diff options
| -rwxr-xr-x | include/items.php | 7 | ||||
| -rw-r--r-- | mod/acl.php | 17 |
2 files changed, 16 insertions, 8 deletions
diff --git a/include/items.php b/include/items.php index 898fc9ff8..4a560afc9 100755 --- a/include/items.php +++ b/include/items.php @@ -1306,6 +1306,13 @@ function item_store($arr,$force_parent = false) { return 0; } + // Don't let anybody set these, either intentionally or accidentally + + if(array_key_exists('id',$arr)) + unset($arr['id']); + if(array_key_exists('parent',$arr)) + unset($arr['parent']); + $arr['lang'] = detect_language($arr['body']); $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages'); diff --git a/mod/acl.php b/mod/acl.php index df6de13b2..382d9d90c 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -60,16 +60,17 @@ function acl_init(&$a){ // autocomplete for Private Messages - $r = q("SELECT COUNT(`id`) AS c FROM `contact` - WHERE `uid` = %d AND `self` = 0 - AND `blocked` = 0 AND `pending` = 0 AND `archive` = 0 - AND `network` IN ('%s','%s','%s') $sql_extra2" , + + $r = q("SELECT count xchan_hash as c + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )) + $sql_extra2 ", intval(local_user()), - dbesc(NETWORK_DFRN), - dbesc(NETWORK_ZOT), - dbesc(NETWORK_DIASPORA) + intval(PERMS_W_MAIL) ); - $contact_count = (int)$r[0]['c']; + + if($r) + $contact_count = (int)$r[0]['c']; } elseif ($type == 'a') { |