From 595cb13d8f2793fcefdc1566715848479460e479 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 6 Mar 2017 15:33:10 -0800 Subject: correct fix for wiki anonymous read issue (items_permissions_sql checks item.public_policy which was set for posts, not wikis) --- Zotlabs/Lib/NativeWikiPage.php | 12 ++++-------- include/items.php | 3 ++- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index e9f8a32c9..941ade90c 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -64,6 +64,8 @@ class NativeWikiPage { $arr['deny_cid'] = $w['wiki']['deny_cid']; $arr['deny_gid'] = $w['wiki']['deny_gid']; + $arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel_id,'view_wiki'),true); + // We may wish to change this some day. $arr['item_unpublished'] = 1; @@ -232,10 +234,7 @@ class NativeWikiPage { } } - $sql_extra = ''; - - if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) - $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + $sql_extra = item_permissions_sql($channel_id,$observer_hash); if($revision == (-1)) $sql_extra .= " order by revision desc "; @@ -288,10 +287,7 @@ class NativeWikiPage { } } - $sql_extra = ''; - - if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) - $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + $sql_extra = item_permissions_sql($channel_id,$observer_hash); $sql_extra .= " order by revision desc "; diff --git a/include/items.php b/include/items.php index 6d21953a9..a297a1090 100755 --- a/include/items.php +++ b/include/items.php @@ -328,7 +328,8 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) { return $ret; } - $arr['public_policy'] = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true)); + $arr['public_policy'] = ((array_key_exists('public_policy',$arr)) ? escape_tags($arr['public_policy']) : map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'),true)); + if($arr['public_policy']) $arr['item_private'] = 1; -- cgit v1.2.3 From a18e8e1ede672f8733ef41250099880836efa7f7 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 6 Mar 2017 17:59:34 -0800 Subject: add public_policy to the nwiki container also. This should not affect the recent bug as presented, but is being added for consistency. --- Zotlabs/Lib/NativeWiki.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Zotlabs/Lib/NativeWiki.php b/Zotlabs/Lib/NativeWiki.php index 519102d24..7786ec25a 100644 --- a/Zotlabs/Lib/NativeWiki.php +++ b/Zotlabs/Lib/NativeWiki.php @@ -75,6 +75,8 @@ class NativeWiki { $arr['obj_type'] = ACTIVITY_OBJ_WIKI; $arr['body'] = '[table][tr][td][h1]New Wiki[/h1][/td][/tr][tr][td][zrl=' . $wiki_url . ']' . $wiki['htmlName'] . '[/zrl][/td][/tr][/table]'; + $arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_wiki'),true); + // Save the wiki name information using iconfig. This is shareable. if(! set_iconfig($arr, 'wiki', 'rawName', $wiki['rawName'], true)) { return array('item' => null, 'success' => false); -- cgit v1.2.3 From a037590ce30cd34e674a303659888af94a48be09 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 6 Mar 2017 21:01:17 -0800 Subject: allow post_activity_item to be passed an empty ACL without resetting to channel default --- include/items.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/items.php b/include/items.php index a297a1090..36445a46b 100755 --- a/include/items.php +++ b/include/items.php @@ -360,7 +360,8 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) { if(($is_comment) && ($arr['obj_type'] === ACTIVITY_OBJ_NOTE)) $arr['obj_type'] = ACTIVITY_OBJ_COMMENT; - if(! ($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid'])) { + if(! ( array_key_exists('allow_cid',$arr) || array_key_exists('allow_gid',$arr) + || array_key_exists('deny_cid',$arr) || array_key_exists('deny_gid',$arr))) { $arr['allow_cid'] = $channel['channel_allow_cid']; $arr['allow_gid'] = $channel['channel_allow_gid']; $arr['deny_cid'] = $channel['channel_deny_cid']; -- cgit v1.2.3