X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=af6f54fe607568e20ad0ddd6971516e03b97bdbf;hb=1ffe0cfd818ad48f7c227915d3abf68d26d8a06c;hp=00c2173c38b1b8f4c4297047928e1b8396447f42;hpb=13557985844b669f2dbae1294b39044928a1078f;p=friendica.git diff --git a/include/api.php b/include/api.php index 00c2173c38..af6f54fe60 100644 --- a/include/api.php +++ b/include/api.php @@ -16,6 +16,7 @@ use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\NotificationsManager; use Friendica\Core\PConfig; +use Friendica\Core\Protocol; use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBM; @@ -90,11 +91,15 @@ function api_source() } // Support for known clients that doesn't send a source name - if (strpos($_SERVER['HTTP_USER_AGENT'], "Twidere") !== false) { - return "Twidere"; - } + if (!empty($_SERVER['HTTP_USER_AGENT'])) { + if(strpos($_SERVER['HTTP_USER_AGENT'], "Twidere") !== false) { + return "Twidere"; + } - logger("Unrecognized user-agent ".$_SERVER['HTTP_USER_AGENT'], LOGGER_DEBUG); + logger("Unrecognized user-agent ".$_SERVER['HTTP_USER_AGENT'], LOGGER_DEBUG); + } else { + logger("Empty user-agent", LOGGER_DEBUG); + } return "api"; } @@ -193,8 +198,8 @@ function api_login(App $a) throw new UnauthorizedException("This API requires login"); } - $user = $_SERVER['PHP_AUTH_USER']; - $password = $_SERVER['PHP_AUTH_PW']; + $user = defaults($_SERVER, 'PHP_AUTH_USER', ''); + $password = defaults($_SERVER, 'PHP_AUTH_PW', ''); // allow "user@server" login (but ignore 'server' part) $at = strstr($user, "@", true); @@ -258,7 +263,7 @@ function api_check_method($method) if ($method == "*") { return true; } - return (strpos($method, $_SERVER['REQUEST_METHOD']) !== false); + return (stripos($method, defaults($_SERVER, 'REQUEST_METHOD', 'GET')) !== false); } /** @@ -298,7 +303,7 @@ function api_call(App $a) //unset($_SERVER['PHP_AUTH_USER']); /// @TODO should be "true ==[=] $info['auth']", if you miss only one = character, you assign a variable (only with ==). Let's make all this even. - if ($info['auth'] === true && api_user() === false) { + if (!empty($info['auth']) && api_user() === false) { api_login($a); } @@ -475,7 +480,7 @@ function api_rss_extra(App $a, $arr, $user_info) 'base' => System::baseUrl(), 'updated' => api_date(null), 'atom_updated' => DateTimeFormat::utcNow(DateTimeFormat::ATOM), - 'language' => $user_info['language'], + 'language' => $user_info['lang'], 'logo' => System::baseUrl() . "/images/friendica-32.png", ]; @@ -571,6 +576,7 @@ function api_get_user(App $a, $contact_id = null) } } + // $called_api is the API path exploded on / and is expected to have at least 2 elements if (is_null($user) && ($a->argc > (count($called_api) - 1)) && (count($called_api) > 0)) { $argid = count($called_api); list($user, $null) = explode(".", $a->argv[$argid]); @@ -688,59 +694,8 @@ function api_get_user(App $a, $contact_id = null) $usr = dba::selectFirst('user', ['default-location'], ['uid' => api_user()]); $profile = dba::selectFirst('profile', ['about'], ['uid' => api_user(), 'is-default' => true]); - - /// @TODO old-lost code? (twice) - // Counting is deactivated by now, due to performance issues - // count public wall messages - //$r = q("SELECT COUNT(*) as `count` FROM `item` WHERE `uid` = %d AND `wall`", - // intval($uinfo[0]['uid']) - //); - //$countitms = $r[0]['count']; - $countitms = 0; - } else { - // Counting is deactivated by now, due to performance issues - //$r = q("SELECT count(*) as `count` FROM `item` - // WHERE `contact-id` = %d", - // intval($uinfo[0]['id']) - //); - //$countitms = $r[0]['count']; - $countitms = 0; - } - - /// @TODO old-lost code? (twice) - /* - // Counting is deactivated by now, due to performance issues - // count friends - $r = q("SELECT count(*) as `count` FROM `contact` - WHERE `uid` = %d AND `rel` IN ( %d, %d ) - AND `self`=0 AND NOT `blocked` AND NOT `pending` AND `hidden`=0", - intval($uinfo[0]['uid']), - intval(CONTACT_IS_SHARING), - intval(CONTACT_IS_FRIEND) - ); - $countfriends = $r[0]['count']; - - $r = q("SELECT count(*) as `count` FROM `contact` - WHERE `uid` = %d AND `rel` IN ( %d, %d ) - AND `self`=0 AND NOT `blocked` AND NOT `pending` AND `hidden`=0", - intval($uinfo[0]['uid']), - intval(CONTACT_IS_FOLLOWER), - intval(CONTACT_IS_FRIEND) - ); - $countfollowers = $r[0]['count']; - - $r = q("SELECT count(*) as `count` FROM item where starred = 1 and uid = %d and deleted = 0", - intval($uinfo[0]['uid']) - ); - $starred = $r[0]['count']; - - - if (! $uinfo[0]['self']) { - $countfriends = 0; - $countfollowers = 0; - $starred = 0; - } - */ + } + $countitems = 0; $countfriends = 0; $countfollowers = 0; $starred = 0; @@ -790,7 +745,7 @@ function api_get_user(App $a, $contact_id = null) 'time_zone' => 'UTC', 'geo_enabled' => false, 'verified' => true, - 'statuses_count' => intval($countitms), + 'statuses_count' => intval($countitems), 'lang' => '', 'contributors_enabled' => false, 'is_translator' => false, @@ -824,13 +779,13 @@ function api_get_user(App $a, $contact_id = null) $link_color = PConfig::get($ret['uid'], 'frio', 'link_color'); $bgcolor = PConfig::get($ret['uid'], 'frio', 'background_color'); } - if (!