diff options
-rw-r--r-- | include/items.php | 9 | ||||
-rw-r--r-- | include/security.php | 26 |
2 files changed, 19 insertions, 16 deletions
diff --git a/include/items.php b/include/items.php index d407b4797..fc68f185f 100644 --- a/include/items.php +++ b/include/items.php @@ -909,14 +909,14 @@ function consume_feed($xml,$importer,$contact, &$hub, $datedir = 0) { // FIXME update content if 'updated' changes if(count($r)) { $allow = $item->get_item_tags( NAMESPACE_DFRN, 'comment-allow'); - if($allow && $allow[0]['data'] != $r[0]['last-child']) { + if((($allow) && ($allow[0]['data'] != $r[0]['last-child'])) || ($contact['network'] !== 'dfrn')) { $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc($parent_uri), intval($importer['uid']) ); $r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", - intval($allow[0]['data']), + intval((($allow) ? $allow[0]['data'] : 1)), dbesc(datetime_convert()), dbesc($item_id), intval($importer['uid']) @@ -977,8 +977,9 @@ function consume_feed($xml,$importer,$contact, &$hub, $datedir = 0) { if($contact['network'] === 'stat') { if(strlen($datarray['title'])) unset($datarray['title']); - if(($contact['rel'] == REL_VIP) || ($contact['rel'] == REL_BUD)) - $datarray['last-child'] = 1; +// if(($contact['rel'] == REL_VIP) || ($contact['rel'] == REL_BUD)) +// basically allow comments to/from any OStatus contact, unless blocked by readonly + $datarray['last-child'] = 1; } $datarray['parent-uri'] = $item_id; $datarray['uid'] = $importer['uid']; diff --git a/include/security.php b/include/security.php index 2fd4f46e3..f37603916 100644 --- a/include/security.php +++ b/include/security.php @@ -10,19 +10,21 @@ function can_write_wall(&$a,$owner) { return true; } - $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` - WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d OR (`contact`.`network` = 'stat' AND `contact`.rel` = %d)) LIMIT 1", - intval($owner), - intval($_SESSION['visitor_id']), - intval(REL_VIP), - intval(REL_BUD), - intval(PAGE_COMMUNITY), - intval(REL_FAN) - ); + if(remote_user()) { + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` + WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", + intval($owner), + intval(remote_user()), + intval(REL_VIP), + intval(REL_BUD), + intval(PAGE_COMMUNITY) + ); + } + if(count($r)) + return true; - if(count($r)) - return true; + return false; } |