aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorredmatrix <redmatrix@redmatrix.me>2015-09-07 03:59:38 -0700
committerredmatrix <redmatrix@redmatrix.me>2015-09-07 03:59:38 -0700
commit1b09c6485638339aede6dc2fd69956716b80fb00 (patch)
tree9c898ed1f520c7f473a1217c04e1c469bb0a8eab /include
parentf7d9523c7da3c193dd0216fa00e62a940d0d174d (diff)
downloadvolse-hubzilla-1b09c6485638339aede6dc2fd69956716b80fb00.tar.gz
volse-hubzilla-1b09c6485638339aede6dc2fd69956716b80fb00.tar.bz2
volse-hubzilla-1b09c6485638339aede6dc2fd69956716b80fb00.zip
PRIVACY: item_private seems to have been removed from permissions_sql checking with an observer.
Diffstat (limited to 'include')
-rw-r--r--include/security.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/security.php b/include/security.php
index bad39d805..0c3dc29d6 100644
--- a/include/security.php
+++ b/include/security.php
@@ -260,7 +260,7 @@ function item_permissions_sql($owner_id, $remote_observer = null) {
$regexop = db_getfunc('REGEXP');
$sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
- AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
+ AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) )
)
",
dbesc(protect_sprintf( '%<' . $observer . '>%')),
@@ -295,7 +295,7 @@ function public_permissions_sql($observer_hash) {
$regexop = db_getfunc('REGEXP');
$sql = sprintf(
" OR (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
- AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
+ AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) )
))
",
dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),