$nav_bg) { + if (empty($nav_bg)) { $nav_bg = "#708fa0"; } - if (!$link_color) { + if (empty($link_color)) { $link_color = "#6fdbe8"; } - if (!$bgcolor) { + if (empty($bgcolor)) { $bgcolor = "#ededed"; } @@ -852,12 +807,12 @@ function api_get_user(App $a, $contact_id = null) */ function api_item_get_user(App $a, $item) { - $status_user = api_get_user($a, $item["author-id"]); + $status_user = api_get_user($a, defaults($item, 'author-id', null)); - $status_user["protected"] = $item["private"]; + $status_user["protected"] = defaults($item, 'private', 0); - if ($item['thr-parent'] == $item['uri']) { - $owner_user = api_get_user($a, $item["owner-id"]); + if (defaults($item, 'thr-parent', '') == defaults($item, 'uri', '')) { + $owner_user = api_get_user($a, defaults($item, 'author-id', null)); } else { $owner_user = $status_user; } @@ -931,7 +886,6 @@ function api_create_xml(array $data, $root_element) { $childname = key($data); $data2 = array_pop($data); - $key = key($data2); $namespaces = ["" => "http://api.twitter.com", "statusnet" => "http://status.net/schema/api/1/", @@ -944,18 +898,19 @@ function api_create_xml(array $data, $root_element) } if (is_array($data2)) { + $key = key($data2); api_walk_recursive($data2, "api_reformat_xml"); - } - if ($key == "0") { - $data4 = []; - $i = 1; + if ($key == "0") { + $data4 = []; + $i = 1; - foreach ($data2 as $item) { - $data4[$i++ . ":" . $childname] = $item; - } + foreach ($data2 as $item) { + $data4[$i++ . ":" . $childname] = $item; + } - $data2 = $data4; + $data2 = $data4; + } } $data3 = [$root_element => $data2]; @@ -1173,18 +1128,8 @@ function api_statuses_update($type) if ($throttle_day > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60); - $r = q( - "SELECT COUNT(*) AS `posts_day` FROM `item` WHERE `uid`=%d AND `wall` - AND `created` > '%s' AND `id` = `parent`", - intval(api_user()), - dbesc($datefrom) - ); - - if (DBM::is_result($r)) { - $posts_day = $r[0]["posts_day"]; - } else { - $posts_day = 0; - } + $condition = ["`uid` = ? AND `wall` AND `created` > ? AND `id` = `parent`", api_user(), $datefrom]; + $posts_day = dba::count('item', $condition); if ($posts_day > $throttle_day) { logger('Daily posting limit reached for user '.api_user(), LOGGER_DEBUG); @@ -1197,18 +1142,8 @@ function api_statuses_update($type) if ($throttle_week > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*7); - $r = q( - "SELECT COUNT(*) AS `posts_week` FROM `item` WHERE `uid`=%d AND `wall` - AND `created` > '%s' AND `id` = `parent`", - intval(api_user()), - dbesc($datefrom) - ); - - if (DBM::is_result($r)) { - $posts_week = $r[0]["posts_week"]; - } else { - $posts_week = 0; - } + $condition = ["`uid` = ? AND `wall` AND `created` > ? AND `id` = `parent`", api_user(), $datefrom]; + $posts_week = dba::count('item', $condition); if ($posts_week > $throttle_week) { logger('Weekly posting limit reached for user '.api_user(), LOGGER_DEBUG); @@ -1221,18 +1156,8 @@ function api_statuses_update($type) if ($throttle_month > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*30); - $r = q( - "SELECT COUNT(*) AS `posts_month` FROM `item` WHERE `uid`=%d AND `wall` - AND `created` > '%s' AND `id` = `parent`", - intval(api_user()), - dbesc($datefrom) - ); - - if (DBM::is_result($r)) { - $posts_month = $r[0]["posts_month"]; - } else { - $posts_month = 0; - } + $condition = ["`uid` = ? AND `wall` AND `created` > ? AND `id` = `parent`", api_user(), $datefrom]; + $posts_month = dba::count('item', $condition); if ($posts_month > $throttle_month) { logger('Monthly posting limit reached for user '.api_user(), LOGGER_DEBUG); @@ -1351,8 +1276,8 @@ function api_status_show($type) } // get last public wall message - $condition = ["`owner-id` = ? AND `uid` = ? AND `type` != 'activity' ".$privacy_sql, - $user_info['pid'], api_user()]; + $condition = ['owner-id' => $user_info['pid'], 'uid' => api_user(), + 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT]]; $lastwall = dba::selectFirst('item', [], $condition, ['order' => ['id' => true]]); if (DBM::is_result($lastwall)) { @@ -1380,19 +1305,19 @@ function api_status_show($type) 'in_reply_to_screen_name' => $in_reply_to['screen_name'], 'user' => $user_info, $geo => null, - 'coordinates' => "", - 'place' => "", - 'contributors' => "", + 'coordinates' => '', + 'place' => '', + 'contributors' => '', 'is_quote_status' => false, 'retweet_count' => 0, 'favorite_count' => 0, 'favorited' => $lastwall['starred'] ? true : false, 'retweeted' => false, 'possibly_sensitive' => false, - 'lang' => "", + 'lang' => '', 'statusnet_html' => $converted["html"], 'statusnet_conversation_id' => $lastwall['parent'], - 'external_url' => System::baseUrl() . "/display/" . $lastwall['guid'], + 