Tested the fix and had to add some lines of code. For me it works pretty smooth and I wasn't able to spot any problems. Still you should have a look at private user albums with permissions set to visible by 'me and my buddies' and do some testing.
In include/functions.inc.php replace the function get_private_album_set with
function get_private_album_set($aid_str="")
{
if (GALLERY_ADMIN_MODE) return;
global $CONFIG, $ALBUM_SET, $USER_DATA, $FORBIDDEN_SET, $FORBIDDEN_SET_DATA;
$FORBIDDEN_SET_DATA = array();
if ($USER_DATA['can_see_all_albums']) return;
//Stuff for Album level passwords
if (isset($_COOKIE[$CONFIG['cookie_name']."_albpw"]) && empty($aid_str)) {
$alb_pw = unserialize($_COOKIE[$CONFIG['cookie_name']."_albpw"]);
$aid_str = implode(",",array_keys($alb_pw));
$sql = "SELECT aid, MD5(alb_password) as md5_password FROM ".$CONFIG['TABLE_ALBUMS']." WHERE aid IN ($aid_str)";
$result = cpg_db_query($sql);
$albpw_db = array();
if (mysql_num_rows($result)) {
while ($data = mysql_fetch_array($result)) {
$albpw_db[$data['aid']] = $data['md5_password'];
}
}
$valid = array_intersect($albpw_db, $alb_pw);
if (is_array($valid)) {
$aid_str = implode(",",array_keys($valid));
} else {
$aid_str = "";
}
}
$sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE visibility != '0' AND visibility !='".(FIRST_USER_CAT + USER_ID)."' AND visibility NOT IN ".USER_GROUP_SET;
if (!empty($aid_str)) {
$sql .= " AND aid NOT IN ($aid_str)";
}
$result = cpg_db_query($sql);
if ((mysql_num_rows($result))) {
$set ='';
if ($CONFIG['enable_buddy_private_view'] && USER_ID) {
$buddies = cpg_db_query("SELECT a.aid FROM {$CONFIG['TABLE_ALBUMS']} as a INNER JOIN {$CONFIG['TABLE_BUDDY']} AS b on a.category=b.buddy_id + ". FIRST_USER_CAT ." WHERE b.user_id = ".USER_ID." AND a.visibility = '-1' AND buddy_ok = 'YES' OR category = ".(USER_ID + FIRST_USER_CAT));
while(list($allowed_list[]) = mysql_fetch_row($buddies));
while($album=mysql_fetch_array($result)){
if (!in_array ($album['aid'], $allowed_list)) {
$set .= $album['aid'].',';
$FORBIDDEN_SET_DATA[] = $album['aid'];
}
}
if ($set){
$FORBIDDEN_SET = "p.aid NOT IN (".substr($set, 0, -1).') ';
$ALBUM_SET .= 'AND aid NOT IN ('.substr($set, 0, -1).') ';
} else {
$FORBIDDEN_SET_DATA = array();
$FORBIDDEN_SET = "";
$ALBUM_SET = "";
}
} //end if buddy and USER_ID
else { // if not buddy list enabled or guest
while($album=mysql_fetch_array($result)){
$set .= $album['aid'].',';
$FORBIDDEN_SET_DATA[] = $album['aid'];
} // while
$FORBIDDEN_SET = "p.aid NOT IN (".substr($set, 0, -1).') ';
$ALBUM_SET = 'AND aid NOT IN ('.substr($set, 0, -1).') ';
}//end else
}
mysql_free_result($result);
}