aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/security.php')
-rw-r--r--include/security.php22
1 files changed, 14 insertions, 8 deletions
diff --git a/include/security.php b/include/security.php
index 53161e427..aaf4eb050 100644
--- a/include/security.php
+++ b/include/security.php
@@ -311,7 +311,7 @@ function check_form_security_token_redirectOnErr($err_redirect, $typename = '',
}
function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') {
if (!check_form_security_token($typename, $formname)) {
- $a = get_app();
+ $a = get_app();
logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
header('HTTP/1.1 403 Forbidden');
@@ -342,19 +342,22 @@ function init_groups_visitor($contact_id) {
// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the
-// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in.
+// public_timeline, and we can use this in a community page by making
+// $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in.
// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility)
// We always include yourself if logged in because you can always see your own posts
// resolving granular permissions for the observer against every person and every post on the site
// will likely be too expensive.
// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query
-function stream_perms_api_uids($perms_min = PERMS_SITE) {
+function stream_perms_api_uids($perms = NULL ) {
+ $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms;
+
$ret = array();
if(local_user())
$ret[] = local_user();
- $r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)",
- intval($perms_min),
+ $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)",
+ intval($perms),
intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED)
);
if($r)
@@ -373,13 +376,15 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) {
return $str;
}
-function stream_perms_xchans($perms_min = PERMS_SITE) {
+function stream_perms_xchans($perms = NULL ) {
+ $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms;
+
$ret = array();
if(local_user())
$ret[] = get_observer_hash();
- $r = q("select channel_hash from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)",
- intval($perms_min),
+ $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)",
+ intval($perms),
intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED)
);
if($r)
@@ -397,3 +402,4 @@ function stream_perms_xchans($perms_min = PERMS_SITE) {
logger('stream_perms_xchans: ' . $str, LOGGER_DEBUG);
return $str;
}
+