diff options
Diffstat (limited to 'include/zot.php')
-rw-r--r-- | include/zot.php | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/include/zot.php b/include/zot.php index 853c8eb9e..96ec71112 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1782,7 +1782,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $result[] = $DR->get(); } else { - update_imported_item($sender,$arr,$r[0],$channel['channel_id']); + update_imported_item($sender,$arr,$r[0],$channel['channel_id'],$tag_delivery); $DR->update('updated'); $result[] = $DR->get(); if(! $relay) @@ -1930,7 +1930,7 @@ function remove_community_tag($sender, $arr, $uid) { * @param int $uid */ -function update_imported_item($sender, $item, $orig, $uid) { +function update_imported_item($sender, $item, $orig, $uid, $tag_delivery) { // If this is a comment being updated, remove any privacy information // so that item_store_update will set it from the original. @@ -1943,6 +1943,15 @@ function update_imported_item($sender, $item, $orig, $uid) { unset($item['item_private']); } + // we need the tag_delivery check for downstream flowing posts as the stored post + // may have a different owner than the one being transmitted. + + if(($sender['hash'] != $orig['owner_xchan'] && $sender['hash'] != $orig['author_xchan']) && (! $tag_delivery)) { + notice('sender is not owner or author'); + return; + } + + $x = item_store_update($item); // If we're updating an event that we've saved locally, we store the item info first |