From b0a0698c0691c36bb53abf2ced87d0b16a7c5768 Mon Sep 17 00:00:00 2001
From: posweg <posweg@protonmail.com>
Date: Tue, 1 Sep 2020 10:59:29 +0000
Subject: [PATCH] Remove highlight private sniffing and set key logic and
 filter for highlight

---
 user.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/user.php b/user.php
index bde57e5..d19a3cc 100644
--- a/user.php
+++ b/user.php
@@ -59,7 +59,8 @@ if(isset($_GET["p"])){
 	$h_question = $db->query("SELECT * FROM questions WHERE id = " . $_GET["p"] . ";")->fetchArray(SQLITE3_ASSOC);
 	$h_user = $db->query("SELECT * FROM users WHERE id = " . $h_question["by"] . ";")->fetchArray(SQLITE3_ASSOC);
 
-	if($p_user["id"] == $h_question["user"]){ // Only show question that are for this user
+	$q_key = md5($h_question["question"]);
+	if($p_user["id"] == $h_question["user"] and ($h_question["private"] != 1 or $q_md5 != $_GET["key"])){ // Only show question that are for this user
 
 		echo('<div class="highlighted-post">');
 
@@ -82,7 +83,7 @@ if(isset($_GET["p"])){
 		echo("\t<p class='question-text'>". $h_question["question"] ."</p>\n");
 			
 			// Footer	
-		if($is_h_question_user){
+		if($is_current_user){
 			echo("\t<a href='/action/reply.php?q=".$h_question["id"]."'>reply</a> ");
 			echo("\t<a href='/action/delete-question.php?q=".$h_question["id"]."'>delete</a> ");
 			echo("fav ignore ");
@@ -184,7 +185,7 @@ if(isset($_GET["p"])){
 				// Actual text body
 			echo("\t\t\t\t");
 			echo("<p class='question-text'>". $current["question"] ."</p>\n");
-			
+
 
 				/* Question footer */
 
@@ -204,6 +205,7 @@ if(isset($_GET["p"])){
 			$time->settimestamp($current["q_date"]);
 			echo("\t\t\t\t\t");
 			$tmp_get["p"] = $current["id"];
+			$tmp_get["key"] = md5($current["question"]);
 			echo('<a href="' . redirect("user", $tmp_get) . '">');
 			echo("<p class='question-date'>" . $time->format("Y-m-d h:i:s") . "</p>");
 			echo("</a>\n");