use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Protocol;
+use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Model\Contact;
use Friendica\Model\Profile;
use Friendica\Network\Probe;
use Friendica\Database\DBA;
-use Friendica\Util\Proxy as ProxyUtils;
+use Friendica\Util\Strings;
function follow_post(App $a)
{
if (!local_user()) {
- System::httpExit(403, ['title' => L10n::t('Access denied.')]);
+ throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.'));
}
if (isset($_REQUEST['cancel'])) {
- goaway('contacts');
+ $a->internalRedirect('contact');
}
$uid = local_user();
- $url = notags(trim($_REQUEST['url']));
- $return_url = 'contacts';
+ $url = Strings::escapeTags(trim($_REQUEST['url']));
+ $return_path = 'follow?url=' . urlencode($url);
// Makes the connection request for friendica contacts easier
// This is just a precaution if maybe this page is called somewhere directly via POST
if ($result['message']) {
notice($result['message']);
}
- goaway($return_url);
+ $a->internalRedirect($return_path);
} elseif ($result['cid']) {
- goaway('contact/' . $result['cid']);
+ $a->internalRedirect('contact/' . $result['cid']);
}
info(L10n::t('The contact could not be added.'));
- goaway($return_url);
+ $a->internalRedirect($return_path);
// NOTREACHED
}
function follow_content(App $a)
{
- $return_url = 'contacts';
+ $return_path = 'contact';
if (!local_user()) {
notice(L10n::t('Permission denied.'));
- goaway($return_url);
+ $a->internalRedirect($return_path);
// NOTREACHED
}
$uid = local_user();
- $url = notags(trim($_REQUEST['url']));
+
+ // Issue 4815: Silently removing a prefixing @
+ $url = ltrim(Strings::escapeTags(trim($_REQUEST['url'] ?? '')), '@!');
+
+ // Issue 6874: Allow remote following from Peertube
+ if (strpos($url, 'acct:') === 0) {
+ $url = str_replace('acct:', '', $url);
+ }
+
+ if (!$url) {
+ $a->internalRedirect($return_path);
+ }
$submit = L10n::t('Submit Request');
$r = q("SELECT `pending` FROM `contact` WHERE `uid` = %d AND ((`rel` != %d) OR (`network` = '%s')) AND
(`nurl` = '%s' OR `alias` = '%s' OR `alias` = '%s') AND
`network` != '%s' LIMIT 1",
- intval(local_user()), DBA::escape(Contact::FOLLOWER), DBA::escape(Protocol::DFRN), DBA::escape(normalise_link($url)),
- DBA::escape(normalise_link($url)), DBA::escape($url), DBA::escape(Protocol::STATUSNET));
+ intval(local_user()), DBA::escape(Contact::FOLLOWER), DBA::escape(Protocol::DFRN), DBA::escape(Strings::normaliseLink($url)),
+ DBA::escape(Strings::normaliseLink($url)), DBA::escape($url), DBA::escape(Protocol::STATUSNET));
if ($r) {
if ($r[0]['pending']) {
notice(L10n::t('You already added this contact.'));
$submit = '';
- //goaway($_SESSION['return_url']);
+ //$a->internalRedirect($_SESSION['return_path']);
// NOTREACHED
}
}
$ret = Probe::uri($url);
- if (($ret['network'] == Protocol::DIASPORA) && !Config::get('system', 'diaspora_enabled')) {
+ $protocol = Contact::getProtocol($ret['url'], $ret['network']);
+
+ if (($protocol == Protocol::DIASPORA) && !Config::get('system', 'diaspora_enabled')) {
notice(L10n::t("Diaspora support isn't enabled. Contact can't be added."));
$submit = '';
- //goaway($_SESSION['return_url']);
+ //$a->internalRedirect($_SESSION['return_path']);
// NOTREACHED
}
- if (($ret['network'] == Protocol::OSTATUS) && Config::get('system', 'ostatus_disabled')) {
+ if (($protocol == Protocol::OSTATUS) && Config::get('system', 'ostatus_disabled')) {
notice(L10n::t("OStatus support is disabled. Contact can't be added."));
$submit = '';
- //goaway($_SESSION['return_url']);
+ //$a->internalRedirect($_SESSION['return_path']);
// NOTREACHED
}
- if ($ret['network'] == Protocol::PHANTOM) {
+ if ($protocol == Protocol::PHANTOM) {
notice(L10n::t("The network type couldn't be detected. Contact can't be added."));
$submit = '';
- //goaway($_SESSION['return_url']);
+ //$a->internalRedirect($_SESSION['return_path']);
// NOTREACHED
}
- if ($ret['network'] == Protocol::MAIL) {
+ if ($protocol == Protocol::MAIL) {
$ret['url'] = $ret['addr'];
}
- if (($ret['network'] === Protocol::DFRN) && !DBA::isResult($r)) {
+ if (($protocol === Protocol::DFRN) && !DBA::isResult($r)) {
$request = $ret['request'];
- $tpl = get_markup_template('dfrn_request.tpl');
+ $tpl = Renderer::getMarkupTemplate('dfrn_request.tpl');
} else {
$request = System::baseUrl() . '/follow';
- $tpl = get_markup_template('auto_request.tpl');
+ $tpl = Renderer::getMarkupTemplate('auto_request.tpl');
}
$r = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND `self` LIMIT 1", intval($uid));
if (!$r) {
notice(L10n::t('Permission denied.'));
- goaway($return_url);
+ $a->internalRedirect($return_path);
// NOTREACHED
}
$_SESSION['fastlane'] = $ret['url'];
$r = q("SELECT `id`, `location`, `about`, `keywords` FROM `gcontact` WHERE `nurl` = '%s'",
- normalise_link($ret['url']));
+ Strings::normaliseLink($ret['url']));
if (!$r) {
$r = [['location' => '', 'about' => '', 'keywords' => '']];
$gcontact_id = $r[0]['id'];
}
- if ($ret['network'] === Protocol::DIASPORA) {
+ if ($protocol === Protocol::DIASPORA) {
$r[0]['location'] = '';
$r[0]['about'] = '';
}
- $header = L10n::t('Connect/Follow');
-
- $o = replace_macros($tpl, [
- '$header' => htmlentities($header),
- //'$photo' => ProxyUtils::proxifyUrl($ret['photo'], false, ProxyUtils::SIZE_SMALL),
+ $o = Renderer::replaceMacros($tpl, [
+ '$header' => L10n::t('Connect/Follow'),
'$desc' => '',
'$pls_answer' => L10n::t('Please answer the following:'),
'$does_know_you' => ['knowyou', L10n::t('Does %s know you?', $ret['name']), false, '', [L10n::t('No'), L10n::t('Yes')]],
'$url_label' => L10n::t('Profile URL'),
'$myaddr' => $myaddr,
'$request' => $request,
- /*
- * @TODO commented out?
- '$location' => Friendica\Content\Text\BBCode::::convert($r[0]['location']),
- '$location_label'=> L10n::t('Location:'),
- '$about' => Friendica\Content\Text\BBCode::::convert($r[0]['about'], false, false),
- '$about_label' => L10n::t('About:'),
- */
'$keywords' => $r[0]['keywords'],
'$keywords_label'=> L10n::t('Tags:')
]);
}
if ($gcontact_id <> 0) {
- $o .= replace_macros(get_markup_template('section_title.tpl'),
+ $o .= Renderer::replaceMacros(Renderer::getMarkupTemplate('section_title.tpl'),
['$title' => L10n::t('Status Messages and Posts')]
);
projects / friendica.git / blobdiff