aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFriendika <info@friendika.com>2011-01-04 02:01:07 -0800
committerFriendika <info@friendika.com>2011-01-04 02:01:07 -0800
commit15c81716e8cbb916e9bfca5f0d519d9df5baa063 (patch)
treec0d8a3895d4d9d676cde5cf0507190ea48690afc
parentf057cc3a70dd7435b4e9e8a2a07406f0f25e3f2a (diff)
downloadvolse-hubzilla-15c81716e8cbb916e9bfca5f0d519d9df5baa063.tar.gz
volse-hubzilla-15c81716e8cbb916e9bfca5f0d519d9df5baa063.tar.bz2
volse-hubzilla-15c81716e8cbb916e9bfca5f0d519d9df5baa063.zip
much better solution to privacy on ajax wall photos
-rw-r--r--mod/item.php53
-rw-r--r--mod/wall_upload.php6
2 files changed, 29 insertions, 30 deletions
diff --git a/mod/item.php b/mod/item.php
index 36b51a537..f9bf9a04e 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -131,43 +131,42 @@ function item_post(&$a) {
/**
*
- * If a photo was uploaded into the message using the ajax uploader,
- * it can be seen by anybody. Set the permissions to match the message.
- * Ideally this should be done when the photo was uploaded, but the permissions
- * may not have been set at that time, and passing the permission arrays via
- * javascript to the ajax upload is going to be a challenge.
- * This is a compromise. Granted there is a window of time when the photo
- * is public. You are welcome to suggest other ways to fix this.
+ * When a photo was uploaded into the message using the (profile wall) ajax
+ * uploader, The permissions are initially set to disallow anybody but the
+ * owner from seeing it. This is because the permissions may not yet have been
+ * set for the post. If it's private, the photo permissions should be set
+ * appropriately. But we didn't know the final permissions on the post until
+ * now. So now we'll look for links of uploaded messages that are in the
+ * post and set them to the same permissions as the post itself.
*
*/
$match = null;
- if($private) {
- if(preg_match_all("/\[img\](.+?)\[\/img\]/",$body,$match)) {
- $images = $match[1];
- if(count($images)) {
- foreach($images as $image) {
- if(! stristr($image,$a->get_baseurl() . '/photo/'))
- continue;
- $image_uri = substr($image,strrpos($image,'/') + 1);
- $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
- $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
- WHERE `resource-id` = '%s' AND `album` = '%s' ",
- dbesc($str_contact_allow),
- dbesc($str_group_allow),
- dbesc($str_contact_deny),
- dbesc($str_group_deny),
- dbesc($image_uri),
- dbesc( t('Wall Photos'))
- );
-
- }
+ if(preg_match_all("/\[img\](.+?)\[\/img\]/",$body,$match)) {
+ $images = $match[1];
+ if(count($images)) {
+ foreach($images as $image) {
+ if(! stristr($image,$a->get_baseurl() . '/photo/'))
+ continue;
+ $image_uri = substr($image,strrpos($image,'/') + 1);
+ $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
+ $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
+ WHERE `resource-id` = '%s' AND `album` = '%s' ",
+ dbesc($str_contact_allow),
+ dbesc($str_group_allow),
+ dbesc($str_contact_deny),
+ dbesc($str_group_deny),
+ dbesc($image_uri),
+ dbesc( t('Wall Photos'))
+ );
+
}
}
}
+
/**
* Look for any tags and linkify them
*/
diff --git a/mod/wall_upload.php b/mod/wall_upload.php
index eb44012d1..ab06b4b2d 100644
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@@ -76,7 +76,7 @@ function wall_upload_post(&$a) {
$smallest = 0;
- $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0 );
+ $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, '<0>');
if(! $r) {
echo ( t('Image upload failed.') . EOL);
@@ -85,14 +85,14 @@ function wall_upload_post(&$a) {
if($width > 640 || $height > 640) {
$ph->scaleImage(640);
- $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1 );
+ $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, '<0>');
if($r)
$smallest = 1;
}
if($width > 320 || $height > 320) {
$ph->scaleImage(320);
- $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2 );
+ $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, '<0>' );
if($r)
$smallest = 2;
}