From b51049227f28bc1badf9387ea5bff16bfd7debcd Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Wed, 10 Mar 2021 20:34:47 +0000
Subject: fix mod display query

---
 Zotlabs/Module/Display.php | 29 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 15 deletions(-)

(limited to 'Zotlabs/Module/Display.php')

diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 2aa4f6548..15dfb0dc9 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -243,7 +243,7 @@ class Display extends \Zotlabs\Web\Controller {
 		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
 
-		$sql_extra = public_permissions_sql($observer_hash);
+		$sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash));
 
 		if($noscript_content || $load) {
 
@@ -260,8 +260,7 @@ class Display extends \Zotlabs\Web\Controller {
 				);
 			}
 
-			if(! $r) {
-
+			if($r === null) {
 				// in case somebody turned off public access to sys channel content using permissions
 				// make that content unsearchable by ensuring the owner uid can't match
 
@@ -269,20 +268,18 @@ class Display extends \Zotlabs\Web\Controller {
 					$sysid = 0;
 
 				$r = q("SELECT item.id as item_id from item
-					WHERE ( (mid = '%s'
+					WHERE ((mid = '%s'
 					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = ''
 					AND item.deny_gid  = '' AND item_private = 0 )
 					and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
-					OR uid = %d ) ) ) OR
-					(mid = '%s' $sql_extra ) )
+					OR uid = %d ))) OR
+					(mid = '%s' $sql_extra ))
 					$item_normal
 					limit 1",
 					dbesc($target_item['parent_mid']),
 					intval($sysid),
 					dbesc($target_item['parent_mid'])
 				);
-
-
 			}
 		}
 
@@ -306,20 +303,22 @@ class Display extends \Zotlabs\Web\Controller {
 			if($r === null) {
 				// in case somebody turned off public access to sys channel content using permissions
 				// make that content unsearchable by ensuring the owner_xchan can't match
+
 				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
 					$sysid = 0;
-				$r = q("SELECT item.parent AS item_id from item
-					WHERE parent_mid = '%s'
+
+				$r = q("SELECT item.id as item_id from item
+					WHERE ((parent_mid = '%s'
 					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = ''
 					AND item.deny_gid  = '' AND item_private = 0 )
 					and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
-					OR uid = %d )
-					$sql_extra )
-					$item_normal_update
-					$simple_update
+					OR uid = %d ))) OR
+					(parent_mid = '%s' $sql_extra ))
+					$item_normal
 					limit 1",
 					dbesc($target_item['parent_mid']),
-					intval($sysid)
+					intval($sysid),
+					dbesc($target_item['parent_mid'])
 				);
 			}
 		}
-- 
cgit v1.2.3