'external_url' => System::baseUrl() . '/display/' . $lastwall['guid'], ]; if (count($converted["attachments"]) > 0) { @@ -1436,8 +1361,8 @@ function api_users_show($type) $user_info = api_get_user($a); - $condition = ["`owner-id` = ? AND `uid` = ? AND `verb` = ? AND `type` != 'activity' AND NOT `private`", - $user_info['pid'], api_user(), ACTIVITY_POST]; + $condition = ['owner-id' => $user_info['pid'], 'uid' => api_user(), + 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], 'private' => false]; $lastwall = dba::selectFirst('item', [], $condition, ['order' => ['id' => true]]); if (DBM::is_result($lastwall)) { @@ -1558,7 +1483,7 @@ function api_users_lookup($type) { $users = []; - if (x($_REQUEST['user_id'])) { + if (!empty($_REQUEST['user_id'])) { foreach (explode(',', $_REQUEST['user_id']) as $id) { if (!empty($id)) { $users[] = api_get_user(get_app(), $id); @@ -1615,10 +1540,10 @@ function api_search($type) $start = $page * $count; - $condition = ["`verb` = ? AND `item`.`id` > ? + $condition = ["`gravity` IN (?, ?) AND `item`.`id` > ? AND (`item`.`uid` = 0 OR (`item`.`uid` = ? AND NOT `item`.`global`)) AND `item`.`body` LIKE CONCAT('%',?,'%')", - ACTIVITY_POST, $since_id, api_user(), $_REQUEST['q']]; + GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, api_user(), $_REQUEST['q']]; if ($max_id > 0) { $condition[0] .= " AND `item`.`id` <= ?"; @@ -1626,9 +1551,9 @@ function api_search($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Item::select(api_user(), [], $condition, $params); + $statuses = Item::selectForUser(api_user(), [], $condition, $params); - $data['status'] = api_format_items(dba::inArray($statuses), $user_info); + $data['status'] = api_format_items(Item::inArray($statuses), $user_info); return api_format_data("statuses", $type, $data); } @@ -1678,7 +1603,8 @@ function api_statuses_home_timeline($type) $start = $page * $count; - $condition = ["`uid` = ? AND `verb` = ? AND `item`.`id` > ?", api_user(), ACTIVITY_POST, $since_id]; + $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `item`.`id` > ?", + api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; if ($max_id > 0) { $condition[0] .= " AND `item`.`id` <= ?"; @@ -1693,9 +1619,9 @@ function api_statuses_home_timeline($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Item::select(api_user(), [], $condition, $params); + $statuses = Item::selectForUser(api_user(), [], $condition, $params); - $items = dba::inArray($statuses); + $items = Item::inArray($statuses); $ret = api_format_items($items, $user_info, false, $type); @@ -1706,7 +1632,7 @@ function api_statuses_home_timeline($type) } if (!empty($idarray)) { - $unseen = dba::exists('item', ['unseen' => true, 'id' => $idarray]); + $unseen = Item::exists(['unseen' => true, 'id' => $idarray]); if ($unseen) { Item::update(['unseen' => false], ['unseen' => true, 'id' => $idarray]); } @@ -1761,8 +1687,8 @@ function api_statuses_public_timeline($type) $sql_extra = ''; if ($exclude_replies && !$conversation_id) { - $condition = ["`verb` = ? AND `iid` > ? AND NOT `private` AND `wall` AND NOT `user`.`hidewall`", - ACTIVITY_POST, $since_id]; + $condition = ["`gravity` IN (?, ?) AND `iid` > ? AND NOT `private` AND `wall` AND NOT `user`.`hidewall`", + GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; if ($max_id > 0) { $condition[0] .= " AND `thread`.`iid` <= ?"; @@ -1770,12 +1696,12 @@ function api_statuses_public_timeline($type) } $params = ['order' => ['iid' => true], 'limit' => [$start, $count]]; - $statuses = Item::selectThread(api_user(), [], $condition, $params); + $statuses = Item::selectThreadForUser(api_user(), Item::DISPLAY_FIELDLIST, $condition, $params); - $r = dba::inArray($statuses); + $r = Item::inArray($statuses); } else { - $condition = ["`verb` = ? AND `id` > ? AND NOT `private` AND `wall` AND NOT `user`.`hidewall` AND `item`.`origin`", - ACTIVITY_POST, $since_id]; + $condition = ["`gravity` IN (?, ?) AND `id` > ? AND NOT `private` AND `wall` AND NOT `user`.`hidewall` AND `item`.`origin`", + GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; if ($max_id > 0) { $condition[0] .= " AND `item`.`id` <= ?"; @@ -1787,9 +1713,9 @@ function api_statuses_public_timeline($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Item::select(api_user(), [], $condition, $params); + $statuses = Item::selectForUser(api_user(), [], $condition, $params); - $r = dba::inArray($statuses); + $r = Item::inArray($statuses); } $ret = api_format_items($r, $user_info, false, $type); @@ -1837,8 +1763,8 @@ function api_statuses_networkpublic_timeline($type) } $start = ($page - 1) * $count; - $condition = ["`uid` = 0 AND `verb` = ? AND `thread`.`iid` > ? AND NOT `private`", - ACTIVITY_POST, $since_id]; + $condition = ["`uid` = 0 AND `gravity` IN (?, ?) AND `thread`.`iid` > ? AND NOT `private`", + GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; if ($max_id > 0) { $condition[0] .= " AND `thread`.