spelling: activity

[friendica.git] / src / Model / Photo.php

diff --git a/src/Model/Photo.php b/src/Model/Photo.php
index 9623f5622eabf849292bd45f25bae99c82136306..96c82b0c17d84c0cc095e8872b919cafee805be3 100644 (file)
--- a/src/Model/Photo.php
+++ b/src/Model/Photo.php
@@ -36,6 +36,7 @@ use Friendica\Object\Image;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Images;
 use Friendica\Security\Security;
+use Friendica\Util\Network;
 use Friendica\Util\Proxy;
 use Friendica\Util\Strings;
 
@@ -147,13 +148,14 @@ class Photo
         * on success, "no sign" image info, if user has no permission,
         * false if photo does not exists
         *
-        * @param string  $resourceid Rescource ID of the photo
-        * @param integer $scale      Scale of the photo. Defaults to 0
+        * @param string  $resourceid  Rescource ID of the photo
+        * @param integer $scale       Scale of the photo. Defaults to 0
+        * @param integer $visitor_uid UID of the visitor
         *
         * @return boolean|array
         * @throws \Exception
         */
-       public static function getPhoto(string $resourceid, int $scale = 0)
+       public static function getPhoto(string $resourceid, int $scale = 0, int $visitor_uid = 0)
        {
                $r = self::selectFirst(['uid'], ['resource-id' => $resourceid]);
                if (!DBA::isResult($r)) {
@@ -164,7 +166,11 @@ class Photo
 
                $accessible = $uid ? (bool)DI::pConfig()->get($uid, 'system', 'accessible-photos', false) : false;
 
-               $sql_acl = Security::getPermissionsSQLByUserId($uid, $accessible);
+               if (!empty($visitor_uid) && ($uid == $visitor_uid)) {
+                       $sql_acl = '';
+               } else {
+                       $sql_acl = Security::getPermissionsSQLByUserId($uid, $accessible);
+               }
 
                $conditions = ["`resource-id` = ? AND `scale` <= ? " . $sql_acl, $resourceid, $scale];
                $params = ['order' => ['scale' => true]];
@@ -225,7 +231,7 @@ class Photo
                        DBA::p(
                                "SELECT `resource-id`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`filename`) AS `filename`, ANY_VALUE(`type`) AS `type`,
                                        min(`scale`) AS `hiq`, max(`scale`) AS `loq`, ANY_VALUE(`desc`) AS `desc`, ANY_VALUE(`created`) AS `created`
-                                       FROM `photo` WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) $sqlExtra 
+                                       FROM `photo` WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) $sqlExtra
                                        GROUP BY `resource-id` $sqlExtra2",
                                $values
                        ));
@@ -582,6 +588,11 @@ class Photo
 
                $photo_failure = false;
 
+               if (!Network::isValidHttpUrl($image_url)) {
+                       Logger::warning('Invalid image url', ['image_url' => $image_url, 'uid' => $uid, 'cid' => $cid, 'callstack' => System::callstack(20)]);
+                       return false;
+               }
+
                $filename = basename($image_url);
                if (!empty($image_url)) {
                        $ret = DI::httpClient()->get($image_url, HttpClientAccept::IMAGE);
@@ -907,7 +918,7 @@ class Photo
         */
        public static function getResourceData(string $name): array
        {
-               $base = DI::baseUrl()->get();
+               $base = DI::baseUrl();
 
                $guid = str_replace([Strings::normaliseLink($base), '/photo/'], '', Strings::normaliseLink($name));
 
@@ -971,7 +982,7 @@ class Photo
         */
        public static function isLocalPage(string $name): bool
        {
-               $base = DI::baseUrl()->get();
+               $base = DI::baseUrl();
 
                $guid = str_replace(Strings::normaliseLink($base), '', Strings::normaliseLink($name));
                $guid = preg_replace("=/photos/.*/image/(.*)=ism", '$1', $guid);