harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Tricky little bug. Allowed somebody to bypass comment permissions. Hopefully the fix will have no undesired side effects.

Browse Source
This commit is contained in:
friendica 2013-12-16 18:07:41 -08:00
parent 50731fa6a6
commit 7b5a42568a
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
include/items.php
View File

@ -2362,12 +2362,13 @@ function tgroup_check($uid,$item) {
$mention = false; $mention = false;
// check that the message originated elsewhere and is a top-level post // check that the message originated elsewhere and is a top-level post
// or is a followup and we have already accepted the top level post // or is a followup and we have already accepted the top level post as an uplink
if($item['mid'] != $item['parent_mid']) { if($item['mid'] != $item['parent_mid']) {
$r = q("select id from item where mid = '%s' and uid = %d limit 1", $r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d ) limit 1",
dbesc($item['parent_mid']), dbesc($item['parent_mid']),
intval($uid) intval($uid),
intval(ITEM_UPLINK)
); );
if($r) if($r)
return true; return true;