`iid` <= ?"; @@ -1846,9 +1772,9 @@ function api_statuses_networkpublic_timeline($type) } $params = ['order' => ['iid' => true], 'limit' => [$start, $count]]; - $statuses = Item::selectThread(api_user(), [], $condition, $params); + $statuses = Item::selectThreadForUser(api_user(), Item::DISPLAY_FIELDLIST, $condition, $params); - $ret = api_format_items(dba::inArray($statuses), $user_info, false, $type); + $ret = api_format_items(Item::inArray($statuses), $user_info, false, $type); $data = ['status' => $ret]; switch ($type) { @@ -1881,20 +1807,20 @@ function api_statuses_show($type) } // params - $id = intval($a->argv[3]); + $id = intval(defaults($a->argv, 3, 0)); if ($id == 0) { - $id = intval($_REQUEST["id"]); + $id = intval(defaults($_REQUEST, 'id', 0)); } // Hotot workaround if ($id == 0) { - $id = intval($a->argv[4]); + $id = intval(defaults($a->argv, 4, 0)); } logger('API: api_statuses_show: ' . $id); - $conversation = (x($_REQUEST, 'conversation') ? 1 : 0); + $conversation = !empty($_REQUEST['conversation']); // try to fetch the item for the local user - or the public item, if there is no local one $uri_item = dba::selectFirst('item', ['uri'], ['id' => $id]); @@ -1910,21 +1836,21 @@ function api_statuses_show($type) $id = $item['id']; if ($conversation) { - $condition = ['parent' => $id, 'verb' => ACTIVITY_POST]; + $condition = ['parent' => $id, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT]]; $params = ['order' => ['id' => true]]; } else { - $condition = ['id' => $id, 'verb' => ACTIVITY_POST]; + $condition = ['id' => $id, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT]]; $params = []; } - $statuses = Item::select(api_user(), [], $condition, $params); + $statuses = Item::selectForUser(api_user(), [], $condition, $params); /// @TODO How about copying this to above methods which don't check $r ? if (!DBM::is_result($statuses)) { throw new BadRequestException("There is no status with this id."); } - $ret = api_format_items(dba::inArray($statuses), $user_info, false, $type); + $ret = api_format_items(Item::inArray($statuses), $user_info, false, $type); if ($conversation) { $data = ['status' => $ret]; @@ -1954,24 +1880,24 @@ function api_conversation_show($type) } // params - $id = intval($a->argv[3]); - $count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20); - $page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0); + $id = intval(defaults($a->argv , 3 , 0)); + $since_id = intval(defaults($_REQUEST, 'since_id', 0)); + $max_id = intval(defaults($_REQUEST, 'max_id' , 0)); + $count = intval(defaults($_REQUEST, 'count' , 20)); + $page = intval(defaults($_REQUEST, 'page' , 1)) - 1; if ($page < 0) { $page = 0; } - $since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0); - $max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0); - $start = $page*$count; + $start = $page * $count; if ($id == 0) { - $id = intval($_REQUEST["id"]); + $id = intval(defaults($_REQUEST, 'id', 0)); } // Hotot workaround if ($id == 0) { - $id = intval($a->argv[4]); + $id = intval(defaults($a->argv, 4, 0)); } logger('API: api_conversation_show: '.$id); @@ -1989,8 +1915,8 @@ function api_conversation_show($type) $id = $parent['id']; - $condition = ["`parent` = ? AND `uid` IN (0, ?) AND `verb` = ? AND `item`.`id` > ?", - $id, api_user(), ACTIVITY_POST, $since_id]; + $condition = ["`parent` = ? AND `uid` IN (0, ?) AND `gravity` IN (?, ?) AND `item`.`id` > ?", + $id, api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; if ($max_id > 0) { $condition[0] .= " AND `item`.`id` <= ?"; @@ -1998,13 +1924,13 @@ function api_conversation_show($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Item::select(api_user(), [], $condition, $params); + $statuses = Item::selectForUser(api_user(), [], $condition, $params); if (!DBM::is_result($statuses)) { throw new BadRequestException("There is no status with id $id."); } - $ret = api_format_items(dba::inArray($statuses), $user_info, false, $type); + $ret = api_format_items(Item::inArray($statuses), $user_info, false, $type); $data = ['status' => $ret]; return api_format_data("statuses", $type, $data); @@ -2034,21 +1960,21 @@ function api_statuses_repeat($type) api_get_user($a); // params - $id = intval($a->argv[3]); + $id = intval(defaults($a->argv, 3, 0)); if ($id == 0) { - $id = intval($_REQUEST["id"]); + $id = intval(defaults($_REQUEST, 'id', 0)); } // Hotot workaround if ($id == 0) { - $id = intval($a->argv[4]); + $id = intval(defaults($a->argv, 4, 0)); } logger('API: api_statuses_repeat: '.$id); $fields = ['body', 'author-name', 'author-link', 'author-avatar', 'guid', 'created', 'plink']; - $item = Item::selectFirst(api_user(), $fields, ['id' => $id, 'private' => false]); + $item = Item::selectFirst($fields, ['id' => $id, 'private' => false]); if (DBM::is_result($item) && $item['body'] != "") { if (strpos($item['body'], "[/share]") !