diff options
author | redmatrix <redmatrix@redmatrix.me> | 2015-09-28 20:03:11 -0700 |
---|---|---|
committer | redmatrix <redmatrix@redmatrix.me> | 2015-09-28 20:03:11 -0700 |
commit | 8d5556764c8472184365a9377bb40c55e97de5ae (patch) | |
tree | b752055f6cca85b10f58db22f07edde1e2a52f6f /include/security.php | |
parent | f965209eee06b3affbd3165e6c165e02f76bcabd (diff) | |
download | volse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.tar.gz volse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.tar.bz2 volse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.zip |
add one more level of parentheses to ensure operator precedence is correctly evaluated
Diffstat (limited to 'include/security.php')
-rw-r--r-- | include/security.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/security.php b/include/security.php index 03e03ad40..9a25d9e0e 100644 --- a/include/security.php +++ b/include/security.php @@ -258,9 +258,9 @@ function item_permissions_sql($owner_id, $remote_observer = null) { } $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') + " AND (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 )) - ) OR ( item_private = 1 $s ) + ) OR ( item_private = 1 $s )) ", dbesc(protect_sprintf( '%<' . $observer . '>%')), dbesc($gs), |