X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphotos.php;h=b74ca85d71b5b1272b277f92c872614a5bb0be7a;hb=71f71ecf46c9dfc522685d171fbaf9bc7d73b708;hp=f8059fc08e1aa46103bdcf3a76b756f0fb4ee390;hpb=8819c73ba1ae1cbf19d2c517a87d30104d1a5da1;p=friendica.git diff --git a/mod/photos.php b/mod/photos.php index f8059fc08e..b74ca85d71 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -3,6 +3,7 @@ require_once('include/Photo.php'); require_once('include/items.php'); require_once('include/acl_selectors.php'); require_once('include/bbcode.php'); +require_once('include/security.php'); function photos_init(&$a) { @@ -23,39 +24,7 @@ function photos_init(&$a) { $a->data['user'] = $r[0]; - - // default permissions - anonymous user - - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - - // Profile owner - everything is visible - - if(local_user() && (local_user() == $a->data['user']['uid'])) { - $sql_extra = ''; - } - elseif(remote_user()) { - - $groups = init_groups_visitor(remote_user()); - - // authenticated visitor - here lie dragons - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval(remote_user()), - intval(remote_user()), - dbesc($gs), - dbesc($gs) - ); - } - + $sql_extra = permissions_sql($a->data['user']['uid']); $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra ", intval($a->data['user']['uid']) @@ -445,7 +414,8 @@ function photos_post(&$a) { ); } else { - $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", + dbesc($name), dbesc($name), intval($page_owner_uid) ); @@ -806,8 +776,6 @@ function photos_content(&$a) { $owner_uid = $a->data['user']['uid']; - - $community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false); if((local_user()) && (local_user() == $owner_uid)) @@ -849,43 +817,12 @@ function photos_content(&$a) { } } - $r = q("SELECT `hidewall` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1", - intval($owner_uid) - ); - - if(count($r) && $r[0]['hidewall'] && (local_user() != $owner_uid) && (! $remote_contact)) { + if($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (! $remote_contact)) { notice( t('Access to this item is restricted.') . EOL); return; } - // default permissions - anonymous user - - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - - // Profile owner - everything is visible - - if(local_user() && (local_user() == $owner_uid)) { - $sql_extra = ''; - } - elseif(remote_user()) { - // authenticated visitor - here lie dragons - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval(remote_user()), - intval(remote_user()), - dbesc($gs), - dbesc($gs) - ); - } + $sql_extra = permissions_sql($owner_uid,$remote_contact,$groups); $o = ""; @@ -967,7 +904,7 @@ function photos_content(&$a) { $album = hex2bin($datum); $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' - $sql_extra GROUP BY `resource-id`", + AND `scale` <= 4 $sql_extra GROUP BY `resource-id`", intval($owner_uid), dbesc($album) ); @@ -977,7 +914,7 @@ function photos_content(&$a) { } $r = q("SELECT `resource-id`, `id`, `filename`, max(`scale`) AS `scale`, `desc` FROM `photo` WHERE `uid` = %d AND `album` = '%s' - $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", + AND `scale` <= 4 $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", intval($owner_uid), dbesc($album), intval($a->pager['start']), @@ -1170,6 +1107,7 @@ function photos_content(&$a) { } $tags=Null; + if(count($linked_items) && strlen($link_item['tag'])) { $arr = explode(',',$link_item['tag']); // parse tags and add links