diff options
| author | Haakon Meland Eriksen <haakon.eriksen@far.no> | 2015-09-11 06:42:11 +0200 |
|---|---|---|
| committer | Haakon Meland Eriksen <haakon.eriksen@far.no> | 2015-09-11 06:42:11 +0200 |
| commit | edb1473f13a87ccfdfe2555ac9ab798fbc073805 (patch) | |
| tree | 18a15afbca3cdbbf262e0737d01e23e7b4905cf1 /include/security.php | |
| parent | 2f73d24ab134391c3b3a69d5cbfede42e028b5ed (diff) | |
| parent | f2171173fe2c9a0596672da293eb756a514ff789 (diff) | |
| download | volse-hubzilla-edb1473f13a87ccfdfe2555ac9ab798fbc073805.tar.gz volse-hubzilla-edb1473f13a87ccfdfe2555ac9ab798fbc073805.tar.bz2 volse-hubzilla-edb1473f13a87ccfdfe2555ac9ab798fbc073805.zip | |
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'include/security.php')
| -rw-r--r-- | include/security.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/security.php b/include/security.php index 7cc93fc06..380505a79 100644 --- a/include/security.php +++ b/include/security.php @@ -256,7 +256,7 @@ function item_permissions_sql($owner_id, $remote_observer = null) { $regexop = db_getfunc('REGEXP'); $sql = sprintf( " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') - AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) ) ) ", dbesc(protect_sprintf( '%<' . $observer . '>%')), @@ -291,7 +291,7 @@ function public_permissions_sql($observer_hash) { $regexop = db_getfunc('REGEXP'); $sql = sprintf( " OR (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') - AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) ) )) ", dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), |