aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--mod/connedit.php37
-rw-r--r--mod/profile_photo.php93
-rw-r--r--mod/profperm.php13
3 files changed, 133 insertions, 10 deletions
diff --git a/mod/connedit.php b/mod/connedit.php
index 2719b7732..198a66b56 100644
--- a/mod/connedit.php
+++ b/mod/connedit.php
@@ -1,5 +1,11 @@
<?php
+/* @file connedit.php
+ * @brief In this file the connection-editor form is generated and evaluated.
+ *
+ *
+ */
+
require_once('include/Contact.php');
require_once('include/socgraph.php');
require_once('include/contact_selectors.php');
@@ -8,6 +14,11 @@ require_once('include/contact_widgets.php');
require_once('include/zot.php');
require_once('include/widgets.php');
+/* @brief Initialize the connection-editor
+ *
+ *
+ */
+
function connedit_init(&$a) {
if(! local_user())
@@ -31,6 +42,10 @@ function connedit_init(&$a) {
}
+/* @brief Evaluate posted values and set changes
+ *
+ */
+
function connedit_post(&$a) {
if(! local_user())
@@ -81,7 +96,7 @@ function connedit_post(&$a) {
if(strpos($k,'perms_') === 0) {
$abook_my_perms += $v;
}
- }
+ }
$abook_flags = $orig_record[0]['abook_flags'];
$new_friend = false;
@@ -103,6 +118,15 @@ function connedit_post(&$a) {
intval(local_user())
);
+ if($orig_record[0]['abook_profile'] != $profile_id) { //Update profile photo permissions
+
+ logger('As a new profile was assigned updateing profile photos');
+ require_once('mod/profile_photo.php');
+ profile_photo_set_profile_perms($profile_id);
+
+ }
+
+
if($r)
info( t('Connection updated.') . EOL);
else
@@ -114,7 +138,7 @@ function connedit_post(&$a) {
}
if($new_friend) {
- $channel = $a->get_channel();
+ $channel = $a->get_channel();
$default_group = $channel['channel_default_group'];
if($default_group) {
require_once('include/group.php');
@@ -158,6 +182,11 @@ function connedit_post(&$a) {
}
+/* @brief Clone connection
+ *
+ *
+ */
+
function connedit_clone(&$a) {
if(! $a->poi)
@@ -171,6 +200,10 @@ function connedit_clone(&$a) {
build_sync_packet(0 /* use the current local_user */, array('abook' => array($clone)));
}
+/* @brief Generate content of connection edit page
+ *
+ *
+ */
function connedit_content(&$a) {
diff --git a/mod/profile_photo.php b/mod/profile_photo.php
index 876e3a931..c587b9606 100644
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -1,7 +1,65 @@
<?php
+/* @file profile_photo.php
+ @brief Module-file with functions for handling of profile-photos
+
+*/
+
require_once('include/photo/photo_driver.php');
+/* @brief Function for sync'ing permissions of profile-photos and their profile
+*
+* @param $profileid The id number of the profile to sync
+* @return void
+*/
+
+function profile_photo_set_profile_perms($profileid = '') {
+
+ $allowcid = '';
+ if (x($profileid)) {
+
+ $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.id = %d OR profile.profile_guid = '%s' LIMIT 1", intval($profileid), dbesc($profileid));
+
+ } else {
+
+ logger('Resetting permissions on default-profile-photo for user'.local_user());
+ $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.uid = %d AND is_default = 1 LIMIT 1", intval(local_user()) ); //If no profile is given, we update the default profile
+ }
+
+ $profile = $r[0];
+ if(x($profile['id']) && x($profile['photo'])) {
+ preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id);
+ $resource_id = $resource_id[0];
+
+ if (intval($profile['is_default']) != 1) {
+ $r0 = q("SELECT channel_hash FROM channel WHERE channel_id = %d LIMIT 1", intval(local_user()) );
+ $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids.
