From dd86f40f9608afe7b58784530bd2cf117397c59b Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 19 May 2012 16:42:24 -0700 Subject: set comment permissions explicitly to parent permissions --- mod/item.php | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'mod/item.php') diff --git a/mod/item.php b/mod/item.php index 639379fe0..9f6b2aef4 100644 --- a/mod/item.php +++ b/mod/item.php @@ -218,14 +218,23 @@ function item_post(&$a) { $private = ((strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) ? 1 : 0); - if(($parent_item) && - (($parent_item['private']) + // If this is a comment, set the permissions from the parent. + + if($parent_item) { + $private = 0; + + if(($parent_item['private']) || strlen($parent_item['allow_cid']) || strlen($parent_item['allow_gid']) || strlen($parent_item['deny_cid']) - || strlen($parent_item['deny_gid']) - )) { - $private = 1; + || strlen($parent_item['deny_gid'])) { + $private = 1; + } + + $str_contact_allow = $parent_item['allow_cid']; + $str_group_allow = $parent_item['allow_gid']; + $str_contact_deny = $parent_item['deny_cid']; + $str_group_deny = $parent_item['deny_gid']; } $pubmail_enable = ((x($_REQUEST,'pubmail_enable') && intval($_REQUEST['pubmail_enable']) && (! $private)) ? 1 : 0); -- cgit v1.2.3 From a16382529135a76c5afaf4d4189856734a8e7f58 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 21 May 2012 22:54:39 -0700 Subject: redir links for permission controlled attachments --- mod/item.php | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) (limited to 'mod/item.php') diff --git a/mod/item.php b/mod/item.php index 9f6b2aef4..81dd553cd 100644 --- a/mod/item.php +++ b/mod/item.php @@ -290,18 +290,16 @@ function item_post(&$a) { $author = null; $self = false; - if(($_SESSION['uid']) && ($_SESSION['uid'] == $profile_uid)) { + if((local_user()) && (local_user() == $profile_uid)) { $self = true; $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid']) ); } - else { - if((x($_SESSION,'visitor_id')) && (intval($_SESSION['visitor_id']))) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", - intval($_SESSION['visitor_id']) - ); - } + elseif(remote_user()) { + $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", + intval(remote_user()) + ); } if(count($r)) { @@ -311,7 +309,7 @@ function item_post(&$a) { // get contact info for owner - if($profile_uid == $_SESSION['uid']) { + if($profile_uid == local_user()) { $contact_record = $author; } else { @@ -322,8 +320,6 @@ function item_post(&$a) { $contact_record = $r[0]; } - - $post_type = notags(trim($_REQUEST['type'])); if($post_type === 'net-comment') { -- cgit v1.2.3