fix photos page permissions

author rabuzarus <>

Mon, 14 Nov 2016 17:49:51 +0000 (18:49 +0100)

committer rabuzarus <>

Mon, 14 Nov 2016 17:49:51 +0000 (18:49 +0100)
author rabuzarus <>
Mon, 14 Nov 2016 17:49:51 +0000 (18:49 +0100)
committer rabuzarus <>
Mon, 14 Nov 2016 17:49:51 +0000 (18:49 +0100)
diff --git a/include/items.php b/include/items.php

index a0fe59bf17d41ddad8d82b4f5508329385528f3c..ebe1fca6e9fbbce909754525b1d990ec58e99f25 100644 (file)
--- a/include/items.php
+++ b/include/items.php
@@ -1896,21 +1896,21 @@ function drop_item($id,$interactive = true) {
  
         $owner = $item['uid'];
  
-       $cid = 0;
+       $contact_id = 0;
  
         // check if logged in user is either the author or owner of this item
  
         if (is_array($_SESSION['remote'])) {
                 foreach($_SESSION['remote'] as $visitor) {
                         if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
-                               $cid = $visitor['cid'];
+                               $contact_id = $visitor['cid'];
                                 break;
                         }
                 }
         }
  
  
-       if ((local_user() == $item['uid']) || ($cid) || (! $interactive)) {
+       if ((local_user() == $item['uid']) || ($contact_id) || (! $interactive)) {
  
                 // Check if we should do HTML-based delete confirmation
                 if ($_REQUEST['confirm']) {
diff --git a/mod/photos.php b/mod/photos.php

index 1730a9b60c14694126d7320e3766c6077f4870d0..d72a824827dac3f6daabc5f2a24ce4044222d454 100644 (file)
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -132,24 +132,24 @@ function photos_post(&$a) {
                 $can_post = true;
         else {
                 if ($community_page && remote_user()) {
-                       $cid = 0;
+                       $contact_id = 0;
                         if (is_array($_SESSION['remote'])) {
                                 foreach ($_SESSION['remote'] as $v) {
                                         if ($v['uid'] == $page_owner_uid) {
-                                               $cid = $v['cid'];
+                                               $contact_id = $v['cid'];
                                                 break;
                                         }
                                 }
                         }
-                       if ($cid) {
+                       if ($contact_id) {
  
                                 $r = qu("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
-                                       intval($cid),
+                                       intval($contact_id),
                                         intval($page_owner_uid)
                                 );
                                 if (dbm::is_result($r)) {
                                         $can_post = true;
-                                       $visitor = $cid;
+                                       $visitor = $contact_id;
                                 }
                         }
                 }
@@ -1012,7 +1012,7 @@ function photos_content(&$a) {
                                         $can_post = true;
                                         $contact = $r[0];
                                         $remote_contact = true;
-                                       $visitor = $cid;
+                                       $visitor = $contact_id;
                                 }
                         }
                 }
diff --git a/mod/videos.php b/mod/videos.php

index fb742eb015f355e1d2965091ffe7641a1a8ef1c8..1bb59bc5429e9b614e0cb3596d62eb23fc072f64 100644 (file)
--- a/mod/videos.php
+++ b/mod/videos.php
@@ -263,7 +263,7 @@ function videos_content(&$a) {
                                         $can_post = true;
                                         $contact = $r[0];
                                         $remote_contact = true;
-                                       $visitor = $cid;
+                                       $visitor = $contact_id;
                                 }
                         }
                 }
diff --git a/mod/wall_attach.php b/mod/wall_attach.php

index 68752a0e1f659082e51ec6df90add56663d5ba1d..15e3d3f75e2384f8a8030e31d88c58f2280fb3f2 100644 (file)
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@@ -14,19 +14,19 @@ function wall_attach_post(&$a) {
                 );
                 if(! count($r)){
                         if ($r_json) {
-                            echo json_encode(array('error'=>t('Invalid request.')));
-                            killme();
-                        }
+                               echo json_encode(array('error'=>t('Invalid request.')));
+                               killme();
+                       }
                         return;
-        }
+       }
  
         } else {
                 if ($r_json) {
-                    echo json_encode(array('error'=>t('Invalid request.')));
-                    killme();
-                }
+                       echo json_encode(array('error'=>t('Invalid request.')));
+                       killme();
+               }
                 return;
-    }
+       }
  
         $can_post  = false;
         $visitor   = 0;
@@ -40,41 +40,41 @@ function wall_attach_post(&$a) {
                 $can_post = true;
         else {
                 if($community_page && remote_user()) {
-                       $cid = 0;
+                       $contact_id = 0;
                         if(is_array($_SESSION['remote'])) {
                                 foreach($_SESSION['remote'] as $v) {
                                         if($v['uid'] == $page_owner_uid) {
-                                               $cid = $v['cid'];
+                                               $contact_id = $v['cid'];
                                                 break;
                                         }
                                 }
                         }
-                       if($cid) {
+                       if($contact_id) {
  
