Committer: iaskarov
LJSUP-7153 Block old entries from being viewed in business-sensitive communitiesU trunk/cgi-bin/ljprotocol.pl
Modified: trunk/cgi-bin/ljprotocol.pl =================================================================== --- trunk/cgi-bin/ljprotocol.pl 2010-12-17 08:25:51 UTC (rev 17960) +++ trunk/cgi-bin/ljprotocol.pl 2010-12-17 08:29:46 UTC (rev 17961) @@ -1875,11 +1875,16 @@ return undef unless check_altusage($req, $err, $flags); my $u = $flags->{'u'}; + + # Ownerid - community/blog id my $ownerid = $flags->{'ownerid'}; my $uowner = $flags->{'u_owner'} || $u; + # Make sure we have a user object here $uowner = LJ::want_user($uowner) unless LJ::isu($uowner); my $clusterid = $uowner->{'clusterid'}; + + # Posterid - the id of the author of the entry my $posterid = $u->{'userid'}; my $qallowmask = $req->{'allowmask'}+0; my $sth; @@ -1908,6 +1913,12 @@ ($req->{'security'} eq "private" || ($req->{'security'} eq "usemask" && $qallowmask != 1 ))); + # make sure user can't change post in a certain community without being its member + return fail($err,102) + if ($LJ::MEMBERSHIP_SENSITIVE_COMMUNITIES{ $uowner->{user} } && + !LJ::is_friend($uowner, $u)); + + # make sure the new entry's under the char limit # NOTE: as in postevent, this requires $req->{event} to be binary data # but we've already removed the utf-8 flag in the XML-RPC path, and it