mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 09:35:11 +00:00
security fix for channel?mid= per zottel
This commit is contained in:
parent
13d0a914c7
commit
0fef87cb43
1 changed files with 4 additions and 2 deletions
|
@ -135,9 +135,11 @@ function channel_content(&$a, $update = 0, $load = false) {
|
|||
|
||||
if(($update) && (! $load)) {
|
||||
if ($mid) {
|
||||
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d $sql_extra limit 1",
|
||||
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0
|
||||
AND (item_flags & %d) $sql_extra limit 1",
|
||||
dbesc($mid),
|
||||
intval($a->profile['profile_uid'])
|
||||
intval($a->profile['profile_uid']),
|
||||
intval(ITEM_WALL)
|
||||
);
|
||||
} else {
|
||||
$r = q("SELECT distinct parent AS `item_id` from item
|
||||
|
|
Loading…
Reference in a new issue