aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-02-10 04:55:29 -0800
committerfriendica <info@friendica.com>2013-02-10 04:55:29 -0800
commit99c5f88963227a48544747e9dc8b13550b88c0f2 (patch)
tree115070a6941baf51a5388be67b312e499f800e2c /include
parent260a012b02c4941655e897735eeac09dadcf98c4 (diff)
downloadvolse-hubzilla-99c5f88963227a48544747e9dc8b13550b88c0f2.tar.gz
volse-hubzilla-99c5f88963227a48544747e9dc8b13550b88c0f2.tar.bz2
volse-hubzilla-99c5f88963227a48544747e9dc8b13550b88c0f2.zip
mod_display - no fun. Not working at all. But a bit of progress.
Diffstat (limited to 'include')
-rw-r--r--include/conversation.php5
-rw-r--r--include/security.php40
2 files changed, 35 insertions, 10 deletions
diff --git a/include/conversation.php b/include/conversation.php
index 4758721a5..fe4ac54f5 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -409,6 +409,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
. ((x($_GET,'cmin')) ? '&cmin=' . $_GET['cmin'] : '')
. ((x($_GET,'cmax')) ? '&cmax=' . $_GET['cmax'] : '')
. ((x($_GET,'file')) ? '&file=' . $_GET['file'] : '')
+ . ((x($_GET,'uri')) ? '&uri=' . $_GET['uri'] : '')
. "'; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
}
@@ -435,8 +436,8 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
}
elseif($mode === 'display') {
- $profile_owner = $a->profile['uid'];
- $page_writeable = ($profile_owner == local_user());
+ $profile_owner = local_user();
+ $page_writeable = false;
$live_update_div = '<div id="live-display"></div>' . "\r\n";
diff --git a/include/security.php b/include/security.php
index 9f4058f88..8477ea6de 100644
--- a/include/security.php
+++ b/include/security.php
@@ -214,13 +214,13 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
$gs .= '|<' . $g . '>';
}
$sql = sprintf(
- " AND ( NOT (deny_cid like '<%s>' OR deny_gid REGEXP '%s')
- AND ( allow_cid like '<%s>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+ " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
+ AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
)
",
- dbesc(protect_sprintf( '%' . $remote_user . '%')),
+ dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
dbesc($gs),
- dbesc(protect_sprintf( '%' . $remote_user . '%')),
+ dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
dbesc($gs)
);
}
@@ -269,19 +269,43 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
$gs .= '|<' . $g . '>';
}
$sql = sprintf(
- " AND ( NOT (deny_cid like '<%s>' OR deny_gid REGEXP '%s')
- AND ( allow_cid like '<%s>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+ " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
+ AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
)
",
- dbesc(protect_sprintf( '%' . $remote_user . '%')),
+ dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
dbesc($gs),
- dbesc(protect_sprintf( '%' . $remote_user . '%')),
+ dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
dbesc($gs)
);
}
return $sql;
}
+function public_permissions_sql($observer_hash) {
+
+ $observer = get_app()->get_observer();
+ $groups = init_groups_visitor($observer_hash);
+
+ $gs = '<<>>'; // should be impossible to match
+
+ if(is_array($groups) && count($groups)) {
+ foreach($groups as $g)
+ $gs .= '|<' . $g . '>';
+ }
+ $sql = sprintf(
+ " OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
+ AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+ ))
+ ",
+ dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),
+ dbesc($gs),
+ dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),
+ dbesc($gs)
+ );
+
+ return $sql;
+}
/*