From 9878974e1f3601e9f8c8b994bda8c9112c396831 Mon Sep 17 00:00:00 2001 From: rabuzarus <> Date: Mon, 14 Nov 2016 18:49:51 +0100 Subject: [PATCH] fix photos page permissions --- include/items.php | 6 +++--- mod/photos.php | 12 ++++++------ mod/videos.php | 2 +- mod/wall_attach.php | 42 +++++++++++++++++++++--------------------- mod/wall_upload.php | 40 ++++++++++++++++++++-------------------- 5 files changed, 51 insertions(+), 51 deletions(-) diff --git a/include/items.php b/include/items.php index a0fe59bf17..ebe1fca6e9 100644 --- a/include/items.php +++ b/include/items.php @@ -1896,21 +1896,21 @@ function drop_item($id,$interactive = true) { $owner = $item['uid']; - $cid = 0; + $contact_id = 0; // check if logged in user is either the author or owner of this item if (is_array($_SESSION['remote'])) { foreach($_SESSION['remote'] as $visitor) { if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) { - $cid = $visitor['cid']; + $contact_id = $visitor['cid']; break; } } } - if ((local_user() == $item['uid']) || ($cid) || (! $interactive)) { + if ((local_user() == $item['uid']) || ($contact_id) || (! $interactive)) { // Check if we should do HTML-based delete confirmation if ($_REQUEST['confirm']) { diff --git a/mod/photos.php b/mod/photos.php index 1730a9b60c..d72a824827 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -132,24 +132,24 @@ function photos_post(&$a) { $can_post = true; else { if ($community_page && remote_user()) { - $cid = 0; + $contact_id = 0; if (is_array($_SESSION['remote'])) { foreach ($_SESSION['remote'] as $v) { if ($v['uid'] == $page_owner_uid) { - $cid = $v['cid']; + $contact_id = $v['cid']; break; } } } - if ($cid) { + if ($contact_id) { $r = qu("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($cid), + intval($contact_id), intval($page_owner_uid) ); if (dbm::is_result($r)) { $can_post = true; - $visitor = $cid; + $visitor = $contact_id; } } } @@ -1012,7 +1012,7 @@ function photos_content(&$a) { $can_post = true; $contact = $r[0]; $remote_contact = true; - $visitor = $cid; + $visitor = $contact_id; } } } diff --git a/mod/videos.php b/mod/videos.php index fb742eb015..1bb59bc542 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -263,7 +263,7 @@ function videos_content(&$a) { $can_post = true; $contact = $r[0]; $remote_contact = true; - $visitor = $cid; + $visitor = $contact_id; } } } diff --git a/mod/wall_attach.php b/mod/wall_attach.php index 68752a0e1f..15e3d3f75e 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -14,19 +14,19 @@ function wall_attach_post(&$a) { ); if(! count($r)){ if ($r_json) { - echo json_encode(array('error'=>t('Invalid request.'))); - killme(); - } + echo json_encode(array('error'=>t('Invalid request.'))); + killme(); + } return; - } + } } else { if ($r_json) { - echo json_encode(array('error'=>t('Invalid request.'))); - killme(); - } + echo json_encode(array('error'=>t('Invalid request.'))); + killme(); + } return; - } + } $can_post = false; $visitor = 0; @@ -40,41 +40,41 @@ function wall_attach_post(&$a) { $can_post = true; else { if($community_page && remote_user()) { - $cid = 0; + $contact_id = 0; if(is_array($_SESSION['remote'])) { foreach($_SESSION['remote'] as $v) { if($v['uid'] == $page_owner_uid) { - $cid = $v['cid']; + $contact_id = $v['cid']; break; } } } - if($cid) { + if($contact_id) { $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($cid), + intval($contact_id), intval($page_owner_uid) ); if(count($r)) { $can_post = true; - $visitor = $cid; + $visitor = $contact_id; } } } } if(! $can_post) { if ($r_json) { - echo json_encode(array('error'=>t('Permission denied.'))); - killme(); - } + echo json_encode(array('error'=>t('Permission denied.'))); + killme(); + } notice( t('Permission denied.') . EOL ); killme(); } if(! x($_FILES,'userfile')) { if ($r_json) { - echo json_encode(array('error'=>t('Invalid request.'))); - } + echo json_encode(array('error'=>t('Invalid request.'))); + } killme(); } @@ -179,9 +179,9 @@ function wall_attach_post(&$a) { } if ($r_json) { - echo json_encode(array('ok'=>true)); - killme(); - } + echo json_encode(array('ok'=>true)); + killme(); + } $lf = "\n"; diff --git a/mod/wall_upload.php b/mod/wall_upload.php index b815348c70..f5996d76f5 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -17,8 +17,8 @@ function wall_upload_post(&$a, $desktopmode = true) { if(! count($r)){ if ($r_json) { - echo json_encode(array('error'=>t('Invalid request.'))); - killme(); + echo json_encode(array('error'=>t('Invalid request.'))); + killme(); } return; } @@ -30,8 +30,8 @@ function wall_upload_post(&$a, $desktopmode = true) { } } else { if ($r_json) { - echo json_encode(array('error'=>t('Invalid request.'))); - killme(); + echo json_encode(array('error'=>t('Invalid request.'))); + killme(); } return; } @@ -48,24 +48,24 @@ function wall_upload_post(&$a, $desktopmode = true) { $can_post = true; else { if($community_page && remote_user()) { - $cid = 0; + $contact_id = 0; if(is_array($_SESSION['remote'])) { foreach($_SESSION['remote'] as $v) { if($v['uid'] == $page_owner_uid) { - $cid = $v['cid']; + $contact_id = $v['cid']; break; } } } - if($cid) { + if($contact_id) { $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($cid), + intval($contact_id), intval($page_owner_uid) ); if(count($r)) { $can_post = true; - $visitor = $cid; + $visitor = $contact_id; } } } @@ -74,8 +74,8 @@ function wall_upload_post(&$a, $desktopmode = true) { if(! $can_post) { if ($r_json) { - echo json_encode(array('error'=>t('Permission denied.'))); - killme(); + echo json_encode(array('error'=>t('Permission denied.'))); + killme(); } notice( t('Permission denied.') . EOL ); killme(); @@ -83,7 +83,7 @@ function wall_upload_post(&$a, $desktopmode = true) { if(! x($_FILES,'userfile') && ! x($_FILES,'media')){ if ($r_json) { - echo json_encode(array('error'=>t('Invalid request.'))); + echo json_encode(array('error'=>t('Invalid request.'))); } killme(); } @@ -119,8 +119,8 @@ function wall_upload_post(&$a, $desktopmode = true) { if ($src=="") { if ($r_json) { - echo json_encode(array('error'=>t('Invalid request.'))); - killme(); + echo json_encode(array('error'=>t('Invalid request.'))); + killme(); } notice(t('Invalid request.').EOL); killme(); @@ -248,8 +248,8 @@ function wall_upload_post(&$a, $desktopmode = true) { $r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo` WHERE `resource-id` = '%s' ORDER BY `width` DESC LIMIT 1", $hash); if (!$r){ if ($r_json) { - echo json_encode(array('error'=>'')); - killme(); + echo json_encode(array('error'=>'')); + killme(); } return false; } @@ -265,16 +265,16 @@ function wall_upload_post(&$a, $desktopmode = true) { $picture["preview"] = $a->get_baseurl()."/photo/{$hash}-{$smallest}.".$ph->getExt(); if ($r_json) { - echo json_encode(array('picture'=>$picture)); - killme(); + echo json_encode(array('picture'=>$picture)); + killme(); } return $picture; } if ($r_json) { - echo json_encode(array('ok'=>true)); - killme(); + echo json_encode(array('ok'=>true)); + killme(); } /* mod Waitman Gobble NO WARRANTY */ -- 2.39.5