]> git.mxchange.org Git - friendica.git/blobdiff - mod/photos.php
projects / friendica.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #6474 from tobiasd/2019.01-CHANGELOG
[friendica.git] / mod / photos.php
diff --git a/mod/photos.php b/mod/photos.php
index 8ddb0010d13ca79db6cd041951d9e1f06eceabc0..05943352ba327b3aa2a3bfb04cd552807ae8e275 100644 (file)
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -13,6 +13,7 @@ use Friendica\Core\Addon;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
 use Friendica\Core\Logger;
+use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
@@ -25,12 +26,13 @@ use Friendica\Model\User;
 use Friendica\Network\Probe;
 use Friendica\Object\Image;
 use Friendica\Protocol\DFRN;
+use Friendica\Util\Crypto;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Map;
 use Friendica\Util\Security;
 use Friendica\Util\Temporal;
-
-require_once 'include/items.php';
+use Friendica\Util\Strings;
+use Friendica\Util\XML;
 
 function photos_init(App $a) {
 
@@ -62,9 +64,9 @@ function photos_init(App $a) {
 
                $account_type = Contact::getAccountType($profile);
 
-               $tpl = get_markup_template("vcard-widget.tpl");
+               $tpl = Renderer::getMarkupTemplate("vcard-widget.tpl");
 
-               $vcard_widget = replace_macros($tpl, [
+               $vcard_widget = Renderer::replaceMacros($tpl, [
                        '$name' => $profile['name'],
                        '$photo' => $profile['photo'],
                        '$addr' => defaults($profile, 'addr', ''),
@@ -109,7 +111,7 @@ function photos_init(App $a) {
                }
 
                if ($ret['success']) {
-                       $photo_albums_widget = replace_macros(get_markup_template('photo_albums.tpl'), [
+                       $photo_albums_widget = Renderer::replaceMacros(Renderer::getMarkupTemplate('photo_albums.tpl'), [
                                '$nick'     => $a->data['user']['nickname'],
                                '$title'    => L10n::t('Photo Albums'),
                                '$recent'   => L10n::t('Recent Photos'),
@@ -130,9 +132,9 @@ function photos_init(App $a) {
                        $a->page['aside'] .= $photo_albums_widget;
                }
 
-               $tpl = get_markup_template("photos_head.tpl");
+               $tpl = Renderer::getMarkupTemplate("photos_head.tpl");
 
-               $a->page['htmlhead'] .= replace_macros($tpl,[
+               $a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[
                        '$ispublic' => L10n::t('everybody')
                ]);
        }
@@ -219,7 +221,7 @@ function photos_post(App $a)
                }
 
                // RENAME photo album
-               $newalbum = notags(trim($_POST['albumname']));
+               $newalbum = Strings::escapeTags(trim($_POST['albumname']));
                if ($newalbum != $album) {
                        q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
                                DBA::escape($newalbum),
@@ -246,7 +248,7 @@ function photos_post(App $a)
                                        ['name' => 'albumname', 'value' => $_POST['albumname']],
                                ];
 
-                               $a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), [
+                               $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [
                                        '$method' => 'post',
                                        '$message' => L10n::t('Do you really want to delete this photo album and all its photos?'),
                                        '$extra_inputs' => $extra_inputs,
@@ -279,7 +281,7 @@ function photos_post(App $a)
 
                        if (DBA::isResult($r)) {
                                foreach ($r as $rr) {
-                                       $res[] = "'" . DBA::escape($rr['rid']) . "'" ;
+                                       $res[] = "'" . DBA::escape($rr['rid']) . "'";
                                }
                        } else {
                                $a->internalRedirect($_SESSION['photo_return']);
@@ -318,7 +320,7 @@ function photos_post(App $a)
                if (!empty($_REQUEST['confirm'])) {
                        $drop_url = $a->query_string;
 
-                       $a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), [
+                       $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [
                                '$method' => 'post',
                                '$message' => L10n::t('Do you really want to delete this photo?'),
                                '$extra_inputs' => [],
@@ -361,12 +363,12 @@ function photos_post(App $a)
                return; // NOTREACHED
        }
 
