*/
use Friendica\App;
+use Friendica\BaseObject;
use Friendica\Content\Feature;
use Friendica\Content\Nav;
use Friendica\Content\Pager;
use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\Renderer;
+use Friendica\Core\Session;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
-use Friendica\Model\Group;
use Friendica\Model\Item;
use Friendica\Model\Photo;
use Friendica\Model\Profile;
use Friendica\Model\User;
use Friendica\Network\Probe;
use Friendica\Object\Image;
-use Friendica\Protocol\DFRN;
+use Friendica\Util\ACLFormatter;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map;
function photos_init(App $a) {
- if ($a->argc > 1) {
- DFRN::autoRedir($a, $a->argv[1]);
- }
-
- if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
return;
}
$vcard_widget = Renderer::replaceMacros($tpl, [
'$name' => $profile['name'],
'$photo' => $profile['photo'],
- '$addr' => defaults($profile, 'addr', ''),
+ '$addr' => $profile['addr'] ?? '',
'$account_type' => $account_type,
- '$pdesc' => defaults($profile, 'pdesc', ''),
+ '$pdesc' => $profile['pdesc'] ?? '',
]);
$albums = Photo::getAlbums($a->data['user']['uid']);
- $albums_visible = ((intval($a->data['user']['hidewall']) && !local_user() && !remote_user()) ? false : true);
+ $albums_visible = ((intval($a->data['user']['hidewall']) && !Session::isAuthenticated()) ? false : true);
// add various encodings to the array so we can just loop through and pick them out in a template
$ret = ['success' => false];
$ret['albums'] = [];
foreach ($albums as $k => $album) {
//hide profile photos to others
- if (!$is_owner && !remote_user() && ($album['album'] == L10n::t('Profile Photos')))
+ if (!$is_owner && !Session::getRemoteContactID($a->profile_uid) && ($album['album'] == L10n::t('Profile Photos')))
continue;
$entry = [
'text' => $album['album'],
$can_post = false;
$visitor = 0;
- $page_owner_uid = $a->data['user']['uid'];
+ $page_owner_uid = intval($a->data['user']['uid']);
$community_page = $a->data['user']['page-flags'] == User::PAGE_FLAGS_COMMUNITY;
if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true;
- } elseif ($community_page && remote_user()) {
- $contact_id = 0;
-
- if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $v) {
- if ($v['uid'] == $page_owner_uid) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
-
- if ($contact_id > 0) {
- if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
- $can_post = true;
- $visitor = $contact_id;
- }
- }
+ } elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
+ $contact_id = Session::getRemoteContactID($page_owner_uid);
+ $can_post = true;
+ $visitor = $contact_id;
}
if (!$can_post) {
}
if ($a->argc > 3 && $a->argv[2] === 'album') {
+ if (!Strings::isHex($a->argv[3])) {
+ $a->internalRedirect('photos/' . $a->data['user']['nickname'] . '/album');
+ }
$album = hex2bin($a->argv[3]);
if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) {
$albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : '';
$origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
- $str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : '';
- $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
- $str_group_deny = !empty($_POST['group_deny']) ? perms2str($_POST['group_deny']) : '';
- $str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : '';
+ /** @var ACLFormatter $aclFormatter */
+ $aclFormatter = BaseObject::getClass(ACLFormatter::class);
+
+ $str_group_allow = !empty($_POST['group_allow']) ? $aclFormatter->toString($_POST['group_allow']) : '';
+ $str_contact_allow = !empty($_POST['contact_allow']) ? $aclFormatter->toString($_POST['contact_allow']) : '';
+ $str_group_deny = !empty($_POST['group_deny']) ? $aclFormatter->toString($_POST['group_deny']) : '';
+ $str_contact_deny = !empty($_POST['contact_deny']) ? $aclFormatter->toString($_POST['contact_deny']) : '';
$resource_id = $a->argv[3];
* they acquire comments, likes, dislikes, and/or tags
*/
- $r = Photo::select([], ['`album` = ? AND `uid` = ? AND `created` > UTC_TIMESTAMP() - INTERVAL 3 HOUR', $album, $page_owner_uid]);
+ $r = Photo::selectToArray([], ['`album` = ? AND `uid` = ? AND `created` > UTC_TIMESTAMP() - INTERVAL 3 HOUR', $album, $page_owner_uid]);
if (!DBA::isResult($r) || ($album == L10n::t('Profile Photos'))) {
$visible = 1;
$visible = 0;
