aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xinclude/items.php7
-rw-r--r--mod/acl.php17
2 files changed, 16 insertions, 8 deletions
diff --git a/include/items.php b/include/items.php
index 898fc9ff8..4a560afc9 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1306,6 +1306,13 @@ function item_store($arr,$force_parent = false) {
return 0;
}
+ // Don't let anybody set these, either intentionally or accidentally
+
+ if(array_key_exists('id',$arr))
+ unset($arr['id']);
+ if(array_key_exists('parent',$arr))
+ unset($arr['parent']);
+
$arr['lang'] = detect_language($arr['body']);
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
diff --git a/mod/acl.php b/mod/acl.php
index df6de13b2..382d9d90c 100644
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -60,16 +60,17 @@ function acl_init(&$a){
// autocomplete for Private Messages
- $r = q("SELECT COUNT(`id`) AS c FROM `contact`
- WHERE `uid` = %d AND `self` = 0
- AND `blocked` = 0 AND `pending` = 0 AND `archive` = 0
- AND `network` IN ('%s','%s','%s') $sql_extra2" ,
+
+ $r = q("SELECT count xchan_hash as c
+ FROM abook left join xchan on abook_xchan = xchan_hash
+ WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d ))
+ $sql_extra2 ",
intval(local_user()),
- dbesc(NETWORK_DFRN),
- dbesc(NETWORK_ZOT),
- dbesc(NETWORK_DIASPORA)
+ intval(PERMS_W_MAIL)
);
- $contact_count = (int)$r[0]['c'];
+
+ if($r)
+ $contact_count = (int)$r[0]['c'];
}
elseif ($type == 'a') {