From 8d5556764c8472184365a9377bb40c55e97de5ae Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Mon, 28 Sep 2015 20:03:11 -0700
Subject: add one more level of parentheses to ensure operator precedence is
 correctly evaluated

---
 include/security.php | 4 ++--
 mod/channel.php      | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/security.php b/include/security.php
index 03e03ad40..9a25d9e0e 100644
--- a/include/security.php
+++ b/include/security.php
@@ -258,9 +258,9 @@ function item_permissions_sql($owner_id, $remote_observer = null) {
 			}
 			$regexop = db_getfunc('REGEXP');
 			$sql = sprintf(
-				" AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
+				" AND (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
 				  AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ))
-				  ) OR ( item_private = 1 $s )
+				  ) OR ( item_private = 1 $s ))
 				",
 				dbesc(protect_sprintf( '%<' . $observer . '>%')),
 				dbesc($gs),
diff --git a/mod/channel.php b/mod/channel.php
index f582eaf75..6a6b35d46 100644
--- a/mod/channel.php
+++ b/mod/channel.php
@@ -161,7 +161,7 @@ function channel_content(&$a, $update = 0, $load = false) {
 		$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' )  OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) ";
 	if($load)
 		$simple_update = '';
-
+dbg(1);
 	if(($update) && (! $load)) {
 		if ($mid) {
 			$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal
@@ -259,7 +259,7 @@ function channel_content(&$a, $update = 0, $load = false) {
 	}
 
 
-
+dbg(0);
 
 
 	if((! $update) && (! $load)) {
-- 
cgit v1.2.3