Browse Source

Merge pull request #7237 from deantownsley/multiremotefix

expand permission check to remote array
tags/2019.06^2
Hypolite Petovan GitHub 1 year ago
parent
commit
f5606fb211
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 4 deletions
  1. +13
    -4
      src/Util/Security.php

+ 13
- 4
src/Util/Security.php View File

@@ -120,9 +120,18 @@ class Security extends BaseObject
*/

if (!$remote_verified) {
if (DBA::exists('contact', ['id' => $remote_user, 'uid' => $owner_id, 'blocked' => false])) {
$cid = 0;

foreach (\Friendica\Core\Session::get('remote', []) as $visitor) {
if ($visitor['uid'] == $owner_id) {
$cid = $visitor['cid'];
break;
}
}

if ($cid && DBA::exists('contact', ['id' => $cid, 'uid' => $owner_id, 'blocked' => false])) {
$remote_verified = true;
$groups = Group::getIdsByContactId($remote_user);
$groups = Group::getIdsByContactId($cid);
}
}

@@ -140,9 +149,9 @@ class Security extends BaseObject
AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
)
",
intval($remote_user),
intval($cid),
DBA::escape($gs),
intval($remote_user),
intval($cid),
DBA::escape($gs)
);
}


Loading…
Cancel
Save