From beb3301d43c0d532bd6984ee745074479babdabb Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 22 Jan 2013 02:56:32 -0800 Subject: security fixes related to directory access and sites that are off the grid --- mod/dirsearch.php | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'mod/dirsearch.php') diff --git a/mod/dirsearch.php b/mod/dirsearch.php index 57132519c..1dbe60499 100644 --- a/mod/dirsearch.php +++ b/mod/dirsearch.php @@ -14,16 +14,12 @@ function dirsearch_content(&$a) { // If you've got a public directory server, you probably shouldn't block public access - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { - $ret['message'] = t('Public access denied.'); - return; - } $dirmode = intval(get_config('system','directory_mode')); if($dirmode == DIRECTORY_MODE_NORMAL) { $ret['message'] = t('This site is not a directory server'); - return; + json_return_and_die($ret); } $name = ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''); @@ -75,7 +71,7 @@ function dirsearch_content(&$a) { // By default we return one page (default 80 items maximum) and do not count total entries $logic = ((strlen($sql_extra)) ? 0 : 1); - +dbg(1); if($limit) $qlimit = " LIMIT $limit "; else { @@ -95,7 +91,7 @@ function dirsearch_content(&$a) { $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d ) $order $qlimit ", intval(XCHAN_FLAGS_HIDDEN) ); - +dbg(0); $ret['page'] = $page + 1; $ret['records'] = count($r); -- cgit v1.2.3