use Friendica\Database\DBStructure;
use Friendica\Model\Storage\IStorage;
use Friendica\Object\Image;
+use Friendica\Protocol\DFRN;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Security;
*/
public static function getPhoto($resourceid, $scale = 0)
{
- $r = self::selectFirst(["uid"], ["resource-id" => $resourceid]);
+ $r = self::selectFirst(["uid", "allow_cid", "allow_gid", "deny_cid", "deny_gid"], ["resource-id" => $resourceid]);
if ($r === false) {
return false;
}
+ $uid = $r["uid"];
- $sql_acl = Security::getPermissionsSQLByUserId($r["uid"]);
+ // This is the first place, when retrieving just a photo, that we know who owns the photo.
+ // Check if the photo is public (empty allow and deny means public), if so, skip auth attempt, if not
+ // make sure that the requester's session is appropriately authenticated to that user
+ // otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
+ if (!empty($r["allow_cid"]) || !empty($r["allow_gid"]) || !empty($r["deny_cid"]) || !empty($r["deny_gid"])) {
+ $r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
+ // this will either just return (if auth all ok) or will redirect and exit (starting over)
+ DFRN::autoRedir(self::getApp(), $r["nickname"]);
+ }
+
+ $sql_acl = Security::getPermissionsSQLByUserId($uid);
$conditions = [
"`resource-id` = ? AND `scale` <= ? " . $sql_acl,
return DBA::delete("photo", $conditions, $options);
}
- /**
- * @brief This function is used by the fromgplus addon
- *
- * Stores a photo based on image data or an URL
- *
- * @param integer $uid user id
- * @param string $imagedata optional, default empty
- * @param string $url optional, default empty
- * @return array
- * @throws \Friendica\Network\HTTPException\InternalServerErrorException
- * @throws \ImagickException
- */
- public static function storeByData($uid, $imagedata = "", $url = "")
- {
- $a = self::getApp();
- $logger = $a->getLogger();
- $profiler = $a->getProfiler();
-
- $stmtUser = DBA::p(
- "SELECT `user`.`nickname`, `user`.`page-flags`, `contact`.`id` FROM `user` INNER JOIN `contact` on `user`.`uid` = `contact`.`uid`
- WHERE `user`.`uid` = %d AND `user`.`blocked` = 0 AND `contact`.`self` = 1 LIMIT 1",
- intval($uid)
- );
-
- if (!DBA::isResult($stmtUser)) {
- $logger->info("Can't detect user data.", ['uid' => $uid]);
- return [];
- } else {
- $user = DBA::toArray($stmtUser);
- }
-
- $page_owner_nick = $user[0]['nickname'];
-
- /// @TODO
- /// $default_cid = $isStored[0]['id'];
- /// $community_page = (($isStored[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false);
-
- if ((strlen($imagedata) == 0) && ($url == "")) {
- $logger->info("No image data and no url provided");
- return [];
- } elseif (strlen($imagedata) == 0) {
- $logger->info("Uploading picture,", ['url' => $url]);
-
- $stamp1 = microtime(true);
- $imagedata = @file_get_contents($url);
- $profiler->saveTimestamp($stamp1, "file", System::callstack());
- }
-
- $maxImageSize = Config::get('system', 'maximagesize');
-
- if (($maxImageSize) && (strlen($imagedata) > $maxImageSize)) {
- $logger->info("image exceeds size limit.", ['max' => $maxImageSize, 'current' => strlen($imagedata)]);
- return [];
- }
-
- $tempFile = tempnam(get_temppath(), "cache");
-
- $stamp1 = microtime(true);
- file_put_contents($tempFile, $imagedata);
- $profiler->saveTimestamp($stamp1, "file", System::callstack());
-
- $data = getimagesize($tempFile);
-
- if (!isset($data["mime"])) {
- unlink($tempFile);
