X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=22a6ee432133e523108ce5cce4d5899af75b2b7e;hb=8a354dac8269d788f3f8ea90732530eeacf53d98;hp=6243b9382c06617bd1d71d8037a59e30873a18f0;hpb=f66b4af548d22c564287db06ef8ba6176ff4958c;p=friendica.git diff --git a/include/api.php b/include/api.php index 6243b9382c..22a6ee4321 100644 --- a/include/api.php +++ b/include/api.php @@ -492,9 +492,9 @@ function api_get_user(App $a, $contact_id = null) // Searching for contact URL if (!is_null($contact_id) && (intval($contact_id) == 0)) { - $user = DBA::escape(Strings::normaliseLink($contact_id)); + $user = Strings::normaliseLink($contact_id); $url = $user; - $extra_query = "AND `contact`.`nurl` = '%s' "; + $extra_query = "AND `contact`.`nurl` = ? "; if (api_user() !== false) { $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); } @@ -502,43 +502,43 @@ function api_get_user(App $a, $contact_id = null) // Searching for contact id with uid = 0 if (!is_null($contact_id) && (intval($contact_id) != 0)) { - $user = DBA::escape(api_unique_id_to_nurl(intval($contact_id))); + $user = api_unique_id_to_nurl(intval($contact_id)); if ($user == "") { throw new BadRequestException("User ID ".$contact_id." not found."); } $url = $user; - $extra_query = "AND `contact`.`nurl` = '%s' "; + $extra_query = "AND `contact`.`nurl` = ? "; if (api_user() !== false) { $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); } } if (is_null($user) && !empty($_GET['user_id'])) { - $user = DBA::escape(api_unique_id_to_nurl($_GET['user_id'])); + $user = api_unique_id_to_nurl($_GET['user_id']); if ($user == "") { throw new BadRequestException("User ID ".$_GET['user_id']." not found."); } $url = $user; - $extra_query = "AND `contact`.`nurl` = '%s' "; + $extra_query = "AND `contact`.`nurl` = ? "; if (api_user() !== false) { $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); } } if (is_null($user) && !empty($_GET['screen_name'])) { - $user = DBA::escape($_GET['screen_name']); - $extra_query = "AND `contact`.`nick` = '%s' "; + $user = $_GET['screen_name']; + $extra_query = "AND `contact`.`nick` = ? "; if (api_user() !== false) { $extra_query .= "AND `contact`.`uid`=".intval(api_user()); } } if (is_null($user) && !empty($_GET['profileurl'])) { - $user = DBA::escape(Strings::normaliseLink($_GET['profileurl'])); - $extra_query = "AND `contact`.`nurl` = '%s' "; + $user = Strings::normaliseLink($_GET['profileurl']); + $extra_query = "AND `contact`.`nurl` = ? "; if (api_user() !== false) { $extra_query .= "AND `contact`.`uid`=".intval(api_user()); } @@ -554,18 +554,17 @@ function api_get_user(App $a, $contact_id = null) } } if (is_numeric($user)) { - $user = DBA::escape(api_unique_id_to_nurl(intval($user))); + $user = api_unique_id_to_nurl(intval($user)); if ($user != "") { $url = $user; - $extra_query = "AND `contact`.`nurl` = '%s' "; + $extra_query = "AND `contact`.`nurl` = ? "; if (api_user() !== false) { $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); } } } else { - $user = DBA::escape($user); - $extra_query = "AND `contact`.`nick` = '%s' "; + $extra_query = "AND `contact`.`nick` = ? "; if (api_user() !== false) { $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); } @@ -580,19 +579,19 @@ function api_get_user(App $a, $contact_id = null) return false; } else { $user = api_user(); - $extra_query = "AND `contact`.`uid` = %d AND `contact`.`self` "; + $extra_query = "AND `contact`.`uid` = ? AND `contact`.`self` "; } } Logger::info(API_LOG_PREFIX . 'found user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user, 'extra_query' => $extra_query]); // user info - $uinfo = q( + $uinfo = DBA::toArray(DBA::p( "SELECT *, `contact`.`id` AS `cid` FROM `contact` WHERE 1 $extra_query", $user - ); + )); // Selecting the id by priority, friendica first if (is_array($uinfo)) { @@ -1001,7 +1000,7 @@ function api_statuses_mediap($type) $a = DI::app(); if (api_user() === false) { - Logger::log('api_statuses_update: no user'); + logger::notice('api_statuses_update: no user'); throw new ForbiddenException(); } $user_info = api_get_user($a); @@ -1055,7 +1054,7 @@ function api_statuses_update($type) $a = DI::app(); if (api_user() === false) { - Logger::log('api_statuses_update: no user'); + logger::notice('api_statuses_update: no user'); throw new ForbiddenException(); } @@ -1109,7 +1108,7 @@ function api_statuses_update($type) $posts_day = Post::count($condition); if ($posts_day > $throttle_day) { - Logger::log('Daily posting limit reached for user '.api_user(), Logger::DEBUG); + logger::info('Daily posting limit reached for user '.api_user()); // die(api_error($type, DI::l10n()->t("Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); throw new TooManyRequestsException(DI::l10n()->tt("Daily posting limit of %d post reached. The post was rejected.", "Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); } @@ -1123,7 +1122,7 @@ function api_statuses_update($type) $posts_week = Post::count($condition); if ($posts_week > $throttle_week) { - Logger::log('Weekly posting limit reached for user '.api_user(), Logger::DEBUG); + logger::info('Weekly posting limit reached for user '.api_user()); // die(api_error($type, DI::l10n()->t("Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week))); throw new TooManyRequestsException(DI::l10n()->tt("Weekly posting limit of %d post reached. The post was rejected.", "Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week)); } @@ -1137,7 +1136,7 @@ function api_statuses_update($type) $posts_month = Post::count($condition); if ($posts_month > $throttle_month) { - Logger::log('Monthly posting limit reached for user '.api_user(), Logger::DEBUG); + logger::info('Monthly posting limit reached for user '.api_user()); // die(api_error($type, DI::l10n()->t("Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); throw new TooManyRequestsException(DI::l10n()->t("Monthly posting limit of %d post reached. The post was rejected.", "Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); } @@ -1238,7 +1237,7 @@ function api_media_upload() $a = DI::app(); if (api_user() === false) { - Logger::log('no user'); + logger::notice('no user'); throw new ForbiddenException(); } @@ -1894,7 +1893,7 @@ function api_statuses_show($type) $id = intval(DI::args()->getArgv()[4] ?? 0); } - Logger::log('API: api_statuses_show: ' . $id); + logger::notice('API: api_statuses_show: ' . $id); $conversation = !empty($_REQUEST['conversation']); @@ -2056,7 +2055,7 @@ function api_statuses_repeat($type) $id = intval(DI::args()->getArgv()[4] ?? 0); } - Logger::log('API: api_statuses_repeat: '.$id); + logger::notice('API: api_statuses_repeat: ' . $id); $fields = ['uri-id', 'network', 'body', 'title', 'author-name', 'author-link', 'author-avatar', 'guid', 'created', 'plink']; $item = Post::selectFirst($fields, ['id' => $id, 'private' => [Item::PUBLIC, Item::UNLISTED]]); @@ -2139,7 +2138,7 @@ function api_statuses_destroy($type) $id = intval(DI::args()->getArgv()[4] ?? 0); } - Logger::log('API: api_statuses_destroy: '.$id); + logger::notice('API: api_statuses_destroy: ' . $id); $ret = api_statuses_show($type); @@ -3416,19 +3415,20 @@ function api_statuses_f($qtype) $sql_filter = 'AND (NOT `blocked` OR `pending`)'; } - $r = q( + // @todo This query most likely can be replaced with a Contact::select... + $r = DBA::toArray(DBA::p( "SELECT `nurl` FROM `contact` - WHERE `uid` = %d + WHERE `uid` = ? AND NOT `self` $sql_filter $sql_extra ORDER BY `nick` - LIMIT %d, %d", - intval(api_user()), - intval($start), - intval($count) - ); + LIMIT ?, ?", + api_user(), + $start, + $count + )); $ret = []; foreach ($r as $cid) { @@ -3727,15 +3727,8 @@ function api_direct_messages_destroy($type) // add parent-uri to sql command if specified by calling app $sql_extra = ($parenturi != "" ? " AND `parent-uri` = '" . DBA::escape($parenturi) . "'" : ""); - // get data of the specified message id - $r = q( - "SELECT `id` FROM `mail` WHERE `uid` = %d AND `id` = %d" . $sql_extra, - intval($uid), - intval($id) - ); - // error message if specified id is not in database - if (!DBA::isResult($r)) { + if (!DBA::exists('mail', ["`uid` = ? AND `id` = ? " . $sql_extra, $uid, $id])) { if ($verbose == "true") { $answer = ['result' => 'error', 'message' => 'message id not in database']; return api_format_data("direct_messages_delete", $type, ['$result' => $answer]); @@ -3745,11 +3738,7 @@ function api_direct_messages_destroy($type) } // delete message - $result = q( - "DELETE FROM `mail` WHERE `uid` = %d AND `id` = %d" . $sql_extra, - intval($uid), - intval($id) - ); + $result = DBA::delete('mail', ["`uid` = ? AND `id` = ? " . $sql_extra, $uid, $id]); if ($verbose == "true") { if ($result) { @@ -3915,13 +3904,13 @@ function api_direct_messages_box($type, $box, $verbose) $sql_extra .= " AND `contact`.`nick` = '" . DBA::escape($screen_name). "'"; } - $r = q( - "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid`=%d AND $sql_extra AND `mail`.`id` > %d ORDER BY `mail`.`id` DESC LIMIT %d,%d", - intval(api_user()), - intval($since_id), - intval($start), - intval($count) - ); + $r = DBA::toArray(DBA::p( + "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid` = ? AND $sql_extra AND `mail`.`id` > ? ORDER BY `mail`.