Permitted contents are visible to others (guests and logged-in users)

DeCysos

Phoenix Foto Service
Beta tester
▶🚶‍Reproduction steps
  1. have a link to a picture in the album for example "erotic"
  2. See below -> "In this album"
😢Unexpected result
  1. Images marked as Free Float (FSK) should not show up there, but they do. (As guest and also as logged in user (not owner))

:cool:Gewünschtes Ergebnis
  1. If as a guest on the road, the view (in this album and the link to) should not even exist, if it was set in the dashboard that the menu is not available.
  2. Menu items / categories deactivated in the dashboard should generally not be accessible to guests, only the pictures where the guest also has the link.
  3. As freely marked images should never be shown in the area shown!

📃Error log message
-----

----------------------------------------------------------------------------------------------------------
In Deutsch

-------------
▶🚶‍Schritte zum Reproduzieren
  1. hab einen Link zu einem Bild im Album zum Beispiel "Erotik"
  2. Schau unten bei -> "In diesem Album"
😢Unerwartetes Ergebnis
  1. Bilder welche als Freizügig (FSK) markiert sind sollten dort nicht auftauchen, aber sie tun es. (Als Gast und auch als eingeloggter Benutzer (nicht Eigentümer))
:cool:Gewünschtes Ergebnis
  1. Wenn als Gast unterwegs sollte die Ansicht (In diesem Album und der Link dazu) gar nicht erst existieren, sofern im Dashboard es so eingestellt wurde das das Menü nicht vorhanden ist.
  2. Im Dashboard deaktivierte Menüpunkte / Kategorien sollten generell für Gäste nicht zugänglich sein, nur die Bilder wo der Gast auch den Link hat.
  3. Als Freizügig markierte Bilder sollten in dem gezeigten Bereich niemals gezeigt werden!

📃Fehlernachricht (Log)

----


Unbenannt-2.png
 

Rodolfo

The Chevere Guru
Chevereto Staff
If I understand it correctly, the NSFW filter is not being applied to the album thumbs right?
 

DeCysos

Phoenix Foto Service
Beta tester
Sorry for the indistinct translation :(

Yes, you have recognized it correctly.
In the album thumbs NSFW is not recognized or implemented.
 

DeCysos

Phoenix Foto Service
Beta tester
In Deutsch
--------------
Ich habe den folgenden Bereich der unten genannte Datei geändert
In Zeile 195 und Zeile 198, damit die NSFW Bilder im oben genannten Bereich nicht mehr auftauchen.
(leider trifft dies nun für alle Benutzer zu (auch Admins))

Diese Lösung ist für mich nur Temporär, vielleicht bringst Du @Rodolfo ja noch ein Hotfix für den Fehler heraus (der auch die Einstellung im Dashboard beachtet und die Administration/Eigentümer nicht ausschließt)

---------------------------
Translatet into english
---------------------------
I have changed the following section of the below file
In line 195 and line 198, so that the NSFW images in the above area no longer appear.
(Unfortunately, this applies to all users (including admins))

This solution is only temporary for me, maybe you @Rodolfo still bring out a hotfix for the error (which also respects the setting in the dashboard and the administration / owner does not exclude)

Hinzugefügt / Added: AND image_nsfw=0
/app/lib/classes/class.image.php:
            $db->query('SELECT * FROM (
                    (SELECT * FROM '.$tables['images'].' LEFT JOIN '.$tables['storages'].' ON '.$tables['images'].'.image_storage_id = '.$tables['storages'].'.storage_id
                    WHERE image_album_id=:image_album_id AND image_id <= :image_id AND image_nsfw=0 ORDER BY image_id DESC LIMIT 0,'.($padding*2 + 1).')
                    UNION
                    (SELECT * FROM '.$tables['images'].' LEFT JOIN '.$tables['storages'].' ON '.$tables['images'].'.image_storage_id = '.$tables['storages'].'.storage_id
                    WHERE image_album_id=:image_album_id AND image_id > :image_id AND image_nsfw=0 ORDER BY image_id ASC LIMIT 0,'.($padding*2).')
                ) images ORDER BY images.image_id ASC');
 

DeCysos

Phoenix Foto Service
Beta tester
Deutsch
--------------
Benutzerprofil -> Album, war noch problematisch.
Habe die korrigiert, siehe unten.

English
--------------
User Profile -> Album, was still problematic.
Have the corrected, see below.

