From d9371d37ad30ae56440b0deaa7c7469df0d404a1 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Mon, 21 Dec 2020 22:21:42 -0500
Subject: [PATCH] Remove undocumented use of $_REQUEST['visibility'] in
 api_fr_photo_create_update()

- Visibility is inferred from ACL strings
---
 include/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/api.php b/include/api.php
index 92d35c001e..5131c95741 100644
--- a/include/api.php
+++ b/include/api.php
@@ -4219,7 +4219,7 @@ function api_fr_photo_create_update($type)
 	$deny_cid  = $_REQUEST['deny_cid' ] ?? null;
 	$allow_gid = $_REQUEST['allow_gid'] ?? null;
 	$deny_gid  = $_REQUEST['deny_gid' ] ?? null;
-	$visibility = !empty($_REQUEST['visibility']) && $_REQUEST['visibility'] !== "false";
+	$visibility = !$allow_cid && !$deny_cid && !$allow_gid && !$deny_gid;
 
 	// do several checks on input parameters
 	// we do not allow calls without album string