use Friendica\Content\Text\BBCode;
use Friendica\Core\ACL;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Content\Text\BBCode;
use Friendica\Core\ACL;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Network\Probe;
use Friendica\Object\Image;
use Friendica\Protocol\DFRN;
use Friendica\Network\Probe;
use Friendica\Object\Image;
use Friendica\Protocol\DFRN;
'$name' => $profile['name'],
'$photo' => $profile['photo'],
'$addr' => defaults($profile, 'addr', ''),
'$name' => $profile['name'],
'$photo' => $profile['photo'],
'$addr' => defaults($profile, 'addr', ''),
'$nick' => $a->data['user']['nickname'],
'$title' => L10n::t('Photo Albums'),
'$recent' => L10n::t('Recent Photos'),
'$nick' => $a->data['user']['nickname'],
'$title' => L10n::t('Photo Albums'),
'$recent' => L10n::t('Recent Photos'),
- logger('mod-photos: photos_post: begin' , LOGGER_DEBUG);
- logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
- logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
+ Logger::log('mod-photos: photos_post: begin' , Logger::DEBUG);
+ Logger::log('mod_photos: REQUEST ' . print_r($_REQUEST, true), Logger::DATA);
+ Logger::log('mod_photos: FILES ' . print_r($_FILES, true), Logger::DATA);
$album = hex2bin($a->argv[3]);
if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) {
$album = hex2bin($a->argv[3]);
if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) {
if ($newalbum != $album) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
if ($newalbum != $album) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
'$method' => 'post',
'$message' => L10n::t('Do you really want to delete this photo album and all its photos?'),
'$extra_inputs' => $extra_inputs,
'$method' => 'post',
'$message' => L10n::t('Do you really want to delete this photo album and all its photos?'),
'$extra_inputs' => $extra_inputs,
'$confirm_name' => 'dropalbum', // Needed so that confirmation will bring us back into this if statement
'$cancel' => L10n::t('Cancel'),
]);
'$confirm_name' => 'dropalbum', // Needed so that confirmation will bring us back into this if statement
'$cancel' => L10n::t('Cancel'),
]);
return; // NOTREACHED
}
// Check if the user has responded to a delete confirmation query for a single photo
if ($a->argc > 2 && !empty($_REQUEST['canceled'])) {
return; // NOTREACHED
}
// Check if the user has responded to a delete confirmation query for a single photo
if ($a->argc > 2 && !empty($_REQUEST['canceled'])) {
// Check if we should do HTML-based delete confirmation
if (!empty($_REQUEST['confirm'])) {
$drop_url = $a->query_string;
// Check if we should do HTML-based delete confirmation
if (!empty($_REQUEST['confirm'])) {
$drop_url = $a->query_string;
'$confirm_name' => 'delete', // Needed so that confirmation will bring us back into this if statement
'$cancel' => L10n::t('Cancel'),
]);
'$confirm_name' => 'delete', // Needed so that confirmation will bring us back into this if statement
'$cancel' => L10n::t('Cancel'),
]);
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1",
intval($visitor),
intval($page_owner_uid),
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1",
intval($visitor),
intval($page_owner_uid),
);
Item::deleteForUser(['resource-id' => $r[0]['resource-id'], 'uid' => $page_owner_uid], $page_owner_uid);
);
Item::deleteForUser(['resource-id' => $r[0]['resource-id'], 'uid' => $page_owner_uid], $page_owner_uid);
- $desc = !empty($_POST['desc']) ? notags(trim($_POST['desc'])) : '';
- $rawtags = !empty($_POST['newtag']) ? notags(trim($_POST['newtag'])) : '';
+ $desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : '';
+ $rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : '';
- $albname = !empty($_POST['albname']) ? notags(trim($_POST['albname'])) : '';
- $origaname = !empty($_POST['origaname']) ? notags(trim($_POST['origaname'])) : '';
+ $albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : '';
+ $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
$str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : '';
$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
$str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : '';
$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
$height = $image->getHeight();
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0",
$height = $image->getHeight();
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0",
