aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/security.php24
1 files changed, 11 insertions, 13 deletions
diff --git a/include/security.php b/include/security.php
index 4af46c257..44cd605dc 100644
--- a/include/security.php
+++ b/include/security.php
@@ -564,17 +564,6 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f
function init_groups_visitor($contact_id) {
$groups = [];
- // private profiles are treated as a virtual group
-
- $r = q("SELECT abook_profile from abook where abook_xchan = '%s' and abook_profile != '' ",
- dbesc($contact_id)
- );
- if($r) {
- foreach($r as $rv) {
- $groups[] = 'vp.' . $rv['abook_profile'];
- }
- }
-
$x = q("select * from xchan where xchan_hash = '%s'",
dbesc($contact_id)
);
@@ -594,10 +583,19 @@ function init_groups_visitor($contact_id) {
if($xchans) {
$hashes = ids_to_querystr($xchans,'xchan_hash',true);
}
-
+
+ // private profiles are treated as a virtual group
+
+ $r = q("SELECT abook_profile from abook where abook_xchan in ( " . protect_sprintf($hashes) . " ) and abook_profile != '' ");
+ if($r) {
+ foreach($r as $rv) {
+ $groups[] = 'vp.' . $rv['abook_profile'];
+ }
+ }
+
// physical groups this identity is a member of
- $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) " );
+ $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) ");
if($r) {
foreach($r as $rr)
$groups[] = $rr['hash'];