From: friendica Date: Fri, 9 Mar 2012 08:31:17 +0000 (-0800) Subject: bug in check for private email comment to public conversation prevents authenticated... X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=312c17504515b0f6c77b2e59ef8569dbf8d048fa;p=friendica.git bug in check for private email comment to public conversation prevents authenticated visitor from seeing comments that should be allowed --- diff --git a/include/conversation.php b/include/conversation.php index f1134975a0..526c6ea005 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -179,9 +179,11 @@ function localize_item(&$item){ * that are based on unique features of the calling module. * */ - if(!function_exists('conversation')){ + +if(!function_exists('conversation')) { function conversation(&$a, $items, $mode, $update, $preview = false) { + require_once('bbcode.php'); $profile_owner = 0; @@ -418,26 +420,6 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { $toplevelprivate = (($toplevelpost && $item['private']) ? true : false); $item_writeable = (($item['writable'] || $item['self']) ? true : false); - // DISABLED - /* - if($blowhard == $item['cid'] && (! $item['self']) && ($mode != 'profile') && ($mode != 'notes')) { - $blowhard_count ++; - if($blowhard_count == 3) { - $o .= '' . ''; - $blowhard_count = 0; - } - // END DISABLED - */ - $comments_seen = 0; $comments_collapsed = false; $comment_lastcollapsed = false; @@ -445,13 +427,16 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { $threadsid++; $threads[$threadsid]['id'] = $item['item_id']; + $threads[$threadsid]['private'] = $item['private']; $threads[$threadsid]['items'] = array(); } else { - // prevent private email from leaking into public conversation - if((! $toplevelpost) && (! $toplevelprivate) && ($item['private']) && ($profile_owner != local_user())) + + // prevent private email reply to public conversation from leaking. + if($item['private'] && ! $threads[$threadsid]['private']) continue; + $comments_seen ++; $comment_lastcollapsed = false; $comment_firstcollapsed = false; diff --git a/include/security.php b/include/security.php index f469dad66f..8c536b656a 100755 --- a/include/security.php +++ b/include/security.php @@ -283,6 +283,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) ); } } + return $sql; }