aboutsummaryrefslogtreecommitdiffstats
path: root/mod/item.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-03-28 01:12:52 -0700
committerfriendica <info@friendica.com>2014-03-28 01:12:52 -0700
commit34403d3bd3dc6c372187e9c75ac90f288cb88177 (patch)
tree75c0a8aeeacf6678c10daebeba6449bb4fd3d623 /mod/item.php
parent3c23d1f9fe2813d91fc8d29f19f8a51d9a0a9091 (diff)
downloadvolse-hubzilla-34403d3bd3dc6c372187e9c75ac90f288cb88177.tar.gz
volse-hubzilla-34403d3bd3dc6c372187e9c75ac90f288cb88177.tar.bz2
volse-hubzilla-34403d3bd3dc6c372187e9c75ac90f288cb88177.zip
fix delete missing permission check
Diffstat (limited to 'mod/item.php')
-rw-r--r--mod/item.php9
1 files changed, 7 insertions, 2 deletions
diff --git a/mod/item.php b/mod/item.php
index 39a44647c..3d1ede507 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -898,9 +898,14 @@ function item_content(&$a) {
);
if($i) {
-
+ $can_delete = false;
+ if(local_user() && local_user() == $i[0]['uid'])
+ $can_delete = true;
$ob_hash = get_observer_hash();
- if($ob_hash !== $i[0]['author_xchan'] && $ob_hash !== $i[0]['owner_xchan'] && $ob_hash !== $i[0]['source_xchan']) {
+ if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan']))
+ $can_delete = true;
+
+ if(! $can_delete) {
notice( t('Permission denied.') . EOL);
return;
}