X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=include%2Facl_selectors.php;h=a1154399a713035c43a8f83751006cdcd8228989;hb=a67710bc7cca030c74a71d4462c9ab55fa44d783;hp=8b03a1312cd2b5aa0307cbde49bd3c6a1b2b8bc5;hpb=28f0e9a2de449232c6a1eb031f7ba056f9ae11eb;p=friendica.git diff --git a/include/acl_selectors.php b/include/acl_selectors.php index 8b03a1312c..a1154399a7 100644 --- a/include/acl_selectors.php +++ b/include/acl_selectors.php @@ -190,8 +190,14 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p $tabindex = ($tabindex > 0 ? "tabindex=\"$tabindex\"" : ""); + if ($privmail AND $preselected) { + $sql_extra .= " AND `id` IN (".implode(",", $preselected).")"; + $hidepreselected = ' style="display: none;"'; + } else + $hidepreselected = ""; + if($privmail) - $o .= "\r\n"; else $o .= "\r\n"; + if ($privmail AND $preselected) + $o .= implode(", ", $receiverlist); + call_hooks($a->module . '_post_' . $selname, $o); return $o; @@ -379,7 +392,6 @@ function acl_lookup(&$a, $out_type = 'json') { if(!local_user()) return ""; - $start = (x($_REQUEST,'start')?$_REQUEST['start']:0); $count = (x($_REQUEST,'count')?$_REQUEST['count']:100); $search = (x($_REQUEST,'search')?$_REQUEST['search']:""); @@ -479,7 +491,7 @@ function acl_lookup(&$a, $out_type = 'json') { $groups[] = array( "type" => "g", "photo" => "images/twopeople.png", - "name" => $g['name'], + "name" => htmlentities($g['name']), "id" => intval($g['id']), "uids" => array_map("intval", explode(",",$g['uids'])), "link" => '', @@ -532,9 +544,9 @@ function acl_lookup(&$a, $out_type = 'json') { $x['data'] = array(); if(count($r)) { foreach($r as $g) { - $x['photos'][] = proxy_url($g['micro']); + $x['photos'][] = proxy_url($g['micro'], false, PROXY_SIZE_MICRO); $x['links'][] = $g['url']; - $x['suggestions'][] = $g['name']; + $x['suggestions'][] = htmlentities($g['name']); $x['data'][] = intval($g['id']); } } @@ -546,12 +558,12 @@ function acl_lookup(&$a, $out_type = 'json') { foreach($r as $g){ $contacts[] = array( "type" => "c", - "photo" => proxy_url($g['micro']), - "name" => $g['name'], + "photo" => proxy_url($g['micro'], false, PROXY_SIZE_MICRO), + "name" => htmlentities($g['name']), "id" => intval($g['id']), "network" => $g['network'], "link" => $g['url'], - "nick" => ($g['attag']) ? $g['attag'] : $g['nick'], + "nick" => htmlentities(($g['attag']) ? $g['attag'] : $g['nick']), "forum" => $g['forum'] ); } @@ -591,12 +603,12 @@ function acl_lookup(&$a, $out_type = 'json') { // /nickname $unknow_contacts[] = array( "type" => "c", - "photo" => proxy_url($row['author-avatar']), - "name" => $row['author-name'], + "photo" => proxy_url($row['author-avatar'], false, PROXY_SIZE_MICRO), + "name" => htmlentities($row['author-name']), "id" => '', "network" => "unknown", "link" => $row['author-link'], - "nick" => $nick, + "nick" => htmlentities($nick), "forum" => false ); }