Rename dbesc to DBA::escape

[friendica.git] / mod / dfrn_poll.php
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php

index ff6c31b6275c16fa5482205d5a1bb00105cf43c5..943ddddecc53623fe1b10c23f3e8f28fbd55c7f9 100644 (file)
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -3,27 +3,33 @@
  /**
   * @file mod/dfrn_poll.php
   */
+
  use Friendica\App;
  use Friendica\Core\Config;
+use Friendica\Core\L10n;
  use Friendica\Core\System;
-use Friendica\Database\DBM;
+use Friendica\Database\DBA;
+use Friendica\Module\Login;
  use Friendica\Protocol\DFRN;
  use Friendica\Protocol\OStatus;
+use Friendica\Util\Network;
+use Friendica\Util\XML;
  
  require_once 'include/items.php';
-require_once 'include/auth.php';
  
  function dfrn_poll_init(App $a)
  {
-       $dfrn_id         = x($_GET,'dfrn_id')         ? $_GET['dfrn_id']              : '';
-       $type            = x($_GET,'type')            ? $_GET['type']                 : 'data';
-       $last_update     = x($_GET,'last_update')     ? $_GET['last_update']          : '';
-       $destination_url = x($_GET,'destination_url') ? $_GET['destination_url']      : '';
-       $challenge       = x($_GET,'challenge')       ? $_GET['challenge']            : '';
-       $sec             = x($_GET,'sec')             ? $_GET['sec']                  : '';
-       $dfrn_version    = x($_GET,'dfrn_version')    ? (float) $_GET['dfrn_version'] : 2.0;
-       $perm            = x($_GET,'perm')            ? $_GET['perm']                 : 'r';
-       $quiet           = x($_GET,'quiet')           ? true                          : false;
+       Login::sessionAuth();
+
+       $dfrn_id         = defaults($_GET, 'dfrn_id'        , '');
+       $type            = defaults($_GET, 'type'           , 'data');
+       $last_update     = defaults($_GET, 'last_update'    , '');
+       $destination_url = defaults($_GET, 'destination_url', '');
+       $challenge       = defaults($_GET, 'challenge'      , '');
+       $sec             = defaults($_GET, 'sec'            , '');
+       $dfrn_version    = (float) defaults($_GET, 'dfrn_version'   , 2.0);
+       $perm            = defaults($_GET, 'perm'           , 'r');
+       $quiet                   = x($_GET, 'quiet');
  
         // Possibly it is an OStatus compatible server that requests a user feed
         if (($a->argc > 1) && ($dfrn_id == '') && !strstr($_SERVER["HTTP_USER_AGENT"], 'Friendica')) {
@@ -44,16 +50,16 @@ function dfrn_poll_init(App $a)
  
         if (($dfrn_id === '') && (!x($_POST, 'dfrn_id'))) {
                 if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
-                       http_status_exit(403);
+                       System::httpExit(403);
                 }
  
                 $user = '';
                 if ($a->argc > 1) {
                         $r = q("SELECT `hidewall`,`nickname` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
-                               dbesc($a->argv[1])
+                               DBA::escape($a->argv[1])
                         );
                         if (!$r) {
-                               http_status_exit(404);
+                               System::httpExit(404);
                         }
  
                         $hidewall = ($r[0]['hidewall'] && !local_user());
@@ -71,15 +77,15 @@ function dfrn_poll_init(App $a)
                 $sql_extra = '';
                 switch ($direction) {
                         case -1:
-                               $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
                                 $my_id = $dfrn_id;
                                 break;
                         case 0:
-                               $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                 $my_id = '1:' . $dfrn_id;
                                 break;
                         case 1:
-                               $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                 $my_id = '0:' . $dfrn_id;
                                 break;
                         default:
@@ -91,39 +97,40 @@ function dfrn_poll_init(App $a)
                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
                         WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
                         AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
-                       dbesc($a->argv[1])
+                       DBA::escape($a->argv[1])
                 );
  
