From a906e27f19109406dc74443008e083cd36c33780 Mon Sep 17 00:00:00 2001
From: mrilyew <99399973+mrilyew@users.noreply.github.com>
Date: Tue, 27 May 2025 13:38:29 +0300
Subject: [PATCH] fix: not add photo to album if wrong

---
 Web/Presenters/PhotosPresenter.php            | 28 +++++++++++--------
 .../templates/components/textArea.xml         |  2 +-
 Web/static/js/al_wall.js                      |  3 +-
 3 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/Web/Presenters/PhotosPresenter.php b/Web/Presenters/PhotosPresenter.php
index 6c294fdd..9bc150cb 100644
--- a/Web/Presenters/PhotosPresenter.php
+++ b/Web/Presenters/PhotosPresenter.php
@@ -272,21 +272,25 @@ final class PhotosPresenter extends OpenVKPresenter
         $this->assertUserLoggedIn();
         $this->willExecuteWriteAction(true);
 
+        $upload_context = $this->queryParam("upload_context");
+
         if (is_null($this->queryParam("album"))) {
-            $album = $this->albums->getUserWallAlbum($this->user->identity);
+            if ((int) $upload_context == $this->user->id) {
+                $album = $this->albums->getUserWallAlbum($this->user->identity);
+            }
         } else {
             [$owner, $id] = explode("_", $this->queryParam("album"));
             $album = $this->albums->get((int) $id);
         }
 
-        if (!$album) {
-            $this->flashFail("err", tr("error"), tr("error_adding_to_deleted"), 500, true);
+        if ($_SERVER["REQUEST_METHOD"] == "GET" || $this->queryParam("act") == "finish") {
+            if (!$album) {
+                $this->flashFail("err", tr("error"), tr("error_adding_to_deleted"));
+            }
         }
 
-        # Для быстрой загрузки фоток из пикера фотографий нужен альбом, но юзер не может загружать фото
-        # в системные альбомы, так что так.
-        if (is_null($this->user) || !is_null($this->queryParam("album")) && !$album->canBeModifiedBy($this->user->identity)) {
-            $this->flashFail("err", tr("error_access_denied_short"), tr("error_access_denied"), 500, true);
+        if ($album && !$album->canBeModifiedBy($this->user->identity)) {
+            $this->flashFail("err", tr("error_access_denied_short"), tr("error_access_denied"));
         }
 
         if ($_SERVER["REQUEST_METHOD"] === "POST") {
@@ -306,8 +310,6 @@ final class PhotosPresenter extends OpenVKPresenter
 
                     $phot->setDescription($description);
                     $phot->save();
-
-                    $album = $phot->getAlbum();
                 }
 
                 $this->returnJson(["success" => true,
@@ -346,9 +348,11 @@ final class PhotosPresenter extends OpenVKPresenter
                     $this->flashFail("err", "Неизвестная ошибка", "Не удалось сохранить фотографию в $name.", 500, true);
                 }
 
-                $album->addPhoto($photo);
-                $album->setEdited(time());
-                $album->save();
+                if ($album != null) {
+                    $album->addPhoto($photo);
+                    $album->setEdited(time());
+                    $album->save();
+                }
             }
 
             $this->returnJson(["success" => true,
diff --git a/Web/Presenters/templates/components/textArea.xml b/Web/Presenters/templates/components/textArea.xml
index b4b2ff72..2be32280 100644
--- a/Web/Presenters/templates/components/textArea.xml
+++ b/Web/Presenters/templates/components/textArea.xml
@@ -2,7 +2,7 @@
 {var $textAreaId = ($post ?? NULL) === NULL ? (++$GLOBALS["textAreaCtr"]) : $post->getId()}
 {var $textAreaId = ($custom_id ?? NULL) === NULL ? $textAreaId : $custom_id}
 
-<div id="write" class='model_content_textarea' style="padding: 5px 0;" data-id="{$owner}">
+<div id="write" class='model_content_textarea' style="padding: 5px 0;" data-id="{is_null($owner) || gettype($owner) == 'integer' ? $owner : $owner->getId()}">
     <form action="{$route}" method="post" enctype="multipart/form-data" style="margin:0;">
         <textarea id="wall-post-input{$textAreaId}" placeholder="{_write}" name="text" style="width: 100%;resize: none;" class="small-textarea"></textarea>
         <div>
diff --git a/Web/static/js/al_wall.js b/Web/static/js/al_wall.js
index c288bfdc..7c87a89b 100644
--- a/Web/static/js/al_wall.js
+++ b/Web/static/js/al_wall.js
@@ -1191,7 +1191,6 @@ async function __uploadToTextarea(file, textareaNode) {
     const form_data = new FormData
     form_data.append('photo_0', file)
     form_data.append('count', 1)
-    form_data.append('upload_context', textareaNode.nodes[0].dataset.id)
     form_data.append("hash", u("meta[name=csrf]").attr("value"))
     
     if(filetype == 'photo') {
@@ -1199,7 +1198,7 @@ async function __uploadToTextarea(file, textareaNode) {
         const rand = random_int(0, 1000)
         textareaNode.find('.post-horizontal').append(`<a id='temp_filler${rand}' class="upload-item lagged"><img src='${temp_url}'></a>`)
         
-        const res = await fetch(`/photos/upload`, {
+        const res = await fetch(`/photos/upload?upload_context=${textareaNode.nodes[0].dataset.id}`, {
             method: 'POST',
             body: form_data
         })