diff options
| -rwxr-xr-x | include/security.php | 4 | ||||
| -rwxr-xr-x | mod/display.php | 7 |
2 files changed, 5 insertions, 6 deletions
diff --git a/include/security.php b/include/security.php index 6b8128bdd..c04491570 100755 --- a/include/security.php +++ b/include/security.php @@ -159,6 +159,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { AND allow_gid = '' AND deny_cid = '' AND deny_gid = '' + AND private = 0 "; /** @@ -199,10 +200,11 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { } $sql = sprintf( - " AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) + " AND (( allow_cid = '' OR allow_cid REGEXP '<%d>' ) AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) AND ( allow_gid = '' OR allow_gid REGEXP '%s' ) AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s') + OR private = 0 ) ", intval($remote_user), intval($remote_user), diff --git a/mod/display.php b/mod/display.php index 4f2e5ff9a..f510f793d 100755 --- a/mod/display.php +++ b/mod/display.php @@ -34,7 +34,7 @@ function display_content(&$a) { $contact = null; $remote_contact = false; -dbg(1); + if(remote_user()) { $contact_id = $_SESSION['visitor_id']; $groups = init_groups_visitor($contact_id); @@ -87,9 +87,6 @@ dbg(1); $sql_extra = permissions_sql($a->profile['uid'],$remote_contact,$groups); - if(! local_user() && ! remote_user()) - $sql_extra .= " and `item`.`private` = 0 "; - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, @@ -138,7 +135,7 @@ dbg(1); } } -dbg(0); + return $o; } |