$height = $image->getHeight();
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 1",
$height = $image->getHeight();
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 1",
$height = $image->getHeight();
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 2",
$height = $image->getHeight();
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 2",
if (DBA::isResult($p)) {
$ext = $phototypes[$p[0]['type']];
$r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d",
if (DBA::isResult($p)) {
$ext = $phototypes[$p[0]['type']];
$r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d",
- dbesc($desc),
- dbesc($albname),
- dbesc($str_contact_allow),
- dbesc($str_group_allow),
- dbesc($str_contact_deny),
- dbesc($str_group_deny),
- dbesc($resource_id),
+ DBA::escape($desc),
+ DBA::escape($albname),
+ DBA::escape($str_contact_allow),
+ DBA::escape($str_group_allow),
+ DBA::escape($str_contact_deny),
+ DBA::escape($str_group_deny),
+ DBA::escape($resource_id),
if (count($tags)) {
foreach ($tags as $tag) {
if (strpos($tag, '@') === 0) {
$profile = '';
$name = substr($tag,1);
if (count($tags)) {
foreach ($tags as $tag) {
if (strpos($tag, '@') === 0) {
$profile = '';
$name = substr($tag,1);
if ((strpos($name, '@')) || (strpos($name, 'http://'))) {
$newname = $name;
$links = @Probe::lrdd($name);
if ((strpos($name, '@')) || (strpos($name, 'http://'))) {
$newname = $name;
$links = @Probe::lrdd($name);
if (count($links)) {
foreach ($links as $link) {
if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') {
$profile = $link['@attributes']['href'];
}
if (count($links)) {
foreach ($links as $link) {
if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') {
$profile = $link['@attributes']['href'];
}
if ($link['@attributes']['rel'] === 'salmon') {
$salmon = '$url:' . str_replace(',', '%sc', $link['@attributes']['href']);
if ($link['@attributes']['rel'] === 'salmon') {
$salmon = '$url:' . str_replace(',', '%sc', $link['@attributes']['href']);
if (strrpos($newname, '+')) {
$tagcid = intval(substr($newname, strrpos($newname, '+') + 1));
}
if (strrpos($newname, '+')) {
$tagcid = intval(substr($newname, strrpos($newname, '+') + 1));
}
//select someone from this user's contacts by name
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
//select someone from this user's contacts by name
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
intval($page_owner_uid)
);
if (!DBA::isResult($r)) {
//select someone by attag or nick and the name passed in
$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
intval($page_owner_uid)
);
if (!DBA::isResult($r)) {
//select someone by attag or nick and the name passed in
$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
if ($profile) {
if (substr($notify, 0, 4) === 'cid:') {
$taginfo[] = [$newname, $profile, $notify, $r[0], '@[url=' . str_replace(',','%2c',$profile) . ']' . $newname . '[/url]'];
} else {
$taginfo[] = [$newname, $profile, $notify, null, $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]'];
}
if ($profile) {
if (substr($notify, 0, 4) === 'cid:') {
$taginfo[] = [$newname, $profile, $notify, $r[0], '@[url=' . str_replace(',','%2c',$profile) . ']' . $newname . '[/url]'];
} else {
$taginfo[] = [$newname, $profile, $notify, null, $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]'];
}
$profile = str_replace(',', '%2c', $profile);
$profile = str_replace(',', '%2c', $profile);
}
} elseif (strpos($tag, '#') === 0) {
$tagname = substr($tag, 1);
}
} elseif (strpos($tag, '#') === 0) {
$tagname = substr($tag, 1);
$arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ;
$arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>';
$arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ;
$arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>';
}
$arr['object'] .= '</link></object>' . "\n";
$arr['target'] = '<target><type>' . ACTIVITY_OBJ_IMAGE . '</type><title>' . $p[0]['desc'] . '</title><id>'
. System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>';
}
$arr['object'] .= '</link></object>' . "\n";
$arr['target'] = '<target><type>' . ACTIVITY_OBJ_IMAGE . '</type><title>' . $p[0]['desc'] . '</title><id>'
. System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>';
- $arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
+ $arr['target'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