Anleitung für Benutzerprofil -> Album / User profile guide -> Album
Öffne / open:
/var/www/vhosts/pfs.red/httpdocs/app/lib/classes/class.listing.php
Gehe zu Zeile / Go to row: 473-474
Row 473-474:
        if ($this->type == 'albums' and $this->output) {
            $album_slice_qry_tpl = 'SELECT * FROM ' . $tables['images'] . ' LEFT JOIN ' . $tables['storages'] . ' ON ' . $tables['images'] . '.image_storage_id = ' . $tables['storages'] . '.storage_id WHERE ' . $tables['images'] . '.image_album_id=%ALBUM_ID% ORDER BY ' . $tables['images'] . '.image_id ASC LIMIT 0,5';
Ersetzte diese Zeile mit / Replaced this line with:
replace this with:
        if ($this->type == 'albums' and $this->output) {
            //NSFW für Benutzeralbum (auch) im Profil - Erlaubnis für Administration, Eigentümer & Benutzer welche die erlaubnis haben NSFW zu betrachten
            $nsfw_off = $this->requester ? !$this->requester['show_nsfw_listings'] : !getSetting('show_nsfw_in_listings');
            if($this->requester['is_admin'] or $this->owner == $this->requester['id'] or !$nsfw_off){
                $nsfw_album = "";
            }else{
                $nsfw_album = " AND image_nsfw=0";
            }
            $album_slice_qry_tpl = 'SELECT * FROM ' . $tables['images'] . ' LEFT JOIN ' . $tables['storages'] . ' ON ' . $tables['images'] . '.image_storage_id = ' . $tables['storages'] . '.storage_id WHERE ' . $tables['images'] . '.image_album_id=%ALBUM_ID%'.$nsfw_album.' ORDER BY ' . $tables['images'] . '.image_id ASC LIMIT 0,5';
Datei speichern / Save this file
-------------------------------------------------------
[DE] Du möchtest das nur der Administrator und Eigentümer die Vorschaubilder des Albums sehen können? Dann benutze stattdessen folgenden Code.
[EN] You only want the administrator and owner to see thumbnails of the album? Then use the following code instead.
PHP:
        if ($this->type == 'albums' and $this->output) {
            //NSFW für Benutzeralbum (auch) im Profil - Erlaubnis für Administration, Eigentümer & Benutzer welche die erlaubnis haben NSFW zu betrachten
            if($this->requester['is_admin'] or $this->owner == $this->requester['id']){
                $nsfw_album = "";
            }else{
                $nsfw_album = " AND image_nsfw=0";
            }
            $album_slice_qry_tpl = 'SELECT * FROM ' . $tables['images'] . ' LEFT JOIN ' . $tables['storages'] . ' ON ' . $tables['images'] . '.image_storage_id = ' . $tables['storages'] . '.storage_id WHERE ' . $tables['images'] . '.image_album_id=%ALBUM_ID%'.$nsfw_album.' ORDER BY ' . $tables['images'] . '.image_id ASC LIMIT 0,5';
Bitte beachten / Please note
-------------
Dies wurde für die Kaufversion 3.14.3 erstellt.
Ich möchte Euch bitten vorher (immer) ein Backup eurer Originaldatei zu erstellen.
-------------
This was created for the purchase version 3.14.3.
I would like to ask you to create (always) a backup of your original file.
 

Rodolfo

The Chevere Guru
Chevereto Staff
I can confirm the bug, also there's another bug related with the "show NSFW for guests". Both fixes will be included in the next revision.

Please note that I don't encourage to use the edited code you posted above. The solution should use the same system used in listings (to show content and to blur the image).
 

DeCysos

Phoenix Foto Service
Beta tester
The solution should use the same system used in listings (to show content and to blur the image).
As long as it's only pixelated (blur) in the Album Preview, it's okay.

But if someone looks straight into an album, the picture should not be there. Because with the blur effect, the picture is still delivered completely visible.
Also, in my opinion, in the preview of the albums (as written above (example image)), the NSFW image should not be clickable.

Sorry, but in Germany the protection of minors goes extremely far and there nobody can afford to make gross mistakes.


Otherwise, I am very satisfied that they were able to confirm the error and the next version will be fixed.
 

Rodolfo

The Chevere Guru
Chevereto Staff
I think that I didn't explained myself properly. The "In this album" listing is now generated by the same thing that generates the listings at /explore, /album, etc. So it inherits all the access, permissions, blur filters, etc.

Listings already do safe stuff like hide NSFW from guests, so it is good as it gets.
 
Top