From d9371d37ad30ae56440b0deaa7c7469df0d404a1 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Mon, 21 Dec 2020 22:21:42 -0500 Subject: [PATCH] Remove undocumented use of $_REQUEST['visibility'] in api_fr_photo_create_update() - Visibility is inferred from ACL strings --- include/api.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/api.php b/include/api.php index 92d35c001..5131c9574 100644 --- a/include/api.php +++ b/include/api.php @@ -4219,7 +4219,7 @@ function api_fr_photo_create_update($type) $deny_cid = $_REQUEST['deny_cid' ] ?? null; $allow_gid = $_REQUEST['allow_gid'] ?? null; $deny_gid = $_REQUEST['deny_gid' ] ?? null; - $visibility = !empty($_REQUEST['visibility']) && $_REQUEST['visibility'] !== "false"; + $visibility = !$allow_cid && !$deny_cid && !$allow_gid && !$deny_gid; // do several checks on input parameters // we do not allow calls without album string