From: Michael Date: Thu, 19 Mar 2020 21:55:31 +0000 (+0000) Subject: Issue 8371: Ensure to always have permissions X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=29bd37cda2625ed66a6f135c1603ea445dde2db9;p=friendica.git Issue 8371: Ensure to always have permissions --- diff --git a/mod/item.php b/mod/item.php index a9f1ef808b..3566e2150c 100644 --- a/mod/item.php +++ b/mod/item.php @@ -244,10 +244,10 @@ function item_post(App $a) { $body = preg_replace('#\[url=([^\]]*?)\]\[/url\]#ism', '[url]$1[/url]', $body); if (!empty($orig_post)) { - $str_group_allow = $orig_post['allow_gid']; - $str_contact_allow = $orig_post['allow_cid']; - $str_group_deny = $orig_post['deny_gid']; - $str_contact_deny = $orig_post['deny_cid']; + $str_group_allow = $orig_post['allow_gid'] ?? ''; + $str_contact_allow = $orig_post['allow_cid'] ?? ''; + $str_group_deny = $orig_post['deny_gid'] ?? ''; + $str_contact_deny = $orig_post['deny_cid'] ?? ''; $location = $orig_post['location']; $coord = $orig_post['coord']; $verb = $orig_post['verb']; @@ -261,33 +261,13 @@ function item_post(App $a) { $network = $orig_post['network']; $guid = $orig_post['guid']; $extid = $orig_post['extid']; - } else { + $aclFormatter = DI::aclFormatter(); - /* - * if coming from the API and no privacy settings are set, - * use the user default permissions - as they won't have - * been supplied via a form. - */ - if ($api_source - && !array_key_exists('contact_allow', $_REQUEST) - && !array_key_exists('group_allow', $_REQUEST) - && !array_key_exists('contact_deny', $_REQUEST) - && !array_key_exists('group_deny', $_REQUEST)) { - $str_group_allow = $user['allow_gid']; - $str_contact_allow = $user['allow_cid']; - $str_group_deny = $user['deny_gid']; - $str_contact_deny = $user['deny_cid']; - } else { - // use the posted permissions - - $aclFormatter = DI::aclFormatter(); - - $str_group_allow = $aclFormatter->toString($_REQUEST['group_allow'] ?? ''); - $str_contact_allow = $aclFormatter->toString($_REQUEST['contact_allow'] ?? ''); - $str_group_deny = $aclFormatter->toString($_REQUEST['group_deny'] ?? ''); - $str_contact_deny = $aclFormatter->toString($_REQUEST['contact_deny'] ?? ''); - } + $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? ''; + $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact__allow']) : $user['allow_cid'] ?? ''; + $str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? ''; + $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? ''; $title = Strings::escapeTags(trim($_REQUEST['title'] ?? '')); $location = Strings::escapeTags(trim($_REQUEST['location'] ?? ''));