aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-09 14:57:45 +0000
committerben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-09 14:57:45 +0000
commite71557a73340f21fc43f5a80f7baabecca43289a (patch)
treee96b51272042e0b1c8b71b718f09fb25ece79347 /engine/lib
parenta173f54d6fe468f9bc3868ac493570af2eb689a7 (diff)
downloadelgg-e71557a73340f21fc43f5a80f7baabecca43289a.tar.gz
elgg-e71557a73340f21fc43f5a80f7baabecca43289a.tar.bz2
Extra security for object notifications.
git-svn-id: https://code.elgg.org/elgg/trunk@2687 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/notification.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/engine/lib/notification.php b/engine/lib/notification.php
index bff1b177b..d52165804 100644
--- a/engine/lib/notification.php
+++ b/engine/lib/notification.php
@@ -393,7 +393,10 @@
foreach($interested_users as $user) {
if ($user instanceof ElggUser) {
- if (in_array($object->access_id,get_access_list($user->guid))) {
+ if ((in_array($object->access_id,get_access_list($user->guid)) ||
+ $object->access_id == ACCESS_PUBLIC ||
+ $object->access_id == ACCESS_LOGGED_IN)
+ && $object->access_id != ACCESS_PRIVATE) {
$tmp = (array)get_user_notification_settings($guid);
$methods = array();