From 9878974e1f3601e9f8c8b994bda8c9112c396831 Mon Sep 17 00:00:00 2001
From: rabuzarus <>
Date: Mon, 14 Nov 2016 18:49:51 +0100
Subject: [PATCH] fix photos page permissions
---
include/items.php | 6 +++---
mod/photos.php | 12 ++++++------
mod/videos.php | 2 +-
mod/wall_attach.php | 42 +++++++++++++++++++++---------------------
mod/wall_upload.php | 40 ++++++++++++++++++++--------------------
5 files changed, 51 insertions(+), 51 deletions(-)
diff --git a/include/items.php b/include/items.php
index a0fe59bf1..ebe1fca6e 100644
--- a/include/items.php
+++ b/include/items.php
@@ -1896,21 +1896,21 @@ function drop_item($id,$interactive = true) {
$owner = $item['uid'];
- $cid = 0;
+ $contact_id = 0;
// check if logged in user is either the author or owner of this item
if (is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
- $cid = $visitor['cid'];
+ $contact_id = $visitor['cid'];
break;
}
}
}
- if ((local_user() == $item['uid']) || ($cid) || (! $interactive)) {
+ if ((local_user() == $item['uid']) || ($contact_id) || (! $interactive)) {
// Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) {
diff --git a/mod/photos.php b/mod/photos.php
index 1730a9b60..d72a82482 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -132,24 +132,24 @@ function photos_post(&$a) {
$can_post = true;
else {
if ($community_page && remote_user()) {
- $cid = 0;
+ $contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
- $cid = $v['cid'];
+ $contact_id = $v['cid'];
break;
}
}
}
- if ($cid) {
+ if ($contact_id) {
$r = qu("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
- intval($cid),
+ intval($contact_id),
intval($page_owner_uid)
);
if (dbm::is_result($r)) {
$can_post = true;
- $visitor = $cid;
+ $visitor = $contact_id;
}
}
}
@@ -1012,7 +1012,7 @@ function photos_content(&$a) {
$can_post = true;
$contact = $r[0];
$remote_contact = true;
- $visitor = $cid;
+ $visitor = $contact_id;
}
}
}
diff --git a/mod/videos.php b/mod/videos.php
index fb742eb01..1bb59bc54 100644
--- a/mod/videos.php
+++ b/mod/videos.php
@@ -263,7 +263,7 @@ function videos_content(&$a) {
$can_post = true;
$contact = $r[0];
$remote_contact = true;
- $visitor = $cid;
+ $visitor = $contact_id;
}
}
}
diff --git a/mod/wall_attach.php b/mod/wall_attach.php
index 68752a0e1..15e3d3f75 100644
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@@ -14,19 +14,19 @@ function wall_attach_post(&$a) {
);
if(! count($r)){
if ($r_json) {
- echo json_encode(array('error'=>t('Invalid request.')));
- killme();
- }
+ echo json_encode(array('error'=>t('Invalid request.')));
+ killme();
+ }
return;
- }
+ }
} else {
if ($r_json) {
- echo json_encode(array('error'=>t('Invalid request.')));
- killme();
- }
+ echo json_encode(array('error'=>t('Invalid request.')));
+ killme();
+ }
return;
- }
+ }
$can_post = false;
$visitor = 0;
@@ -40,41 +40,41 @@ function wall_attach_post(&$a) {
$can_post = true;
else {
if($community_page && remote_user()) {
- $cid = 0;
+ $contact_id = 0;
if(is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $page_owner_uid) {
- $cid = $v['cid'];
+ $contact_id = $v['cid'];
break;
}
}
}
- if($cid) {
+ if($contact_id) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
- intval($cid),
+ intval($contact_id),
intval($page_owner_uid)
);
if(count($r)) {
$can_post = true;
- $visitor = $cid;
+ $visitor = $contact_id;
}
}
}
}
if(! $can_post) {
if ($r_json) {
- echo json_encode(array('error'=>t('Permission denied.')));
