strk/friendica
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #2913 from rabuzarus/1411_fix_photo_permissions

Browse source 
fix photos page permissions
This commit is contained in:
Tobias Diekershoff 2016-11-14 20:22:48 +01:00 committed by GitHub
parent b7dbecd5e3 9878974e1f
commit 2ecf2723c8
5 changed files with 51 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
include/items.php
View file

@ -1896,21 +1896,21 @@ function drop_item($id,$interactive = true) {
$owner = $item['uid']; $owner = $item['uid'];
$cid = 0; $contact_id = 0;
// check if logged in user is either the author or owner of this item // check if logged in user is either the author or owner of this item
if (is_array($_SESSION['remote'])) { if (is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $visitor) { foreach($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) { if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
$cid = $visitor['cid']; $contact_id = $visitor['cid'];
break; break;
} }
} }
} }
if ((local_user() == $item['uid']) || ($cid) || (! $interactive)) { if ((local_user() == $item['uid']) || ($contact_id) || (! $interactive)) {
// Check if we should do HTML-based delete confirmation // Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) { if ($_REQUEST['confirm']) {

12
mod/photos.php
View file

@ -132,24 +132,24 @@ function photos_post(&$a) {
$can_post = true; $can_post = true;
else { else {
if ($community_page && remote_user()) { if ($community_page && remote_user()) {
$cid = 0; $contact_id = 0;
if (is_array($_SESSION['remote'])) { if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) { foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) { if ($v['uid'] == $page_owner_uid) {
$cid = $v['cid']; $contact_id = $v['cid'];
break; break;
} }
} }
} }
if ($cid) { if ($contact_id) {
$r = qu("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", $r = qu("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($cid), intval($contact_id),
intval($page_owner_uid) intval($page_owner_uid)
); );
if (dbm::is_result($r)) { if (dbm::is_result($r)) {
$can_post = true; $can_post = true;
$visitor = $cid; $visitor = $contact_id;
} }
} }
} }
@ -1012,7 +1012,7 @@ function photos_content(&$a) {
$can_post = true; $can_post = true;
$contact = $r[0]; $contact = $r[0];
$remote_contact = true; $remote_contact = true;
$visitor = $cid; $visitor = $contact_id;
} }
} }
} }

2
mod/videos.php
View file

@ -263,7 +263,7 @@ function videos_content(&$a) {
$can_post = true; $can_post = true;
$contact = $r[0]; $contact = $r[0];
$remote_contact = true; $remote_contact = true;
$visitor = $cid; $visitor = $contact_id;
} }
} }
} }

42
mod/wall_attach.php
View file

@ -14,19 +14,19 @@ function wall_attach_post(&$a) {
); );
if(! count($r)){ if(! count($r)){
if ($r_json) { if ($r_json) {
echo json_encode(array('error'=>t('Invalid request.'))); echo json_encode(array('error'=>t('Invalid request.')));
killme(); killme();
} }
return; return;
} }
} else { } else {
if ($r_json) { if ($r_json) {
echo json_encode(array('error'=>t('Invalid request.'))); echo json_encode(array('error'=>t('Invalid request.')));
killme(); killme();
} }
return; return;
} }
$can_post = false; $can_post = false;
$visitor = 0; $visitor = 0;
@ -40,41 +40,41 @@ function wall_attach_post(&$a) {
$can_post = true; $can_post = true;
else { else {
if($community_page && remote_user()) { if($community_page && remote_user()) {
$cid = 0; $contact_id = 0;
if(is_array($_SESSION['remote'])) { if(is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) { foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $page_owner_uid) { if($v['uid'] == $page_owner_uid) {
$cid = $v['cid']; $contact_id = $v['cid'];
break; break;
} }
} }
} }
if($cid) { if($contact_id) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($cid), intval($contact_id),
intval($page_owner_uid) intval($page_owner_uid)
); );
if(count($r)) { if(count($r)) {
$can_post = true; $can_post = true;
$visitor = $cid; $visitor = $contact_id;
} }
} }
} }
} }
if(! $can_post) { if(! $can_post) {
if ($r_json) { if ($r_json) {
echo json_encode(array('error'=>t('Permission denied.'))); echo json_encode(array('error'=>t('Permission denied.')));
killme(); killme();
} }
notice( t('Permission denied.') . EOL ); notice( t('Permission denied.') . EOL );
killme(); killme();
} }
if(! x($_FILES,'userfile')) { if(! x($_FILES,'userfile')) {
if ($r_json) { if ($r_json) {
echo json_encode(array('error'=>t('Invalid request.'))); echo json_encode(array('error'=>t('Invalid request.')));
} }
killme(); killme();
} }
@ -179,9 +179,9 @@ function wall_attach_post(&$a) {
} }
if ($r_json) { if ($r_json) {
echo json_encode(array('ok'=>true)); echo json_encode(array('ok'=>true));
killme(); killme();
} }
$lf = "\n"; $lf = "\n";

