bitPickups/friendica_2019-12_sharedHosting_hotFix
1
1
Fork 0
Code Pull requests Activity

Merge pull request #497 from fermionic/permission-denied-to-allowed-contact

Browse source 
allow contact if in allowed group, even if not in non-empty allowed contacts
This commit is contained in:
friendica 2012-09-30 01:57:02 -07:00
parent c9536ac056 34081010ff
commit d93e34b2ae
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
include/security.php
View file

@ -214,7 +214,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
$gs .= '|<' . intval($g) . '>'; $gs .= '|<' . intval($g) . '>';
} }
$sql = sprintf( /*$sql = sprintf(
" AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) " AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' )
AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' )
AND ( allow_gid = '' OR allow_gid REGEXP '%s' ) AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
@ -224,6 +224,16 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
intval($remote_user), intval($remote_user),
dbesc($gs), dbesc($gs),
dbesc($gs) dbesc($gs)
);*/
$sql = sprintf(
" AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
)
",
intval($remote_user),
dbesc($gs),
intval($remote_user),
dbesc($gs)
); );
} }
} }