-               if (DBM::is_result($r)) {
-                       $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
+               if (DBA::isResult($r)) {
+                       $s = Network::fetchUrl($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
  
                         logger("dfrn_poll: old profile returns " . $s, LOGGER_DATA);
  
                         if (strlen($s)) {
-                               $xml = parse_xml_string($s);
+                               $xml = XML::parseString($s);
  
                                 if ((int) $xml->status === 1) {
                                         $_SESSION['authenticated'] = 1;
                                         if (!x($_SESSION, 'remote')) {
-                                               $_SESSION['remote'] = array();
+                                               $_SESSION['remote'] = [];
                                         }
  
-                                       $_SESSION['remote'][] = array('cid' => $r[0]['id'], 'uid' => $r[0]['uid'], 'url' => $r[0]['url']);
+                                       $_SESSION['remote'][] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid'], 'url' => $r[0]['url']];
  
                                         $_SESSION['visitor_id'] = $r[0]['id'];
                                         $_SESSION['visitor_home'] = $r[0]['url'];
                                         $_SESSION['visitor_handle'] = $r[0]['addr'];
                                         $_SESSION['visitor_visiting'] = $r[0]['uid'];
+                                       $_SESSION['my_url'] = $r[0]['url'];
                                         if (!$quiet) {
-                                               info(sprintf(t('%1$s welcomes %2$s'), $r[0]['username'], $r[0]['name']) . EOL);
+                                               info(L10n::t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL);
                                         }
  
                                         // Visitors get 1 day session.
                                         $session_id = session_id();
                                         $expire = time() + 86400;
                                         q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s'",
-                                               dbesc($expire),
-                                               dbesc($session_id)
+                                               DBA::escape($expire),
+                                               DBA::escape($session_id)
                                         );
                                 }
                         }
@@ -135,12 +142,12 @@ function dfrn_poll_init(App $a)
  
         if ($type === 'profile-check' && $dfrn_version < 2.2) {
                 if ((strlen($challenge)) && (strlen($sec))) {
-                       q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
+                       DBA::delete('profile_check', ["`expire` < ?", time()]);
                         $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
-                               dbesc($sec)
+                               DBA::escape($sec)
                         );
-                       if (!DBM::is_result($r)) {
-                               xml_status(3, 'No ticket');
+                       if (!DBA::isResult($r)) {
+                               System::xmlExit(3, 'No ticket');
                                 // NOTREACHED
                         }
  
@@ -152,8 +159,8 @@ function dfrn_poll_init(App $a)
                         $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
                                 intval($r[0]['cid'])
                         );
-                       if (!DBM::is_result($c)) {
-                               xml_status(3, 'No profile');
+                       if (!DBA::isResult($c)) {
+                               System::xmlExit(3, 'No profile');
                         }
  
                         $contact = $c[0];
@@ -180,7 +187,7 @@ function dfrn_poll_init(App $a)
                         if ($final_dfrn_id != $orig_id) {
                                 logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
                                 // did not decode properly - cannot trust this site
-                               xml_status(3, 'Bad decryption');
+                               System::xmlExit(3, 'Bad decryption');
                         }
  
                         header("Content-type: text/xml");
@@ -200,14 +207,14 @@ function dfrn_poll_init(App $a)
                                         break;
                         }
  
-                       q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
+                       DBA::delete('profile_check', ["`expire` < ?", time()]);
                         $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
-                               dbesc($dfrn_id));
-                       if (DBM::is_result($r)) {
-                               xml_status(1);
+                               DBA::escape($dfrn_id));
+                       if (DBA::isResult($r)) {
+                               System::xmlExit(1);
                                 return; // NOTREACHED
                         }
-                       xml_status(0);
+                       System::xmlExit(0);
                         return; // NOTREACHED
                 }
         }
@@ -227,12 +234,12 @@ function dfrn_poll_post(App $a)
                 if (strlen($challenge) && strlen($sec)) {
                         logger('dfrn_poll: POST: profile-check');
  
