changelog_bot (changelog_bot) wrote in changelog,
changelog_bot
changelog_bot
changelog

[livejournal] r18194: LJSUP-7825 Read any journals (XML-RPC)

Committer: aurbanowich
LJSUP-7825 Read any journals (XML-RPC)

U   trunk/cgi-bin/ljprotocol.pl
Modified: trunk/cgi-bin/ljprotocol.pl
===================================================================
--- trunk/cgi-bin/ljprotocol.pl	2011-02-03 06:34:29 UTC (rev 18193)
+++ trunk/cgi-bin/ljprotocol.pl	2011-02-03 08:03:56 UTC (rev 18194)
@@ -2618,8 +2618,8 @@
 
     ### shared-journal support
     my $posterid = $u->{'userid'};
-    my $ownerid = $flags->{'ownerid'};
-
+    my $ownerid = $req->{journalid} || $flags->{'ownerid'};
+    
     my $dbr = LJ::get_db_reader();
     my $sth;
 
@@ -2635,6 +2635,24 @@
         if ($errmsg) { return fail($err, "311", $errmsg); }
     }
 
+    my $secmask = 0;
+    if ($u && ($u->{'journaltype'} eq "P" || $u->{'journaltype'} eq "I") && $posterid != $ownerid) {
+        $secmask = LJ::get_groupmask($ownerid, $posterid);
+    }
+
+    # decide what level of security the remote user can see
+    # 'getevents' used in small count of places and we will not pass 'viewall' through their call chain
+    my $secwhere = "";
+    if ($posterid == $ownerid) {
+        # no extra where restrictions... user can see all their own stuff
+    } elsif ($secmask) {
+        # can see public or things with them in the mask
+        $secwhere = "AND (security='public' OR (security='usemask' AND allowmask & $secmask != 0) OR posterid=$posterid)";
+    } else {
+        # not a friend?  only see public.
+        $secwhere = "AND (security='public' OR posterid=$posterid)";
+    }
+
     # if this is on, we sort things different (logtime vs. posttime)
     # to avoid timezone issues
     my $is_community = ($uowner->{'journaltype'} eq "C" ||
@@ -2745,7 +2763,7 @@
 
         my %item;
         $sth = $dbcr->prepare("SELECT jitemid, logtime FROM log2 WHERE ".
-                              "journalid=? and logtime > ?");
+                              "journalid=? and logtime > ? $secwhere");
         $sth->execute($ownerid, $date);
         while (my ($id, $dt) = $sth->fetchrow_array) {
             $item{$id} = $dt;
@@ -2788,7 +2806,7 @@
 
         my %item;
         $sth = $dbcr->prepare("SELECT jitemid, logtime FROM log2 WHERE ".
-                              "journalid=? and logtime < ? LIMIT $itemselect");
+                              "journalid=? AND logtime < ? $secwhere LIMIT $itemselect");
         $sth->execute($ownerid, $before);
         while (my ($id, $dt) = $sth->fetchrow_array) {
             $item{$id} = $dt;
@@ -2822,24 +2840,6 @@
         return fail($err,200,"Invalid selecttype.");
     }
 
-    my $secmask = 0;
-    if ($u && ($u->{'journaltype'} eq "P" || $u->{'journaltype'} eq "I") && $posterid != $ownerid) {
-        $secmask = LJ::get_groupmask($ownerid, $posterid);
-    }
-
-    # decide what level of security the remote user can see
-    # 'getevents' used in small count of places and we will not pass 'viewall' through their call chain
-    my $secwhere = "";
-    if ($posterid == $ownerid) {
-        # no extra where restrictions... user can see all their own stuff
-    } elsif ($secmask) {
-        # can see public or things with them in the mask
-        $secwhere = "AND (security='public' OR (security='usemask' AND allowmask & $secmask != 0) OR posterid=$posterid)";
-    } else {
-        # not a friend?  only see public.
-        $secwhere = "AND (security='public' OR posterid=$posterid)";
-    }
-
     # common SQL template:
     unless ($sql) {
         $sql = "SELECT jitemid, eventtime, security, allowmask, anum, posterid, replycount, UNIX_TIMESTAMP(eventtime) ".

Tags: changelog_bot, livejournal, pl
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments