aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2022-05-11 11:50:29 +0000
committerMario <mario@mariovavti.com>2022-05-11 11:50:29 +0000
commita7968e6525ab47bc44d6a8b5a01cf82ac6d5ea03 (patch)
tree435abde61af1ed8ec4f406aee4c26da2b4ef5788 /Zotlabs/Module
parente59cc3d40490939aa19a13246fdc2f8b8d80b1db (diff)
downloadvolse-hubzilla-a7968e6525ab47bc44d6a8b5a01cf82ac6d5ea03.tar.gz
volse-hubzilla-a7968e6525ab47bc44d6a8b5a01cf82ac6d5ea03.tar.bz2
volse-hubzilla-a7968e6525ab47bc44d6a8b5a01cf82ac6d5ea03.zip
update queries in mod search - fixes #1677
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Search.php50
1 files changed, 23 insertions, 27 deletions
diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php
index fdc251b07..19fcff5c8 100644
--- a/Zotlabs/Module/Search.php
+++ b/Zotlabs/Module/Search.php
@@ -177,49 +177,46 @@ class Search extends Controller {
}
- $item_normal = item_normal_search();
- $pub_sql = public_permissions_sql($observer_hash);
-
- require_once('include/channel.php');
-
- $sys = get_sys_channel();
-
if (($update) && ($load)) {
$itemspage = get_pconfig(local_channel(), 'system', 'itemspage');
App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10));
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
- // in case somebody turned off public access to sys channel content with permissions
+ $item_normal = item_normal_search();
+ $pub_sql = item_permissions_sql(0, $observer_hash);
- if (!perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream'))
- $sys['xchan_hash'] .= 'disabled';
+ $sys = get_sys_channel();
+
+ // in case somebody turned off public access to sys channel content using permissions
+ // make that content unsearchable by ensuring the owner uid can't match
+ $sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
if ($load) {
$r = null;
if (local_channel()) {
- $r = q("SELECT mid, MAX(id) as item_id from item
- WHERE ((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 )
- OR ( item.uid = %d )) OR item.owner_xchan = '%s' )
+ $r = q("SELECT mid, MAX(id) AS item_id FROM item
+ WHERE (( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item.item_private = 0 )
+ OR ( item.uid = %d ))
$item_normal
$sql_extra
- group by mid, created order by created desc $pager_sql ",
- intval(local_channel()),
- dbesc($sys['xchan_hash'])
+ GROUP BY mid, created ORDER BY created DESC $pager_sql ",
+ intval(local_channel())
);
}
- if ($r === null) {
- $r = q("SELECT mid, MAX(id) as item_id from item
- WHERE (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
- AND item.deny_gid = '' AND item_private = 0 )
- and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK | PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
- $pub_sql ) OR owner_xchan = '%s')
+
+ if (!$r) {
+ $r = q("SELECT mid, MAX(id) AS item_id FROM item
+ WHERE (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item.item_private = 0 )
+ AND item.uid IN ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK | PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
+ $pub_sql ) OR item.uid = '%d')
$item_normal
$sql_extra
- group by mid, created order by created desc $pager_sql",
- dbesc($sys['xchan_hash'])
+ GROUP BY mid, created ORDER BY created DESC $pager_sql",
+ intval($sys_id)
);
}
+
if ($r) {
$str = ids_to_querystr($r, 'item_id');
$r = dbq("select *, id as item_id from item where id in ( " . $str . ") order by created desc");
@@ -232,13 +229,12 @@ class Search extends Controller {
}
+ $items = [];
+
if ($r) {
xchan_query($r);
$items = fetch_post_tags($r, true);
}
- else {
- $items = [];
- }
if ($format === 'json') {
$result = [];