much better solution to privacy on ajax wall photos

This commit is contained in:
Friendika 2011-01-04 02:01:07 -08:00
parent f057cc3a70
commit 15c81716e8
2 changed files with 29 additions and 30 deletions

View file

@ -131,43 +131,42 @@ function item_post(&$a) {
/** /**
* *
* If a photo was uploaded into the message using the ajax uploader, * When a photo was uploaded into the message using the (profile wall) ajax
* it can be seen by anybody. Set the permissions to match the message. * uploader, The permissions are initially set to disallow anybody but the
* Ideally this should be done when the photo was uploaded, but the permissions * owner from seeing it. This is because the permissions may not yet have been
* may not have been set at that time, and passing the permission arrays via * set for the post. If it's private, the photo permissions should be set
* javascript to the ajax upload is going to be a challenge. * appropriately. But we didn't know the final permissions on the post until
* This is a compromise. Granted there is a window of time when the photo * now. So now we'll look for links of uploaded messages that are in the
* is public. You are welcome to suggest other ways to fix this. * post and set them to the same permissions as the post itself.
* *
*/ */
$match = null; $match = null;
if($private) { if(preg_match_all("/\[img\](.+?)\[\/img\]/",$body,$match)) {
if(preg_match_all("/\[img\](.+?)\[\/img\]/",$body,$match)) { $images = $match[1];
$images = $match[1]; if(count($images)) {
if(count($images)) { foreach($images as $image) {
foreach($images as $image) { if(! stristr($image,$a->get_baseurl() . '/photo/'))
if(! stristr($image,$a->get_baseurl() . '/photo/')) continue;
continue; $image_uri = substr($image,strrpos($image,'/') + 1);
$image_uri = substr($image,strrpos($image,'/') + 1); $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
$image_uri = substr($image_uri,0, strpos($image_uri,'-')); $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
$r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `album` = '%s' ",
WHERE `resource-id` = '%s' AND `album` = '%s' ", dbesc($str_contact_allow),
dbesc($str_contact_allow), dbesc($str_group_allow),
dbesc($str_group_allow), dbesc($str_contact_deny),
dbesc($str_contact_deny), dbesc($str_group_deny),
dbesc($str_group_deny), dbesc($image_uri),
dbesc($image_uri), dbesc( t('Wall Photos'))
dbesc( t('Wall Photos')) );
);
}
} }
} }
} }
/** /**
* Look for any tags and linkify them * Look for any tags and linkify them
*/ */

View file

@ -76,7 +76,7 @@ function wall_upload_post(&$a) {
$smallest = 0; $smallest = 0;
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0 ); $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, '<0>');
if(! $r) { if(! $r) {
echo ( t('Image upload failed.') . EOL); echo ( t('Image upload failed.') . EOL);
@ -85,14 +85,14 @@ function wall_upload_post(&$a) {
if($width > 640 || $height > 640) { if($width > 640 || $height > 640) {
$ph->scaleImage(640); $ph->scaleImage(640);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1 ); $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, '<0>');
if($r) if($r)
$smallest = 1; $smallest = 1;
} }
if($width > 320 || $height > 320) { if($width > 320 || $height > 320) {
$ph->scaleImage(320); $ph->scaleImage(320);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2 ); $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, '<0>' );
if($r) if($r)
$smallest = 2; $smallest = 2;
} }