X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=mod%2Fphotos.php;h=b74ca85d71b5b1272b277f92c872614a5bb0be7a;hb=71f71ecf46c9dfc522685d171fbaf9bc7d73b708;hp=e52f67008ff33457855b59910a2a528f5458139f;hpb=b61a7158da4c8a0b41651a082f0ce2f9ad431f14;p=friendica.git
diff --git a/mod/photos.php b/mod/photos.php
index e52f67008f..b74ca85d71 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -3,6 +3,7 @@ require_once('include/Photo.php');
require_once('include/items.php');
require_once('include/acl_selectors.php');
require_once('include/bbcode.php');
+require_once('include/security.php');
function photos_init(&$a) {
@@ -23,7 +24,9 @@ function photos_init(&$a) {
$a->data['user'] = $r[0];
- $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d",
+ $sql_extra = permissions_sql($a->data['user']['uid']);
+
+ $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra ",
intval($a->data['user']['uid'])
);
@@ -35,7 +38,11 @@ function photos_init(&$a) {
$o .= '
';
foreach($albums as $album) {
- if((! strlen($album['album'])) || ($album['album'] == t('Contact Photos')))
+
+ // don't show contact photos. We once trasnlated this name, but then you could still access it under
+ // a different language setting. Now we store the name in English and check in English (and translated for legacy albums).
+
+ if((! strlen($album['album'])) || ($album['album'] === 'Contact Photos') || ($album['album'] === t('Contact Photos')))
continue;
$o .= '' . ' ' . $album['album'] . ' ';
}
@@ -80,15 +87,15 @@ EOT;
function photos_post(&$a) {
-logger('mod/photos.php: photos_post(): begin' , 'LOGGER_DEBUG');
+ logger('mod/photos.php: photos_post(): begin' , 'LOGGER_DEBUG');
-foreach($_REQUEST AS $key => $val) {
- logger('mod/photos.php: photos_post(): $_REQUEST key: ' . $key . ' val: ' . $val , 'LOGGER_DEBUG');
-}
+ foreach($_REQUEST AS $key => $val) {
+ logger('mod/photos.php: photos_post(): $_REQUEST key: ' . $key . ' val: ' . $val , 'LOGGER_DEBUG');
+ }
-foreach($_FILES AS $key => $val) {
- logger('mod/photos.php: photos_post(): $_FILES key: ' . $key . ' val: ' . $val , 'LOGGER_DEBUG');
-}
+ foreach($_FILES AS $key => $val) {
+ logger('mod/photos.php: photos_post(): $_FILES key: ' . $key . ' val: ' . $val , 'LOGGER_DEBUG');
+ }
$can_post = false;
$visitor = 0;
@@ -133,7 +140,7 @@ foreach($_FILES AS $key => $val) {
if(($a->argc > 3) && ($a->argv[2] === 'album')) {
$album = hex2bin($a->argv[3]);
- if($album == t('Profile Photos') || $album == t('Contact Photos')) {
+ if($album === t('Profile Photos') || $album === 'Contact Photos' || $album === t('Contact Photos')) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return; // NOTREACHED
}
@@ -376,6 +383,8 @@ foreach($_FILES AS $key => $val) {
if(count($tags)) {
foreach($tags as $tag) {
+ if(isset($profile))
+ unset($profile);
if(strpos($tag,'@') === 0) {
$name = substr($tag,1);
if((strpos($name,'@')) || (strpos($name,'http://'))) {
@@ -397,7 +406,7 @@ foreach($_FILES AS $key => $val) {
}
else {
$newname = $name;
- if(strstr($name,'_')) {
+ if(strstr($name,'_') || strstr($name,' ')) {
$newname = str_replace('_',' ',$name);
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
dbesc($newname),
@@ -405,7 +414,8 @@ foreach($_FILES AS $key => $val) {
);
}
else {
- $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1",
+ $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
+ dbesc($name),
dbesc($name),
intval($page_owner_uid)
);
@@ -590,6 +600,9 @@ foreach($_FILES AS $key => $val) {
$filesize = intval($_FILES['userfile']['size']);
}
+
+ logger('photos: upload: received file: ' . $filename . ' as ' . $src . ' ' . $filesize . ' bytes', LOGGER_DEBUG);
+
$maximagesize = get_config('system','maximagesize');
if(($maximagesize) && ($filesize > $maximagesize)) {
@@ -600,6 +613,14 @@ foreach($_FILES AS $key => $val) {
return;
}
+ if(! $filesize) {
+ notice( t('Image file is empty.') . EOL);
+ @unlink($src);
+ $foo = 0;
+ call_hooks('photo_post_end',$foo);
+ return;
+ }
+
logger('mod/photos.php: photos_post(): loading the contents of ' . $src , 'LOGGER_DEBUG');
$imagedata = @file_get_contents($src);
@@ -755,8 +776,6 @@ function photos_content(&$a) {
$owner_uid = $a->data['user']['uid'];
-
-
$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
if((local_user()) && (local_user() == $owner_uid))
@@ -798,43 +817,28 @@ function photos_content(&$a) {
}
}
- $r = q("SELECT `hidewall` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1",
- intval($owner_uid)
- );
-