`id` DESC LIMIT ?,?", + api_user(), + $since_id, + $start, + $count + )); if ($verbose == "true" && !DBA::isResult($r)) { $answer = ['result' => 'error', 'message' => 'no mails available']; return api_format_data("direct_messages_all", $type, ['$result' => $answer]); @@ -4123,12 +4112,12 @@ function api_fr_photos_list($type) if (api_user() === false) { throw new ForbiddenException(); } - $r = q( + $r = DBA::toArray(DBA::p( "SELECT `resource-id`, MAX(scale) AS `scale`, `album`, `filename`, `type`, MAX(`created`) AS `created`, MAX(`edited`) AS `edited`, MAX(`desc`) AS `desc` FROM `photo` - WHERE `uid` = %d AND `album` != 'Contact Photos' GROUP BY `resource-id`, `album`, `filename`, `type`", - intval(local_user()) - ); + WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) GROUP BY `resource-id`, `album`, `filename`, `type`", + local_user(), Photo::CONTACT_AVATAR, Photo::CONTACT_BANNER + )); $typetoext = [ 'image/jpeg' => 'jpg', 'image/png' => 'png', @@ -4223,7 +4212,7 @@ function api_fr_photo_create_update($type) // now let's upload the new media in create-mode if ($mode == "create") { $media = $_FILES['media']; - $data = save_media_to_database("photo", $media, $type, $album, trim($allow_cid), trim($deny_cid), trim($allow_gid), trim($deny_gid), $desc, $visibility); + $data = save_media_to_database("photo", $media, $type, $album, trim($allow_cid), trim($deny_cid), trim($allow_gid), trim($deny_gid), $desc, Photo::DEFAULT, $visibility); // return success of updating or error message if (!is_null($data)) { @@ -4276,7 +4265,7 @@ function api_fr_photo_create_update($type) if (!empty($_FILES['media'])) { $nothingtodo = false; $media = $_FILES['media']; - $data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, 0, $visibility, $photo_id); + $data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, Photo::DEFAULT, $visibility, $photo_id); if (!is_null($data)) { return api_format_data("photo_update", $type, $data); } @@ -4419,7 +4408,7 @@ function api_account_update_profile_image($type) $media = $_FILES['media']; } // save new profile image - $data = save_media_to_database("profileimage", $media, $type, DI::l10n()->t('Profile Photos'), "", "", "", "", "", $is_default_profile); + $data = save_media_to_database("profileimage", $media, $type, DI::l10n()->t(Photo::PROFILE_PHOTOS), "", "", "", "", "", Photo::USER_AVATAR); // get filetype if (is_array($media['type'])) { @@ -4438,7 +4427,7 @@ function api_account_update_profile_image($type) // change specified profile or all profiles to the new resource-id if ($is_default_profile) { $condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], api_user()]; - Photo::update(['profile' => false], $condition); + Photo::update(['profile' => false, 'photo-type' => Photo::DEFAULT], $condition); } else { $fields = ['photo' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext, 'thumb' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext]; @@ -4545,7 +4534,7 @@ function check_acl_input($acl_string) * @param string $allow_gid * @param string $deny_gid * @param string $desc - * @param integer $profile + * @param integer $phototype * @param boolean $visibility * @param string $photo_id * @return array @@ -4556,7 +4545,7 @@ function check_acl_input($acl_string) * @throws NotFoundException * @throws UnauthorizedException */ -function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $profile = 0, $visibility = false, $photo_id = null) +function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $phototype = 0, $visibility = false, $photo_id = null) { $visitor = 0; $src = ""; @@ -4589,11 +4578,9 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ $filetype = Images::getMimeTypeBySource($src, $filename, $filetype); - Logger::log( + logger::info( "File upload src: " . $src . " - filename: " . $filename . - " - size: " . $filesize . " - type: " . $filetype, - Logger::DEBUG - ); + " - size: " . $filesize . " - type: " . $filetype); // check if there was a php upload error if ($filesize == 0 && $media['error'] == 1) { @@ -4624,7 +4611,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ } if ($max_length > 0) { $Image->scaleDown($max_length); - Logger::log("File upload: Scaling picture to new size " . $max_length, Logger::DEBUG); + logger::info("File upload: Scaling picture to new size " . $max_length); } $width = $Image->getWidth(); $height = $Image->getHeight(); @@ -4634,57 +4621,57 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ if ($mediatype == "photo") { // upload normal image (scales 0, 1, 2) - Logger::log("photo upload: starting new photo upload", Logger::DEBUG); + logger::info("photo upload: