diff options
| author | Haakon Meland Eriksen <haakon.eriksen@far.no> | 2015-11-10 07:36:51 +0100 |
|---|---|---|
| committer | Haakon Meland Eriksen <haakon.eriksen@far.no> | 2015-11-10 07:36:51 +0100 |
| commit | b782c46e518afd0713f92fabb76aea9a7c3e5d77 (patch) | |
| tree | c28dc5d4f45988a01c56876d1ae41d92a73d6191 /mod | |
| parent | eaa47760bc7bb024b4c41bd41be62fd16f1237ec (diff) | |
| parent | 7ec687988746e1037d86d25186c2dd5f2addb15b (diff) | |
| download | volse-hubzilla-b782c46e518afd0713f92fabb76aea9a7c3e5d77.tar.gz volse-hubzilla-b782c46e518afd0713f92fabb76aea9a7c3e5d77.tar.bz2 volse-hubzilla-b782c46e518afd0713f92fabb76aea9a7c3e5d77.zip | |
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/attach.php | 5 | ||||
| -rw-r--r-- | mod/connedit.php | 25 |
2 files changed, 21 insertions, 9 deletions
diff --git a/mod/attach.php b/mod/attach.php index ad5dead07..306e39519 100644 --- a/mod/attach.php +++ b/mod/attach.php @@ -37,7 +37,10 @@ function attach_init(&$a) { header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"'); if(intval($r['data']['os_storage'])) { $fname = dbunescbin($r['data']['data']); - $istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname,'rb'); + if(strpos($fname,'store') !== false) + $istream = fopen($fname,'rb'); + else + $istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname,'rb'); $ostream = fopen('php://output','wb'); if($istream && $ostream) { pipe_streams($istream,$ostream); diff --git a/mod/connedit.php b/mod/connedit.php index 877c12dc7..9c46fa999 100644 --- a/mod/connedit.php +++ b/mod/connedit.php @@ -177,16 +177,21 @@ function connedit_post(&$a) { if(($_REQUEST['pending']) && intval($orig_record[0]['abook_pending'])) { $new_friend = true; - if(! $abook_my_perms) { - $abook_my_perms = get_channel_default_perms(local_channel()); + // @fixme it won't be common, but when you accept a new connection request + // the permissions will now be that of your permissions role and ignore + // any you may have set manually on the form. We'll probably see a bug if somebody + // tries to set the permissions *and* approve the connection in the same + // request. The workaround is to approve the connection, then go back and + // adjust permissions as desired. - $role = get_pconfig(local_channel(),'system','permissions_role'); - if($role) { - $x = get_role_perms($role); - if($x['perms_accept']) - $abook_my_perms = $x['perms_accept']; - } + $abook_my_perms = get_channel_default_perms(local_channel()); + + $role = get_pconfig(local_channel(),'system','permissions_role'); + if($role) { + $x = get_role_perms($role); + if($x['perms_accept']) + $abook_my_perms = $x['perms_accept']; } } @@ -661,6 +666,10 @@ function connedit_content(&$a) { if($locs) { foreach($locs as $l) { + if(!($l['location'])) + continue; + if(strpos($locstr,$l['location']) !== false) + continue; if(strlen($locstr)) $locstr .= ', '; $locstr .= $l['location']; |