From 251ba6db30d9f75d1e9e03e5bed6c5dec2c4402b Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 13 Nov 2013 03:15:07 -0800
Subject: fix photo permissions on encrypted posts

---
 mod/item.php            | 10 ++++++++--
 version.inc             |  2 +-
 view/tpl/jot-header.tpl |  2 ++
 view/tpl/jot.tpl        |  1 +
 4 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/mod/item.php b/mod/item.php
index be24d242c..b564c7545 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -412,12 +412,18 @@ function item_post(&$a) {
 		 * now. So now we'll look for links of uploaded photos and attachments that are in the
 		 * post and set them to the same permissions as the post itself.
 		 *
+		 * If the post was end-to-end encrypted we can't find images and attachments in the body,
+		 * use our media_str input instead which only contains these elements - but only do this
+		 * when encrypted content exists because the photo/attachment may have been removed from 
+		 * the post and we should keep it private. If it's encrypted we have no way of knowing
+		 * so we'll set the permissions regardless and realise that the media may not be 
+		 * referenced in the post. 
 		 */
 
 		if(! $preview) {
-			fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],$body,$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
+			fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
 
-			fix_attached_file_permissions($channel,$observer['xchan_hash'],$body,$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
+			fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
 
 		}
 
diff --git a/version.inc b/version.inc
index c8184c2cf..9bfc4c094 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-11-12.495
+2013-11-13.496
diff --git a/view/tpl/jot-header.tpl b/view/tpl/jot-header.tpl
index 97c638fd4..1ceca04c6 100755
--- a/view/tpl/jot-header.tpl
+++ b/view/tpl/jot-header.tpl
@@ -120,6 +120,7 @@ function enableOnUser(){
 				onSubmit: function(file,ext) { $('#profile-rotator').spin('tiny'); },
 				onComplete: function(file,response) {
 					addeditortext(response);
+					$('#jot-media').val($('#jot-media').val() + response);
 					$('#profile-rotator').spin(false);
 				}				 
 			}
@@ -131,6 +132,7 @@ function enableOnUser(){
 				onSubmit: function(file,ext) { $('#profile-rotator').spin('tiny'); },
 				onComplete: function(file,response) {
 					addeditortext(response);
+					$('#jot-media').val($('#jot-media').val() + response);
 					$('#profile-rotator').spin(false);
 				}				 
 			}
diff --git a/view/tpl/jot.tpl b/view/tpl/jot.tpl
index 924f7d9bc..cf65b976e 100755
--- a/view/tpl/jot.tpl
+++ b/view/tpl/jot.tpl
@@ -6,6 +6,7 @@
 		<input type="hidden" name="return" value="{{$return_path}}" />
 		<input type="hidden" name="location" id="jot-location" value="{{$defloc}}" />
 		<input type="hidden" name="expire" id="jot-expire" value="{{$defexpire}}" />
+		<input type="hidden" name="media_str" id="jot-media" value="" />
 		<input type="hidden" name="coord" id="jot-coord" value="" />
 		<input type="hidden" name="post_id" value="{{$post_id}}" />
 		<input type="hidden" name="webpage" value="{{$webpage}}" />
-- 
cgit v1.2.3