X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=22a6ee432133e523108ce5cce4d5899af75b2b7e;hb=8a354dac8269d788f3f8ea90732530eeacf53d98;hp=5937481e81fd603e846365803fddea16d05bd3f7;hpb=2488780bc274852a4d896dd1881c5e1db86aa7be;p=friendica.git

diff --git a/include/api.php b/include/api.php
index 5937481e81..22a6ee4321 100644
--- a/include/api.php
+++ b/include/api.php
@@ -492,9 +492,9 @@ function api_get_user(App $a, $contact_id = null)
 
 	// Searching for contact URL
 	if (!is_null($contact_id) && (intval($contact_id) == 0)) {
-		$user = DBA::escape(Strings::normaliseLink($contact_id));
+		$user = Strings::normaliseLink($contact_id);
 		$url = $user;
-		$extra_query = "AND `contact`.`nurl` = '%s' ";
+		$extra_query = "AND `contact`.`nurl` = ? ";
 		if (api_user() !== false) {
 			$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
 		}
@@ -502,43 +502,43 @@ function api_get_user(App $a, $contact_id = null)
 
 	// Searching for contact id with uid = 0
 	if (!is_null($contact_id) && (intval($contact_id) != 0)) {
-		$user = DBA::escape(api_unique_id_to_nurl(intval($contact_id)));
+		$user = api_unique_id_to_nurl(intval($contact_id));
 
 		if ($user == "") {
 			throw new BadRequestException("User ID ".$contact_id." not found.");
 		}
 
 		$url = $user;
-		$extra_query = "AND `contact`.`nurl` = '%s' ";
+		$extra_query = "AND `contact`.`nurl` = ? ";
 		if (api_user() !== false) {
 			$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
 		}
 	}
 
 	if (is_null($user) && !empty($_GET['user_id'])) {
-		$user = DBA::escape(api_unique_id_to_nurl($_GET['user_id']));
+		$user = api_unique_id_to_nurl($_GET['user_id']);
 
 		if ($user == "") {
 			throw new BadRequestException("User ID ".$_GET['user_id']." not found.");
 		}
 
 		$url = $user;
-		$extra_query = "AND `contact`.`nurl` = '%s' ";
+		$extra_query = "AND `contact`.`nurl` = ? ";
 		if (api_user() !== false) {
 			$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
 		}
 	}
 	if (is_null($user) && !empty($_GET['screen_name'])) {
-		$user = DBA::escape($_GET['screen_name']);
-		$extra_query = "AND `contact`.`nick` = '%s' ";
+		$user = $_GET['screen_name'];
+		$extra_query = "AND `contact`.`nick` = ? ";
 		if (api_user() !== false) {
 			$extra_query .= "AND `contact`.`uid`=".intval(api_user());
 		}
 	}
 
 	if (is_null($user) && !empty($_GET['profileurl'])) {
-		$user = DBA::escape(Strings::normaliseLink($_GET['profileurl']));
-		$extra_query = "AND `contact`.`nurl` = '%s' ";
+		$user = Strings::normaliseLink($_GET['profileurl']);
+		$extra_query = "AND `contact`.`nurl` = ? ";
 		if (api_user() !== false) {
 			$extra_query .= "AND `contact`.`uid`=".intval(api_user());
 		}
@@ -554,18 +554,17 @@ function api_get_user(App $a, $contact_id = null)
 			}
 		}
 		if (is_numeric($user)) {
-			$user = DBA::escape(api_unique_id_to_nurl(intval($user)));
+			$user = api_unique_id_to_nurl(intval($user));
 
 			if ($user != "") {
 				$url = $user;
-				$extra_query = "AND `contact`.`nurl` = '%s' ";
+				$extra_query = "AND `contact`.`nurl` = ? ";
 				if (api_user() !== false) {
 					$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
 				}
 			}
 		} else {
-			$user = DBA::escape($user);
-			$extra_query = "AND `contact`.`nick` = '%s' ";
+			$extra_query = "AND `contact`.`nick` = ? ";
 			if (api_user() !== false) {
 				$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
 			}
@@ -580,19 +579,19 @@ function api_get_user(App $a, $contact_id = null)
 			return false;
 		} else {
 			$user = api_user();
-			$extra_query = "AND `contact`.`uid` = %d AND `contact`.`self` ";
+			$extra_query = "AND `contact`.`uid` = ? AND `contact`.`self` ";
 		}
 	}
 
