We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

Photo Privacy ignored on Top Rated and Most Discussed list | Forum

Topic location: Forum home » Support » Bug reports and troubleshooting
Jim Seductive
Jim Seductive May 30 '15
I have just installed Platform version 1.7.3 (build 8710) and have been testing everything.  It seems that when setting Privacy setting for Photo Albums to friends_only or only_me. It works fine if you go to that person's albums, but when selecting Photo from menu, the photo does not show up on Latest, but still shows up on Top Rated (if it has a rating) and Most Discussed (if it has comments). In trying to debug this, I found that the ow_photo table has a list of the photos, and a setting of privacy for each photo (set via cron when changed). So it is easy to replicate / test this bug by just changing any photo in that table, changing privacy to friends_only or only_me, then you can see that the photo will disappear from Latest but still be there in Top Rated and Most Discussed (again assuming that the photo has been rated and commented).  Please advise if this is a bug as I think it is.
#1
Jim Seductive
Jim Seductive May 30 '15
I just tested on the the demo  demo.oxwall.org and it is replicated there, at least for the Most Discussed bug. (Top Rated seems to be working properly)

Steps I took on Demo site:  I logged in as Admin, uploaded a picture. Logged off, Logged in as Demo user, rated the picture, commented on the picture. Logged off. went to Photos, Latest, Top Rated and Most Discussed, picture appeared in all lists. Logged in to Admin, changed Privacy, Photo Albums, to Only Me, Saved.  Logged off.  from public view, picture now not on Latest list, but still appears on Most Discussed.  Logged into Demo user, same thing, picture does not appear on Latest list, but does appear on Most Discussed.  

#2
ross Team
ross May 31 '15
Jim, thank you for investigating, however this issue been already reported to our developers team. It will be fixed in one of the upcoming updates. 
#3
Jim Seductive
Jim Seductive Jun 1 '15
Thanks Ross, Good to hear, 


but I can't roll this out with such a glaring hole in security. Can someone point me in the direction of where in the code the privacy is tested, so I can make a temporary Code Modification until the problem is fixed ?

#4
ross Team
ross Jun 2 '15
In ow_plugins/photo/bol/photo_dao.php  file

function

findPhotoInfoListByIdList()

#5
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software