aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/security.php')
-rw-r--r--include/security.php17
1 files changed, 10 insertions, 7 deletions
diff --git a/include/security.php b/include/security.php
index 630690f9e..cb1077049 100644
--- a/include/security.php
+++ b/include/security.php
@@ -3,15 +3,18 @@
function can_write_wall(&$a,$owner) {
if((! (local_user())) && (! (remote_user())))
return false;
- if((local_user()) && ($_SESSION['uid'] == $owner))
+ $uid = get_uid();
+ if(($uid) && ($uid === $owner))
return true;
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `id` = %d AND `blocked` = 0 AND `pending` = 0
- AND `readonly` = 0 AND `rel` IN ( %d , %d ) LIMIT 1",
- intval($owner),
- intval($_SESSION['visitor_id']),
- intval(REL_VIP),
- intval(REL_BUD)
+ $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid`
+ WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+ AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page_flags` = %d ) LIMIT 1",
+ intval($owner),
+ intval($_SESSION['visitor_id']),
+ intval(REL_VIP),
+ intval(REL_BUD),
+ intval(PAGE_COMMUNITY)
);
if(count($r))
return true;