From d9371d37ad30ae56440b0deaa7c7469df0d404a1 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Mon, 21 Dec 2020 22:21:42 -0500
Subject: [PATCH 1/2] Remove undocumented use of $_REQUEST['visibility'] in
 api_fr_photo_create_update()

- Visibility is inferred from ACL strings
---
 include/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/api.php b/include/api.php
index 92d35c001e..5131c95741 100644
--- a/include/api.php
+++ b/include/api.php
@@ -4219,7 +4219,7 @@ function api_fr_photo_create_update($type)
 	$deny_cid  = $_REQUEST['deny_cid' ] ?? null;
 	$allow_gid = $_REQUEST['allow_gid'] ?? null;
 	$deny_gid  = $_REQUEST['deny_gid' ] ?? null;
-	$visibility = !empty($_REQUEST['visibility']) && $_REQUEST['visibility'] !== "false";
+	$visibility = !$allow_cid && !$deny_cid && !$allow_gid && !$deny_gid;
 
 	// do several checks on input parameters
 	// we do not allow calls without album string

From 49c1f5c55cfa783276ad5cffc351eda545c5a513 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Mon, 21 Dec 2020 22:23:13 -0500
Subject: [PATCH 2/2] Improve handling of the visibility parameter of the new
 ACL

- Add backward compatibility with old ACL parameters
---
 mod/events.php | 35 +++++++++++++++++------------------
 mod/item.php   | 25 ++++++++++++-------------
 mod/photos.php | 27 +++++++++++++--------------
 3 files changed, 42 insertions(+), 45 deletions(-)

diff --git a/mod/events.php b/mod/events.php
index 9706980afe..d4a902c725 100644
--- a/mod/events.php
+++ b/mod/events.php
@@ -163,27 +163,26 @@ function events_post(App $a)
 
 
 	if ($share) {
-		$str_contact_allow = '';
-		$str_group_allow   = '';
-		$str_contact_deny  = '';
-		$str_group_deny    = '';
+		$user = User::getById($uid, ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid']);
+		if (!DBA::isResult($user)) {
+			return;
+		}
 
-		if (($_REQUEST['visibility'] ?? '') !== 'public') {
-			$user = User::getById($uid, ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid']);
-			if (!DBA::isResult($user)) {
-				return;
-			}
+		$aclFormatter = DI::aclFormatter();
+		$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
+		$str_group_allow   = isset($_REQUEST['group_allow'])   ? $aclFormatter->toString($_REQUEST['group_allow'])   : $user['allow_gid'] ?? '';
+		$str_contact_deny  = isset($_REQUEST['contact_deny'])  ? $aclFormatter->toString($_REQUEST['contact_deny'])  : $user['deny_cid']  ?? '';
+		$str_group_deny    = isset($_REQUEST['group_deny'])    ? $aclFormatter->toString($_REQUEST['group_deny'])    : $user['deny_gid']  ?? '';
 
-			$aclFormatter = DI::aclFormatter();
-			$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
-			$str_group_allow   = isset($_REQUEST['group_allow'])   ? $aclFormatter->toString($_REQUEST['group_allow'])   : $user['allow_gid'] ?? '';
-			$str_contact_deny  = isset($_REQUEST['contact_deny'])  ? $aclFormatter->toString($_REQUEST['contact_deny'])  : $user['deny_cid']  ?? '';
-			$str_group_deny    = isset($_REQUEST['group_deny'])    ? $aclFormatter->toString($_REQUEST['group_deny'])    : $user['deny_gid']  ?? '';
-
-			// Since we know from the visibility parameter it should be private, we have to prevent the empty ACL case
-			// that would make the item public. So we always append the author's contact id to the allowed contacts.
+		$visibility = $_REQUEST['visibility'] ?? '';
+		if ($visibility === 'public') {
+			// The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
+			$str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
+		} else if ($visibility === 'custom') {
+			// Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
+			// case that would make it public. So we always append the author's contact id to the allowed contacts.
 			// See https://github.com/friendica/friendica/issues/9672
-			$str_contact_allow .= $aclFormatter->toString(\Friendica\Model\Contact::getPublicIdByUserId($uid));
+			$str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid));
 		}
 	} else {
 		$str_contact_allow = '<' . $self . '>';
diff --git a/mod/item.php b/mod/item.php
index d1e1d06ce0..ed4e50348d 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -261,20 +261,19 @@ function item_post(App $a) {
 		$guid              = $orig_post['guid'];
 		$extid             = $orig_post['extid'];
 	} else {
-		$str_contact_allow = '';
-		$str_group_allow   = '';
-		$str_contact_deny  = '';
-		$str_group_deny    = '';
+		$aclFormatter = DI::aclFormatter();
+		$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
+		$str_group_allow   = isset($_REQUEST['group_allow'])   ? $aclFormatter->toString($_REQUEST['group_allow'])   : $user['allow_gid'] ?? '';
+		$str_contact_deny  = isset($_REQUEST['contact_deny'])  ? $aclFormatter->toString($_REQUEST['contact_deny'])  : $user['deny_cid']  ?? '';
+		$str_group_deny    = isset($_REQUEST['group_deny'])    ? $aclFormatter->toString($_REQUEST['group_deny'])    : $user['deny_gid']  ?? '';
 