- $logger->info("File is no picture");
- return [];
- }
-
- $image = new Image($imagedata, $data["mime"]);
-
- if (!$image->isValid()) {
- unlink($tempFile);
- $logger->info("Picture is no valid picture");
- return [];
- }
-
- $image->orient($tempFile);
- unlink($tempFile);
-
- $max_length = Config::get('system', 'max_image_length');
- if (! $max_length) {
- $max_length = MAX_IMAGE_LENGTH;
- }
-
- if ($max_length > 0) {
- $image->scaleDown($max_length);
- }
-
- $width = $image->getWidth();
- $height = $image->getHeight();
-
- $hash = self::newResource();
-
- // Pictures are always public by now
- //$defperm = '<'.$default_cid.'>';
- $defperm = "";
- $visitor = 0;
-
- $isStored = Photo::store($image, $uid, $visitor, $hash, $tempFile, L10n::t('Wall Photos'), 0, 0, $defperm);
-
- if (!$isStored) {
- $logger->info("Picture couldn't be stored");
- return [];
- }
-
- $image = ["page" => $a->getBaseURL() . '/photos/' . $page_owner_nick . '/image/' . $hash,
- "full" => $a->getBaseURL() . "/photo/{$hash}-0." . $image->getExt()];
-
- if ($width > 800 || $height > 800) {
- $image["large"] = $a->getBaseURL() . "/photo/{$hash}-0." . $image->getExt();
- }
-
- if ($width > 640 || $height > 640) {
- $image->scaleDown(640);
- $isStored = self::store($image, $uid, $visitor, $hash, $tempFile, L10n::t('Wall Photos'), 1, 0, $defperm);
- if ($isStored) {
- $image["medium"] = $a->getBaseURL() . "/photo/{$hash}-1." . $image->getExt();
- }
- }
-
- if ($width > 320 || $height > 320) {
- $image->scaleDown(320);
- $isStored = self::store($image, $uid, $visitor, $hash, $tempFile, L10n::t('Wall Photos'), 2, 0, $defperm);
- if ($isStored) {
- $image["small"] = $a->getBaseURL() . "/photo/{$hash}-2." . $image->getExt();
- }
- }
-
- if ($width > 160 && $height > 160) {
- $x = 0;
- $y = 0;
-
- $min = $image->getWidth();
- if ($min > 160) {
- $x = ($min - 160) / 2;
- }
-
- if ($image->getHeight() < $min) {
- $min = $image->getHeight();
- if ($min > 160) {
- $y = ($min - 160) / 2;
- }
- }
-
- $min = 160;
- $image->crop(160, $x, $y, $min, $min);
-
- $isStored = self::store($image, $uid, $visitor, $hash, $tempFile, L10n::t('Wall Photos'), 3, 0, $defperm);
- if ($isStored) {
- $image["thumb"] = $a->getBaseURL() . "/photo/{$hash}-3." . $image->getExt();
- }
- }
-
- // Set the full image as preview image. This will be overwritten, if the picture is larger than 640.
- $image["preview"] = $image["full"];
-
- // Deactivated, since that would result in a cropped preview, if the picture wasn't larger than 320
- //if (isset($image["thumb"]))
- // $image["preview"] = $image["thumb"];
-
- // Unsure, if this should be activated or deactivated
- //if (isset($image["small"]))
- // $image["preview"] = $image["small"];
-
- if (isset($image["medium"])) {
- $image["preview"] = $image["medium"];
- }
-
- return $image;
- }
-
/**
* @brief Update a photo
*
$photo_failure = false;
$filename = basename($image_url);
- $img_str = Network::fetchUrl($image_url, true);
+ if (!empty($image_url)) {
+ $ret = Network::curl($image_url, true);
+ $img_str = $ret->getBody();
+ $type = $ret->getContentType();
+ } else {
+ $img_str = '';
+ }
if ($quit_on_error && ($img_str == "")) {
return false;
}
- $type = Image::guessType($image_url, true);
+ if (empty($type)) {
+ $type = Image::guessType($image_url, true);
+ }
+
$Image = new Image($img_str, $type);
if ($Image->isValid()) {
$Image->scaleToSquare(300);
projects / friendica.git / blobdiff