use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Logger;
+use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Network\Probe;
use Friendica\Object\Image;
use Friendica\Protocol\DFRN;
+use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map;
use Friendica\Util\Security;
use Friendica\Util\Temporal;
+use Friendica\Util\Strings;
+use Friendica\Util\XML;
require_once 'include/items.php';
$account_type = Contact::getAccountType($profile);
- $tpl = get_markup_template("vcard-widget.tpl");
+ $tpl = Renderer::getMarkupTemplate("vcard-widget.tpl");
- $vcard_widget = replace_macros($tpl, [
+ $vcard_widget = Renderer::replaceMacros($tpl, [
'$name' => $profile['name'],
'$photo' => $profile['photo'],
'$addr' => defaults($profile, 'addr', ''),
}
if ($ret['success']) {
- $photo_albums_widget = replace_macros(get_markup_template('photo_albums.tpl'), [
+ $photo_albums_widget = Renderer::replaceMacros(Renderer::getMarkupTemplate('photo_albums.tpl'), [
'$nick' => $a->data['user']['nickname'],
'$title' => L10n::t('Photo Albums'),
'$recent' => L10n::t('Recent Photos'),
$a->page['aside'] .= $photo_albums_widget;
}
- $tpl = get_markup_template("photos_head.tpl");
+ $tpl = Renderer::getMarkupTemplate("photos_head.tpl");
- $a->page['htmlhead'] .= replace_macros($tpl,[
+ $a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[
'$ispublic' => L10n::t('everybody')
]);
}
}
// RENAME photo album
- $newalbum = notags(trim($_POST['albumname']));
+ $newalbum = Strings::escapeTags(trim($_POST['albumname']));
if ($newalbum != $album) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
DBA::escape($newalbum),
['name' => 'albumname', 'value' => $_POST['albumname']],
];
- $a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), [
+ $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [
'$method' => 'post',
'$message' => L10n::t('Do you really want to delete this photo album and all its photos?'),
'$extra_inputs' => $extra_inputs,
if (DBA::isResult($r)) {
foreach ($r as $rr) {
- $res[] = "'" . DBA::escape($rr['rid']) . "'" ;
+ $res[] = "'" . DBA::escape($rr['rid']) . "'";
}
} else {
$a->internalRedirect($_SESSION['photo_return']);
if (!empty($_REQUEST['confirm'])) {
$drop_url = $a->query_string;
- $a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), [
+ $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [
'$method' => 'post',
'$message' => L10n::t('Do you really want to delete this photo?'),
'$extra_inputs' => [],
return; // NOTREACHED
}
- if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || !empty($_POST['albname']) !== false)) {
- $desc = !empty($_POST['desc']) ? notags(trim($_POST['desc'])) : '';
- $rawtags = !empty($_POST['newtag']) ? notags(trim($_POST['newtag'])) : '';
- $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
- $albname = !empty($_POST['albname']) ? notags(trim($_POST['albname'])) : '';
- $origaname = !empty($_POST['origaname']) ? notags(trim($_POST['origaname'])) : '';
+ if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) {
+ $desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : '';
+ $rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : '';
+ $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
+ $albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : '';
+ $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
$str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : '';
$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
}
$taginfo = [];
- $tags = get_tags($rawtags);
+ $tags = BBCode::getTags($rawtags);
if (count($tags)) {
foreach ($tags as $tag) {
}
$profile = str_replace(',', '%2c', $profile);
- $str_tags .= '@[url='.$profile.']'.$newname.'[/url]';
+ $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]';
}
} elseif (strpos($tag, '#') === 0) {
$tagname = substr($tag, 1);
$arr['tag'] = $tagged[4];
$arr['inform'] = $tagged[2];
$arr['origin'] = 1;
- $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]') ;
- $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ;
+ $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]');