40
mod/wall_upload.php
View file

@ -17,8 +17,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
if(! count($r)){ if(! count($r)){
if ($r_json) { if ($r_json) {
echo json_encode(array('error'=>t('Invalid request.'))); echo json_encode(array('error'=>t('Invalid request.')));
killme(); killme();
} }
return; return;
} }
@ -30,8 +30,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
} }
} else { } else {
if ($r_json) { if ($r_json) {
echo json_encode(array('error'=>t('Invalid request.'))); echo json_encode(array('error'=>t('Invalid request.')));
killme(); killme();
} }
return; return;
} }
@ -48,24 +48,24 @@ function wall_upload_post(&$a, $desktopmode = true) {
$can_post = true; $can_post = true;
else { else {
if($community_page && remote_user()) { if($community_page && remote_user()) {
$cid = 0; $contact_id = 0;
if(is_array($_SESSION['remote'])) { if(is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) { foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $page_owner_uid) { if($v['uid'] == $page_owner_uid) {
$cid = $v['cid']; $contact_id = $v['cid'];
break; break;
} }
} }
} }
if($cid) { if($contact_id) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($cid), intval($contact_id),
intval($page_owner_uid) intval($page_owner_uid)
); );
if(count($r)) { if(count($r)) {
$can_post = true; $can_post = true;
$visitor = $cid; $visitor = $contact_id;
} }
} }
} }
@ -74,8 +74,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
if(! $can_post) { if(! $can_post) {
if ($r_json) { if ($r_json) {
echo json_encode(array('error'=>t('Permission denied.'))); echo json_encode(array('error'=>t('Permission denied.')));
killme(); killme();
} }
notice( t('Permission denied.') . EOL ); notice( t('Permission denied.') . EOL );
killme(); killme();
@ -83,7 +83,7 @@ function wall_upload_post(&$a, $desktopmode = true) {
if(! x($_FILES,'userfile') && ! x($_FILES,'media')){ if(! x($_FILES,'userfile') && ! x($_FILES,'media')){
if ($r_json) { if ($r_json) {
echo json_encode(array('error'=>t('Invalid request.'))); echo json_encode(array('error'=>t('Invalid request.')));
} }
killme(); killme();
} }
@ -119,8 +119,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
if ($src=="") { if ($src=="") {
if ($r_json) { if ($r_json) {
echo json_encode(array('error'=>t('Invalid request.'))); echo json_encode(array('error'=>t('Invalid request.')));
killme(); killme();
} }
notice(t('Invalid request.').EOL); notice(t('Invalid request.').EOL);
killme(); killme();
@ -248,8 +248,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
$r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo` WHERE `resource-id` = '%s' ORDER BY `width` DESC LIMIT 1", $hash); $r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo` WHERE `resource-id` = '%s' ORDER BY `width` DESC LIMIT 1", $hash);
if (!$r){ if (!$r){
if ($r_json) { if ($r_json) {
echo json_encode(array('error'=>'')); echo json_encode(array('error'=>''));
killme(); killme();
} }
return false; return false;
} }
@ -265,16 +265,16 @@ function wall_upload_post(&$a, $desktopmode = true) {
$picture["preview"] = $a->get_baseurl()."/photo/{$hash}-{$smallest}.".$ph->getExt(); $picture["preview"] = $a->get_baseurl()."/photo/{$hash}-{$smallest}.".$ph->getExt();
if ($r_json) { if ($r_json) {
echo json_encode(array('picture'=>$picture)); echo json_encode(array('picture'=>$picture));
killme(); killme();
} }
return $picture; return $picture;
} }
if ($r_json) { if ($r_json) {
echo json_encode(array('ok'=>true)); echo json_encode(array('ok'=>true));
killme(); killme();
} }
/* mod Waitman Gobble NO WARRANTY */ /* mod Waitman Gobble NO WARRANTY */