diff options
-rw-r--r-- | include/socgraph.php | 2 | ||||
-rw-r--r-- | mod/poco.php | 20 | ||||
-rw-r--r-- | version.inc | 2 |
3 files changed, 16 insertions, 8 deletions
diff --git a/include/socgraph.php b/include/socgraph.php index dd7fa90d4..b6d32e52d 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -37,7 +37,7 @@ function poco_load($xchan = null,$url = null) { } - $url = $url . '?fields=displayName,hash,urls,photos' ; + $url = $url . '?f=&fields=displayName,hash,urls,photos' ; logger('poco_load: ' . $url, LOGGER_DEBUG); diff --git a/mod/poco.php b/mod/poco.php index 86b300c61..384c19f8f 100644 --- a/mod/poco.php +++ b/mod/poco.php @@ -4,8 +4,10 @@ function poco_init(&$a) { $system_mode = false; - if(intval(get_config('system','block_public'))) + if(intval(get_config('system','block_public')) && (! local_user()) && (! remote_user())) { + logger('mod_poco: block_public'); http_status_exit(401); + } $observer = $a->get_observer(); @@ -14,8 +16,10 @@ function poco_init(&$a) { } if(! x($user)) { $c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = 1"); - if(! $c) + if(! $c) { + logger('mod_poco: system mode. No candidates.', LOGGER_DEBUG); http_status_exit(401); + } $system_mode = true; } @@ -35,19 +39,23 @@ function poco_init(&$a) { if(argc() > 4 && intval(argv(4)) && $justme == false) $cid = intval(argv(4)); - if(! $system_mode) { $r = q("SELECT channel.channel_id from channel where channel_address = '%s' limit 1", dbesc($user) ); - if(! $r) + if(! $r) { + logger('mod_poco: user mode. Account not found. ' . $user); http_status_exit(404); + } $channel_id = $r[0]['channel_id']; + $ohash = (($observer) ? $observer['xchan_hash'] : ''); - if(! perm_is_allowed($channel_id,(($observer) ? $observer['xchan_hash'] : ''),'view_contacts')) - http_status_exit(404); + if(! perm_is_allowed($channel_id,$ohash,'view_contacts')) { + logger('mod_poco: user mode. Permission denied for ' . $ohash . ' user: ' . $user); + http_status_exit(401); + } } diff --git a/version.inc b/version.inc index 7c178802d..345bfe160 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2013-01-27.213 +2013-01-28.214 |