diff options
| author | Christian Vogeley <christian.vogeley@hotmail.de> | 2013-08-03 00:14:59 +0200 |
|---|---|---|
| committer | Christian Vogeley <christian.vogeley@hotmail.de> | 2013-08-03 00:14:59 +0200 |
| commit | 9294f72adb3c076932558b6f29a4c570e7962764 (patch) | |
| tree | c0a7d4f5b56e922c2a572f4f0a414a405f92cd82 /include/security.php | |
| parent | c0cd147a3a9a86b270ea32026089ced16fb2f50c (diff) | |
| download | volse-hubzilla-9294f72adb3c076932558b6f29a4c570e7962764.tar.gz volse-hubzilla-9294f72adb3c076932558b6f29a4c570e7962764.tar.bz2 volse-hubzilla-9294f72adb3c076932558b6f29a4c570e7962764.zip | |
Revert "merge"
This reverts commit c0cd147a3a9a86b270ea32026089ced16fb2f50c, reversing
changes made to d2d1e54bfe928fe4cdfdcfc7e9acf658cda76898.
Diffstat (limited to 'include/security.php')
| -rw-r--r-- | include/security.php | 82 |
1 files changed, 38 insertions, 44 deletions
diff --git a/include/security.php b/include/security.php index ef4d5a313..29a0fc0bc 100644 --- a/include/security.php +++ b/include/security.php @@ -205,29 +205,26 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { else { - $observer = get_observer_hash(); - if($observer) { - $groups = init_groups_visitor($observer); - - $gs = '<<>>'; // should be impossible to match - - if(is_array($groups) && count($groups)) { - foreach($groups as $g) - $gs .= '|<' . $g . '>'; - } - $sql = sprintf( - " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') - AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) - ) - ", - dbesc(protect_sprintf( '%<' . $observer . '>%')), - dbesc($gs), - dbesc(protect_sprintf( '%<' . $observer . '>%')), - dbesc($gs) - ); - } + $observer = get_app()->get_observer(); + $groups = init_groups_visitor($remote_user); + + $gs = '<<>>'; // should be impossible to match + + if(is_array($groups) && count($groups)) { + foreach($groups as $g) + $gs .= '|<' . $g . '>'; + } + $sql = sprintf( + " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') + AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) + ) + ", + dbesc(protect_sprintf( '%<' . $remote_user . '>%')), + dbesc($gs), + dbesc(protect_sprintf( '%<' . $remote_user . '>%')), + dbesc($gs) + ); } - return $sql; } @@ -263,28 +260,25 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) else { - $observer = get_observer_hash(); - - if($observer) { - $groups = init_groups_visitor($observer); - - $gs = '<<>>'; // should be impossible to match - - if(is_array($groups) && count($groups)) { - foreach($groups as $g) - $gs .= '|<' . $g . '>'; - } - $sql = sprintf( - " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') - AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) - ) - ", - dbesc(protect_sprintf( '%<' . $observer . '>%')), - dbesc($gs), - dbesc(protect_sprintf( '%<' . $observer . '>%')), - dbesc($gs) - ); - } + $observer = get_app()->get_observer(); + $groups = init_groups_visitor($remote_user); + + $gs = '<<>>'; // should be impossible to match + + if(is_array($groups) && count($groups)) { + foreach($groups as $g) + $gs .= '|<' . $g . '>'; + } + $sql = sprintf( + " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') + AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) + ) + ", + dbesc(protect_sprintf( '%<' . $remote_user . '>%')), + dbesc($gs), + dbesc(protect_sprintf( '%<' . $remote_user . '>%')), + dbesc($gs) + ); } return $sql; } |