From 2f9a9ec8b108bf6a38dca324772da4b4e4135019 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 30 Jan 2013 19:52:07 -0800
Subject: enforce the new enhanced permissions (not just simple access
 controls) on photos - caveat: the default profile photo cannot be restricted.
 Any such restrictions will be ignored.

---
 mod/photo.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/mod/photo.php b/mod/photo.php
index 5033033ff..c8fd55706 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -22,13 +22,15 @@ function photo_init(&$a) {
 			// NOTREACHED
 	}
 
+	$observer_xchan = get_observer_hash();
+
 	$default = 'images/person-175.jpg';
 
 	if(isset($type)) {
 
-
 		/**
-		 * Profile photos
+		 * Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites.
+		 * 
 		 */
 
 		if($type === 'profile') {
@@ -84,8 +86,10 @@ function photo_init(&$a) {
 			dbesc($photo),
 			intval($resolution)
 		);
-		if(count($r)) {
+		if($r) {
 			
+			$allowed = perm_is_allowed($r[0]['uid'],$observer_xchan,'view_photos');
+
 			$sql_extra = permissions_sql($r[0]['uid']);
 
 			// Now we'll see if we can access the photo
@@ -95,7 +99,7 @@ function photo_init(&$a) {
 				intval($resolution)
 			);
 
-			if(count($r)) {
+			if($r && $allowed) {
 				$data = $r[0]['data'];
 				$mimetype = $r[0]['type'];
 			}
@@ -113,7 +117,7 @@ function photo_init(&$a) {
 					dbesc($photo),
 					intval($resolution)
 				);
-				if(count($r)) {
+				if($r) {
 					$data = file_get_contents('images/nosign.jpg');
 					$mimetype = 'image/jpeg';
 					$prvcachecontrol = true;
-- 
cgit v1.2.3