use Friendica\Protocol\Activity;
use Friendica\Protocol\Diaspora;
use Friendica\Util\DateTimeFormat;
-use Friendica\Util\Security;
+use Friendica\Security\Security;
use Friendica\Util\Strings;
use Friendica\Worker\Delivery;
// When commenting on a public post then store the post for the current user
// This enables interaction like starring and saving into folders
if ($toplevel_item['uid'] == 0) {
- $stored = Item::storeForUser($toplevel_item, local_user());
+ $stored = Item::storeForUserByUriId($toplevel_item['uri-id'], local_user());
Logger::info('Public item stored for user', ['uri-id' => $toplevel_item['uri-id'], 'uid' => $uid, 'stored' => $stored]);
if ($stored) {
$toplevel_item = Item::selectFirst([], ['id' => $stored]);
$objecttype = $orig_post['object-type'];
$app = $orig_post['app'];
$categories = $orig_post['file'] ?? '';
- $title = Strings::escapeTags(trim($_REQUEST['title']));
+ $title = trim($_REQUEST['title'] ?? '');
$body = trim($body);
$private = $orig_post['private'];
$pubmail_enabled = $orig_post['pubmail'];
$str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? '';
}
- $title = Strings::escapeTags(trim($_REQUEST['title'] ?? ''));
- $location = Strings::escapeTags(trim($_REQUEST['location'] ?? ''));
- $coord = Strings::escapeTags(trim($_REQUEST['coord'] ?? ''));
- $verb = Strings::escapeTags(trim($_REQUEST['verb'] ?? ''));
- $emailcc = Strings::escapeTags(trim($_REQUEST['emailcc'] ?? ''));
+ $title = trim($_REQUEST['title'] ?? '');
+ $location = trim($_REQUEST['location'] ?? '');
+ $coord = trim($_REQUEST['coord'] ?? '');
+ $verb = trim($_REQUEST['verb'] ?? '');
+ $emailcc = trim($_REQUEST['emailcc'] ?? '');
$body = trim($body);
- $network = Strings::escapeTags(trim(($_REQUEST['network'] ?? '') ?: Protocol::DFRN));
+ $network = trim(($_REQUEST['network'] ?? '') ?: Protocol::DFRN);
$guid = System::createUUID();
$postopts = $_REQUEST['postopts'] ?? '';
$item = Item::selectFirstForUser(local_user(), $fields, ['id' => $id]);
if (!DBA::isResult($item)) {
- notice(DI::l10n()->t('Item not found.') . EOL);
+ notice(DI::l10n()->t('Item not found.'));
DI::baseUrl()->redirect('network');
}
}
if ((local_user() == $item['uid']) || $contact_id) {
- // Check if we should do HTML-based delete confirmation
- if (!empty($_REQUEST['confirm'])) {
- // <form> can't take arguments in its "action" parameter
- // so add any arguments as hidden inputs
- $query = explode_querystring(DI::args()->getQueryString());
- $inputs = [];
-
- foreach ($query['args'] as $arg) {
- if (strpos($arg, 'confirm=') === false) {
- $arg_parts = explode('=', $arg);
- $inputs[] = ['name' => $arg_parts[0], 'value' => $arg_parts[1]];
- }
- }
-
- return Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [
- '$method' => 'get',
- '$message' => DI::l10n()->t('Do you really want to delete this item?'),
- '$extra_inputs' => $inputs,
- '$confirm' => DI::l10n()->t('Yes'),
- '$confirm_url' => $query['base'],
- '$confirm_name' => 'confirmed',
- '$cancel' => DI::l10n()->t('Cancel'),
- ]);
- }
- // Now check how the user responded to the confirmation query
- if (!empty($_REQUEST['canceled'])) {
- DI::baseUrl()->redirect('display/' . $item['guid']);
- }
-
- $is_comment = $item['gravity'] == GRAVITY_COMMENT;
- $parentitem = null;
if (!empty($item['parent'])) {
- $fields = ['guid'];
- $parentitem = Item::selectFirstForUser(local_user(), $fields, ['id' => $item['parent']]);
+ $parentitem = Item::selectFirstForUser(local_user(), ['guid'], ['id' => $item['parent']]);
}
// delete the item
$return_url = str_replace("update_", "", $return_url);
// Check if delete a comment
- if ($is_comment) {
+ if ($item['gravity'] == GRAVITY_COMMENT) {
// Return to parent guid
if (!empty($parentitem)) {
DI::baseUrl()->redirect('display/' . $parentitem['guid']);