Images that are uploaded to public forums are now public
This commit is contained in:
parent
05a09adb3b
commit
a7088f5b67
232
mod/item.php
232
mod/item.php
|
@ -423,122 +423,6 @@ function item_post(App $a) {
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* When a photo was uploaded into the message using the (profile wall) ajax
|
||||
* uploader, The permissions are initially set to disallow anybody but the
|
||||
* owner from seeing it. This is because the permissions may not yet have been
|
||||
* set for the post. If it's private, the photo permissions should be set
|
||||
* appropriately. But we didn't know the final permissions on the post until
|
||||
* now. So now we'll look for links of uploaded messages that are in the
|
||||
* post and set them to the same permissions as the post itself.
|
||||
*/
|
||||
|
||||
$match = null;
|
||||
|
||||
if ((! $preview) && preg_match_all("/\[img([\=0-9x]*?)\](.*?)\[\/img\]/",$body,$match)) {
|
||||
$images = $match[2];
|
||||
if (count($images)) {
|
||||
|
||||
$objecttype = ACTIVITY_OBJ_IMAGE;
|
||||
|
||||
foreach ($images as $image) {
|
||||
if (! stristr($image,System::baseUrl() . '/photo/')) {
|
||||
continue;
|
||||
}
|
||||
$image_uri = substr($image,strrpos($image,'/') + 1);
|
||||
$image_uri = substr($image_uri,0, strpos($image_uri,'-'));
|
||||
if (! strlen($image_uri)) {
|
||||
continue;
|
||||
}
|
||||
$srch = '<' . intval($contact_id) . '>';
|
||||
|
||||
$r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = ''
|
||||
AND `resource-id` = '%s' AND `uid` = %d LIMIT 1",
|
||||
dbesc($srch),
|
||||
dbesc($image_uri),
|
||||
intval($profile_uid)
|
||||
);
|
||||
|
||||
if (! DBM::is_result($r)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
|
||||
WHERE `resource-id` = '%s' AND `uid` = %d AND `album` = '%s' ",
|
||||
dbesc($str_contact_allow),
|
||||
dbesc($str_group_allow),
|
||||
dbesc($str_contact_deny),
|
||||
dbesc($str_group_deny),
|
||||
dbesc($image_uri),
|
||||
intval($profile_uid),
|
||||
dbesc( t('Wall Photos'))
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Next link in any attachment references we find in the post.
|
||||
*/
|
||||
$match = false;
|
||||
|
||||
if ((! $preview) && preg_match_all("/\[attachment\](.*?)\[\/attachment\]/", $body, $match)) {
|
||||
$attaches = $match[1];
|
||||
if (count($attaches)) {
|
||||
foreach ($attaches as $attach) {
|
||||
$r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
|
||||
intval($profile_uid),
|
||||
intval($attach)
|
||||
);
|
||||
if (DBM::is_result($r)) {
|
||||
$r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
|
||||
WHERE `uid` = %d AND `id` = %d",
|
||||
dbesc($str_contact_allow),
|
||||
dbesc($str_group_allow),
|
||||
dbesc($str_contact_deny),
|
||||
dbesc($str_group_deny),
|
||||
intval($profile_uid),
|
||||
intval($attach)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// embedded bookmark or attachment in post? set bookmark flag
|
||||
|
||||
$bookmark = 0;
|
||||
$data = get_attachment_data($body);
|
||||
if (preg_match_all("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism", $body, $match, PREG_SET_ORDER) || isset($data["type"])) {
|
||||
$objecttype = ACTIVITY_OBJ_BOOKMARK;
|
||||
$bookmark = 1;
|
||||
}
|
||||
|
||||
$body = bb_translate_video($body);
|
||||
|
||||
|
||||
// Fold multi-line [code] sequences
|
||||
$body = preg_replace('/\[\/code\]\s*\[code\]/ism', "\n", $body);
|
||||
|
||||
$body = scale_external_images($body, false);
|
||||
|
||||
// Setting the object type if not defined before
|
||||
if (!$objecttype) {
|
||||
$objecttype = ACTIVITY_OBJ_NOTE; // Default value
|
||||
require_once 'include/plaintext.php';
|
||||
$objectdata = get_attached_data($body);
|
||||
|
||||
if ($post["type"] == "link") {
|
||||
$objecttype = ACTIVITY_OBJ_BOOKMARK;
|
||||
} elseif ($post["type"] == "video") {
|
||||
$objecttype = ACTIVITY_OBJ_VIDEO;
|
||||
} elseif ($post["type"] == "photo") {
|
||||
$objecttype = ACTIVITY_OBJ_IMAGE;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Look for any tags and linkify them
|
||||
$str_tags = '';
|
||||
$inform = '';
|
||||
|
@ -645,6 +529,122 @@ function item_post(App $a) {
|
|||
$_REQUEST['origin'] = false;
|
||||
}
|
||||
|
||||
/*
|
||||
* When a photo was uploaded into the message using the (profile wall) ajax
|
||||
* uploader, The permissions are initially set to disallow anybody but the
|
||||
* owner from seeing it. This is because the permissions may not yet have been
|
||||
* set for the post. If it's private, the photo permissions should be set
|
||||
* appropriately. But we didn't know the final permissions on the post until
|
||||
* now. So now we'll look for links of uploaded messages that are in the
|
||||
* post and set them to the same permissions as the post itself.
