Committer: iaskarov
LJSUP-7153 Block old entries from being viewed in business-sensitive communitiesU trunk/cgi-bin/ljprotocol.pl
Modified: trunk/cgi-bin/ljprotocol.pl
===================================================================
--- trunk/cgi-bin/ljprotocol.pl 2010-12-17 08:25:51 UTC (rev 17960)
+++ trunk/cgi-bin/ljprotocol.pl 2010-12-17 08:29:46 UTC (rev 17961)
@@ -1875,11 +1875,16 @@
return undef unless check_altusage($req, $err, $flags);
my $u = $flags->{'u'};
+
+ # Ownerid - community/blog id
my $ownerid = $flags->{'ownerid'};
my $uowner = $flags->{'u_owner'} || $u;
+
# Make sure we have a user object here
$uowner = LJ::want_user($uowner) unless LJ::isu($uowner);
my $clusterid = $uowner->{'clusterid'};
+
+ # Posterid - the id of the author of the entry
my $posterid = $u->{'userid'};
my $qallowmask = $req->{'allowmask'}+0;
my $sth;
@@ -1908,6 +1913,12 @@
($req->{'security'} eq "private" ||
($req->{'security'} eq "usemask" && $qallowmask != 1 )));
+ # make sure user can't change post in a certain community without being its member
+ return fail($err,102)
+ if ($LJ::MEMBERSHIP_SENSITIVE_COMMUNITIES{ $uowner->{user} } &&
+ !LJ::is_friend($uowner, $u));
+
+
# make sure the new entry's under the char limit
# NOTE: as in postevent, this requires $req->{event} to be binary data
# but we've already removed the utf-8 flag in the XML-RPC path, and it
