From 0fef87cb43376289c39ddb0e30ee7a35fa97086d Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 10 Jan 2014 00:58:53 -0800 Subject: security fix for channel?mid= per zottel --- mod/channel.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'mod/channel.php') diff --git a/mod/channel.php b/mod/channel.php index 20f6fec18..dac4ba2bf 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -135,9 +135,11 @@ function channel_content(&$a, $update = 0, $load = false) { if(($update) && (! $load)) { if ($mid) { - $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d $sql_extra limit 1", + $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0 + AND (item_flags & %d) $sql_extra limit 1", dbesc($mid), - intval($a->profile['profile_uid']) + intval($a->profile['profile_uid']), + intval(ITEM_WALL) ); } else { $r = q("SELECT distinct parent AS `item_id` from item -- cgit v1.2.3