aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-01-30 19:52:07 -0800
committerfriendica <info@friendica.com>2013-01-30 19:52:07 -0800
commit2f9a9ec8b108bf6a38dca324772da4b4e4135019 (patch)
treedce6fe5572e9acca77d658d717b3847a8cea59d8
parent3d06f3964f7c5b36a151268c37fcac4d87b49e76 (diff)
downloadvolse-hubzilla-2f9a9ec8b108bf6a38dca324772da4b4e4135019.tar.gz
volse-hubzilla-2f9a9ec8b108bf6a38dca324772da4b4e4135019.tar.bz2
volse-hubzilla-2f9a9ec8b108bf6a38dca324772da4b4e4135019.zip
enforce the new enhanced permissions (not just simple access controls) on photos - caveat: the default profile photo cannot be restricted. Any such restrictions will be ignored.
-rw-r--r--mod/photo.php14
1 files changed, 9 insertions, 5 deletions
diff --git a/mod/photo.php b/mod/photo.php
index 5033033ff..c8fd55706 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -22,13 +22,15 @@ function photo_init(&$a) {
// NOTREACHED
}
+ $observer_xchan = get_observer_hash();
+
$default = 'images/person-175.jpg';
if(isset($type)) {
-
/**
- * Profile photos
+ * Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites.
+ *
*/
if($type === 'profile') {
@@ -84,8 +86,10 @@ function photo_init(&$a) {
dbesc($photo),
intval($resolution)
);
- if(count($r)) {
+ if($r) {
+ $allowed = perm_is_allowed($r[0]['uid'],$observer_xchan,'view_photos');
+
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the photo
@@ -95,7 +99,7 @@ function photo_init(&$a) {
intval($resolution)
);
- if(count($r)) {
+ if($r && $allowed) {
$data = $r[0]['data'];
$mimetype = $r[0]['type'];
}
@@ -113,7 +117,7 @@ function photo_init(&$a) {
dbesc($photo),
intval($resolution)
);
- if(count($r)) {
+ if($r) {
$data = file_get_contents('images/nosign.jpg');
$mimetype = 'image/jpeg';
$prvcachecontrol = true;