diff options
author | friendica <info@friendica.com> | 2013-12-22 17:44:14 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-12-22 17:44:14 -0800 |
commit | eff38538eeaa3af0774c77d26c5b00dd79cb9e8c (patch) | |
tree | 03eb94cfd63cb321138182d73f318d53aad00373 | |
parent | a9e225b38af3a79802ee52670842ea1d732e9214 (diff) | |
download | volse-hubzilla-eff38538eeaa3af0774c77d26c5b00dd79cb9e8c.tar.gz volse-hubzilla-eff38538eeaa3af0774c77d26c5b00dd79cb9e8c.tar.bz2 volse-hubzilla-eff38538eeaa3af0774c77d26c5b00dd79cb9e8c.zip |
more (somewhat minor) but important cleanup for mod_photos so visitors with the correct permissions to add photos can also remove them
-rw-r--r-- | mod/photos.php | 28 |
1 files changed, 12 insertions, 16 deletions
diff --git a/mod/photos.php b/mod/photos.php index 9e6fcecdb..ff58e18d9 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -157,23 +157,20 @@ function photos_post(&$a) { } if((argc() > 2) && (x($_REQUEST,'delete')) && ($_REQUEST['delete'] === t('Delete Photo'))) { -// FIXME + // same as above but remove single photo - if($visitor) { - $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource_id` = '%s' LIMIT 1", - intval($visitor), - intval($page_owner_uid), - dbesc($a->argv[2]) - ); - } - else { - $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' LIMIT 1", - intval(local_user()), - dbesc($a->argv[2]) - ); - } - if(count($r)) { + $ob_hash = get_observer_hash(); + if(! $ob_hash) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", + dbesc($ob_hash), + intval(local_user()), + dbesc($a->argv[2]) + ); + + if($r) { q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'", intval($page_owner_uid), dbesc($r[0]['resource_id']) @@ -200,7 +197,6 @@ function photos_post(&$a) { } goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); - return; // NOTREACHED } if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) { |