+ $r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid']));
+ $allowcid = "<" . $r0[0]['channel_hash'] . ">";
+ foreach ($r1 as $entry) {
+ $allowcid .= "<" . $entry['abook_xchan'] . ">";
+ }
+ foreach ($r2 as $entry) {
+ $allowcid .= "<" . $entry['abook_xchan'] . ">";
+ }
+
+ q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['uid']));
+
+ } else {
+ q("UPDATE `photo` SET allow_cid = '' WHERE profile = 1 AND uid = %d",intval($profile['uid'])); //Reset permissions on default profile picture to public
+ }
+ }
+
+ return;
+}
+
+/* @brief Initalize the profile-photo edit view
+ *
+ * @param $a Current application
+ * @return void
+ *
+ */
+
function profile_photo_init(&$a) {
if(! local_user()) {
@@ -13,6 +71,12 @@ function profile_photo_init(&$a) {
}
+/* @brief Evaluate posted values
+ *
+ * @param $a Current application
+ * @return void
+ *
+ */
function profile_photo_post(&$a) {
@@ -142,6 +206,11 @@ function profile_photo_post(&$a) {
// Update directory in background
proc_run('php',"include/directory.php",$channel['channel_id']);
+
+ // Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures'
+
+ profile_photo_set_profile_perms($_REQUEST['profile']);
+
}
else
notice( t('Unable to process image') . EOL);
@@ -179,6 +248,13 @@ function profile_photo_post(&$a) {
}
+/* @brief Generate content of profile-photo view
+ *
+ * @param $a Current application
+ * @return void
+ *
+ */
+
if(! function_exists('profile_photo_content')) {
function profile_photo_content(&$a) {
@@ -230,7 +306,7 @@ function profile_photo_content(&$a) {
intval(PHOTO_PROFILE),
intval(PHOTO_PROFILE),
intval(local_user()));
-
+
// set all sizes of this one as profile photos
$r = q("UPDATE photo SET profile = 1 WHERE uid = %d AND resource_id = '%s'",
intval(local_user()),
@@ -249,7 +325,8 @@ function profile_photo_content(&$a) {
dbesc($channel['xchan_hash'])
);
- proc_run('php','include/directory.php',local_user());
+ profile_photo_set_profile_perms(); //Reset default photo permissions to public
+ proc_run('php','include/directory.php',local_user());
goaway($a->get_baseurl() . '/profiles');
}
@@ -273,7 +350,7 @@ function profile_photo_content(&$a) {
);
if(! x($a->data,'imagecrop')) {
-
+
$tpl = get_markup_template('profile_photo.tpl');
$o .= replace_macros($tpl,array(
@@ -310,6 +387,14 @@ function profile_photo_content(&$a) {
return; // NOTREACHED
}}
+/* @brief Generate the UI for photo-cropping
+ *
+ * @param $a Current application
+ * @param $ph Photo-Factory
+ * @return void
+ *
+ */
+
if(! function_exists('profile_photo_crop_ui_head')) {
function profile_photo_crop_ui_head(&$a, $ph){
@@ -346,7 +431,7 @@ function profile_photo_crop_ui_head(&$a, $ph){
$p['scale'] = 1;
$r = $ph->save($p);
-
+
if($r === false)
notice( sprintf(t('Image size reduction [%s] failed.'),"640") . EOL );
else
diff --git a/mod/profperm.php b/mod/profperm.php
index 915f2a994..197062936 100644
--- a/mod/profperm.php
+++ b/mod/profperm.php
@@ -10,7 +10,7 @@ function profperm_init(&$a) {
$channel = $a->get_channel();
$which = $channel['channel_address'];
- $profile = $a->argv[1];
+ $profile = $a->argv[1];
profile_load($a,$which,$profile);
@@ -89,6 +89,11 @@ function profperm_content(&$a) {
}
+
+ //Time to update the permissions on the profile-pictures as well
+ require_once('mod/profile_photo.php');
+ profile_photo_set_profile_perms($profile['id']);
+
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'",
intval(local_user()),
dbesc($profile['profile_guid'])
@@ -111,9 +116,9 @@ function profperm_content(&$a) {
}
$o .= '<div id="prof-update-wrapper">';
- if($change)
+ if($change)
$o = '';
-
+
$o .= '<div id="prof-members-title">';
$o .= '<h3>' . t('Visible To') . '</h3>';
$o .= '</div>';
@@ -134,7 +139,7 @@ function profperm_content(&$a) {
$o .= '<h3>' . t("All Connections") . '</h3>';
$o .= '</div>';
$o .= '<div id="prof-all-contacts">';
-
+
$r = abook_connections(local_user());
if($r) {