1 files changed, 37 insertions, 25 deletions

diff --git a/include/security.php b/include/security.php
index b49ceec0d..450cc4f69 100644
--- a/include/security.php
+++ b/include/security.php
@@ -114,9 +114,9 @@ function atoken_xchan($atoken) {
 			'atoken_id' => $atoken['atoken_id'],
 			'xchan_hash' =>  substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'],
 			'xchan_name' => $atoken['atoken_name'],
-			'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(),
+			'xchan_addr' => 'guest:' . $atoken['atoken_name'] . '@' . \App::get_hostname(),
 			'xchan_network' => 'unknown',
-			'xchan_url' => z_root(),
+			'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'],
 			'xchan_hidden' => 1,
 			'xchan_photo_mimetype' => 'image/jpeg',
 			'xchan_photo_l' => get_default_profile_photo(300),
@@ -467,7 +467,6 @@ function scopes_sql($uid,$observer) {
  */
 function public_permissions_sql($observer_hash) {
 
-	//$observer = App::get_observer();
 	$groups = init_groups_visitor($observer_hash);
 
 	$gs = '<<>>'; // should be impossible to match
@@ -597,18 +596,24 @@ function stream_perms_api_uids($perms = NULL, $limit = 0, $rand = 0 ) {
 	$random_sql = (($rand) ? " ORDER BY " . db_getfunc('RAND') . " " : '');
 	if(local_channel())
 		$ret[] = local_channel();
-	$x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
-		intval($perms)
-	);
+	$x = q("select uid, v from pconfig where cat = 'perm_limits' and k = 'view_stream' ");
 	if($x) {
-		$ids = ids_to_querystr($x,'uid');
-		$r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
-			intval(PAGE_ADULT|PAGE_CENSORED)
-		);
-		if($r) {
-			foreach($r as $rr)
-				if(! in_array($rr['channel_id'], $ret))
-					$ret[] = $rr['channel_id'];
+		$y = [];
+		foreach($x as $xv) {
+			if(intval($xv['v']) & $perms) {
+				$y[] = $xv;
+			}
+		}
+		if($y) {		
+			$ids = ids_to_querystr($y,'uid');
+			$r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
+				intval(PAGE_ADULT|PAGE_CENSORED)
+			);
+			if($r) {
+				foreach($r as $rr)
+					if(! in_array($rr['channel_id'], $ret))
+						$ret[] = $rr['channel_id'];
+			}
 		}
 	}
 
@@ -635,19 +640,26 @@ function stream_perms_xchans($perms = NULL ) {
 	if(local_channel())
 		$ret[] = get_observer_hash();
 
-	$x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
-		intval($perms)
-	);
+	$x = q("select uid, v from pconfig where cat = 'perm_limits' and k = 'view_stream' ");
 	if($x) {
-		$ids = ids_to_querystr($x,'uid');
-		$r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ",
-			intval(PAGE_ADULT|PAGE_CENSORED)
-		);
+		$y = [];
+		foreach($x as $xv) {
+			if(intval($xv['v']) & $perms) {
+				$y[] = $xv;
+			}
+		}
+		if($y) {		
+			$ids = ids_to_querystr($y,'uid');
 
-		if($r) {
-			foreach($r as $rr)
-				if(! in_array($rr['channel_hash'], $ret))
-					$ret[] = $rr['channel_hash'];
+			$r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ",
+				intval(PAGE_ADULT|PAGE_CENSORED)
+			);
+
+			if($r) {
+				foreach($r as $rr)
+					if(! in_array($rr['channel_hash'], $ret))
+						$ret[] = $rr['channel_hash'];
+			}
 		}
 	}
 	$str = '';