Catch HTTPExceptions in App::runFrontend()

[friendica.git] / mod / events.php

diff --git a/mod/events.php b/mod/events.php
index f147e005459ab85f1b7c21710007c368a833254e..a54260c435ef95ca3f73413c1184ab80a0861835 100644 (file)
--- a/mod/events.php
+++ b/mod/events.php
@@ -22,8 +22,6 @@ use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Strings;
 use Friendica\Util\Temporal;
 
-require_once 'include/items.php';
-
 function events_init(App $a)
 {
        if (!local_user()) {
@@ -97,13 +95,23 @@ function events_post(App $a)
        // and we'll waste a bunch of time responding to it. Time that
        // could've been spent doing something else.
 
-       $summary  = Strings::escapeHtml(trim(defaults($_POST, 'summary', '')));
-       $desc     = Strings::escapeHtml(trim(defaults($_POST, 'desc', '')));
-       $location = Strings::escapeHtml(trim(defaults($_POST, 'location', '')));
+       $summary  = trim(defaults($_POST, 'summary' , ''));
+       $desc     = trim(defaults($_POST, 'desc'    , ''));
+       $location = trim(defaults($_POST, 'location', ''));
        $type     = 'event';
 
-       $action = ($event_id == '') ? 'new' : "event/" . $event_id;
-       $onerror_path = "events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish";
+       $params = [
+               'summary'     => $summary,
+               'description' => $desc,
+               'location'    => $location,
+               'start'       => $start_text,
+               'finish'      => $finish_text,
+               'adjust'      => $adjust,
+               'nofinish'    => $nofinish,
+       ];
+
+       $action = ($event_id == '') ? 'new' : 'event/' . $event_id;
+       $onerror_path = 'events/' . $action . '?' . http_build_query($params, null, null, PHP_QUERY_RFC3986);
 
        if (strcmp($finish, $start) < 0 && !$nofinish) {
                notice(L10n::t('Event can not end before it has started.') . EOL);
@@ -137,10 +145,10 @@ function events_post(App $a)
 
 
        if ($share) {
-               $str_group_allow   = !empty($_POST['group_allow'])   ? perms2str($_POST['group_allow'])   : '';
-               $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
-               $str_group_deny    = !empty($_POST['group_deny'])    ? perms2str($_POST['group_deny'])    : '';
-               $str_contact_deny  = !empty($_POST['contact_deny'])  ? perms2str($_POST['contact_deny'])  : '';
+               $str_group_allow   = perms2str(defaults($_POST, 'group_allow'  , ''));
+               $str_contact_allow = perms2str(defaults($_POST, 'contact_allow', ''));
+               $str_group_deny    = perms2str(defaults($_POST, 'group_deny'   , ''));
+               $str_contact_deny  = perms2str(defaults($_POST, 'contact_deny' , ''));
 
                // Undo the pseudo-contact of self, since there are real contacts now
                if (strpos($str_contact_allow, '<' . $self . '>') !== false) {
@@ -181,7 +189,7 @@ function events_post(App $a)
        if (intval($_REQUEST['preview'])) {
                $html = Event::getHTML($datarray);
                echo $html;
-               killme();
+               exit();
        }
 
        $item_id = Event::store($datarray);
@@ -364,8 +372,9 @@ function events_content(App $a)
                }
 
                if ($a->argc > 1 && $a->argv[1] === 'json') {
+                       header('Content-Type: application/json');
                        echo json_encode($events);
-                       killme();
+                       exit();
                }
 
                if (!empty($_GET['id'])) {