X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=cf5fdc29cd1051a2f9b705441583983786be7fdd;hb=61afd5b3fbed6e9af011a9262db9cbeb474152db;hp=486805f9724319e33c7f8bd980e94e1334afc13f;hpb=ecea7425f8ad11ace4af39d476919e3203bff44f;p=friendica.git diff --git a/include/api.php b/include/api.php index 486805f972..fe5cc9168a 100644 --- a/include/api.php +++ b/include/api.php @@ -12,8 +12,10 @@ use Friendica\Content\Feature; use Friendica\Content\Text\BBCode; use Friendica\Content\Text\HTML; use Friendica\Core\Addon; +use Friendica\Core\Authentication; use Friendica\Core\Config; use Friendica\Core\L10n; +use Friendica\Core\Logger; use Friendica\Core\NotificationsManager; use Friendica\Core\PConfig; use Friendica\Core\Protocol; @@ -40,14 +42,13 @@ use Friendica\Object\Image; use Friendica\Protocol\Diaspora; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; +use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; use Friendica\Util\XML; -require_once 'include/conversation.php'; require_once 'mod/share.php'; require_once 'mod/item.php'; -require_once 'include/security.php'; require_once 'mod/wall_upload.php'; -require_once 'mod/proxy.php'; define('API_METHOD_ANY', '*'); define('API_METHOD_GET', 'GET'); @@ -66,7 +67,7 @@ $called_api = []; */ function api_user() { - if (x($_SESSION, 'allow_api')) { + if (!empty($_SESSION['allow_api'])) { return local_user(); } @@ -96,9 +97,9 @@ function api_source() return "Twidere"; } - logger("Unrecognized user-agent ".$_SERVER['HTTP_USER_AGENT'], LOGGER_DEBUG); + Logger::log("Unrecognized user-agent ".$_SERVER['HTTP_USER_AGENT'], Logger::DEBUG); } else { - logger("Empty user-agent", LOGGER_DEBUG); + Logger::log("Empty user-agent", Logger::DEBUG); } return "api"; @@ -180,12 +181,12 @@ function api_login(App $a) var_dump($consumer, $token); die(); } catch (Exception $e) { - logger($e); + Logger::log($e); } // workaround for HTTP-auth in CGI mode - if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; + if (!empty($_SERVER['REDIRECT_REMOTE_USER'])) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; @@ -193,8 +194,8 @@ function api_login(App $a) } } - if (!x($_SERVER, 'PHP_AUTH_USER')) { - logger('API_login: ' . print_r($_SERVER, true), LOGGER_DEBUG); + if (empty($_SERVER['PHP_AUTH_USER'])) { + Logger::log('API_login: ' . print_r($_SERVER, true), Logger::DEBUG); header('WWW-Authenticate: Basic realm="Friendica"'); throw new UnauthorizedException("This API requires login"); } @@ -235,14 +236,14 @@ function api_login(App $a) } if (!DBA::isResult($record)) { - logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG); + Logger::log('API_login failure: ' . print_r($_SERVER, true), Logger::DEBUG); header('WWW-Authenticate: Basic realm="Friendica"'); //header('HTTP/1.0 401 Unauthorized'); //die('This api requires login'); throw new UnauthorizedException("This API requires login"); } - authenticate_success($record); + Authentication::setAuthenticatedSessionForUser($record); $_SESSION["allow_api"] = true; @@ -308,19 +309,19 @@ function api_call(App $a) api_login($a); } - logger('API call for ' . $a->user['username'] . ': ' . $a->query_string); - logger('API parameters: ' . print_r($_REQUEST, true)); + Logger::log('API call for ' . $a->user['username'] . ': ' . $a->query_string); + Logger::log('API parameters: ' . print_r($_REQUEST, true)); $stamp = microtime(true); $return = call_user_func($info['func'], $type); $duration = (float) (microtime(true) - $stamp); - logger("API call duration: " . round($duration, 2) . "\t" . $a->query_string, LOGGER_DEBUG); + Logger::log("API call duration: " . round($duration, 2) . "\t" . $a->query_string, Logger::DEBUG); if (Config::get("system", "profiler")) { $duration = microtime(true)-$a->performance["start"]; /// @TODO round() really everywhere? - logger( + Logger::log( parse_url($a->query_string, PHP_URL_PATH) . ": " . sprintf( "Database: %s/%s, Cache %s/%s, Network: %s, I/O: %s, Other: %s, Total: %s", round($a->performance["database"] - $a->performance["database_write"], 3), @@ -334,7 +335,7 @@ function api_call(App $a) + $a->performance["network"] + $a->performance["file"]), 2), round($duration, 2) ), - LOGGER_DEBUG + Logger::DEBUG ); if (Config::get("rendertime", "callstack")) { @@ -375,7 +376,7 @@ function api_call(App $a) $o .= $func . ": " . $time . "\n"; } } - logger($o, LOGGER_DEBUG); + Logger::log($o, Logger::DEBUG); } } @@ -394,7 +395,7 @@ function api_call(App $a) case "json": header("Content-Type: application/json"); $json = json_encode(end($return)); - if (x($_GET, 'callback')) { + if (!empty($_GET['callback'])) { $json = $_GET['callback'] . "(" . $json . ")"; } $return = $json; @@ -412,7 +413,7 @@ function api_call(App $a) } } - logger('API call not implemented: ' . $a->query_string); + Logger::log('API call not implemented: ' . $a->query_string); throw new NotImplementedException(); } catch (HTTPException $e) { header("HTTP/1.1 {$e->httpcode} {$e->httpdesc}"); @@ -429,7 +430,7 @@ function api_call(App $a) */ function api_error($type, $e) { - $a = get_app(); + $a = \get_app(); $error = ($e->getMessage() !== "" ? $e->getMessage() : $e->httpdesc); /// @TODO: https://dev.twitter.com/overview/api/response-codes @@ -521,11 +522,11 @@ function api_get_user(App $a, $contact_id = null) $extra_query = ""; $url = ""; - logger("api_get_user: Fetching user data for user ".$contact_id, LOGGER_DEBUG); + Logger::log("api_get_user: Fetching user data for user ".$contact_id, Logger::DEBUG); // Searching for contact URL if (!is_null($contact_id) && (intval($contact_id) == 0)) { - $user = dbesc(normalise_link($contact_id)); + $user = DBA::escape(Strings::normaliseLink($contact_id)); $url = $user; $extra_query = "AND `contact`.`nurl` = '%s' "; if (api_user() !== false) { @@ -535,7 +536,7 @@ function api_get_user(App $a, $contact_id = null) // Searching for contact id with uid = 0 if (!is_null($contact_id) && (intval($contact_id) != 0)) { - $user = dbesc(api_unique_id_to_nurl(intval($contact_id))); + $user = DBA::escape(api_unique_id_to_nurl(intval($contact_id))); if ($user == "") { throw new BadRequestException("User ID ".$contact_id." not found."); @@ -548,8 +549,8 @@ function api_get_user(App $a, $contact_id = null) } } - if (is_null($user) && x($_GET, 'user_id')) { - $user = dbesc(api_unique_id_to_nurl($_GET['user_id'])); + if (is_null($user) && !empty($_GET['user_id'])) { + $user = DBA::escape(api_unique_id_to_nurl($_GET['user_id'])); if ($user == "") { throw new BadRequestException("User ID ".$_GET['user_id']." not found."); @@ -561,16 +562,16 @@ function api_get_user(App $a, $contact_id = null) $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); } } - if (is_null($user) && x($_GET, 'screen_name')) { - $user = dbesc($_GET['screen_name']); + if (is_null($user) && !empty($_GET['screen_name'])) { + $user = DBA::escape($_GET['screen_name']); $extra_query = "AND `contact`.`nick` = '%s' "; if (api_user() !== false) { $extra_query .= "AND `contact`.`uid`=".intval(api_user()); } } - if (is_null($user) && x($_GET, 'profileurl')) { - $user = dbesc(normalise_link($_GET['profileurl'])); + if (is_null($user) && !empty($_GET['profileurl'])) { + $user = DBA::escape(Strings::normaliseLink($_GET['profileurl'])); $extra_query = "AND `contact`.`nurl` = '%s' "; if (api_user() !== false) { $extra_query .= "AND `contact`.`uid`=".intval(api_user()); @@ -581,10 +582,13 @@ function api_get_user(App $a, $contact_id = null) if (is_null($user) && ($a->argc > (count($called_api) - 1)) && (count($called_api) > 0)) { $argid = count($called_api); if (!empty($a->argv[$argid])) { - list($user, $null) = explode(".", $a->argv[$argid]); + $data = explode(".", $a->argv[$argid]); + if (count($data) > 1) { + list($user, $null) = $data; + } } if (is_numeric($user)) { - $user = dbesc(api_unique_id_to_nurl(intval($user))); + $user = DBA::escape(api_unique_id_to_nurl(intval($user))); if ($user != "") { $url = $user; @@ -594,7 +598,7 @@ function api_get_user(App $a, $contact_id = null) } } } else { - $user = dbesc($user); + $user = DBA::escape($user); $extra_query = "AND `contact`.`nick` = '%s' "; if (api_user() !== false) { $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); @@ -602,7 +606,7 @@ function api_get_user(App $a, $contact_id = null) } } - logger("api_get_user: user ".$user, LOGGER_DEBUG); + Logger::log("api_get_user: user ".$user, Logger::DEBUG); if (!$user) { if (api_user() === false) { @@ -614,7 +618,7 @@ function api_get_user(App $a, $contact_id = null) } } - logger('api_user: ' . $extra_query . ', user: ' . $user); + Logger::log('api_user: ' . $extra_query . ', user: ' . $user); // user info $uinfo = q( @@ -631,37 +635,35 @@ function api_get_user(App $a, $contact_id = null) // if the contact wasn't found, fetch it from the contacts with uid = 0 if (!DBA::isResult($uinfo)) { - $r = []; - - if ($url != "") { - $r = q("SELECT * FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s' LIMIT 1", dbesc(normalise_link($url))); + if ($url == "") { + throw new BadRequestException("User not found."); } - if (DBA::isResult($r)) { - $network_name = ContactSelector::networkToName($r[0]['network'], $r[0]['url']); + $contact = DBA::selectFirst('contact', [], ['uid' => 0, 'nurl' => Strings::normaliseLink($url)]); + if (DBA::isResult($contact)) { // If no nick where given, extract it from the address - if (($r[0]['nick'] == "") || ($r[0]['name'] == $r[0]['nick'])) { - $r[0]['nick'] = api_get_nick($r[0]["url"]); + if (($contact['nick'] == "") || ($contact['name'] == $contact['nick'])) { + $contact['nick'] = api_get_nick($contact["url"]); } $ret = [ - 'id' => $r[0]["id"], - 'id_str' => (string) $r[0]["id"], - 'name' => $r[0]["name"], - 'screen_name' => (($r[0]['nick']) ? $r[0]['nick'] : $r[0]['name']), - 'location' => ($r[0]["location"] != "") ? $r[0]["location"] : $network_name, - 'description' => $r[0]["about"], - 'profile_image_url' => $r[0]["micro"], - 'profile_image_url_https' => $r[0]["micro"], - 'profile_image_url_profile_size' => $r[0]["thumb"], - 'profile_image_url_large' => $r[0]["photo"], - 'url' => $r[0]["url"], + 'id' => $contact["id"], + 'id_str' => (string) $contact["id"], + 'name' => $contact["name"], + 'screen_name' => (($contact['nick']) ? $contact['nick'] : $contact['name']), + 'location' => ($contact["location"] != "") ? $contact["location"] : ContactSelector::networkToName($contact['network'], $contact['url']), + 'description' => $contact["about"], + 'profile_image_url' => $contact["micro"], + 'profile_image_url_https' => $contact["micro"], + 'profile_image_url_profile_size' => $contact["thumb"], + 'profile_image_url_large' => $contact["photo"], + 'url' => $contact["url"], 'protected' => false, 'followers_count' => 0, 'friends_count' => 0, 'listed_count' => 0, - 'created_at' => api_date($r[0]["created"]), + 'created_at' => api_date($contact["created"]), 'favourites_count' => 0, 'utc_offset' => 0, 'time_zone' => 'UTC', @@ -676,12 +678,12 @@ function api_get_user(App $a, $contact_id = null) 'follow_request_sent' => false, 'statusnet_blocking' => false, 'notifications' => false, - 'statusnet_profile_url' => $r[0]["url"], + 'statusnet_profile_url' => $contact["url"], 'uid' => 0, - 