}
- $group_allow = defaults($_REQUEST, 'group_allow' , []);
- $contact_allow = defaults($_REQUEST, 'contact_allow', []);
- $group_deny = defaults($_REQUEST, 'group_deny' , []);
- $contact_deny = defaults($_REQUEST, 'contact_deny' , []);
+ $group_allow = $_REQUEST['group_allow'] ?? [];
+ $contact_allow = $_REQUEST['contact_allow'] ?? [];
+ $group_deny = $_REQUEST['group_deny'] ?? [];
+ $contact_deny = $_REQUEST['contact_deny'] ?? [];
+
+ /** @var ACLFormatter $aclFormatter */
+ $aclFormatter = BaseObject::getClass(ACLFormatter::class);
- $str_group_allow = perms2str(is_array($group_allow) ? $group_allow : explode(',', $group_allow));
- $str_contact_allow = perms2str(is_array($contact_allow) ? $contact_allow : explode(',', $contact_allow));
- $str_group_deny = perms2str(is_array($group_deny) ? $group_deny : explode(',', $group_deny));
- $str_contact_deny = perms2str(is_array($contact_deny) ? $contact_deny : explode(',', $contact_deny));
+ $str_group_allow = $aclFormatter->toString(is_array($group_allow) ? $group_allow : explode(',', $group_allow));
+ $str_contact_allow = $aclFormatter->toString(is_array($contact_allow) ? $contact_allow : explode(',', $contact_allow));
+ $str_group_deny = $aclFormatter->toString(is_array($group_deny) ? $group_deny : explode(',', $group_deny));
+ $str_contact_deny = $aclFormatter->toString(is_array($contact_deny) ? $contact_deny : explode(',', $contact_deny));
$ret = ['src' => '', 'filename' => '', 'filesize' => 0, 'type' => ''];
notice(L10n::t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL);
break;
case UPLOAD_ERR_FORM_SIZE:
- notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
+ notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes($_REQUEST['MAX_FILE_SIZE'] ?? 0)) . EOL);
break;
case UPLOAD_ERR_PARTIAL:
notice(L10n::t('Image upload didn\'t complete, please try again') . EOL);
// photos/name/image/xxxxx/edit
// photos/name/image/xxxxx/drop
- if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
notice(L10n::t('Public access denied.') . EOL);
return;
}
if (local_user() && (local_user() == $owner_uid)) {
$can_post = true;
- } else {
- if ($community_page && remote_user()) {
- if (is_array($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $v) {
- if ($v['uid'] == $owner_uid) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
-
- if ($contact_id) {
- $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
+ } elseif ($community_page && !empty(Session::getRemoteContactID($owner_uid))) {
+ $contact_id = Session::getRemoteContactID($owner_uid);
+ $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
- if (DBA::isResult($contact)) {
- $can_post = true;
- $remote_contact = true;
- $visitor = $contact_id;
- }
- }
+ if (DBA::isResult($contact)) {
+ $can_post = true;
+ $remote_contact = true;
+ $visitor = $contact_id;
}
}
- $groups = [];
-
// perhaps they're visiting - but not a community page, so they wouldn't have write access
- if (remote_user() && !$visitor) {
- $contact_id = 0;
- if (is_array($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $v) {
- if ($v['uid'] == $owner_uid) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
+ if (!empty(Session::getRemoteContactID($owner_uid)) && !$visitor) {
+ $contact_id = Session::getRemoteContactID($owner_uid);
- if ($contact_id) {
- $groups = Group::getIdsByContactId($contact_id);
+ $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
- $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
-
- $remote_contact = DBA::isResult($contact);
- }
+ $remote_contact = DBA::isResult($contact);
}
if (!$remote_contact && local_user()) {
return;
}
- $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
+ $sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
$o = "";
return;
}
- $selname = $datum ? hex2bin($datum) : '';
+ $selname = Strings::isHex($datum) ? hex2bin($datum) : '';
$albumselect = '';
// Display a single photo album
if ($datatype === 'album') {
+ // if $datum is not a valid hex, redirect to the default page
+ if (!Strings::isHex($datum)) {
+ $a->internalRedirect('photos/' . $a->data['user']['nickname']. '/album');
+ }
$album = hex2bin($datum);
$total = 0;
$pager = new Pager($a->query_string, 20);
/// @TODO I have seen this many times, maybe generalize it script-wide and encapsulate it?
