Merge pull request #6225 from annando/http-error

[friendica.git] / mod / bookmarklet.php

diff --git a/mod/bookmarklet.php b/mod/bookmarklet.php
index 593b4fa661365ec8d38ef64c87f79a5ce0e98966..d9c2f52f821d0a449c7a24b116fd0f36358ae4dd 100644 (file)
--- a/mod/bookmarklet.php
+++ b/mod/bookmarklet.php
@@ -1,11 +1,18 @@
 <?php
+/**
+ * @file mod/bookmarklet.php
+ */
 
 use Friendica\App;
+use Friendica\Core\ACL;
+use Friendica\Core\Config;
+use Friendica\Core\L10n;
 use Friendica\Core\System;
 use Friendica\Module\Login;
+use Friendica\Util\Strings;
 
-require_once('include/conversation.php');
-require_once('include/items.php');
+require_once 'include/conversation.php';
+require_once 'include/items.php';
 
 function bookmarklet_init()
 {
@@ -15,15 +22,19 @@ function bookmarklet_init()
 function bookmarklet_content(App $a)
 {
        if (!local_user()) {
-               $o = '<h2>' . t('Login') . '</h2>';
-               $o .= Login::form($a->query_string, $a->config['register_policy'] == REGISTER_CLOSED ? false : true);
+               $o = '<h2>' . L10n::t('Login') . '</h2>';
+               $o .= Login::form($a->query_string, intval(Config::get('config', 'register_policy')) === REGISTER_CLOSED ? false : true);
                return $o;
        }
 
-       $referer = normalise_link($_SERVER["HTTP_REFERER"]);
-       $page = normalise_link(System::baseUrl() . "/bookmarklet");
+       $referer = Strings::normaliseLink(defaults($_SERVER, 'HTTP_REFERER', ''));
+       $page = Strings::normaliseLink(System::baseUrl() . "/bookmarklet");
 
        if (!strstr($referer, $page)) {
+               if (empty($_REQUEST["url"])) {
+                       System::httpExit(400, ["title" => L10n::t('Bad Request')]);
+               }
+
                $content = add_page_info($_REQUEST["url"]);
 
                $x = [
@@ -32,18 +43,18 @@ function bookmarklet_content(App $a)
                        'default_location' => $a->user['default-location'],
                        'nickname' => $a->user['nickname'],
                        'lockstate' => ((is_array($a->user) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid'])))) ? 'lock' : 'unlock'),
-                       'default_perms' => get_acl_permissions($a->user),
-                       'acl' => populate_acl($a->user, true),
+                       'default_perms' => ACL::getDefaultUserPermissions($a->user),
+                       'acl' => ACL::getFullSelectorHTML($a->user, true),
                        'bang' => '',
                        'visitor' => 'block',
                        'profile_uid' => local_user(),
-                       'title' => trim($_REQUEST["title"], "*"),
+                       'title' => trim(defaults($_REQUEST, 'title', ''), "*"),
                        'content' => $content
                ];
                $o = status_editor($a, $x, 0, false);
                $o .= "<script>window.resizeTo(800,550);</script>";
        } else {
-               $o = '<h2>' . t('The post was created') . '</h2>';
+               $o = '<h2>' . L10n::t('The post was created') . '</h2>';
                $o .= "<script>window.close()</script>";
        }