From 1b09c6485638339aede6dc2fd69956716b80fb00 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Mon, 7 Sep 2015 03:59:38 -0700
Subject: PRIVACY: item_private seems to have been removed from permissions_sql
 checking with an observer.

---
 include/security.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/security.php b/include/security.php
index bad39d805..0c3dc29d6 100644
--- a/include/security.php
+++ b/include/security.php
@@ -260,7 +260,7 @@ function item_permissions_sql($owner_id, $remote_observer = null) {
 			$regexop = db_getfunc('REGEXP');
 			$sql = sprintf(
 				" AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
-				  AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
+				  AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) )
 				  )
 				",
 				dbesc(protect_sprintf( '%<' . $observer . '>%')),
@@ -295,7 +295,7 @@ function public_permissions_sql($observer_hash) {
 		$regexop = db_getfunc('REGEXP');
 		$sql = sprintf(
 			" OR (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
-			  AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
+			  AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) )
 			  ))
 			",
 			dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),
-- 
cgit v1.2.3