+ $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n";
$arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>';
- $arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
+ $arr['object'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
if ($tagged[3]) {
- $arr['object'] .= xmlify('<link rel="photo" type="'.$p[0]['type'].'" href="' . $tagged[3]['photo'] . '" />' . "\n");
+ $arr['object'] .= XML::escape('<link rel="photo" type="'.$p[0]['type'].'" href="' . $tagged[3]['photo'] . '" />' . "\n");
}
$arr['object'] .= '</link></object>' . "\n";
$arr['target'] = '<target><type>' . ACTIVITY_OBJ_IMAGE . '</type><title>' . $p[0]['desc'] . '</title><id>'
. System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>';
- $arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
+ $arr['target'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
$item_id = Item::insert($arr);
}
Addon::callHooks('photo_post_init', $_POST);
// Determine the album to use
- $album = !empty($_REQUEST['album']) ? notags(trim($_REQUEST['album'])) : '';
- $newalbum = !empty($_REQUEST['newalbum']) ? notags(trim($_REQUEST['newalbum'])) : '';
+ $album = !empty($_REQUEST['album']) ? Strings::escapeTags(trim($_REQUEST['album'])) : '';
+ $newalbum = !empty($_REQUEST['newalbum']) ? Strings::escapeTags(trim($_REQUEST['newalbum'])) : '';
Logger::log('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum , Logger::DEBUG);
notice(L10n::t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL);
break;
case UPLOAD_ERR_FORM_SIZE:
- notice(L10n::t('Image exceeds size limit of %s', formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
+ notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
break;
case UPLOAD_ERR_PARTIAL:
notice(L10n::t('Image upload didn\'t complete, please try again') . EOL);
$maximagesize = Config::get('system', 'maximagesize');
if ($maximagesize && ($filesize > $maximagesize)) {
- notice(L10n::t('Image exceeds size limit of %s', formatBytes($maximagesize)) . EOL);
+ notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize)) . EOL);
@unlink($src);
$foo = 0;
Addon::callHooks('photo_post_end', $foo);
Addon::callHooks('photo_upload_form',$ret);
- $default_upload_box = replace_macros(get_markup_template('photos_default_uploader_box.tpl'), []);
- $default_upload_submit = replace_macros(get_markup_template('photos_default_uploader_submit.tpl'), [
+ $default_upload_box = Renderer::replaceMacros(Renderer::getMarkupTemplate('photos_default_uploader_box.tpl'), []);
+ $default_upload_submit = Renderer::replaceMacros(Renderer::getMarkupTemplate('photos_default_uploader_submit.tpl'), [
'$submit' => L10n::t('Submit'),
]);
$usage_message = '';
- $tpl = get_markup_template('photos_upload.tpl');
+ $tpl = Renderer::getMarkupTemplate('photos_upload.tpl');
$aclselect_e = ($visitor ? '' : ACL::getFullSelectorHTML($a->user));
- $o .= replace_macros($tpl,[
+ $o .= Renderer::replaceMacros($tpl,[
'$pagename' => L10n::t('Upload Photos'),
'$sessid' => session_id(),
'$usage' => $usage_message,
if ($cmd === 'edit') {
if (($album !== L10n::t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== L10n::t('Contact Photos'))) {
if ($can_post) {
- $edit_tpl = get_markup_template('album_edit.tpl');
+ $edit_tpl = Renderer::getMarkupTemplate('album_edit.tpl');
$album_e = $album;
- $o .= replace_macros($edit_tpl,[
+ $o .= Renderer::replaceMacros($edit_tpl,[
'$nametext' => L10n::t('New album name: '),
'$nickname' => $a->data['user']['nickname'],
'$album' => $album_e,
}
}
- $tpl = get_markup_template('photo_album.tpl');
- $o .= replace_macros($tpl, [
+ $tpl = Renderer::getMarkupTemplate('photo_album.tpl');
+ $o .= Renderer::replaceMacros($tpl, [
'$photos' => $photos,
'$album' => $album,
'$can_post' => $can_post,
}
if ($cmd === 'edit') {
- $tpl = get_markup_template('photo_edit_head.tpl');
- $a->page['htmlhead'] .= replace_macros($tpl,[
+ $tpl = Renderer::getMarkupTemplate('photo_edit_head.tpl');
+ $a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[
'$prevlink' => $prevlink,
