X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphotos.php;h=52d749bb46f841f3f37e93fc91d76506ba261dd5;hb=5095ce621ad852676de342d2fef9be3f3f95b2fb;hp=52ab42bf1f32001102a0c5c0d0f2e0ef185f87f1;hpb=dd3f573fecdc465e7e3f78d4bb672f4a35568bdb;p=friendica.git diff --git a/mod/photos.php b/mod/photos.php index 52ab42bf1f..52d749bb46 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -1,6 +1,6 @@ $album) { - //hide profile photos to others - if (!$is_owner && !Session::getRemoteContactID($owner['uid']) && ($album['album'] == DI::l10n()->t('Profile Photos'))) - continue; $entry = [ 'text' => $album['album'], 'total' => $album['total'], @@ -161,7 +158,7 @@ function photos_post(App $a) if (!$can_post) { notice(DI::l10n()->t('Permission denied.')); - exit(); + System::exit(); } $owner_record = User::getOwnerDataById($page_owner_uid); @@ -169,7 +166,7 @@ function photos_post(App $a) if (!$owner_record) { notice(DI::l10n()->t('Contact information unavailable')); DI::logger()->info('photos_post: unable to locate contact record for page owner. uid=' . $page_owner_uid); - exit(); + System::exit(); } $aclFormatter = DI::aclFormatter(); @@ -195,12 +192,7 @@ function photos_post(App $a) } $album = hex2bin(DI::args()->getArgv()[3]); - if ($album === DI::l10n()->t('Profile Photos') || $album === Photo::CONTACT_PHOTOS || $album === DI::l10n()->t(Photo::CONTACT_PHOTOS)) { - DI::baseUrl()->redirect($_SESSION['photo_return']); - return; // NOTREACHED - } - - if (!DBA::exists('photo', ['album' => $album, 'uid' => $page_owner_uid])) { + if (!DBA::exists('photo', ['album' => $album, 'uid' => $page_owner_uid, 'photo-type' => Photo::DEFAULT])) { notice(DI::l10n()->t('Album not found.')); DI::baseUrl()->redirect('photos/' . $user['nickname'] . '/album'); return; // NOTREACHED @@ -212,7 +204,7 @@ function photos_post(App $a) } // RENAME photo album - $newalbum = Strings::escapeTags(trim($_POST['albumname'])); + $newalbum = trim($_POST['albumname'] ?? ''); if ($newalbum != $album) { Photo::update(['album' => $newalbum], ['album' => $album, 'uid' => $page_owner_uid]); // Update the photo albums cache @@ -230,16 +222,16 @@ function photos_post(App $a) // get the list of photos we are about to delete if ($visitor) { - $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'", - intval($visitor), - intval($page_owner_uid), - DBA::escape($album) - ); + $r = DBA::toArray(DBA::p("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = ? AND `uid` = ? AND `album` = ?", + $visitor, + $page_owner_uid, + $album + )); } else { - $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", - intval(local_user()), - DBA::escape($album) - ); + $r = DBA::toArray(DBA::p("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = ? AND `album` = ?", + local_user(), + $album + )); } if (DBA::isResult($r)) { @@ -299,11 +291,11 @@ function photos_post(App $a) } if (DI::args()->getArgc() > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) { - $desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : ''; - $rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : ''; - $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; - $albname = !empty($_POST['albname']) ? trim($_POST['albname']) : ''; - $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : ''; + $desc = !empty($_POST['desc']) ? trim($_POST['desc']) : ''; + $rawtags = !empty($_POST['newtag']) ? trim($_POST['newtag']) : ''; + $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; + $albname = !empty($_POST['albname']) ? trim($_POST['albname']) : ''; + $origaname = !empty($_POST['origaname']) ? trim($_POST['origaname']) : ''; $resource_id = DI::args()->getArgv()[3]; @@ -612,9 +604,9 @@ function photos_post(App $a) * they acquire comments, likes, dislikes, and/or tags */ - $r = Photo::selectToArray([], ['`album` = ? AND `uid` = ? AND `created` > UTC_TIMESTAMP() - INTERVAL 3 HOUR', $album, $page_owner_uid]); + $r = Photo::selectToArray([], ['`album` = ? AND `uid` = ? AND `created` > ?', $album, $page_owner_uid, DateTimeFormat::utc('now - 3 hours')]); - if (!DBA::isResult($r) || ($album == DI::l10n()->t('Profile Photos'))) { + if (!DBA::isResult($r) || ($album == DI::l10n()->t(Photo::PROFILE_PHOTOS))) { $visible = 1; } else { $visible = 0; @@ -711,9 +703,6 @@ function photos_post(App $a) @unlink($src); $max_length = DI::config()->get('system', 'max_image_length'); - if (!