Addon::callHooks('photo_post_init', $_POST);
// Determine the album to use
Addon::callHooks('photo_post_init', $_POST);
// Determine the album to use
- $album = !empty($_REQUEST['album']) ? notags(trim($_REQUEST['album'])) : '';
- $newalbum = !empty($_REQUEST['newalbum']) ? notags(trim($_REQUEST['newalbum'])) : '';
+ $album = !empty($_REQUEST['album']) ? Strings::escapeTags(trim($_REQUEST['album'])) : '';
+ $newalbum = !empty($_REQUEST['newalbum']) ? Strings::escapeTags(trim($_REQUEST['newalbum'])) : '';
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$type = $_FILES['userfile']['type'];
$error = $_FILES['userfile']['error'];
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$type = $_FILES['userfile']['type'];
$error = $_FILES['userfile']['error'];
notice(L10n::t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL);
break;
case UPLOAD_ERR_FORM_SIZE:
notice(L10n::t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL);
break;
case UPLOAD_ERR_FORM_SIZE:
- notice(L10n::t('Image exceeds size limit of %s', formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
+ notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
$maximagesize = Config::get('system', 'maximagesize');
if ($maximagesize && ($filesize > $maximagesize)) {
$maximagesize = Config::get('system', 'maximagesize');
if ($maximagesize && ($filesize > $maximagesize)) {
$imagedata = @file_get_contents($src);
$image = new Image($imagedata, $type);
if (!$image->isValid()) {
$imagedata = @file_get_contents($src);
$image = new Image($imagedata, $type);
if (!$image->isValid()) {
$r = Photo::store($image, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
if (!$r) {
$r = Photo::store($image, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
if (!$r) {
- if ($visible) {
- Worker::add(PRIORITY_HIGH, "Notifier", 'wall-new', $item_id);
- }
-
- Addon::callHooks('photo_post_end', intval($item_id));
+ Addon::callHooks('photo_post_end', $item_id);
// addon uploaders should call "killme()" [e.g. exit] within the photo_post_end hook
// if they do not wish to be redirected
// addon uploaders should call "killme()" [e.g. exit] within the photo_post_end hook
// if they do not wish to be redirected
foreach ($a->data['albums'] as $album) {
if (($album['album'] === '') || ($album['album'] === 'Contact Photos') || ($album['album'] === L10n::t('Contact Photos'))) {
continue;
foreach ($a->data['albums'] as $album) {
if (($album['album'] === '') || ($album['album'] === 'Contact Photos') || ($album['album'] === L10n::t('Contact Photos'))) {
continue;
- $default_upload_box = replace_macros(get_markup_template('photos_default_uploader_box.tpl'), []);
- $default_upload_submit = replace_macros(get_markup_template('photos_default_uploader_submit.tpl'), [
+ $default_upload_box = Renderer::replaceMacros(Renderer::getMarkupTemplate('photos_default_uploader_box.tpl'), []);
+ $default_upload_submit = Renderer::replaceMacros(Renderer::getMarkupTemplate('photos_default_uploader_submit.tpl'), [
'$pagename' => L10n::t('Upload Photos'),
'$sessid' => session_id(),
'$usage' => $usage_message,
'$pagename' => L10n::t('Upload Photos'),
'$sessid' => session_id(),
'$usage' => $usage_message,
'$albumselect' => $albumselect,
'$permissions' => L10n::t('Permissions'),
'$aclselect' => $aclselect_e,
'$albumselect' => $albumselect,
'$permissions' => L10n::t('Permissions'),
'$aclselect' => $aclselect_e,
+ '$lockstate' => is_array($a->user)
+ && (strlen($a->user['allow_cid'])
+ || strlen($a->user['allow_gid'])
+ || strlen($a->user['deny_cid'])
+ || strlen($a->user['deny_gid'])
+ ) ? 'lock' : 'unlock',
'$alt_uploader' => $ret['addon_text'],
'$default_upload_box' => ($ret['default_upload'] ? $default_upload_box : ''),
'$default_upload_submit' => ($ret['default_upload'] ? $default_upload_submit : ''),
'$alt_uploader' => $ret['addon_text'],
'$default_upload_box' => ($ret['default_upload'] ? $default_upload_box : ''),
'$default_upload_submit' => ($ret['default_upload'] ? $default_upload_submit : ''),
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
AND `scale` <= 4 $sql_extra GROUP BY `resource-id`",
intval($owner_uid),
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
AND `scale` <= 4 $sql_extra GROUP BY `resource-id`",
intval($owner_uid),
/// @TODO I have seen this many times, maybe generalize it script-wide and encapsulate it?
