From 7b5a42568a7f4cf90e81036b4ed5d93ec3f6e3e2 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 16 Dec 2013 18:07:41 -0800 Subject: Tricky little bug. Allowed somebody to bypass comment permissions. Hopefully the fix will have no undesired side effects. --- include/items.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'include/items.php') diff --git a/include/items.php b/include/items.php index 2cec6bc36..b328ca2d1 100755 --- a/include/items.php +++ b/include/items.php @@ -2362,12 +2362,13 @@ function tgroup_check($uid,$item) { $mention = false; // check that the message originated elsewhere and is a top-level post - // or is a followup and we have already accepted the top level post + // or is a followup and we have already accepted the top level post as an uplink if($item['mid'] != $item['parent_mid']) { - $r = q("select id from item where mid = '%s' and uid = %d limit 1", + $r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d ) limit 1", dbesc($item['parent_mid']), - intval($uid) + intval($uid), + intval(ITEM_UPLINK) ); if($r) return true; -- cgit v1.2.3