'cid' => Contact::getIdForURL($r[0]["url"], api_user(), true), - 'pid' => Contact::getIdForURL($r[0]["url"], 0, true), + 'cid' => Contact::getIdForURL($contact["url"], api_user(), true), + 'pid' => Contact::getIdForURL($contact["url"], 0, true), 'self' => 0, - 'network' => $r[0]["network"], + 'network' => $contact["network"], ]; return $ret; @@ -692,7 +694,7 @@ function api_get_user(App $a, $contact_id = null) if ($uinfo[0]['self']) { if ($uinfo[0]['network'] == "") { - $uinfo[0]['network'] = NETWORK_DFRN; + $uinfo[0]['network'] = Protocol::DFRN; } $usr = DBA::selectFirst('user', ['default-location'], ['uid' => api_user()]); @@ -708,8 +710,6 @@ function api_get_user(App $a, $contact_id = null) $uinfo[0]['nick'] = api_get_nick($uinfo[0]["url"]); } - $network_name = ContactSelector::networkToName($uinfo[0]['network'], $uinfo[0]['url']); - $pcontact_id = Contact::getIdForURL($uinfo[0]['url'], 0, true); if (!empty($profile['about'])) { @@ -723,7 +723,7 @@ function api_get_user(App $a, $contact_id = null) } elseif (!empty($uinfo[0]["location"])) { $location = $uinfo[0]["location"]; } else { - $location = $network_name; + $location = ContactSelector::networkToName($uinfo[0]['network'], $uinfo[0]['url']); } $ret = [ @@ -753,12 +753,12 @@ function api_get_user(App $a, $contact_id = null) 'contributors_enabled' => false, 'is_translator' => false, 'is_translation_enabled' => false, - 'following' => (($uinfo[0]['rel'] == CONTACT_IS_FOLLOWER) || ($uinfo[0]['rel'] == CONTACT_IS_FRIEND)), + 'following' => (($uinfo[0]['rel'] == Contact::FOLLOWER) || ($uinfo[0]['rel'] == Contact::FRIEND)), 'follow_request_sent' => false, 'statusnet_blocking' => false, 'notifications' => false, /// @TODO old way? - //'statusnet_profile_url' => System::baseUrl()."/contacts/".$uinfo[0]['cid'], + //'statusnet_profile_url' => System::baseUrl()."/contact/".$uinfo[0]['cid'], 'statusnet_profile_url' => $uinfo[0]['url'], 'uid' => intval($uinfo[0]['uid']), 'cid' => intval($uinfo[0]['cid']), @@ -816,7 +816,7 @@ function api_item_get_user(App $a, $item) $status_user["protected"] = defaults($item, 'private', 0); if (defaults($item, 'thr-parent', '') == defaults($item, 'uri', '')) { - $owner_user = api_get_user($a, defaults($item, 'author-id', null)); + $owner_user = api_get_user($a, defaults($item, 'owner-id', null)); } else { $owner_user = $status_user; } @@ -945,7 +945,6 @@ function api_format_data($root_element, $type, $data) $ret = $data; break; } - return $ret; } @@ -963,7 +962,7 @@ function api_format_data($root_element, $type, $data) function api_account_verify_credentials($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -975,7 +974,7 @@ function api_account_verify_credentials($type) unset($_REQUEST["screen_name"]); unset($_GET["screen_name"]); - $skip_status = (x($_REQUEST, 'skip_status')?$_REQUEST['skip_status'] : false); + $skip_status = defaults($_REQUEST, 'skip_status', false); $user_info = api_get_user($a); @@ -1009,10 +1008,10 @@ api_register_func('api/account/verify_credentials', 'api_account_verify_credenti */ function requestdata($k) { - if (x($_POST, $k)) { + if (!empty($_POST[$k])) { return $_POST[$k]; } - if (x($_GET, $k)) { + if (!empty($_GET[$k])) { return $_GET[$k]; } return null; @@ -1027,10 +1026,10 @@ function requestdata($k) */ function api_statuses_mediap($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { - logger('api_statuses_update: no user'); + Logger::log('api_statuses_update: no user'); throw new ForbiddenException(); } $user_info = api_get_user($a); @@ -1042,7 +1041,7 @@ function api_statuses_mediap($type) //$txt = urldecode(requestdata('status')); if ((strpos($txt, '<') !== false) || (strpos($txt, '>') !== false)) { - $txt = html2bb_video($txt); + $txt = HTML::toBBCodeVideo($txt); $config = HTMLPurifier_Config::createDefault(); $config->set('Cache.DefinitionImpl', null); $purifier = new HTMLPurifier($config); @@ -1056,10 +1055,10 @@ function api_statuses_mediap($type) // now that we have the img url in bbcode we can add it to the status and insert the wall item. $_REQUEST['body'] = $txt . "\n\n" . '[url=' . $picture["albumpage"] . '][img]' . $picture["preview"] . "[/img][/url]"; - item_post($a); + $item_id = item_post($a); - // this should output the last post (the one we just posted). - return api_status_show($type); + // output the post that we just posted. + return api_status_show($type, $item_id); } /// @TODO move this to top of file or somewhere better! @@ -1075,11 +1074,10 @@ api_register_func('api/statuses/mediap', 'api_statuses_mediap', true, API_METHOD */ function api_statuses_update($type) { - - $a = get_app(); + $a = \get_app(); if (api_user() === false) { - logger('api_statuses_update: no user'); + Logger::log('api_statuses_update: no user'); throw new ForbiddenException(); } @@ -1089,7 +1087,7 @@ function api_statuses_update($type) if (requestdata('htmlstatus')) { $txt = requestdata('htmlstatus'); if ((strpos($txt, '<') !== false) || (strpos($txt, '>') !== false)) { - $txt = html2bb_video($txt); + $txt = HTML::toBBCodeVideo($txt); $config = HTMLPurifier_Config::createDefault(); $config->set('Cache.DefinitionImpl', null); @@ -1129,11 +1127,11 @@ function api_statuses_update($type) if ($throttle_day > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60); - $condition = ["`uid` = ? AND `wall` AND `created` > ? AND `id` = `parent`", api_user(), $datefrom]; - $posts_day = DBA::count('item', $condition); + $condition = ["`uid` = ? AND `wall` AND `created` > ?", api_user(), $datefrom]; + $posts_day = DBA::count('thread', $condition); if ($posts_day > $throttle_day) { - logger('Daily posting limit reached for user '.api_user(), LOGGER_DEBUG); + Logger::log('Daily posting limit reached for user '.api_user(), Logger::DEBUG); // die(api_error($type, L10n::t("Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); throw new TooManyRequestsException(L10n::tt("Daily posting limit of %d post reached. The post was rejected.", "Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); } @@ -1143,11 +1141,11 @@ function api_statuses_update($type) if ($throttle_week > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*7); - $condition = ["`uid` = ? AND `wall` AND `created` > ? AND `id` = `parent`", api_user(), $datefrom]; - $posts_week = DBA::count('item', $condition); + $condition = ["`uid` = ? AND `wall` AND `created` > ?", api_user(), $datefrom]; + $posts_week = DBA::count('thread', $condition); if ($posts_week > $throttle_week) { - logger('Weekly posting limit reached for user '.api_user(), LOGGER_DEBUG); + Logger::log('Weekly posting limit reached for user '.api_user(), Logger::DEBUG); // die(api_error($type, L10n::t("Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week))); throw new TooManyRequestsException(L10n::tt("Weekly posting limit of %d post reached. The post was rejected.", "Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week)); } @@ -1157,18 +1155,18 @@ function api_statuses_update($type) if ($throttle_month > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*30); - $condition = ["`uid` = ? AND `wall` AND `created` > ? AND `id` = `parent`", api_user(), $datefrom]; - $posts_month = DBA::count('item', $condition); + $condition = ["`uid` = ? AND `wall` AND `created` > ?", api_user(), $datefrom]; + $posts_month = DBA::count('thread', $condition); if ($posts_month > $throttle_month) { - logger('Monthly posting limit reached for user '.api_user(), LOGGER_DEBUG); + Logger::log('Monthly posting limit reached for user '.api_user(), Logger::DEBUG); // die(api_error($type, L10n::t("Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); throw new TooManyRequestsException(L10n::t("Monthly posting limit of %d post reached. The post was rejected.", "Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); } } } - if (x($_FILES, 'media')) { + if (!empty($_FILES['media'])) { // upload the image if we have one $picture = wall_upload_post($a, false); if (is_array($picture)) { @@ -1195,15 +1193,15 @@ function api_statuses_update($type) $_REQUEST['api_source'] = true; - if (!x($_REQUEST, "source")) { + if (empty($_REQUEST['source'])) { $_REQUEST["source"] = api_source(); } // call out normal post function - item_post($a); + $item_id = item_post($a); - // this should output the last post (the one we just posted). - return api_status_show($type); + // output the post that we just posted. + return api_status_show($type, $item_id); } /// @TODO move to top of file or somewhere better @@ -1218,16 +1216,16 @@ api_register_func('api/statuses/update_with_media', 'api_statuses_update', true, */ function api_media_upload() { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { - logger('no user'); + Logger::log('no user'); throw new ForbiddenException(); } api_get_user($a); - if (!x($_FILES, 'media')) { + if (empty($_FILES['media'])) { // Output error throw new BadRequestException("No media."); } @@ -1243,10 +1241,11 @@ function api_media_upload() $returndata["media_id_string"] = (string)$media["id"]; $returndata["size"] = $media["size"]; $returndata["image"] = ["w" => $media["width"], - "h" => $media["height"], - "image_type" => $media["type"]]; + "h" => $media["height"], + "image_type" => $media["type"], + "friendica_preview_url" => $media["preview"]]; - logger("Media uploaded: " . print_r($returndata, true), LOGGER_DEBUG); + Logger::log("Media uploaded: " . print_r($returndata, true), Logger::DEBUG); return ["media" => $returndata]; } @@ -1260,13 +1259,13 @@ api_register_func('api/media/upload', 'api_media_upload', true, API_METHOD_POST) * * @return array|string */ -function api_status_show($type) +function api_status_show($type, $item_id = 0) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); - logger('api_status_show: user_info: '.print_r($user_info, true), LOGGER_DEBUG); + Logger::log('api_status_show: user_info: '.print_r($user_info, true), Logger::DEBUG); if ($type == "raw") { $privacy_sql = "AND NOT `private`"; @@ -1274,9 +1273,14 @@ function api_status_show($type) $privacy_sql = ""; } - // get last public wall message - $condition = ['owner-id' => $user_info['pid'], 'uid' => api_user(), - 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT]]; + if (!empty($item_id)) { + // Get the item with the given id + $condition = ['id' => $item_id]; + } else { + // get last public wall message + $condition = ['owner-id' => $user_info['pid'], 'uid' => api_user(), + 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT]]; + } $lastwall = Item::selectFirst(Item::ITEM_FIELDLIST, $condition, ['order' => ['id' => true]]); if (DBA::isResult($lastwall)) { @@ -1328,16 +1332,16 @@ function api_status_show($type) } if ($status_info["source"] == 'web') { - $status_info["source"] = ContactSelector::networkToName($lastwall['network'], $user_info['url']); - } elseif (ContactSelector::networkToName($lastwall['network'], $user_info['url']) != $status_info["source"]) { - $status_info["source"] = trim($status_info["source"].' ('.ContactSelector::networkToName($lastwall['network'], $user_info['url']).')'); + $status_info["source"] = ContactSelector::networkToName($lastwall['network'], $lastwall['author-link']); + } elseif (ContactSelector::networkToName($lastwall['network'], $lastwall['author-link']) != $status_info["source"]) { + $status_info["source"] = trim($status_info["source"].' ('.ContactSelector::networkToName($lastwall['network'], $lastwall['author-link']).')'); } // "uid" and "self" are only needed for some internal stuff, so remove it from here unset($status_info["user"]["uid"]); unset($status_info["user"]["self"]); - logger('status_info: '.print_r($status_info, true), LOGGER_DEBUG); + Logger::log('status_info: '.print_r($status_info, true), Logger::DEBUG); if ($type == "raw") { return $status_info; @@ -1356,7 +1360,7 @@ function api_status_show($type) */ function api_users_show($type) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); @@ -1403,11 +1407,11 @@ function api_users_show($type) } if ($user_info["status"]["source"] == 'web') { - $user_info["status"]["source"] = ContactSelector::networkToName($lastwall['network'], $user_info['url']); + $user_info["status"]["source"] = ContactSelector::networkToName($lastwall['network'], $lastwall['author-link']); } if (ContactSelector::networkToName($lastwall['network'], $user_info['url']) != $user_info["status"]["source"]) { - $user_info["status"]["source"] = trim($user_info["status"]["source"] . ' (' . ContactSelector::networkToName($lastwall['network'], $user_info['url']) . ')'); + $user_info["status"]["source"] = trim($user_info["status"]["source"] . ' (' . ContactSelector::networkToName($lastwall['network'], $lastwall['author-link']) . ')'); } } @@ -1432,15 +1436,15 @@ api_register_func('api/externalprofile/show', 'api_users_show'); */ function api_users_search($type) { - $a = get_app(); + $a = \get_app(); $userlist = []; - if (x($_GET, 'q')) { - $r = q("SELECT id FROM `contact` WHERE `uid` = 0 AND `name` = '%s'", dbesc($_GET["q"])); + if (!empty($_GET['q'])) { + $r = q("SELECT id FROM `contact` WHERE `uid` = 0 AND `name` = '%s'", DBA::escape($_GET["q"])); if (!DBA::isResult($r)) { - $r = q("SELECT `id` FROM `contact` WHERE `uid` = 0 AND `nick` = '%s'", dbesc($_GET["q"])); + $r = q("SELECT `id` FROM `contact` WHERE `uid` = 0 AND `nick` = '%s'", DBA::escape($_GET["q"])); } if (DBA::isResult($r)) { @@ -1512,48 +1516,65 @@ api_register_func('api/users/lookup', 'api_users_lookup', true); */ function api_search($type) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } - - $data = []; + if (api_user() === false || $user_info === false) { throw new ForbiddenException(); } - if (!x($_REQUEST, 'q')) { - throw new BadRequestException("q parameter is required."); - } + if (empty($_REQUEST['q'])) { throw new BadRequestException("q parameter is required."); } + + $searchTerm = trim(rawurldecode($_REQUEST['q'])); - if (x($_REQUEST, 'rpp')) { + $data = []; + $count = 15; + $exclude_replies = !empty($_REQUEST['exclude_replies']); + if (!empty($_REQUEST['rpp'])) { $count = $_REQUEST['rpp']; - } elseif (x($_REQUEST, 'count')) { + } elseif (!empty($_REQUEST['count'])) { $count = $_REQUEST['count']; - } else { - $count = 15; } - - $since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0); - $max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0); - $page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0); - + + $since_id = defaults($_REQUEST, 'since_id', 0); + $max_id = defaults($_REQUEST, 'max_id', 0); + $page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0); $start = $page * $count; + $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; + if (preg_match('/^#(\w+)$/', $searchTerm, $matches) === 1 && isset($matches[1])) { + $searchTerm = $matches[1]; + $condition = ["`oid` > ? + AND (`uid` = 0 OR (`uid` = ? AND NOT `global`)) + AND `otype` = ? AND `type` = ? AND `term` = ?", + $since_id, local_user(), TERM_OBJ_POST, TERM_HASHTAG, $searchTerm]; + if ($max_id > 0) { + $condition[0] .= " AND `oid` <= ?"; + $condition[] = $max_id; + } + $terms = DBA::select('term', ['oid'], $condition, []); + $itemIds = []; + while($term = DBA::fetch($terms)){ $itemIds[] = $term['oid']; } + DBA::close($terms); + $condition = [$exclude_replies ? "`id` = `parent` AND " : '']; + $condition[0] .= empty($itemIds) ? '' : ' `id` IN ('.implode(", ", $itemIds).')' ; - $condition = ["`gravity` IN (?, ?) AND `item`.`id` > ? - AND (`item`.`uid` = 0 OR (`item`.`uid` = ? AND NOT `item`.`global`)) - AND `item`.`body` LIKE CONCAT('%',?,'%')", - GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, api_user(), $_REQUEST['q']]; + } else { + $condition = ["`id` > ? + ". ($exclude_replies ? " AND `id` = `parent` " : ' ')." + AND (`uid` = 0 OR (`uid` = ? AND NOT `global`)) + AND `body` LIKE CONCAT('%',?,'%')", + $since_id, api_user(), $_REQUEST['q']]; + if ($max_id > 0) { + $condition[0] .= " AND `id` <= ?"; + $condition[] = $max_id; + } - if ($max_id > 0) { - $condition[0] .= " AND `item`.`id` <= ?"; - $condition[] = $max_id; } - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; $statuses = Item::selectForUser(api_user(), [], $condition, $params); $data['status'] = api_format_items(Item::inArray($statuses), $user_info); + bindComments($data['status']); + return api_format_data("statuses", $type, $data); } @@ -1573,7 +1594,7 @@ api_register_func('api/search', 'api_search', true); */ function api_statuses_home_timeline($type) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); if (api_user() === false || $user_info === false) { @@ -1589,16 +1610,15 @@ function api_statuses_home_timeline($type) // get last network messages // params - $count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20); - $page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0); + $count = defaults($_REQUEST, 'count', 20); + $page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0); if ($page < 0) { $page = 0; } - $since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0); - $max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0); - //$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0); - $exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0); - $conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0); + $since_id = defaults($_REQUEST, 'since_id', 0); + $max_id = defaults($_REQUEST, 'max_id', 0); + $exclude_replies = !empty($_REQUEST['exclude_replies']); + $conversation_id = defaults($_REQUEST, 'conversation_id', 0); $start = $page * $count; @@ -1609,7 +1629,7 @@ function api_statuses_home_timeline($type) $condition[0] .= " AND `item`.`id` <= ?"; $condition[] = $max_id; } - if ($exclude_replies > 0) { + if ($exclude_replies) { $condition[0] .= ' AND `item`.`parent` = `item`.`id`'; } if ($conversation_id > 0) { @@ -1636,10 +1656,13 @@ function api_statuses_home_timeline($type) Item::update(['unseen' => false], ['unseen' => true, 'id' => $idarray]); } } + + bindComments($ret); $data = ['status' => $ret]; switch ($type) { case "atom": + break; case "rss": $data = api_rss_extra($a, $data, $user_info); break; @@ -1648,6 +1671,7 @@ function api_statuses_home_timeline($type) return api_format_data("statuses", $type, $data); } + /// @TODO move to top of file or somewhere better api_register_func('api/statuses/home_timeline', 'api_statuses_home_timeline', true); api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', true); @@ -1661,7 +1685,7 @@ api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', */ function api_statuses_public_timeline($type) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); if (api_user() === false || $user_info === false) { @@ -1671,19 +1695,17 @@ function api_statuses_public_timeline($type) // get last network messages // params - $count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20); - $page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0); + $count = defaults($_REQUEST, 'count', 20); + $page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] -1 : 0); if ($page < 0) { $page = 0; } - $since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0); - $max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0); - //$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0); - $exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0); - $conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0); + $since_id = defaults($_REQUEST, 'since_id', 0); + $max_id = defaults($_REQUEST, 'max_id', 0); + $exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0); + $conversation_id = defaults($_REQUEST, 'conversation_id', 0); $start = $page * $count; - $sql_extra = ''; if ($exclude_replies && !$conversation_id) { $condition = ["`gravity` IN (?, ?) AND `iid` > ? AND NOT `private` AND `wall` AND NOT `user`.`hidewall`", @@ -1719,9 +1741,12 @@ function api_statuses_public_timeline($type) $ret = api_format_items($r, $user_info, false, $type); + bindComments($ret); + $data = ['status' => $ret]; switch ($type) { case "atom": + break; case "rss": $data = api_rss_extra($a, $data, $user_info); break; @@ -1744,19 +1769,19 @@ api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline' */ function api_statuses_networkpublic_timeline($type) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); if (api_user() === false || $user_info === false) { throw new ForbiddenException(); } - $since_id = x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0; - $max_id = x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0; + $since_id = defaults($_REQUEST, 'since_id', 0); + $max_id = defaults($_REQUEST, 'max_id', 0); // pagination - $count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 20; - $page = x($_REQUEST, 'page') ? $_REQUEST['page'] : 1; + $count = defaults($_REQUEST, 'count', 20); + $page = defaults($_REQUEST, 'page', 1); if ($page < 1) { $page = 1; } @@ -1775,9 +1800,12 @@ function api_statuses_networkpublic_timeline($type) $ret = api_format_items(Item::inArray($statuses), $user_info, false, $type); + bindComments($ret); + $data = ['status' => $ret]; switch ($type) { case "atom": + break; case "rss": $data = api_rss_extra($a, $data, $user_info); break; @@ -1798,7 +1826,7 @@ api_register_func('api/statuses/networkpublic_timeline', 'api_statuses_networkpu */ function api_statuses_show($type) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); if (api_user() === false || $user_info === false) { @@ -1817,7 +1845,7 @@ function api_statuses_show($type) $id = intval(defaults($a->argv, 4, 0)); } - logger('API: api_statuses_show: ' . $id); + Logger::log('API: api_statuses_show: ' . $id); $conversation = !empty($_REQUEST['conversation']); @@ -1871,7 +1899,7 @@ api_register_func('api/statuses/show', 'api_statuses_show', true); */ function api_conversation_show($type) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); if (api_user() === false || $user_info === false) { @@ -1899,7 +1927,7 @@ function api_conversation_show($type) $id = intval(defaults($a->argv, 4, 0)); } - logger('API: api_conversation_show: '.$id); + Logger::log('API: api_conversation_show: '.$id); // try to fetch the item for the local user - or the public item, if there is no local one $item = Item::selectFirst(['parent-uri'], ['id' => $id]); @@ -1950,7 +1978,7 @@ function api_statuses_repeat($type) { global $called_api; - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -1970,7 +1998,7 @@ function api_statuses_repeat($type) $id = intval(defaults($a->argv, 4, 0)); } - logger('API: api_statuses_repeat: '.