From 59553ab978acb35b84e66449a06cf31cea0aee17 Mon Sep 17 00:00:00 2001
From: Dean Townsley <dean@townsley.com>
Date: Mon, 24 Jun 2019 19:45:50 -0500
Subject: [PATCH 1/2] Don't try to auth for public images

---
 src/Model/Photo.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/Model/Photo.php b/src/Model/Photo.php
index 7df96fccdb..831404ccd7 100644
--- a/src/Model/Photo.php
+++ b/src/Model/Photo.php
@@ -130,18 +130,21 @@ class Photo extends BaseObject
 	 */
 	public static function getPhoto($resourceid, $scale = 0)
 	{
-		$r = self::selectFirst(["uid"], ["resource-id" => $resourceid]);
+		$r = self::selectFirst(["uid","allow_cid","allow_gid","deny_cid","deny_gid"], ["resource-id" => $resourceid]);
 		if ($r === false) {
 			return false;
 		}
 		$uid = $r["uid"];
 
 		// This is the first place, when retrieving just a photo, that we know who owns the photo.
-		// Make sure that the requester's session is appropriately authenticated to that user
+		// Check if the photo is public (empty allow and deny means public), if so, skip auth attempt, if not
+		// make sure that the requester's session is appropriately authenticated to that user
 		// otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
-		$r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
-		// this will either just return (if auth all ok) or will redirect and exit (starting over)
-		DFRN::autoRedir(self::getApp(), $r["nickname"]);
+		if (!empty($r["allow_cid"]) || !empty($r["allow_gid"]) || !empty($r["deny_cid"]) || !empty($r["deny_gid"])) {
+			$r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
+			// this will either just return (if auth all ok) or will redirect and exit (starting over)
+			DFRN::autoRedir(self::getApp(), $r["nickname"]);
+		}
 
 		$sql_acl = Security::getPermissionsSQLByUserId($uid);
 

From fdbd160141317947bfa14714a64894d86792ab4d Mon Sep 17 00:00:00 2001
From: Dean Townsley <dean@townsley.com>
Date: Mon, 24 Jun 2019 21:37:44 -0500
Subject: [PATCH 2/2] Add spaces for standards compliance

---
 src/Model/Photo.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Model/Photo.php b/src/Model/Photo.php
index 831404ccd7..0e3661b0f3 100644
--- a/src/Model/Photo.php
+++ b/src/Model/Photo.php
@@ -130,7 +130,7 @@ class Photo extends BaseObject
 	 */
 	public static function getPhoto($resourceid, $scale = 0)
 	{
-		$r = self::selectFirst(["uid","allow_cid","allow_gid","deny_cid","deny_gid"], ["resource-id" => $resourceid]);
+		$r = self::selectFirst(["uid", "allow_cid", "allow_gid", "deny_cid", "deny_gid"], ["resource-id" => $resourceid]);
 		if ($r === false) {
 			return false;
 		}