERE ((parent_mid = '%s'
 					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = ''
 					AND item.deny_gid  = '' AND item_private = 0 )
 					and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
-					OR uid = %d )
-					$sql_extra )
-					$item_normal_update
-					$simple_update
+					OR uid = %d ))) OR
+					(parent_mid = '%s' $sql_extra ))
+					$item_normal
 					limit 1",
 					dbesc($target_item['parent_mid']),
-					intval($sysid)
+					intval($sysid),
+					dbesc($target_item['parent_mid'])
 				);
 			}
 		}
author	Mario <mario@mariovavti.com>	2021-03-10 20:34:47 +0000
committer	Mario <mario@mariovavti.com>	2021-03-10 20:34:47 +0000
commit	b51049227f28bc1badf9387ea5bff16bfd7debcd (patch)
tree	8c1dc6d351cbca42b3951e7d47dfe6f3eac25c41 /Zotlabs/Module/Display.php
parent	15bc5c64f3f4c3226e6329f8b8aa73df4aeb5e0b (diff)
download	volse-hubzilla-b51049227f28bc1badf9387ea5bff16bfd7debcd.tar.gz volse-hubzilla-b51049227f28bc1badf9387ea5bff16bfd7debcd.tar.bz2 volse-hubzilla-b51049227f28bc1badf9387ea5bff16bfd7debcd.zip