Merge pull request #9696 from MrPetovan/bug/9306-poke-privacy

[friendica.git] / src / Model / Item.php

diff --git a/src/Model/Item.php b/src/Model/Item.php
index c67399b9289011852c3795c20a0c51f916dcc3d5..75c3d08384b1adfc01e105a97a83b79891397856 100644 (file)
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -1385,6 +1385,19 @@ class Item
                        return false;
                }
 
+               if (!empty($item['uid'])) {
+                       $owner = User::getOwnerDataById($item['uid'], false);
+                       if (!$owner) {
+                               Logger::notice('Missing item user owner data', ['uid' => $item['uid']]);
+                               return false;
+                       }
+
+                       if ($owner['account_expired'] || $owner['account_removed']) {
+                               Logger::notice('Item user has been deleted/expired/removed', ['uid' => $item['uid'], 'deleted' => $owner['deleted'], 'account_expired' => $owner['account_expired'], 'account_removed' => $owner['account_removed']]);
+                               return false;
+                       }
+               }
+
                if (!empty($item['author-id']) && Contact::isBlocked($item['author-id'])) {
                        Logger::notice('Author is blocked node-wide', ['author-link' => $item['author-link'], 'item-uri' => $item['uri']]);
                        return false;
@@ -2910,8 +2923,8 @@ class Item
                $datarray['api_source'] = true;
 
                // We have to tell the hooks who we are - this really should be improved
-               $_SESSION["authenticated"] = true;
-               $_SESSION["uid"] = $contact['uid'];
+               $_SESSION['authenticated'] = true;
+               $_SESSION['uid'] = $contact['uid'];
 
                return (bool)$result;
        }