-       if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || !empty($_POST['albname']) !== false)) {
-               $desc        = !empty($_POST['desc'])      ? notags(trim($_POST['desc']))      : '';
-               $rawtags     = !empty($_POST['newtag'])    ? notags(trim($_POST['newtag']))    : '';
-               $item_id     = !empty($_POST['item_id'])   ? intval($_POST['item_id'])         : 0;
-               $albname     = !empty($_POST['albname'])   ? notags(trim($_POST['albname']))   : '';
-               $origaname   = !empty($_POST['origaname']) ? notags(trim($_POST['origaname'])) : '';
+       if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) {
+               $desc        = !empty($_POST['desc'])      ? Strings::escapeTags(trim($_POST['desc']))      : '';
+               $rawtags     = !empty($_POST['newtag'])    ? Strings::escapeTags(trim($_POST['newtag']))    : '';
+               $item_id     = !empty($_POST['item_id'])   ? intval($_POST['item_id'])                      : 0;
+               $albname     = !empty($_POST['albname'])   ? Strings::escapeTags(trim($_POST['albname']))   : '';
+               $origaname   = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
 
                $str_group_allow   = !empty($_POST['group_allow'])   ? perms2str($_POST['group_allow'])   : '';
                $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
@@ -521,7 +523,7 @@ function photos_post(App $a)
                        }
 
                        $taginfo = [];
-                       $tags = get_tags($rawtags);
+                       $tags = BBCode::getTags($rawtags);
 
                        if (count($tags)) {
                                foreach ($tags as $tag) {
@@ -609,7 +611,7 @@ function photos_post(App $a)
                                                        }
 
                                                        $profile = str_replace(',', '%2c', $profile);
-                                                       $str_tags .= '@[url='.$profile.']'.$newname.'[/url]';
+                                                       $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]';
                                                }
                                        } elseif (strpos($tag, '#') === 0) {
                                                $tagname = substr($tag, 1);
@@ -677,19 +679,19 @@ function photos_post(App $a)
                                        $arr['tag']           = $tagged[4];
                                        $arr['inform']        = $tagged[2];
                                        $arr['origin']        = 1;
-                                       $arr['body']          = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]') ;
-                                       $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ;
+                                       $arr['body']          = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]');
+                                       $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n";
 
                                        $arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>';
-                                       $arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
+                                       $arr['object'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
                                        if ($tagged[3]) {
-                                               $arr['object'] .= xmlify('<link rel="photo" type="'.$p[0]['type'].'" href="' . $tagged[3]['photo'] . '" />' . "\n");
+                                               $arr['object'] .= XML::escape('<link rel="photo" type="'.$p[0]['type'].'" href="' . $tagged[3]['photo'] . '" />' . "\n");
                                        }
                                        $arr['object'] .= '</link></object>' . "\n";
 
                                        $arr['target'] = '<target><type>' . ACTIVITY_OBJ_IMAGE . '</type><title>' . $p[0]['desc'] . '</title><id>'
                                                . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>';
-                                       $arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
+                                       $arr['target'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
 
                                        $item_id = Item::insert($arr);
                                }
@@ -704,8 +706,8 @@ function photos_post(App $a)
        Addon::callHooks('photo_post_init', $_POST);
 
        // Determine the album to use
-       $album    = !empty($_REQUEST['album'])    ? notags(trim($_REQUEST['album']))    : '';
-       $newalbum = !empty($_REQUEST['newalbum']) ? notags(trim($_REQUEST['newalbum'])) : '';
+       $album    = !empty($_REQUEST['album'])    ? Strings::escapeTags(trim($_REQUEST['album']))    : '';
+       $newalbum = !empty($_REQUEST['newalbum']) ? Strings::escapeTags(trim($_REQUEST['newalbum'])) : '';
 
        Logger::log('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum , Logger::DEBUG);
 
@@ -776,7 +778,7 @@ function photos_post(App $a)
                                notice(L10n::t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL);
                                break;
                        case UPLOAD_ERR_FORM_SIZE:
-                               notice(L10n::t('Image exceeds size limit of %s', formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
+                               notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
                                break;
                        case UPLOAD_ERR_PARTIAL:
                                notice(L10n::t('Image upload didn\'t complete, please try again') . EOL);
@@ -805,7 +807,7 @@ function photos_post(App $a)
        $maximagesize = Config::get('system', 'maximagesize');
 
        if ($maximagesize && ($filesize > $maximagesize)) {
-               notice(L10n::t('Image exceeds size limit of %s', formatBytes($maximagesize)) . EOL);
+               notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize)) . EOL);
                @unlink($src);
                $foo = 0;
                Addon::callHooks('photo_post_end', $foo);
@@ -942,8 +944,6 @@ function photos_content(App $a)
                return;
        }
 
-       require_once 'include/conversation.php';
-
        if (empty($a->data['user'])) {
                notice(L10n::t('No photos selected') . EOL);
                return;
@@ -1084,18 +1084,18 @@ function photos_content(App $a)
 
                Addon::callHooks('photo_upload_form',$ret);
 