 	Logger::info(API_LOG_PREFIX . 'found user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user, 'extra_query' => $extra_query]);
 
 	// user info
-	$uinfo = q(
+	$uinfo = DBA::toArray(DBA::p(
 		"SELECT *, `contact`.`id` AS `cid` FROM `contact`
 			WHERE 1
 		$extra_query",
 		$user
-	);
+	));
 
 	// Selecting the id by priority, friendica first
 	if (is_array($uinfo)) {
@@ -3416,19 +3415,20 @@ function api_statuses_f($qtype)
 		$sql_filter = 'AND (NOT `blocked` OR `pending`)';
 	}
 
-	$r = q(
+	// @todo This query most likely can be replaced with a Contact::select...
+	$r = DBA::toArray(DBA::p(
 		"SELECT `nurl`
 		FROM `contact`
-		WHERE `uid` = %d
+		WHERE `uid` = ?
 		AND NOT `self`
 		$sql_filter
 		$sql_extra
 		ORDER BY `nick`
-		LIMIT %d, %d",
-		intval(api_user()),
-		intval($start),
-		intval($count)
-	);
+		LIMIT ?, ?",
+		api_user(),
+		$start,
+		$count
+	));
 
 	$ret = [];
 	foreach ($r as $cid) {
@@ -4115,8 +4115,8 @@ function api_fr_photos_list($type)
 	$r = DBA::toArray(DBA::p(
 		"SELECT `resource-id`, MAX(scale) AS `scale`, `album`, `filename`, `type`, MAX(`created`) AS `created`,
 		MAX(`edited`) AS `edited`, MAX(`desc`) AS `desc` FROM `photo`
-		WHERE `uid` = ? AND NOT `album` IN (?, ?) GROUP BY `resource-id`, `album`, `filename`, `type`",
-		local_user(), Photo::CONTACT_PHOTOS, DI::l10n()->t(Photo::CONTACT_PHOTOS)
+		WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) GROUP BY `resource-id`, `album`, `filename`, `type`",
+		local_user(), Photo::CONTACT_AVATAR, Photo::CONTACT_BANNER
 	));
 	$typetoext = [
 		'image/jpeg' => 'jpg',
@@ -4212,7 +4212,7 @@ function api_fr_photo_create_update($type)
 	// now let's upload the new media in create-mode
 	if ($mode == "create") {
 		$media = $_FILES['media'];
-		$data = save_media_to_database("photo", $media, $type, $album, trim($allow_cid), trim($deny_cid), trim($allow_gid), trim($deny_gid), $desc, $visibility);
+		$data = save_media_to_database("photo", $media, $type, $album, trim($allow_cid), trim($deny_cid), trim($allow_gid), trim($deny_gid), $desc, Photo::DEFAULT, $visibility);
 
 		// return success of updating or error message
 		if (!is_null($data)) {
@@ -4265,7 +4265,7 @@ function api_fr_photo_create_update($type)
 		if (!empty($_FILES['media'])) {
 			$nothingtodo = false;
 			$media = $_FILES['media'];
-			$data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, 0, $visibility, $photo_id);
+			$data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, Photo::DEFAULT, $visibility, $photo_id);
 			if (!is_null($data)) {
 				return api_format_data("photo_update", $type, $data);
 			}
@@ -4408,7 +4408,7 @@ function api_account_update_profile_image($type)
 		$media = $_FILES['media'];
 	}
 	// save new profile image
-	$data = save_media_to_database("profileimage", $media, $type, DI::l10n()->t('Profile Photos'), "", "", "", "", "", $is_default_profile);
+	$data = save_media_to_database("profileimage", $media, $type, DI::l10n()->t(Photo::PROFILE_PHOTOS), "", "", "", "", "", Photo::USER_AVATAR);
 