$order_field = defaults($_GET, 'order', '');
if ($order_field === 'posted') {
/// @TODO I have seen this many times, maybe generalize it script-wide and encapsulate it?
$order_field = defaults($_GET, 'order', '');
if ($order_field === 'posted') {
FROM `photo` WHERE `uid` = %d AND `album` = '%s'
AND `scale` <= 4 $sql_extra GROUP BY `resource-id` ORDER BY `created` $order LIMIT %d , %d",
intval($owner_uid),
FROM `photo` WHERE `uid` = %d AND `album` = '%s'
AND `scale` <= 4 $sql_extra GROUP BY `resource-id` ORDER BY `created` $order LIMIT %d , %d",
intval($owner_uid),
'$nametext' => L10n::t('New album name: '),
'$nickname' => $a->data['user']['nickname'],
'$album' => $album_e,
'$nametext' => L10n::t('New album name: '),
'$nickname' => $a->data['user']['nickname'],
'$album' => $album_e,
- $tpl = get_markup_template('photo_album.tpl');
- $o .= replace_macros($tpl, [
- '$photos' => $photos,
- '$album' => $album,
- '$can_post' => $can_post,
- '$upload' => [L10n::t('Upload New Photos'), 'photos/' . $a->data['user']['nickname'] . '/upload/' . bin2hex($album)],
- '$order' => $order,
- '$edit' => $edit,
- '$paginate' => paginate($a),
- ]);
+ $tpl = Renderer::getMarkupTemplate('photo_album.tpl');
+ $o .= Renderer::replaceMacros($tpl, [
+ '$photos' => $photos,
+ '$album' => $album,
+ '$can_post' => $can_post,
+ '$upload' => [L10n::t('Upload New Photos'), 'photos/' . $a->data['user']['nickname'] . '/upload/' . bin2hex($album)],
+ '$order' => $order,
+ '$edit' => $edit,
+ '$paginate' => $pager->renderFull($total),
+ ]);
$ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
$sql_extra ORDER BY `scale` ASC ",
intval($owner_uid),
$ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
$sql_extra ORDER BY `scale` ASC ",
intval($owner_uid),
);
if (!DBA::isResult($ph)) {
$ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
LIMIT 1",
intval($owner_uid),
);
if (!DBA::isResult($ph)) {
$ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
LIMIT 1",
intval($owner_uid),
);
if (DBA::isResult($ph)) {
notice(L10n::t('Permission denied. Access to this item may be restricted.'));
);
if (DBA::isResult($ph)) {
notice(L10n::t('Permission denied. Access to this item may be restricted.'));
$prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0
$sql_extra ORDER BY `created` $order ",
$prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0
$sql_extra ORDER BY `created` $order ",
- $prevlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : '');
- $nextlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : '');
+ if (!is_null($prv)) {
+ $prevlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : '');
+ }
+ if (!is_null($nxt)) {
+ $nextlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : '');
+ }
- $tpl = get_markup_template('photo_edit_head.tpl');
- $a->page['htmlhead'] .= replace_macros($tpl,[
+ $tpl = Renderer::getMarkupTemplate('photo_edit_head.tpl');
+ $a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[
/// @todo Rewrite this query. To do so, $sql_extra must be changed
$linked_items = q("SELECT `id` FROM `item` WHERE `resource-id` = '%s' $sql_extra LIMIT 1",
/// @todo Rewrite this query. To do so, $sql_extra must be changed
$linked_items = q("SELECT `id` FROM `item` WHERE `resource-id` = '%s' $sql_extra LIMIT 1",
if (DBA::isResult($linked_items)) {
// This is a workaround to not being forced to rewrite the while $sql_extra handling
$link_item = Item::selectFirst([], ['id' => $linked_items[0]['id']]);
$condition = ["`parent` = ? AND `parent` != `id`", $link_item['parent']];
if (DBA::isResult($linked_items)) {
// This is a workaround to not being forced to rewrite the while $sql_extra handling
$link_item = Item::selectFirst([], ['id' => $linked_items[0]['id']]);
