diff options
author | RedMatrix <info@friendica.com> | 2014-04-20 12:01:00 +1000 |
---|---|---|
committer | RedMatrix <info@friendica.com> | 2014-04-20 12:01:00 +1000 |
commit | 170b5d95e0ac3dd42a5613777af80def35ed41b6 (patch) | |
tree | ecbee03c46734f01e67f2f60a6d6f373e5ee58d7 /mod | |
parent | 4b17f74300114f31ce6d1993c93d0c5f5563dc4a (diff) | |
parent | c946d926103a3bce94dcf99a137f3329ce011e2a (diff) | |
download | volse-hubzilla-170b5d95e0ac3dd42a5613777af80def35ed41b6.tar.gz volse-hubzilla-170b5d95e0ac3dd42a5613777af80def35ed41b6.tar.bz2 volse-hubzilla-170b5d95e0ac3dd42a5613777af80def35ed41b6.zip |
Merge pull request #418 from jmankiewicz/mod-profpicperm
Patch for Issue #410
Diffstat (limited to 'mod')
-rw-r--r-- | mod/connedit.php | 37 | ||||
-rw-r--r-- | mod/profile_photo.php | 93 | ||||
-rw-r--r-- | mod/profperm.php | 13 |
3 files changed, 133 insertions, 10 deletions
diff --git a/mod/connedit.php b/mod/connedit.php index 2719b7732..198a66b56 100644 --- a/mod/connedit.php +++ b/mod/connedit.php @@ -1,5 +1,11 @@ <?php +/* @file connedit.php + * @brief In this file the connection-editor form is generated and evaluated. + * + * + */ + require_once('include/Contact.php'); require_once('include/socgraph.php'); require_once('include/contact_selectors.php'); @@ -8,6 +14,11 @@ require_once('include/contact_widgets.php'); require_once('include/zot.php'); require_once('include/widgets.php'); +/* @brief Initialize the connection-editor + * + * + */ + function connedit_init(&$a) { if(! local_user()) @@ -31,6 +42,10 @@ function connedit_init(&$a) { } +/* @brief Evaluate posted values and set changes + * + */ + function connedit_post(&$a) { if(! local_user()) @@ -81,7 +96,7 @@ function connedit_post(&$a) { if(strpos($k,'perms_') === 0) { $abook_my_perms += $v; } - } + } $abook_flags = $orig_record[0]['abook_flags']; $new_friend = false; @@ -103,6 +118,15 @@ function connedit_post(&$a) { intval(local_user()) ); + if($orig_record[0]['abook_profile'] != $profile_id) { //Update profile photo permissions + + logger('As a new profile was assigned updateing profile photos'); + require_once('mod/profile_photo.php'); + profile_photo_set_profile_perms($profile_id); + + } + + if($r) info( t('Connection updated.') . EOL); else @@ -114,7 +138,7 @@ function connedit_post(&$a) { } if($new_friend) { - $channel = $a->get_channel(); + $channel = $a->get_channel(); $default_group = $channel['channel_default_group']; if($default_group) { require_once('include/group.php'); @@ -158,6 +182,11 @@ function connedit_post(&$a) { } +/* @brief Clone connection + * + * + */ + function connedit_clone(&$a) { if(! $a->poi) @@ -171,6 +200,10 @@ function connedit_clone(&$a) { build_sync_packet(0 /* use the current local_user */, array('abook' => array($clone))); } +/* @brief Generate content of connection edit page + * + * + */ function connedit_content(&$a) { diff --git a/mod/profile_photo.php b/mod/profile_photo.php index 876e3a931..c587b9606 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -1,7 +1,65 @@ <?php +/* @file profile_photo.php + @brief Module-file with functions for handling of profile-photos + +*/ + require_once('include/photo/photo_driver.php'); +/* @brief Function for sync'ing permissions of profile-photos and their profile +* +* @param $profileid The id number of the profile to sync +* @return void +*/ + +function profile_photo_set_profile_perms($profileid = '') { + + $allowcid = ''; + if (x($profileid)) { + + $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.id = %d OR profile.profile_guid = '%s' LIMIT 1", intval($profileid), dbesc($profileid)); + + } else { + + logger('Resetting permissions on default-profile-photo for user'.local_user()); + $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.uid = %d AND is_default = 1 LIMIT 1", intval(local_user()) ); //If no profile is given, we update the default profile + } + + $profile = $r[0]; + if(x($profile['id']) && x($profile['photo'])) { + preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id); + $resource_id = $resource_id[0]; + + if (intval($profile['is_default']) != 1) { + $r0 = q("SELECT channel_hash FROM channel WHERE channel_id = %d LIMIT 1", intval(local_user()) ); + $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids. + $r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid'])); + $allowcid = "<" . $r0[0]['channel_hash'] . ">"; + foreach ($r1 as $entry) { + $allowcid .