$max_length) { - $max_length = MAX_IMAGE_LENGTH; - } if ($max_length > 0) { $image->scaleDown($max_length); } @@ -725,7 +714,7 @@ function photos_post(App $a) $resource_id = Photo::newResource(); - $r = Photo::store($image, $page_owner_uid, $visitor, $resource_id, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + $r = Photo::store($image, $page_owner_uid, $visitor, $resource_id, $filename, $album, 0 , Photo::DEFAULT, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); if (!$r) { Logger::info('image store failed'); @@ -735,13 +724,13 @@ function photos_post(App $a) if ($width > 640 || $height > 640) { $image->scaleDown(640); - Photo::store($image, $page_owner_uid, $visitor, $resource_id, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + Photo::store($image, $page_owner_uid, $visitor, $resource_id, $filename, $album, 1, Photo::DEFAULT, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 1; } if ($width > 320 || $height > 320) { $image->scaleDown(320); - Photo::store($image, $page_owner_uid, $visitor, $resource_id, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + Photo::store($image, $page_owner_uid, $visitor, $resource_id, $filename, $album, 2, Photo::DEFAULT, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 2; } @@ -917,7 +906,7 @@ function photos_content(App $a) $albums = Photo::getAlbums($owner_uid); if (!empty($albums)) { foreach ($albums as $album) { - if (($album['album'] === '') || ($album['album'] === Photo::CONTACT_PHOTOS) || ($album['album'] === DI::l10n()->t(Photo::CONTACT_PHOTOS))) { + if ($album['album'] === '') { continue; } $selected = (($selname === $album['album']) ? ' selected="selected" ' : ''); @@ -976,12 +965,16 @@ function photos_content(App $a) } $album = hex2bin($datum); + if ($can_post && !Photo::exists(['uid' => $owner_uid, 'album' => $album, 'photo-type' => Photo::DEFAULT])) { + $can_post = false; + } + $total = 0; - $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' + $r = DBA::toArray(DBA::p("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = ? AND `album` = ? AND `scale` <= 4 $sql_extra GROUP BY `resource-id`", - intval($owner_uid), - DBA::escape($album) - ); + $owner_uid, + $album + )); if (DBA::isResult($r)) { $total = count($r); } @@ -996,16 +989,16 @@ function photos_content(App $a) $order = 'DESC'; } - $r = q("SELECT `resource-id`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`filename`) AS `filename`, + $r = DBA::toArray(DBA::p("SELECT `resource-id`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`filename`) AS `filename`, ANY_VALUE(`type`) AS `type`, max(`scale`) AS `scale`, ANY_VALUE(`desc`) as `desc`, ANY_VALUE(`created`) as `created` - FROM `photo` WHERE `uid` = %d AND `album` = '%s' - AND `scale` <= 4 $sql_extra GROUP BY `resource-id` ORDER BY `created` $order LIMIT %d , %d", + FROM `photo` WHERE `uid` = ? AND `album` = ? + AND `scale` <= 4 $sql_extra GROUP BY `resource-id` ORDER BY `created` $order LIMIT ? , ?", intval($owner_uid), DBA::escape($album), $pager->getStart(), $pager->getItemsPerPage() - ); + )); if ($cmd === 'drop') { $drop_url = DI::args()->getQueryString(); @@ -1025,27 +1018,23 @@ function photos_content(App $a) // edit album name if ($cmd === 'edit') { - if (($album !== DI::l10n()->t('Profile Photos')) && ($album !== Photo::CONTACT_PHOTOS) && ($album !== DI::l10n()->t(Photo::CONTACT_PHOTOS))) { - if ($can_post) { - $edit_tpl = Renderer::getMarkupTemplate('album_edit.tpl'); - - $album_e = $album; - - $o .= Renderer::replaceMacros($edit_tpl,[ - '$nametext' => DI::l10n()->t('New album name: '), - '$nickname' => $user['nickname'], - '$album' => $album_e, - '$hexalbum' => bin2hex($album), - '$submit' => DI::l10n()->t('Submit'), - '$dropsubmit' => DI::l10n()->t('Delete Album') - ]); - } - } - } else { - if (($album !== DI::l10n()->t('Profile Photos')) && ($album !== Photo::CONTACT_PHOTOS) && ($album !== DI::l10n()->t(Photo::CONTACT_PHOTOS)) && $can_post) { - $edit = [DI::l10n()->t('Edit Album'), 'photos/' . $user['nickname'] . '/album/' . bin2hex($album) . '/edit']; - $drop = [DI::l10n()->t('Drop Album'), 'photos/' . $user['nickname'] . '/album/' . bin2hex($album) . '/drop']; + if ($can_post) { + $edit_tpl = Renderer::getMarkupTemplate('album_edit.tpl'); + + $album_e = $album; + + $o .