diff options
author | friendica <info@friendica.com> | 2014-03-27 20:43:37 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-03-27 20:43:37 -0700 |
commit | d99eaf151096dde28d56caa4b950cd2f3d4a1d83 (patch) | |
tree | 7ca09413410cb09b225dffc29d5de5f87630a710 /mod/item.php | |
parent | a6d8668a5f31def1a74fcdfe15a184acfe3d696d (diff) | |
download | volse-hubzilla-d99eaf151096dde28d56caa4b950cd2f3d4a1d83.tar.gz volse-hubzilla-d99eaf151096dde28d56caa4b950cd2f3d4a1d83.tar.bz2 volse-hubzilla-d99eaf151096dde28d56caa4b950cd2f3d4a1d83.zip |
a few more delete fixes
Diffstat (limited to 'mod/item.php')
-rw-r--r-- | mod/item.php | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/mod/item.php b/mod/item.php index 2fa978b44..39a44647c 100644 --- a/mod/item.php +++ b/mod/item.php @@ -892,15 +892,24 @@ function item_content(&$a) { if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) { require_once('include/items.php'); - $i = q("select id, item_restrict from item where id = %d and uid = %d limit 1", - intval(argv(2)) + $i = q("select id, uid, author_xchan, owner_xchan, source_xchan, item_restrict from item where id = %d and uid = %d limit 1", + intval(argv(2)), + intval(local_user()) ); + if($i) { + + $ob_hash = get_observer_hash(); + if($ob_hash !== $i[0]['author_xchan'] && $ob_hash !== $i[0]['owner_xchan'] && $ob_hash !== $i[0]['source_xchan']) { + notice( t('Permission denied.') . EOL); + return; + } + if($i[0]['item_restrict']) drop_item($i[0]['id']); else { drop_item($i[0]['id'],true,DROPITEM_PHASE1); - tag_deliver($uid,$i[0]['id']); + tag_deliver($i[0]['uid'],$i[0]['id']); } } } |