diff options
author | friendica <info@friendica.com> | 2013-01-30 19:52:07 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-01-30 19:52:07 -0800 |
commit | 2f9a9ec8b108bf6a38dca324772da4b4e4135019 (patch) | |
tree | dce6fe5572e9acca77d658d717b3847a8cea59d8 | |
parent | 3d06f3964f7c5b36a151268c37fcac4d87b49e76 (diff) | |
download | volse-hubzilla-2f9a9ec8b108bf6a38dca324772da4b4e4135019.tar.gz volse-hubzilla-2f9a9ec8b108bf6a38dca324772da4b4e4135019.tar.bz2 volse-hubzilla-2f9a9ec8b108bf6a38dca324772da4b4e4135019.zip |
enforce the new enhanced permissions (not just simple access controls) on photos - caveat: the default profile photo cannot be restricted. Any such restrictions will be ignored.
-rw-r--r-- | mod/photo.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/mod/photo.php b/mod/photo.php index 5033033ff..c8fd55706 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -22,13 +22,15 @@ function photo_init(&$a) { // NOTREACHED } + $observer_xchan = get_observer_hash(); + $default = 'images/person-175.jpg'; if(isset($type)) { - /** - * Profile photos + * Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites. + * */ if($type === 'profile') { @@ -84,8 +86,10 @@ function photo_init(&$a) { dbesc($photo), intval($resolution) ); - if(count($r)) { + if($r) { + $allowed = perm_is_allowed($r[0]['uid'],$observer_xchan,'view_photos'); + $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the photo @@ -95,7 +99,7 @@ function photo_init(&$a) { intval($resolution) ); - if(count($r)) { + if($r && $allowed) { $data = $r[0]['data']; $mimetype = $r[0]['type']; } @@ -113,7 +117,7 @@ function photo_init(&$a) { dbesc($photo), intval($resolution) ); - if(count($r)) { + if($r) { $data = file_get_contents('images/nosign.jpg'); $mimetype = 'image/jpeg'; $prvcachecontrol = true; |