diff --git a/mod/item.php b/mod/item.php
index 0a97cdc470..36b51a537e 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -128,6 +128,50 @@ function item_post(&$a) {
 		}
 	}
 
+
+	/**
+	 *
+	 * If a photo was uploaded into the message using the ajax uploader,
+	 * it can be seen by anybody. Set the permissions to match the message.
+	 * Ideally this should be done when the photo was uploaded, but the permissions 
+	 * may not have been set at that time, and passing the permission arrays via 
+	 * javascript to the ajax upload is going to be a challenge.
+	 * This is a compromise. Granted there is a window of time when the photo
+	 * is public. You are welcome to suggest other ways to fix this.
+	 *
+	 */
+
+	$match = null;
+
+	if($private) {
+		if(preg_match_all("/\[img\](.+?)\[\/img\]/",$body,$match)) {
+			$images = $match[1];
+			if(count($images)) {
+				foreach($images as $image) {
+					if(! stristr($image,$a->get_baseurl() . '/photo/'))
+						continue;
+					$image_uri = substr($image,strrpos($image,'/') + 1);
+					$image_uri = substr($image_uri,0, strpos($image_uri,'-'));
+					$r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
+						WHERE `resource-id` = '%s' AND `album` = '%s' ",
+						dbesc($str_contact_allow),
+						dbesc($str_group_allow),
+						dbesc($str_contact_deny),
+						dbesc($str_group_deny),
+						dbesc($image_uri),
+						dbesc( t('Wall Photos'))
+					);
+  
+				}
+			}
+		}
+	}
+
+
+	/**
+	 * Look for any tags and linkify them
+	 */
+
 	$str_tags = '';
 	$inform   = '';