harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add one more level of parentheses to ensure operator precedence is correctly evaluated

Browse Source
This commit is contained in:
redmatrix 2015-09-28 20:03:11 -07:00
parent f965209eee
commit 8d5556764c
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/security.php
View File

@ -258,9 +258,9 @@ function item_permissions_sql($owner_id, $remote_observer = null) {
}
$regexop = db_getfunc('REGEXP');
$sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
" AND (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ))
) OR ( item_private = 1 $s )
) OR ( item_private = 1 $s ))
",
dbesc(protect_sprintf( '%<' . $observer . '>%')),
dbesc($gs),

4
mod/channel.php
View File

@ -161,7 +161,7 @@ function channel_content(&$a, $update = 0, $load = false) {
$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) ";
if($load)
$simple_update = '';
dbg(1);
if(($update) && (! $load)) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal
@ -259,7 +259,7 @@ function channel_content(&$a, $update = 0, $load = false) {
}
dbg(0);
if((! $update) && (! $load)) {