Merge pull request #10813 from tobiasd/20211003-lengthcounter

[friendica.git] / src / BaseModule.php

diff --git a/src/BaseModule.php b/src/BaseModule.php
index cb8f8c790de7317e064db3ee88b97c704e02b3bb..d7ca5798deb61ae48bbc0eabd96a40689d7c6362 100644 (file)
--- a/src/BaseModule.php
+++ b/src/BaseModule.php
@@ -22,6 +22,7 @@
 namespace Friendica;
 
 use Friendica\Core\Logger;
+use Friendica\Model\User;
 
 /**
  * All modules in Friendica should extend BaseModule, although not all modules
@@ -135,10 +136,9 @@ abstract class BaseModule
         */
        public static function getFormSecurityToken($typename = '')
        {
-               $a = DI::app();
-
+               $user = User::getById(DI::app()->getLoggedInUserId(), ['guid', 'prvkey']);
                $timestamp = time();
-               $sec_hash = hash('whirlpool', ($a->user['guid'] ?? '') . ($a->user['prvkey'] ?? '') . session_id() . $timestamp . $typename);
+               $sec_hash = hash('whirlpool', ($user['guid'] ?? '') . ($user['prvkey'] ?? '') . session_id() . $timestamp . $typename);
 
                return $timestamp . '.' . $sec_hash;
        }
@@ -163,14 +163,14 @@ abstract class BaseModule
 
                $max_livetime = 10800; // 3 hours
 
-               $a = DI::app();
+               $user = User::getById(DI::app()->getLoggedInUserId(), ['guid', 'prvkey']);
 
                $x = explode('.', $hash);
                if (time() > (intval($x[0]) + $max_livetime)) {
                        return false;
                }
 
-               $sec_hash = hash('whirlpool', ($a->user['guid'] ?? '') . ($a->user['prvkey'] ?? '') . session_id() . $x[0] . $typename);
+               $sec_hash = hash('whirlpool', ($user['guid'] ?? '') . ($user['prvkey'] ?? '') . session_id() . $x[0] . $typename);
 
                return ($sec_hash == $x[1]);
        }
@@ -183,8 +183,7 @@ abstract class BaseModule
        public static function checkFormSecurityTokenRedirectOnError($err_redirect, $typename = '', $formname = 'form_security_token')
        {
                if (!self::checkFormSecurityToken($typename, $formname)) {
-                       $a = DI::app();
-                       Logger::log('checkFormSecurityToken failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
+                       Logger::log('checkFormSecurityToken failed: user ' . DI::app()->getLoggedInUserNickname() . ' - form element ' . $typename);
                        Logger::log('checkFormSecurityToken failed: _REQUEST data: ' . print_r($_REQUEST, true), Logger::DATA);
                        notice(self::getFormSecurityStandardErrorMessage());
                        DI::baseUrl()->redirect($err_redirect);
@@ -194,8 +193,7 @@ abstract class BaseModule
        public static function checkFormSecurityTokenForbiddenOnError($typename = '', $formname = 'form_security_token')
        {
                if (!self::checkFormSecurityToken($typename, $formname)) {
-                       $a = DI::app();
-                       Logger::log('checkFormSecurityToken failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
+                       Logger::log('checkFormSecurityToken failed: user ' . DI::app()->getLoggedInUserNickname() . ' - form element ' . $typename);
                        Logger::log('checkFormSecurityToken failed: _REQUEST data: ' . print_r($_REQUEST, true), Logger::DATA);
 
                        throw new \Friendica\Network\HTTPException\ForbiddenException();