Merge pull request #7237 from deantownsley/multiremotefix

expand permission check to remote array
This commit is contained in:
Hypolite Petovan 2019-06-09 23:25:03 -04:00 committed by GitHub
commit f5606fb211
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 4 deletions

View File

@ -120,9 +120,18 @@ class Security extends BaseObject
*/ */
if (!$remote_verified) { if (!$remote_verified) {
if (DBA::exists('contact', ['id' => $remote_user, 'uid' => $owner_id, 'blocked' => false])) { $cid = 0;
foreach (\Friendica\Core\Session::get('remote', []) as $visitor) {
if ($visitor['uid'] == $owner_id) {
$cid = $visitor['cid'];
break;
}
}
if ($cid && DBA::exists('contact', ['id' => $cid, 'uid' => $owner_id, 'blocked' => false])) {
$remote_verified = true; $remote_verified = true;
$groups = Group::getIdsByContactId($remote_user); $groups = Group::getIdsByContactId($cid);
} }
} }
@ -140,9 +149,9 @@ class Security extends BaseObject
AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
) )
", ",
intval($remote_user), intval($cid),
DBA::escape($gs), DBA::escape($gs),
intval($remote_user), intval($cid),
DBA::escape($gs) DBA::escape($gs)
); );
} }