bug #38 posts and photos only visible to friends if so configured

2 files changed, 17 insertions, 5 deletions

diff --git a/mod/photos.php b/mod/photos.php
index 89fef2ee8..1fb6ee581 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -722,6 +722,8 @@ function photos_content(&$a) {
 
 	$owner_uid = $a->data['user']['uid'];
 
+
+
 	$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
 
 	if((local_user()) && (local_user() == $owner_uid))
@@ -763,6 +765,15 @@ function photos_content(&$a) {
 		}
 	}
 
+	$r = q("SELECT `hidewall` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1",
+		intval($owner_uid)
+	);
+
+	if(count($r) && $r[0]['hidewall'] && (local_user() !== $owner_uid) && (! remote_contact)) {
+		notice( t('Access to this item is restricted.') . EOL);
+		return;
+	}
+
 	// default permissions - anonymous user
 
 	$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
diff --git a/mod/profile.php b/mod/profile.php
index 8d46d6c5b..4db548577 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -55,11 +55,6 @@ function profile_content(&$a, $update = 0) {
 		return login();
 	}
 
-	if($a->profile['hidewall'] && (! local_user()) && (! remote_user())) {
-		notice( t('Access to this profile has been restricted.') . EOL);
-		return;
-	}
-
 	require_once("include/bbcode.php");
 	require_once('include/security.php');
 	require_once('include/conversation.php');
@@ -102,6 +97,12 @@ function profile_content(&$a, $update = 0) {
 	}
 
 	$is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false);
+
+	if($a->profile['hidewall'] && (! $is_owner) && (! remote_contact)) {
+		notice( t('Access to this profile has been restricted.') . EOL);
+		return;
+	}
+
 	
 	if(! $update) {
 		if(x($_GET,'tab'))