- killme();
- }
+ echo json_encode(array('error'=>t('Permission denied.')));
+ killme();
+ }
notice( t('Permission denied.') . EOL );
killme();
}
if(! x($_FILES,'userfile')) {
if ($r_json) {
- echo json_encode(array('error'=>t('Invalid request.')));
- }
+ echo json_encode(array('error'=>t('Invalid request.')));
+ }
killme();
}
@@ -179,9 +179,9 @@ function wall_attach_post(&$a) {
}
if ($r_json) {
- echo json_encode(array('ok'=>true));
- killme();
- }
+ echo json_encode(array('ok'=>true));
+ killme();
+ }
$lf = "\n";
diff --git a/mod/wall_upload.php b/mod/wall_upload.php
index b815348c7..f5996d76f 100644
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@@ -17,8 +17,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
if(! count($r)){
if ($r_json) {
- echo json_encode(array('error'=>t('Invalid request.')));
- killme();
+ echo json_encode(array('error'=>t('Invalid request.')));
+ killme();
}
return;
}
@@ -30,8 +30,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
}
} else {
if ($r_json) {
- echo json_encode(array('error'=>t('Invalid request.')));
- killme();
+ echo json_encode(array('error'=>t('Invalid request.')));
+ killme();
}
return;
}
@@ -48,24 +48,24 @@ function wall_upload_post(&$a, $desktopmode = true) {
$can_post = true;
else {
if($community_page && remote_user()) {
- $cid = 0;
+ $contact_id = 0;
if(is_array($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $page_owner_uid) {
- $cid = $v['cid'];
+ $contact_id = $v['cid'];
break;
}
}
}
- if($cid) {
+ if($contact_id) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
- intval($cid),
+ intval($contact_id),
intval($page_owner_uid)
);
if(count($r)) {
$can_post = true;
- $visitor = $cid;
+ $visitor = $contact_id;
}
}
}
@@ -74,8 +74,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
if(! $can_post) {
if ($r_json) {
- echo json_encode(array('error'=>t('Permission denied.')));
- killme();
+ echo json_encode(array('error'=>t('Permission denied.')));
+ killme();
}
notice( t('Permission denied.') . EOL );
killme();
@@ -83,7 +83,7 @@ function wall_upload_post(&$a, $desktopmode = true) {
if(! x($_FILES,'userfile') && ! x($_FILES,'media')){
if ($r_json) {
- echo json_encode(array('error'=>t('Invalid request.')));
+ echo json_encode(array('error'=>t('Invalid request.')));
}
killme();
}
@@ -119,8 +119,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
if ($src=="") {
if ($r_json) {
- echo json_encode(array('error'=>t('Invalid request.')));
- killme();
+ echo json_encode(array('error'=>t('Invalid request.')));
+ killme();
}
notice(t('Invalid request.').EOL);
killme();
@@ -248,8 +248,8 @@ function wall_upload_post(&$a, $desktopmode = true) {
$r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo` WHERE `resource-id` = '%s' ORDER BY `width` DESC LIMIT 1", $hash);
if (!$r){
if ($r_json) {
- echo json_encode(array('error'=>''));
- killme();
+ echo json_encode(array('error'=>''));
+ killme();
}
return false;
}
@@ -265,16 +265,16 @@ function wall_upload_post(&$a, $desktopmode = true) {
$picture["preview"] = $a->get_baseurl()."/photo/{$hash}-{$smallest}.".$ph->getExt();
if ($r_json) {
- echo json_encode(array('picture'=>$picture));
- killme();
+ echo json_encode(array('picture'=>$picture));
+ killme();
}
return $picture;
}
if ($r_json) {
- echo json_encode(array('ok'=>true));
- killme();
+ echo json_encode(array('ok'=>true));
+ killme();
}
/* mod Waitman Gobble NO WARRANTY */