diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/acl.php | 2 | ||||
-rw-r--r-- | mod/connections.php | 12 | ||||
-rw-r--r-- | mod/profile.php | 5 | ||||
-rw-r--r-- | mod/profile_photo.php | 28 | ||||
-rw-r--r-- | mod/profperm.php | 16 | ||||
-rw-r--r-- | mod/viewconnections.php | 14 |
6 files changed, 42 insertions, 35 deletions
diff --git a/mod/acl.php b/mod/acl.php index 3b737d36e..0f997c8b8 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -206,7 +206,7 @@ function acl_init(&$a){ if(count($r)) { foreach($r as $g){ - if($g['abook_their_perms'] & PERMS_W_TAGWALL) { + if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c') { $contacts[] = array( "type" => "c", "photo" => "images/twopeople.png", diff --git a/mod/connections.php b/mod/connections.php index a453203ab..e95f72b49 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -213,12 +213,10 @@ function connections_content(&$a) { nav_set_selected('intros'); break; case 'ifpending': - $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and not (abook_flags & %d) and not (xchan_flags & %d ) and (abook_flags & %d) and not (abook_flags & %d)", + $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and not (abook_flags & %d) and not (xchan_flags & %d )", intval(local_user()), - intval(ABOOK_FLAG_SELF), - intval(XCHAN_FLAGS_DELETED), - intval(ABOOK_FLAG_PENDING), - intval(ABOOK_FLAG_IGNORED) + intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_IGNORED), + intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN) ); if($r && $r[0]['total']) { $search_flags = ABOOK_FLAG_PENDING; @@ -342,7 +340,7 @@ function connections_content(&$a) { where abook_channel = %d and not (abook_flags & %d) and not (xchan_flags & %d ) $sql_extra $sql_extra2 ", intval(local_user()), intval(ABOOK_FLAG_SELF), - intval(XCHAN_FLAGS_DELETED) + intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN) ); if($r) { $a->set_pager_total($r[0]['total']); @@ -353,7 +351,7 @@ function connections_content(&$a) { WHERE abook_channel = %d and not (abook_flags & %d) and not ( xchan_flags & %d) $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d , %d ", intval(local_user()), intval(ABOOK_FLAG_SELF), - intval(XCHAN_FLAGS_DELETED), + intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN), intval($a->pager['start']), intval($a->pager['itemspage']) ); diff --git a/mod/profile.php b/mod/profile.php index fca7c8f9f..792bf34c5 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -61,7 +61,7 @@ function profile_content(&$a, $update = 0) { $o = ''; if(! (perm_is_allowed($a->profile['profile_uid'],get_observer_hash(), 'view_profile'))) { - notice( t('Access to this profile has been restricted.') . EOL); + notice( t('Permission denied.') . EOL); return; } @@ -69,11 +69,10 @@ function profile_content(&$a, $update = 0) { $is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false); if($a->profile['hidewall'] && (! $is_owner) && (! remote_user())) { - notice( t('Access to this profile has been restricted.') . EOL); + notice( t('Permission denied.') . EOL); return; } - $o .= profile_tabs($a, $is_owner, $a->profile['channel_address']); diff --git a/mod/profile_photo.php b/mod/profile_photo.php index 2cf7a8abf..ef0a31673 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -1,20 +1,30 @@ <?php +/* @file profile_photo.php + @brief Module-file with functions for handling of profile-photos + +*/ + require_once('include/photo/photo_driver.php'); +/* @brief Function for sync'ing permissions of profile-photos and their profile +* +* @param $profileid The id number of the profile to sync +* @return void +*/ + function profile_photo_set_profile_perms($profileid) { $allowcid = ''; - $r = q("SELECT photo, profile_guid, id FROM profile WHERE profile.id = %d LIMIT 1", intval($profileid)); - $profile = $r[0]; - - if(x($profile['photo'])) { - preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id); - $resource_id = $resource_id[0]; + if (x($profileid)) { - if(x($profileid)) { + $r = q("SELECT photo, profile_guid, id, is_default FROM profile WHERE profile.id = %d LIMIT 1", intval($profileid)); + $profile = $r[0]; + if(x($profile['id']) && x($profile['photo']) && intval($profile['is_default']) != 1) { //Only set perms when query suceeded and when we are not on the default profile + preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id); + $resource_id = $resource_id[0]; - $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id'])); + $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids. $r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid'])); foreach ($r1 as $entry) { $allowcid .= "<" . $entry['abook_xchan'] . ">"; @@ -23,7 +33,7 @@ function profile_photo_set_profile_perms($profileid) { $allowcid .= "<" . $entry['abook_xchan'] . ">"; } if(x($allowcid)) { - q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s'",dbesc($allowcid),dbesc($resource_id)); + q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['id'])); } } } diff --git a/mod/profperm.php b/mod/profperm.php index 4a52447b8..a91523805 100644 --- a/mod/profperm.php +++ b/mod/profperm.php @@ -61,9 +61,9 @@ function profperm_content(&$a) { $profile = $r[0]; - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = %d", + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'", intval(local_user()), - intval(argv(1)) + dbesc($profile['profile_guid']) ); $ingroup = array(); @@ -75,27 +75,29 @@ function profperm_content(&$a) { if($change) { if(in_array($change,$ingroup)) { - q("UPDATE abook SET abook_profile = 0 WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + q("UPDATE abook SET abook_profile = '' WHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($change), intval(local_user()) ); } else { - q("UPDATE abook SET abook_profile = %d WHERE abook_id = %d AND abook_channel = %d LIMIT 1", - intval(argv(1)), + q("UPDATE abook SET abook_profile = '%s' WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + dbesc($profile['profile_guid']), intval($change), intval(local_user()) ); } + //Time to update the permissions on the profile-pictures as well require_once('mod/profile_photo.php'); profile_photo_set_profile_perms($profile['id']); - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = %d", + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'", + intval(local_user()), - intval(argv(1)) + dbesc($profile['profile_guid']) ); $members = $r; diff --git a/mod/viewconnections.php b/mod/viewconnections.php index a9fb967f7..f5e7ab213 100644 --- a/mod/viewconnections.php +++ b/mod/viewconnections.php @@ -29,21 +29,19 @@ function viewconnections_content(&$a) { } - $r = q("SELECT count(*) as total FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_flags = 0 and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) ", + $r = q("SELECT count(*) as total FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d ) and not ( xchan_flags & %d ) ", intval($a->profile['uid']), - intval(XCHAN_FLAGS_HIDDEN), - intval(XCHAN_FLAGS_ORPHAN), - intval(XCHAN_FLAGS_DELETED) + intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_SELF), + intval(XCHAN_FLAGS_HIDDEN|XCHAN_FLAGS_ORPHAN|XCHAN_FLAGS_DELETED) ); if($r) { $a->set_pager_total($r[0]['total']); } - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_flags = 0 and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) order by xchan_name LIMIT %d , %d ", + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not ( abook_flags & %d ) and not ( xchan_flags & %d ) order by xchan_name LIMIT %d , %d ", intval($a->profile['uid']), - intval(XCHAN_FLAGS_HIDDEN), - intval(XCHAN_FLAGS_ORPHAN), - intval(XCHAN_FLAGS_DELETED), + intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_SELF), + intval(XCHAN_FLAGS_HIDDEN|XCHAN_FLAGS_ORPHAN|XCHAN_FLAGS_DELETED), intval($a->pager['start']), intval($a->pager['itemspage']) ); |