diff options
| -rw-r--r-- | Zotlabs/Module/Getfile.php | 6 | ||||
| -rw-r--r-- | include/attach.php | 8 |
2 files changed, 7 insertions, 7 deletions
diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 12c1d0842..3d859d94b 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -30,9 +30,9 @@ class Getfile extends \Zotlabs\Web\Controller { logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO); - $hash = $_POST['hash']; - $time = $_POST['time']; - $sig = $_POST['signature']; + $hash = $_POST['hash']; + $time = $_POST['time']; + $sig = $_POST['signature']; $resource = $_POST['resource']; $revision = intval($_POST['revision']); diff --git a/include/attach.php b/include/attach.php index 8fa46a8b1..3d55b3bcb 100644 --- a/include/attach.php +++ b/include/attach.php @@ -254,7 +254,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { return $ret; } - $sql_extra = permissions_sql($r[0]['uid']); + $sql_extra = permissions_sql($r[0]['uid'],$observer_hash); // Now we'll see if we can access the attachment @@ -269,7 +269,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { } if($r[0]['folder']) { - $x = attach_can_view_folder($r[0]['uid'],get_observer_hash(),$r[0]['folder']); + $x = attach_can_view_folder($r[0]['uid'],$observer_hash,$r[0]['folder']); if(! $x) { $ret['message'] = t('Permission denied.'); return $ret; @@ -340,7 +340,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { return $ret; } - $sql_extra = permissions_sql($r[0]['uid']); + $sql_extra = permissions_sql($r[0]['uid'],$observer_hash); // Now we'll see if we can access the attachment @@ -355,7 +355,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { } if($r[0]['folder']) { - $x = attach_can_view_folder($r[0]['uid'],get_observer_hash(),$r[0]['folder']); + $x = attach_can_view_folder($r[0]['uid'],$observer_hash,$r[0]['folder']); if(! $x) { $ret['message'] = t('Permission denied.'); return $ret; |