From 9c445e98175b55e369f06220a46cf36893960cdc Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 19 Dec 2014 00:28:36 -0800
Subject: incorrect check for sys ownership

---
 mod/display.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/mod/display.php b/mod/display.php
index 55f7c1306..7d7f4ca13 100644
--- a/mod/display.php
+++ b/mod/display.php
@@ -157,6 +157,7 @@ function display_content(&$a, $update = 0, $load = false) {
 
 			require_once('include/identity.php');
 			$sys = get_sys_channel();
+			$sysid = $sys['channel_id'];
 
 			if(local_user()) {
 				$r = q("SELECT * from item
@@ -178,8 +179,8 @@ function display_content(&$a, $update = 0, $load = false) {
 				// in case somebody turned off public access to sys channel content using permissions
 				// make that content unsearchable by ensuring the owner_xchan can't match
 
-				if(! perm_is_allowed($sys['channel_id'],$observer_hash,'view_stream'))
-					$sys['xchan_hash'] .= 'disabled';
+				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
+					$sysid = 0;
 
 
 				$r = q("SELECT * from item
@@ -188,11 +189,11 @@ function display_content(&$a, $update = 0, $load = false) {
 					AND (((( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' 
 					AND `item`.`deny_gid`  = '' AND item_private = 0 ) 
 					and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
-					OR owner_xchan = '%s')
+					OR uid = %d )
 					$sql_extra )
 					limit 1",
 					dbesc($target_item['parent_mid']),
-					dbesc($sys['xchan_hash'])
+					intval($sysid)
 				);
 
 			}
-- 
cgit v1.2.3