aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-03-06 17:21:14 -0800
committerfriendica <info@friendica.com>2012-03-06 17:21:14 -0800
commit88cd5800cf2e22f365bc38f567fcc1627e9278a7 (patch)
tree6c73c3b9db3b7ca267a379b291af90df91839d21 /include/security.php
parent39a49d51e370f6421a065cd78594e849ef92ff73 (diff)
downloadvolse-hubzilla-88cd5800cf2e22f365bc38f567fcc1627e9278a7.tar.gz
volse-hubzilla-88cd5800cf2e22f365bc38f567fcc1627e9278a7.tar.bz2
volse-hubzilla-88cd5800cf2e22f365bc38f567fcc1627e9278a7.zip
[privacy] rework latest fix
Diffstat (limited to 'include/security.php')
-rwxr-xr-xinclude/security.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/include/security.php b/include/security.php
index 6b8128bdd..c04491570 100755
--- a/include/security.php
+++ b/include/security.php
@@ -159,6 +159,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
AND allow_gid = ''
AND deny_cid = ''
AND deny_gid = ''
+ AND private = 0
";
/**
@@ -199,10 +200,11 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
}
$sql = sprintf(
- " AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' )
+ " AND (( allow_cid = '' OR allow_cid REGEXP '<%d>' )
AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' )
AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s')
+ OR private = 0 )
",
intval($remote_user),
intval($remote_user),