<?php
/**
- * @copyright Copyright (C) 2010-2022, the Friendica project
+ * @copyright Copyright (C) 2010-2023, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Images;
use Friendica\Security\Security;
+use Friendica\Util\Network;
use Friendica\Util\Proxy;
use Friendica\Util\Strings;
* on success, "no sign" image info, if user has no permission,
* false if photo does not exists
*
- * @param string $resourceid Rescource ID of the photo
- * @param integer $scale Scale of the photo. Defaults to 0
+ * @param string $resourceid Rescource ID of the photo
+ * @param integer $scale Scale of the photo. Defaults to 0
+ * @param integer $visitor_uid UID of the visitor
*
* @return boolean|array
* @throws \Exception
*/
- public static function getPhoto(string $resourceid, int $scale = 0)
+ public static function getPhoto(string $resourceid, int $scale = 0, int $visitor_uid = 0)
{
$r = self::selectFirst(['uid'], ['resource-id' => $resourceid]);
if (!DBA::isResult($r)) {
$accessible = $uid ? (bool)DI::pConfig()->get($uid, 'system', 'accessible-photos', false) : false;
- $sql_acl = Security::getPermissionsSQLByUserId($uid, $accessible);
+ if (!empty($visitor_uid) && ($uid == $visitor_uid)) {
+ $sql_acl = '';
+ } else {
+ $sql_acl = Security::getPermissionsSQLByUserId($uid, $accessible);
+ }
$conditions = ["`resource-id` = ? AND `scale` <= ? " . $sql_acl, $resourceid, $scale];
$params = ['order' => ['scale' => true]];
DBA::p(
"SELECT `resource-id`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`filename`) AS `filename`, ANY_VALUE(`type`) AS `type`,
min(`scale`) AS `hiq`, max(`scale`) AS `loq`, ANY_VALUE(`desc`) AS `desc`, ANY_VALUE(`created`) AS `created`
- FROM `photo` WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) $sqlExtra
+ FROM `photo` WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) $sqlExtra
GROUP BY `resource-id` $sqlExtra2",
$values
));
$photo_failure = false;
+ if (!Network::isValidHttpUrl($image_url)) {
+ Logger::warning('Invalid image url', ['image_url' => $image_url, 'uid' => $uid, 'cid' => $cid, 'callstack' => System::callstack(20)]);
+ return false;
+ }
+
$filename = basename($image_url);
if (!empty($image_url)) {
$ret = DI::httpClient()->get($image_url, HttpClientAccept::IMAGE);
*/
public static function getResourceData(string $name): array
{
- $base = DI::baseUrl()->get();
+ $base = DI::baseUrl();
$guid = str_replace([Strings::normaliseLink($base), '/photo/'], '', Strings::normaliseLink($name));
*/
public static function isLocalPage(string $name): bool
{
- $base = DI::baseUrl()->get();
+ $base = DI::baseUrl();
$guid = str_replace(Strings::normaliseLink($base), '', Strings::normaliseLink($name));
$guid = preg_replace("=/photos/.*/image/(.*)=ism", '$1', $guid);