Ops, one more left ...

[friendica.git] / mod / viewcontacts.php

diff --git a/mod/viewcontacts.php b/mod/viewcontacts.php
index 7763dc8bf7a9c4b88bbbaec9485218cf6dfbdfc4..9219f49d9bfaa18fe5312b0b0c2c90bc43907e58 100644 (file)
--- a/mod/viewcontacts.php
+++ b/mod/viewcontacts.php
@@ -7,41 +7,44 @@ use Friendica\Content\ContactSelector;
 use Friendica\Content\Nav;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
-use Friendica\Database\DBM;
+use Friendica\Core\Protocol;
+use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\Profile;
+use Friendica\Util\Proxy as ProxyUtils;
+use Friendica\Core\System;
 
 function viewcontacts_init(App $a)
 {
-       if ((Config::get('system', 'block_public')) && (! local_user()) && (! remote_user())) {
+       if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
                return;
        }
 
+       if ($a->argc < 2) {
+               System::httpExit(403, ["title" => L10n::t('Access denied.')]);
+       }
+
        Nav::setSelected('home');
 
-       if ($a->argc > 1) {
-               $nick = $a->argv[1];
-               $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
-                       dbesc($nick)
-               );
+       $nick = $a->argv[1];
+       $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
+               DBA::escape($nick)
+       );
 
-               if (! DBM::is_result($r)) {
-                       return;
-               }
+       if (!DBA::isResult($r)) {
+               return;
+       }
 
-               $a->data['user'] = $r[0];
-               $a->profile_uid = $r[0]['uid'];
-               $is_owner = (local_user() && (local_user() == $a->profile_uid));
+       $a->data['user'] = $r[0];
+       $a->profile_uid = $r[0]['uid'];
+       $is_owner = (local_user() && (local_user() == $a->profile_uid));
 
-               Profile::load($a, $a->argv[1]);
-       }
+       Profile::load($a, $a->argv[1]);
 }
 
 function viewcontacts_content(App $a)
 {
-       require_once("mod/proxy.php");
-
-       if ((Config::get('system', 'block_public')) && (! local_user()) && (! remote_user())) {
+       if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
                notice(L10n::t('Public access denied.') . EOL);
                return;
        }
@@ -53,7 +56,7 @@ function viewcontacts_content(App $a)
        // tabs
        $o .= Profile::getTabs($a, $is_owner, $a->data['user']['nickname']);
 
-       if (((! count($a->profile)) || ($a->profile['hide-friends']))) {
+       if (!count($a->profile) || $a->profile['hide-friends']) {
                notice(L10n::t('Permission denied.') . EOL);
                return $o;
        }
@@ -63,11 +66,11 @@ function viewcontacts_content(App $a)
                        AND NOT `hidden` AND NOT `archive`
                        AND `network` IN ('%s', '%s', '%s')",
                intval($a->profile['uid']),
-               dbesc(NETWORK_DFRN),
-               dbesc(NETWORK_DIASPORA),
-               dbesc(NETWORK_OSTATUS)
+               DBA::escape(Protocol::DFRN),
+               DBA::escape(Protocol::DIASPORA),
+               DBA::escape(Protocol::OSTATUS)
        );
-       if (DBM::is_result($r)) {
+       if (DBA::isResult($r)) {
                $a->set_pager_total($r[0]['total']);
        }
 
@@ -77,13 +80,13 @@ function viewcontacts_content(App $a)
                        AND `network` IN ('%s', '%s', '%s')
                ORDER BY `name` ASC LIMIT %d, %d",
                intval($a->profile['uid']),
-               dbesc(NETWORK_DFRN),
-               dbesc(NETWORK_DIASPORA),
-               dbesc(NETWORK_OSTATUS),
+               DBA::escape(Protocol::DFRN),
+               DBA::escape(Protocol::DIASPORA),
+               DBA::escape(Protocol::OSTATUS),
                intval($a->pager['start']),
                intval($a->pager['itemspage'])
        );
-       if (!DBM::is_result($r)) {
+       if (!DBA::isResult($r)) {
                info(L10n::t('No contacts.').EOL);
                return $o;
        }
@@ -96,29 +99,20 @@ function viewcontacts_content(App $a)
                        continue;
                }
 
-               $url = $rr['url'];
-
-               // route DFRN profiles through the redirect
-               if ($is_owner && ($rr['network'] === NETWORK_DFRN) && ($rr['rel'])) {
-                       $url = 'redir/' . $rr['id'];
-               } else {
-                       $url = Profile::zrl($url);
-               }
-
                $contact_details = Contact::getDetailsByURL($rr['url'], $a->profile['uid'], $rr);
 
                $contacts[] = [
                        'id' => $rr['id'],
                        'img_hover' => L10n::t('Visit %s\'s profile [%s]', $contact_details['name'], $rr['url']),
                        'photo_menu' => Contact::photoMenu($rr),
-                       'thumb' => proxy_url($contact_details['thumb'], false, PROXY_SIZE_THUMB),
+                       'thumb' => ProxyUtils::proxifyUrl($contact_details['thumb'], false, ProxyUtils::SIZE_THUMB),
                        'name' => htmlentities(substr($contact_details['name'], 0, 20)),
                        'username' => htmlentities($contact_details['name']),
                        'details'       => $contact_details['location'],
                        'tags'          => $contact_details['keywords'],
                        'about'         => $contact_details['about'],
                        'account_type'  => Contact::getAccountType($contact_details),
-                       'url' => $url,
+                       'url' => Contact::magicLink($rr['url']),
                        'sparkle' => '',
                        'itemurl' => (($contact_details['addr'] != "") ? $contact_details['addr'] : $rr['url']),
                        'network' => ContactSelector::networkToName($rr['network'], $rr['url']),
@@ -133,6 +127,5 @@ function viewcontacts_content(App $a)
                '$paginate' => paginate($a),
        ]);
 
-
        return $o;
 }