]> git.mxchange.org Git - friendica.git/blobdiff - include/items.php
projects / friendica.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
block injection vector
[friendica.git] / include / items.php
diff --git a/include/items.php b/include/items.php
index 13566075badccc2a56b23b0cccb09d025dc0de21..b7be27932f6a1c215b136356bdf8977b63cdec66 100755 (executable)
--- a/include/items.php
+++ b/include/items.php
@@ -835,14 +835,16 @@ function get_atom_elements($feed,$item) {
        // Search for ostatus conversation url
        $links = $item->feed->data["child"][SIMPLEPIE_NAMESPACE_ATOM_10]["feed"][0]["child"][SIMPLEPIE_NAMESPACE_ATOM_10]["entry"][0]["child"]["http://www.w3.org/2005/Atom"]["link"];
 
-       foreach ($links as $link) {
-               $conversation = array_shift($link["attribs"]);
+       if (is_array($links)) {
+               foreach ($links as $link) {
+                       $conversation = array_shift($link["attribs"]);
 
-               if ($conversation["rel"] == "ostatus:conversation") {
-                       $res["ostatus_conversation"] = $conversation["href"];
-                       logger('get_atom_elements: found conversation url '.$res["ostatus_conversation"]);
-               }
-       };
+                       if ($conversation["rel"] == "ostatus:conversation") {
+                               $res["ostatus_conversation"] = $conversation["href"];
+                               logger('get_atom_elements: found conversation url '.$res["ostatus_conversation"]);
+                       }
+               };
+       }
 
        $arr = array('feed' => $feed, 'item' => $item, 'result' => $res);
 
@@ -3665,7 +3667,7 @@ function fix_private_photos($s, $uid, $item = null, $cid = 0) {
                        // Only embed locally hosted photos
                        $replace = false;
                        $i = basename($image);
-                       $i = str_replace(array('.jpg','.png'),array('',''),$i);
+                       $i = str_replace(array('.jpg','.png','.gif'),array('','',''),$i);
                        $x = strpos($i,'-');
 
                        if($x) {
@@ -3676,7 +3678,7 @@ function fix_private_photos($s, $uid, $item = null, $cid = 0) {
                                        intval($res),
                                        intval($uid)
                                );
-                               if(count($r)) {
+                               if($r) {
 
                                        // Check to see if we should replace this photo link with an embedded image
                                        // 1. No need to do so if the photo is public
@@ -3945,6 +3947,34 @@ function drop_item($id,$interactive = true) {
 
        if((local_user() == $item['uid']) || ($cid) || (! $interactive)) {
 
+               // Check if we should do HTML-based delete confirmation
+               if($_REQUEST['confirm']) {
+                       // <form> can't take arguments in its "action" parameter
+                       // so add any arguments as hidden inputs
+                       $query = explode_querystring($a->query_string);
+                       $inputs = array();
+                       foreach($query['args'] as $arg) {
+                               if(strpos($arg, 'confirm=') === false) {
+                                       $arg_parts = explode('=', $arg);
+                                       $inputs[] = array('name' => $arg_parts[0], 'value' => $arg_parts[1]);
+                               }
+                       }
+
+                       return replace_macros(get_markup_template('confirm.tpl'), array(
+                               '$method' => 'get',
+                               '$message' => t('Do you really want to delete this item?'),
+                               '$extra_inputs' => $inputs,
+                               '$confirm' => t('Yes'),
+                               '$confirm_url' => $query['base'],
+                               '$confirm_name' => 'confirmed',
+                               '$cancel' => t('Cancel'),
+                       ));
+               }
+               // Now check how the user responded to the confirmation query
+               if($_REQUEST['canceled']) {
+                       goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+               }
+
                logger('delete item: ' . $item['id'], LOGGER_DEBUG);
                // delete the item
 
Unnamed repository; edit this file 'description' to name the repository.