[PRIVACY] privacy issue bug #314

diff --git a/mod/display.php b/mod/display.php
index f510f793df9d98b2e05356ab6c0b387da0b5a515..4f2e5ff9aa1ec7728457c3d203ec5bb76281bd51 100755 (executable)
--- a/mod/display.php
+++ b/mod/display.php
@@ -34,7 +34,7 @@ function display_content(&$a) {
 
        $contact = null;
        $remote_contact = false;
-
+dbg(1);
        if(remote_user()) {
                $contact_id = $_SESSION['visitor_id'];
                $groups = init_groups_visitor($contact_id);
@@ -87,6 +87,9 @@ function display_content(&$a) {
 
        $sql_extra = permissions_sql($a->profile['uid'],$remote_contact,$groups);
 
+       if(! local_user() && ! remote_user())
+               $sql_extra .= " and `item`.`private` = 0 ";
+
        $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, 
                `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
                `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, 
@@ -135,7 +138,7 @@ function display_content(&$a) {
                }
 
        }
-
+dbg(0);
        return $o;
 }