From 78884195bcbf57a9ebf92daf112d9332dbf2707e Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 2 Nov 2012 14:48:33 -0700 Subject: fixme note about discovered permission encryption --- mod/photos.php | 13 +++++++------ mod/zfinger.php | 2 ++ 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'mod') diff --git a/mod/photos.php b/mod/photos.php index c90793d8c..ee9691e34 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -20,11 +20,17 @@ function photos_init(&$a) { dbesc($nick) ); - if(! ($r && count($r))) + if(! $r) return; $a->data['channel'] = $r[0]; + $o .= '
'; + $o .= '
' . $a->data['channel']['channel_name'] . '
'; + $o .= '
' . $a->data['channel']['channel_name'] . '
'; + $o .= '
'; + + $sql_extra = permissions_sql($a->data['channel']['channel_id']); $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra order by created desc", @@ -34,11 +40,6 @@ function photos_init(&$a) { if(count($albums)) { $a->data['albums'] = $albums; // FIXME - $o .= '
'; - $o .= '
' . $a->data['channel']['channel_name'] . '
'; - $o .= '
' . $a->data['channel']['channel_name'] . '
'; - $o .= '
'; - $albums_visible = ((intval($a->data['user']['hidewall']) && (! local_user()) && (! remote_user())) ? false : true); if($albums_visible) { diff --git a/mod/zfinger.php b/mod/zfinger.php index c1ab8dc7d..ea8da0c23 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -68,6 +68,8 @@ function zfinger_init(&$a) { $ret['target'] = $ztarget; $ret['target_sig'] = $zsig; +// FIXME encrypt permissions when targeted so that only the target can view them, requires sending the pubkey and also checking that the target_sig is signed with that pubkey and isn't a forgery. + $ret['permissions'] = get_all_perms($e['channel_id'],(($ztarget && $zsig) ? base64url_encode(hash('whirlpool',$ztarget . $zsig,true)) : '' ),false); -- cgit v1.2.3