From 15c81716e8cbb916e9bfca5f0d519d9df5baa063 Mon Sep 17 00:00:00 2001 From: Friendika Date: Tue, 4 Jan 2011 02:01:07 -0800 Subject: [PATCH] much better solution to privacy on ajax wall photos --- mod/item.php | 53 ++++++++++++++++++++++----------------------- mod/wall_upload.php | 6 ++--- 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/mod/item.php b/mod/item.php index 36b51a537e..f9bf9a04e0 100644 --- a/mod/item.php +++ b/mod/item.php @@ -131,43 +131,42 @@ function item_post(&$a) { /** * - * If a photo was uploaded into the message using the ajax uploader, - * it can be seen by anybody. Set the permissions to match the message. - * Ideally this should be done when the photo was uploaded, but the permissions - * may not have been set at that time, and passing the permission arrays via - * javascript to the ajax upload is going to be a challenge. - * This is a compromise. Granted there is a window of time when the photo - * is public. You are welcome to suggest other ways to fix this. + * When a photo was uploaded into the message using the (profile wall) ajax + * uploader, The permissions are initially set to disallow anybody but the + * owner from seeing it. This is because the permissions may not yet have been + * set for the post. If it's private, the photo permissions should be set + * appropriately. But we didn't know the final permissions on the post until + * now. So now we'll look for links of uploaded messages that are in the + * post and set them to the same permissions as the post itself. * */ $match = null; - if($private) { - if(preg_match_all("/\[img\](.+?)\[\/img\]/",$body,$match)) { - $images = $match[1]; - if(count($images)) { - foreach($images as $image) { - if(! stristr($image,$a->get_baseurl() . '/photo/')) - continue; - $image_uri = substr($image,strrpos($image,'/') + 1); - $image_uri = substr($image_uri,0, strpos($image_uri,'-')); - $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' - WHERE `resource-id` = '%s' AND `album` = '%s' ", - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), - dbesc($image_uri), - dbesc( t('Wall Photos')) - ); - - } + if(preg_match_all("/\[img\](.+?)\[\/img\]/",$body,$match)) { + $images = $match[1]; + if(count($images)) { + foreach($images as $image) { + if(! stristr($image,$a->get_baseurl() . '/photo/')) + continue; + $image_uri = substr($image,strrpos($image,'/') + 1); + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' + WHERE `resource-id` = '%s' AND `album` = '%s' ", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + dbesc($image_uri), + dbesc( t('Wall Photos')) + ); + } } } + /** * Look for any tags and linkify them */ diff --git a/mod/wall_upload.php b/mod/wall_upload.php index eb44012d15..ab06b4b2d8 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -76,7 +76,7 @@ function wall_upload_post(&$a) { $smallest = 0; - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0 ); + $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, '<0>'); if(! $r) { echo ( t('Image upload failed.') . EOL); @@ -85,14 +85,14 @@ function wall_upload_post(&$a) { if($width > 640 || $height > 640) { $ph->scaleImage(640); - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1 ); + $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, '<0>'); if($r) $smallest = 1; } if($width > 320 || $height > 320) { $ph->scaleImage(320); - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2 ); + $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, '<0>' ); if($r) $smallest = 2; }