aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-01-10 00:58:53 -0800
committerfriendica <info@friendica.com>2014-01-10 00:58:53 -0800
commit0fef87cb43376289c39ddb0e30ee7a35fa97086d (patch)
tree2bfd271aa66d8ee2d3c1dcce741fbf7e8ad8c473 /mod
parent13d0a914c7b6e053c19e34f74f6f30ed030487ae (diff)
downloadvolse-hubzilla-0fef87cb43376289c39ddb0e30ee7a35fa97086d.tar.gz
volse-hubzilla-0fef87cb43376289c39ddb0e30ee7a35fa97086d.tar.bz2
volse-hubzilla-0fef87cb43376289c39ddb0e30ee7a35fa97086d.zip
security fix for channel?mid= per zottel
Diffstat (limited to 'mod')
-rw-r--r--mod/channel.php6
1 files changed, 4 insertions, 2 deletions
diff --git a/mod/channel.php b/mod/channel.php
index 20f6fec18..dac4ba2bf 100644
--- a/mod/channel.php
+++ b/mod/channel.php
@@ -135,9 +135,11 @@ function channel_content(&$a, $update = 0, $load = false) {
if(($update) && (! $load)) {
if ($mid) {
- $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d $sql_extra limit 1",
+ $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0
+ AND (item_flags & %d) $sql_extra limit 1",
dbesc($mid),
- intval($a->profile['profile_uid'])
+ intval($a->profile['profile_uid']),
+ intval(ITEM_WALL)
);
} else {
$r = q("SELECT distinct parent AS `item_id` from item