diff options
Diffstat (limited to 'include/photos.php')
| -rw-r--r-- | include/photos.php | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/include/photos.php b/include/photos.php index a8619c372..c7360a956 100644 --- a/include/photos.php +++ b/include/photos.php @@ -292,18 +292,19 @@ function photo_upload($channel, $observer, $args) { $tag = (($r2) ? '[zmg=' . $width . 'x' . $height . ']' : '[zmg]'); } + $body = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' + . $tag . z_root() . "/photo/{$photo_hash}-{$scale}." . $ph->getExt() . '[/zmg]' + . '[/zrl]'; + // Create item object $object = array( 'type' => ACTIVITY_OBJ_PHOTO, 'title' => $title, 'id' => rawurlencode(z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash), - 'link' => $link + 'link' => $link, + 'bbcode' => $body ); - $body = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' - . $tag . z_root() . "/photo/{$photo_hash}-{$scale}." . $ph->getExt() . '[/zmg]' - . '[/zrl]'; - // Create item container if($args['item']) { foreach($args['item'] as $i) { @@ -378,6 +379,20 @@ function photo_upload($channel, $observer, $args) { $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; $arr['body'] = (($object) ? $args['body'] : $body . "\r\n" . $args['body']); + + // this one is tricky because the item and the photo have the same permissions, those of the photo. + // Use the channel read_stream permissions to get the correct public_policy for the item and recalculate the + // private flag accordingly. This may cause subtle bugs due to custom permissions roles. We want to use + // public policy when federating items to other sites, but should probably ignore them when accessing the item + // in the photos pages - using the photos permissions instead. We need the public policy to keep the photo + // linked item from leaking into the feed when somebody has a channel with read_stream restrictions. + + $arr['public_policy'] = map_scope($channel['channel_r_stream'],true); + if($arr['public_policy']) + $arr['item_private'] = 1; + + + $result = item_store($arr); $item_id = $result['item_id']; |