Merge pull request #10731 from annando/profile-writable

[friendica.git] / src / Object / Thread.php

diff --git a/src/Object/Thread.php b/src/Object/Thread.php
index 4eda1f8f7eedd2c730b36f26c9613b2d3774c2a6..a2504a2ad170385ec9ba9bf4638bf5b5db249634 100644 (file)
--- a/src/Object/Thread.php
+++ b/src/Object/Thread.php
@@ -1,22 +1,40 @@
 <?php
 /**
- * @file src/Object/Thread.php
+ * @copyright Copyright (C) 2010-2021, the Friendica project
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
  */
+
 namespace Friendica\Object;
 
-use Friendica\BaseObject;
 use Friendica\Core\Logger;
 use Friendica\Core\Protocol;
+use Friendica\DI;
 use Friendica\Protocol\Activity;
-use Friendica\Util\Security;
+use Friendica\Security\Security;
 
 /**
  * A list of threads
  *
  * We should think about making this a SPL Iterator
  */
-class Thread extends BaseObject
+class Thread
 {
+       /** @var Post[] */
        private $parents = [];
        private $mode = null;
        private $writable = false;
@@ -52,7 +70,7 @@ class Thread extends BaseObject
                        return;
                }
 
-               $a = self::getApp();
+               $a = DI::app();
 
                switch ($mode) {
                        case 'network':
@@ -61,11 +79,11 @@ class Thread extends BaseObject
                                $this->writable = true;
                                break;
                        case 'profile':
-                               $this->profile_owner = $a->profile['profile_uid'];
-                               $this->writable = Security::canWriteToUserWall($this->profile_owner);
+                               $this->profile_owner = $a->getProfileOwner();
+                               $this->writable = Security::canWriteToUserWall($this->profile_owner) || $writable;
                                break;
                        case 'display':
-                               $this->profile_owner = $a->profile['uid'];
+                               $this->profile_owner = $a->getProfileOwner();
                                $this->writable = Security::canWriteToUserWall($this->profile_owner) || $writable;
                                break;
                        case 'community':
@@ -172,12 +190,13 @@ class Thread extends BaseObject
         * We should find a way to avoid using those arguments (at least most of them)
         *
         * @param array $conv_responses data
+        * @param string $formSecurityToken A security Token to avoid CSF attacks
         *
         * @return mixed The data requested on success
         *               false on failure
         * @throws \Exception
         */
-       public function getTemplateData($conv_responses)
+       public function getTemplateData($conv_responses, string $formSecurityToken)
        {
                $result = [];
 
@@ -186,7 +205,7 @@ class Thread extends BaseObject
                                continue;
                        }
 
-                       $item_data = $item->getTemplateData($conv_responses);
+                       $item_data = $item->getTemplateData($conv_responses, $formSecurityToken);
 
                        if (!$item_data) {
                                Logger::log('[ERROR] Conversation::getTemplateData : Failed to get item template data ('. $item->getId() .').', Logger::DEBUG);