diff options
author | friendica <info@friendica.com> | 2013-09-22 22:52:48 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-09-22 22:52:48 -0700 |
commit | 956d275693c451c4d9ba60751704b80257f37433 (patch) | |
tree | 972cc4a680deea49aeae5c602ac60f1150911495 /include/security.php | |
parent | 3ff96427506de4d7f230b94e333cb5f397ceb895 (diff) | |
download | volse-hubzilla-956d275693c451c4d9ba60751704b80257f37433.tar.gz volse-hubzilla-956d275693c451c4d9ba60751704b80257f37433.tar.bz2 volse-hubzilla-956d275693c451c4d9ba60751704b80257f37433.zip |
fixes for display and search privacy enforcement
Diffstat (limited to 'include/security.php')
-rw-r--r-- | include/security.php | 46 |
1 files changed, 36 insertions, 10 deletions
diff --git a/include/security.php b/include/security.php index 4738e473b..632b8d607 100644 --- a/include/security.php +++ b/include/security.php @@ -302,16 +302,19 @@ function public_permissions_sql($observer_hash) { foreach($groups as $g) $gs .= '|<' . $g . '>'; } - $sql = sprintf( - " OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') - AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) - )) - ", - dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), - dbesc($gs), - dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), - dbesc($gs) - ); + $sql = ''; + if($observer_hash) { + $sql = sprintf( + " OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') + AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) + )) + ", + dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), + dbesc($gs), + dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), + dbesc($gs) + ); + } return $sql; } @@ -424,6 +427,29 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) { $str .= ','; $str .= intval($rr); } +logger('stream_perms_api_uids: ' . $str); return $str; } +function stream_perms_xchans($perms_min = PERMS_SITE) { + $ret = array(); + if(local_user()) + $ret[] = get_observer_hash(); + $r = q("select channel_hash from channel where channel_r_stream <= %d", + intval($perms_min) + ); + if($r) + foreach($r as $rr) + if(! in_array($rr['channel_hash'],$ret)) + $ret[] = $rr['channel_hash']; + + $str = ''; + if($ret) + foreach($ret as $rr) { + if($str) + $str .= ','; + $str .= "'" . dbesc($rr) . "'"; + } +logger('stream_perms_xchans: ' . $str); + return $str; +} |