$id); + Logger::log('API: api_statuses_repeat: '.$id); $fields = ['body', 'author-name', 'author-link', 'author-avatar', 'guid', 'created', 'plink']; $item = Item::selectFirst($fields, ['id' => $id, 'private' => false]); @@ -1989,18 +2017,18 @@ function api_statuses_repeat($type) $_REQUEST['profile_uid'] = api_user(); $_REQUEST['api_source'] = true; - if (!x($_REQUEST, "source")) { + if (empty($_REQUEST['source'])) { $_REQUEST["source"] = api_source(); } - item_post($a); + $item_id = item_post($a); } else { throw new ForbiddenException(); } - // this should output the last post (the one we just posted). + // output the post that we just posted. $called_api = []; - return api_status_show($type); + return api_status_show($type, $item_id); } /// @TODO move to top of file or somewhere better @@ -2015,7 +2043,7 @@ api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHO */ function api_statuses_destroy($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -2035,7 +2063,7 @@ function api_statuses_destroy($type) $id = intval(defaults($a->argv, 4, 0)); } - logger('API: api_statuses_destroy: '.$id); + Logger::log('API: api_statuses_destroy: '.$id); $ret = api_statuses_show($type); @@ -2056,7 +2084,7 @@ api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METH */ function api_statuses_mentions($type) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); if (api_user() === false || $user_info === false) { @@ -2099,6 +2127,7 @@ function api_statuses_mentions($type) $data = ['status' => $ret]; switch ($type) { case "atom": + break; case "rss": $data = api_rss_extra($a, $data, $user_info); break; @@ -2123,28 +2152,28 @@ api_register_func('api/statuses/replies', 'api_statuses_mentions', true); */ function api_statuses_user_timeline($type) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); if (api_user() === false || $user_info === false) { throw new ForbiddenException(); } - logger( + Logger::log( "api_statuses_user_timeline: api_user: ". api_user() . "\nuser_info: ".print_r($user_info, true) . "\n_REQUEST: ".print_r($_REQUEST, true), - LOGGER_DEBUG + Logger::DEBUG ); - $since_id = x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0; - $max_id = x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0; - $exclude_replies = x($_REQUEST, 'exclude_replies') ? 1 : 0; - $conversation_id = x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0; + $since_id = defaults($_REQUEST, 'since_id', 0); + $max_id = defaults($_REQUEST, 'max_id', 0); + $exclude_replies = !empty($_REQUEST['exclude_replies']); + $conversation_id = defaults($_REQUEST, 'conversation_id', 0); // pagination - $count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 20; - $page = x($_REQUEST, 'page') ? $_REQUEST['page'] : 1; + $count = defaults($_REQUEST, 'count', 20); + $page = defaults($_REQUEST, 'page', 1); if ($page < 1) { $page = 1; } @@ -2157,7 +2186,7 @@ function api_statuses_user_timeline($type) $condition[0] .= ' AND `item`.`wall` '; } - if ($exclude_replies > 0) { + if ($exclude_replies) { $condition[0] .= ' AND `item`.`parent` = `item`.`id`'; } @@ -2176,9 +2205,12 @@ function api_statuses_user_timeline($type) $ret = api_format_items(Item::inArray($statuses), $user_info, true, $type); + bindComments($ret); + $data = ['status' => $ret]; switch ($type) { case "atom": + break; case "rss": $data = api_rss_extra($a, $data, $user_info); break; @@ -2200,7 +2232,7 @@ api_register_func('api/statuses/user_timeline', 'api_statuses_user_timeline', tr */ function api_favorites_create_destroy($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -2254,8 +2286,10 @@ function api_favorites_create_destroy($type) $data = ['status' => $ret]; switch ($type) { case "atom": + break; case "rss": $data = api_rss_extra($a, $data, $user_info); + break; } return api_format_data("status", $type, $data); @@ -2276,7 +2310,7 @@ function api_favorites($type) { global $called_api; - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); if (api_user() === false || $user_info === false) { @@ -2287,16 +2321,16 @@ function api_favorites($type) // in friendica starred item are private // return favorites only for self - logger('api_favorites: self:' . $user_info['self']); + Logger::log('api_favorites: self:' . $user_info['self']); if ($user_info['self'] == 0) { $ret = []; } else { // params - $since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0); - $max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0); - $count = (x($_GET, 'count') ? $_GET['count'] : 20); - $page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0); + $since_id = defaults($_REQUEST, 'since_id', 0); + $max_id = defaults($_REQUEST, 'max_id', 0); + $count = defaults($_GET, 'count', 20); + $page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] -1 : 0); if ($page < 0) { $page = 0; } @@ -2318,11 +2352,15 @@ function api_favorites($type) $ret = api_format_items(Item::inArray($statuses), $user_info, false, $type); } + bindComments($ret); + $data = ['status' => $ret]; switch ($type) { case "atom": + break; case "rss": $data = api_rss_extra($a, $data, $user_info); + break; } return api_format_data("statuses", $type, $data); @@ -2344,7 +2382,7 @@ function api_format_messages($item, $recipient, $sender) // standard meta information $ret = [ 'id' => $item['id'], - 'sender_id' => $sender['id'] , + 'sender_id' => $sender['id'], 'text' => "", 'recipient_id' => $recipient['id'], 'created_at' => api_date(defaults($item, 'created', DateTimeFormat::utcNow())), @@ -2372,7 +2410,7 @@ function api_format_messages($item, $recipient, $sender) } //don't send title to regular StatusNET requests to avoid confusing these apps - if (x($_GET, 'getText')) { + if (!empty($_GET['getText'])) { $ret['title'] = $item['title']; if ($_GET['getText'] == 'html') { $ret['text'] = BBCode::convert($item['body'], false); @@ -2382,7 +2420,7 @@ function api_format_messages($item, $recipient, $sender) } else { $ret['text'] = $item['title'] . "\n" . HTML::toPlaintext(BBCode::convert(api_clean_plain_items($item['body']), false, 2, true), 0); } - if (x($_GET, 'getUserObjects') && $_GET['getUserObjects'] == 'false') { + if (!empty($_GET['getUserObjects']) && $_GET['getUserObjects'] == 'false') { unset($ret['sender']); unset($ret['recipient']); } @@ -2512,13 +2550,13 @@ function api_get_attachments(&$body) */ function api_get_entitities(&$text, $bbcode) { - $include_entities = strtolower(x($_REQUEST, 'include_entities') ? $_REQUEST['include_entities'] : "false"); + $include_entities = strtolower(defaults($_REQUEST, 'include_entities', "false")); if ($include_entities != "true") { preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images); foreach ($images[1] as $image) { - $replace = proxy_url($image); + $replace = ProxyUtils::proxifyUrl($image); $text = str_replace($image, $replace, $text); } return []; @@ -2627,7 +2665,7 @@ function api_get_entitities(&$text, $bbcode) // If image cache is activated, then use the following sizes: // thumb (150), small (340), medium (600) and large (1024) if (!Config::get("system", "proxy_disabled")) { - $media_url = proxy_url($url); + $media_url = ProxyUtils::proxifyUrl($url); $sizes = []; $scale = Image::getScalingDimensions($image[0], $image[1], 150); @@ -2654,7 +2692,7 @@ function api_get_entitities(&$text, $bbcode) "id" => $start+1, "id_str" => (string)$start+1, "indices" => [$start, $start+strlen($url)], - "media_url" => normalise_link($media_url), + "media_url" => Strings::normaliseLink($media_url), "media_url_https" => $media_url, "url" => $url, "display_url" => $display_url, @@ -2725,9 +2763,9 @@ function api_contactlink_to_array($txt) * likes => int count, * dislikes => int count */ -function api_format_items_activities(&$item, $type = "json") +function api_format_items_activities($item, $type = "json") { - $a = get_app(); + $a = \get_app(); $activities = [ 'like' => [], @@ -2740,13 +2778,13 @@ function api_format_items_activities(&$item, $type = "json") $condition = ['uid' => $item['uid'], 'thr-parent' => $item['uri']]; $ret = Item::selectForUser($item['uid'], ['author-id', 'verb'], $condition); - while ($item = Item::fetch($ret)) { + while ($parent_item = Item::fetch($ret)) { // not used as result should be structured like other user data //builtin_activity_puller($i, $activities); // get user data and add it to the array of the activity - $user = api_get_user($a, $item['author-id']); - switch ($item['verb']) { + $user = api_get_user($a, $parent_item['author-id']); + switch ($parent_item['verb']) { case ACTIVITY_LIKE: $activities['like'][] = $user; break; @@ -2849,11 +2887,11 @@ function api_format_items_profiles($profile_row) */ function api_format_items($r, $user_info, $filter_user = false, $type = "json") { - $a = get_app(); + $a = \get_app(); $ret = []; - foreach ($r as $item) { + foreach ((array)$r as $item) { localize_item($item); list($status_user, $owner_user) = api_item_get_user($a, $item); @@ -2886,8 +2924,9 @@ function api_format_items($r, $user_info, $filter_user = false, $type = "json") 'in_reply_to_screen_name' => $in_reply_to['screen_name'], $geo => null, 'favorited' => $item['starred'] ? true : false, - 'user' => $status_user , + 'user' => $status_user, 'friendica_owner' => $owner_user, + 'friendica_private' => $item['private'] == 1, //'entities' => NULL, 'statusnet_html' => $converted["html"], 'statusnet_conversation_id' => $item['parent'], @@ -2904,15 +2943,16 @@ function api_format_items($r, $user_info, $filter_user = false, $type = "json") } if ($status["source"] == 'web') { - $status["source"] = ContactSelector::networkToName($item['network'], $user_info['url']); - } elseif (ContactSelector::networkToName($item['network'], $user_info['url']) != $status["source"]) { - $status["source"] = trim($status["source"].' ('.ContactSelector::networkToName($item['network'], $user_info['url']).')'); + $status["source"] = ContactSelector::networkToName($item['network'], $item['author-link']); + } elseif (ContactSelector::networkToName($item['network'], $item['author-link']) != $status["source"]) { + $status["source"] = trim($status["source"].' ('.ContactSelector::networkToName($item['network'], $item['author-link']).')'); } if ($item["id"] == $item["parent"]) { $retweeted_item = api_share_as_retweet($item); if ($retweeted_item !