aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
authorredmatrix <redmatrix@redmatrix.me>2015-09-28 20:03:11 -0700
committerredmatrix <redmatrix@redmatrix.me>2015-09-28 20:03:11 -0700
commit8d5556764c8472184365a9377bb40c55e97de5ae (patch)
treeb752055f6cca85b10f58db22f07edde1e2a52f6f /include/security.php
parentf965209eee06b3affbd3165e6c165e02f76bcabd (diff)
downloadvolse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.tar.gz
volse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.tar.bz2
volse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.zip
add one more level of parentheses to ensure operator precedence is correctly evaluated
Diffstat (limited to 'include/security.php')
-rw-r--r--include/security.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/security.php b/include/security.php
index 03e03ad40..9a25d9e0e 100644
--- a/include/security.php
+++ b/include/security.php
@@ -258,9 +258,9 @@ function item_permissions_sql($owner_id, $remote_observer = null) {
}
$regexop = db_getfunc('REGEXP');
$sql = sprintf(
- " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
+ " AND (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ))
- ) OR ( item_private = 1 $s )
+ ) OR ( item_private = 1 $s ))
",
dbesc(protect_sprintf( '%<' . $observer . '>%')),
dbesc($gs),