diff options
-rwxr-xr-x | include/security.php | 4 | ||||
-rwxr-xr-x | mod/display.php | 3 |
2 files changed, 3 insertions, 4 deletions
diff --git a/include/security.php b/include/security.php index 6b8128bdd..c04491570 100755 --- a/include/security.php +++ b/include/security.php @@ -159,6 +159,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { AND allow_gid = '' AND deny_cid = '' AND deny_gid = '' + AND private = 0 "; /** @@ -199,10 +200,11 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { } $sql = sprintf( - " AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) + " AND (( allow_cid = '' OR allow_cid REGEXP '<%d>' ) AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) AND ( allow_gid = '' OR allow_gid REGEXP '%s' ) AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s') + OR private = 0 ) ", intval($remote_user), intval($remote_user), diff --git a/mod/display.php b/mod/display.php index 00f8b503a..f510f793d 100755 --- a/mod/display.php +++ b/mod/display.php @@ -87,9 +87,6 @@ function display_content(&$a) { $sql_extra = permissions_sql($a->profile['uid'],$remote_contact,$groups); - if(! local_user() && ! remote_user()) - $sql_extra .= " and `item`.`private` = 0 "; - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, |