diff options
-rw-r--r-- | include/security.php | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/include/security.php b/include/security.php index 4af46c257..44cd605dc 100644 --- a/include/security.php +++ b/include/security.php @@ -564,17 +564,6 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f function init_groups_visitor($contact_id) { $groups = []; - // private profiles are treated as a virtual group - - $r = q("SELECT abook_profile from abook where abook_xchan = '%s' and abook_profile != '' ", - dbesc($contact_id) - ); - if($r) { - foreach($r as $rv) { - $groups[] = 'vp.' . $rv['abook_profile']; - } - } - $x = q("select * from xchan where xchan_hash = '%s'", dbesc($contact_id) ); @@ -594,10 +583,19 @@ function init_groups_visitor($contact_id) { if($xchans) { $hashes = ids_to_querystr($xchans,'xchan_hash',true); } - + + // private profiles are treated as a virtual group + + $r = q("SELECT abook_profile from abook where abook_xchan in ( " . protect_sprintf($hashes) . " ) and abook_profile != '' "); + if($r) { + foreach($r as $rv) { + $groups[] = 'vp.' . $rv['abook_profile']; + } + } + // physical groups this identity is a member of - $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) " ); + $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) "); if($r) { foreach($r as $rr) $groups[] = $rr['hash']; |