diff options
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/item.php | 10 | ||||
| -rw-r--r-- | mod/network.php | 2 |
2 files changed, 10 insertions, 2 deletions
diff --git a/mod/item.php b/mod/item.php index 895784ff9..2ebb02869 100644 --- a/mod/item.php +++ b/mod/item.php @@ -153,11 +153,19 @@ function item_post(&$a) { } + $observer = $a->get_observer(); + + if($parent) { logger('mod_item: item_post parent=' . $parent); + if(! can_comment_on_post($observer['xchan_hash'],$parent_item)) { + notice( t('Permission denied.') . EOL) ; + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } } - $observer = $a->get_observer(); if(! perm_is_allowed($profile_uid,$observer['xchan_hash'],(($parent) ? 'post_comments' : 'post_wall'))) { notice( t('Permission denied.') . EOL) ; diff --git a/mod/network.php b/mod/network.php index 0d5f57a39..ac8c38290 100644 --- a/mod/network.php +++ b/mod/network.php @@ -446,7 +446,7 @@ function network_content(&$a, $update = 0, $load = false) { info( t('Group is empty')); } - $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str)) or allow_gid like '" . protect_sprintf('%<' . dbesc($r[0]['hash']) . '>%') . "' ) and item_restrict = 0 ) "; + $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str)) or allow_gid like '" . protect_sprintf('%<' . dbesc($r[0]['hash']) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; } |