diff options
| author | Mario Vavti <mario@mariovavti.com> | 2015-04-22 12:00:15 +0200 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2015-04-22 12:00:15 +0200 |
| commit | 9e490d022b985f295a0547c8a115c610a77a3a24 (patch) | |
| tree | 1d3db764fd0b939a58836351211a3ea6bcba5e1f /mod/editwebpage.php | |
| parent | b4dff3a9ff16811ea0310f5dbf4d7559c97835b0 (diff) | |
| download | volse-hubzilla-9e490d022b985f295a0547c8a115c610a77a3a24.tar.gz volse-hubzilla-9e490d022b985f295a0547c8a115c610a77a3a24.tar.bz2 volse-hubzilla-9e490d022b985f295a0547c8a115c610a77a3a24.zip | |
fix webpage perms
Diffstat (limited to 'mod/editwebpage.php')
| -rw-r--r-- | mod/editwebpage.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/mod/editwebpage.php b/mod/editwebpage.php index a7564a126..a1918741b 100644 --- a/mod/editwebpage.php +++ b/mod/editwebpage.php @@ -90,11 +90,18 @@ function editwebpage_content(&$a) { // We've already figured out which item we want and whose copy we need, // so we don't need anything fancy here - $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", + $sql_extra = item_permissions_sql($owner); + + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s $sql_extra LIMIT 1", intval($post_id), intval($owner) ); + if(! $itm) { + notice( t('Permission denied.') . EOL); + return; + } + if($itm[0]['item_flags'] & ITEM_OBSCURED) { $key = get_config('system','prvkey'); if($itm[0]['title']) |