Fixes applied: (#5399)

[friendica.git] / include / security.php

diff --git a/include/security.php b/include/security.php
index e8a03ad0fe9dfebd37525c9226c1830322521bae..768d7c82d45934310a7122b1ca94e56c2e437f0c 100644 (file)
--- a/include/security.php
+++ b/include/security.php
@@ -41,7 +41,7 @@ function new_cookie($time, $user = [])
        if ($user) {
                $value = json_encode(["uid" => $user["uid"],
                        "hash" => cookie_hash($user),
-                       "ip" => $_SERVER['REMOTE_ADDR']]);
+                       "ip" => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0')]);
        } else {
                $value = "";
        }
@@ -70,7 +70,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
        $_SESSION['page_flags'] = $user_record['page-flags'];
        $_SESSION['my_url'] = System::baseUrl() . '/profile/' . $user_record['nickname'];
        $_SESSION['my_address'] = $user_record['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3);
-       $_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
+       $_SESSION['addr'] = defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0');
 
        $a->user = $user_record;
 
@@ -171,12 +171,14 @@ function authenticate_success($user_record, $login_initial = false, $interactive
        }
 
        if ($login_initial) {
-               // If the user specified to remember the authentication, then set a cookie
-               // that expires after one week (the default is when the browser is closed).
-               // The cookie will be renewed automatically.
-               // The week ensures that sessions will expire after some inactivity.
+               /*
+                * If the user specified to remember the authentication, then set a cookie
+                * that expires after one week (the default is when the browser is closed).
+                * The cookie will be renewed automatically.
+                * The week ensures that sessions will expire after some inactivity.
+                */
                if ($_SESSION['remember']) {
-                       logger('Injecting cookie for remembered user ' . $_SESSION['remember_user']['nickname']);
+                       logger('Injecting cookie for remembered user ' . $a->user['nickname']);
                        new_cookie(604800, $user_record);
                        unset($_SESSION['remember']);
                }
@@ -204,6 +206,10 @@ function can_write_wall($owner)
                return true;
        }
 
+       if (local_user() && ($owner == 0)) {
+               return true;
+       }
+
        if (remote_user()) {
                // use remembered decision and avoid a DB lookup for each and every display item
                // DO NOT use this function if there are going to be multiple owners
@@ -339,7 +345,7 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul
                         AND `item`.allow_gid = ''
                         AND `item`.deny_cid  = ''
                         AND `item`.deny_gid  = ''
-                        AND `item`.private = 0
+                        AND `item`.private != 1
        ";
 
        // Profile owner - everything is visible