diff options
| author | redmatrix <git@macgirvin.com> | 2016-05-12 16:45:49 -0700 |
|---|---|---|
| committer | redmatrix <git@macgirvin.com> | 2016-05-12 16:47:03 -0700 |
| commit | 781716277ba382e0415e9188c252c1b79093ed6b (patch) | |
| tree | 4fe0250b2825bd2ccbf89eaecebcd39328cf38cf /include | |
| parent | 4d00c480263e857eb52dcf8d0a6f08370881c8ee (diff) | |
| download | volse-hubzilla-781716277ba382e0415e9188c252c1b79093ed6b.tar.gz volse-hubzilla-781716277ba382e0415e9188c252c1b79093ed6b.tar.bz2 volse-hubzilla-781716277ba382e0415e9188c252c1b79093ed6b.zip | |
SECURITY: a comment to a private post that has been edited (the comment has been edited) loses its privacy settings. This comment isn't visible in the stream but may be visible in feeds.
Diffstat (limited to 'include')
| -rw-r--r-- | include/zot.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/include/zot.php b/include/zot.php index 157354afa..8adc74ffa 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1953,6 +1953,16 @@ function remove_community_tag($sender, $arr, $uid) { */ function update_imported_item($sender, $item, $orig, $uid) { + // If this is a comment being updated, remove any privacy information + // so that item_store_update will set it from the original. + + if($item['mid'] !== $item['parent_mid']) { + unset($item['allow_cid']); + unset($item['allow_gid']); + unset($item['deny_cid']); + unset($item['deny_gid']); + unset($item['item_private']); + } $x = item_store_update($item); |