fix: not add photo to album if wrong

Web/Presenters/PhotosPresenter.php

@@ -272,21 +272,25 @@ final class PhotosPresenter extends OpenVKPresenter
         $this->assertUserLoggedIn();
         $this->willExecuteWriteAction(true);
 
+        $upload_context = $this->queryParam("upload_context");
+
         if (is_null($this->queryParam("album"))) {
+            if ((int) $upload_context == $this->user->id) {
                 $album = $this->albums->getUserWallAlbum($this->user->identity);
+            }
         } else {
             [$owner, $id] = explode("_", $this->queryParam("album"));
             $album = $this->albums->get((int) $id);
         }
 
+        if ($_SERVER["REQUEST_METHOD"] == "GET" || $this->queryParam("act") == "finish") {
             if (!$album) {
-            $this->flashFail("err", tr("error"), tr("error_adding_to_deleted"), 500, true);
+                $this->flashFail("err", tr("error"), tr("error_adding_to_deleted"));
+            }
         }
 
-        # Для быстрой загрузки фоток из пикера фотографий нужен альбом, но юзер не может загружать фото
+        if ($album && !$album->canBeModifiedBy($this->user->identity)) {
-        # в системные альбомы, так что так.
+            $this->flashFail("err", tr("error_access_denied_short"), tr("error_access_denied"));
-        if (is_null($this->user) || !is_null($this->queryParam("album")) && !$album->canBeModifiedBy($this->user->identity)) {
-            $this->flashFail("err", tr("error_access_denied_short"), tr("error_access_denied"), 500, true);
         }
 
         if ($_SERVER["REQUEST_METHOD"] === "POST") {
@@ -306,8 +310,6 @@ final class PhotosPresenter extends OpenVKPresenter
 
                     $phot->setDescription($description);
                     $phot->save();
-
-                    $album = $phot->getAlbum();
                 }
 
                 $this->returnJson(["success" => true,
@@ -346,10 +348,12 @@ final class PhotosPresenter extends OpenVKPresenter
                     $this->flashFail("err", "Неизвестная ошибка", "Не удалось сохранить фотографию в $name.", 500, true);
                 }
 
+                if ($album != null) {
                     $album->addPhoto($photo);
                     $album->setEdited(time());
                     $album->save();
                 }
+            }
 
             $this->returnJson(["success" => true,
                 "photos" => $photos]);

Web/Presenters/templates/components/textArea.xml

@@ -2,7 +2,7 @@
 {var $textAreaId = ($post ?? NULL) === NULL ? (++$GLOBALS["textAreaCtr"]) : $post->getId()}
 {var $textAreaId = ($custom_id ?? NULL) === NULL ? $textAreaId : $custom_id}
 
-<div id="write" class='model_content_textarea' style="padding: 5px 0;" data-id="{$owner}">
+<div id="write" class='model_content_textarea' style="padding: 5px 0;" data-id="{is_null($owner) || gettype($owner) == 'integer' ? $owner : $owner->getId()}">
     <form action="{$route}" method="post" enctype="multipart/form-data" style="margin:0;">
         <textarea id="wall-post-input{$textAreaId}" placeholder="{_write}" name="text" style="width: 100%;resize: none;" class="small-textarea"></textarea>
         <div>

Web/static/js/al_wall.js

@@ -1191,7 +1191,6 @@ async function __uploadToTextarea(file, textareaNode) {
     const form_data = new FormData
     form_data.append('photo_0', file)
     form_data.append('count', 1)
-    form_data.append('upload_context', textareaNode.nodes[0].dataset.id)
     form_data.append("hash", u("meta[name=csrf]").attr("value"))
     
     if(filetype == 'photo') {
@@ -1199,7 +1198,7 @@ async function __uploadToTextarea(file, textareaNode) {
         const rand = random_int(0, 1000)
         textareaNode.find('.post-horizontal').append(`<a id='temp_filler${rand}' class="upload-item lagged"><img src='${temp_url}'></a>`)
         
-        const res = await fetch(`/photos/upload`, {
+        const res = await fetch(`/photos/upload?upload_context=${textareaNode.nodes[0].dataset.id}`, {
             method: 'POST',
             body: form_data
         })