harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add security fix to load case, too

Browse Source
This commit is contained in:
zottel 2014-01-10 13:38:38 +01:00
parent 4e9866f6b2
commit ea511c67c7
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mod/channel.php
View File

@ -141,6 +141,9 @@ function channel_content(&$a, $update = 0, $load = false) {
intval($a->profile['profile_uid']), intval($a->profile['profile_uid']),
intval(ITEM_WALL) intval(ITEM_WALL)
); );
if (! $r) {
notice( t('Permission denied.') . EOL);
}
} else { } else {
$r = q("SELECT distinct parent AS `item_id` from item $r = q("SELECT distinct parent AS `item_id` from item
left join abook on item.author_xchan = abook.abook_xchan left join abook on item.author_xchan = abook.abook_xchan
@ -177,11 +180,14 @@ function channel_content(&$a, $update = 0, $load = false) {
if($load || ($_COOKIE['jsAvailable'] != 1)) { if($load || ($_COOKIE['jsAvailable'] != 1)) {
if ($mid) { if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' limit 1", $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0
dbesc($mid) AND (item_flags & %d) $sql_extra limit 1",
dbesc($mid),
intval($a->profile['profile_uid']),
intval(ITEM_WALL)
); );
if (! $r) { if (! $r) {
notice( t('Item not found.') . EOL); notice( t('Permission denied.') . EOL);
} }
} else { } else {