= "<" . $entry['abook_xchan'] . ">"; + } + foreach ($r2 as $entry) { + $allowcid .= "<" . $entry['abook_xchan'] . ">"; + } + + q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['uid'])); + + } else { + q("UPDATE `photo` SET allow_cid = '' WHERE profile = 1 AND uid = %d",intval($profile['uid'])); //Reset permissions on default profile picture to public + } + } + + return; +} + +/* @brief Initalize the profile-photo edit view + * + * @param $a Current application + * @return void + * + */ + function profile_photo_init(&$a) { if(! local_user()) { @@ -13,6 +71,12 @@ function profile_photo_init(&$a) { } +/* @brief Evaluate posted values + * + * @param $a Current application + * @return void + * + */ function profile_photo_post(&$a) { @@ -142,6 +206,11 @@ function profile_photo_post(&$a) { // Update directory in background proc_run('php',"include/directory.php",$channel['channel_id']); + + // Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures' + + profile_photo_set_profile_perms($_REQUEST['profile']); + } else notice( t('Unable to process image') . EOL); @@ -179,6 +248,13 @@ function profile_photo_post(&$a) { } +/* @brief Generate content of profile-photo view + * + * @param $a Current application + * @return void + * + */ + if(! function_exists('profile_photo_content')) { function profile_photo_content(&$a) { @@ -230,7 +306,7 @@ function profile_photo_content(&$a) { intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), intval(local_user())); - + // set all sizes of this one as profile photos $r = q("UPDATE photo SET profile = 1 WHERE uid = %d AND resource_id = '%s'", intval(local_user()), @@ -249,7 +325,8 @@ function profile_photo_content(&$a) { dbesc($channel['xchan_hash']) ); - proc_run('php','include/directory.php',local_user()); + profile_photo_set_profile_perms(); //Reset default photo permissions to public + proc_run('php','include/directory.php',local_user()); goaway($a->get_baseurl() . '/profiles'); } @@ -273,7 +350,7 @@ function profile_photo_content(&$a) { ); if(! x($a->data,'imagecrop')) { - + $tpl = get_markup_template('profile_photo.tpl'); $o .= replace_macros($tpl,array( @@ -310,6 +387,14 @@ function profile_photo_content(&$a) { return; // NOTREACHED }} +/* @brief Generate the UI for photo-cropping + * + * @param $a Current application + * @param $ph Photo-Factory + * @return void + * + */ + if(! function_exists('profile_photo_crop_ui_head')) { function profile_photo_crop_ui_head(&$a, $ph){ @@ -346,7 +431,7 @@ function profile_photo_crop_ui_head(&$a, $ph){ $p['scale'] = 1; $r = $ph->save($p); - + if($r === false) notice( sprintf(t('Image size reduction [%s] failed.'),"640") . EOL ); else diff --git a/mod/profperm.php b/mod/profperm.php index 915f2a994..197062936 100644 --- a/mod/profperm.php +++ b/mod/profperm.php @@ -10,7 +10,7 @@ function profperm_init(&$a) { $channel = $a->get_channel(); $which = $channel['channel_address']; - $profile = $a->argv[1]; + $profile = $a->argv[1]; profile_load($a,$which,$profile); @@ -89,6 +89,11 @@ function profperm_content(&$a) { } + + //Time to update the permissions on the profile-pictures as well + require_once('mod/profile_photo.php'); + profile_photo_set_profile_perms($profile['id']); + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'", intval(local_user()), dbesc($profile['profile_guid']) @@ -111,9 +116,9 @@ function profperm_content(&$a) { } $o .= '<div id="prof-update-wrapper">'; - if($change) + if($change) $o = ''; - + $o .= '<div id="prof-members-title">'; $o .= '<h3>' . t('Visible To') . '</h3>'; $o .= '</div>'; @@ -134,7 +139,7 @@ function profperm_content(&$a) { $o .= '<h3>' . t("All Connections") . '</h3>'; $o .= '</div>'; $o .= '<div id="prof-all-contacts">'; - + $r = abook_connections(local_user()); if($r) { |