From 9e490d022b985f295a0547c8a115c610a77a3a24 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Wed, 22 Apr 2015 12:00:15 +0200
Subject: fix webpage perms

---
 mod/editwebpage.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'mod/editwebpage.php')

diff --git a/mod/editwebpage.php b/mod/editwebpage.php
index a7564a126..a1918741b 100644
--- a/mod/editwebpage.php
+++ b/mod/editwebpage.php
@@ -90,11 +90,18 @@ function editwebpage_content(&$a) {
 	// We've already figured out which item we want and whose copy we need, 
 	// so we don't need anything fancy here
 
-	$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1",
+	$sql_extra = item_permissions_sql($owner);
+
+	$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s $sql_extra LIMIT 1",
 		intval($post_id),
 		intval($owner)
 	);
 
+	if(! $itm) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
 	if($itm[0]['item_flags'] & ITEM_OBSCURED) {
 		$key = get_config('system','prvkey');
 		if($itm[0]['title'])
-- 
cgit v1.2.3