diff options
author | friendica <info@friendica.com> | 2013-09-22 22:52:48 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-09-22 22:52:48 -0700 |
commit | 956d275693c451c4d9ba60751704b80257f37433 (patch) | |
tree | 972cc4a680deea49aeae5c602ac60f1150911495 /mod | |
parent | 3ff96427506de4d7f230b94e333cb5f397ceb895 (diff) | |
download | volse-hubzilla-956d275693c451c4d9ba60751704b80257f37433.tar.gz volse-hubzilla-956d275693c451c4d9ba60751704b80257f37433.tar.bz2 volse-hubzilla-956d275693c451c4d9ba60751704b80257f37433.zip |
fixes for display and search privacy enforcement
Diffstat (limited to 'mod')
-rw-r--r-- | mod/display.php | 4 | ||||
-rw-r--r-- | mod/search.php | 62 |
2 files changed, 40 insertions, 26 deletions
diff --git a/mod/display.php b/mod/display.php index d19502eb1..476087ce7 100644 --- a/mod/display.php +++ b/mod/display.php @@ -113,16 +113,18 @@ function display_content(&$a, $update = 0, $load = false) { } } if($r === null) { +dbg(1); $r = q("SELECT * from item WHERE item_restrict = 0 and mid = '%s' AND ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) - and uid in ( " . stream_perms_api_uids() . " )) + and owner_xchan in ( " . stream_perms_xchans() . " )) $sql_extra ) group by mid limit 1", dbesc($target_item['parent_mid']) ); +dbg(0); } } diff --git a/mod/search.php b/mod/search.php index 38131f63f..1cb6cb461 100644 --- a/mod/search.php +++ b/mod/search.php @@ -183,23 +183,37 @@ function search_content(&$a,$update = 0, $load = false) { } - + $pub_sql = public_permissions_sql(get_observer_hash()); if(($update) && ($load)) { $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); -dbg(1); + if($load) { - $r = q("SELECT distinct mid, id as item_id from item - WHERE item_restrict = 0 - AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) - OR ( `item`.`uid` = %d )) - $sql_extra - group by mid ORDER BY created DESC $pager_sql ", - intval(local_user()), - intval(ABOOK_FLAG_BLOCKED) + $r = null; + + if(local_user()) { + $r = q("SELECT distinct mid, item.* from item + WHERE item_restrict = 0 + AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) + OR ( `item`.`uid` = %d )) + $sql_extra + group by mid ORDER BY created DESC $pager_sql ", + intval(local_user()), + intval(ABOOK_FLAG_BLOCKED) - ); -dbg(0); + ); + } + if($r === null) { + $r = q("SELECT distinct mid, item.* from item + WHERE item_restrict = 0 + AND ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' + AND `item`.`deny_gid` = '' AND item_private = 0 ) + and owner_xchan in ( " . stream_perms_xchans() . " )) + $pub_sql ) + $sql_extra + group by mid ORDER BY created DESC $pager_sql" + ); + } } else { $r = array(); @@ -208,19 +222,17 @@ dbg(0); if($r) { - $parents_str = ids_to_querystr($r,'item_id'); -dbg(1); - $items = q("SELECT `item`.*, `item`.`id` AS `item_id` - FROM `item` - WHERE item_restrict = 0 - $sql_extra and parent in ( $parents_str ) " -// intval($a->profile['profile_uid']), -// dbesc($parents_str) - ); -dbg(0); - xchan_query($items); - $items = fetch_post_tags($items,true); - $items = conv_sort($items,'created'); +// $parents_str = ids_to_querystr($r,'item_id'); + +// $items = q("SELECT `item`.*, `item`.`id` AS `item_id` +// FROM `item` +// WHERE item_restrict = 0 +// $sql_extra and parent in ( $parents_str ) " +// ); + + xchan_query($r); + $items = fetch_post_tags($r,true); +// $items = conv_sort($items,'created'); } else { $items = array(); |