- $order_field = defaults($_GET, 'order', '');
+ $order_field = $_GET['order'] ?? '';
if ($order_field === 'posted') {
$order = 'ASC';
} else {
* By now we hide it if someone wants to.
*/
if ($cmd === 'view' && !Config::get('system', 'no_count', false)) {
- $order_field = defaults($_GET, 'order', '');
+ $order_field = $_GET['order'] ?? '';
if ($order_field === 'posted') {
$order = 'ASC';
'filename' => $hires['filename'],
];
+ $map = null;
+ $link_item = [];
+ $total = 0;
+
// Do we have an item for this photo?
// FIXME! - replace following code to display the conversation with our normal
$linked_items = q("SELECT `id` FROM `item` WHERE `resource-id` = '%s' $sql_extra LIMIT 1",
DBA::escape($datum)
);
-
- $map = null;
- $link_item = [];
- $total = 0;
-
if (DBA::isResult($linked_items)) {
// This is a workaround to not being forced to rewrite the while $sql_extra handling
$link_item = Item::selectFirst([], ['id' => $linked_items[0]['id']]);
+ }
+ if (!empty($link_item['parent']) && !empty($link_item['uid'])) {
$condition = ["`parent` = ? AND `parent` != `id`", $link_item['parent']];
$total = DBA::count('item', $condition);
$result = Item::selectForUser($link_item['uid'], Item::ITEM_FIELDLIST, $condition, $params);
$items = Item::inArray($result);
- if (local_user() && (local_user() == $link_item['uid'])) {
+ if (local_user() == $link_item['uid']) {
Item::update(['unseen' => false], ['parent' => $link_item['parent']]);
}
+ }
- if ($link_item['coord']) {
- $map = Map::byCoordinates($link_item['coord']);
- }
+ if (!empty($link_item['coord'])) {
+ $map = Map::byCoordinates($link_item['coord']);
}
$tags = null;
- if (count($linked_items) && strlen($link_item['tag'])) {
+ if (!empty($link_item['id']) && !empty($link_item['tag'])) {
$arr = explode(',', $link_item['tag']);
// parse tags and add links
$tag_arr = [];
foreach ($arr as $tag) {
$tag_arr[] = [
'name' => BBCode::convert($tag),
- 'removeurl' => '/tagrm/'.$link_item['id'] . '/' . bin2hex($tag)
+ 'removeurl' => '/tagrm/' . $link_item['id'] . '/' . bin2hex($tag)
];
}
$tags = ['title' => L10n::t('Tags: '), 'tags' => $tag_arr];
'$permissions' => L10n::t('Permissions'),
'$aclselect' => $aclselect_e,
- '$item_id' => defaults($link_item, 'id', 0),
+ '$item_id' => $link_item['id'] ?? 0,
'$submit' => L10n::t('Submit'),
'$delete' => L10n::t('Delete Photo'),
$paginate = '';
$responses = '';
- if (count($linked_items)) {
+ if (!empty($link_item['id']) && !empty($link_item['uri'])) {
$cmnt_tpl = Renderer::getMarkupTemplate('comment_item.tpl');
$tpl = Renderer::getMarkupTemplate('photo_item.tpl');
$return_path = $a->cmd;
$template = $tpl;
$sparkle = '';
- if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && ($item['id'] != $item['parent'])) {
+ /** @var \Friendica\Protocol\Activity $activity */
+ $activity = BaseObject::getClass(\Friendica\Protocol\Activity::class);
+
+ if (($activity->match($item['verb'], ACTIVITY_LIKE) ||
+ $activity->match($item['verb'], ACTIVITY_DISLIKE)) &&
+ ($item['id'] != $item['parent'])) {
continue;
}
$a->page['htmlhead'] .= "\n" . '<meta name="twitter:card" content="summary_large_image" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:title" content="' . $photo["album"] . '" />' . "\n";
- $a->page['htmlhead'] .= '<meta name="twitter:image" content="' . $photo["href"] . '" />' . "\n";
+ $a->page['htmlhead'] .= '<meta name="twitter:image" content="' . System::baseUrl() . "/" . $photo["href"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image:width" content="' . $photo["width"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image:height" content="' . $photo["height"] . '" />' . "\n";
$twist = false;
foreach ($r as $rr) {
//hide profile photos to others
- if (!$is_owner && !remote_user() && ($rr['album'] == L10n::t('Profile Photos'))) {
+ if (!$is_owner && !Session::getRemoteContactID($owner_uid) && ($rr['album'] == L10n::t('Profile Photos'))) {
continue;
}