fix photos page permissions

This commit is contained in:
rabuzarus 2016-11-14 18:49:51 +01:00
parent b7dbecd5e3
commit 9878974e1f
5 changed files with 51 additions and 51 deletions

View file

@ -1896,21 +1896,21 @@ function drop_item($id,$interactive = true) {
$owner = $item['uid'];
$cid = 0;
$contact_id = 0;
// check if logged in user is either the author or owner of this item
if (is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
$cid = $visitor['cid'];
$contact_id = $visitor['cid'];
break;
}
}
}
if ((local_user() == $item['uid']) || ($cid) || (! $interactive)) {
if ((local_user() == $item['uid']) || ($contact_id) || (! $interactive)) {
// Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) {

View file

@ -132,24 +132,24 @@ function photos_post(&$a) {
$can_post = true;
else {
if ($community_page && remote_user()) {
$cid = 0;
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$cid = $v['cid'];
$contact_id = $v['cid'];
break;
}
}
}
if ($cid) {
if ($contact_id) {
$r = qu("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($cid),
intval($contact_id),
intval($page_owner_uid)
);
if (dbm::is_result($r)) {
$can_post = true;
$visitor = $cid;
$visitor = $contact_id;
}
}
}
@ -1012,7 +1012,7 @@ function photos_content(&$a) {
$can_post = true;
$contact = $r[0];
$remote_contact = true;
$visitor = $cid;
$visitor = $contact_id;
}
}
}

View file

@ -263,7 +263,7 @@ function videos_content(&$a) {
$can_post = true;
$contact = $r[0];
$remote_contact = true;
$visitor = $cid;
$visitor = $contact_id;
}
}
}

View file

@ -40,24 +40,24 @@ function wall_attach_post(&$a) {
$can_post = true;
else {
if($community_page && remote_user()) {
$cid = 0;
$contact_id = 0;
if(is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $page_owner_uid) {
$cid = $v['cid'];
$contact_id = $v['cid'];
break;
}
}
}
if($cid) {
if($contact_id) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($cid),
intval($contact_id),
intval($page_owner_uid)
);
if(count($r)) {
$can_post = true;
$visitor = $cid;
$visitor = $contact_id;
}
}
}

View file

@ -48,24 +48,24 @@ function wall_upload_post(&$a, $desktopmode = true) {
$can_post = true;
else {
if($community_page && remote_user()) {
$cid = 0;
$contact_id = 0;
if(is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $page_owner_uid) {
$cid = $v['cid'];
$contact_id = $v['cid'];
break;
}
}
}
if($cid) {
if($contact_id) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($cid),
intval($contact_id),
intval($page_owner_uid)
);
if(count($r)) {
$can_post = true;
$visitor = $cid;
$visitor = $contact_id;
}
}
}