Merge pull request #9711 from MrPetovan/bug/fatal-errors

[friendica.git] / mod / item.php

diff --git a/mod/item.php b/mod/item.php
index d1e1d06ce05fa5b5d2503b742fd34b441ff4cfea..ed4e50348d0d0d00263864c9b05fb1ba92c15694 100644 (file)
--- a/mod/item.php
+++ b/mod/item.php
@@ -261,20 +261,19 @@ function item_post(App $a) {
                $guid              = $orig_post['guid'];
                $extid             = $orig_post['extid'];
        } else {
-               $str_contact_allow = '';
-               $str_group_allow   = '';
-               $str_contact_deny  = '';
-               $str_group_deny    = '';
-
-               if (($_REQUEST['visibility'] ?? '') !== 'public') {
-                       $aclFormatter = DI::aclFormatter();
-                       $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
-                       $str_group_allow   = isset($_REQUEST['group_allow'])   ? $aclFormatter->toString($_REQUEST['group_allow'])   : $user['allow_gid'] ?? '';
-                       $str_contact_deny  = isset($_REQUEST['contact_deny'])  ? $aclFormatter->toString($_REQUEST['contact_deny'])  : $user['deny_cid']  ?? '';
-                       $str_group_deny    = isset($_REQUEST['group_deny'])    ? $aclFormatter->toString($_REQUEST['group_deny'])    : $user['deny_gid']  ?? '';
-
-                       // Since we know from the visibility parameter it should be private, we have to prevent the empty ACL case
-                       // that would make the item public. So we always append the author's contact id to the allowed contacts.
+               $aclFormatter = DI::aclFormatter();
+               $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
+               $str_group_allow   = isset($_REQUEST['group_allow'])   ? $aclFormatter->toString($_REQUEST['group_allow'])   : $user['allow_gid'] ?? '';
+               $str_contact_deny  = isset($_REQUEST['contact_deny'])  ? $aclFormatter->toString($_REQUEST['contact_deny'])  : $user['deny_cid']  ?? '';
+               $str_group_deny    = isset($_REQUEST['group_deny'])    ? $aclFormatter->toString($_REQUEST['group_deny'])    : $user['deny_gid']  ?? '';
+
+               $visibility = $_REQUEST['visibility'] ?? '';
+               if ($visibility === 'public') {
+                       // The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
+                       $str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
+               } else if ($visibility === 'custom') {
+                       // Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
+                       // case that would make it public. So we always append the author's contact id to the allowed contacts.
                        // See https://github.com/friendica/friendica/issues/9672
                        $str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid));
                }