use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Protocol;
+use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Protocol\PortableContact;
use Friendica\Util\Network;
use Friendica\Util\Proxy as ProxyUtils;
+use Friendica\Util\Strings;
function dirfind_init(App $a) {
return;
}
- if (! x($a->page,'aside')) {
+ if (empty($a->page['aside'])) {
$a->page['aside'] = '';
}
$local = Config::get('system','poco_local_search');
- $search = $prefix.notags(trim(defaults($_REQUEST, 'search', '')));
+ $search = $prefix.Strings::escapeTags(trim(defaults($_REQUEST, 'search', '')));
$header = '';
if (strpos($search,'@') === 0) {
$search = substr($search,1);
$header = L10n::t('People Search - %s', $search);
- if ((valid_email($search) && Network::isEmailDomainValid($search)) ||
- (substr(normalise_link($search), 0, 7) == "http://")) {
+ if ((filter_var($search, FILTER_VALIDATE_EMAIL) && Network::isEmailDomainValid($search)) ||
+ (substr(Strings::normaliseLink($search), 0, 7) == "http://")) {
$user_data = Probe::uri($search);
$discover_user = (in_array($user_data["network"], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::OSTATUS, Protocol::DIASPORA]));
}
/// @TODO These 2 SELECTs are not checked on validity with DBA::isResult()
$count = q("SELECT count(*) AS `total` FROM `gcontact`
- WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s') AND
+ WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s', '%s') AND
((`last_contact` >= `last_failure`) OR (`updated` >= `last_failure`)) AND
(`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql",
- DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
- DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
- DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)));
+ DBA::escape(Protocol::ACTIVITYPUB), DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)));
$results = q("SELECT `nurl`
FROM `gcontact`
- WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s') AND
+ WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s', '%s') AND
((`last_contact` >= `last_failure`) OR (`updated` >= `last_failure`)) AND
(`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql
GROUP BY `nurl`
ORDER BY `updated` DESC LIMIT %d, %d",
- DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
- DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
- DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
+ DBA::escape(Protocol::ACTIVITYPUB), DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
$pager->getStart(), $pager->getItemsPerPage());
$j = new stdClass();
$j->total = $count[0]["total"];
// Add found profiles from the global directory to the local directory
Worker::add(PRIORITY_LOW, 'DiscoverPoCo', "dirsearch", urlencode($search));
- } else {
+ } elseif (strlen(Config::get('system','directory'))) {
$p = (($pager->getPage() != 1) ? '&p=' . $pager->getPage() : '');
- if (strlen(Config::get('system','directory'))) {
- $x = Network::fetchUrl(get_server() . '/lsearch?f=' . $p . '&search=' . urlencode($search));
- }
+ $x = Network::fetchUrl(get_server() . '/lsearch?f=' . $p . '&search=' . urlencode($search));
$j = json_decode($x);
-
$pager->setItemsPerPage($j->items_page);
}
if (!empty($j->results)) {
$id = 0;
+ $entries = [];
foreach ($j->results as $jj) {
$alt_text = "";
'alt_text' => $alt_text,
'url' => Model\Contact::magicLink($jj->url),
'itemurl' => $itemurl,
- 'name' => htmlentities($jj->name),
+ 'name' => $jj->name,
'thumb' => ProxyUtils::proxifyUrl($jj->photo, false, ProxyUtils::SIZE_THUMB),
'img_hover' => $jj->tags,
'conntxt' => $conntxt,
$entries[] = $entry;
}
- $tpl = get_markup_template('viewcontact_template.tpl');
- $o .= replace_macros($tpl,[
+ $tpl = Renderer::getMarkupTemplate('viewcontact_template.tpl');
+ $o .= Renderer::replaceMacros($tpl,[
'title' => $header,
'$contacts' => $entries,
'$paginate' => $pager->renderFull($j->total),