'$nextlink' => $nextlink
]);
}
if ($prevlink) {
- $prevlink = [$prevlink, '<div class="icon prev"></div>'] ;
+ $prevlink = [$prevlink, '<div class="icon prev"></div>'];
}
$photo = [
$edit = Null;
if ($cmd === 'edit' && $can_post) {
- $edit_tpl = get_markup_template('photo_edit.tpl');
+ $edit_tpl = Renderer::getMarkupTemplate('photo_edit.tpl');
$album_e = $ph[0]['album'];
$caption_e = $ph[0]['desc'];
$aclselect_e = ACL::getFullSelectorHTML($a->user, false, $ph[0]);
- $edit = replace_macros($edit_tpl, [
+ $edit = Renderer::replaceMacros($edit_tpl, [
'$id' => $ph[0]['id'],
'$album' => ['albname', L10n::t('New album name'), $album_e,''],
'$caption' => ['desc', L10n::t('Caption'), $caption_e, ''],
$responses = '';
if (count($linked_items)) {
- $cmnt_tpl = get_markup_template('comment_item.tpl');
- $tpl = get_markup_template('photo_item.tpl');
+ $cmnt_tpl = Renderer::getMarkupTemplate('comment_item.tpl');
+ $tpl = Renderer::getMarkupTemplate('photo_item.tpl');
$return_path = $a->cmd;
if ($can_post || Security::canWriteToUserWall($owner_uid)) {
- $like_tpl = get_markup_template('like_noshare.tpl');
- $likebuttons = replace_macros($like_tpl, [
+ $like_tpl = Renderer::getMarkupTemplate('like_noshare.tpl');
+ $likebuttons = Renderer::replaceMacros($like_tpl, [
'$id' => $link_item['id'],
'$likethis' => L10n::t("I like this \x28toggle\x29"),
- '$nolike' => (Feature::isEnabled(local_user(), 'dislike') ? L10n::t("I don't like this \x28toggle\x29") : ''),
+ '$nolike' => L10n::t("I don't like this \x28toggle\x29"),
'$wait' => L10n::t('Please wait'),
'$return_path' => $a->query_string,
]);
if (!DBA::isResult($items)) {
if (($can_post || Security::canWriteToUserWall($owner_uid))) {
- $comments .= replace_macros($cmnt_tpl, [
+ $comments .= Renderer::replaceMacros($cmnt_tpl, [
'$return_path' => '',
'$jsreload' => $return_path,
'$id' => $link_item['id'],
'$preview' => L10n::t('Preview'),
'$sourceapp' => L10n::t($a->sourcename),
'$ww' => '',
- '$rand_num' => random_digits(12)
+ '$rand_num' => Crypto::randomDigits(12)
]);
}
}
}
if (($can_post || Security::canWriteToUserWall($owner_uid))) {
- $comments .= replace_macros($cmnt_tpl,[
+ $comments .= Renderer::replaceMacros($cmnt_tpl,[
'$return_path' => '',
'$jsreload' => $return_path,
'$id' => $link_item['id'],
'$preview' => L10n::t('Preview'),
'$sourceapp' => L10n::t($a->sourcename),
'$ww' => '',
- '$rand_num' => random_digits(12)
+ '$rand_num' => Crypto::randomDigits(12)
]);
}
$title_e = $item['title'];
$body_e = BBCode::convert($item['body']);
- $comments .= replace_macros($template,[
+ $comments .= Renderer::replaceMacros($template,[
'$id' => $item['id'],
'$profile_url' => $profile_url,
'$name' => $item['author-name'],
]);
if (($can_post || Security::canWriteToUserWall($owner_uid))) {
- $comments .= replace_macros($cmnt_tpl, [
+ $comments .= Renderer::replaceMacros($cmnt_tpl, [
'$return_path' => '',
'$jsreload' => $return_path,
'$id' => $item['item_id'],
'$preview' => L10n::t('Preview'),
'$sourceapp' => L10n::t($a->sourcename),
'$ww' => '',
- '$rand_num' => random_digits(12)
+ '$rand_num' => Crypto::randomDigits(12)
]);
}
}
}
$response_verbs = ['like'];
- if (Feature::isEnabled($owner_uid, 'dislike')) {
- $response_verbs[] = 'dislike';
- }
+ $response_verbs[] = 'dislike';
$responses = get_responses($conv_responses, $response_verbs, '', $link_item);
$paginate = $pager->renderFull($total);
}
- $photo_tpl = get_markup_template('photo_view.tpl');
- $o .= replace_macros($photo_tpl, [
+ $photo_tpl = Renderer::getMarkupTemplate('photo_view.tpl');
+ $o .= Renderer::replaceMacros($photo_tpl, [
'$id' => $ph[0]['id'],
'$album' => [$album_link, $ph[0]['album']],
'$tools' => $tools,
}
}
- $tpl = get_markup_template('photos_recent.tpl');
- $o .= replace_macros($tpl, [
+ $tpl = Renderer::getMarkupTemplate('photos_recent.tpl');
+ $o .= Renderer::replaceMacros($tpl, [
'$title' => L10n::t('Recent Photos'),
'$can_post' => $can_post,
'$upload' => [L10n::t('Upload New Photos'), 'photos/'.$a->data['user']['nickname'].'/upload'],