diff options
-rw-r--r-- | boot.php | 2 | ||||
-rw-r--r-- | include/security.php | 6 |
2 files changed, 6 insertions, 2 deletions
@@ -1027,7 +1027,7 @@ function photo_new_resource() { if(! function_exists('get_uid')) { function get_uid() { - return ((x($_SESSION,'uid')) ? intval($_SESSION['uid']) : 0) ; + return local_user(); }} // Take a URL from the wild, prepend http:// if necessary diff --git a/include/security.php b/include/security.php index ae161b4a4..1e0107dcc 100644 --- a/include/security.php +++ b/include/security.php @@ -1,11 +1,14 @@ <?php function can_write_wall(&$a,$owner) { + if((! (local_user())) && (! (remote_user()))) return false; $uid = get_uid(); - if(($uid) && ($uid === $owner)) + + if(($uid) && ($uid === $owner)) { return true; + } $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 @@ -16,6 +19,7 @@ function can_write_wall(&$a,$owner) { intval(REL_BUD), intval(PAGE_COMMUNITY) ); + if(count($r)) return true; return false; |