== false) { @@ -2100,15 +2026,15 @@ function api_statuses_destroy($type) api_get_user($a); // params - $id = intval($a->argv[3]); + $id = intval(defaults($a->argv, 3, 0)); if ($id == 0) { - $id = intval($_REQUEST["id"]); + $id = intval(defaults($_REQUEST, 'id', 0)); } // Hotot workaround if ($id == 0) { - $id = intval($a->argv[4]); + $id = intval(defaults($a->argv, 4, 0)); } logger('API: api_statuses_destroy: '.$id); @@ -2158,9 +2084,9 @@ function api_statuses_mentions($type) $start = ($page - 1) * $count; - $condition = ["`uid` = ? AND `verb` = ? AND `item`.`id` > ? AND `author-id` != ? - AND `item`.`parent` IN (SELECT `iid` FROM `thread` WHERE `uid` = ? AND `mention` AND NOT `ignored`)", - api_user(), ACTIVITY_POST, $since_id, $user_info['pid'], api_user()]; + $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `item`.`id` > ? AND `author-id` != ? + AND `item`.`parent` IN (SELECT `iid` FROM `thread` WHERE `thread`.`uid` = ? AND `thread`.`mention` AND NOT `thread`.`ignored`)", + api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $user_info['pid'], api_user()]; if ($max_id > 0) { $condition[0] .= " AND `item`.`id` <= ?"; @@ -2168,9 +2094,9 @@ function api_statuses_mentions($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Item::select(api_user(), [], $condition, $params); + $statuses = Item::selectForUser(api_user(), [], $condition, $params); - $ret = api_format_items(dba::inArray($statuses), $user_info, false, $type); + $ret = api_format_items(Item::inArray($statuses), $user_info, false, $type); $data = ['status' => $ret]; switch ($type) { @@ -2226,8 +2152,8 @@ function api_statuses_user_timeline($type) } $start = ($page - 1) * $count; - $condition = ["`uid` = ? AND `verb` = ? AND `item`.`id` > ? AND `item`.`contact-id` = ?", - api_user(), ACTIVITY_POST, $since_id, $user_info['cid']]; + $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `item`.`id` > ? AND `item`.`contact-id` = ?", + api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $user_info['cid']]; if ($user_info['self'] == 1) { $condition[0] .= ' AND `item`.`wall` '; @@ -2248,9 +2174,9 @@ function api_statuses_user_timeline($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Item::select(api_user(), [], $condition, $params); + $statuses = Item::selectForUser(api_user(), [], $condition, $params); - $ret = api_format_items(dba::inArray($statuses), $user_info, true, $type); + $ret = api_format_items(Item::inArray($statuses), $user_info, true, $type); $data = ['status' => $ret]; switch ($type) { @@ -2285,7 +2211,7 @@ function api_favorites_create_destroy($type) // for versioned api. /// @TODO We need a better global soluton $action_argv_id = 2; - if ($a->argv[1] == "1.1") { + if (count($a->argv) > 1 && $a->argv[1] == "1.1") { $action_argv_id = 3; } @@ -2294,13 +2220,12 @@ function api_favorites_create_destroy($type) } $action = str_replace("." . $type, "", $a->argv[$action_argv_id]); if ($a->argc == $action_argv_id + 2) { - $itemid = intval($a->argv[$action_argv_id + 1]); + $itemid = intval(defaults($a->argv, $action_argv_id + 1, 0)); } else { - /// @TODO use x() to check if _REQUEST contains 'id' - $itemid = intval($_REQUEST['id']); + $itemid = intval(defaults($_REQUEST, 'id', 0)); } - $item = Item::selectFirst(api_user(), [], ['id' => $itemid, 'uid' => api_user()]); + $item = Item::selectFirstForUser(api_user(), [], ['id' => $itemid, 'uid' => api_user()]); if (!DBM::is_result($item)) { throw new BadRequestException("Invalid item."); @@ -2380,8 +2305,8 @@ function api_favorites($type) $start = $page*$count; - $condition = ["`uid` = ? AND `verb` = ? AND `id` > ? AND `starred`", - api_user(), ACTIVITY_POST, $since_id]; + $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `starred`", + api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; @@ -2390,9 +2315,9 @@ function api_favorites($type) $condition[] = $max_id; } - $statuses = Item::select(api_user(), [], $condition, $params); + $statuses = Item::selectForUser(api_user(), [], $condition, $params); - $ret = api_format_items(dba::inArray($statuses), $user_info, false, $type); + $ret = api_format_items(Item::inArray($statuses), $user_info, false, $type); } $data = ['status' => $ret]; @@ -2420,25 +2345,33 @@ function api_format_messages($item, $recipient, $sender) { // standard meta information $ret = [ - 'id' => $item['id'], - 'sender_id' => $sender['id'] , - 'text' => "", - 'recipient_id' => $recipient['id'], - 'created_at' => api_date($item['created']), - 'sender_screen_name' => $sender['screen_name'], - 'recipient_screen_name' => $recipient['screen_name'], - 'sender' => $sender, - 'recipient' => $recipient, - 'title' => "", - 'friendica_seen' => $item['seen'], - 'friendica_parent_uri' => $item['parent-uri'], + 'id' => $item['id'], + 'sender_id' => $sender['id'] , + 'text' => "", + 'recipient_id' => $recipient['id'], + 'created_at' => api_date(defaults($item, 'created', DateTimeFormat::utcNow())), + 'sender_screen_name' => $sender['screen_name'], + 