diff options
author | friendica <info@friendica.com> | 2014-03-28 01:12:52 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-03-28 01:12:52 -0700 |
commit | 34403d3bd3dc6c372187e9c75ac90f288cb88177 (patch) | |
tree | 75c0a8aeeacf6678c10daebeba6449bb4fd3d623 /mod/item.php | |
parent | 3c23d1f9fe2813d91fc8d29f19f8a51d9a0a9091 (diff) | |
download | volse-hubzilla-34403d3bd3dc6c372187e9c75ac90f288cb88177.tar.gz volse-hubzilla-34403d3bd3dc6c372187e9c75ac90f288cb88177.tar.bz2 volse-hubzilla-34403d3bd3dc6c372187e9c75ac90f288cb88177.zip |
fix delete missing permission check
Diffstat (limited to 'mod/item.php')
-rw-r--r-- | mod/item.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/mod/item.php b/mod/item.php index 39a44647c..3d1ede507 100644 --- a/mod/item.php +++ b/mod/item.php @@ -898,9 +898,14 @@ function item_content(&$a) { ); if($i) { - + $can_delete = false; + if(local_user() && local_user() == $i[0]['uid']) + $can_delete = true; $ob_hash = get_observer_hash(); - if($ob_hash !== $i[0]['author_xchan'] && $ob_hash !== $i[0]['owner_xchan'] && $ob_hash !== $i[0]['source_xchan']) { + if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) + $can_delete = true; + + if(! $can_delete) { notice( t('Permission denied.') . EOL); return; } |