bug in check for private email comment to public conversation prevents authenticated visitor from seeing comments that should be allowed
This commit is contained in:
friendica
parent
2050f886cc
commit
312c175045
2 changed files with 9 additions and 23 deletions
|
|
@ -179,9 +179,11 @@ function localize_item(&$item){
|
||||||
* that are based on unique features of the calling module.
|
* that are based on unique features of the calling module.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
if(!function_exists('conversation')){
|
|
||||||
|
if(!function_exists('conversation')) {
|
||||||
function conversation(&$a, $items, $mode, $update, $preview = false) {
|
function conversation(&$a, $items, $mode, $update, $preview = false) {
|
||||||
|
|
||||||
|
|
||||||
require_once('bbcode.php');
|
require_once('bbcode.php');
|
||||||
|
|
||||||
$profile_owner = 0;
|
$profile_owner = 0;
|
||||||
|
|
@ -418,26 +420,6 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
|
||||||
$toplevelprivate = (($toplevelpost && $item['private']) ? true : false);
|
$toplevelprivate = (($toplevelpost && $item['private']) ? true : false);
|
||||||
$item_writeable = (($item['writable'] || $item['self']) ? true : false);
|
$item_writeable = (($item['writable'] || $item['self']) ? true : false);
|
||||||
|
|
||||||
// DISABLED
|
|
||||||
/*
|
|
||||||
if($blowhard == $item['cid'] && (! $item['self']) && ($mode != 'profile') && ($mode != 'notes')) {
|
|
||||||
$blowhard_count ++;
|
|
||||||
if($blowhard_count == 3) {
|
|
||||||
$o .= '<div class="icollapse-wrapper fakelink" id="icollapse-wrapper-' . $item['parent']
|
|
||||||
. '" onclick="openClose(' . '\'icollapse-' . $item['parent'] . '\'); $(\'#icollapse-wrapper-' . $item['parent'] . '\').hide();" >'
|
|
||||||
. t('See more posts like this') . '</div>' . '<div class="icollapse" id="icollapse-'
|
|
||||||
. $item['parent'] . '" style="display: none;" >';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$blowhard = $item['cid'];
|
|
||||||
if($blowhard_count >= 3)
|
|
||||||
$o .= '</div>';
|
|
||||||
$blowhard_count = 0;
|
|
||||||
}
|
|
||||||
// END DISABLED
|
|
||||||
*/
|
|
||||||
|
|
||||||
$comments_seen = 0;
|
$comments_seen = 0;
|
||||||
$comments_collapsed = false;
|
$comments_collapsed = false;
|
||||||
$comment_lastcollapsed = false;
|
$comment_lastcollapsed = false;
|
||||||
|
|
@ -445,13 +427,16 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
|
||||||
|
|
||||||
$threadsid++;
|
$threadsid++;
|
||||||
$threads[$threadsid]['id'] = $item['item_id'];
|
$threads[$threadsid]['id'] = $item['item_id'];
|
||||||
|
$threads[$threadsid]['private'] = $item['private'];
|
||||||
$threads[$threadsid]['items'] = array();
|
$threads[$threadsid]['items'] = array();
|
||||||
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// prevent private email from leaking into public conversation
|
|
||||||
if((! $toplevelpost) && (! $toplevelprivate) && ($item['private']) && ($profile_owner != local_user()))
|
// prevent private email reply to public conversation from leaking.
|
||||||
|
if($item['private'] && ! $threads[$threadsid]['private'])
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
$comments_seen ++;
|
$comments_seen ++;
|
||||||
$comment_lastcollapsed = false;
|
$comment_lastcollapsed = false;
|
||||||
$comment_firstcollapsed = false;
|
$comment_firstcollapsed = false;
|
||||||
|
|
|
||||||
|
|
@ -283,6 +283,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $sql;
|
return $sql;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue