1 files changed, 41 insertions, 50 deletions
diff --git a/mod/photos.php b/mod/photos.php
index 64ca86941..85d3f50b0 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -19,6 +19,9 @@ function photos_init(&$a) {
 
 	if(argc() > 1) {
 		$nick = argv(1);
+
+		profile_load($a,$nick);
+
 		$channelx = channelx_by_nick($nick);
 
 		if(! $channelx)
@@ -31,16 +34,7 @@ function photos_init(&$a) {
 
 		$observer_xchan = (($observer) ? $observer['xchan_hash'] : '');
 
-		$a->data['perms'] = get_all_perms($channelx[0]['channel_id'],$observer_xchan);
-
-
-
-		$a->set_widget('vcard',vcard_from_xchan($a->data['channel'],$observer));
 		head_set_icon($a->data['channel']['xchan_photo_s']);
-		if($a->data['perms']['view_photos']) {
-			$a->data['albums'] = photos_albums_list($a->data['channel'],$observer);
-			$a->set_widget('photo_albums',photos_album_widget($a->data['channel'],$observer,$a->data['albums']));
-		}
 
 		$a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "'; var profile_uid = " . (($a->data['channel']) ? $a->data['channel']['channel_id'] : 0) . "; </script>" ;
 
@@ -163,23 +157,20 @@ function photos_post(&$a) {
 	}
 
 	if((argc() > 2) && (x($_REQUEST,'delete')) && ($_REQUEST['delete'] === t('Delete Photo'))) {
-// FIXME
+
 		// same as above but remove single photo
 
-		if($visitor) {
-			$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource_id` = '%s' LIMIT 1",
-				intval($visitor),
-				intval($page_owner_uid),
-				dbesc($a->argv[2])
-			);
-		}
-		else {
-			$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' LIMIT 1",
-				intval(local_user()),
-				dbesc($a->argv[2])
-			);
-		}
-		if(count($r)) {
+		$ob_hash = get_observer_hash();
+		if(! $ob_hash)
+			goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
+
+		$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1",
+			dbesc($ob_hash),
+			intval(local_user()),
+			dbesc($a->argv[2])
+		);
+
+		if($r) {
 			q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'",
 				intval($page_owner_uid),
 				dbesc($r[0]['resource_id'])
@@ -189,7 +180,7 @@ function photos_post(&$a) {
 				intval($page_owner_uid)
 			);
 			if(count($i)) {
-				q("UPDATE `item` SET item_restrict = (item_restrict & %d), `edited` = '%s', `changed` = '%s' WHERE `parent_mid` = '%s' AND `uid` = %d",
+				q("UPDATE `item` SET item_restrict = (item_restrict | %d), `edited` = '%s', `changed` = '%s' WHERE `parent_mid` = '%s' AND `uid` = %d",
 					intval(ITEM_DELETED),
 					dbesc(datetime_convert()),
 					dbesc(datetime_convert()),
@@ -206,7 +197,6 @@ function photos_post(&$a) {
 		}
 
 		goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
-		return; // NOTREACHED
 	}
 
 	if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) {
@@ -291,7 +281,7 @@ function photos_post(&$a) {
 		);
 		if(count($p)) {
 			$ext = $phototypes[$p[0]['type']];
-			$r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d",
+			$r = q("UPDATE `photo` SET `description` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d",
 				dbesc($desc),
 				dbesc($albname),
 				dbesc($str_contact_allow),
@@ -309,7 +299,7 @@ function photos_post(&$a) {
 		/* Don't make the item visible if the only change was the album name */
 
 		$visibility = 0;
-		if($p[0]['desc'] !== $desc || strlen($rawtags))
+		if($p[0]['description'] !== $desc || strlen($rawtags))
 			$visibility = 1;
 
 		if(! $item_id) {
@@ -517,7 +507,7 @@ function photos_post(&$a) {
 						$arr['object'] .= xmlify('<link rel="photo" type="'.$p[0]['type'].'" href="' . $tagged[3]['photo'] . '" />' . "\n");
 					$arr['object'] .= '</link></object>' . "\n";
 
-					$arr['target'] = '<target><type>' . ACTIVITY_OBJ_PHOTO . '</type><title>' . $p[0]['desc'] . '</title><id>'
+					$arr['target'] = '<target><type>' . ACTIVITY_OBJ_PHOTO . '</type><title>' . $p[0]['description'] . '</title><id>'
 						. $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '</id>';
 					$arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource_id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
 
@@ -596,6 +586,8 @@ function photos_content(&$a) {
 	// Parse arguments 
 	//
 
+	$can_comment = perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'post_comments');
+
 	if(argc() > 3) {
 		$datatype = argv(2);
 		$datum = argv(3);
@@ -759,7 +751,7 @@ function photos_content(&$a) {
 		else
 			$order = 'DESC';
 
-		$r = q("SELECT `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `desc` FROM `photo` WHERE `uid` = %d AND `album` = '%s' 
+		$r = q("SELECT `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `description` FROM `photo` WHERE `uid` = %d AND `album` = '%s' 
 			AND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY `resource_id` ORDER BY `created` $order LIMIT %d , %d",
 			intval($owner_uid),
 			dbesc($album),
@@ -825,25 +817,24 @@ function photos_content(&$a) {
 				
 				$ext = $phototypes[$rr['type']];
 
-				if($a->get_template_engine() === 'internal') {
-					$imgalt_e = template_escape($rr['filename']);
-					$desc_e = template_escape($rr['desc']);
-				}
-				else {
-					$imgalt_e = $rr['filename'];
-					$desc_e = $rr['desc'];
-				}
+				$imgalt_e = $rr['filename'];
+				$desc_e = $rr['description'];
 
+
+// prettyphoto has potential license issues, so we can no longer include it in core
+// The following lines would need to be modified so that they are provided in theme specific files
+// instead of core modules for themes that wish to make use of prettyphoto. I would suggest
+// the feature as a per-theme display option and putting the rel line inside a template. 
         
-				if(feature_enabled($a->data['channel']['channel_id'],'prettyphoto')){
-				      $imagelink = ($a->get_baseurl() . '/photo/' . $rr['resource_id'] . '.' . $ext );
-				      $rel=("prettyPhoto[pp_gal]");
-				}
-				else {
+//				if(feature_enabled($a->data['channel']['channel_id'],'prettyphoto')){
+//				      $imagelink = ($a->get_baseurl() . '/photo/' . $rr['resource_id'] . '.' . $ext );
+//				      $rel=("prettyPhoto[pp_gal]");
+//				}
+//				else {
 				      $imagelink = ($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id']
 				      . (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''));
 				      $rel=("photo");
-				}
+//				}
       
 				$o .= replace_macros($tpl,array(
 					'$id' => $rr['id'],
@@ -872,7 +863,7 @@ function photos_content(&$a) {
 
 		// fetch image, item containing image, then comments
 
-		$ph = q("SELECT aid,uid,xchan,resource_id,created,edited,title,`desc`,album,filename,`type`,height,width,`size`,scale,profile,photo_flags,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' 
+		$ph = q("SELECT aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,profile,photo_flags,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' 
 			and (photo_flags = %d or photo_flags = %d ) $sql_extra ORDER BY `scale` ASC ",
 			intval($owner_uid),
 			dbesc($datum),
@@ -1028,7 +1019,7 @@ function photos_content(&$a) {
 		if($can_post) {
 
 			$album_e = $ph[0]['album'];
-			$caption_e = $ph[0]['desc'];
+			$caption_e = $ph[0]['description'];
 			$aclselect_e = populate_acl($ph[0]);
 
 			$edit = array(
@@ -1063,7 +1054,7 @@ function photos_content(&$a) {
 
 			$likebuttons = '';
 
-			if($can_post || $a->data['perms']['post_comments']) {
+			if($can_post || $can_comment) {
 				$likebuttons = replace_macros($like_tpl,array(
 					'$id' => $link_item['id'],
 					'$likethis' => t("I like this \x28toggle\x29"),
@@ -1075,7 +1066,7 @@ function photos_content(&$a) {
 
 			$comments = '';
 			if(! count($r)) {
-				if($can_post || $a->data['perms']['post_comments']) {
+				if($can_post || $can_comment) {
 					$comments .= replace_macros($cmnt_tpl,array(
 						'$return_path' => '', 
 						'$mode' => 'photos',
@@ -1163,7 +1154,7 @@ function photos_content(&$a) {
 
 				}
 			
-				if($can_post || $a->data['perms']['post_comments']) {
+				if($can_post || $can_comment) {
 					$comments .= replace_macros($cmnt_tpl,array(
 						'$return_path' => '',
 						'$jsreload' => $return_url,
@@ -1198,7 +1189,7 @@ function photos_content(&$a) {
 			'$photo' => $photo,
 			'$prevlink' => $prevlink,
 			'$nextlink' => $nextlink,
-			'$desc' => $ph[0]['desc'],
+			'$desc' => $ph[0]['description'],
 			'$tags' => $tags_e,
 			'$edit' => $edit,	
 			'$likebuttons' => $likebuttons,