X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FPhoto.php;h=96c82b0c17d84c0cc095e8872b919cafee805be3;hb=07862b8a8840e2e7f833cd7ef670fb442d865860;hp=9623f5622eabf849292bd45f25bae99c82136306;hpb=1874a32728142f2c12724562eb122eb1cd1370fe;p=friendica.git

diff --git a/src/Model/Photo.php b/src/Model/Photo.php
index 9623f5622e..96c82b0c17 100644
--- a/src/Model/Photo.php
+++ b/src/Model/Photo.php
@@ -36,6 +36,7 @@ use Friendica\Object\Image;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Images;
 use Friendica\Security\Security;
+use Friendica\Util\Network;
 use Friendica\Util\Proxy;
 use Friendica\Util\Strings;
 
@@ -147,13 +148,14 @@ class Photo
 	 * on success, "no sign" image info, if user has no permission,
 	 * false if photo does not exists
 	 *
-	 * @param string  $resourceid Rescource ID of the photo
-	 * @param integer $scale      Scale of the photo. Defaults to 0
+	 * @param string  $resourceid  Rescource ID of the photo
+	 * @param integer $scale       Scale of the photo. Defaults to 0
+	 * @param integer $visitor_uid UID of the visitor
 	 *
 	 * @return boolean|array
 	 * @throws \Exception
 	 */
-	public static function getPhoto(string $resourceid, int $scale = 0)
+	public static function getPhoto(string $resourceid, int $scale = 0, int $visitor_uid = 0)
 	{
 		$r = self::selectFirst(['uid'], ['resource-id' => $resourceid]);
 		if (!DBA::isResult($r)) {
@@ -164,7 +166,11 @@ class Photo
 
 		$accessible = $uid ? (bool)DI::pConfig()->get($uid, 'system', 'accessible-photos', false) : false;
 
-		$sql_acl = Security::getPermissionsSQLByUserId($uid, $accessible);
+		if (!empty($visitor_uid) && ($uid == $visitor_uid)) {
+			$sql_acl = '';
+		} else {
+			$sql_acl = Security::getPermissionsSQLByUserId($uid, $accessible);
+		}
 
 		$conditions = ["`resource-id` = ? AND `scale` <= ? " . $sql_acl, $resourceid, $scale];
 		$params = ['order' => ['scale' => true]];
@@ -225,7 +231,7 @@ class Photo
 			DBA::p(
 				"SELECT `resource-id`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`filename`) AS `filename`, ANY_VALUE(`type`) AS `type`,
 					min(`scale`) AS `hiq`, max(`scale`) AS `loq`, ANY_VALUE(`desc`) AS `desc`, ANY_VALUE(`created`) AS `created`
-					FROM `photo` WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) $sqlExtra 
+					FROM `photo` WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) $sqlExtra
 					GROUP BY `resource-id` $sqlExtra2",
 				$values
 			));
@@ -582,6 +588,11 @@ class Photo
 
 		$photo_failure = false;
 
+		if (!Network::isValidHttpUrl($image_url)) {
+			Logger::warning('Invalid image url', ['image_url' => $image_url, 'uid' => $uid, 'cid' => $cid, 'callstack' => System::callstack(20)]);
+			return false;
+		}
+
 		$filename = basename($image_url);
 		if (!empty($image_url)) {
 			$ret = DI::httpClient()->get($image_url, HttpClientAccept::IMAGE);
@@ -907,7 +918,7 @@ class Photo
 	 */
 	public static function getResourceData(string $name): array
 	{
-		$base = DI::baseUrl()->get();
+		$base = DI::baseUrl();
 
 		$guid = str_replace([Strings::normaliseLink($base), '/photo/'], '', Strings::normaliseLink($name));
 
@@ -971,7 +982,7 @@ class Photo
 	 */
 	public static function isLocalPage(string $name): bool
 	{
-		$base = DI::baseUrl()->get();
+		$base = DI::baseUrl();
 
 		$guid = str_replace(Strings::normaliseLink($base), '', Strings::normaliseLink($name));
 		$guid = preg_replace("=/photos/.*/image/(.*)=ism", '$1', $guid);