diff options
-rw-r--r-- | mod/profile_photo.php | 43 | ||||
-rw-r--r-- | mod/profperm.php | 14 |
2 files changed, 53 insertions, 4 deletions
diff --git a/mod/profile_photo.php b/mod/profile_photo.php index 876e3a931..ef0a31673 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -1,7 +1,45 @@ <?php +/* @file profile_photo.php + @brief Module-file with functions for handling of profile-photos + +*/ + require_once('include/photo/photo_driver.php'); +/* @brief Function for sync'ing permissions of profile-photos and their profile +* +* @param $profileid The id number of the profile to sync +* @return void +*/ + +function profile_photo_set_profile_perms($profileid) { + + $allowcid = ''; + if (x($profileid)) { + + $r = q("SELECT photo, profile_guid, id, is_default FROM profile WHERE profile.id = %d LIMIT 1", intval($profileid)); + $profile = $r[0]; + if(x($profile['id']) && x($profile['photo']) && intval($profile['is_default']) != 1) { //Only set perms when query suceeded and when we are not on the default profile + preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id); + $resource_id = $resource_id[0]; + + $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids. + $r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid'])); + foreach ($r1 as $entry) { + $allowcid .= "<" . $entry['abook_xchan'] . ">"; + } + foreach ($r2 as $entry) { + $allowcid .= "<" . $entry['abook_xchan'] . ">"; + } + if(x($allowcid)) { + q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['id'])); + } + } + } + return; +} + function profile_photo_init(&$a) { if(! local_user()) { @@ -142,6 +180,11 @@ function profile_photo_post(&$a) { // Update directory in background proc_run('php',"include/directory.php",$channel['channel_id']); + + // Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures' + + profile_photo_set_profile_perms($_REQUEST['profile']); + } else notice( t('Unable to process image') . EOL); diff --git a/mod/profperm.php b/mod/profperm.php index 915f2a994..a91523805 100644 --- a/mod/profperm.php +++ b/mod/profperm.php @@ -10,7 +10,7 @@ function profperm_init(&$a) { $channel = $a->get_channel(); $which = $channel['channel_address']; - $profile = $a->argv[1]; + $profile = $a->argv[1]; profile_load($a,$which,$profile); @@ -89,7 +89,13 @@ function profperm_content(&$a) { } + + //Time to update the permissions on the profile-pictures as well + require_once('mod/profile_photo.php'); + profile_photo_set_profile_perms($profile['id']); + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'", + intval(local_user()), dbesc($profile['profile_guid']) ); @@ -111,9 +117,9 @@ function profperm_content(&$a) { } $o .= '<div id="prof-update-wrapper">'; - if($change) + if($change) $o = ''; - + $o .= '<div id="prof-members-title">'; $o .= '<h3>' . t('Visible To') . '</h3>'; $o .= '</div>'; @@ -134,7 +140,7 @@ function profperm_content(&$a) { $o .= '<h3>' . t("All Connections") . '</h3>'; $o .= '</div>'; $o .= '<div id="prof-all-contacts">'; - + $r = abook_connections(local_user()); if($r) { |