starting new photo upload"); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 0, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 0, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { - Logger::log("photo upload: image upload with scale 0 (original size) failed"); + logger::notice("photo upload: image upload with scale 0 (original size) failed"); } if ($width > 640 || $height > 640) { $Image->scaleDown(640); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 1, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 1, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { - Logger::log("photo upload: image upload with scale 1 (640x640) failed"); + logger::notice("photo upload: image upload with scale 1 (640x640) failed"); } } if ($width > 320 || $height > 320) { $Image->scaleDown(320); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 2, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 2, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { - Logger::log("photo upload: image upload with scale 2 (320x320) failed"); + logger::notice("photo upload: image upload with scale 2 (320x320) failed"); } } - Logger::log("photo upload: new photo upload ended", Logger::DEBUG); + logger::info("photo upload: new photo upload ended"); } elseif ($mediatype == "profileimage") { // upload profile image (scales 4, 5, 6) - Logger::log("photo upload: starting new profile image upload", Logger::DEBUG); + logger::info("photo upload: starting new profile image upload"); if ($width > 300 || $height > 300) { $Image->scaleDown(300); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 4, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 4, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { - Logger::log("photo upload: profile image upload with scale 4 (300x300) failed"); + logger::notice("photo upload: profile image upload with scale 4 (300x300) failed"); } } if ($width > 80 || $height > 80) { $Image->scaleDown(80); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 5, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 5, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { - Logger::log("photo upload: profile image upload with scale 5 (80x80) failed"); + logger::notice("photo upload: profile image upload with scale 5 (80x80) failed"); } } if ($width > 48 || $height > 48) { $Image->scaleDown(48); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 6, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 6, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { - Logger::log("photo upload: profile image upload with scale 6 (48x48) failed"); + logger::notice("photo upload: profile image upload with scale 6 (48x48) failed"); } } $Image->__destruct(); - Logger::log("photo upload: new profile image upload ended", Logger::DEBUG); + logger::info("photo upload: new profile image upload ended"); } if (!empty($r)) { @@ -4781,18 +4768,16 @@ function prepare_photo_data($type, $scale, $photo_id) // added allow_cid, allow_gid, deny_cid, deny_gid to output as string like stored in database // clients needs to convert this in their way for further processing - $r = q( - "SELECT %s `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, + $r = DBA::toArray(DBA::p( + "SELECT $data_sql `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`, MIN(`scale`) AS `minscale`, MAX(`scale`) AS `maxscale` - FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' %s GROUP BY + FROM `photo` WHERE `uid` = ? AND `resource-id` = ? $scale_sql GROUP BY `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`", - $data_sql, - intval(local_user()), - DBA::escape($photo_id), - $scale_sql - ); + local_user(), + $photo_id + )); $typetoext = [ 'image/jpeg' => 'jpg', @@ -5236,7 +5221,7 @@ function group_create($name, $uid, $users = []) throw new BadRequestException('group name not specified'); } - // error message if specified group name already exists + // error message if specified group name already exists if (DBA::exists('group', ['uid' => $uid, 'name' => $name, 'deleted' => false])) { throw new BadRequestException('group name already exists'); } @@ -5709,11 +5694,11 @@ function api_friendica_direct_messages_search($type, $box = "") } // get data for the specified searchstring - $r = q( - "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid`=%d AND `body` LIKE '%s' ORDER BY `mail`.`id` DESC", - intval($uid), - DBA::escape('%'.$searchstring.'%') - ); + $r = DBA::toArray(DBA::p( + "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid` = ? AND `body` LIKE ? ORDER BY `mail`.`id` DESC", + $uid, + '%'.$searchstring.'%' + )); $profile_url = $user_info["url"];