Fixing #10699 (prohibits blocking and ignoreing from the photo menu)

[friendica.git] / include / conversation.php

diff --git a/include/conversation.php b/include/conversation.php
index 6a6eff28dc2c2d0dded37fafa7de0eb5f3e43079..2db0c22b8018aa71b84408ceb3f8a0cbfdd0ede8 100644 (file)
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -20,8 +20,10 @@
  */
 
 use Friendica\App;
+use Friendica\BaseModule;
 use Friendica\Content\ContactSelector;
 use Friendica\Content\Feature;
+use Friendica\Core\ACL;
 use Friendica\Core\Hook;
 use Friendica\Core\Logger;
 use Friendica\Core\Protocol;
@@ -34,6 +36,7 @@ use Friendica\Model\Contact;
 use Friendica\Model\Item;
 use Friendica\Model\Post;
 use Friendica\Model\Tag;
+use Friendica\Model\User;
 use Friendica\Model\Verb;
 use Friendica\Object\Post as PostObject;
 use Friendica\Object\Thread;
@@ -394,6 +397,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
        $threadsid = -1;
 
        $page_template = Renderer::getMarkupTemplate("conversation.tpl");
+       $formSecurityToken = BaseModule::getFormSecurityToken('contact_action');
 
        if (!empty($items)) {
                if (in_array($mode, ['community', 'contacts'])) {
@@ -479,7 +483,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
 
                                $body_html = Item::prepareBody($item, true, $preview);
 
-                               list($categories, $folders) = DI::contentItem()->determineCategoriesTerms($item);
+                               list($categories, $folders) = DI::contentItem()->determineCategoriesTerms($item, local_user());
 
                                if (!empty($item['content-warning']) && DI::pConfig()->get(local_user(), 'system', 'disable_cw', false)) {
                                        $title = ucfirst($item['content-warning']);
@@ -500,7 +504,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
                                        'network_icon' => ContactSelector::networkToIcon($item['network'], $item['author-link']),
                                        'linktitle' => DI::l10n()->t('View %s\'s profile @ %s', $profile_name, $item['author-link']),
                                        'profile_url' => $profile_link,
-                                       'item_photo_menu_html' => item_photo_menu($item),
+                                       'item_photo_menu_html' => item_photo_menu($item, $formSecurityToken),
                                        'name' => $profile_name,
                                        'sparkle' => $sparkle,
                                        'lock' => false,
@@ -588,7 +592,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
                                }
                        }
 
-                       $threads = $conv->getTemplateData($conv_responses);
+                       $threads = $conv->getTemplateData($conv_responses, $formSecurityToken);
                        if (!$threads) {
                                Logger::log('[ERROR] conversation : Failed to get template data.', Logger::DEBUG);
                                $threads = [];
@@ -717,7 +721,7 @@ function conversation_add_children(array $parents, $block_authors, $order, $uid)
                $max_comments = DI::config()->get('system', 'max_display_comments', 1000);
        }
 
-       $params = ['order' => ['uri-id' => true]];
+       $params = ['order' => ['uri-id' => true, 'uid' => true]];
 
        $activities      = [];
        $uriids          = [];
@@ -757,6 +761,10 @@ function conversation_add_children(array $parents, $block_authors, $order, $uid)
        $items = [];
 
        while ($row = Post::fetch($thread_items)) {
+               if (!empty($items[$row['uri-id']]) && ($row['uid'] == 0)) {
+                       continue;
+               }
+
                if ($max_comments > 0) {
                        if (($row['gravity'] == GRAVITY_COMMENT) && (++$commentcounter[$row['parent-uri-id']] > $max_comments)) {
                                continue;
@@ -765,7 +773,7 @@ function conversation_add_children(array $parents, $block_authors, $order, $uid)
                                continue;
                        }
                }
-               $items[] = conversation_add_row_information($row, $activities[$row['uri-id']] ?? []);
+               $items[$row['uri-id']] = conversation_add_row_information($row, $activities[$row['uri-id']] ?? []);
        }
 
        DBA::close($thread_items);
@@ -776,7 +784,7 @@ function conversation_add_children(array $parents, $block_authors, $order, $uid)
        return $items;
 }
 
-function item_photo_menu($item)
+function item_photo_menu($item, string $formSecurityToken)
 {
        DI::profiler()->startRecording('rendering');
        $sub_link = '';
@@ -819,8 +827,8 @@ function item_photo_menu($item)
        if (!empty($pcid)) {
                $contact_url = 'contact/' . $pcid;
                $posts_link  = $contact_url . '/posts';
-               $block_link  = $item['self'] ? '' : $contact_url . '/block';
-               $ignore_link = $item['self'] ? '' : $contact_url . '/ignore';
+               $block_link  = $item['self'] ? '' : $contact_url . '/block?t=' . $formSecurityToken;
+               $ignore_link = $item['self'] ? '' : $contact_url . '/ignore?t=' . $formSecurityToken;
        }
 
        if ($cid && !$item['self']) {
@@ -1060,11 +1068,27 @@ function format_activity(array $links, $verb, $id) {
        return $o;
 }
 
-function status_editor(App $a, $x, $notes_cid = 0, $popup = false)
+function status_editor(App $a, array $x = [], $notes_cid = 0, $popup = false)
 {
+       $user = User::getById($a->getLoggedInUserId(), ['uid', 'nickname', 'allow_location', 'default-location']);
+       if (empty($user['uid'])) {
+               return '';
+       }
+
        DI::profiler()->startRecording('rendering');
        $o = '';
 
+       $x['allow_location']   = $x['allow_location']   ?? $user['allow_location'];
+       $x['default_location'] = $x['default_location'] ?? $user['default-location'];
+       $x['nickname']         = $x['nickname']         ?? $user['nickname'];
+       $x['lockstate']        = $x['lockstate']        ?? ACL::getLockstateForUserId($user['uid']) ? 'lock' : 'unlock';
+       $x['acl']              = $x['acl']              ?? ACL::getFullSelectorHTML(DI::page(), $user['uid'], true);
+       $x['bang']             = $x['bang']             ?? '';
+       $x['visitor']          = $x['visitor']          ?? 'block';
+       $x['is_owner']         = $x['is_owner']         ?? true;
+       $x['profile_uid']      = $x['profile_uid']      ?? local_user();
+
+
        $geotag = !empty($x['allow_location']) ? Renderer::replaceMacros(Renderer::getMarkupTemplate('jot_geotag.tpl'), []) : '';
 
        $tpl = Renderer::getMarkupTemplate('jot-header.tpl');