if(count($albums)) {
$a->data['albums'] = $albums;
- $o .= '<h4><a href="' . $a->get_baseurl() . '/profile/' . $a->data['user']['nickname'] . '">' . $a->data['user']['username'] . '</a></h4>';
- $o .= '<h4>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '">' . t('Photo Albums') . '</a></h4>';
-
+ $o .= '<div class="vcard">';
+ $o .= '<div class="fn">' . $a->data['user']['username'] . '</div>';
+ $o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_baseurl() . '/photo/profile/' . $a->data['user']['uid'] . '.jpg" alt="' . $a->data['user']['username'] . '" /></div>';
+ $o .= '</div>';
+
+ $o .= '<div id="side-bar-photos-albums" class="widget">';
+ $o .= '<h3>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '">' . t('Photo Albums') . '</a></h3>';
+
$o .= '<ul>';
foreach($albums as $album) {
- // don't show contact photos. We once trasnlated this name, but then you could still access it under
+ // don't show contact photos. We once translated this name, but then you could still access it under
// a different language setting. Now we store the name in English and check in English (and translated for legacy albums).
if((! strlen($album['album'])) || ($album['album'] === 'Contact Photos') || ($album['album'] === t('Contact Photos')))
continue;
- $o .= '<li>' . '<a href="photos/' . $a->argv[1] . '/album/' . bin2hex($album['album']) . '" />' . $album['album'] . '</a></li>';
+ $o .= '<li>' . '<a href="photos/' . $a->argv[1] . '/album/' . bin2hex($album['album']) . '" >' . $album['album'] . '</a></li>';
}
$o .= '</ul>';
+
+ $o .= '</div>';
}
if(! x($a->page,'aside'))
function photos_post(&$a) {
- logger('mod/photos.php: photos_post(): begin' , 'LOGGER_DEBUG');
+ logger('mod-photos: photos_post(): begin' , 'LOGGER_DEBUG');
- foreach($_REQUEST AS $key => $val) {
- logger('mod/photos.php: photos_post(): $_REQUEST key: ' . $key . ' val: ' . $val , 'LOGGER_DEBUG');
- }
- foreach($_FILES AS $key => $val) {
- logger('mod/photos.php: photos_post(): $_FILES key: ' . $key . ' val: ' . $val , 'LOGGER_DEBUG');
- }
+ logger('mod_photos: REQUEST ' . print_r($_REQUEST,true), LOGGER_DATA);
+ logger('mod_photos: FILES ' . print_r($_FILES,true), LOGGER_DATA);
$can_post = false;
$visitor = 0;
$arr['deny_gid'] = $p[0]['deny_gid'];
$arr['last-child'] = 1;
$arr['visible'] = $visibility;
+ $arr['origin'] = 1;
$arr['body'] = '[url=' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $p[0]['resource-id'] . ']'
. '[img]' . $a->get_baseurl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.jpg' . '[/img]'
}
else {
$newname = $name;
- if(strstr($name,'_') || strstr($name,' ')) {
+ $alias = '';
+ $tagcid = 0;
+ if(strrpos($newname,'+'))
+ $tagcid = intval(substr($newname,strrpos($newname,'+') + 1));
+
+ if($tagcid) {
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($tagcid),
+ intval($profile_uid)
+ );
+ }
+ elseif(strstr($name,'_') || strstr($name,' ')) {
$newname = str_replace('_',' ',$name);
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
dbesc($newname),
);
}
else {
- $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1",
+ $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
+ dbesc($name),
dbesc($name),
intval($page_owner_uid)
);
$arr['target-type'] = ACTIVITY_OBJ_PHOTO;
$arr['tag'] = $tagged[4];
$arr['inform'] = $tagged[2];
-
+ $arr['origin'] = 1;
$arr['body'] = '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]' . ' ' . t('was tagged in a') . ' ' . '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . t('photo') . '[/url]' . ' ' . t('by') . ' ' . '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]' ;
$arr['body'] .= "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.jpg' . '[/img][/url]' . "\n" ;
$visible = 1;
else
$visible = 0;
+
+ if(intval($_REQUEST['not_visible']) || $_REQUEST['not_visible'] === 'true')
+ $visible = 0;
$str_group_allow = perms2str(((is_array($_REQUEST['group_allow'])) ? $_REQUEST['group_allow'] : explode(',',$_REQUEST['group_allow'])));
$str_contact_allow = perms2str(((is_array($_REQUEST['contact_allow'])) ? $_REQUEST['contact_allow'] : explode(',',$_REQUEST['contact_allow'])));
$arr['deny_gid'] = $str_group_deny;
$arr['last-child'] = 1;
$arr['visible'] = $visible;
+ $arr['origin'] = 1;
+
$arr['body'] = '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $photo_hash . ']'
. '[img]' . $a->get_baseurl() . "/photo/{$photo_hash}-{$smallest}.jpg" . '[/img]'
. '[/url]';
$o = "";
// tabs
- $tpl = get_markup_template('profile_tabs.tpl');
$_is_owner = (local_user() && (local_user() == $owner_uid));
- $o .= replace_macros($tpl,array(
- '$url' => $a->get_baseurl() . '/profile/' .$a->data['user']['nickname'],
- '$phototab' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'],
- '$status' => t('Status'),
- '$profile' => t('Profile'),
- '$photos' => t('Photos'),
- '$events' => (($_is_owner) ? t('Events') : ''),
