From aa5bd9bbfcd00c46c03f6751322396054f2f7ee9 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Mon, 3 Nov 2025 08:50:39 +0000
Subject: [PATCH] do not allow observer posting files to wall if they do not
 have permission - issue #1940 part two

---
 include/attach.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/attach.php b/include/attach.php
index e2d87f984..c471337b7 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -1985,6 +1985,7 @@ function attach_store_item($channel, $observer, $file) {
 	$arr['item_origin'] = 1;
 	$arr['item_thread_top'] = 1;
 	$arr['item_private'] = (($file['allow_cid'] || $file['allow_gid'] || $file['deny_cid'] || $file['deny_gid']) ? 1 : 0);
+	$arr['item_blocked'] = ((perm_is_allowed($channel['channel_id'], $observer['xchan_hash'], 'post_wall')) ? 0 : ITEM_MODERATED);
 	$arr['verb'] = 'Create';
 	$arr['target'] = $target;
 	$arr['target_type'] = 'Collection';