==== //ccare/main/LiveJournal/cgi-bin/ljprotocol.pl#7 - /u0/jaffray/p4/LiveJournal/cgi-bin/ljprotocol.pl ====
@@ -1325,8 +1325,18 @@
 	} else {
 	    $lastupdate = "0000-00-00 00:00:00";
 	}
+        
+        my $sql = qq(SELECT MAX(u.timeupdate)
+                     FROM   user u, friends f
+                     WHERE  u.userid = f.friendid
+                     AND    f.userid = $userid);
+
+        ## did they specify a valid (numeric) groupmask?
+        if ($req->{mask} and $req->{mask} !~ /\D/) {
+            $sql .= " AND f.groupmask & $req->{mask} > 0";
+        }
 
-	$sth = $dbh->prepare("SELECT MAX(u.timeupdate) FROM user u, friends f WHERE u.userid=f.friendid AND f.userid=$userid");
+	$sth = $dbh->prepare($sql);
 	$sth->execute;
 	my ($update) = $sth->fetchrow_array;
 	$update ||= "0000-00-00 00:00:00";