In this blog I use the Flickr Photo Album for WordPress by Joe Tan. It’s a great plugin for connecting WordPress to Flickr. Currently, version 0.89 is installed, which still has some problem concerning hiding private pictures. Under certain circumstances, private images can be seen altough the option “hide private images” is enabled on the plugin settings page. In addition, the plugin sometimes reveals the existence of private images by showing picture counts that do not match the number of visible pictures. Currently, the plugin has the following privacy problems:
- When viewing a single image in context of an album, the navigation bar at the bottom might show private images as previous and/or net image in this set. This is due to the lack of privacy options in the Flickr API method
flickr.photosets.getContext. However, if the authentication token is omitted when calling this method, it returns only public images. - When viewing the album overview, the number of photos in an album is displayed. The calculation of this number does not respect the difference between private and public images and a set with for example 8 private and 2 public pictures will show up as having 10 pictures.
- When viewing the album overview, the preview picture shown may be one that is private. No fullscale version of this images is accessible, but the preview image should not be shown also. Instead, the first public images should be shown.
- Albums that consist of private images only are still shown in the overview, although they have no content. They can only be hidden by using the plugin’s “hide album” feature. With one additional request per album, such albums could be detected an left out automatically.
For my blog, I rewrote some of the plugin’s code in order to address these problems. Due to the GPL license, I have to make these modifications available and I gladly do so. Below you can find a patch file that patches the original 0.89 sourcecode form the zip file called sp_photoalbum-0.89.zip with MD5 checksum 0da7199eca6e06e9168bbb95aa2c222f. The patch may work on other versions as well but this is unsupported.
The patch can be applied by executing the following command in the directory that contains the silaspartners directory (the path to the patch file may vary and must be modified accordingly):
patch -p1 < sp_fotoalbum-0.89-privacy.diff
For the lazy people and those without patch (such as Windows users), I have prepared a zip file containing the modified files.
NOTE: This patch is provided on an as-is basis. It comes with no warranty whatsoever. I highly recommend to backup the original files in case the patch fails. I take no responsibility for any damage resulting from the use of this patch/modified software. You have been warned.
#1 von paul g - 20. März 2007 zu 22:17
Thank you.