'recipient_screen_name' => $recipient['screen_name'], + 'sender' => $sender, + 'recipient' => $recipient, + 'title' => "", + 'friendica_seen' => defaults($item, 'seen', 0), + 'friendica_parent_uri' => defaults($item, 'parent-uri', ''), ]; // "uid" and "self" are only needed for some internal stuff, so remove it from here - unset($ret["sender"]["uid"]); - unset($ret["sender"]["self"]); - unset($ret["recipient"]["uid"]); - unset($ret["recipient"]["self"]); + if (isset($ret['sender']['uid'])) { + unset($ret['sender']['uid']); + } + if (isset($ret['sender']['self'])) { + unset($ret['sender']['self']); + } + if (isset($ret['recipient']['uid'])) { + unset($ret['recipient']['uid']); + } + if (isset($ret['recipient']['self'])) { + unset($ret['recipient']['self']); + } //don't send title to regular StatusNET requests to avoid confusing these apps if (x($_GET, 'getText')) { @@ -2485,8 +2418,8 @@ function api_convert_item($item) $statustext = trim($statustitle."\n\n".$statusbody); } - if (($item["network"] == NETWORK_FEED) && (strlen($statustext)> 1000)) { - $statustext = substr($statustext, 0, 1000)."... \n".$item["plink"]; + if ((defaults($item, 'network', Protocol::PHANTOM) == Protocol::FEED) && (strlen($statustext)> 1000)) { + $statustext = substr($statustext, 0, 1000) . "... \n" . defaults($item, 'plink', ''); } $statushtml = BBCode::convert(api_clean_attachments($body), false); @@ -2520,7 +2453,7 @@ function api_convert_item($item) } // feeds without body should contain the link - if (($item['network'] == NETWORK_FEED) && (strlen($item['body']) == 0)) { + if ((defaults($item, 'network', Protocol::PHANTOM) == Protocol::FEED) && (strlen($item['body']) == 0)) { $statushtml .= BBCode::convert($item['plink']); } @@ -2562,7 +2495,7 @@ function api_get_attachments(&$body) } } - if (strstr($_SERVER['HTTP_USER_AGENT'], "AndStatus")) { + if (strstr(defaults($_SERVER, 'HTTP_USER_AGENT', ''), "AndStatus")) { foreach ($images[0] as $orig) { $body = str_replace($orig, "", $body); } @@ -2806,20 +2739,16 @@ function api_format_items_activities(&$item, $type = "json") 'attendmaybe' => [], ]; - $items = q( - 'SELECT * FROM `item` - WHERE `uid` = %d AND `thr-parent` = "%s" AND `visible` AND NOT `deleted`', - intval($item['uid']), - dbesc($item['uri']) - ); + $condition = ['uid' => $item['uid'], 'thr-parent' => $item['uri']]; + $ret = Item::selectForUser($item['uid'], ['author-id', 'verb'], $condition); - foreach ($items as $i) { + while ($item = Item::fetch($ret)) { // not used as result should be structured like other user data //builtin_activity_puller($i, $activities); // get user data and add it to the array of the activity - $user = api_get_user($a, $i['author-id']); - switch ($i['verb']) { + $user = api_get_user($a, $item['author-id']); + switch ($item['verb']) { case ACTIVITY_LIKE: $activities['like'][] = $user; break; @@ -2840,6 +2769,8 @@ function api_format_items_activities(&$item, $type = "json") } } + dba::close($ret); + if ($type == "xml") { $xml_activities = []; foreach ($activities as $k => $v) { @@ -3182,8 +3113,8 @@ function api_lists_statuses($type) $start = $page * $count; - $condition = ["`uid` = ? AND `verb` = ? AND `id` > ? AND `group_member`.`gid` = ?", - api_user(), ACTIVITY_POST, $since_id, $_REQUEST['list_id']]; + $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `group_member`.`gid` = ?", + api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $_REQUEST['list_id']]; if ($max_id > 0) { $condition[0] .= " AND `item`.`id` <= ?"; @@ -3198,9 +3129,9 @@ function api_lists_statuses($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Item::select(api_user(), [], $condition, $params); + $statuses = Item::selectForUser(api_user(), [], $condition, $params); - $items = api_format_items(dba::inArray($statuses), $user_info, false, $type); + $items = api_format_items(Item::inArray($statuses), $user_info, false, $type); $data = ['status' => $items]; switch ($type) { @@ -3406,18 +3337,15 @@ function api_statusnet_config($type) { $a = get_app(); - $name = $a->config['sitename']; - $server = $a->get_hostname(); - $logo = System::baseUrl() . '/images/friendica-64.png'; - $email = $a->config['admin_email']; - $closed = (($a->config['register_policy'] == REGISTER_CLOSED) ? 'true' : 'false'); - $private = ((Config::get('system', 'block_public')) ? 'true' : 'false'); - $textlimit = (string) (($a->config['max_import_size']) ? $a->config['max_import_size'] : 200000); - if ($a->config['api_import_size']) { - $textlimit = (string) $a->config['api_import_size']; - } - $ssl = ((Config::get('system', 'have_ssl')) ? 'true' : 'false'); - $sslserver = (($ssl === 'true') ? str_replace('http:', 'https:', System::baseUrl()) : ''); + $name = Config::get('config', 'sitename'); + $server = $a->get_hostname(); + $logo = System::baseUrl() . '/images/friendica-64.png'; + $email = Config::get('config', 'admin_email'); + $closed = Config::get('config', 'register_policy') == REGISTER_CLOSED ? 