aboutsummaryrefslogtreecommitdiffstats
path: root/include/zot.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/zot.php')
-rw-r--r--include/zot.php13
1 files changed, 11 insertions, 2 deletions
diff --git a/include/zot.php b/include/zot.php
index 853c8eb9e..96ec71112 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1782,7 +1782,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
$result[] = $DR->get();
}
else {
- update_imported_item($sender,$arr,$r[0],$channel['channel_id']);
+ update_imported_item($sender,$arr,$r[0],$channel['channel_id'],$tag_delivery);
$DR->update('updated');
$result[] = $DR->get();
if(! $relay)
@@ -1930,7 +1930,7 @@ function remove_community_tag($sender, $arr, $uid) {
* @param int $uid
*/
-function update_imported_item($sender, $item, $orig, $uid) {
+function update_imported_item($sender, $item, $orig, $uid, $tag_delivery) {
// If this is a comment being updated, remove any privacy information
// so that item_store_update will set it from the original.
@@ -1943,6 +1943,15 @@ function update_imported_item($sender, $item, $orig, $uid) {
unset($item['item_private']);
}
+ // we need the tag_delivery check for downstream flowing posts as the stored post
+ // may have a different owner than the one being transmitted.
+
+ if(($sender['hash'] != $orig['owner_xchan'] && $sender['hash'] != $orig['author_xchan']) && (! $tag_delivery)) {
+ notice('sender is not owner or author');
+ return;
+ }
+
+
$x = item_store_update($item);
// If we're updating an event that we've saved locally, we store the item info first