1
1
Fork 0

slightly relax overly strict permissions in community and search to match those in display - tl;dr public conversations are publicly visible

This commit is contained in:
friendica 2012-03-20 14:55:18 -07:00
parent 9df7972993
commit 92ef36ad61
3 changed files with 12 additions and 9 deletions

View file

@ -9,7 +9,7 @@ require_once('include/nav.php');
require_once('include/cache.php'); require_once('include/cache.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica'); define ( 'FRIENDICA_PLATFORM', 'Friendica');
define ( 'FRIENDICA_VERSION', '2.3.1286' ); define ( 'FRIENDICA_VERSION', '2.3.1287' );
define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
define ( 'DB_UPDATE_VERSION', 1132 ); define ( 'DB_UPDATE_VERSION', 1132 );

View file

@ -41,15 +41,16 @@ function community_content(&$a, $update = 0) {
// Here is the way permissions work in this module... // Here is the way permissions work in this module...
// Only public wall posts can be shown // Only public posts can be shown
// OR your own posts if you are a logged in member // OR your own posts if you are a logged in member
$r = q("SELECT COUNT(*) AS `total` $r = q("SELECT COUNT(*) AS `total`
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
AND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0 AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
AND `item`.`private` = 0 AND `user`.`hidewall` = 0
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 " AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 "
); );
@ -69,8 +70,9 @@ function community_content(&$a, $update = 0) {
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
AND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0 AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
AND `item`.`private` = 0 AND `user`.`hidewall` = 0
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
ORDER BY `received` DESC LIMIT %d, %d ", ORDER BY `received` DESC LIMIT %d, %d ",
intval($a->pager['start']), intval($a->pager['start']),

View file

@ -93,8 +93,9 @@ function search_content(&$a) {
return $o; return $o;
// Here is the way permissions work in the search module... // Here is the way permissions work in the search module...
// Only public wall posts can be shown // Only public posts can be shown
// OR your own posts if you are a logged in member // OR your own posts if you are a logged in member
// No items will be shown if the member has a blocked profile wall.
$s_regx = sprintf("AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )", $s_regx = sprintf("AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )",
dbesc(preg_quote($search)), dbesc('\\]' . preg_quote($search) . '\\[')); dbesc(preg_quote($search)), dbesc('\\]' . preg_quote($search) . '\\['));
@ -104,7 +105,7 @@ function search_content(&$a) {
$r = q("SELECT COUNT(*) AS `total` $r = q("SELECT COUNT(*) AS `total`
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0) AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0)
OR `item`.`uid` = %d ) OR `item`.`uid` = %d )
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$search_alg ", $search_alg ",
@ -127,7 +128,7 @@ function search_content(&$a) {
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 )
OR `item`.`uid` = %d ) OR `item`.`uid` = %d )
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$search_alg $search_alg