Closed jasoncheng closed 5 years ago
permission set to right group or public, but still denied ....wanna cry; i won't give up
Disable picture proxy, denied photo gone :)
Disable picture proxy, denied photo gone :)
On which branch of friendica code?
@fabrixxm my branch is latest develop (321c720e5d9c6732e02219d5fa356d90e0caec06)
But the first image in this thread https://meld.de/display/00d81f2c-195c-239a-1482-807701372578 looks like it is in fact private...
the image is https://meld.de/photo/59477711415c239a0ff3012515306320-1.jpg :
(if you are logged on meld.de, try the links in a private window)
The last one in same thread ( https://meld.de/photo/15828470165c239bfc61453052825589-1.png ) is public and it works correctly via proxy ( https://kirgroup.com/proxy/c4/aHR0cHM6Ly9NRUxELmRlL3Bob3RvLzE1ODI4NDcwMTY1YzIzOWJmYzYxNDUzMDUyODI1NTg5LTEucG5n.png )
@fabrixxm just test again; my server uncheck [Disable picture proxy]
post on meld.de: https://meld.de/display/00d81f2c-165c-23be-99c8-ae8089789820 (public) meld.de photo: https://meld.de/photos/jasoncheng/image/18467922755c23be9523725086232982 (public)
and my server: https://jason.holi.chat/display/00d81f2c-165c-23be-99c8-ae8089789820 my server photo : https://jason.holi.chat/proxy/36/aHR0cHM6Ly9NRUxELmRlL3Bob3RvLzE4NDY3OTIyNzU1YzIzYmU5NTIzNzI1MDg2MjMyOTgyLTEuanBn.jpg
could be my server issue? if require my server account for debug, i can give it to you @fabrixxm ; BTW, it's holiday, you should take a rest, no need hurry; at least we can just disable it for now.
so system log: (but just notice)
PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 259 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 361 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 361 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 231 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 259 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 318 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 318 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 318 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 318
warning:
PHP Warning: Illegal string offset 'created' in /var/www/html/friendica/src/Worker/Notifier.php on line 148 PHP Notice: Uninitialized string offset: 0 in /var/www/html/friendica/src/Worker/Notifier
.php on line 148
But the first image in this thread https://meld.de/display/00d81f2c-195c-239a-1482-807701372578 looks like it is in fact private...
the image is https://meld.de/photo/59477711415c239a0ff3012515306320-1.jpg :
(if you are logged on meld.de, try the links in a private window)
The last one in same thread ( https://meld.de/photo/15828470165c239bfc61453052825589-1.png ) is public and it works correctly via proxy ( https://kirgroup.com/proxy/c4/aHR0cHM6Ly9NRUxELmRlL3Bob3RvLzE1ODI4NDcwMTY1YzIzOWJmYzYxNDUzMDUyODI1NTg5LTEucG5n.png )
i forget what i done, sorry; so i test it again, logs on https://github.com/jasoncheng/dica/issues/121#issuecomment-450000857
Status Update:
backslash denied photo show again(nosign.png) on post: https://meld.de/display/00d81f2c-185c-2b28-03b5-28d042269572 => public photo, but same network user cannot read image.
as mentions on #issue-394181221, it will set allow_cid, allow_gid, deny_cid, deny_gid to NULL
but Photo.php and Util/Security.php script, will generate sql commend when user is not come from browser
SELECT * FROM `photo` WHERE `resource-id` LIKE '20657267135c2cc95c60007381438245'
AND scale <= 1
AND allow_cid = '' AND allow_gid = '' AND deny_cid = '' AND deny_gid = ''
ORDER BY `scale` DESC
so, public photo will return nosign.png
May i create PR on change this [Util/security.php] (https://github.com/friendica/friendica/blob/develop/src/Util/Security.php#L97) to
AND (allow_cid IS NULL OR allow_cid = '') AND (allow_gid IS NULL OR allow_gid = '') ...
and also android client should change image cache policy consider: Cache-Control: no-store, no-cache, must-revalidate;
but...no idea how to did this right now, haha
If access control fields in photo table are null, something is wrong. How do you upload the photos with nulls?
@fabrixxm here: https://github.com/jasoncheng/dica/issues/121#issue-394181221
The issue could be here https://github.com/friendica/friendica/blob/develop/include/api.php#L4119-L4122
If there are no "allow_cid" or any other in POST data, the value is set to null, but it should be set to empty string. I'll send a PR for this...
@fabrixxm thank you so much for doing this 👍
@fabrixxm that would be nice, also support video upload for media/update, haha
meanwhile, a fix compatible with friendica versions before api code fix should to send to api/friendica/photo/create
the four parameters (allow_cid, allow_gid, deny_cid, deny_gid) as empty strings
let's do something in android client, before APIs change
at meld.de, that's why backslash, unable to update photo permission (photo not available) but why??
