Friendica/friendica
Friendica/friendica
1
0
Fork 1
mirror of https://git.friendi.ca/friendica/friendica.git synced 2025-06-10 05:44:32 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #7305 from deantownsley/imageauthfix

Browse source 
Make authentication work for local private images
This commit is contained in:
Hypolite Petovan 2019-06-23 15:18:15 -04:00 committed by GitHub
commit fa191bd821
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/Model/Photo.php
View file

@ -16,6 +16,7 @@ use Friendica\Database\DBA;
use Friendica\Database\DBStructure;
use Friendica\Model\Storage\IStorage;
use Friendica\Object\Image;
use Friendica\Protocol\DFRN;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Security;
@ -133,8 +134,16 @@ class Photo extends BaseObject
if ($r === false) {
return false;
}
$uid = $r["uid"];
$sql_acl = Security::getPermissionsSQLByUserId($r["uid"]);
// This is the first place, when retrieving just a photo, that we know who owns the photo.
// Make sure that the requester's session is appropriately authenticated to that user
// otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
$r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
// this will either just return (if auth all ok) or will redirect and exit (starting over)
DFRN::autoRedir(self::getApp(), $r["nickname"]);
$sql_acl = Security::getPermissionsSQLByUserId($uid);
$conditions = [
"`resource-id` = ? AND `scale` <= ? " . $sql_acl,