                                 $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
-                                       intval($cid),
+                                       intval($contact_id),
                                         intval($page_owner_uid)
                                 );
                                 if(count($r)) {
                                         $can_post = true;
-                                       $visitor = $cid;
+                                       $visitor = $contact_id;
                                 }
                         }
                 }
         }
         if(! $can_post) {
                 if ($r_json) {
-                    echo json_encode(array('error'=>t('Permission denied.')));
-                    killme();
-                }
+                       echo json_encode(array('error'=>t('Permission denied.')));
+                       killme();
+               }
                 notice( t('Permission denied.') . EOL );
                 killme();
         }
  
         if(! x($_FILES,'userfile')) {
                 if ($r_json) {
-                    echo json_encode(array('error'=>t('Invalid request.')));
-                }
+                       echo json_encode(array('error'=>t('Invalid request.')));
+               }
                 killme();
         }
  
@@ -179,9 +179,9 @@ function wall_attach_post(&$a) {
         }
  
         if ($r_json) {
-            echo json_encode(array('ok'=>true));
-            killme();
-        }
+               echo json_encode(array('ok'=>true));
+               killme();
+       }
  
         $lf = "\n";
  
diff --git a/mod/wall_upload.php b/mod/wall_upload.php

index b815348c7010baddd103553dc653f83da416ce86..f5996d76f5de8dddf66279ea9788ce0b1316911f 100644 (file)
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@@ -17,8 +17,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
  
                         if(! count($r)){
                                 if ($r_json) {
-                                   echo json_encode(array('error'=>t('Invalid request.')));
-                                   killme();
+                                       echo json_encode(array('error'=>t('Invalid request.')));
+                                       killme();
                                 }
                                 return;
                         }
@@ -30,8 +30,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
                 }
         } else {
                 if ($r_json) {
-                   echo json_encode(array('error'=>t('Invalid request.')));
-                   killme();
+                       echo json_encode(array('error'=>t('Invalid request.')));
+                       killme();
                 }
                 return;
         }
@@ -48,24 +48,24 @@ function wall_upload_post(&$a, $desktopmode = true) {
                 $can_post = true;
         else {
                 if($community_page && remote_user()) {
-                       $cid = 0;
+                       $contact_id = 0;
                         if(is_array($_SESSION['remote'])) {
                                 foreach($_SESSION['remote'] as $v) {
                                         if($v['uid'] == $page_owner_uid) {
-                                               $cid = $v['cid'];
+                                               $contact_id = $v['cid'];
                                                 break;
                                         }
                                 }
                         }
-                       if($cid) {
+                       if($contact_id) {
  
                                 $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
-                                       intval($cid),
+                                       intval($contact_id),
                                         intval($page_owner_uid)
                                 );
                                 if(count($r)) {
                                         $can_post = true;
-                                       $visitor = $cid;
+                                       $visitor = $contact_id;
                                 }
                         }
                 }
@@ -74,8 +74,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
  
         if(! $can_post) {
                 if ($r_json) {
-                   echo json_encode(array('error'=>t('Permission denied.')));
-                   killme();
+                       echo json_encode(array('error'=>t('Permission denied.')));
+                       killme();
                 }
                 notice( t('Permission denied.') . EOL );
                 killme();
@@ -83,7 +83,7 @@ function wall_upload_post(&$a, $desktopmode = true) {
  
         if(! x($_FILES,'userfile') && ! x($_FILES,'media')){
                 if ($r_json) {
-                   echo json_encode(array('error'=>t('Invalid request.')));
+                       echo json_encode(array('error'=>t('Invalid request.')));
                 }
                 killme();
         }
@@ -119,8 +119,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
  
         if ($src=="") {
                 if ($r_json) {
-                   echo json_encode(array('error'=>t('Invalid request.')));
-                   killme();
+                       echo json_encode(array('error'=>t('Invalid request.')));
+                       killme();
                 }
                 notice(t('Invalid request.').EOL);
                 killme();
@@ -248,8 +248,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
                 $r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo` WHERE `resource-id` = '%s' ORDER BY `width` DESC LIMIT 1", $hash);
                 if (!$r){
                         if ($r_json) {
-                           echo json_encode(array('error'=>''));
-                           killme();
+                               echo json_encode(array('error'=>''));
+                               killme();
                         }
                         return false;
                 }
@@ -265,16 +265,16 @@ function wall_upload_post(&$a, $desktopmode = true) {
                 $picture["preview"] = $a->get_baseurl()."/photo/{$hash}-{$smallest}.".$ph->getExt();
  
                 if ($r_json) {
-                   echo json_encode(array('picture'=>$picture));
-                   killme();
+                       echo json_encode(array('picture'=>$picture));
+                       killme();
                 }
                 return $picture;
         }
  
  
         if ($r_json) {
-           echo json_encode(array('ok'=>true));
-           killme();
+               echo json_encode(array('ok'=>true));
+               killme();
         }
  
  /* mod Waitman Gobble NO WARRANTY */
author	rabuzarus <>
	Mon, 14 Nov 2016 17:49:51 +0000 (18:49 +0100)
committer	rabuzarus <>
	Mon, 14 Nov 2016 17:49:51 +0000 (18:49 +0100)
include/items.php		patch \| blob \| history
mod/photos.php		patch \| blob \| history
mod/videos.php		patch \| blob \| history
mod/wall_attach.php		patch \| blob \| history
mod/wall_upload.php		patch \| blob \| history