Merge branch '2019.01-rc' into bug/6334-escape-get-app

[friendica.git] / mod / directory.php

diff --git a/mod/directory.php b/mod/directory.php
index f1e079d68180d96d696f7808c33b1a7bf33818ea..3fd0aa848bec837401e1132f14e41f1d567572d6 100644 (file)
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -2,20 +2,23 @@
 /**
  * @file mod/directory.php
  */
+
 use Friendica\App;
 use Friendica\Content\Nav;
+use Friendica\Content\Pager;
 use Friendica\Content\Widget;
 use Friendica\Core\Addon;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
-use Friendica\Database\DBM;
+use Friendica\Core\Renderer;
+use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\Profile;
+use Friendica\Util\Proxy as ProxyUtils;
+use Friendica\Util\Strings;
 
 function directory_init(App $a)
 {
-       $a->set_pager_itemspage(60);
-
        if (local_user()) {
                $a->page['aside'] .= Widget::findPeople();
                $a->page['aside'] .= Widget::follow();
@@ -27,15 +30,13 @@ function directory_init(App $a)
 
 function directory_post(App $a)
 {
-       if (x($_POST, 'search')) {
+       if (!empty($_POST['search'])) {
                $a->data['search'] = $_POST['search'];
        }
 }
 
 function directory_content(App $a)
 {
-       require_once("mod/proxy.php");
-
        if ((Config::get('system', 'block_public') && !local_user() && !remote_user())
                || (Config::get('system', 'block_local_dir') && !local_user() && !remote_user())
        ) {
@@ -46,10 +47,10 @@ function directory_content(App $a)
        $o = '';
        Nav::setSelected('directory');
 
-       if (x($a->data, 'search')) {
-               $search = notags(trim($a->data['search']));
+       if (!empty($a->data['search'])) {
+               $search = Strings::escapeTags(trim($a->data['search']));
        } else {
-               $search = ((x($_GET, 'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');
+               $search = (!empty($_GET['search']) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : '');
        }
 
        $gdirpath = '';
@@ -59,7 +60,7 @@ function directory_content(App $a)
        }
 
        if ($search) {
-               $search = dbesc($search);
+               $search = DBA::escape($search);
 
                $sql_extra = " AND ((`profile`.`name` LIKE '%$search%') OR
                                (`user`.`nickname` LIKE '%$search%') OR
@@ -76,37 +77,41 @@ function directory_content(App $a)
                                (`profile`.`education` LIKE '%$search%') OR
                                (`profile`.`pub_keywords` LIKE '%$search%') OR
                                (`profile`.`prv_keywords` LIKE '%$search%'))";
+       } else {
+               $sql_extra = '';
        }
 
-       $publish = ((Config::get('system', 'publish_all')) ? '' : " AND `publish` = 1 " );
+       $publish = (Config::get('system', 'publish_all') ? '' : " AND `publish` = 1 " );
 
 
-       $cnt = dba::selectFirst("SELECT COUNT(*) AS `total` FROM `profile`
+       $total = 0;
+       $cnt = DBA::fetchFirst("SELECT COUNT(*) AS `total` FROM `profile`
                                LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid`
-                               WHERE `is-default` = 1 $publish AND `user`.`blocked` = 0 $sql_extra "
-       );
-       if (DBM::is_result($cnt)) {
-               $a->set_pager_total($cnt['total']);
+                               WHERE `is-default` $publish AND NOT `user`.`blocked` AND NOT `user`.`account_removed` $sql_extra");
+       if (DBA::isResult($cnt)) {
+               $total = $cnt['total'];
        }
+       $pager = new Pager($a->query_string, 60);
 
        $order = " ORDER BY `name` ASC ";
 
-       $limit = intval($a->pager['start'])."," . intval($a->pager['itemspage']);
+       $limit = $pager->getStart()."," . $pager->getItemsPerPage();
 
-       $r = dba::p("SELECT `profile`.*, `profile`.`uid` AS `profile_uid`, `user`.`nickname`, `user`.`timezone` , `user`.`page-flags`,
+       $r = DBA::p("SELECT `profile`.*, `profile`.`uid` AS `profile_uid`, `user`.`nickname`, `user`.`timezone` , `user`.`page-flags`,
                        `contact`.`addr`, `contact`.`url` AS profile_url FROM `profile`
                        LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid`
                        LEFT JOIN `contact` ON `contact`.`uid` = `user`.`uid`
-                       WHERE `is-default` $publish AND `user`.`blocked` = 0 AND `contact`.`self` $sql_extra $order LIMIT ".$limit
+                       WHERE `is-default` $publish AND NOT `user`.`blocked` AND NOT `user`.`account_removed` AND `contact`.`self`
+                       $sql_extra $order LIMIT $limit"
        );
-       if (DBM::is_result($r)) {
+       if (DBA::isResult($r)) {
                if (in_array('small', $a->argv)) {
                        $photo = 'thumb';
                } else {
                        $photo = 'photo';
                }
 
