harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chatroom permissions enforcement

Browse Source
This commit is contained in:
friendica 2014-01-29 03:39:32 -08:00
parent 6a9d43bcbe
commit a1e7c65d51
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
include/chat.php
View File

@ -76,8 +76,27 @@ function chatroom_destroy($channel,$arr) {
function chatroom_enter($observer_xchan,$room_id,$status,$client) { function chatroom_enter($observer_xchan,$room_id,$status,$client) {
if(! $room_id || ! $observer_xchan) if(! $room_id || ! $observer_xchan)
return; return;
$r = q("select * from chatroom where cr_id = %d limit 1",
intval($room_id)
);
if(! $r)
return;
require_once('include/security.php');
$sql_extra = permissions_sql($r[0]['cr_uid']);
$x = q("select * from chatroom where cr_id = %d and uid = %d $sql_extra limit 1",
intval($room_id)
intval($r[0]['cr_uid'])
);
if(! $x) {
notice( t('Permission denied.') . EOL);
return;
}
$r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1",
dbesc($observer_xchan), dbesc($observer_xchan),
intval($room_id) intval($room_id)