'true' : 'false'; + $private = Config::get('system', 'block_public') ? 'true' : 'false'; + $textlimit = (string) Config::get('config', 'api_import_size', Config::get('config', 'max_import_size', 200000)); + $ssl = Config::get('system', 'have_ssl') ? 'true' : 'false'; + $sslserver = Config::get('system', 'have_ssl') ? str_replace('http:', 'https:', System::baseUrl()) : ''; $config = [ 'site' => ['name' => $name,'server' => $server, 'theme' => 'default', 'path' => '', @@ -3539,34 +3467,40 @@ api_register_func('api/followers/ids', 'api_followers_ids', true); */ function api_direct_messages_new($type) { - $a = get_app(); if (api_user() === false) { throw new ForbiddenException(); } - if (!x($_POST, "text") || (!x($_POST, "screen_name") && !x($_POST, "user_id"))) { + if (empty($_POST["text"]) || empty($_POST["screen_name"]) && empty($_POST["user_id"])) { return; } $sender = api_get_user($a); - if ($_POST['screen_name']) { + $recipient = null; + if (!empty($_POST['screen_name'])) { $r = q( "SELECT `id`, `nurl`, `network` FROM `contact` WHERE `uid`=%d AND `nick`='%s'", intval(api_user()), dbesc($_POST['screen_name']) ); - // Selecting the id by priority, friendica first - api_best_nickname($r); + if (DBM::is_result($r)) { + // Selecting the id by priority, friendica first + api_best_nickname($r); - $recipient = api_get_user($a, $r[0]['nurl']); + $recipient = api_get_user($a, $r[0]['nurl']); + } } else { $recipient = api_get_user($a, $_POST['user_id']); } + if (empty($recipient)) { + throw new NotFoundException('Recipient not found'); + } + $replyto = ''; $sub = ''; if (x($_REQUEST, 'replyto')) { @@ -3700,24 +3634,21 @@ api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy', function api_direct_messages_box($type, $box, $verbose) { $a = get_app(); - $user_info = api_get_user($a); - - if (api_user() === false || $user_info === false) { + if (api_user() === false) { throw new ForbiddenException(); } - // params - $count = (x($_GET, 'count') ? $_GET['count'] : 20); - $page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0); + $count = defaults($_GET, 'count', 20); + $page = defaults($_REQUEST, 'page', 1) - 1; if ($page < 0) { $page = 0; } - $since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0); - $max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0); + $since_id = defaults($_REQUEST, 'since_id', 0); + $max_id = defaults($_REQUEST, 'max_id', 0); - $user_id = (x($_REQUEST, 'user_id') ? $_REQUEST['user_id'] : ""); - $screen_name = (x($_REQUEST, 'screen_name') ? $_REQUEST['screen_name'] : ""); + $user_id = defaults($_REQUEST, 'user_id', ''); + $screen_name = defaults($_REQUEST, 'screen_name', ''); // caller user info unset($_REQUEST["user_id"]); @@ -3726,6 +3657,10 @@ function api_direct_messages_box($type, $box, $verbose) unset($_REQUEST["screen_name"]); unset($_GET["screen_name"]); + $user_info = api_get_user($a); + if ($user_info === false) { + throw new ForbiddenException(); + } $profile_url = $user_info["url"]; // pagination @@ -3737,7 +3672,7 @@ function api_direct_messages_box($type, $box, $verbose) if ($box=="sentbox") { $sql_extra = "`mail`.`from-url`='" . dbesc($profile_url) . "'"; } elseif ($box == "conversation") { - $sql_extra = "`mail`.`parent-uri`='" . dbesc($_GET["uri"]) . "'"; + $sql_extra = "`mail`.`parent-uri`='" . dbesc(defaults($_GET, 'uri', '')) . "'"; } elseif ($box == "all") { $sql_extra = "true"; } elseif ($box == "inbox") { @@ -3923,16 +3858,13 @@ function api_fr_photoalbum_delete($type) // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore // to the user and the contacts of the users (drop_items() performs the federation of the deletion to other networks foreach ($r as $rr) { - $photo_item = q( - "SELECT `id` FROM `item` WHERE `uid` = %d AND `resource-id` = '%s' AND `type` = 'photo'", - intval(local_user()), - dbesc($rr['resource-id']) - ); + $condition = ['uid' => local_user(), 'resource-id' => $rr['resource-id'], 'type' => 'photo']; + $photo_item = Item::selectFirstForUser(local_user(), ['id'], $condition); if (!DBM::is_result($photo_item)) { throw new InternalServerErrorException("problem with deleting items occured"); } - Item::deleteForUser(['id' => $photo_item[0]['id']], api_user()); + Item::deleteForUser(['id' => $photo_item['id']], api_user()); } // now let's delete all photos from the album @@ -4213,18 +4145,15 @@ function api_fr_photo_delete($type) // return success of deletion or error message if ($result) { // retrieve the id of the parent element (the photo element) - $photo_item = q( - "SELECT `id` FROM `item` WHERE `uid` = %d AND `resource-id` = '%s' AND `type` = 'photo'", - intval(local_user()), - dbesc($photo_id) - ); + $condition = ['uid' => local_user(), 'resource-id' => $photo_id, 'type' => 'photo']; + $photo_item = Item::selectFirstForUser(local_user(), ['id'], $condition); if (!DBM::is_result($photo_item)) { throw new InternalServerErrorException("problem with deleting items occured"); } // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore // to the user and the contacts of the users (drop_items() do all the necessary magic to avoid orphans in database and federate deletion) - Item::deleteForUser(['id' => $photo_item[0]['id']], api_user()); + Item::deleteForUser(['id' => $photo_item['id']], api_user()); $answer = ['result' => 'deleted', 'message' => 'photo with id `' . $photo_id . '` has been deleted from server.']; return api_format_data("photo_delete", $type, ['$result' => $answer]); @@ -4599,7 +4528,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility = false) { // get data about the api authenticated user - $uri = item_new_uri(get_app()->get_hostname(), intval(api_user())); + $uri = Item::newURI(intval(api_user())); $owner_record = q("SELECT * FROM `contact` WHERE `uid`= %d AND `self` LIMIT 1", intval(api_user())); $arr = []; @@ -4712,21 +4641,19 @@ function prepare_photo_data($type, $scale, $photo_id) } // retrieve item element for getting activities (like, dislike etc.) related to photo - $item = q( - "SELECT * FROM `item` WHERE `uid` = %d AND `resource-id` = '%s' AND `type` = 'photo'", - intval(local_user()), - dbesc($photo_id) - ); - $data['photo']['friendica_activities'] = api_format_items_activities($item[0], $type); + $condition = ['uid' => local_user(), 'resource-id' => $photo_id, 'type' => 'photo']; + $item = Item::selectFirstForUser(local_user(), ['id'], $condition); + + $data['photo']['friendica_activities'] = api_format_items_activities($item, $type); // retrieve comments on photo - $condition = ["`parent` = ? AND `uid` = ? AND (`verb` = ? OR `type`='photo')", - $item[0]['parent'], api_user(), ACTIVITY_POST]; + $condition = ["`parent` = ? AND `uid` = ? AND (`gravity` IN (?, ?) OR `type`='photo')", + $item[0]['parent'], api_user(), GRAVITY_PARENT, GRAVITY_COMMENT]; - $statuses = Item::select(api_user(), [], $condition); + $statuses = Item::selectForUser(api_user(), [], $condition); // prepare output of comments - $commentData = api_format_items(dba::inArray($statuses), $user_info, false, $type); + $commentData = api_format_items(Item::inArray($statuses), $user_info, false, $type); $comments = []; if ($type == "xml") { $k = 0; @@ -5012,35 +4939,26 @@ function api_in_reply_to($item) $in_reply_to['screen_name'] = null; if (($item['thr-parent'] != $item['uri']) && (intval($item['parent']) != intval($item['id']))) { - $r = q( - "SELECT `id` FROM `item` WHERE `uid` = %d AND `uri` = '%s' LIMIT 1", - intval($item['uid']), - dbesc($item['thr-parent']) - ); - - if (DBM::is_result($r)) { - $in_reply_to['status_id'] = intval($r[0]['id']); + $parent = Item::selectFirst(['id'], ['uid' => $item['uid'], 'uri' => $item['thr-parent']]); + if (DBM::is_result($parent)) { + $in_reply_to['status_id'] = intval($parent['id']); } else { $in_reply_to['status_id'] = intval($item['parent']); } $in_reply_to['status_id_str'] = (string) intval($in_reply_to['status_id']); - $r = q( - "SELECT `contact`.`nick`, `contact`.`name`, `contact`.`id`, `contact`.`url` FROM `item` - STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`author-id` - WHERE `item`.`id` = %d LIMIT 1", - intval($in_reply_to['status_id']) - ); + $fields = ['author-nick', 'author-name', 'author-id', 'author-link']; + $parent = Item::selectFirst($fields, ['id' => $in_reply_to['status_id']]); - if (DBM::is_result($r)) { - if ($r[0]['nick'] == "") { - $r[0]['nick'] = api_get_nick($r[0]["url"]); + if (DBM::is_result($parent)) { + if ($parent['author-nick'] == "") { + $parent['author-nick'] = api_get_nick($parent['author-link']); } - $in_reply_to['screen_name'] = (($r[0]['nick']) ? $r[0]['nick'] : $r[0]['name']); - $in_reply_to['user_id'] = intval($r[0]['id']); - $in_reply_to['user_id_str'] = (string) intval($r[0]['id']); + $in_reply_to['screen_name'] = (($parent['author-nick']) ? $parent['author-nick'] : $parent['author-name']); + $in_reply_to['user_id'] = intval($parent['author-id']); + $in_reply_to['user_id_str'] = (string) intval($parent['author-id']); } // There seems to be situation, where both fields are identical: @@ -5675,8 +5593,10 @@ function api_friendica_notification($type) if ($type == "xml") { $xmlnotes = []; - foreach ($notes as $note) { - $xmlnotes[] = ["@attributes" => $note]; + if (!empty($notes)) { + foreach ($notes as $note) { + $xmlnotes[] = ["@attributes" => $note]; + } } $notes = $xmlnotes; @@ -5716,7 +5636,7 @@ function api_friendica_notification_seen($type) $nm->setSeen($note); if ($note['otype']=='item') { // would be really better with an ItemsManager and $im->getByID() :-P - $item = Item::selectFirst(api_user(), [], ['id' => $note['iid'], 'uid' => api_user()]); + $item = Item::selectFirstForUser(api_user(), [], ['id' => $note['iid'], 'uid' => api_user()]); if (DBM::is_result($$item)) { // we found the item, return it to the user $ret = api_format_items([$item], $user_info, false, $type);