aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCash Costello <cash.costello@gmail.com>2012-07-13 22:30:51 -0400
committerCash Costello <cash.costello@gmail.com>2012-07-13 22:30:51 -0400
commitf611a0505343629bb3c353647334f039bbed48af (patch)
treee6f6c88d1d930ac9894e275910c541ce59d3f253
parent54bc5844dfe6cb684c7aecaf1be5ee8071d98fe0 (diff)
parentb09db0ec2a35590cb13cda6ed053edc10e671035 (diff)
downloadelgg-f611a0505343629bb3c353647334f039bbed48af.tar.gz
elgg-f611a0505343629bb3c353647334f039bbed48af.tar.bz2
Added Brett's access check on photos
-rw-r--r--classes/TidypicsAlbum.php19
-rw-r--r--lib/tidypics.php10
2 files changed, 25 insertions, 4 deletions
diff --git a/classes/TidypicsAlbum.php b/classes/TidypicsAlbum.php
index d069117bf..3d7d12b32 100644
--- a/classes/TidypicsAlbum.php
+++ b/classes/TidypicsAlbum.php
@@ -9,7 +9,6 @@
class TidypicsAlbum extends ElggObject {
-
/**
* Sets the internal attributes
*/
@@ -186,6 +185,17 @@ class TidypicsAlbum extends ElggObject {
return array();
}
$list = unserialize($listString);
+
+ // check access levels
+ $guidsString = implode(',', $list);
+ $options = array(
+ 'wheres' => array("e.guid IN ($guidsString)"),
+ 'order_by' => "FIELD (e.guid, $guidsString)",
+ 'callback' => 'tp_guid_callback',
+ 'limit' => ELGG_ENTITIES_NO_VALUE
+ );
+
+ $list = elgg_get_entities($options);
return $list;
}
@@ -211,7 +221,7 @@ class TidypicsAlbum extends ElggObject {
}
/**
- * Get the previous image in the album
+ * Get the previous image in the album. Wraps around to the last image if given the first.
*
* @param int $guid GUID of the current image
* @return TidypicsImage
@@ -230,7 +240,7 @@ class TidypicsAlbum extends ElggObject {
}
/**
- * Get the next image in the album
+ * Get the next image in the album. Wraps around to the first image if given the last.
*
* @param int $guid GUID of the current image
* @return TidypicsImage
@@ -282,9 +292,10 @@ class TidypicsAlbum extends ElggObject {
/**
* Delete all the images in this album
+ *
+ * @todo ElggBatch?
*/
protected function deleteImages() {
- // get all the images from this album as long as less than 999 images
$images = elgg_get_entities(array(
"type=" => "object",
"subtype" => "image",
diff --git a/lib/tidypics.php b/lib/tidypics.php
index 7426a048e..38c6b31a8 100644
--- a/lib/tidypics.php
+++ b/lib/tidypics.php
@@ -190,6 +190,16 @@ function tidypics_list_photos(array $options = array()) {
return elgg_view_entity_list($sorted_entities, $options);
}
+/**
+ * Returns just a guid from a database $row. Used in elgg_get_entities()'s callback.
+ *
+ * @param stdClass $row
+ * @return type
+ */
+function tp_guid_callback($row) {
+ return ($row->guid) ? $row->guid : false;
+}
+
/*********************************************************************
* the functions below replace broken core functions or add functions