-               while ($rr = dba::fetch($r)) {
+               while ($rr = DBA::fetch($r)) {
                        $itemurl= '';
 
                        $itemurl = (($rr['addr'] != "") ? $rr['addr'] : $rr['profile_url']);
@@ -133,38 +138,40 @@ function directory_content(App $a)
                        }
 //                     if(strlen($rr['dob'])) {
 //                             if(($years = age($rr['dob'],$rr['timezone'],'')) != 0)
-//                                     $details .= '<br />' . L10n::t('Age: ') . $years ;
+//                                     $details .= '<br />' . L10n::t('Age: ') . $years;
 //                     }
 //                     if(strlen($rr['gender']))
 //                             $details .= '<br />' . L10n::t('Gender: ') . $rr['gender'];
 
                        $profile = $rr;
 
-                       if ((x($profile, 'address')             == 1)
-                               || (x($profile, 'locality')     == 1)
-                               || (x($profile, 'region')       == 1)
-                               || (x($profile, 'postal-code')  == 1)
-                               || (x($profile, 'country-name') == 1)
+                       if (!empty($profile['address'])
+                               || !empty($profile['locality'])
+                               || !empty($profile['region'])
+                               || !empty($profile['postal-code'])
+                               || !empty($profile['country-name'])
                        ) {
                                $location = L10n::t('Location:');
+                       } else {
+                               $location = '';
                        }
 
-                       $gender   = ((x($profile, 'gender')   == 1) ? L10n::t('Gender:')   : false);
-                       $marital  = ((x($profile, 'marital')  == 1) ? L10n::t('Status:')   : false);
-                       $homepage = ((x($profile, 'homepage') == 1) ? L10n::t('Homepage:') : false);
-                       $about    = ((x($profile, 'about')    == 1) ? L10n::t('About:')    : false);
+                       $gender   = (!empty($profile['gender']) ? L10n::t('Gender:')   : false);
+                       $marital  = (!empty($profile['marital']) ? L10n::t('Status:')   : false);
+                       $homepage = (!empty($profile['homepage']) ? L10n::t('Homepage:') : false);
+                       $about    = (!empty($profile['about']) ? L10n::t('About:')    : false);
 
                        $location_e = $location;
 
                        $photo_menu = [
-                               'profile' => [L10n::t("View Profile"), Profile::zrl($profile_link)]
+                               'profile' => [L10n::t("View Profile"), Contact::magicLink($profile_link)]
                        ];
 
                        $entry = [
                                'id'           => $rr['id'],
                                'url'          => $profile_link,
                                'itemurl'      => $itemurl,
-                               'thumb'        => proxy_url($rr[$photo], false, PROXY_SIZE_THUMB),
+                               'thumb'        => ProxyUtils::proxifyUrl($rr[$photo], false, ProxyUtils::SIZE_THUMB),
                                'img_hover'    => $rr['name'],
                                'name'         => $rr['name'],
                                'details'      => $details,
@@ -194,11 +201,11 @@ function directory_content(App $a)
 
                        $entries[] = $arr['entry'];
                }
-               dba::close($r);
+               DBA::close($r);
 
-               $tpl = get_markup_template('directory_header.tpl');
+               $tpl = Renderer::getMarkupTemplate('directory_header.tpl');
 
-               $o .= replace_macros($tpl, [
+               $o .= Renderer::replaceMacros($tpl, [
                        '$search'    => $search,
                        '$globaldir' => L10n::t('Global Directory'),
                        '$gdirpath'  => $gdirpath,
@@ -208,7 +215,7 @@ function directory_content(App $a)
                        '$findterm'  => (strlen($search) ? $search : ""),
                        '$title'     => L10n::t('Site Directory'),
                        '$submit'    => L10n::t('Find'),
-                       '$paginate'  => paginate($a),
+                       '$paginate'  => $pager->renderFull($total),
                ]);
        } else {
                info(L10n::t("No entries \x28some entries may be hidden\x29.") . EOL);