testing init_groups_visitor changes - also add virtual groups for both zot identities

1 files changed, 11 insertions, 13 deletions

diff --git a/include/security.php b/include/security.php
index 4af46c257..44cd605dc 100644
--- a/include/security.php
+++ b/include/security.php
@@ -564,17 +564,6 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f
 function init_groups_visitor($contact_id) {
 	$groups = [];
 
-	// private profiles are treated as a virtual group
-
-	$r = q("SELECT abook_profile from abook where abook_xchan = '%s' and abook_profile != '' ",
-		dbesc($contact_id)
-	);
-	if($r) {
-		foreach($r as $rv) {
-			$groups[] = 'vp.' . $rv['abook_profile'];
-		}
-	}
-
 	$x = q("select * from xchan where xchan_hash = '%s'",
 		dbesc($contact_id)
 	);
@@ -594,10 +583,19 @@ function init_groups_visitor($contact_id) {
 	if($xchans) {
 		$hashes = ids_to_querystr($xchans,'xchan_hash',true);
 	}
-		
+
+	// private profiles are treated as a virtual group
+
+	$r = q("SELECT abook_profile from abook where abook_xchan in ( " . protect_sprintf($hashes) . " ) and abook_profile != '' ");
+	if($r) {
+		foreach($r as $rv) {
+			$groups[] = 'vp.' . $rv['abook_profile'];
+		}
+	}
+
 	// physical groups this identity is a member of
 
-	$r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) " );
+	$r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) ");
 	if($r) {
 		foreach($r as $rr)
 			$groups[] = $rr['hash'];