-               $default_upload_box = replace_macros(get_markup_template('photos_default_uploader_box.tpl'), []);
-               $default_upload_submit = replace_macros(get_markup_template('photos_default_uploader_submit.tpl'), [
+               $default_upload_box = Renderer::replaceMacros(Renderer::getMarkupTemplate('photos_default_uploader_box.tpl'), []);
+               $default_upload_submit = Renderer::replaceMacros(Renderer::getMarkupTemplate('photos_default_uploader_submit.tpl'), [
                        '$submit' => L10n::t('Submit'),
                ]);
 
                $usage_message = '';
 
-               $tpl = get_markup_template('photos_upload.tpl');
+               $tpl = Renderer::getMarkupTemplate('photos_upload.tpl');
 
                $aclselect_e = ($visitor ? '' : ACL::getFullSelectorHTML($a->user));
 
-               $o .= replace_macros($tpl,[
+               $o .= Renderer::replaceMacros($tpl,[
                        '$pagename' => L10n::t('Upload Photos'),
                        '$sessid' => session_id(),
                        '$usage' => $usage_message,
@@ -1165,11 +1165,11 @@ function photos_content(App $a)
                if ($cmd === 'edit') {
                        if (($album !== L10n::t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== L10n::t('Contact Photos'))) {
                                if ($can_post) {
-                                       $edit_tpl = get_markup_template('album_edit.tpl');
+                                       $edit_tpl = Renderer::getMarkupTemplate('album_edit.tpl');
 
                                        $album_e = $album;
 
-                                       $o .= replace_macros($edit_tpl,[
+                                       $o .= Renderer::replaceMacros($edit_tpl,[
                                                '$nametext' => L10n::t('New album name: '),
                                                '$nickname' => $a->data['user']['nickname'],
                                                '$album' => $album_e,
@@ -1219,8 +1219,8 @@ function photos_content(App $a)
                        }
                }
 
-               $tpl = get_markup_template('photo_album.tpl');
-               $o .= replace_macros($tpl, [
+               $tpl = Renderer::getMarkupTemplate('photo_album.tpl');
+               $o .= Renderer::replaceMacros($tpl, [
                        '$photos' => $photos,
                        '$album' => $album,
                        '$can_post' => $can_post,
@@ -1341,15 +1341,15 @@ function photos_content(App $a)
                }
 
                if ($cmd === 'edit') {
-                       $tpl = get_markup_template('photo_edit_head.tpl');
-                       $a->page['htmlhead'] .= replace_macros($tpl,[
+                       $tpl = Renderer::getMarkupTemplate('photo_edit_head.tpl');
+                       $a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[
                                '$prevlink' => $prevlink,
                                '$nextlink' => $nextlink
                        ]);
                }
 
                if ($prevlink) {
-                       $prevlink = [$prevlink, '<div class="icon prev"></div>'] ;
+                       $prevlink = [$prevlink, '<div class="icon prev"></div>'];
                }
 
                $photo = [
@@ -1428,13 +1428,13 @@ function photos_content(App $a)
 
                $edit = Null;
                if ($cmd === 'edit' && $can_post) {
-                       $edit_tpl = get_markup_template('photo_edit.tpl');
+                       $edit_tpl = Renderer::getMarkupTemplate('photo_edit.tpl');
 
                        $album_e = $ph[0]['album'];
                        $caption_e = $ph[0]['desc'];
                        $aclselect_e = ACL::getFullSelectorHTML($a->user, false, $ph[0]);
 
-                       $edit = replace_macros($edit_tpl, [
+                       $edit = Renderer::replaceMacros($edit_tpl, [
                                '$id' => $ph[0]['id'],
                                '$album' => ['albname', L10n::t('New album name'), $album_e,''],
                                '$caption' => ['desc', L10n::t('Caption'), $caption_e, ''],
@@ -1467,16 +1467,16 @@ function photos_content(App $a)
                $responses = '';
 
                if (count($linked_items)) {
-                       $cmnt_tpl = get_markup_template('comment_item.tpl');
-                       $tpl = get_markup_template('photo_item.tpl');
+                       $cmnt_tpl = Renderer::getMarkupTemplate('comment_item.tpl');
+                       $tpl = Renderer::getMarkupTemplate('photo_item.tpl');
                        $return_path = $a->cmd;
 
                        if ($can_post || Security::canWriteToUserWall($owner_uid)) {
-                               $like_tpl = get_markup_template('like_noshare.tpl');
-                               $likebuttons = replace_macros($like_tpl, [
+                               $like_tpl = Renderer::getMarkupTemplate('like_noshare.tpl');
+                               $likebuttons = Renderer::replaceMacros($like_tpl, [
                                        '$id' => $link_item['id'],
                                        '$likethis' => L10n::t("I like this \x28toggle\x29"),
-                                       '$nolike' => (Feature::isEnabled(local_user(), 'dislike') ? L10n::t("I don't like this \x28toggle\x29") : ''),
+                                       '$nolike' => L10n::t("I don't like this \x28toggle\x29"),
                                        '$wait' => L10n::t('Please wait'),
                                        '$return_path' => $a->query_string,
                                ]);
@@ -1484,7 +1484,7 @@ function photos_content(App $a)
 
