diff options
| -rw-r--r-- | include/conversation.php | 2 | ||||
| -rw-r--r-- | mod/editwebpage.php | 9 | ||||
| -rw-r--r-- | mod/webpages.php | 4 |
3 files changed, 12 insertions, 3 deletions
diff --git a/include/conversation.php b/include/conversation.php index 5ae2250a8..19c5bda14 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1637,7 +1637,7 @@ function profile_tabs($a, $is_owner = false, $nickname = null){ ); } - if ($is_owner && feature_enabled($uid,'webpages')) { + if ($p['write_pages'] && feature_enabled($uid,'webpages')) { $tabs[] = array( 'label' => t('Webpages'), 'url' => $a->get_baseurl() . '/webpages/' . $nickname, diff --git a/mod/editwebpage.php b/mod/editwebpage.php index a7564a126..a1918741b 100644 --- a/mod/editwebpage.php +++ b/mod/editwebpage.php @@ -90,11 +90,18 @@ function editwebpage_content(&$a) { // We've already figured out which item we want and whose copy we need, // so we don't need anything fancy here - $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", + $sql_extra = item_permissions_sql($owner); + + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s $sql_extra LIMIT 1", intval($post_id), intval($owner) ); + if(! $itm) { + notice( t('Permission denied.') . EOL); + return; + } + if($itm[0]['item_flags'] & ITEM_OBSCURED) { $key = get_config('system','prvkey'); if($itm[0]['title']) diff --git a/mod/webpages.php b/mod/webpages.php index 615969d78..44b4ee561 100644 --- a/mod/webpages.php +++ b/mod/webpages.php @@ -131,8 +131,10 @@ function webpages_content(&$a) { // so just list titles and an edit link. /** @TODO - this should be replaced with pagelist_widget */ + $sql_extra = item_permissions_sql($owner); + $r = q("select * from item_id left join item on item_id.iid = item.id - where item_id.uid = %d and service = 'WEBPAGE' order by item.created desc", + where item_id.uid = %d and service = 'WEBPAGE' $sql_extra order by item.created desc", intval($owner) ); |