From 595cb13d8f2793fcefdc1566715848479460e479 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Mon, 6 Mar 2017 15:33:10 -0800
Subject: correct fix for wiki anonymous read issue (items_permissions_sql
 checks item.public_policy which was set for posts, not wikis)

---
 Zotlabs/Lib/NativeWikiPage.php | 12 ++++--------
 include/items.php              |  3 ++-
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php
index e9f8a32c9..941ade90c 100644
--- a/Zotlabs/Lib/NativeWikiPage.php
+++ b/Zotlabs/Lib/NativeWikiPage.php
@@ -64,6 +64,8 @@ class NativeWikiPage {
 		$arr['deny_cid']      = $w['wiki']['deny_cid'];
 		$arr['deny_gid']      = $w['wiki']['deny_gid'];
 
+		$arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel_id,'view_wiki'),true);
+
 		// We may wish to change this some day.
 		$arr['item_unpublished'] = 1;
 
@@ -232,10 +234,7 @@ class NativeWikiPage {
 			}
 		}
 
-		$sql_extra = '';
-
-		if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid'])
-			$sql_extra .= item_permissions_sql($channel_id,$observer_hash);
+		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
 
 		if($revision == (-1))
 			$sql_extra .= " order by revision desc ";
@@ -288,10 +287,7 @@ class NativeWikiPage {
 			}
 		}
 
-		$sql_extra = '';
-
-		if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid'])
-			$sql_extra .= item_permissions_sql($channel_id,$observer_hash);
+		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
 
 		$sql_extra .= " order by revision desc ";
 
diff --git a/include/items.php b/include/items.php
index 6d21953a9..a297a1090 100755
--- a/include/items.php
+++ b/include/items.php
@@ -328,7 +328,8 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) {
 		return $ret;
 	}
 
-	$arr['public_policy'] = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true));
+	$arr['public_policy'] = ((array_key_exists('public_policy',$arr)) ? escape_tags($arr['public_policy']) : map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true));
+
 	if($arr['public_policy'])
 		$arr['item_private'] = 1;
 
-- 
cgit v1.2.3