diff options
| author | friendica <info@friendica.com> | 2013-01-22 02:56:32 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-01-22 02:56:32 -0800 |
| commit | beb3301d43c0d532bd6984ee745074479babdabb (patch) | |
| tree | e1fb9a4ad9ef56456f6e06049053f2234ce79c63 /mod/dirsearch.php | |
| parent | bda4ca4c0d9f247675f4c241ecb0d402bb380d8f (diff) | |
| download | volse-hubzilla-beb3301d43c0d532bd6984ee745074479babdabb.tar.gz volse-hubzilla-beb3301d43c0d532bd6984ee745074479babdabb.tar.bz2 volse-hubzilla-beb3301d43c0d532bd6984ee745074479babdabb.zip | |
security fixes related to directory access and sites that are off the grid
Diffstat (limited to 'mod/dirsearch.php')
| -rw-r--r-- | mod/dirsearch.php | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/mod/dirsearch.php b/mod/dirsearch.php index 57132519c..1dbe60499 100644 --- a/mod/dirsearch.php +++ b/mod/dirsearch.php @@ -14,16 +14,12 @@ function dirsearch_content(&$a) { // If you've got a public directory server, you probably shouldn't block public access - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { - $ret['message'] = t('Public access denied.'); - return; - } $dirmode = intval(get_config('system','directory_mode')); if($dirmode == DIRECTORY_MODE_NORMAL) { $ret['message'] = t('This site is not a directory server'); - return; + json_return_and_die($ret); } $name = ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''); @@ -75,7 +71,7 @@ function dirsearch_content(&$a) { // By default we return one page (default 80 items maximum) and do not count total entries $logic = ((strlen($sql_extra)) ? 0 : 1); - +dbg(1); if($limit) $qlimit = " LIMIT $limit "; else { @@ -95,7 +91,7 @@ function dirsearch_content(&$a) { $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d ) $order $qlimit ", intval(XCHAN_FLAGS_HIDDEN) ); - +dbg(0); $ret['page'] = $page + 1; $ret['records'] = count($r); |