harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added hackish support for permissions-sync between profile and profile-pictures

Browse Source
This commit is contained in:
sirius 2014-04-14 00:45:24 +02:00
parent 153cc599a3
commit 8b8feea12f
2 changed files with 41 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
mod/profile_photo.php
View File

@ -2,6 +2,34 @@
require_once('include/photo/photo_driver.php'); require_once('include/photo/photo_driver.php');
function profile_photo_set_profile_perms($profileid) {
$allowcid = '';
$r = q("SELECT photo, profile_guid, id FROM profile WHERE profile.id = %d LIMIT 1", intval($profileid));
$profile = $r[0];
if(x($profile['photo'])) {
preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id);
$resource_id = $resource_id[0];
if(x($profileid)) {
$r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id']));
$r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid']));
foreach ($r1 as $entry) {
$allowcid .= "<" . $entry['abook_xchan'] . ">";
}
foreach ($r2 as $entry) {
$allowcid .= "<" . $entry['abook_xchan'] . ">";
}
if(x($allowcid)) {
q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s'",dbesc($allowcid),dbesc($resource_id));
}
}
}
return;
}
function profile_photo_init(&$a) { function profile_photo_init(&$a) {
if(! local_user()) { if(! local_user()) {
@ -142,6 +170,11 @@ function profile_photo_post(&$a) {
// Update directory in background // Update directory in background
proc_run('php',"include/directory.php",$channel['channel_id']); proc_run('php',"include/directory.php",$channel['channel_id']);
// Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures'
profile_photo_set_profile_perms($_REQUEST['profile']);
} }
else else
notice( t('Unable to process image') . EOL); notice( t('Unable to process image') . EOL);

12
mod/profperm.php
View File

@ -10,7 +10,7 @@ function profperm_init(&$a) {
$channel = $a->get_channel(); $channel = $a->get_channel();
$which = $channel['channel_address']; $which = $channel['channel_address'];
$profile = $a->argv[1]; $profile = $a->argv[1];
profile_load($a,$which,$profile); profile_load($a,$which,$profile);
@ -89,6 +89,10 @@ function profperm_content(&$a) {
} }
//Time to update the permissions on the profile-pictures as well
require_once('mod/profile_photo.php');
profile_photo_set_profile_perms($profile['id']);
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = %d", $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = %d",
intval(local_user()), intval(local_user()),
intval(argv(1)) intval(argv(1))
@ -111,9 +115,9 @@ function profperm_content(&$a) {
} }
$o .= '<div id="prof-update-wrapper">'; $o .= '<div id="prof-update-wrapper">';
if($change) if($change)
$o = ''; $o = '';
$o .= '<div id="prof-members-title">'; $o .= '<div id="prof-members-title">';
$o .= '<h3>' . t('Visible To') . '</h3>'; $o .= '<h3>' . t('Visible To') . '</h3>';
$o .= '</div>'; $o .= '</div>';
@ -134,7 +138,7 @@ function profperm_content(&$a) {
$o .= '<h3>' . t("All Connections") . '</h3>'; $o .= '<h3>' . t("All Connections") . '</h3>';
$o .= '</div>'; $o .= '</div>';
$o .= '<div id="prof-all-contacts">'; $o .= '<div id="prof-all-contacts">';
$r = abook_connections(local_user()); $r = abook_connections(local_user());
if($r) { if($r) {