From a1e7c65d51a6472cf7fe95686883f77953d7dfd7 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 29 Jan 2014 03:39:32 -0800
Subject: chatroom permissions enforcement

---
 include/chat.php | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'include')

diff --git a/include/chat.php b/include/chat.php
index 9d90f7970..6bcb003ff 100644
--- a/include/chat.php
+++ b/include/chat.php
@@ -76,8 +76,27 @@ function chatroom_destroy($channel,$arr) {
 
 
 function chatroom_enter($observer_xchan,$room_id,$status,$client) {
+
 	if(! $room_id || ! $observer_xchan)
 		return;
+
+	$r = q("select * from chatroom where cr_id = %d limit 1",
+		intval($room_id)
+	);
+	if(! $r)
+		return;
+	require_once('include/security.php');
+	$sql_extra = permissions_sql($r[0]['cr_uid']);
+
+	$x = q("select * from chatroom where cr_id = %d and uid = %d $sql_extra limit 1",
+			intval($room_id)
+			intval($r[0]['cr_uid'])
+	);
+	if(! $x) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
 	$r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1",
 		dbesc($observer_xchan),
 		intval($room_id)
-- 
cgit v1.2.3