]> git.mxchange.org Git - friendica.git/blobdiff - include/security.php
projects / friendica.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #644 from fermionic/20130303-no-embedding-private-images-option
[friendica.git] / include / security.php
diff --git a/include/security.php b/include/security.php
index 56d4cad36fa529eb821b48692e1cb9aceef5f478..cb4587fbdaf4e904def5679c4ff589eda714fe83 100644 (file)
--- a/include/security.php
+++ b/include/security.php
@@ -266,8 +266,8 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
         * Profile owner - everything is visible
         */
 
-       if(($local_user) && ($local_user == $owner_id)) {
-               $sql = ''; 
+       if($local_user && ($local_user == $owner_id)) {
+               $sql = '';
        }
 
        /**
@@ -300,7 +300,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
                        } 
 
                        $sql = sprintf(
-                               " AND ( private = 0 OR ( private = 1 AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
+                               /*" AND ( private = 0 OR ( private in (1,2) AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
                                  AND ( deny_cid  = '' OR  NOT deny_cid REGEXP '<%d>' ) 
                                  AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
                                  AND ( deny_gid  = '' OR NOT deny_gid REGEXP '%s'))) 
@@ -309,6 +309,15 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
                                intval($remote_user),
                                dbesc($gs),
                                dbesc($gs)
+*/
+                               " AND ( private = 0 OR ( private in (1,2) AND wall = 1
+                                 AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
+                                 AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '')))))
+                               ",
+                               intval($remote_user),
+                               dbesc($gs),
+                               intval($remote_user),
+                               dbesc($gs)
                        );
                }
        }
Unnamed repository; edit this file 'description' to name the repository.