- if(count($r) && $r[0]['hidewall'] && (local_user() != $owner_uid) && (! $remote_contact)) {
+ if($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (! $remote_contact)) {
notice( t('Access to this item is restricted.') . EOL);
return;
}
- // default permissions - anonymous user
-
- $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
-
- // Profile owner - everything is visible
+ $sql_extra = permissions_sql($owner_uid,$remote_contact,$groups);
- if(local_user() && (local_user() == $owner_uid)) {
- $sql_extra = '';
- }
- elseif(remote_user()) {
- // authenticated visitor - here lie dragons
- $gs = '<<>>'; // should be impossible to match
- if(count($groups)) {
- foreach($groups as $g)
- $gs .= '|<' . intval($g) . '>';
- }
- $sql_extra = sprintf(
- " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
- AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
- AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
- AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
+ $o = "";
- intval(remote_user()),
- intval(remote_user()),
- dbesc($gs),
- dbesc($gs)
- );
- }
+ // tabs
+ $tpl = get_markup_template('profile_tabs.tpl');
+ $_is_owner = (local_user() && (local_user() == $owner_uid));
+ $o .= replace_macros($tpl,array(
+ '$url' => $a->get_baseurl() . '/profile/' .$a->data['user']['nickname'],
+ '$phototab' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'],
+ '$status' => t('Status'),
+ '$profile' => t('Profile'),
+ '$photos' => t('Photos'),
+ '$events' => (($_is_owner) ? t('Events') : ''),
+ '$notes' => (($_is_owner) ? t('Personal Notes') : ''),
+ '$activetab' => "photos",
+ ));
//
// dispatch request
@@ -851,7 +855,7 @@ function photos_content(&$a) {
$albumselect .= ' ';
if(count($a->data['albums'])) {
foreach($a->data['albums'] as $album) {
- if(($album['album'] === '') || ($album['album'] == t('Contact Photos')))
+ if(($album['album'] === '') || ($album['album'] === 'Contact Photos') || ($album['album'] === t('Contact Photos')))
continue;
$albumselect .= '' . $album['album'] . ' ';
}
@@ -900,7 +904,7 @@ function photos_content(&$a) {
$album = hex2bin($datum);
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
- $sql_extra GROUP BY `resource-id`",
+ AND `scale` <= 4 $sql_extra GROUP BY `resource-id`",
intval($owner_uid),
dbesc($album)
);
@@ -910,7 +914,7 @@ function photos_content(&$a) {
}
$r = q("SELECT `resource-id`, `id`, `filename`, max(`scale`) AS `scale`, `desc` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
- $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
+ AND `scale` <= 4 $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
intval($owner_uid),
dbesc($album),
intval($a->pager['start']),
@@ -920,7 +924,7 @@ function photos_content(&$a) {
$o .= '' . $album . ' ';
if($cmd === 'edit') {
- if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
+ if(($album !== t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) {
if($can_post) {
$edit_tpl = get_markup_template('album_edit.tpl');
$o .= replace_macros($edit_tpl,array(
@@ -935,7 +939,7 @@ function photos_content(&$a) {
}
}
else {
- if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
+ if(($album !== t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) {
if($can_post) {
$o .= ''
@@ -968,7 +972,7 @@ function photos_content(&$a) {
- $o = '';
+ //$o = '';
// fetch image, item containing image, then comments
$ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
@@ -1103,6 +1107,7 @@ function photos_content(&$a) {
}
$tags=Null;
+
if(count($linked_items) && strlen($link_item['tag'])) {
$arr = explode(',',$link_item['tag']);
// parse tags and add links
@@ -1319,11 +1324,12 @@ function photos_content(&$a) {
}
// Default - show recent photos with upload link (if applicable)
- $o = '';
+ //$o = '';
- $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s'
+ $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
$sql_extra GROUP BY `resource-id`",
intval($a->data['user']['uid']),
+ dbesc('Contact Photos'),
dbesc( t('Contact Photos'))
);
if(count($r)) {
@@ -1332,9 +1338,10 @@ function photos_content(&$a) {
}
$r = q("SELECT `resource-id`, `id`, `filename`, `album`, max(`scale`) AS `scale` FROM `photo`
- WHERE `uid` = %d AND `album` != '%s'
+ WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
$sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
intval($a->data['user']['uid']),
+ dbesc('Contact Photos'),
dbesc( t('Contact Photos')),
intval($a->pager['start']),
intval($a->pager['itemspage'])