                        if (!DBA::isResult($items)) {
                                if (($can_post || Security::canWriteToUserWall($owner_uid))) {
-                                       $comments .= replace_macros($cmnt_tpl, [
+                                       $comments .= Renderer::replaceMacros($cmnt_tpl, [
                                                '$return_path' => '',
                                                '$jsreload' => $return_path,
                                                '$id' => $link_item['id'],
@@ -1498,7 +1498,7 @@ function photos_content(App $a)
                                                '$preview' => L10n::t('Preview'),
                                                '$sourceapp' => L10n::t($a->sourcename),
                                                '$ww' => '',
-                                               '$rand_num' => random_digits(12)
+                                               '$rand_num' => Crypto::randomDigits(12)
                                        ]);
                                }
                        }
@@ -1523,7 +1523,7 @@ function photos_content(App $a)
                                }
 
                                if (($can_post || Security::canWriteToUserWall($owner_uid))) {
-                                       $comments .= replace_macros($cmnt_tpl,[
+                                       $comments .= Renderer::replaceMacros($cmnt_tpl,[
                                                '$return_path' => '',
                                                '$jsreload' => $return_path,
                                                '$id' => $link_item['id'],
@@ -1537,7 +1537,7 @@ function photos_content(App $a)
                                                '$preview' => L10n::t('Preview'),
                                                '$sourceapp' => L10n::t($a->sourcename),
                                                '$ww' => '',
-                                               '$rand_num' => random_digits(12)
+                                               '$rand_num' => Crypto::randomDigits(12)
                                        ]);
                                }
 
@@ -1568,7 +1568,7 @@ function photos_content(App $a)
                                        $title_e = $item['title'];
                                        $body_e = BBCode::convert($item['body']);
 
-                                       $comments .= replace_macros($template,[
+                                       $comments .= Renderer::replaceMacros($template,[
                                                '$id' => $item['id'],
                                                '$profile_url' => $profile_url,
                                                '$name' => $item['author-name'],
@@ -1583,7 +1583,7 @@ function photos_content(App $a)
                                        ]);
 
                                        if (($can_post || Security::canWriteToUserWall($owner_uid))) {
-                                               $comments .= replace_macros($cmnt_tpl, [
+                                               $comments .= Renderer::replaceMacros($cmnt_tpl, [
                                                        '$return_path' => '',
                                                        '$jsreload' => $return_path,
                                                        '$id' => $item['item_id'],
@@ -1597,22 +1597,20 @@ function photos_content(App $a)
                                                        '$preview' => L10n::t('Preview'),
                                                        '$sourceapp' => L10n::t($a->sourcename),
                                                        '$ww' => '',
-                                                       '$rand_num' => random_digits(12)
+                                                       '$rand_num' => Crypto::randomDigits(12)
                                                ]);
                                        }
                                }
                        }
                        $response_verbs = ['like'];
-                       if (Feature::isEnabled($owner_uid, 'dislike')) {
-                               $response_verbs[] = 'dislike';
-                       }
+                       $response_verbs[] = 'dislike';
                        $responses = get_responses($conv_responses, $response_verbs, '', $link_item);
 
                        $paginate = $pager->renderFull($total);
                }
 
-               $photo_tpl = get_markup_template('photo_view.tpl');
-               $o .= replace_macros($photo_tpl, [
+               $photo_tpl = Renderer::getMarkupTemplate('photo_view.tpl');
+               $o .= Renderer::replaceMacros($photo_tpl, [
                        '$id' => $ph[0]['id'],
                        '$album' => [$album_link, $ph[0]['album']],
                        '$tools' => $tools,
@@ -1703,8 +1701,8 @@ function photos_content(App $a)
                }
        }
 
-       $tpl = get_markup_template('photos_recent.tpl');
-       $o .= replace_macros($tpl, [
+       $tpl = Renderer::getMarkupTemplate('photos_recent.tpl');
+       $o .= Renderer::replaceMacros($tpl, [
                '$title' => L10n::t('Recent Photos'),
                '$can_post' => $can_post,
                '$upload' => [L10n::t('Upload New Photos'), 'photos/'.$a->data['user']['nickname'].'/upload'],
Unnamed repository; edit this file 'description' to name the repository.