diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/photos.php | 13 | ||||
-rw-r--r-- | mod/zfinger.php | 2 |
2 files changed, 9 insertions, 6 deletions
diff --git a/mod/photos.php b/mod/photos.php index c90793d8c..ee9691e34 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -20,11 +20,17 @@ function photos_init(&$a) { dbesc($nick) ); - if(! ($r && count($r))) + if(! $r) return; $a->data['channel'] = $r[0]; + $o .= '<div class="vcard">'; + $o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>'; + $o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>'; + $o .= '</div>'; + + $sql_extra = permissions_sql($a->data['channel']['channel_id']); $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra order by created desc", @@ -34,11 +40,6 @@ function photos_init(&$a) { if(count($albums)) { $a->data['albums'] = $albums; // FIXME - $o .= '<div class="vcard">'; - $o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>'; - $o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>'; - $o .= '</div>'; - $albums_visible = ((intval($a->data['user']['hidewall']) && (! local_user()) && (! remote_user())) ? false : true); if($albums_visible) { diff --git a/mod/zfinger.php b/mod/zfinger.php index c1ab8dc7d..ea8da0c23 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -68,6 +68,8 @@ function zfinger_init(&$a) { $ret['target'] = $ztarget; $ret['target_sig'] = $zsig; +// FIXME encrypt permissions when targeted so that only the target can view them, requires sending the pubkey and also checking that the target_sig is signed with that pubkey and isn't a forgery. + $ret['permissions'] = get_all_perms($e['channel_id'],(($ztarget && $zsig) ? base64url_encode(hash('whirlpool',$ztarget . $zsig,true)) : '' ),false); |