From b51049227f28bc1badf9387ea5bff16bfd7debcd Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 10 Mar 2021 20:34:47 +0000 Subject: fix mod display query --- Zotlabs/Module/Display.php | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) (limited to 'Zotlabs/Module/Display.php') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 2aa4f6548..15dfb0dc9 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -243,7 +243,7 @@ class Display extends \Zotlabs\Web\Controller { $item_normal = item_normal(); $item_normal_update = item_normal_update(); - $sql_extra = public_permissions_sql($observer_hash); + $sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash)); if($noscript_content || $load) { @@ -260,8 +260,7 @@ class Display extends \Zotlabs\Web\Controller { ); } - if(! $r) { - + if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner uid can't match @@ -269,20 +268,18 @@ class Display extends \Zotlabs\Web\Controller { $sysid = 0; $r = q("SELECT item.id as item_id from item - WHERE ( (mid = '%s' + WHERE ((mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - OR uid = %d ) ) ) OR - (mid = '%s' $sql_extra ) ) + OR uid = %d ))) OR + (mid = '%s' $sql_extra )) $item_normal limit 1", dbesc($target_item['parent_mid']), intval($sysid), dbesc($target_item['parent_mid']) ); - - } } @@ -306,20 +303,22 @@ class Display extends \Zotlabs\Web\Controller { if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner_xchan can't match + if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) $sysid = 0; - $r = q("SELECT item.parent AS item_id from item - WHERE parent_mid = '%s' + + $r = q("SELECT item.id as item_id from item + WHERE ((parent_mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - OR uid = %d ) - $sql_extra ) - $item_normal_update - $simple_update + OR uid = %d ))) OR + (parent_mid = '%s' $sql_extra )) + $item_normal limit 1", dbesc($target_item['parent_mid']), - intval($sysid) + intval($sysid), + dbesc($target_item['parent_mid']) ); } } -- cgit v1.2.3