01-07 15:44:55.315 27171 27282 D OkHttp : --> POST https://meld.de/api/friendica/photo/update http/1.1
01-07 15:44:55.315 27171 27282 D OkHttp : Content-Type: application/x-www-form-urlencoded
01-07 15:44:55.318 27171 27282 D OkHttp : Content-Length: 103
01-07 15:44:55.322 27171 27282 D OkHttp : photo_id=51431188435c3303599dd4f276864210&allow_gid=&deny_gid=&allow_cid=&deny_cid=&album=Wall%20Photos
01-07 15:44:57.862 27171 27282 D OkHttp : <-- 400 https://meld.de/api/friendica/photo/update (2538ms)
01-07 15:44:57.863 27171 27282 D OkHttp : date: Mon, 07 Jan 2019 07:44:57 GMT
01-07 15:44:57.863 27171 27282 D OkHttp : server: Apache
01-07 15:44:57.863 27171 27282 D OkHttp : expires: Thu, 19 Nov 1981 08:52:00 GMT
01-07 15:44:57.863 27171 27282 D OkHttp : cache-control: no-store, no-cache, must-revalidate
01-07 15:44:57.863 27171 27282 D OkHttp : pragma: no-cache
01-07 15:44:57.863 27171 27282 D OkHttp : x-account-management-status: active; name="Cheng Shihchieh"; id="jasoncheng"
01-07 15:44:57.863 27171 27282 D OkHttp : strict-transport-security: max-age=10368000; includeSubDomains; preload
01-07 15:44:57.863 27171 27282 D OkHttp : content-type: application/json
01-07 15:44:57.866 27171 27282 D OkHttp : {"status":{"error":"photo not available","code":"400 Bad Request","request":"api\/friendica\/photo\/update"}}
it's look like i should use a correct album name instead of [Wall Photos] https://github.com/friendica/friendica/blob/develop/include/api.php#L4151
01-07 16:07:36.113 29808 30093 D OkHttp : <-- 200 https://meld.de/api/friendica/photo?photo_id=45399971815c3308b9cc131866618518 (2294ms)
01-07 16:07:36.113 29808 30093 D OkHttp : date: Mon, 07 Jan 2019 08:07:35 GMT
01-07 16:07:36.113 29808 30093 D OkHttp : server: Apache
01-07 16:07:36.113 29808 30093 D OkHttp : expires: Thu, 19 Nov 1981 08:52:00 GMT
01-07 16:07:36.113 29808 30093 D OkHttp : cache-control: no-store, no-cache, must-revalidate
01-07 16:07:36.114 29808 30093 D OkHttp : pragma: no-cache
01-07 16:07:36.114 29808 30093 D OkHttp : x-account-management-status: active; name="Cheng Shihchieh"; id="jasoncheng"
01-07 16:07:36.114 29808 30093 D OkHttp : strict-transport-security: max-age=10368000; includeSubDomains; preload
01-07 16:07:36.114 29808 30093 D OkHttp : content-type: application/json
01-07 16:07:36.120 29808 30093 D OkHttp : {"created":"2019-01-07 08:07:21","edited":"2019-01-07 08:07:22","title":"","desc":"","album":"\u5899\u7167\u7247","filename":"DiCa2158657420030402906DiCa4610067424233946836.jpg","type":"image\/jpeg","height":2400,"width":3200,"profile":0,"allow_cid":"<190555>","deny_cid":"","allow_gid":"","deny_gid":"","id":"45399971815c3308b9cc131866618518","link":["https:\/\/MELD.de\/photo\/45399971815c3308b9cc131866618518-0.jpg","https:\/\/MELD.de\/photo\/45399971815c3308b9cc131866618518-1.jpg","https:\/\/MELD.de\/photo\/45399971815c3308b9cc131866618518-2.jpg"],"friendica_activities":{"like":[],"dislike":[],"attendyes":[],"attendno":[],"attendmaybe":[]},"friendica_comments":[],"rights_mismatch":true}
okay, it's work now;
Problem is:
my account on friendica album name is Chines name [牆照片], but [Wall Photos] is DiCa default album name; when setup permission of photo, require correct album name, so it's failure.
Temp solution:
i need to call friendica/photo, to get album name, and call (firendica/photo/update) update permission with correct album name. then, backslash will gone.
if possible API change ? then i can reduce extra API call.
mh.. imho, that function is quite a mess..
mh.. imho, that function is quite a mess..
haha, understand :)
currently post step:
1.photo #0 : media/upload (get friendica_preview_url) 2.photo #1 : media/upload (get friendica_preview_url) 3.photo #2 : media/upload (get friendica_preview_url) 4.statuses/update ( append photos url as BBCode to let post support multiple photos)
but, default, media/upload, photo would be private, we need to change permission, otherwise, public status + photos, other friendi.ca servers will got access denied photos )
but [ API: friendica/photo/update ], require photo_id is not step 1. or 2. or 3. media_id, it's a hash id so we need to get hash_id from friendica_preview_url, and call API: friendica/photo/update update one by one , to change allow_gid (empty for public or <1><2> for specific GroupID), meet our need