src/Module/Item/Ignore.php

   1 <?php
   2
   3 namespace Friendica\Module\Item;
   4
   5 use Friendica\BaseModule;
   6 use Friendica\Core\Session;
   7 use Friendica\Core\System;
   8 use Friendica\DI;
   9 use Friendica\Model\Item;
  10 use Friendica\Network\HTTPException;
  11
  12 /**
  13  * Module for ignoring threads or user items
  14  */
  15 class Ignore extends BaseModule
  16 {
  17         public static function rawContent(array $parameters = [])
  18         {
  19                 $l10n = DI::l10n();
  20
  21                 if (!Session::isAuthenticated()) {
  22                         throw new HttpException\ForbiddenException($l10n->t('Access denied.'));
  23                 }
  24
  25                 $args = DI::args();
  26                 $dba = DI::dba();
  27
  28                 $message_id = intval($args->get(2));
  29
  30                 if (empty($message_id) || !is_int($message_id)) {
  31                         throw new HTTPException\BadRequestException();
  32                 }
  33
  34                 $thread = Item::selectFirstThreadForUser(local_user(), ['uid', 'ignored'], ['iid' => $message_id]);
  35                 if (!$dba->isResult($thread)) {
  36                         throw new HTTPException\BadRequestException();
  37                 }
  38
  39                 // Numeric values are needed for the json output further below
  40                 $ignored = !empty($thread['ignored']) ? 0 : 1;
  41
  42                 switch ($thread['uid'] ?? 0) {
  43                         // if the thread is from the current user
  44                         case local_user():
  45                                 $dba->update('thread', ['ignored' => $ignored], ['iid' => $message_id]);
  46                                 break;
  47                         // 0 (null will get transformed to 0) => it's a public post
  48                         case 0:
  49                                 $dba->update('user-item', ['ignored' => $ignored], ['iid' => $message_id, 'uid' => local_user()], true);
  50                                 break;
  51                         // Throws a BadRequestException and not a ForbiddenException on purpose
  52                         // Avoids harvesting existing, but forbidden IIDs (security issue)
  53                         default:
  54                                 throw new HTTPException\BadRequestException();
  55                 }
  56
  57                 // See if we've been passed a return path to redirect to
  58                 $return_path = $_REQUEST['return'] ?? '';
  59                 if (!empty($return_path)) {
  60                         $rand = '_=' . time();
  61                         if (strpos($return_path, '?')) {
  62                                 $rand = "&$rand";
  63                         } else {
  64                                 $rand = "?$rand";
  65                         }
  66
  67                         DI::baseUrl()->redirect($return_path . $rand);
  68                 }
  69
  70                 // the json doesn't really matter, it will either be 0 or 1
  71                 System::jsonExit($ignored);
  72         }
  73 }