diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/security.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/security.php b/include/security.php index bad39d805..0c3dc29d6 100644 --- a/include/security.php +++ b/include/security.php @@ -260,7 +260,7 @@ function item_permissions_sql($owner_id, $remote_observer = null) { $regexop = db_getfunc('REGEXP'); $sql = sprintf( " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') - AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) ) ) ", dbesc(protect_sprintf( '%<' . $observer . '>%')), @@ -295,7 +295,7 @@ function public_permissions_sql($observer_hash) { $regexop = db_getfunc('REGEXP'); $sql = sprintf( " OR (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') - AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) ) )) ", dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), |