diff options
author | zotlabs <mike@macgirvin.com> | 2017-03-06 15:33:10 -0800 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-03-06 15:33:10 -0800 |
commit | 595cb13d8f2793fcefdc1566715848479460e479 (patch) | |
tree | e6e7e635f6253f0bd0e8cd269ff6e21119ab2048 /Zotlabs | |
parent | 9e44b0727513d820336cd4c51350d62b13cf8479 (diff) | |
download | volse-hubzilla-595cb13d8f2793fcefdc1566715848479460e479.tar.gz volse-hubzilla-595cb13d8f2793fcefdc1566715848479460e479.tar.bz2 volse-hubzilla-595cb13d8f2793fcefdc1566715848479460e479.zip |
correct fix for wiki anonymous read issue (items_permissions_sql checks item.public_policy which was set for posts, not wikis)
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Lib/NativeWikiPage.php | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index e9f8a32c9..941ade90c 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -64,6 +64,8 @@ class NativeWikiPage { $arr['deny_cid'] = $w['wiki']['deny_cid']; $arr['deny_gid'] = $w['wiki']['deny_gid']; + $arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel_id,'view_wiki'),true); + // We may wish to change this some day. $arr['item_unpublished'] = 1; @@ -232,10 +234,7 @@ class NativeWikiPage { } } - $sql_extra = ''; - - if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) - $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + $sql_extra = item_permissions_sql($channel_id,$observer_hash); if($revision == (-1)) $sql_extra .= " order by revision desc "; @@ -288,10 +287,7 @@ class NativeWikiPage { } } - $sql_extra = ''; - - if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) - $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + $sql_extra = item_permissions_sql($channel_id,$observer_hash); $sql_extra .= " order by revision desc "; |