diff --git a/mod/item.php b/mod/item.php index 0a97cdc470..36b51a537e 100644 --- a/mod/item.php +++ b/mod/item.php @@ -128,6 +128,50 @@ function item_post(&$a) { } } + + /** + * + * If a photo was uploaded into the message using the ajax uploader, + * it can be seen by anybody. Set the permissions to match the message. + * Ideally this should be done when the photo was uploaded, but the permissions + * may not have been set at that time, and passing the permission arrays via + * javascript to the ajax upload is going to be a challenge. + * This is a compromise. Granted there is a window of time when the photo + * is public. You are welcome to suggest other ways to fix this. + * + */ + + $match = null; + + if($private) { + if(preg_match_all("/\[img\](.+?)\[\/img\]/",$body,$match)) { + $images = $match[1]; + if(count($images)) { + foreach($images as $image) { + if(! stristr($image,$a->get_baseurl() . '/photo/')) + continue; + $image_uri = substr($image,strrpos($image,'/') + 1); + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' + WHERE `resource-id` = '%s' AND `album` = '%s' ", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + dbesc($image_uri), + dbesc( t('Wall Photos')) + ); + + } + } + } + } + + + /** + * Look for any tags and linkify them + */ + $str_tags = ''; $inform = '';