use Friendica\Util\Map;
use Friendica\Util\Security;
use Friendica\Util\Temporal;
+use Friendica\Util\Strings;
use Friendica\Util\XML;
require_once 'include/items.php';
}
// RENAME photo album
- $newalbum = notags(trim($_POST['albumname']));
+ $newalbum = Strings::escapeTags(trim($_POST['albumname']));
if ($newalbum != $album) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
DBA::escape($newalbum),
if (DBA::isResult($r)) {
foreach ($r as $rr) {
- $res[] = "'" . DBA::escape($rr['rid']) . "'" ;
+ $res[] = "'" . DBA::escape($rr['rid']) . "'";
}
} else {
$a->internalRedirect($_SESSION['photo_return']);
return; // NOTREACHED
}
- if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || !empty($_POST['albname']) !== false)) {
- $desc = !empty($_POST['desc']) ? notags(trim($_POST['desc'])) : '';
- $rawtags = !empty($_POST['newtag']) ? notags(trim($_POST['newtag'])) : '';
- $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
- $albname = !empty($_POST['albname']) ? notags(trim($_POST['albname'])) : '';
- $origaname = !empty($_POST['origaname']) ? notags(trim($_POST['origaname'])) : '';
+ if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) {
+ $desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : '';
+ $rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : '';
+ $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
+ $albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : '';
+ $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
$str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : '';
$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
}
$taginfo = [];
- $tags = get_tags($rawtags);
+ $tags = BBCode::getTags($rawtags);
if (count($tags)) {
foreach ($tags as $tag) {
}
$profile = str_replace(',', '%2c', $profile);
- $str_tags .= '@[url='.$profile.']'.$newname.'[/url]';
+ $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]';
}
} elseif (strpos($tag, '#') === 0) {
$tagname = substr($tag, 1);
$arr['tag'] = $tagged[4];
$arr['inform'] = $tagged[2];
$arr['origin'] = 1;
- $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]') ;
- $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ;
+ $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]');
+ $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n";
$arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>';
$arr['object'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
Addon::callHooks('photo_post_init', $_POST);
// Determine the album to use
- $album = !empty($_REQUEST['album']) ? notags(trim($_REQUEST['album'])) : '';
- $newalbum = !empty($_REQUEST['newalbum']) ? notags(trim($_REQUEST['newalbum'])) : '';
+ $album = !empty($_REQUEST['album']) ? Strings::escapeTags(trim($_REQUEST['album'])) : '';
+ $newalbum = !empty($_REQUEST['newalbum']) ? Strings::escapeTags(trim($_REQUEST['newalbum'])) : '';
Logger::log('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum , Logger::DEBUG);
notice(L10n::t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL);
break;
case UPLOAD_ERR_FORM_SIZE:
- notice(L10n::t('Image exceeds size limit of %s', formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
+ notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
break;
case UPLOAD_ERR_PARTIAL:
notice(L10n::t('Image upload didn\'t complete, please try again') . EOL);
$maximagesize = Config::get('system', 'maximagesize');
if ($maximagesize && ($filesize > $maximagesize)) {
- notice(L10n::t('Image exceeds size limit of %s', formatBytes($maximagesize)) . EOL);
+ notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize)) . EOL);
@unlink($src);
$foo = 0;
Addon::callHooks('photo_post_end', $foo);
}
if ($prevlink) {
- $prevlink = [$prevlink, '<div class="icon prev"></div>'] ;
+ $prevlink = [$prevlink, '<div class="icon prev"></div>'];
}
$photo = [
$likebuttons = Renderer::replaceMacros($like_tpl, [
'$id' => $link_item['id'],
'$likethis' => L10n::t("I like this \x28toggle\x29"),
- '$nolike' => (Feature::isEnabled(local_user(), 'dislike') ? L10n::t("I don't like this \x28toggle\x29") : ''),
+ '$nolike' => L10n::t("I don't like this \x28toggle\x29"),
'$wait' => L10n::t('Please wait'),
'$return_path' => $a->query_string,
]);
}
}
$response_verbs = ['like'];
- if (Feature::isEnabled($owner_uid, 'dislike')) {
- $response_verbs[] = 'dislike';
- }
+ $response_verbs[] = 'dislike';
$responses = get_responses($conv_responses, $response_verbs, '', $link_item);
$paginate = $pager->renderFull($total);