add one more level of parentheses to ensure operator precedence is correctly evaluated

author: redmatrix <redmatrix@redmatrix.me> 2015-09-28 20:03:11 -0700
committer: redmatrix <redmatrix@redmatrix.me> 2015-09-28 20:03:11 -0700
commit: 8d5556764c8472184365a9377bb40c55e97de5ae (patch)
tree: b752055f6cca85b10f58db22f07edde1e2a52f6f /include/security.php
parent: f965209eee06b3affbd3165e6c165e02f76bcabd (diff)
download: volse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.tar.gz
volse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.tar.bz2
volse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/include/security.php b/include/security.php
index 03e03ad40..9a25d9e0e 100644
--- a/include/security.php
+++ b/include/security.php
@@ -258,9 +258,9 @@ function item_permissions_sql($owner_id, $remote_observer = null) {
 			}
 			$regexop = db_getfunc('REGEXP');
 			$sql = sprintf(
-				" AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
+				" AND (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
 				  AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ))
-				  ) OR ( item_private = 1 $s )
+				  ) OR ( item_private = 1 $s ))
 				",
 				dbesc(protect_sprintf( '%<' . $observer . '>%')),
 				dbesc($gs),
author	redmatrix <redmatrix@redmatrix.me>	2015-09-28 20:03:11 -0700
committer	redmatrix <redmatrix@redmatrix.me>	2015-09-28 20:03:11 -0700
commit	8d5556764c8472184365a9377bb40c55e97de5ae (patch)
tree	b752055f6cca85b10f58db22f07edde1e2a52f6f /include/security.php
parent	f965209eee06b3affbd3165e6c165e02f76bcabd (diff)
download	volse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.tar.gz volse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.tar.bz2 volse-hubzilla-8d5556764c8472184365a9377bb40c55e97de5ae.zip