== false) { $retweeted_status = $status; + $status['user'] = $status['friendica_owner']; try { $retweeted_status["user"] = api_get_user($a, $retweeted_item["author-id"]); } catch (BadRequestException $e) { @@ -3037,7 +3077,7 @@ api_register_func('api/lists/subscriptions', 'api_lists_list', true); */ function api_lists_ownerships($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -3081,7 +3121,7 @@ api_register_func('api/lists/ownerships', 'api_lists_ownerships', true); */ function api_lists_statuses($type) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); if (api_user() === false || $user_info === false) { @@ -3099,15 +3139,15 @@ function api_lists_statuses($type) } // params - $count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20); - $page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0); + $count = defaults($_REQUEST, 'count', 20); + $page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0); if ($page < 0) { $page = 0; } - $since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0); - $max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0); - $exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0); - $conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0); + $since_id = defaults($_REQUEST, 'since_id', 0); + $max_id = defaults($_REQUEST, 'max_id', 0); + $exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0); + $conversation_id = defaults($_REQUEST, 'conversation_id', 0); $start = $page * $count; @@ -3134,6 +3174,7 @@ function api_lists_statuses($type) $data = ['status' => $items]; switch ($type) { case "atom": + break; case "rss": $data = api_rss_extra($a, $data, $user_info); break; @@ -3157,15 +3198,15 @@ api_register_func('api/lists/statuses', 'api_lists_statuses', true); */ function api_statuses_f($qtype) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); } // pagination - $count = x($_GET, 'count') ? $_GET['count'] : 20; - $page = x($_GET, 'page') ? $_GET['page'] : 1; + $count = defaults($_GET, 'count', 20); + $page = defaults($_GET, 'page', 1); if ($page < 1) { $page = 1; } @@ -3173,7 +3214,7 @@ function api_statuses_f($qtype) $user_info = api_get_user($a); - if (x($_GET, 'cursor') && $_GET['cursor'] == 'undefined') { + if (!empty($_GET['cursor']) && $_GET['cursor'] == 'undefined') { /* this is to stop Hotot to load friends multiple times * I'm not sure if I'm missing return something or * is a bug in hotot. Workaround, meantime @@ -3186,9 +3227,9 @@ function api_statuses_f($qtype) $sql_extra = ''; if ($qtype == 'friends') { - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(Contact::SHARING), intval(Contact::FRIEND)); } elseif ($qtype == 'followers') { - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(Contact::FOLLOWER), intval(Contact::FRIEND)); } // friends and followers only for self @@ -3333,10 +3374,10 @@ api_register_func('api/friendships/incoming', 'api_friendships_incoming', true); */ function api_statusnet_config($type) { - $a = get_app(); + $a = \get_app(); $name = Config::get('config', 'sitename'); - $server = $a->get_hostname(); + $server = $a->getHostName(); $logo = System::baseUrl() . '/images/friendica-64.png'; $email = Config::get('config', 'admin_email'); $closed = intval(Config::get('config', 'register_policy')) === REGISTER_CLOSED ? 'true' : 'false'; @@ -3393,11 +3434,11 @@ api_register_func('api/statusnet/version', 'api_statusnet_version', false); */ function api_ff_ids($type) { - if (! api_user()) { + if (!api_user()) { throw new ForbiddenException(); } - $a = get_app(); + $a = \get_app(); api_get_user($a); @@ -3465,7 +3506,7 @@ api_register_func('api/followers/ids', 'api_followers_ids', true); */ function api_direct_messages_new($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -3482,7 +3523,7 @@ function api_direct_messages_new($type) $r = q( "SELECT `id`, `nurl`, `network` FROM `contact` WHERE `uid`=%d AND `nick`='%s'", intval(api_user()), - dbesc($_POST['screen_name']) + DBA::escape($_POST['screen_name']) ); if (DBA::isResult($r)) { @@ -3501,7 +3542,7 @@ function api_direct_messages_new($type) $replyto = ''; $sub = ''; - if (x($_REQUEST, 'replyto')) { + if (!empty($_REQUEST['replyto'])) { $r = q( 'SELECT `parent-uri`, `title` FROM `mail` WHERE `uid`=%d AND `id`=%d', intval(api_user()), @@ -3510,7 +3551,7 @@ function api_direct_messages_new($type) $replyto = $r[0]['parent-uri']; $sub = $r[0]['title']; } else { - if (x($_REQUEST, 'title')) { + if (!empty($_REQUEST['title'])) { $sub = $_REQUEST['title']; } else { $sub = ((strlen($_POST['text'])>10) ? substr($_POST['text'], 0, 10)."...":$_POST['text']); @@ -3530,8 +3571,10 @@ function api_direct_messages_new($type) switch ($type) { case "atom": + break; case "rss": $data = api_rss_extra($a, $data, $sender); + break; } return api_format_data("direct-messages", $type, $data); @@ -3551,7 +3594,7 @@ api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, AP */ function api_direct_messages_destroy($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -3560,10 +3603,10 @@ function api_direct_messages_destroy($type) // params $user_info = api_get_user($a); //required - $id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0); + $id = defaults($_REQUEST, 'id', 0); // optional - $parenturi = (x($_REQUEST, 'friendica_parenturi') ? $_REQUEST['friendica_parenturi'] : ""); - $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); + $parenturi = defaults($_REQUEST, 'friendica_parenturi', ""); + $verbose = (!empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"); /// @todo optional parameter 'include_entities' from Twitter API not yet implemented $uid = $user_info['uid']; @@ -3579,7 +3622,7 @@ function api_direct_messages_destroy($type) } // add parent-uri to sql command if specified by calling app - $sql_extra = ($parenturi != "" ? " AND `parent-uri` = '" . dbesc($parenturi) . "'" : ""); + $sql_extra = ($parenturi != "" ? " AND `parent-uri` = '" . DBA::escape($parenturi) . "'" : ""); // get data of the specified message id $r = q( @@ -3621,6 +3664,84 @@ function api_direct_messages_destroy($type) /// @TODO move to top of file or somewhere better api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy', true, API_METHOD_DELETE); +/** + * Unfollow Contact + * + * @brief unfollow contact + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string|array + * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/post-friendships-destroy.html + */ +function api_friendships_destroy($type) +{ + $uid = api_user(); + + if ($uid === false) { + throw new ForbiddenException(); + } + + $contact_id = defaults($_REQUEST, 'user_id'); + + if (empty($contact_id)) { + Logger::log("No user_id specified", Logger::DEBUG); + throw new BadRequestException("no user_id specified"); + } + + // Get Contact by given id + $contact = DBA::selectFirst('contact', ['url'], ['id' => $contact_id, 'uid' => 0, 'self' => false]); + + if(!DBA::isResult($contact)) { + Logger::log("No contact found for ID" . $contact_id, Logger::DEBUG); + throw new NotFoundException("no contact found to given ID"); + } + + $url = $contact["url"]; + + $condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)", + $uid, Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url), + Strings::normaliseLink($url), $url]; + $contact = DBA::selectFirst('contact', [], $condition); + + if (!DBA::isResult($contact)) { + Logger::log("Not following Contact", Logger::DEBUG); + throw new NotFoundException("Not following Contact"); + } + + if (!in_array($contact['network'], Protocol::NATIVE_SUPPORT)) { + Logger::log("Not supported", Logger::DEBUG); + throw new ExpectationFailedException("Not supported"); + } + + $dissolve = ($contact['rel'] == Contact::SHARING); + + $owner = User::getOwnerDataById($uid); + if ($owner) { + Contact::terminateFriendship($owner, $contact, $dissolve); + } + else { + Logger::log("No owner found", Logger::DEBUG); + throw new NotFoundException("Error Processing Request"); + } + + // Sharing-only contacts get deleted as there no relationship any more + if ($dissolve) { + Contact::remove($contact['id']); + } else { + DBA::update('contact', ['rel' => Contact::FOLLOWER], ['id' => $contact['id']]); + } + + // "uid" and "self" are only needed for some internal stuff, so remove it from here + unset($contact["uid"]); + unset($contact["self"]); + + // Set screen_name since Twidere requests it + $contact["screen_name"] = $contact["nick"]; + + return api_format_data("friendships-destroy", $type, ['user' => $contact]); +} +api_register_func('api/friendships/destroy', 'api_friendships_destroy', true, API_METHOD_POST); + /** * * @param string $type Return type (atom, rss, xml, json) @@ -3631,7 +3752,7 @@ api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy', */ function api_direct_messages_box($type, $box, $verbose) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); } @@ -3668,13 +3789,13 @@ function api_direct_messages_box($type, $box, $verbose) // filters if ($box=="sentbox") { - $sql_extra = "`mail`.`from-url`='" . dbesc($profile_url) . "'"; + $sql_extra = "`mail`.`from-url`='" . DBA::escape($profile_url) . "'"; } elseif ($box == "conversation") { - $sql_extra = "`mail`.`parent-uri`='" . dbesc(defaults($_GET, 'uri', '')) . "'"; + $sql_extra = "`mail`.`parent-uri`='" . DBA::escape(defaults($_GET, 'uri', '')) . "'"; } elseif ($box == "all") { $sql_extra = "true"; } elseif ($box == "inbox") { - $sql_extra = "`mail`.`from-url`!='" . dbesc($profile_url) . "'"; + $sql_extra = "`mail`.`from-url`!='" . DBA::escape($profile_url) . "'"; } if ($max_id > 0) { @@ -3684,7 +3805,7 @@ function api_direct_messages_box($type, $box, $verbose) if ($user_id != "") { $sql_extra .= ' AND `mail`.`contact-id` = ' . intval($user_id); } elseif ($screen_name !="") { - $sql_extra .= " AND `contact`.`nick` = '" . dbesc($screen_name). "'"; + $sql_extra .= " AND `contact`.`nick` = '" . DBA::escape($screen_name). "'"; } $r = q( @@ -3703,9 +3824,9 @@ function api_direct_messages_box($type, $box, $verbose) foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = api_get_user($a, normalise_link($item['contact-url'])); + $sender = api_get_user($a, Strings::normaliseLink($item['contact-url'])); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user($a, normalise_link($item['contact-url'])); + $recipient = api_get_user($a, Strings::normaliseLink($item['contact-url'])); $sender = $user_info; } @@ -3718,8 +3839,10 @@ function api_direct_messages_box($type, $box, $verbose) $data = ['direct_message' => $ret]; switch ($type) { case "atom": + break; case "rss": $data = api_rss_extra($a, $data, $user_info); + break; } return api_format_data("direct-messages", $type, $data); @@ -3735,7 +3858,7 @@ function api_direct_messages_box($type, $box, $verbose) */ function api_direct_messages_sentbox($type) { - $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); + $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; return api_direct_messages_box($type, "sentbox", $verbose); } @@ -3749,7 +3872,7 @@ function api_direct_messages_sentbox($type) */ function api_direct_messages_inbox($type) { - $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); + $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; return api_direct_messages_box($type, "inbox", $verbose); } @@ -3761,7 +3884,7 @@ function api_direct_messages_inbox($type) */ function api_direct_messages_all($type) { - $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); + $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; return api_direct_messages_box($type, "all", $verbose); } @@ -3773,7 +3896,7 @@ function api_direct_messages_all($type) */ function api_direct_messages_conversation($type) { - $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); + $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; return api_direct_messages_box($type, "conversation", $verbose); } @@ -3837,7 +3960,7 @@ function api_fr_photoalbum_delete($type) throw new ForbiddenException(); } // input params - $album = (x($_REQUEST, 'album') ? $_REQUEST['album'] : ""); + $album = defaults($_REQUEST, 'album', ""); // we