From 595cb13d8f2793fcefdc1566715848479460e479 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 6 Mar 2017 15:33:10 -0800 Subject: correct fix for wiki anonymous read issue (items_permissions_sql checks item.public_policy which was set for posts, not wikis) --- Zotlabs/Lib/NativeWikiPage.php | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'Zotlabs/Lib/NativeWikiPage.php') diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index e9f8a32c9..941ade90c 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -64,6 +64,8 @@ class NativeWikiPage { $arr['deny_cid'] = $w['wiki']['deny_cid']; $arr['deny_gid'] = $w['wiki']['deny_gid']; + $arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel_id,'view_wiki'),true); + // We may wish to change this some day. $arr['item_unpublished'] = 1; @@ -232,10 +234,7 @@ class NativeWikiPage { } } - $sql_extra = ''; - - if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) - $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + $sql_extra = item_permissions_sql($channel_id,$observer_hash); if($revision == (-1)) $sql_extra .= " order by revision desc "; @@ -288,10 +287,7 @@ class NativeWikiPage { } } - $sql_extra = ''; - - if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) - $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + $sql_extra = item_permissions_sql($channel_id,$observer_hash); $sql_extra .= " order by revision desc "; -- cgit v1.2.3