-                       q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
+                       DBA::delete('profile_check', ["`expire` < ?", time()]);
                         $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
-                               dbesc($sec)
+                               DBA::escape($sec)
                         );
-                       if (!DBM::is_result($r)) {
-                               xml_status(3, 'No ticket');
+                       if (!DBA::isResult($r)) {
+                               System::xmlExit(3, 'No ticket');
                                 // NOTREACHED
                         }
  
@@ -244,8 +251,8 @@ function dfrn_poll_post(App $a)
                         $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
                                 intval($r[0]['cid'])
                         );
-                       if (!DBM::is_result($c)) {
-                               xml_status(3, 'No profile');
+                       if (!DBA::isResult($c)) {
+                               System::xmlExit(3, 'No profile');
                         }
  
                         $contact = $c[0];
@@ -272,7 +279,7 @@ function dfrn_poll_post(App $a)
                         if ($final_dfrn_id != $orig_id) {
                                 logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
                                 // did not decode properly - cannot trust this site
-                               xml_status(3, 'Bad decryption');
+                               System::xmlExit(3, 'Bad decryption');
                         }
  
                         header("Content-type: text/xml");
@@ -289,35 +296,31 @@ function dfrn_poll_post(App $a)
         }
  
         $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
-               dbesc($dfrn_id),
-               dbesc($challenge)
+               DBA::escape($dfrn_id),
+               DBA::escape($challenge)
         );
  
-       if (!DBM::is_result($r)) {
+       if (!DBA::isResult($r)) {
                 killme();
         }
  
         $type = $r[0]['type'];
         $last_update = $r[0]['last_update'];
  
-       $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s'",
-               dbesc($dfrn_id),
-               dbesc($challenge)
-       );
-
+       DBA::delete('challenge', ['dfrn-id' => $dfrn_id, 'challenge' => $challenge]);
  
         $sql_extra = '';
         switch ($direction) {
                 case -1:
-                       $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
+                       $sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
                         $my_id = $dfrn_id;
                         break;
                 case 0:
-                       $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                       $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                         $my_id = '1:' . $dfrn_id;
                         break;
                 case 1:
-                       $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                       $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                         $my_id = '0:' . $dfrn_id;
                         break;
                 default:
@@ -326,7 +329,7 @@ function dfrn_poll_post(App $a)
         }
  
         $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
-       if (!DBM::is_result($r)) {
+       if (!DBA::isResult($r)) {
                 killme();
         }
  
@@ -336,13 +339,13 @@ function dfrn_poll_post(App $a)
  
         if ($type === 'reputation' && strlen($url)) {
                 $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
-                       dbesc($url),
+                       DBA::escape($url),
                         intval($owner_uid)
                 );
                 $reputation = 0;
                 $text = '';
  
-               if (DBM::is_result($r)) {
+               if (DBA::isResult($r)) {
                         $reputation = $r[0]['rating'];
                         $text = $r[0]['reason'];
  
@@ -409,16 +412,16 @@ function dfrn_poll_content(App $a)
  
                 $status = 0;
  
-               $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
+               DBA::delete('challenge', ["`expire` < ?", time()]);
  
                 if ($type !== 'profile') {
                         $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
                                 VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
-                               dbesc($hash),
-                               dbesc($dfrn_id),
+                               DBA::escape($hash),
+                               DBA::escape($dfrn_id),
                                 intval(time() + 60 ),
-                               dbesc($type),
-                               dbesc($last_update)
+                               DBA::escape($type),
+                               DBA::escape($last_update)
                         );
                 }
  
@@ -426,19 +429,19 @@ function dfrn_poll_content(App $a)
                 switch ($direction) {
                         case -1:
                                 if ($type === 'profile') {
-                                       $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
+                                       $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
                                 } else {
-                                       $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
+                                       $sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
                                 }
  
