aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--mod/profile_photo.php33
-rw-r--r--mod/profperm.php12
2 files changed, 41 insertions, 4 deletions
diff --git a/mod/profile_photo.php b/mod/profile_photo.php
index 876e3a931..2cf7a8abf 100644
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -2,6 +2,34 @@
require_once('include/photo/photo_driver.php');
+function profile_photo_set_profile_perms($profileid) {
+
+ $allowcid = '';
+ $r = q("SELECT photo, profile_guid, id FROM profile WHERE profile.id = %d LIMIT 1", intval($profileid));
+ $profile = $r[0];
+
+ if(x($profile['photo'])) {
+ preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id);
+ $resource_id = $resource_id[0];
+
+ if(x($profileid)) {
+
+ $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id']));
+ $r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid']));
+ foreach ($r1 as $entry) {
+ $allowcid .= "<" . $entry['abook_xchan'] . ">";
+ }
+ foreach ($r2 as $entry) {
+ $allowcid .= "<" . $entry['abook_xchan'] . ">";
+ }
+ if(x($allowcid)) {
+ q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s'",dbesc($allowcid),dbesc($resource_id));
+ }
+ }
+ }
+ return;
+}
+
function profile_photo_init(&$a) {
if(! local_user()) {
@@ -142,6 +170,11 @@ function profile_photo_post(&$a) {
// Update directory in background
proc_run('php',"include/directory.php",$channel['channel_id']);
+
+ // Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures'
+
+ profile_photo_set_profile_perms($_REQUEST['profile']);
+
}
else
notice( t('Unable to process image') . EOL);
diff --git a/mod/profperm.php b/mod/profperm.php
index 08838831b..4a52447b8 100644
--- a/mod/profperm.php
+++ b/mod/profperm.php
@@ -10,7 +10,7 @@ function profperm_init(&$a) {
$channel = $a->get_channel();
$which = $channel['channel_address'];
- $profile = $a->argv[1];
+ $profile = $a->argv[1];
profile_load($a,$which,$profile);
@@ -89,6 +89,10 @@ function profperm_content(&$a) {
}
+ //Time to update the permissions on the profile-pictures as well
+ require_once('mod/profile_photo.php');
+ profile_photo_set_profile_perms($profile['id']);
+
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = %d",
intval(local_user()),
intval(argv(1))
@@ -111,9 +115,9 @@ function profperm_content(&$a) {
}
$o .= '<div id="prof-update-wrapper">';
- if($change)
+ if($change)
$o = '';
-
+
$o .= '<div id="prof-members-title">';
$o .= '<h3>' . t('Visible To') . '</h3>';
$o .= '</div>';
@@ -134,7 +138,7 @@ function profperm_content(&$a) {
$o .= '<h3>' . t("All Connections") . '</h3>';
$o .= '</div>';
$o .= '<div id="prof-all-contacts">';
-
+
$r = abook_connections(local_user());
if($r) {