aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-04-30 16:03:01 -0700
committerzotlabs <mike@macgirvin.com>2017-04-30 16:03:01 -0700
commitc845d20352300e2b8a6133bbf3fe270807ba0856 (patch)
tree87440153e1843a0d1384260044192806edeaea7d /include/security.php
parent230617208ba4ba81a7c9a289ba44da7319500397 (diff)
downloadvolse-hubzilla-c845d20352300e2b8a6133bbf3fe270807ba0856.tar.gz
volse-hubzilla-c845d20352300e2b8a6133bbf3fe270807ba0856.tar.bz2
volse-hubzilla-c845d20352300e2b8a6133bbf3fe270807ba0856.zip
ugly postgres fixes
Diffstat (limited to 'include/security.php')
-rw-r--r--include/security.php56
1 files changed, 34 insertions, 22 deletions
diff --git a/include/security.php b/include/security.php
index b49ceec0d..ddbb3d806 100644
--- a/include/security.php
+++ b/include/security.php
@@ -597,18 +597,24 @@ function stream_perms_api_uids($perms = NULL, $limit = 0, $rand = 0 ) {
$random_sql = (($rand) ? " ORDER BY " . db_getfunc('RAND') . " " : '');
if(local_channel())
$ret[] = local_channel();
- $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
- intval($perms)
- );
+ $x = q("select uid, v from pconfig where cat = 'perm_limits' and k = 'view_stream' ");
if($x) {
- $ids = ids_to_querystr($x,'uid');
- $r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
- intval(PAGE_ADULT|PAGE_CENSORED)
- );
- if($r) {
- foreach($r as $rr)
- if(! in_array($rr['channel_id'], $ret))
- $ret[] = $rr['channel_id'];
+ $y = [];
+ foreach($x as $xv) {
+ if(intval($xv['v']) & $perms) {
+ $y[] = $xv;
+ }
+ }
+ if($y) {
+ $ids = ids_to_querystr($y,'uid');
+ $r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
+ intval(PAGE_ADULT|PAGE_CENSORED)
+ );
+ if($r) {
+ foreach($r as $rr)
+ if(! in_array($rr['channel_id'], $ret))
+ $ret[] = $rr['channel_id'];
+ }
}
}
@@ -635,19 +641,25 @@ function stream_perms_xchans($perms = NULL ) {
if(local_channel())
$ret[] = get_observer_hash();
- $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
- intval($perms)
- );
+ $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' ");
if($x) {
- $ids = ids_to_querystr($x,'uid');
- $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ",
- intval(PAGE_ADULT|PAGE_CENSORED)
- );
+ $y = [];
+ foreach($x as $xv) {
+ if(intval($xv['v']) & $perms) {
+ $y[] = $xv;
+ }
+ }
+ if($y) {
+ $ids = ids_to_querystr($y,'uid');
+ $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ",
+ intval(PAGE_ADULT|PAGE_CENSORED)
+ );
- if($r) {
- foreach($r as $rr)
- if(! in_array($rr['channel_hash'], $ret))
- $ret[] = $rr['channel_hash'];
+ if($r) {
+ foreach($r as $rr)
+ if(! in_array($rr['channel_hash'], $ret))
+ $ret[] = $rr['channel_hash'];
+ }
}
}
$str = '';