do not allow calls without album string if ($album == "") { @@ -3847,7 +3970,7 @@ function api_fr_photoalbum_delete($type) $r = q( "SELECT DISTINCT `resource-id` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", intval(api_user()), - dbesc($album) + DBA::escape($album) ); if (!DBA::isResult($r)) { throw new BadRequestException("album not available"); @@ -3866,7 +3989,7 @@ function api_fr_photoalbum_delete($type) } // now let's delete all photos from the album - $result = DBA::delete('photo', ['uid' => api_user(), 'album' => $album]); + $result = Photo::delete(['uid' => api_user(), 'album' => $album]); // return success of deletion or error message if ($result) { @@ -3889,8 +4012,8 @@ function api_fr_photoalbum_update($type) throw new ForbiddenException(); } // input params - $album = (x($_REQUEST, 'album') ? $_REQUEST['album'] : ""); - $album_new = (x($_REQUEST, 'album_new') ? $_REQUEST['album_new'] : ""); + $album = defaults($_REQUEST, 'album', ""); + $album_new = defaults($_REQUEST, 'album_new', ""); // we do not allow calls without album string if ($album == "") { @@ -3900,11 +4023,11 @@ function api_fr_photoalbum_update($type) throw new BadRequestException("no new albumname specified"); } // check if album is existing - if (!DBA::exists('photo', ['uid' => api_user(), 'album' => $album])) { + if (!Photo::exists(['uid' => api_user(), 'album' => $album])) { throw new BadRequestException("album not available"); } // now let's update all photos to the albumname - $result = DBA::update('photo', ['album' => $album_new], ['uid' => api_user(), 'album' => $album]); + $result = Photo::update(['album' => $album_new], ['uid' => api_user(), 'album' => $album]); // return success of updating or error message if ($result) { @@ -3974,15 +4097,15 @@ function api_fr_photo_create_update($type) throw new ForbiddenException(); } // input params - $photo_id = (x($_REQUEST, 'photo_id') ? $_REQUEST['photo_id'] : null); - $desc = (x($_REQUEST, 'desc') ? $_REQUEST['desc'] : (array_key_exists('desc', $_REQUEST) ? "" : null)); // extra check necessary to distinguish between 'not provided' and 'empty string' - $album = (x($_REQUEST, 'album') ? $_REQUEST['album'] : null); - $album_new = (x($_REQUEST, 'album_new') ? $_REQUEST['album_new'] : null); - $allow_cid = (x($_REQUEST, 'allow_cid') ? $_REQUEST['allow_cid'] : (array_key_exists('allow_cid', $_REQUEST) ? " " : null)); - $deny_cid = (x($_REQUEST, 'deny_cid') ? $_REQUEST['deny_cid'] : (array_key_exists('deny_cid', $_REQUEST) ? " " : null)); - $allow_gid = (x($_REQUEST, 'allow_gid') ? $_REQUEST['allow_gid'] : (array_key_exists('allow_gid', $_REQUEST) ? " " : null)); - $deny_gid = (x($_REQUEST, 'deny_gid') ? $_REQUEST['deny_gid'] : (array_key_exists('deny_gid', $_REQUEST) ? " " : null)); - $visibility = (x($_REQUEST, 'visibility') ? (($_REQUEST['visibility'] == "true" || $_REQUEST['visibility'] == 1) ? true : false) : false); + $photo_id = defaults($_REQUEST, 'photo_id', null); + $desc = defaults($_REQUEST, 'desc', (array_key_exists('desc', $_REQUEST) ? "" : null)) ; // extra check necessary to distinguish between 'not provided' and 'empty string' + $album = defaults($_REQUEST, 'album', null); + $album_new = defaults($_REQUEST, 'album_new', null); + $allow_cid = defaults($_REQUEST, 'allow_cid', (array_key_exists('allow_cid', $_REQUEST) ? " " : null)); + $deny_cid = defaults($_REQUEST, 'deny_cid' , (array_key_exists('deny_cid' , $_REQUEST) ? " " : null)); + $allow_gid = defaults($_REQUEST, 'allow_gid', (array_key_exists('allow_gid', $_REQUEST) ? " " : null)); + $deny_gid = defaults($_REQUEST, 'deny_gid' , (array_key_exists('deny_gid' , $_REQUEST) ? " " : null)); + $visibility = !empty($_REQUEST['visibility']) && $_REQUEST['visibility'] !== "false"; // do several checks on input parameters // we do not allow calls without album string @@ -3994,7 +4117,7 @@ function api_fr_photo_create_update($type) $mode = "create"; // error if no media posted in create-mode - if (!x($_FILES, 'media')) { + if (empty($_FILES['media'])) { // Output error throw new BadRequestException("no media data submitted"); } @@ -4004,14 +4127,8 @@ function api_fr_photo_create_update($type) } else { $mode = "update"; - // check if photo is existing in database - $r = q( - "SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' AND `album` = '%s'", - intval(api_user()), - dbesc($photo_id), - dbesc($album) - ); - if (!DBA::isResult($r)) { + // check if photo is existing in databasei + if (!Photo::exists(['resource-id' => $photo_id, 'uid' => api_user(), 'album' => $album])) { throw new BadRequestException("photo not available"); } } @@ -4040,52 +4157,45 @@ function api_fr_photo_create_update($type) // now let's do the changes in update-mode if ($mode == "update") { - $sql_extra = ""; + $updated_fields = []; if (!is_null($desc)) { - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`desc` = '$desc'"; + $updated_fields['desc'] = $desc; } if (!is_null($album_new)) { - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`album` = '$album_new'"; + $updated_fields['album'] = $album_new; } if (!is_null($allow_cid)) { $allow_cid = trim($allow_cid); - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`allow_cid` = '$allow_cid'"; + $updated_fields['allow_cid'] = $allow_cid; } if (!is_null($deny_cid)) { $deny_cid = trim($deny_cid); - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`deny_cid` = '$deny_cid'"; + $updated_fields['deny_cid'] = $deny_cid; } if (!is_null($allow_gid)) { $allow_gid = trim($allow_gid); - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`allow_gid` = '$allow_gid'"; + $updated_fields['allow_gid'] = $allow_gid; } if (!is_null($deny_gid)) { $deny_gid = trim($deny_gid); - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`deny_gid` = '$deny_gid'"; + $updated_fields['deny_gid'] = $deny_gid; } $result = false; - if ($sql_extra != "") { + if (count($updated_fields) > 0) { $nothingtodo = false; - $result = q( - "UPDATE `photo` SET %s, `edited`='%s' WHERE `uid` = %d AND `resource-id` = '%s' AND `album` = '%s'", - $sql_extra, - DateTimeFormat::utcNow(), // update edited timestamp - intval(api_user()), - dbesc($photo_id), - dbesc($album) - ); + $result = Photo::update($updated_fields, ['uid' => api_user(), 'resource-id' => $photo_id, 'album' => $album]); } else { $nothingtodo = true; } - if (x($_FILES, 'media')) { + if (!empty($_FILES['media'])) { $nothingtodo = false; $media = $_FILES['media']; $data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, 0, $visibility, $photo_id); @@ -4121,7 +4231,7 @@ function api_fr_photo_delete($type) throw new ForbiddenException(); } // input params - $photo_id = (x($_REQUEST, 'photo_id') ? $_REQUEST['photo_id'] : null); + $photo_id = defaults($_REQUEST, 'photo_id', null); // do several checks on input parameters // we do not allow calls without photo id @@ -4129,16 +4239,12 @@ function api_fr_photo_delete($type) throw new BadRequestException("no photo_id specified"); } // check if photo is existing in database - $r = q( - "SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'", - intval(api_user()), - dbesc($photo_id) - ); - if (!DBA::isResult($r)) { + $r = Photo::exists(['resource-id' => $photo_id, 'uid' => api_user()]); + if (!$r) { throw new BadRequestException("photo not available"); } // now we can perform on the deletion of the photo - $result = DBA::delete('photo', ['uid' => api_user(), 'resource-id' => $photo_id]); + $result = Photo::delete(['uid' => api_user(), 'resource-id' => $photo_id]); // return success of deletion or error message if ($result) { @@ -4172,11 +4278,11 @@ function api_fr_photo_detail($type) if (api_user() === false) { throw new ForbiddenException(); } - if (!x($_REQUEST, 'photo_id')) { + if (empty($_REQUEST['photo_id'])) { throw new BadRequestException("No photo id."); } - $scale = (x($_REQUEST, 'scale') ? intval($_REQUEST['scale']) : false); + $scale = (!empty($_REQUEST['scale']) ? intval($_REQUEST['scale']) : false); $photo_id = $_REQUEST['photo_id']; // prepare json/xml output with data from database for the requested photo @@ -4205,7 +4311,7 @@ function api_account_update_profile_image($type) $profile_id = defaults($_REQUEST, 'profile_id', 0); // error if image data is missing - if (!x($_FILES, 'image')) { + if (empty($_FILES['image'])) { throw new BadRequestException("no media data submitted"); } @@ -4223,9 +4329,9 @@ function api_account_update_profile_image($type) // get mediadata from image or media (Twitter call api/account/update_profile_image provides image) $media = null; - if (x($_FILES, 'image')) { + if (!empty($_FILES['image'])) { $media = $_FILES['image']; - } elseif (x($_FILES, 'media')) { + } elseif (!empty($_FILES['media'])) { $media = $_FILES['media']; } // save new profile image @@ -4248,7 +4354,7 @@ function api_account_update_profile_image($type) // change specified profile or all profiles to the new resource-id if ($is_default_profile) { $condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], api_user()]; - DBA::update('photo', ['profile' => false], $condition); + Photo::update(['profile' => false], $condition); } else { $fields = ['photo' => System::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $filetype, 'thumb' => System::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $filetype]; @@ -4258,7 +4364,7 @@ function api_account_update_profile_image($type) Contact::updateSelfFromUserID(api_user(), true); // Update global directory in background - $url = System::baseUrl() . '/profile/' . get_app()->user['nickname']; + $url = System::baseUrl() . '/profile/' . \get_app()->user['nickname']; if ($url && strlen(Config::get('system', 'directory'))) { Worker::add(PRIORITY_LOW, "Directory", $url); } @@ -4340,12 +4446,8 @@ function check_acl_input($acl_string) foreach ($cid_array as $cid) { $cid = str_replace("<", "", $cid); $cid = str_replace(">", "", $cid); - $contact = q( - "SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d", - intval($cid), - intval(api_user()) - ); - $contact_not_found |= !DBA::isResult($contact); + $condition = ['id' => $cid, 'uid' => api_user()]; + $contact_not_found |= !DBA::exists('contact', $condition); } return $contact_not_found; } @@ -4399,14 +4501,14 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ if ($filetype == "") { $filetype=Image::guessType($filename); } - $imagedata = getimagesize($src); + $imagedata = @getimagesize($src); if ($imagedata) { $filetype = $imagedata['mime']; } - logger( + Logger::log( "File upload src: " . $src . " - filename: " . $filename . " - size: " . $filesize . " - type: " . $filetype, - LOGGER_DEBUG + Logger::DEBUG ); // check if there was a php upload error @@ -4416,14 +4518,14 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ // check against max upload size within Friendica instance $maximagesize = Config::get('system', 'maximagesize'); if ($maximagesize && ($filesize > $maximagesize)) { - $formattedBytes = formatBytes($maximagesize); + $formattedBytes = Strings::formatBytes($maximagesize); throw new InternalServerErrorException("image size exceeds Friendica config setting (uploaded size: $formattedBytes)"); } // create Photo instance with the data of the image $imagedata = @file_get_contents($src); $Image = new Image($imagedata, $filetype); - if (! $Image->isValid()) { + if (!