aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/socgraph.php2
-rw-r--r--mod/poco.php20
-rw-r--r--version.inc2
3 files changed, 16 insertions, 8 deletions
diff --git a/include/socgraph.php b/include/socgraph.php
index dd7fa90d4..b6d32e52d 100644
--- a/include/socgraph.php
+++ b/include/socgraph.php
@@ -37,7 +37,7 @@ function poco_load($xchan = null,$url = null) {
}
- $url = $url . '?fields=displayName,hash,urls,photos' ;
+ $url = $url . '?f=&fields=displayName,hash,urls,photos' ;
logger('poco_load: ' . $url, LOGGER_DEBUG);
diff --git a/mod/poco.php b/mod/poco.php
index 86b300c61..384c19f8f 100644
--- a/mod/poco.php
+++ b/mod/poco.php
@@ -4,8 +4,10 @@ function poco_init(&$a) {
$system_mode = false;
- if(intval(get_config('system','block_public')))
+ if(intval(get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
+ logger('mod_poco: block_public');
http_status_exit(401);
+ }
$observer = $a->get_observer();
@@ -14,8 +16,10 @@ function poco_init(&$a) {
}
if(! x($user)) {
$c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = 1");
- if(! $c)
+ if(! $c) {
+ logger('mod_poco: system mode. No candidates.', LOGGER_DEBUG);
http_status_exit(401);
+ }
$system_mode = true;
}
@@ -35,19 +39,23 @@ function poco_init(&$a) {
if(argc() > 4 && intval(argv(4)) && $justme == false)
$cid = intval(argv(4));
-
if(! $system_mode) {
$r = q("SELECT channel.channel_id from channel where channel_address = '%s' limit 1",
dbesc($user)
);
- if(! $r)
+ if(! $r) {
+ logger('mod_poco: user mode. Account not found. ' . $user);
http_status_exit(404);
+ }
$channel_id = $r[0]['channel_id'];
+ $ohash = (($observer) ? $observer['xchan_hash'] : '');
- if(! perm_is_allowed($channel_id,(($observer) ? $observer['xchan_hash'] : ''),'view_contacts'))
- http_status_exit(404);
+ if(! perm_is_allowed($channel_id,$ohash,'view_contacts')) {
+ logger('mod_poco: user mode. Permission denied for ' . $ohash . ' user: ' . $user);
+ http_status_exit(401);
+ }
}
diff --git a/version.inc b/version.inc
index 7c178802d..345bfe160 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-01-27.213
+2013-01-28.214