aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xinclude/security.php4
-rwxr-xr-xmod/display.php3
2 files changed, 3 insertions, 4 deletions
diff --git a/include/security.php b/include/security.php
index 6b8128bdd..c04491570 100755
--- a/include/security.php
+++ b/include/security.php
@@ -159,6 +159,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
AND allow_gid = ''
AND deny_cid = ''
AND deny_gid = ''
+ AND private = 0
";
/**
@@ -199,10 +200,11 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
}
$sql = sprintf(
- " AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' )
+ " AND (( allow_cid = '' OR allow_cid REGEXP '<%d>' )
AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' )
AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s')
+ OR private = 0 )
",
intval($remote_user),
intval($remote_user),
diff --git a/mod/display.php b/mod/display.php
index 00f8b503a..f510f793d 100755
--- a/mod/display.php
+++ b/mod/display.php
@@ -87,9 +87,6 @@ function display_content(&$a) {
$sql_extra = permissions_sql($a->profile['uid'],$remote_contact,$groups);
- if(! local_user() && ! remote_user())
- $sql_extra .= " and `item`.`private` = 0 ";
-
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,