$condition = ["`parent` = ? AND `parent` != `id`", $link_item['parent']];
- $params = ['order' => ['id'], 'limit' => [$a->pager['start'], $a->pager['itemspage']]];
- $result = Item::selectForUser($link_item['uid'], [], $condition, $params);
+ $pager = new Pager($a->query_string);
+
+ $params = ['order' => ['id'], 'limit' => [$pager->getStart(), $pager->getItemsPerPage()]];
+ $result = Item::selectForUser($link_item['uid'], Item::ITEM_FIELDLIST, $condition, $params);
if (count($linked_items) && strlen($link_item['tag'])) {
$arr = explode(',', $link_item['tag']);
// parse tags and add links
if (count($linked_items) && strlen($link_item['tag'])) {
$arr = explode(',', $link_item['tag']);
// parse tags and add links
- $tag_str = '';
- foreach ($arr as $t) {
- if (strlen($tag_str)) {
- $tag_str .= ', ';
- }
- $tag_str .= BBCode::convert($t);
+ $tag_arr = [];
+ foreach ($arr as $tag) {
+ $tag_arr[] = [
+ 'name' => BBCode::convert($tag),
+ 'removeurl' => '/tagrm/'.$link_item['id'] . '/' . bin2hex($tag)
+ ];
'$id' => $ph[0]['id'],
'$album' => ['albname', L10n::t('New album name'), $album_e,''],
'$caption' => ['desc', L10n::t('Caption'), $caption_e, ''],
'$id' => $ph[0]['id'],
'$album' => ['albname', L10n::t('New album name'), $album_e,''],
'$caption' => ['desc', L10n::t('Caption'), $caption_e, ''],
- $cmnt_tpl = get_markup_template('comment_item.tpl');
- $tpl = get_markup_template('photo_item.tpl');
- $return_url = $a->cmd;
+ $cmnt_tpl = Renderer::getMarkupTemplate('comment_item.tpl');
+ $tpl = Renderer::getMarkupTemplate('photo_item.tpl');
+ $return_path = $a->cmd;
- if ($can_post || can_write_wall($owner_uid)) {
- $like_tpl = get_markup_template('like_noshare.tpl');
- $likebuttons = replace_macros($like_tpl, [
+ if ($can_post || Security::canWriteToUserWall($owner_uid)) {
+ $like_tpl = Renderer::getMarkupTemplate('like_noshare.tpl');
+ $likebuttons = Renderer::replaceMacros($like_tpl, [
'$id' => $link_item['id'],
'$likethis' => L10n::t("I like this \x28toggle\x29"),
'$id' => $link_item['id'],
'$likethis' => L10n::t("I like this \x28toggle\x29"),
'$wait' => L10n::t('Please wait'),
'$return_path' => $a->query_string,
]);
}
if (!DBA::isResult($items)) {
'$wait' => L10n::t('Please wait'),
'$return_path' => $a->query_string,
]);
}
if (!DBA::isResult($items)) {
- if (($can_post || can_write_wall($owner_uid))) {
- $comments .= replace_macros($cmnt_tpl, [
+ if (($can_post || Security::canWriteToUserWall($owner_uid))) {
+ $comments .= Renderer::replaceMacros($cmnt_tpl, [
'$id' => $link_item['id'],
'$parent' => $link_item['id'],
'$profile_uid' => $owner_uid,
'$id' => $link_item['id'],
'$parent' => $link_item['id'],
'$profile_uid' => $owner_uid,
'$preview' => L10n::t('Preview'),
'$sourceapp' => L10n::t($a->sourcename),
'$ww' => '',
'$preview' => L10n::t('Preview'),
'$sourceapp' => L10n::t($a->sourcename),
'$ww' => '',
$dislike = format_like($conv_responses['dislike'][$link_item['uri']], $conv_responses['dislike'][$link_item['uri'] . '-l'], 'dislike', $link_item['id']);
}
$dislike = format_like($conv_responses['dislike'][$link_item['uri']], $conv_responses['dislike'][$link_item['uri'] . '-l'], 'dislike', $link_item['id']);
}
- if (($can_post || can_write_wall($owner_uid))) {
- $comments .= replace_macros($cmnt_tpl,[
+ if (($can_post || Security::canWriteToUserWall($owner_uid))) {
+ $comments .= Renderer::replaceMacros($cmnt_tpl,[
'$id' => $link_item['id'],
'$parent' => $link_item['id'],
'$profile_uid' => $owner_uid,
'$id' => $link_item['id'],
'$parent' => $link_item['id'],
'$profile_uid' => $owner_uid,
'$preview' => L10n::t('Preview'),
'$sourceapp' => L10n::t($a->sourcename),
'$ww' => '',
'$preview' => L10n::t('Preview'),
'$sourceapp' => L10n::t($a->sourcename),
'$ww' => '',
- $comments .= replace_macros($template,[
