X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphoto.php;h=4166b4d53949d4f9cb5b1f9467c045b224ef98e0;hb=06998f13b61fcd50588f425703793bacc2e55cab;hp=434193f71318edc6b9b63abac8feefb8d95a6b4c;hpb=29092ace4428aeb796b31856aafa14cef1632bac;p=friendica.git diff --git a/mod/photo.php b/mod/photo.php index 434193f713..4166b4d539 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -101,7 +101,8 @@ function photo_init(&$a) { $photo = substr($photo,0,-2); } - $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", + // check if the photo exists and get the owner of the photo + $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1", dbesc($photo), intval($resolution) ); @@ -111,7 +112,7 @@ function photo_init(&$a) { // Now we'll see if we can access the photo - $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d $sql_extra LIMIT 1", + $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` <= %d $sql_extra ORDER BY scale DESC LIMIT 1", dbesc($photo), intval($resolution) ); @@ -119,28 +120,16 @@ function photo_init(&$a) { $public = ($r[0]['allow_cid'] == '') AND ($r[0]['allow_gid'] == '') AND ($r[0]['deny_cid'] == '') AND ($r[0]['deny_gid'] == ''); if(count($r)) { + $resolution = $r[0]['scale']; $data = $r[0]['data']; $mimetype = $r[0]['type']; - } - else { - - // Does the picture exist? It may be a remote person with no credentials, - // but who should otherwise be able to view it. Show a default image to let - // them know permissions was denied. It may be possible to view the image - // through an authenticated profile visit. - // There won't be many completely unauthorised people seeing this because - // they won't have the photo link, so there's a reasonable chance that the person - // might be able to obtain permission to view it. - - $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", - dbesc($photo), - intval($resolution) - ); - if(count($r)) { - $data = file_get_contents('images/nosign.jpg'); - $mimetype = 'image/jpeg'; - $prvcachecontrol = true; - } + } else { + // The picure exists. We already checked with the first query. + // obviously, this is not an authorized viev! + $data = file_get_contents('images/nosign.jpg'); + $mimetype = 'image/jpeg'; + $prvcachecontrol = true; + $public = false; } } } @@ -208,12 +197,13 @@ function photo_init(&$a) { // If the photo is public and there is an existing photo directory store the photo there if ($public and ($file != "")) { // If the photo path isn't there, try to create it - if (!is_dir($_SERVER["DOCUMENT_ROOT"]."/photo")) - if (is_writable($_SERVER["DOCUMENT_ROOT"])) - mkdir($_SERVER["DOCUMENT_ROOT"]."/photo"); + $basepath = $a->get_basepath(); + if (!is_dir($basepath."/photo")) + if (is_writable($basepath)) + mkdir($basepath."/photo"); - if (is_dir($_SERVER["DOCUMENT_ROOT"]."/photo")) - file_put_contents($_SERVER["DOCUMENT_ROOT"]."/photo/".$file, $data); + if (is_dir($basepath."/photo")) + file_put_contents($basepath."/photo/".$file, $data); } killme();