From 39f0e6fe622b2080bede823d19b36c9961c64f1d Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 8 Jun 2015 16:55:17 -0700 Subject: add site_dead flag to prevent delivery to dead sites. Allow sys channel webpages to be viewed even if site is configured "block public". --- mod/page.php | 17 ++++++++++++----- mod/public.php | 5 ++++- 2 files changed, 16 insertions(+), 6 deletions(-) (limited to 'mod') diff --git a/mod/page.php b/mod/page.php index 25b4d8888..648bd81fd 100644 --- a/mod/page.php +++ b/mod/page.php @@ -11,10 +11,11 @@ function page_init(&$a) { $profile = 0; profile_load($a,$which,$profile); - if($a->profile['profile_uid']) - head_set_icon($a->profile['thumb']); + if($a->profile['profile_uid']) + head_set_icon($a->profile['thumb']); + // load the item here in the init function because we need to extract // the page layout and initialise the correct theme. @@ -22,9 +23,11 @@ function page_init(&$a) { $observer = $a->get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - $perms = get_all_perms($a->profile['profile_uid'],$ob_hash); - if(! $perms['view_pages']) { + // perm_is_allowed is denied unconditionally when 'site blocked to unauthenticated members'. + // This bypasses that restriction for sys channel (public) content + + if((! perm_is_allowed($a->profile['profile_uid'],$ob_hash,'view_pages')) && (! is_sys_channel($a->profile['profile_uid']))) { notice( t('Permission denied.') . EOL); return; } @@ -58,6 +61,8 @@ function page_init(&$a) { require_once('include/security.php'); $sql_options = item_permissions_sql($u[0]['channel_id']); +dbg(1); + $r = q("select item.* from item left join item_id on item.id = item_id.iid where item.uid = %d and sid = '%s' and (( service = 'WEBPAGE' and item_restrict = %d ) or ( service = 'PDL' and item_restrict = %d )) $sql_options $revision limit 1", @@ -77,6 +82,8 @@ function page_init(&$a) { dbesc($page_id), intval(ITEM_WEBPAGE) ); + +dbg(0); if($x) { // Yes, it's there. You just aren't allowed to see it. notice( t('Permission denied.') . EOL); @@ -119,7 +126,7 @@ function page_content(&$a) { return; if($r[0]['item_restrict'] == ITEM_PDL) { - $r[0]['body'] = t('Ipsum Lorem'); + $r[0]['body'] = t('Lorem Ipsum'); $r[0]['mimetype'] = 'text/plain'; $r[0]['title'] = ''; diff --git a/mod/public.php b/mod/public.php index 57c12e283..1f23a1999 100644 --- a/mod/public.php +++ b/mod/public.php @@ -60,17 +60,20 @@ function public_content(&$a, $update = 0, $load = false) { } require_once('include/identity.php'); + require_once('include/security.php'); if(get_config('system','site_firehose')) { - require_once('include/security.php'); $uids = " and item.uid in ( " . stream_perms_api_uids(PERMS_PUBLIC) . " ) and item_private = 0 and (item_flags & " . intval(ITEM_WALL) . " ) > 0 "; } else { $sys = get_sys_channel(); $uids = " and item.uid = " . intval($sys['channel_id']) . " "; + $sql_extra = item_permissions_sql($sys['channel_id']); $a->data['firehose'] = intval($sys['channel_id']); } + + $page_mode = 'list'; $simple_update = (($update) ? " and item.item_unseen = 1 " : ''); -- cgit v1.2.3