From caa148c1e3736b6d51327883b04405b00a4cda0b Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 1 Sep 2013 19:15:08 -0700
Subject: Sheesh. Three lines of Javascript. All you have to do is find which
 of the three lines is doing something wrong. Or FILE A BUG. Or use a
 different browser (not *try* a different browser, *use* a different browser),
 or turn off freaking tinymce. But no - let's argue about browsers instead.

---
 include/items.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'include/items.php')

diff --git a/include/items.php b/include/items.php
index c695a9b72..712c416de 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1361,6 +1361,17 @@ function item_store($arr,$allow_exec = false) {
 		return 0;
 	}
 
+	// If a page layout is provided, ensure it exists and belongs to us. 
+
+	if(array_key_exists('layout_mid',$arr) && $arr['layout_mid']) {
+		$l = q("select item_restrict from item where mid = '%s' and uid = %d limit 1",
+			dbesc($arr['layout_mid']),
+			intval($arr['uid'])
+		);
+		if((! $l) || (! ($l[0]['item_restrict'] & ITEM_PDL)))
+			unset($arr['layout_mid']);
+	}
+
 	// Don't let anybody set these, either intentionally or accidentally
 
 	if(array_key_exists('id',$arr))
-- 
cgit v1.2.3