aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/security.php')
-rw-r--r--include/security.php18
1 files changed, 11 insertions, 7 deletions
diff --git a/include/security.php b/include/security.php
index ee94dba82..215cc92cb 100644
--- a/include/security.php
+++ b/include/security.php
@@ -148,7 +148,7 @@ function change_channel($change_channel) {
* @return string additional SQL where statement
*/
-function permissions_sql($owner_id, $remote_observer = null) {
+function permissions_sql($owner_id, $remote_observer = null, $table = '') {
$local_channel = local_channel();
@@ -158,10 +158,14 @@ function permissions_sql($owner_id, $remote_observer = null) {
* default permissions - anonymous user
*/
- $sql = " AND allow_cid = ''
- AND allow_gid = ''
- AND deny_cid = ''
- AND deny_gid = ''
+ if($table)
+ $table .= '.';
+
+
+ $sql = " AND {$table}allow_cid = ''
+ AND {$table}allow_gid = ''
+ AND {$table}deny_cid = ''
+ AND {$table}deny_gid = ''
";
/**
@@ -193,8 +197,8 @@ function permissions_sql($owner_id, $remote_observer = null) {
}
$regexop = db_getfunc('REGEXP');
$sql = sprintf(
- " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
- AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
+ " AND ( NOT ({$table}deny_cid like '%s' OR {$table}deny_gid $regexop '%s')
+ AND ( {$table}allow_cid like '%s' OR {$table}allow_gid $regexop '%s' OR ( {$table}allow_cid = '' AND {$table}allow_gid = '') )
)
",
dbesc(protect_sprintf( '%<' . $observer . '>%')),