$match = null;
+ /// @todo these lines should be moved to Model/Photo
if (!$preview && preg_match_all("/\[img([\=0-9x]*?)\](.*?)\[\/img\]/",$body,$match)) {
$images = $match[2];
if (count($images)) {
continue;
}
- /// @todo these lines should be moved to Model/Photo
+ // Ensure to only modify photos that you own
$srch = '<' . intval($original_contact_id) . '>';
$condition = ['allow_cid' => $srch, 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '',
*/
$match = false;
+ /// @todo these lines should be moved to Model/Attach (Once it exists)
if (!$preview && preg_match_all("/\[attachment\](.*?)\[\/attachment\]/", $body, $match)) {
$attaches = $match[1];
if (count($attaches)) {
foreach ($attaches as $attach) {
+ // Ensure to only modify attachments that you own
+ $srch = '<' . intval($original_contact_id) . '>';
+
+ $condition = ['allow_cid' => $srch, 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '',
+ 'id' => $attach];
+ if (!dba::exists('attach', $condition)) {
+ continue;
+ }
+
$fields = ['allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow,
'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny];
$condition = ['id' => $attach];
projects / friendica.git / commitdiff