]> git.mxchange.org Git - friendica.git/blobdiff - include/security.php
Fixes applied: (#5399)
[friendica.git] / include / security.php
index dbba09172e7159200b1faf1e1f6b8ab41cd95041..768d7c82d45934310a7122b1ca94e56c2e437f0c 100644 (file)
@@ -171,12 +171,14 @@ function authenticate_success($user_record, $login_initial = false, $interactive
        }
 
        if ($login_initial) {
-               // If the user specified to remember the authentication, then set a cookie
-               // that expires after one week (the default is when the browser is closed).
-               // The cookie will be renewed automatically.
-               // The week ensures that sessions will expire after some inactivity.
+               /*
+                * If the user specified to remember the authentication, then set a cookie
+                * that expires after one week (the default is when the browser is closed).
+                * The cookie will be renewed automatically.
+                * The week ensures that sessions will expire after some inactivity.
+                */
                if ($_SESSION['remember']) {
-                       logger('Injecting cookie for remembered user ' . $_SESSION['remember_user']['nickname']);
+                       logger('Injecting cookie for remembered user ' . $a->user['nickname']);
                        new_cookie(604800, $user_record);
                        unset($_SESSION['remember']);
                }
@@ -204,6 +206,10 @@ function can_write_wall($owner)
                return true;
        }
 
+       if (local_user() && ($owner == 0)) {
+               return true;
+       }
+
        if (remote_user()) {
                // use remembered decision and avoid a DB lookup for each and every display item
                // DO NOT use this function if there are going to be multiple owners
@@ -339,7 +345,7 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul
                         AND `item`.allow_gid = ''
                         AND `item`.deny_cid  = ''
                         AND `item`.deny_gid  = ''
-                        AND `item`.private = 0
+                        AND `item`.private != 1
        ";
 
        // Profile owner - everything is visible