From: Evan Prodromou Date: Tue, 29 Mar 2011 02:21:41 +0000 (-0400) Subject: don't show notices to out-of-scope viewers X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=7b8fc701e0f27114e310dcae53c6a727ab05254b;p=quix0rs-gnu-social.git don't show notices to out-of-scope viewers --- diff --git a/actions/shownotice.php b/actions/shownotice.php index f6074faddc..7127a60db4 100644 --- a/actions/shownotice.php +++ b/actions/shownotice.php @@ -79,7 +79,7 @@ class ShownoticeAction extends OwnerDesignAction $id = $this->arg('notice'); - $this->notice = Notice::staticGet($id); + $this->notice = Notice::staticGet('id', $id); if (empty($this->notice)) { // Did we used to have it, and it got deleted? @@ -94,6 +94,18 @@ class ShownoticeAction extends OwnerDesignAction return false; } + $cur = common_current_user(); + + if (!empty($cur)) { + $curProfile = $cur->getProfile(); + } else { + $curProfile = null; + } + + if (!$this->notice->inScope($curProfile)) { + throw new ClientException(_('Not available.'), 403); + } + $this->profile = $this->notice->getProfile(); if (empty($this->profile)) {