init_groups_visitor() was still using old array of id output (not the newer array of hash which we need for permission queries)

include/security.php

@@ -386,12 +386,12 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f
 if(! function_exists('init_groups_visitor')) {
 function init_groups_visitor($contact_id) {
 	$groups = array();
-	$r = q("SELECT gid FROM group_member WHERE xchan = '%s' ",
+	$r = q("SELECT hash FROM `group` left join group_member on group.id = group_member.gid WHERE xchan = '%s' ",
 		dbesc($contact_id)
 	);
 	if(count($r)) {
 		foreach($r as $rr)
-			$groups[] = $rr['gid'];
+			$groups[] = $rr['hash'];
 	}
 	return $groups;
 }}

version.inc

@@ -1 +1 @@
-2013-11-21.504
+2013-11-22.505

view/php/theme_init.php

@@ -42,6 +42,9 @@ head_add_js('library/colorbox/jquery.colorbox-min.js');
 /**
  * Those who require this feature will know what to do with it.
  * Those who don't, won't.
+ * Eventually this functionality needs to be provided by a module
+ * such that permissions can be enforced. At the moment it's 
+ * more of a proof of concept; but sufficient for our immediate needs.  
  */
 
 $channel = get_app()->get_channel();