X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Facl.php;h=3649b03a39b7451642ffe3ad487364b8275799d4;hb=b2d685482928363ce86c3c0519c8ff39d0af43ca;hp=36cfd42e7149be1a84c20170f8c7b14f9da100b0;hpb=14fde5dc9b1915392601fb94efc6224c01f2b216;p=friendica.git diff --git a/mod/acl.php b/mod/acl.php index 36cfd42e71..3649b03a39 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -5,15 +5,14 @@ use Friendica\App; use Friendica\Content\Widget; use Friendica\Core\ACL; -use Friendica\Core\Addon; +use Friendica\Core\Hook; use Friendica\Core\Logger; use Friendica\Core\Protocol; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Item; use Friendica\Util\Proxy as ProxyUtils; - -require_once 'include/dba.php'; +use Friendica\Util\Strings; function acl_content(App $a) { @@ -35,7 +34,7 @@ function acl_content(App $a) $search = $_REQUEST['query']; } - Logger::log("Searching for ".$search." - type ".$type." conversation ".$conv_id, LOGGER_DEBUG); + Logger::info('ACL {action} - {subaction}', ['module' => 'acl', 'action' => 'content', 'subaction' => 'search', 'search' => $search, 'type' => $type, 'conversation' => $conv_id]); if ($search != '') { $sql_extra = "AND `name` LIKE '%%" . DBA::escape($search) . "%%'"; @@ -48,7 +47,7 @@ function acl_content(App $a) // count groups and contacts $group_count = 0; if ($type == '' || $type == 'g') { - $r = q("SELECT COUNT(*) AS g FROM `group` WHERE `deleted` = 0 AND `uid` = %d $sql_extra", + $r = q("SELECT COUNT(*) AS g FROM `group` WHERE NOT `deleted` AND `uid` = %d $sql_extra", intval(local_user()) ); $group_count = (int) $r[0]['g']; @@ -60,9 +59,8 @@ function acl_content(App $a) if ($type == '' || $type == 'c') { // autocomplete for editor mentions $r = q("SELECT COUNT(*) AS c FROM `contact` - WHERE `uid` = %d AND NOT `self` + WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` - AND `success_update` >= `failure_update` AND `notify` != '' $sql_extra2", intval(local_user()) ); @@ -70,10 +68,9 @@ function acl_content(App $a) } elseif ($type == 'f') { // autocomplete for editor mentions of forums $r = q("SELECT COUNT(*) AS c FROM `contact` - WHERE `uid` = %d AND NOT `self` + WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND (`forum` OR `prv`) - AND `success_update` >= `failure_update` AND `notify` != '' $sql_extra2", intval(local_user()) ); @@ -81,9 +78,8 @@ function acl_content(App $a) } elseif ($type == 'm') { // autocomplete for Private Messages $r = q("SELECT COUNT(*) AS c FROM `contact` - WHERE `uid` = %d AND NOT `self` + WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` - AND `success_update` >= `failure_update` AND `network` IN ('%s', '%s', '%s') $sql_extra2", intval(local_user()), DBA::escape(Protocol::ACTIVITYPUB), @@ -95,7 +91,7 @@ function acl_content(App $a) // autocomplete for Contacts $r = q("SELECT COUNT(*) AS c FROM `contact` WHERE `uid` = %d AND NOT `self` - AND NOT `pending` $sql_extra2", + AND NOT `pending` AND NOT `deleted` $sql_extra2", intval(local_user()) ); $contact_count = (int) $r[0]['c']; @@ -126,7 +122,7 @@ function acl_content(App $a) $groups[] = [ 'type' => 'g', 'photo' => 'images/twopeople.png', - 'name' => htmlentities($g['name']), + 'name' => htmlspecialchars($g['name']), 'id' => intval($g['id']), 'uids' => array_map('intval', explode(',', $g['uids'])), 'link' => '', @@ -141,8 +137,8 @@ function acl_content(App $a) $r = []; if ($type == '') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv`, (`prv` OR `forum`) AS `frm` FROM `contact` - WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' - AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s', '%s')) + WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' + AND NOT (`network` IN ('%s', '%s')) $sql_extra2 ORDER BY `name` ASC ", intval(local_user()), @@ -151,8 +147,8 @@ function acl_content(App $a) ); } elseif ($type == 'c') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact` - WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' - AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s')) + WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' + AND NOT (`network` IN ('%s')) $sql_extra2 ORDER BY `name` ASC ", intval(local_user()), @@ -160,8 +156,8 @@ function acl_content(App $a) ); } elseif ($type == 'f') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact` - WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' - AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s')) + WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' + AND NOT (`network` IN ('%s')) AND (`forum` OR `prv`) $sql_extra2 ORDER BY `name` ASC ", @@ -170,8 +166,8 @@ function acl_content(App $a) ); } elseif ($type == 'm') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr` FROM `contact` - WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` - AND `success_update` >= `failure_update` AND `network` IN ('%s', '%s', '%s') + WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` + AND `network` IN ('%s', '%s', '%s') $sql_extra2 ORDER BY `name` ASC ", intval(local_user()), @@ -181,14 +177,14 @@ function acl_content(App $a) ); } elseif ($type == 'a') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact` - WHERE `uid` = %d AND `pending` = 0 AND `success_update` >= `failure_update` + WHERE `uid` = %d AND NOT `deleted` AND NOT `pending` AND NOT `archive` $sql_extra2 ORDER BY `name` ASC ", intval(local_user()) ); } elseif ($type == 'x') { // autocomplete for global contact search (e.g. navbar search) - $search = notags(trim($_REQUEST['search'])); + $search = Strings::escapeTags(trim($_REQUEST['search'])); $mode = $_REQUEST['smode']; $r = ACL::contactAutocomplete($search, $mode); @@ -197,7 +193,7 @@ function acl_content(App $a) foreach ($r as $g) { $contacts[] = [ 'photo' => ProxyUtils::proxifyUrl($g['photo'], false, ProxyUtils::SIZE_MICRO), - 'name' => $g['name'], + 'name' => htmlspecialchars($g['name']), 'nick' => defaults($g, 'addr', $g['url']), 'network' => $g['network'], 'link' => $g['url'], @@ -219,7 +215,7 @@ function acl_content(App $a) $entry = [ 'type' => 'c', 'photo' => ProxyUtils::proxifyUrl($g['micro'], false, ProxyUtils::SIZE_MICRO), - 'name' => htmlentities($g['name']), + 'name' => htmlspecialchars($g['name']), 'id' => intval($g['id']), 'network' => $g['network'], 'link' => $g['url'], @@ -280,7 +276,7 @@ function acl_content(App $a) $unknown_contacts[] = [ 'type' => 'c', 'photo' => ProxyUtils::proxifyUrl($contact['micro'], false, ProxyUtils::SIZE_MICRO), - 'name' => htmlentities($contact['name']), + 'name' => htmlspecialchars($contact['name']), 'id' => intval($contact['cid']), 'network' => $contact['network'], 'link' => $contact['url'], @@ -306,7 +302,7 @@ function acl_content(App $a) 'search' => $search, ]; - Addon::callHooks('acl_lookup_end', $results); + Hook::callAll('acl_lookup_end', $results); $o = [ 'tot' => $results['tot'],