= Renderer::replaceMacros($edit_tpl,[ + '$nametext' => DI::l10n()->t('New album name: '), + '$nickname' => $user['nickname'], + '$album' => $album_e, + '$hexalbum' => bin2hex($album), + '$submit' => DI::l10n()->t('Submit'), + '$dropsubmit' => DI::l10n()->t('Delete Album') + ]); } + } elseif ($can_post) { + $edit = [DI::l10n()->t('Edit Album'), 'photos/' . $user['nickname'] . '/album/' . bin2hex($album) . '/edit']; + $drop = [DI::l10n()->t('Drop Album'), 'photos/' . $user['nickname'] . '/album/' . bin2hex($album) . '/drop']; } if ($order_field === 'posted') { @@ -1101,11 +1090,7 @@ function photos_content(App $a) // Display one photo if ($datatype === 'image') { // fetch image, item containing image, then comments - $ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' - $sql_extra ORDER BY `scale` ASC ", - intval($owner_uid), - DBA::escape($datum) - ); + $ph = Photo::selectToArray([], ["`uid` = ? AND `resource-id` = ? " . $sql_extra, $owner_uid, $datum], ['order' => ['scale' => true]]); if (!DBA::isResult($ph)) { if (DBA::exists('photo', ['resource-id' => $datum, 'uid' => $owner_uid])) { @@ -1149,11 +1134,7 @@ function photos_content(App $a) $order = 'DESC'; } - $prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0 - $sql_extra ORDER BY `created` $order ", - DBA::escape($ph[0]['album']), - intval($owner_uid) - ); + $prvnxt = Photo::selectToArray(['resource-id'], ["`album` = ? AND `uid` = ? AND `scale` = ?" . $sql_extra, $ph[0]['album'], $owner_uid, 0]); if (DBA::isResult($prvnxt)) { $prv = null; @@ -1253,14 +1234,7 @@ function photos_content(App $a) // The difference is that we won't be displaying the conversation head item // as a "post" but displaying instead the photo it is linked to - /// @todo Rewrite this query. To do so, $sql_extra must be changed - $linked_items = q("SELECT `id` FROM `post-user-view` WHERE `resource-id` = '%s' $sql_extra LIMIT 1", - DBA::escape($datum) - ); - if (DBA::isResult($linked_items)) { - // This is a workaround to not being forced to rewrite the while $sql_extra handling - $link_item = Post::selectFirst([], ['id' => $linked_items[0]['id']]); - } + $link_item = Post::selectFirst([], ["`resource-id` = ?" . $sql_extra, $datum]); if (!empty($link_item['parent']) && !empty($link_item['uid'])) { $condition = ["`parent` = ? AND `gravity` = ?", $link_item['parent'], GRAVITY_COMMENT]; @@ -1458,7 +1432,7 @@ function photos_content(App $a) ]; $title_e = $item['title']; - $body_e = BBCode::convert($item['body']); + $body_e = BBCode::convertForUriId($item['uri-id'], $item['body']); $comments .= Renderer::replaceMacros($template,[ '$id' => $item['id'], @@ -1561,40 +1535,33 @@ function photos_content(App $a) // Default - show recent photos with upload link (if applicable) //$o = ''; $total = 0; - $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' + $r = DBA::toArray(DBA::p("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = ? AND `photo-type` = ? $sql_extra GROUP BY `resource-id`", - intval($user['uid']), - DBA::escape(Photo::CONTACT_PHOTOS), - DBA::escape(DI::l10n()->t(Photo::CONTACT_PHOTOS)) - ); + $user['uid'], + Photo::DEFAULT, + )); if (DBA::isResult($r)) { $total = count($r); } $pager = new Pager(DI::l10n(), DI::args()->getQueryString(), 20); - $r = q("SELECT `resource-id`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`filename`) AS `filename`, + $r = DBA::toArray(DBA::p("SELECT `resource-id`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`filename`) AS `filename`, ANY_VALUE(`type`) AS `type`, ANY_VALUE(`album`) AS `album`, max(`scale`) AS `scale`, ANY_VALUE(`created`) AS `created` FROM `photo` - WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' - $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", - intval($user['uid']), - DBA::escape(Photo::CONTACT_PHOTOS), - DBA::escape(DI::l10n()->t(Photo::CONTACT_PHOTOS)), + WHERE `uid` = ? AND `photo-type` = ? + $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT ? , ?", + $user['uid'], + Photo::DEFAULT, $pager->getStart(), $pager->getItemsPerPage() - ); + )); $photos = []; if (DBA::isResult($r)) { // "Twist" is only used for the duepunto theme with style "slackr" $twist = false; foreach ($r as $rr) { - //hide profile photos to others - if (!$is_owner && !Session::getRemoteContactID($owner_uid) && ($rr['album'] == DI::l10n()->t('Profile Photos'))) { - continue; - } - $twist = !$twist; $ext = $phototypes[$rr['type']];