src/Module/Update/Profile.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2020, Friendica
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Module\Update;
  23
  24 use Friendica\BaseModule;
  25 use Friendica\Content\Pager;
  26 use Friendica\Core\Session;
  27 use Friendica\Database\DBA;
  28 use Friendica\DI;
  29 use Friendica\Model\Item;
  30 use Friendica\Model\Profile as ProfileModel;
  31 use Friendica\Network\HTTPException\ForbiddenException;
  32 use Friendica\Util\DateTimeFormat;
  33
  34 class Profile extends BaseModule
  35 {
  36         public static function rawContent(array $parameters = [])
  37         {
  38                 $a = DI::app();
  39
  40                 if (DI::config()->get('system', 'block_public') && !local_user() && !Session::getRemoteContactID($a->profile['uid'])) {
  41                         throw new ForbiddenException();
  42                 }
  43
  44                 $o = '';
  45
  46                 $profile_uid = intval($_GET['p'] ?? 0);
  47
  48                 // Ensure we've got a profile owner if updating.
  49                 $a->profile['uid'] = $profile_uid;
  50
  51                 $remote_contact = Session::getRemoteContactID($a->profile['uid']);
  52                 $is_owner = local_user() == $a->profile['uid'];
  53                 $last_updated_key = "profile:" . $a->profile['uid'] . ":" . local_user() . ":" . $remote_contact;
  54
  55                 if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) {
  56                         throw new ForbiddenException(DI::l10n()->t('Access to this profile has been restricted.'));
  57                 }
  58
  59                 // Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
  60                 $sql_extra = Item::getPermissionsSQLByUserId($a->profile['uid']);
  61
  62                 $last_updated_array = Session::get('last_updated', []);
  63
  64                 $last_updated = $last_updated_array[$last_updated_key] ?? 0;
  65
  66                 // If the page user is the owner of the page we should query for unseen
  67                 // items. Otherwise use a timestamp of the last succesful update request.
  68                 if ($is_owner || !$last_updated) {
  69                         $sql_extra4 = " AND `item`.`unseen`";
  70                 } else {
  71                         $gmupdate = gmdate(DateTimeFormat::MYSQL, $last_updated);
  72                         $sql_extra4 = " AND `item`.`received` > '" . $gmupdate . "'";
  73                 }
  74
  75                 $items_stmt = DBA::p(
  76                         "SELECT DISTINCT(`parent-uri`) AS `uri`, `item`.`created`
  77                         FROM `item`
  78                         INNER JOIN `contact`
  79                         ON `contact`.`id` = `item`.`contact-id`
  80                                 AND NOT `contact`.`blocked`
  81                                 AND NOT `contact`.`pending`
  82                         WHERE `item`.`uid` = ?
  83                                 AND `item`.`visible`
  84                                 AND     (NOT `item`.`deleted` OR `item`.`gravity` = ?)
  85                                 AND NOT `item`.`moderated`
  86                                 AND `item`.`wall`
  87                                 $sql_extra4
  88                                 $sql_extra
  89                         ORDER BY `item`.`received` DESC",
  90                         $a->profile['uid'],
  91                         GRAVITY_ACTIVITY
  92                 );
  93
  94                 if (!DBA::isResult($items_stmt)) {
  95                         return '';
  96                 }
  97
  98                 // Set a time stamp for this page. We will make use of it when we
  99                 // search for new items (update routine)
 100                 $last_updated_array[$last_updated_key] = time();
 101                 Session::set('last_updated', $last_updated_array);
 102
 103                 if ($is_owner && !$profile_uid && !DI::config()->get('theme', 'hide_eventlist')) {
 104                         $o .= ProfileModel::getBirthdays();
 105                         $o .= ProfileModel::getEventsReminderHTML();
 106                 }
 107
 108                 if ($is_owner) {
 109                         $unseen = Item::exists(['wall' => true, 'unseen' => true, 'uid' => local_user()]);
 110                         if ($unseen) {
 111                                 Item::update(['unseen' => false], ['wall' => true, 'unseen' => true, 'uid' => local_user()]);
 112                         }
 113                 }
 114
 115                 $items = DBA::toArray($items_stmt);
 116
 117                 $o .= conversation($a, $items, 'profile', $profile_uid, false, 'received', $a->profile['uid']);
 118
 119                 header("Content-type: text/html");
 120                 echo "<!DOCTYPE html><html><body>\r\n";
 121                 // We can remove this hack once Internet Explorer recognises HTML5 natively
 122                 echo "<section>";
 123                 echo $o;
 124                 if (DI::pConfig()->get(local_user(), "system", "bandwidth_saver")) {
 125                         $replace = "<br />".DI::l10n()->t("[Embedded content - reload page to view]")."<br />";
 126                         $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i";
 127                         $o = preg_replace($pattern, $replace, $o);
 128                         $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i";
 129                         $o = preg_replace($pattern, $replace, $o);
 130                         $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i";
 131                         $o = preg_replace($pattern, $replace, $o);
 132                         $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i";
 133                         $o = preg_replace($pattern, $replace, $o);
 134                 }
 135
 136                 // reportedly some versions of MSIE don't handle tabs in XMLHttpRequest documents very well
 137                 echo str_replace("\t", "       ", $o);
 138                 echo "</section>";
 139                 echo "</body></html>\r\n";
 140                 exit();
 141         }
 142 }