                                 $my_id = $dfrn_id;
                                 break;
                         case 0:
-                               $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                 $my_id = '1:' . $dfrn_id;
                                 break;
                         case 1:
-                               $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                 $my_id = '0:' . $dfrn_id;
                                 break;
                         default:
@@ -452,9 +455,9 @@ function dfrn_poll_content(App $a)
                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
                         WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
                         AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
-                       dbesc($nickname)
+                       DBA::escape($nickname)
                 );
-               if (DBM::is_result($r)) {
+               if (DBA::isResult($r)) {
                         $challenge = '';
                         $encrypted_id = '';
                         $id_str = $my_id . '.' . mt_rand(1000, 9999);
@@ -478,7 +481,7 @@ function dfrn_poll_content(App $a)
                 if (($type === 'profile') && (strlen($sec))) {
                         // URL reply
                         if ($dfrn_version < 2.2) {
-                               $s = fetch_url($r[0]['poll']
+                               $s = Network::fetchUrl($r[0]['poll']
                                         . '?dfrn_id=' . $encrypted_id
                                         . '&type=profile-check'
                                         . '&dfrn_version=' . DFRN_PROTOCOL_VERSION
@@ -486,16 +489,16 @@ function dfrn_poll_content(App $a)
                                         . '&sec=' . $sec
                                 );
                         } else {
-                               $s = post_url($r[0]['poll'], array(
+                               $s = Network::post($r[0]['poll'], [
                                         'dfrn_id' => $encrypted_id,
                                         'type' => 'profile-check',
                                         'dfrn_version' => DFRN_PROTOCOL_VERSION,
                                         'challenge' => $challenge,
                                         'sec' => $sec
-                               ));
+                               ]);
                         }
  
-                       $profile = ((DBM::is_result($r) && $r[0]['nickname']) ? $r[0]['nickname'] : $nickname);
+                       $profile = ((DBA::isResult($r) && $r[0]['nickname']) ? $r[0]['nickname'] : $nickname);
  
                         switch ($destination_url) {
                                 case 'profile':
@@ -517,7 +520,7 @@ function dfrn_poll_content(App $a)
                         logger("dfrn_poll: sec profile: " . $s, LOGGER_DATA);
  
                         if (strlen($s) && strstr($s, '<?xml')) {
-                               $xml = parse_xml_string($s);
+                               $xml = XML::parseString($s);
  
                                 logger('dfrn_poll: profile: parsed xml: ' . print_r($xml, true), LOGGER_DATA);
  
@@ -527,23 +530,24 @@ function dfrn_poll_content(App $a)
                                 if (((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) {
                                         $_SESSION['authenticated'] = 1;
                                         if (!x($_SESSION, 'remote')) {
-                                               $_SESSION['remote'] = array();
+                                               $_SESSION['remote'] = [];
                                         }
  
-                                       $_SESSION['remote'][] = array('cid' => $r[0]['id'], 'uid' => $r[0]['uid'], 'url' => $r[0]['url']);
+                                       $_SESSION['remote'][] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid'], 'url' => $r[0]['url']];
                                         $_SESSION['visitor_id'] = $r[0]['id'];
                                         $_SESSION['visitor_home'] = $r[0]['url'];
                                         $_SESSION['visitor_visiting'] = $r[0]['uid'];
+                                       $_SESSION['my_url'] = $r[0]['url'];
                                         if (!$quiet) {
-                                               info(sprintf(t('%1$s welcomes %2$s'), $r[0]['username'], $r[0]['name']) . EOL);
+                                               info(L10n::t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL);
                                         }
  
                                         // Visitors get 1 day session.
                                         $session_id = session_id();
                                         $expire = time() + 86400;
                                         q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s'",
-                                               dbesc($expire),
-                                               dbesc($session_id)
+                                               DBA::escape($expire),
+                                               DBA::escape($session_id)
                                         );
                                 }