diff options
| author | redmatrix <redmatrix@redmatrix.me> | 2015-09-07 03:59:38 -0700 |
|---|---|---|
| committer | redmatrix <redmatrix@redmatrix.me> | 2015-09-07 03:59:38 -0700 |
| commit | 1b09c6485638339aede6dc2fd69956716b80fb00 (patch) | |
| tree | 9c898ed1f520c7f473a1217c04e1c469bb0a8eab /include | |
| parent | f7d9523c7da3c193dd0216fa00e62a940d0d174d (diff) | |
| download | volse-hubzilla-1b09c6485638339aede6dc2fd69956716b80fb00.tar.gz volse-hubzilla-1b09c6485638339aede6dc2fd69956716b80fb00.tar.bz2 volse-hubzilla-1b09c6485638339aede6dc2fd69956716b80fb00.zip | |
PRIVACY: item_private seems to have been removed from permissions_sql checking with an observer.
Diffstat (limited to 'include')
| -rw-r--r-- | include/security.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/security.php b/include/security.php index bad39d805..0c3dc29d6 100644 --- a/include/security.php +++ b/include/security.php @@ -260,7 +260,7 @@ function item_permissions_sql($owner_id, $remote_observer = null) { $regexop = db_getfunc('REGEXP'); $sql = sprintf( " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') - AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) ) ) ", dbesc(protect_sprintf( '%<' . $observer . '>%')), @@ -295,7 +295,7 @@ function public_permissions_sql($observer_hash) { $regexop = db_getfunc('REGEXP'); $sql = sprintf( " OR (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') - AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) ) )) ", dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), |