harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #261 from zzottel/master

Browse Source 
add security fix to load case, too
This commit is contained in:
zzottel 2014-01-10 04:39:59 -08:00
commit 9df143aff0
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mod/channel.php
View File

@ -141,6 +141,9 @@ function channel_content(&$a, $update = 0, $load = false) {
intval($a->profile['profile_uid']),
intval(ITEM_WALL)
);
if (! $r) {
notice( t('Permission denied.') . EOL);
}
} else {
$r = q("SELECT distinct parent AS `item_id` from item
left join abook on item.author_xchan = abook.abook_xchan
@ -177,11 +180,14 @@ function channel_content(&$a, $update = 0, $load = false) {
if($load || ($_COOKIE['jsAvailable'] != 1)) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' limit 1",
dbesc($mid)
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0
AND (item_flags & %d) $sql_extra limit 1",
dbesc($mid),
intval($a->profile['profile_uid']),
intval(ITEM_WALL)
);
if (! $r) {
notice( t('Item not found.') . EOL);
notice( t('Permission denied.') . EOL);
}
} else {