harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

issue #538 continued

Browse Source
This commit is contained in:
redmatrix 2016-09-30 13:00:15 -07:00
parent e48323775d
commit 56b12f6555
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Zotlabs/Module/Getfile.php
View File

@ -30,9 +30,9 @@ class Getfile extends \Zotlabs\Web\Controller {
logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO); logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO);
$hash = $_POST['hash']; $hash = $_POST['hash'];
$time = $_POST['time']; $time = $_POST['time'];
$sig = $_POST['signature']; $sig = $_POST['signature'];
$resource = $_POST['resource']; $resource = $_POST['resource'];
$revision = intval($_POST['revision']); $revision = intval($_POST['revision']);

8
include/attach.php
View File

@ -254,7 +254,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) {
return $ret; return $ret;
} }
$sql_extra = permissions_sql($r[0]['uid']); $sql_extra = permissions_sql($r[0]['uid'],$observer_hash);
// Now we'll see if we can access the attachment // Now we'll see if we can access the attachment
@ -269,7 +269,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) {
} }
if($r[0]['folder']) { if($r[0]['folder']) {
$x = attach_can_view_folder($r[0]['uid'],get_observer_hash(),$r[0]['folder']); $x = attach_can_view_folder($r[0]['uid'],$observer_hash,$r[0]['folder']);
if(! $x) { if(! $x) {
$ret['message'] = t('Permission denied.'); $ret['message'] = t('Permission denied.');
return $ret; return $ret;
@ -340,7 +340,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) {
return $ret; return $ret;
} }
$sql_extra = permissions_sql($r[0]['uid']); $sql_extra = permissions_sql($r[0]['uid'],$observer_hash);
// Now we'll see if we can access the attachment // Now we'll see if we can access the attachment
@ -355,7 +355,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) {
} }
if($r[0]['folder']) { if($r[0]['folder']) {
$x = attach_can_view_folder($r[0]['uid'],get_observer_hash(),$r[0]['folder']); $x = attach_can_view_folder($r[0]['uid'],$observer_hash,$r[0]['folder']);
if(! $x) { if(! $x) {
$ret['message'] = t('Permission denied.'); $ret['message'] = t('Permission denied.');
return $ret; return $ret;