harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixme note about discovered permission encryption

Browse Source
This commit is contained in:
friendica 2012-11-02 14:48:33 -07:00
parent 4fb898a0a3
commit 78884195bc
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
mod/photos.php
View File

@ -20,11 +20,17 @@ function photos_init(&$a) {
dbesc($nick)
);
if(! ($r && count($r)))
if(! $r)
return;
$a->data['channel'] = $r[0];
$o .= '<div class="vcard">';
$o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>';
$o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
$o .= '</div>';
$sql_extra = permissions_sql($a->data['channel']['channel_id']);
$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra order by created desc",
@ -34,11 +40,6 @@ function photos_init(&$a) {
if(count($albums)) {
$a->data['albums'] = $albums;
// FIXME
$o .= '<div class="vcard">';
$o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>';
$o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
$o .= '</div>';
$albums_visible = ((intval($a->data['user']['hidewall']) && (! local_user()) && (! remote_user())) ? false : true);
if($albums_visible) {

2
mod/zfinger.php
View File

@ -68,6 +68,8 @@ function zfinger_init(&$a) {
$ret['target'] = $ztarget;
$ret['target_sig'] = $zsig;
// FIXME encrypt permissions when targeted so that only the target can view them, requires sending the pubkey and also checking that the target_sig is signed with that pubkey and isn't a forgery.
$ret['permissions'] = get_all_perms($e['channel_id'],(($ztarget && $zsig)
? base64url_encode(hash('whirlpool',$ztarget . $zsig,true))
: '' ),false);