Browse Source

Merge pull request #7237 from deantownsley/multiremotefix

expand permission check to remote array
tags/2019.06^2
Hypolite Petovan 4 months ago
parent
commit
f5606fb211
No account linked to committer's email address
1 changed files with 13 additions and 4 deletions
  1. 13
    4
      src/Util/Security.php

+ 13
- 4
src/Util/Security.php View File

@@ -120,9 +120,18 @@ class Security extends BaseObject
120 120
 			 */
121 121
 
122 122
 			if (!$remote_verified) {
123
-				if (DBA::exists('contact', ['id' => $remote_user, 'uid' => $owner_id, 'blocked' => false])) {
123
+				$cid = 0;
124
+
125
+				foreach (\Friendica\Core\Session::get('remote', []) as $visitor) {
126
+					if ($visitor['uid'] == $owner_id) {
127
+						$cid = $visitor['cid'];
128
+						break;
129
+					}
130
+				}
131
+
132
+				if ($cid && DBA::exists('contact', ['id' => $cid, 'uid' => $owner_id, 'blocked' => false])) {
124 133
 					$remote_verified = true;
125
-					$groups = Group::getIdsByContactId($remote_user);
134
+					$groups = Group::getIdsByContactId($cid);
126 135
 				}
127 136
 			}
128 137
 
@@ -140,9 +149,9 @@ class Security extends BaseObject
140 149
 					  AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
141 150
 					  )
142 151
 					",
143
-					intval($remote_user),
152
+					intval($cid),
144 153
 					DBA::escape($gs),
145
-					intval($remote_user),
154
+					intval($cid),
146 155
 					DBA::escape($gs)
147 156
 				);
148 157
 			}

Loading…
Cancel
Save