From e71557a73340f21fc43f5a80f7baabecca43289a Mon Sep 17 00:00:00 2001
From: ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Mon, 9 Feb 2009 14:57:45 +0000
Subject: Extra security for object notifications.

git-svn-id: https://code.elgg.org/elgg/trunk@2687 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/notification.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/engine/lib/notification.php b/engine/lib/notification.php
index bff1b177b..d52165804 100644
--- a/engine/lib/notification.php
+++ b/engine/lib/notification.php
@@ -393,7 +393,10 @@
 						foreach($interested_users as $user) {
 							if ($user instanceof ElggUser) {
 								
-								if (in_array($object->access_id,get_access_list($user->guid))) {
+								if ((in_array($object->access_id,get_access_list($user->guid)) ||
+									$object->access_id == ACCESS_PUBLIC ||
+									$object->access_id == ACCESS_LOGGED_IN)
+									&& $object->access_id != ACCESS_PRIVATE) {
 									$tmp = (array)get_user_notification_settings($guid);
 									$methods = array(); 
 									
-- 
cgit v1.2.3