 	// get filetype
 	if (is_array($media['type'])) {
@@ -4427,7 +4427,7 @@ function api_account_update_profile_image($type)
 	// change specified profile or all profiles to the new resource-id
 	if ($is_default_profile) {
 		$condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], api_user()];
-		Photo::update(['profile' => false], $condition);
+		Photo::update(['profile' => false, 'photo-type' => Photo::DEFAULT], $condition);
 	} else {
 		$fields = ['photo' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext,
 			'thumb' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext];
@@ -4534,7 +4534,7 @@ function check_acl_input($acl_string)
  * @param string  $allow_gid
  * @param string  $deny_gid
  * @param string  $desc
- * @param integer $profile
+ * @param integer $phototype
  * @param boolean $visibility
  * @param string  $photo_id
  * @return array
@@ -4545,7 +4545,7 @@ function check_acl_input($acl_string)
  * @throws NotFoundException
  * @throws UnauthorizedException
  */
-function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $profile = 0, $visibility = false, $photo_id = null)
+function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $phototype = 0, $visibility = false, $photo_id = null)
 {
 	$visitor   = 0;
 	$src = "";
@@ -4623,13 +4623,13 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 		// upload normal image (scales 0, 1, 2)
 		logger::info("photo upload: starting new photo upload");
 
-		$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 0, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+		$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 0, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 		if (!$r) {
 			logger::notice("photo upload: image upload with scale 0 (original size) failed");
 		}
 		if ($width > 640 || $height > 640) {
 			$Image->scaleDown(640);
-			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 1, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 1, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 			if (!$r) {
 				logger::notice("photo upload: image upload with scale 1 (640x640) failed");
 			}
@@ -4637,7 +4637,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 
 		if ($width > 320 || $height > 320) {
 			$Image->scaleDown(320);
-			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 2, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 2, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 			if (!$r) {
 				logger::notice("photo upload: image upload with scale 2 (320x320) failed");
 			}
@@ -4649,7 +4649,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 
 		if ($width > 300 || $height > 300) {
 			$Image->scaleDown(300);
-			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 4, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 4, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 			if (!$r) {
 				logger::notice("photo upload: profile image upload with scale 4 (300x300) failed");
 			}
@@ -4657,7 +4657,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 
 		if ($width > 80 || $height > 80) {
 			$Image->scaleDown(80);
-			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 5, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 5, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 			if (!$r) {
 				logger::notice("photo upload: profile image upload with scale 5 (80x80) failed");
 			}
@@ -4665,7 +4665,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 
 		if ($width > 48 || $height > 48) {
 			$Image->scaleDown(48);
-			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 6, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 6, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 			if (!$r) {
 				logger::notice("photo upload: profile image upload with scale 6 (48x48) failed");
 			}
@@ -4768,18 +4768,16 @@ function prepare_photo_data($type, $scale, $photo_id)
 
 	// added allow_cid, allow_gid, deny_cid, deny_gid to output as string like stored in database
 	// clients needs to convert this in their way for further processing
-	$r = q(
-		"SELECT %s `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`,
+	$r = DBA::toArray(DBA::p(
+		"SELECT $data_sql `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`,
 					`type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`,
 					MIN(`scale`) AS `minscale`, MAX(`scale`) AS `maxscale`
-			FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' %s GROUP BY
+			FROM `photo` WHERE `uid` = ? AND `resource-id` = ? $scale_sql GROUP BY
 			       `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`,
 			       `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`",
-		$data_sql,
-		intval(local_user()),
-		DBA::escape($photo_id),
-		$scale_sql
-	);
+		local_user(),
+		$photo_id
+	));
 
 	$typetoext = [
 		'image/jpeg' => 'jpg',
@@ -5223,7 +5221,7 @@ function group_create($name, $uid, $users = [])
 		throw new BadRequestException('group name not specified');
 	}
 
-	// error message if specified group name already exists	
+	// error message if specified group name already exists
 	if (DBA::exists('group', ['uid' => $uid, 'name' => $name, 'deleted' => false])) {
 		throw new BadRequestException('group name already exists');
 	}
@@ -5696,11 +5694,11 @@ function api_friendica_direct_messages_search($type, $box = "")
 	}
 
 	// get data for the specified searchstring
-	$r = q(
-		"SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid`=%d AND `body` LIKE '%s' ORDER BY `mail`.`id` DESC",
-		intval($uid),
-		DBA::escape('%'.$searchstring.'%')
-	);
+	$r = DBA::toArray(DBA::p(
+		"SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid` = ? AND `body` LIKE ? ORDER BY `mail`.`id` DESC",
+		$uid,
+		'%'.$searchstring.'%'
+	));
 
 	$profile_url = $user_info["url"];