From af58364fefd52b03c32ac9594f87f6bbaed8e002 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 17 Nov 2023 07:50:10 +0000 Subject: only check for privacy mismatch if observer != owner --- Zotlabs/Module/Item.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'Zotlabs/Module/Item.php') diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 4c6b345fb..25ccb0cbf 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -84,7 +84,7 @@ class Item extends Controller { } observer_auth($portable_id); - $i = q("select id as item_id, uid, item_private from item where mid = '%s' $item_normal and owner_xchan = '%s' limit 1", + $i = q("select id as item_id, uid from item where mid = '%s' $item_normal and owner_xchan = '%s' limit 1", dbesc($r[0]['parent_mid']), dbesc($portable_id) ); @@ -119,11 +119,12 @@ class Item extends Controller { } $parents_str = ids_to_querystr($i, 'item_id'); - $parent_item_private = $i[0]['item_private']; - $total = q("SELECT count(*) AS count FROM item WHERE parent = %d and item_private = %d $item_normal", - intval($parents_str), - intval($parent_item_private) + // We won't need to check for privacy mismatches if the verified observer is also owner + $parent_item_private = ((isset($i[0]['item_private'])) ? " and item_private = " . intval($i[0]['item_private']) . " " : ''); + + $total = q("SELECT count(*) AS count FROM item WHERE parent = %d $parent_item_private $item_normal ", + intval($parents_str) ); App::set_pager_total($total[0]['count']); @@ -136,9 +137,8 @@ class Item extends Controller { as_return_and_die($i ,$chan); } else { - $items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent = %d and item_private = %d $item_normal ORDER BY item.id", - intval($parents_str), - intval($parent_item_private) + $items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent = %d $parent_item_private $item_normal ORDER BY item.id", + intval($parents_str) ); xchan_query($items, true); -- cgit v1.2.3