aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-08-15 13:18:25 -0700
committerredmatrix <git@macgirvin.com>2016-08-15 13:18:25 -0700
commit4facae674d0f0047339860cb7011d8a13b3e601d (patch)
treeab0745de308b0d81f24a1366d7d95ac99f494fbd /include
parent39005634c6f5d4d3e613761e4fafb3997cc65a00 (diff)
downloadvolse-hubzilla-4facae674d0f0047339860cb7011d8a13b3e601d.tar.gz
volse-hubzilla-4facae674d0f0047339860cb7011d8a13b3e601d.tar.bz2
volse-hubzilla-4facae674d0f0047339860cb7011d8a13b3e601d.zip
fix attached photo/file permissions on clones
Diffstat (limited to 'include')
-rw-r--r--include/import.php4
-rwxr-xr-xinclude/items.php134
2 files changed, 138 insertions, 0 deletions
diff --git a/include/import.php b/include/import.php
index 5bbed828f..84881a420 100644
--- a/include/import.php
+++ b/include/import.php
@@ -629,6 +629,10 @@ function import_items($channel,$items,$sync = false,$relocate = null) {
$item_result = item_store($item,$allow_code,$deliver);
}
+ fix_attached_photo_permissions($channel['channel_id'],$item['author_xchan'],$item['body'],$item['allow_cid'],$item['allow_gid'],$item['deny_cid'],$item['deny_gid']);
+
+ fix_attached_file_permissions($channel,$item['author_xchan'],$item['body'],$item['allow_cid'],$item['allow_gid'],$item['deny_cid'],$item['deny_gid']);
+
if($sync && $item['item_wall']) {
// deliver singletons if we have any
if($item_result && $item_result['success']) {
diff --git a/include/items.php b/include/items.php
index 5bd0b0968..0373dcb0d 100755
--- a/include/items.php
+++ b/include/items.php
@@ -4327,3 +4327,137 @@ function sync_an_item($channel_id,$item_id) {
build_sync_packet($channel_d,array('item' => array(encode_item($sync_item[0],true)),'item_id' => $rid));
}
}
+
+
+function fix_attached_photo_permissions($uid,$xchan_hash,$body,
+ $str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny) {
+
+ if(get_pconfig($uid,'system','force_public_uploads')) {
+ $str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
+ }
+
+ $match = null;
+ // match img and zmg image links
+ if(preg_match_all("/\[[zi]mg(.*?)\](.*?)\[\/[zi]mg\]/",$body,$match)) {
+ $images = $match[2];
+ if($images) {
+ foreach($images as $image) {
+ if(! stristr($image,z_root() . '/photo/'))
+ continue;
+ $image_uri = substr($image,strrpos($image,'/') + 1);
+ if(strpos($image_uri,'-') !== false)
+ $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
+ if(strpos($image_uri,'.') !== false)
+ $image_uri = substr($image_uri,0, strpos($image_uri,'.'));
+ if(! strlen($image_uri))
+ continue;
+ $srch = '<' . $xchan_hash . '>';
+
+ $r = q("select folder from attach where hash = '%s' and uid = %d limit 1",
+ dbesc($image_uri),
+ intval($uid)
+ );
+ if($r && $r[0]['folder']) {
+ $f = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1",
+ dbesc($r[0]['folder']),
+ intval($uid)
+ );
+ if(($f) && (($f[0]['allow_cid']) || ($f[0]['allow_gid']) || ($f[0]['deny_cid']) || ($f[0]['deny_gid']))) {
+ $str_contact_allow = $f[0]['allow_cid'];
+ $str_group_allow = $f[0]['allow_gid'];
+ $str_contact_deny = $f[0]['deny_cid'];
+ $str_group_deny = $f[0]['deny_gid'];
+ }
+ }
+
+ $r = q("SELECT id FROM photo
+ WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = ''
+ AND resource_id = '%s' AND uid = %d LIMIT 1",
+ dbesc($srch),
+ dbesc($image_uri),
+ intval($uid)
+ );
+
+ if($r) {
+ $r = q("UPDATE photo SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s'
+ WHERE resource_id = '%s' AND uid = %d ",
+ dbesc($str_contact_allow),
+ dbesc($str_group_allow),
+ dbesc($str_contact_deny),
+ dbesc($str_group_deny),
+ dbesc($image_uri),
+ intval($uid)
+ );
+
+ // also update the linked item (which is probably invisible)
+
+ $r = q("select id from item
+ WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = ''
+ AND resource_id = '%s' and resource_type = 'photo' AND uid = %d LIMIT 1",
+ dbesc($srch),
+ dbesc($image_uri),
+ intval($uid)
+ );
+ if($r) {
+ $private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false);
+
+ $r = q("UPDATE item SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d
+ WHERE id = %d AND uid = %d",
+ dbesc($str_contact_allow),
+ dbesc($str_group_allow),
+ dbesc($str_contact_deny),
+ dbesc($str_group_deny),
+ intval($private),
+ intval($r[0]['id']),
+ intval($uid)
+ );
+ }
+ $r = q("select id from attach where hash = '%s' and uid = %d limit 1",
+ dbesc($image_uri),
+ intval($uid)
+ );
+ if($r) {
+ q("update attach SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s'
+ WHERE id = %d AND uid = %d",
+ dbesc($str_contact_allow),
+ dbesc($str_group_allow),
+ dbesc($str_contact_deny),
+ dbesc($str_group_deny),
+ intval($r[0]['id']),
+ intval($uid)
+ );
+ }
+ }
+ }
+ }
+ }
+}
+
+
+function fix_attached_file_permissions($channel,$observer_hash,$body,
+ $str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny) {
+
+ if(get_pconfig($channel['channel_id'],'system','force_public_uploads')) {
+ $str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
+ }
+
+ $match = false;
+
+ if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",$body,$match)) {
+ $attaches = $match[1];
+ if($attaches) {
+ foreach($attaches as $attach) {
+ $hash = substr($attach,0,strpos($attach,','));
+ $rev = intval(substr($attach,strpos($attach,',')));
+ attach_store($channel,$observer_hash,$options = 'update', array(
+ 'hash' => $hash,
+ 'revision' => $rev,
+ 'allow_cid' => $str_contact_allow,
+ 'allow_gid' => $str_group_allow,
+ 'deny_cid' => $str_contact_deny,
+ 'deny_gid' => $str_group_deny
+ ));
+ }
+ }
+ }
+}