diff options
author | friendica <info@friendica.com> | 2013-09-12 20:11:56 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-09-12 20:11:56 -0700 |
commit | 3a2d11bde1581b8ee1e2a07c04370ce9eae9ea55 (patch) | |
tree | cf611e18d43e0960fcbc9741e0f6a35a5fb12e28 /include/zot.php | |
parent | 037fd43fbde829cf4911d7500043f3befa5e99b2 (diff) | |
download | volse-hubzilla-3a2d11bde1581b8ee1e2a07c04370ce9eae9ea55.tar.gz volse-hubzilla-3a2d11bde1581b8ee1e2a07c04370ce9eae9ea55.tar.bz2 volse-hubzilla-3a2d11bde1581b8ee1e2a07c04370ce9eae9ea55.zip |
so public_recips and allowed_public_recips is working so much better than before, but was still not quite right. We seem to be getting all the right results for top-level posts now, but comments aren't getting through on channels for which we've allowed them to send us their stream, but not comment on our posts. The reason is we were seeing if they could comment - and we only need to do that if we own the post. If they own the post, we only need to check if they can send us their stream.
Diffstat (limited to 'include/zot.php')
-rw-r--r-- | include/zot.php | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/include/zot.php b/include/zot.php index cdbfd2185..e395e88f6 100644 --- a/include/zot.php +++ b/include/zot.php @@ -926,14 +926,22 @@ function public_recips($msg) { $check_mentions = false; if($msg['message']['type'] === 'activity') { + $col = 'channel_w_stream'; + $field = PERMS_W_STREAM; if(array_key_exists('flags',$msg['message']) && in_array('thread_parent', $msg['message']['flags'])) { - $col = 'channel_w_stream'; - $field = PERMS_W_STREAM; + // check mention recipient permissions on top level posts only $check_mentions = true; } else { - $col = 'channel_w_comment'; - $field = PERMS_W_COMMENT; + // if this is a comment and it wasn't sent by the post owner, check to see who is allowing them to comment. + // We should have one specific recipient and this step shouldn't be needed unless somebody stuffed up their software. + // We may need this step to protect us from bad guys intentionally stuffing up their software. + // If it is sent by the post owner, we don't need to do this. We only need to see who is receiving the + // owner's stream (which was already set above) - as they control the comment permissions + if($msg['notify']['sender']['guid_sig'] != $msg['message']['owner']['guid_sig']) { + $col = 'channel_w_comment'; + $field = PERMS_W_COMMENT; + } } } elseif($msg['message']['type'] === 'mail') { |