From 92ef36ad61bc96905b062a727d1f4558ed734bdb Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 20 Mar 2012 14:55:18 -0700 Subject: slightly relax overly strict permissions in community and search to match those in display - tl;dr public conversations are publicly visible --- boot.php | 2 +- mod/community.php | 12 +++++++----- mod/search.php | 7 ++++--- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/boot.php b/boot.php index be4b8ca0e..fa081df1b 100755 --- a/boot.php +++ b/boot.php @@ -9,7 +9,7 @@ require_once('include/nav.php'); require_once('include/cache.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica'); -define ( 'FRIENDICA_VERSION', '2.3.1286' ); +define ( 'FRIENDICA_VERSION', '2.3.1287' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'DB_UPDATE_VERSION', 1132 ); diff --git a/mod/community.php b/mod/community.php index a98999942..cf459617e 100755 --- a/mod/community.php +++ b/mod/community.php @@ -41,15 +41,16 @@ function community_content(&$a, $update = 0) { // Here is the way permissions work in this module... - // Only public wall posts can be shown + // Only public posts can be shown // OR your own posts if you are a logged in member $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0 + AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' + AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' + AND `item`.`private` = 0 AND `user`.`hidewall` = 0 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 " ); @@ -69,8 +70,9 @@ function community_content(&$a, $update = 0) { FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0 + AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' + AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' + AND `item`.`private` = 0 AND `user`.`hidewall` = 0 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 ORDER BY `received` DESC LIMIT %d, %d ", intval($a->pager['start']), diff --git a/mod/search.php b/mod/search.php index 386592ea1..50e7a6abc 100755 --- a/mod/search.php +++ b/mod/search.php @@ -93,8 +93,9 @@ function search_content(&$a) { return $o; // Here is the way permissions work in the search module... - // Only public wall posts can be shown + // Only public posts can be shown // OR your own posts if you are a logged in member + // No items will be shown if the member has a blocked profile wall. $s_regx = sprintf("AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )", dbesc(preg_quote($search)), dbesc('\\]' . preg_quote($search) . '\\[')); @@ -104,7 +105,7 @@ function search_content(&$a) { $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0) + AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0) OR `item`.`uid` = %d ) AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $search_alg ", @@ -127,7 +128,7 @@ function search_content(&$a) { FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) + AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) OR `item`.`uid` = %d ) AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $search_alg -- cgit v1.2.3