-		if (($_REQUEST['visibility'] ?? '') !== 'public') {
-			$aclFormatter = DI::aclFormatter();
-			$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
-			$str_group_allow   = isset($_REQUEST['group_allow'])   ? $aclFormatter->toString($_REQUEST['group_allow'])   : $user['allow_gid'] ?? '';
-			$str_contact_deny  = isset($_REQUEST['contact_deny'])  ? $aclFormatter->toString($_REQUEST['contact_deny'])  : $user['deny_cid']  ?? '';
-			$str_group_deny    = isset($_REQUEST['group_deny'])    ? $aclFormatter->toString($_REQUEST['group_deny'])    : $user['deny_gid']  ?? '';
-
-			// Since we know from the visibility parameter it should be private, we have to prevent the empty ACL case
-			// that would make the item public. So we always append the author's contact id to the allowed contacts.
+		$visibility = $_REQUEST['visibility'] ?? '';
+		if ($visibility === 'public') {
+			// The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
+			$str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
+		} else if ($visibility === 'custom') {
+			// Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
+			// case that would make it public. So we always append the author's contact id to the allowed contacts.
 			// See https://github.com/friendica/friendica/issues/9672
 			$str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid));
 		}
diff --git a/mod/photos.php b/mod/photos.php
index 6e9a96ab2d..94c348cc9f 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -184,22 +184,21 @@ function photos_post(App $a)
 		exit();
 	}
 
-	$str_contact_allow = '';
-	$str_group_allow   = '';
-	$str_contact_deny  = '';
-	$str_group_deny    = '';
+	$aclFormatter = DI::aclFormatter();
+	$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $owner_record['allow_cid'] ?? '';
+	$str_group_allow   = isset($_REQUEST['group_allow'])   ? $aclFormatter->toString($_REQUEST['group_allow'])   : $owner_record['allow_gid'] ?? '';
+	$str_contact_deny  = isset($_REQUEST['contact_deny'])  ? $aclFormatter->toString($_REQUEST['contact_deny'])  : $owner_record['deny_cid']  ?? '';
+	$str_group_deny    = isset($_REQUEST['group_deny'])    ? $aclFormatter->toString($_REQUEST['group_deny'])    : $owner_record['deny_gid']  ?? '';
 
-	if (($_REQUEST['visibility'] ?? '') !== 'public') {
-		$aclFormatter = DI::aclFormatter();
-		$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $owner_record['allow_cid'] ?? '';
-		$str_group_allow   = isset($_REQUEST['group_allow'])   ? $aclFormatter->toString($_REQUEST['group_allow'])   : $owner_record['allow_gid'] ?? '';
-		$str_contact_deny  = isset($_REQUEST['contact_deny'])  ? $aclFormatter->toString($_REQUEST['contact_deny'])  : $owner_record['deny_cid']  ?? '';
-		$str_group_deny    = isset($_REQUEST['group_deny'])    ? $aclFormatter->toString($_REQUEST['group_deny'])    : $owner_record['deny_gid']  ?? '';
-
-		// Since we know from the visibility parameter it should be private, we have to prevent the empty ACL case
-		// that would make the item public. So we always append the author's contact id to the allowed contacts.
+	$visibility = $_REQUEST['visibility'] ?? '';
+	if ($visibility === 'public') {
+		// The ACL selector introduced in version 2019.12 sends ACL input data even when the Public visibility is selected
+		$str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
+	} else if ($visibility === 'custom') {
+		// Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
+		// case that would make it public. So we always append the author's contact id to the allowed contacts.
 		// See https://github.com/friendica/friendica/issues/9672
-		$str_contact_allow .= $aclFormatter->toString(\Friendica\Model\Contact::getPublicIdByUserId($page_owner_uid));
+		$str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($page_owner_uid));
 	}
 
 	if ($a->argc > 3 && $a->argv[2] === 'album') {