diff options
| author | zotlabs <mike@macgirvin.com> | 2017-04-30 16:03:01 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-04-30 16:03:01 -0700 |
| commit | c845d20352300e2b8a6133bbf3fe270807ba0856 (patch) | |
| tree | 87440153e1843a0d1384260044192806edeaea7d /include/security.php | |
| parent | 230617208ba4ba81a7c9a289ba44da7319500397 (diff) | |
| download | volse-hubzilla-c845d20352300e2b8a6133bbf3fe270807ba0856.tar.gz volse-hubzilla-c845d20352300e2b8a6133bbf3fe270807ba0856.tar.bz2 volse-hubzilla-c845d20352300e2b8a6133bbf3fe270807ba0856.zip | |
ugly postgres fixes
Diffstat (limited to 'include/security.php')
| -rw-r--r-- | include/security.php | 56 |
1 files changed, 34 insertions, 22 deletions
diff --git a/include/security.php b/include/security.php index b49ceec0d..ddbb3d806 100644 --- a/include/security.php +++ b/include/security.php @@ -597,18 +597,24 @@ function stream_perms_api_uids($perms = NULL, $limit = 0, $rand = 0 ) { $random_sql = (($rand) ? " ORDER BY " . db_getfunc('RAND') . " " : ''); if(local_channel()) $ret[] = local_channel(); - $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ", - intval($perms) - ); + $x = q("select uid, v from pconfig where cat = 'perm_limits' and k = 'view_stream' "); if($x) { - $ids = ids_to_querystr($x,'uid'); - $r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ", - intval(PAGE_ADULT|PAGE_CENSORED) - ); - if($r) { - foreach($r as $rr) - if(! in_array($rr['channel_id'], $ret)) - $ret[] = $rr['channel_id']; + $y = []; + foreach($x as $xv) { + if(intval($xv['v']) & $perms) { + $y[] = $xv; + } + } + if($y) { + $ids = ids_to_querystr($y,'uid'); + $r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ", + intval(PAGE_ADULT|PAGE_CENSORED) + ); + if($r) { + foreach($r as $rr) + if(! in_array($rr['channel_id'], $ret)) + $ret[] = $rr['channel_id']; + } } } @@ -635,19 +641,25 @@ function stream_perms_xchans($perms = NULL ) { if(local_channel()) $ret[] = get_observer_hash(); - $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ", - intval($perms) - ); + $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' "); if($x) { - $ids = ids_to_querystr($x,'uid'); - $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ", - intval(PAGE_ADULT|PAGE_CENSORED) - ); + $y = []; + foreach($x as $xv) { + if(intval($xv['v']) & $perms) { + $y[] = $xv; + } + } + if($y) { + $ids = ids_to_querystr($y,'uid'); + $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ", + intval(PAGE_ADULT|PAGE_CENSORED) + ); - if($r) { - foreach($r as $rr) - if(! in_array($rr['channel_hash'], $ret)) - $ret[] = $rr['channel_hash']; + if($r) { + foreach($r as $rr) + if(! in_array($rr['channel_hash'], $ret)) + $ret[] = $rr['channel_hash']; + } } } $str = ''; |