$Image->isValid()) { throw new InternalServerErrorException("unable to process image data"); } @@ -4433,12 +4535,12 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ // check max length of images on server $max_length = Config::get('system', 'max_image_length'); - if (! $max_length) { + if (!$max_length) { $max_length = MAX_IMAGE_LENGTH; } if ($max_length > 0) { $Image->scaleDown($max_length); - logger("File upload: Scaling picture to new size " . $max_length, LOGGER_DEBUG); + Logger::log("File upload: Scaling picture to new size " . $max_length, Logger::DEBUG); } $width = $Image->getWidth(); $height = $Image->getHeight(); @@ -4448,57 +4550,57 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ if ($mediatype == "photo") { // upload normal image (scales 0, 1, 2) - logger("photo upload: starting new photo upload", LOGGER_DEBUG); + Logger::log("photo upload: starting new photo upload", Logger::DEBUG); $r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 0, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (! $r) { - logger("photo upload: image upload with scale 0 (original size) failed"); + if (!$r) { + Logger::log("photo upload: image upload with scale 0 (original size) failed"); } if ($width > 640 || $height > 640) { $Image->scaleDown(640); $r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 1, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (! $r) { - logger("photo upload: image upload with scale 1 (640x640) failed"); + if (!$r) { + Logger::log("photo upload: image upload with scale 1 (640x640) failed"); } } if ($width > 320 || $height > 320) { $Image->scaleDown(320); $r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 2, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (! $r) { - logger("photo upload: image upload with scale 2 (320x320) failed"); + if (!$r) { + Logger::log("photo upload: image upload with scale 2 (320x320) failed"); } } - logger("photo upload: new photo upload ended", LOGGER_DEBUG); + Logger::log("photo upload: new photo upload ended", Logger::DEBUG); } elseif ($mediatype == "profileimage") { // upload profile image (scales 4, 5, 6) - logger("photo upload: starting new profile image upload", LOGGER_DEBUG); + Logger::log("photo upload: starting new profile image upload", Logger::DEBUG); - if ($width > 175 || $height > 175) { - $Image->scaleDown(175); + if ($width > 300 || $height > 300) { + $Image->scaleDown(300); $r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 4, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (! $r) { - logger("photo upload: profile image upload with scale 4 (175x175) failed"); + if (!$r) { + Logger::log("photo upload: profile image upload with scale 4 (300x300) failed"); } } if ($width > 80 || $height > 80) { $Image->scaleDown(80); $r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 5, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (! $r) { - logger("photo upload: profile image upload with scale 5 (80x80) failed"); + if (!$r) { + Logger::log("photo upload: profile image upload with scale 5 (80x80) failed"); } } if ($width > 48 || $height > 48) { $Image->scaleDown(48); $r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 6, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (! $r) { - logger("photo upload: profile image upload with scale 6 (48x48) failed"); + if (!$r) { + Logger::log("photo upload: profile image upload with scale 6 (48x48) failed"); } } $Image->__destruct(); - logger("photo upload: new profile image upload ended", LOGGER_DEBUG); + Logger::log("photo upload: new profile image upload ended", Logger::DEBUG); } if (isset($r) && $r) { @@ -4527,23 +4629,23 @@ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $f { // get data about the api authenticated user $uri = Item::newURI(intval(api_user())); - $owner_record = q("SELECT * FROM `contact` WHERE `uid`= %d AND `self` LIMIT 1", intval(api_user())); + $owner_record = DBA::selectFirst('contact', [], ['uid' => api_user(), 'self' => true]); $arr = []; - $arr['guid'] = System::createGUID(32); + $arr['guid'] = System::createUUID(); $arr['uid'] = intval(api_user()); $arr['uri'] = $uri; $arr['parent-uri'] = $uri; $arr['type'] = 'photo'; $arr['wall'] = 1; $arr['resource-id'] = $hash; - $arr['contact-id'] = $owner_record[0]['id']; - $arr['owner-name'] = $owner_record[0]['name']; - $arr['owner-link'] = $owner_record[0]['url']; - $arr['owner-avatar'] = $owner_record[0]['thumb']; - $arr['author-name'] = $owner_record[0]['name']; - $arr['author-link'] = $owner_record[0]['url']; - $arr['author-avatar'] = $owner_record[0]['thumb']; + $arr['contact-id'] = $owner_record['id']; + $arr['owner-name'] = $owner_record['name']; + $arr['owner-link'] = $owner_record['url']; + $arr['owner-avatar'] = $owner_record['thumb']; + $arr['author-name'] = $owner_record['name']; + $arr['author-link'] = $owner_record['url']; + $arr['author-avatar'] = $owner_record['thumb']; $arr['title'] = ""; $arr['allow_cid'] = $allow_cid; $arr['allow_gid'] = $allow_gid; @@ -4559,7 +4661,7 @@ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $f ]; // adds link to the thumbnail scale photo - $arr['body'] = '[url=' . System::baseUrl() . '/photos/' . $owner_record[0]['nick'] . '/image/' . $hash . ']' + $arr['body'] = '[url=' . System::baseUrl() . '/photos/' . $owner_record['nick'] . '/image/' . $hash . ']' . '[img]' . System::baseUrl() . '/photo/' . $hash . '-' . "2" . '.'. $typetoext[$filetype] . '[/img]' . '[/url]'; @@ -4577,7 +4679,7 @@ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $f */ function prepare_photo_data($type, $scale, $photo_id) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); if ($user_info === false) { @@ -4596,7 +4698,7 @@ function prepare_photo_data($type, $scale, $photo_id) FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' %s GROUP BY `resource-id`", $data_sql, intval(local_user()), - dbesc($photo_id), + DBA::escape($photo_id), $scale_sql ); @@ -4689,20 +4791,20 @@ function prepare_photo_data($type, $scale, $photo_id) */ function api_friendica_remoteauth() { - $url = (x($_GET, 'url') ? $_GET['url'] : ''); - $c_url = (x($_GET, 'c_url') ? $_GET['c_url'] : ''); + $url = defaults($_GET, 'url', ''); + $c_url = defaults($_GET, 'c_url', ''); if ($url === '' || $c_url === '') { throw new BadRequestException("Wrong parameters."); } - $c_url = normalise_link($c_url); + $c_url = Strings::normaliseLink($c_url); // traditional DFRN $contact = DBA::selectFirst('contact', [], ['uid' => api_user(), 'nurl' => $c_url]); - if (!DBA::isResult($contact) || ($contact['network'] !== NETWORK_DFRN)) { + if (!DBA::isResult($contact) || ($contact['network'] !== Protocol::DFRN)) { throw new BadRequestException("Unknown contact"); } @@ -4719,15 +4821,16 @@ function api_friendica_remoteauth() $dfrn_id = '0:' . $orig_id; } - $sec = random_string(); + $sec = Strings::getRandomHex(); $fields = ['uid' => api_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]; DBA::insert('profile_check', $fields); - logger($contact['name'] . ' ' . $sec, LOGGER_DEBUG); + Logger::log($contact['name'] . ' ' . $sec, Logger::DEBUG); $dest = ($url ? '&destination_url=' . $url : ''); - goaway( + + System::externalRedirect( $contact['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest @@ -4745,77 +4848,86 @@ function api_share_as_retweet(&$item) { $body = trim($item["body"]); - if (Diaspora::isReshare($body, false)===false) { - return false; + if (Diaspora::isReshare($body, false) === false) { + if ($item['author-id'] == $item['owner-id']) { + return false; + } else { + // Reshares from OStatus, ActivityPub and Twitter + $reshared_item = $item; + $reshared_item['owner-id'] = $reshared_item['author-id']; + $reshared_item['owner-link'] = $reshared_item['author-link']; + $reshared_item['owner-name'] = $reshared_item['author-name']; + $reshared_item['owner-avatar'] = $reshared_item['author-avatar']; + return $reshared_item; + } } /// @TODO "$1" should maybe mean '$1' ? $attributes = preg_replace("/\[share(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism", "$1", $body); /* - * Skip if there is no shared message in there - * we already checked this in diaspora::isReshare() - * but better one more than one less... - */ - if ($body == $attributes) { + * Skip if there is no shared message in there + * we already checked this in diaspora::isReshare() + * but better one more than one less... + */ + if (($body == $attributes) || empty($attributes)) { return false; } - // build the fake reshared item $reshared_item = $item; $author = ""; preg_match("/author='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") { + if (!empty($matches[1])) { $author = html_entity_decode($matches[1], ENT_QUOTES, 'UTF-8'); } preg_match('/author="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") { + if (!empty($matches[1])) { $author = $matches[1]; } $profile = ""; preg_match("/profile='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") { + if (!empty($matches[1])) { $profile = $matches[1]; } preg_match('/profile="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") { + if (!empty($matches[1])) { $profile = $matches[1]; } $avatar = ""; preg_match("/avatar='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") { + if (!empty($matches[1])) { $avatar = $matches[1]; } preg_match('/avatar="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") { + if (!empty($matches[1])) { $avatar = $matches[1]; } $link = ""; preg_match("/link='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") { + if (!empty($matches[1])) { $link = $matches[1]; } preg_match('/link="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") { + if (!empty($matches[1])) { $link = $matches[1]; } $posted = ""; preg_match("/posted='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") { + if (!empty($matches[1])) { $posted = $matches[1]; } preg_match('/posted="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") { + if (!empty($matches[1])) { $posted = $matches[1]; } @@ -4826,6 +4938,7 @@ function api_share_as_retweet(&$item) } $reshared_item["body"] = $shared_body; + $reshared_item["author-id"] = Contact::getIdForURL($profile, 0, true); $reshared_item["author-name"] = $author; $reshared_item["author-link"] = $profile; $reshared_item["author-avatar"] = $avatar; @@ -4850,7 +4963,7 @@ function api_get_nick($profile) $r = q( "SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'", - dbesc(normalise_link($profile)) + DBA::escape(Strings::normaliseLink($profile)) ); if (DBA::isResult($r)) { @@ -4860,7 +4973,7 @@ function api_get_nick($profile) if (!$nick == "") { $r = q( "SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'", - dbesc(normalise_link($profile)) + DBA::escape(Strings::normaliseLink($profile)) ); if (DBA::isResult($r)) { @@ -4963,7 +5076,7 @@ function api_in_reply_to($item) // https://github.com/friendica/friendica/issues/1010 // This is a bugfix for that. if (intval($in_reply_to['status_id']) == intval($item['id'])) { - logger('this message should never appear: id: '.$item['id'].' similar to reply-to: '.