-
- /*
- * if coming from the API and no privacy settings are set,
- * use the user default permissions - as they won't have
- * been supplied via a form.
- */
- if ($api_source
- && !array_key_exists('contact_allow', $_REQUEST)
- && !array_key_exists('group_allow', $_REQUEST)
- && !array_key_exists('contact_deny', $_REQUEST)
- && !array_key_exists('group_deny', $_REQUEST)) {
- $str_group_allow = $user['allow_gid'];
- $str_contact_allow = $user['allow_cid'];
- $str_group_deny = $user['deny_gid'];
- $str_contact_deny = $user['deny_cid'];
- } else {
- // use the posted permissions
- $str_group_allow = perms2str(defaults($_REQUEST, 'group_allow', ''));
- $str_contact_allow = perms2str(defaults($_REQUEST, 'contact_allow', ''));
- $str_group_deny = perms2str(defaults($_REQUEST, 'group_deny', ''));
- $str_contact_deny = perms2str(defaults($_REQUEST, 'contact_deny', ''));
- }
-
- $title = Strings::escapeTags(trim(defaults($_REQUEST, 'title' , '')));
- $location = Strings::escapeTags(trim(defaults($_REQUEST, 'location', '')));
- $coord = Strings::escapeTags(trim(defaults($_REQUEST, 'coord' , '')));
- $verb = Strings::escapeTags(trim(defaults($_REQUEST, 'verb' , '')));
- $emailcc = Strings::escapeTags(trim(defaults($_REQUEST, 'emailcc' , '')));
- $body = Strings::escapeHtml(trim($body));
- $network = Strings::escapeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN)));
+ $str_contact_allow = '';
+ $str_group_allow = '';
+ $str_contact_deny = '';
+ $str_group_deny = '';
+
+ if (($_REQUEST['visibility'] ?? '') !== 'public') {
+ $aclFormatter = DI::aclFormatter();
+ $str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
+ $str_group_allow = isset($_REQUEST['group_allow']) ? $aclFormatter->toString($_REQUEST['group_allow']) : $user['allow_gid'] ?? '';
+ $str_contact_deny = isset($_REQUEST['contact_deny']) ? $aclFormatter->toString($_REQUEST['contact_deny']) : $user['deny_cid'] ?? '';
+ $str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
+ }
+
+ $title = Strings::escapeTags(trim($_REQUEST['title'] ?? ''));
+ $location = Strings::escapeTags(trim($_REQUEST['location'] ?? ''));
+ $coord = Strings::escapeTags(trim($_REQUEST['coord'] ?? ''));
+ $verb = Strings::escapeTags(trim($_REQUEST['verb'] ?? ''));
+ $emailcc = Strings::escapeTags(trim($_REQUEST['emailcc'] ?? ''));
+ $body = trim($body);
+ $network = Strings::escapeTags(trim(($_REQUEST['network'] ?? '') ?: Protocol::DFRN));