|
||||
*/
|
||||
|
||||
$match = null;
|
||||
|
||||
if (!$preview && preg_match_all("/\[img([\=0-9x]*?)\](.*?)\[\/img\]/",$body,$match)) {
|
||||
$images = $match[2];
|
||||
if (count($images)) {
|
||||
|
||||
$objecttype = ACTIVITY_OBJ_IMAGE;
|
||||
|
||||
foreach ($images as $image) {
|
||||
if (! stristr($image,System::baseUrl() . '/photo/')) {
|
||||
continue;
|
||||
}
|
||||
$image_uri = substr($image,strrpos($image,'/') + 1);
|
||||
$image_uri = substr($image_uri,0, strpos($image_uri,'-'));
|
||||
if (! strlen($image_uri)) {
|
||||
continue;
|
||||
}
|
||||
$srch = '<' . intval($contact_id) . '>';
|
||||
|
||||
$r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = ''
|
||||
AND `resource-id` = '%s' AND `uid` = %d LIMIT 1",
|
||||
dbesc($srch),
|
||||
dbesc($image_uri),
|
||||
intval($profile_uid)
|
||||
);
|
||||
|
||||
if (! DBM::is_result($r)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
|
||||
WHERE `resource-id` = '%s' AND `uid` = %d AND `album` = '%s' ",
|
||||
dbesc($str_contact_allow),
|
||||
dbesc($str_group_allow),
|
||||
dbesc($str_contact_deny),
|
||||
dbesc($str_group_deny),
|
||||
dbesc($image_uri),
|
||||
intval($profile_uid),
|
||||
dbesc( t('Wall Photos'))
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Next link in any attachment references we find in the post.
|
||||
*/
|
||||
$match = false;
|
||||
|
||||
if ((! $preview) && preg_match_all("/\[attachment\](.*?)\[\/attachment\]/", $body, $match)) {
|
||||
$attaches = $match[1];
|
||||
if (count($attaches)) {
|
||||
foreach ($attaches as $attach) {
|
||||
$r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
|
||||
intval($profile_uid),
|
||||
intval($attach)
|
||||
);
|
||||
if (DBM::is_result($r)) {
|
||||
$r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
|
||||
WHERE `uid` = %d AND `id` = %d",
|
||||
dbesc($str_contact_allow),
|
||||
dbesc($str_group_allow),
|
||||
dbesc($str_contact_deny),
|
||||
dbesc($str_group_deny),
|
||||
intval($profile_uid),
|
||||
intval($attach)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// embedded bookmark or attachment in post? set bookmark flag
|
||||
|
||||
$bookmark = 0;
|
||||
$data = get_attachment_data($body);
|
||||
if (preg_match_all("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism", $body, $match, PREG_SET_ORDER) || isset($data["type"])) {
|
||||
$objecttype = ACTIVITY_OBJ_BOOKMARK;
|
||||
$bookmark = 1;
|
||||
}
|
||||
|
||||
$body = bb_translate_video($body);
|
||||
|
||||
|
||||
// Fold multi-line [code] sequences
|
||||
$body = preg_replace('/\[\/code\]\s*\[code\]/ism', "\n", $body);
|
||||
|
||||
$body = scale_external_images($body, false);
|
||||
|
||||
// Setting the object type if not defined before
|
||||
if (!$objecttype) {
|
||||
$objecttype = ACTIVITY_OBJ_NOTE; // Default value
|
||||
require_once 'include/plaintext.php';
|
||||
$objectdata = get_attached_data($body);
|
||||
|
||||
if ($objectdata["type"] == "link") {
|
||||
$objecttype = ACTIVITY_OBJ_BOOKMARK;
|
||||
} elseif ($objectdata["type"] == "video") {
|
||||
$objecttype = ACTIVITY_OBJ_VIDEO;
|
||||
} elseif ($objectdata["type"] == "photo") {
|
||||
$objecttype = ACTIVITY_OBJ_IMAGE;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$attachments = '';
|
||||
$match = false;
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user