$in_reply_to['status_id'], LOGGER_DEBUG); + Logger::log('this message should never appear: id: '.$item['id'].' similar to reply-to: '.$in_reply_to['status_id'], Logger::DEBUG); $in_reply_to['status_id'] = null; $in_reply_to['user_id'] = null; $in_reply_to['status_id_str'] = null; @@ -4983,7 +5096,7 @@ function api_in_reply_to($item) */ function api_clean_plain_items($text) { - $include_entities = strtolower(x($_REQUEST, 'include_entities') ? $_REQUEST['include_entities'] : "false"); + $include_entities = strtolower(defaults($_REQUEST, 'include_entities', "false")); $text = BBCode::cleanPictureLinks($text); $URLSearchString = "^\[\]"; @@ -5107,7 +5220,7 @@ function api_best_nickname(&$contacts) */ function api_friendica_group_show($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -5115,7 +5228,7 @@ function api_friendica_group_show($type) // params $user_info = api_get_user($a); - $gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0); + $gid = defaults($_REQUEST, 'gid', 0); $uid = $user_info['uid']; // get data of the specified group id or all groups if not specified @@ -5172,7 +5285,7 @@ api_register_func('api/friendica/group_show', 'api_friendica_group_show', true); */ function api_friendica_group_delete($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -5180,8 +5293,8 @@ function api_friendica_group_delete($type) // params $user_info = api_get_user($a); - $gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0); - $name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : ""); + $gid = defaults($_REQUEST, 'gid', 0); + $name = defaults($_REQUEST, 'name', ""); $uid = $user_info['uid']; // error if no gid specified @@ -5205,7 +5318,7 @@ function api_friendica_group_delete($type) "SELECT * FROM `group` WHERE `uid` = %d AND `id` = %d AND `name` = '%s'", intval($uid), intval($gid), - dbesc($name) + DBA::escape($name) ); // error message if specified gid is not in database if (!DBA::isResult($rname)) { @@ -5234,7 +5347,7 @@ api_register_func('api/friendica/group_delete', 'api_friendica_group_delete', tr */ function api_lists_destroy($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -5242,7 +5355,7 @@ function api_lists_destroy($type) // params $user_info = api_get_user($a); - $gid = (x($_REQUEST, 'list_id') ? $_REQUEST['list_id'] : 0); + $gid = defaults($_REQUEST, 'list_id', 0); $uid = $user_info['uid']; // error if no gid specified @@ -5290,7 +5403,7 @@ function group_create($name, $uid, $users = []) $rname = q( "SELECT * FROM `group` WHERE `uid` = %d AND `name` = '%s' AND `deleted` = 0", intval($uid), - dbesc($name) + DBA::escape($name) ); // error message if specified group name already exists if (DBA::isResult($rname)) { @@ -5301,7 +5414,7 @@ function group_create($name, $uid, $users = []) $rname = q( "SELECT * FROM `group` WHERE `uid` = %d AND `name` = '%s' AND `deleted` = 1", intval($uid), - dbesc($name) + DBA::escape($name) ); // error message if specified group name already exists if (DBA::isResult($rname)) { @@ -5350,7 +5463,7 @@ function group_create($name, $uid, $users = []) */ function api_friendica_group_create($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -5358,7 +5471,7 @@ function api_friendica_group_create($type) // params $user_info = api_get_user($a); - $name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : ""); + $name = defaults($_REQUEST, 'name', ""); $uid = $user_info['uid']; $json = json_decode($_POST['json'], true); $users = $json['user']; @@ -5379,7 +5492,7 @@ api_register_func('api/friendica/group_create', 'api_friendica_group_create', tr */ function api_lists_create($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -5387,7 +5500,7 @@ function api_lists_create($type) // params $user_info = api_get_user($a); - $name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : ""); + $name = defaults($_REQUEST, 'name', ""); $uid = $user_info['uid']; $success = group_create($name, $uid); @@ -5413,7 +5526,7 @@ api_register_func('api/lists/create', 'api_lists_create', true, API_METHOD_POST) */ function api_friendica_group_update($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -5422,8 +5535,8 @@ function api_friendica_group_update($type) // params $user_info = api_get_user($a); $uid = $user_info['uid']; - $gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0); - $name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : ""); + $gid = defaults($_REQUEST, 'gid', 0); + $name = defaults($_REQUEST, 'name', ""); $json = json_decode($_POST['json'], true); $users = $json['user']; @@ -5487,7 +5600,7 @@ api_register_func('api/friendica/group_update', 'api_friendica_group_update', tr */ function api_lists_update($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -5495,8 +5608,8 @@ function api_lists_update($type) // params $user_info = api_get_user($a); - $gid = (x($_REQUEST, 'list_id') ? $_REQUEST['list_id'] : 0); - $name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : ""); + $gid = defaults($_REQUEST, 'list_id', 0); + $name = defaults($_REQUEST, 'name', ""); $uid = $user_info['uid']; // error if no gid specified @@ -5533,7 +5646,7 @@ api_register_func('api/lists/update', 'api_lists_update', true, API_METHOD_POST) */ function api_friendica_activity($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -5541,7 +5654,7 @@ function api_friendica_activity($type) $verb = strtolower($a->argv[3]); $verb = preg_replace("|\..*$|", "", $verb); - $id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0); + $id = defaults($_REQUEST, 'id', 0); $res = Item::performLike($id, $verb); @@ -5577,7 +5690,7 @@ api_register_func('api/friendica/activity/unattendmaybe', 'api_friendica_activit */ function api_friendica_notification($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -5599,7 +5712,6 @@ function api_friendica_notification($type) $notes = $xmlnotes; } - return api_format_data("notes", $type, ['note' => $notes]); } @@ -5613,7 +5725,7 @@ function api_friendica_notification($type) */ function api_friendica_notification_seen($type) { - $a = get_app(); + $a = \get_app(); $user_info = api_get_user($a); if (api_user() === false || $user_info === false) { @@ -5623,7 +5735,7 @@ function api_friendica_notification_seen($type) throw new BadRequestException("Invalid argument count"); } - $id = (x($_REQUEST, 'id') ? intval($_REQUEST['id']) : 0); + $id = (!empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0); $nm = new NotificationsManager(); $note = $nm->getByID($id); @@ -5635,7 +5747,7 @@ function api_friendica_notification_seen($type) if ($note['otype']=='item') { // would be really better with an ItemsManager and $im->getByID() :-P $item = Item::selectFirstForUser(api_user(), [], ['id' => $note['iid'], 'uid' => api_user()]); - if (DBA::isResult($$item)) { + if (DBA::isResult($item)) { // we found the item, return it to the user $ret = api_format_items([$item], $user_info, false, $type); $data = ['status' => $ret]; @@ -5658,7 +5770,7 @@ api_register_func('api/friendica/notification', 'api_friendica_notification', tr */ function api_friendica_direct_messages_setseen($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); } @@ -5666,7 +5778,7 @@ function api_friendica_direct_messages_setseen($type) // params $user_info = api_get_user($a); $uid = $user_info['uid']; - $id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0); + $id = defaults($_REQUEST, 'id', 0); // return error if id is zero if ($id == "") { @@ -5707,7 +5819,7 @@ api_register_func('api/friendica/direct_messages_setseen', 'api_friendica_direct */ function api_friendica_direct_messages_search($type, $box = "") { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); @@ -5715,7 +5827,7 @@ function api_friendica_direct_messages_search($type, $box = "") // params $user_info = api_get_user($a); - $searchstring = (x($_REQUEST, 'searchstring') ? $_REQUEST['searchstring'] : ""); + $searchstring = defaults($_REQUEST, 'searchstring', ""); $uid = $user_info['uid']; // error if no searchstring specified @@ -5728,7 +5840,7 @@ function api_friendica_direct_messages_search($type, $box = "") $r = q( "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid`=%d AND `body` LIKE '%s' ORDER BY `mail`.`id` DESC", intval($uid), - dbesc('%'.$searchstring.'%') + DBA::escape('%'.$searchstring.'%') ); $profile_url = $user_info["url"]; @@ -5743,9 +5855,9 @@ function api_friendica_direct_messages_search($type, $box = "") foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = api_get_user($a, normalise_link($item['contact-url'])); + $sender = api_get_user($a, Strings::normaliseLink($item['contact-url'])); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user($a, normalise_link($item['contact-url'])); + $recipient = api_get_user($a, Strings::normaliseLink($item['contact-url'])); $sender = $user_info; } @@ -5770,14 +5882,14 @@ api_register_func('api/friendica/direct_messages_search', 'api_friendica_direct_ */ function api_friendica_profile_show($type) { - $a = get_app(); + $a = \get_app(); if (api_user() === false) { throw new ForbiddenException(); } // input params - $profile_id = (x($_REQUEST, 'profile_id') ? $_REQUEST['profile_id'] : 0); + $profile_id = defaults($_REQUEST, 'profile_id', 0); // retrieve general information about profiles for user $multi_profiles = Feature::isEnabled(api_user(), 'multi_profiles'); @@ -5812,7 +5924,7 @@ function api_friendica_profile_show($type) $nurls = q( "SELECT `id`, `nurl` FROM `contact` WHERE `uid`= %d AND `profile-id` = %d", intval(api_user()), - intval($rr['profile_id']) + intval($rr['id']) ); foreach ($nurls as $nurl) { @@ -5830,11 +5942,11 @@ function api_friendica_profile_show($type) } // return settings, authenticated user and profiles data - $self = q("SELECT `nurl` FROM `contact` WHERE `uid`= %d AND `self` LIMIT 1", intval(api_user())); + $self = DBA::selectFirst('contact', ['nurl'], ['uid' => api_user(), 'self' => true]); $result = ['multi_profiles' => $multi_profiles ? true : false, 'global_dir' => $directory, - 'friendica_owner' => api_get_user($a, $self[0]['nurl']), + 'friendica_owner' => api_get_user($a, $self['nurl']), 'profiles' => $profiles]; return api_format_data("friendica_profiles", $type, ['$result' => $result]); } @@ -5873,6 +5985,36 @@ function api_saved_searches_list($type) /// @TODO move to top of file or somewhere better api_register_func('api/saved_searches/list', 'api_saved_searches_list', true); +/* + * Bind comment numbers(friendica_comments: Int) on each statuses page of *_timeline / favorites / search + * + * @brief Number of comments + * + * @param object $data [Status, Status] + * + * @return void + */ +function bindComments(&$data){ + if(count($data) == 0) return; + + $ids = []; + $comments = []; + foreach($data as $item){ $ids[] = $item['id']; } + + $sql = "SELECT `parent`,COUNT(*) as comments FROM `item` + WHERE `parent` IN ( %s ) AND `deleted` = %d AND `gravity`= %d GROUP BY `parent`"; + $result = q($sql, implode(",", $ids), 0, GRAVITY_COMMENT); + + foreach($result as $records) { + $comments[$records['parent']] = $records['comments']; + } + + foreach($data as $idx => $item){ + $id = $item['id']; + $data[$idx]['friendica_comments'] = isset($comments[$id]) ? $comments[$id] : 0; + } +} + /* @TODO Maybe open to implement? To.Do: