Merge pull request #7237 from deantownsley/multiremotefix

expand permission check to remote array

src/Util/Security.php

@@ -120,9 +120,18 @@ class Security extends BaseObject
 			 */
 
 			if (!$remote_verified) {
-				if (DBA::exists('contact', ['id' => $remote_user, 'uid' => $owner_id, 'blocked' => false])) {
+				$cid = 0;
+
+				foreach (\Friendica\Core\Session::get('remote', []) as $visitor) {
+					if ($visitor['uid'] == $owner_id) {
+						$cid = $visitor['cid'];
+						break;
+					}
+				}
+
+				if ($cid && DBA::exists('contact', ['id' => $cid, 'uid' => $owner_id, 'blocked' => false])) {
 					$remote_verified = true;
-					$groups = Group::getIdsByContactId($remote_user);
+					$groups = Group::getIdsByContactId($cid);
 				}
 			}
 
@@ -140,9 +149,9 @@ class Security extends BaseObject
 					  AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
 					  )
 					",
-					intval($remote_user),
+					intval($cid),
 					DBA::escape($gs),
-					intval($remote_user),
+					intval($cid),
 					DBA::escape($gs)
 				);
 			}