- '$notes' => (($_is_owner) ? t('Personal Notes') : ''),
- '$activetab' => "photos",
- ));
+ $o .= profile_tabs($a,$_is_owner, $a->data['user']['nickname']);
//
// dispatch request
'$nickname' => $a->data['user']['nickname'],
'$newalbum' => t('New album name: '),
'$existalbumtext' => t('or existing album name: '),
- '$albumselect' => $albumselect,
+ '$nosharetext' => t('Do not show a status post for this upload'),
+ '$albumselect' => template_escape($albumselect),
'$permissions' => t('Permissions'),
- '$aclselect' => (($visitor) ? '' : populate_acl($a->user, $celeb)),
+ '$aclselect' => (($visitor) ? '' : template_escape(populate_acl($a->user, $celeb))),
'$uploader' => $ret['addon_text'],
'$default' => (($ret['default_upload']) ? $default_upload : ''),
'$uploadurl' => $ret['post_url']
$o .= replace_macros($edit_tpl,array(
'$nametext' => t('New album name: '),
'$nickname' => $a->data['user']['nickname'],
- '$album' => $album,
+ '$album' => template_escape($album),
'$hexalbum' => bin2hex($album),
'$submit' => t('Submit'),
'$dropsubmit' => t('Delete Album')
'$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'],
'$phototitle' => t('View Photo'),
'$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['scale'] . '.jpg',
- '$imgalt' => $rr['filename'],
- '$desc'=> $rr['desc']
+ '$imgalt' => template_escape($rr['filename']),
+ '$desc'=> template_escape($rr['desc'])
));
}
);
if(! count($ph)) {
- notice( t('Photo not available') . EOL );
+ $ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
+ LIMIT 1",
+ intval($owner_uid),
+ dbesc($datum)
+ );
+ if(count($ph))
+ notice( t('Permission denied. Access to this item may be restricted.'));
+ else
+ notice( t('Photo not available') . EOL );
return;
}
break;
}
}
- $prevlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] ;
- $nextlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] ;
+ $edit_suffix = ((($cmd === 'edit') && ($can_post)) ? '/edit' : '');
+ $prevlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix;
+ $nextlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix;
}
if($can_post && ($ph[0]['uid'] == $owner_uid)) {
$tools = array(
- 'edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . '/edit', t('Edit photo')),
+ 'edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . (($cmd === 'edit') ? '' : '/edit'), (($cmd === 'edit') ? t('View photo') : t('Edit photo'))),
'profile'=>array($a->get_baseurl() . '/profile_photo/use/'.$ph[0]['resource-id'], t('Use as profile photo')),
);
$edit_tpl = get_markup_template('photo_edit.tpl');
$edit = replace_macros($edit_tpl, array(
'$id' => $ph[0]['id'],
- '$album' => $ph[0]['album'],
+ '$album' => template_escape($ph[0]['album']),
'$newalbum' => t('New album name'),
'$nickname' => $a->data['user']['nickname'],
'$resource_id' => $ph[0]['resource-id'],
'$capt_label' => t('Caption'),
- '$caption' => $ph[0]['desc'],
+ '$caption' => template_escape($ph[0]['desc']),
'$tag_label' => t('Add a Tag'),
'$tags' => $link_item['tag'],
'$permissions' => t('Permissions'),
- '$aclselect' => populate_acl($ph[0]),
+ '$aclselect' => template_escape(populate_acl($ph[0])),
'$help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'),
'$item_id' => ((count($linked_items)) ? $link_item['id'] : 0),
'$submit' => t('Submit'),
$comments .= replace_macros($template,array(
'$id' => $item['item_id'],
'$profile_url' => $profile_link,
- '$name' => $profile_name,
+ '$name' => template_escape($profile_name),
'$thumb' => $profile_avatar,
'$sparkle' => $sparkle,
- '$title' => $item['title'],
- '$body' => bbcode($item['body']),
+ '$title' => template_escape($item['title']),
+ '$body' => template_escape(bbcode($item['body'])),
'$ago' => relative_date($item['created']),
'$indent' => (($item['parent'] != $item['item_id']) ? ' comment' : ''),
'$drop' => $drop,
$photo_tpl = get_markup_template('photo_view.tpl');
$o .= replace_macros($photo_tpl, array(
'$id' => $ph[0]['id'],
- '$album' => array($album_link,$ph[0]['album']),
+ '$album' => array($album_link,template_escape($ph[0]['album'])),
'$tools' => $tools,
'$lock' => $lock,
'$photo' => $photo,
'$prevlink' => $prevlink,
'$nextlink' => $nextlink,
'$desc' => $ph[0]['desc'],
- '$tags' => $tags,
+ '$tags' => template_escape($tags),
'$edit' => $edit,
'$likebuttons' => $likebuttons,
- '$like' => $like,
- '$dislike' => $dislike,
+ '$like' => template_escape($like),
+ '$dislike' => template_escape($dislike),
'$comments' => $comments,
'$paginate' => $paginate,
));
'$phototitle' => t('View Photo'),
'$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . ((($rr['scale']) == 6) ? 4 : $rr['scale']) . '.jpg',
'$albumlink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($rr['album']),
- '$albumname' => $rr['album'],
+ '$albumname' => template_escape($rr['album']),
'$albumalt' => t('View Album'),
- '$imgalt' => $rr['filename']
+ '$imgalt' => template_escape($rr['filename'])
));
}