diff options
| author | friendica <info@friendica.com> | 2013-09-20 17:58:11 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-09-20 17:58:11 -0700 |
| commit | 1126d8f2e3ee8356cf619e9e817fb448079634e6 (patch) | |
| tree | 6dcff37d5d394eaae4c68f50783cd8150fac2111 /mod/item.php | |
| parent | 06389f87dfd21aee7f152650d08b272f69f17faa (diff) | |
| download | volse-hubzilla-1126d8f2e3ee8356cf619e9e817fb448079634e6.tar.gz volse-hubzilla-1126d8f2e3ee8356cf619e9e817fb448079634e6.tar.bz2 volse-hubzilla-1126d8f2e3ee8356cf619e9e817fb448079634e6.zip | |
hopefully this will go over a bit better - check post owner permissions as well as local owner permissions for comments during submission, since the comment was being blindly accepted on the local system due to only checking the profile owner. Also change collections query to include only top-level posts by a member of the collection.
Diffstat (limited to 'mod/item.php')
| -rw-r--r-- | mod/item.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/mod/item.php b/mod/item.php index 895784ff9..2ebb02869 100644 --- a/mod/item.php +++ b/mod/item.php @@ -153,11 +153,19 @@ function item_post(&$a) { } + $observer = $a->get_observer(); + + if($parent) { logger('mod_item: item_post parent=' . $parent); + if(! can_comment_on_post($observer['xchan_hash'],$parent_item)) { + notice( t('Permission denied.') . EOL) ; + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } } - $observer = $a->get_observer(); if(! perm_is_allowed($profile_uid,$observer['xchan_hash'],(($parent) ? 'post_comments' : 'post_wall'))) { notice( t('Permission denied.') . EOL) ; |