diff options
-rw-r--r-- | include/security.php | 4 | ||||
-rw-r--r-- | mod/channel.php | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/include/security.php b/include/security.php index 03e03ad40..9a25d9e0e 100644 --- a/include/security.php +++ b/include/security.php @@ -258,9 +258,9 @@ function item_permissions_sql($owner_id, $remote_observer = null) { } $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') + " AND (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 )) - ) OR ( item_private = 1 $s ) + ) OR ( item_private = 1 $s )) ", dbesc(protect_sprintf( '%<' . $observer . '>%')), dbesc($gs), diff --git a/mod/channel.php b/mod/channel.php index f582eaf75..6a6b35d46 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -161,7 +161,7 @@ function channel_content(&$a, $update = 0, $load = false) { $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) "; if($load) $simple_update = ''; - +dbg(1); if(($update) && (! $load)) { if ($mid) { $r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal @@ -259,7 +259,7 @@ function channel_content(&$a, $update = 0, $load = false) { } - +dbg(0); if((! $update) && (! $load)) { |