aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-12-22 17:44:14 -0800
committerfriendica <info@friendica.com>2013-12-22 17:44:14 -0800
commiteff38538eeaa3af0774c77d26c5b00dd79cb9e8c (patch)
tree03eb94cfd63cb321138182d73f318d53aad00373
parenta9e225b38af3a79802ee52670842ea1d732e9214 (diff)
downloadvolse-hubzilla-eff38538eeaa3af0774c77d26c5b00dd79cb9e8c.tar.gz
volse-hubzilla-eff38538eeaa3af0774c77d26c5b00dd79cb9e8c.tar.bz2
volse-hubzilla-eff38538eeaa3af0774c77d26c5b00dd79cb9e8c.zip
more (somewhat minor) but important cleanup for mod_photos so visitors with the correct permissions to add photos can also remove them
-rw-r--r--mod/photos.php28
1 files changed, 12 insertions, 16 deletions
diff --git a/mod/photos.php b/mod/photos.php
index 9e6fcecdb..ff58e18d9 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -157,23 +157,20 @@ function photos_post(&$a) {
}
if((argc() > 2) && (x($_REQUEST,'delete')) && ($_REQUEST['delete'] === t('Delete Photo'))) {
-// FIXME
+
// same as above but remove single photo
- if($visitor) {
- $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource_id` = '%s' LIMIT 1",
- intval($visitor),
- intval($page_owner_uid),
- dbesc($a->argv[2])
- );
- }
- else {
- $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' LIMIT 1",
- intval(local_user()),
- dbesc($a->argv[2])
- );
- }
- if(count($r)) {
+ $ob_hash = get_observer_hash();
+ if(! $ob_hash)
+ goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
+
+ $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1",
+ dbesc($ob_hash),
+ intval(local_user()),
+ dbesc($a->argv[2])
+ );
+
+ if($r) {
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'",
intval($page_owner_uid),
dbesc($r[0]['resource_id'])
@@ -200,7 +197,6 @@ function photos_post(&$a) {
}
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
- return; // NOTREACHED
}
if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) {