- '$id' => $item['item_id'],
+ $comments .= Renderer::replaceMacros($template,[
+ '$id' => $item['id'],
'$profile_url' => $profile_url,
'$name' => $item['author-name'],
'$thumb' => $item['author-avatar'],
'$profile_url' => $profile_url,
'$name' => $item['author-name'],
'$thumb' => $item['author-avatar'],
- if (($can_post || can_write_wall($owner_uid))) {
- $comments .= replace_macros($cmnt_tpl, [
+ if (($can_post || Security::canWriteToUserWall($owner_uid))) {
+ $comments .= Renderer::replaceMacros($cmnt_tpl, [
'$id' => $item['item_id'],
'$parent' => $item['parent'],
'$profile_uid' => $owner_uid,
'$id' => $item['item_id'],
'$parent' => $item['parent'],
'$profile_uid' => $owner_uid,
'$preview' => L10n::t('Preview'),
'$sourceapp' => L10n::t($a->sourcename),
'$ww' => '',
'$preview' => L10n::t('Preview'),
'$sourceapp' => L10n::t($a->sourcename),
'$ww' => '',
$responses = get_responses($conv_responses, $response_verbs, '', $link_item);
$responses = get_responses($conv_responses, $response_verbs, '', $link_item);
- $photo_tpl = get_markup_template('photo_view.tpl');
- $o .= replace_macros($photo_tpl, [
+ $photo_tpl = Renderer::getMarkupTemplate('photo_view.tpl');
+ $o .= Renderer::replaceMacros($photo_tpl, [
$a->page['htmlhead'] .= '<meta name="twitter:title" content="' . $photo["album"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image" content="' . $photo["href"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image:width" content="' . $photo["width"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:title" content="' . $photo["album"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image" content="' . $photo["href"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image:width" content="' . $photo["width"] . '" />' . "\n";
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
$sql_extra GROUP BY `resource-id`",
intval($a->data['user']['uid']),
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
$sql_extra GROUP BY `resource-id`",
intval($a->data['user']['uid']),
- dbesc('Contact Photos'),
- dbesc(L10n::t('Contact Photos'))
+ DBA::escape('Contact Photos'),
+ DBA::escape(L10n::t('Contact Photos'))
$r = q("SELECT `resource-id`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`filename`) AS `filename`,
ANY_VALUE(`type`) AS `type`, ANY_VALUE(`album`) AS `album`, max(`scale`) AS `scale`,
ANY_VALUE(`created`) AS `created` FROM `photo`
WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
$sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
intval($a->data['user']['uid']),
$r = q("SELECT `resource-id`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`filename`) AS `filename`,
ANY_VALUE(`type`) AS `type`, ANY_VALUE(`album`) AS `album`, max(`scale`) AS `scale`,
ANY_VALUE(`created`) AS `created` FROM `photo`
WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
$sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
intval($a->data['user']['uid']),
- dbesc('Contact Photos'),
- dbesc(L10n::t('Contact Photos')),
- intval($a->pager['start']),
- intval($a->pager['itemspage'])
+ DBA::escape('Contact Photos'),
+ DBA::escape(L10n::t('Contact Photos')),
+ $pager->getStart(),
+ $pager->getItemsPerPage()
- $tpl = get_markup_template('photos_recent.tpl');
- $o .= replace_macros($tpl, [
+ $tpl = Renderer::getMarkupTemplate('photos_recent.tpl');
+ $o .= Renderer::replaceMacros($tpl, [
'$title' => L10n::t('Recent Photos'),
'$can_post' => $can_post,
'$upload' => [L10n::t('Upload New Photos'), 'photos/'.$a->data['user']['nickname'].'/upload'],
'$photos' => $photos,
'$title' => L10n::t('Recent Photos'),
'$can_post' => $can_post,
'$upload' => [L10n::t('Upload New Photos'), 'photos/'.$a->data['user']['nickname'].'/upload'],
'$photos' => $photos,