bug in check for private email comment to public conversation prevents authenticated visitor from seeing comments that should be allowed
This commit is contained in:
parent
2050f886cc
commit
312c175045
2 changed files with 9 additions and 23 deletions
|
@ -179,9 +179,11 @@ function localize_item(&$item){
|
|||
* that are based on unique features of the calling module.
|
||||
*
|
||||
*/
|
||||
if(!function_exists('conversation')){
|
||||
|
||||
if(!function_exists('conversation')) {
|
||||
function conversation(&$a, $items, $mode, $update, $preview = false) {
|
||||
|
||||
|
||||
require_once('bbcode.php');
|
||||
|
||||
$profile_owner = 0;
|
||||
|
@ -418,26 +420,6 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
|
|||
$toplevelprivate = (($toplevelpost && $item['private']) ? true : false);
|
||||
$item_writeable = (($item['writable'] || $item['self']) ? true : false);
|
||||
|
||||
// DISABLED
|
||||
/*
|
||||
if($blowhard == $item['cid'] && (! $item['self']) && ($mode != 'profile') && ($mode != 'notes')) {
|
||||
$blowhard_count ++;
|
||||
if($blowhard_count == 3) {
|
||||
$o .= '<div class="icollapse-wrapper fakelink" id="icollapse-wrapper-' . $item['parent']
|
||||
. '" onclick="openClose(' . '\'icollapse-' . $item['parent'] . '\'); $(\'#icollapse-wrapper-' . $item['parent'] . '\').hide();" >'
|
||||
. t('See more posts like this') . '</div>' . '<div class="icollapse" id="icollapse-'
|
||||
. $item['parent'] . '" style="display: none;" >';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$blowhard = $item['cid'];
|
||||
if($blowhard_count >= 3)
|
||||
$o .= '</div>';
|
||||
$blowhard_count = 0;
|
||||
}
|
||||
// END DISABLED
|
||||
*/
|
||||
|
||||
$comments_seen = 0;
|
||||
$comments_collapsed = false;
|
||||
$comment_lastcollapsed = false;
|
||||
|
@ -445,13 +427,16 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
|
|||
|
||||
$threadsid++;
|
||||
$threads[$threadsid]['id'] = $item['item_id'];
|
||||
$threads[$threadsid]['private'] = $item['private'];
|
||||
$threads[$threadsid]['items'] = array();
|
||||
|
||||
}
|
||||
else {
|
||||
// prevent private email from leaking into public conversation
|
||||
if((! $toplevelpost) && (! $toplevelprivate) && ($item['private']) && ($profile_owner != local_user()))
|
||||
|
||||
// prevent private email reply to public conversation from leaking.
|
||||
if($item['private'] && ! $threads[$threadsid]['private'])
|
||||
continue;
|
||||
|
||||
$comments_seen ++;
|
||||
$comment_lastcollapsed = false;
|
||||
$comment_firstcollapsed = false;
|
||||
|
|
|
@ -283,6 +283,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
|
|||
);
|
||||
}
|
||||
}
|
||||
|
||||
return $sql;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue