X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Facl.php;h=48c45f2934bd3009d3dda04a3cecc1b666fc634e;hb=7c73e8634c954cc2bd0d1138729459d7d5090f62;hp=a3cc335b1dc52e7e451d3dd217101d67a9c74833;hpb=09c717d7519ef871a6f3ce0a73f7e24466bd50f0;p=friendica.git diff --git a/mod/acl.php b/mod/acl.php index a3cc335b1d..48c45f2934 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -4,13 +4,15 @@ use Friendica\App; use Friendica\Content\Widget; -use Friendica\Core\Acl; +use Friendica\Core\ACL; use Friendica\Core\Addon; -use Friendica\Database\DBM; +use Friendica\Core\Protocol; +use Friendica\Database\DBA; use Friendica\Model\Contact; +use Friendica\Model\Item; +use Friendica\Util\Proxy as ProxyUtils; require_once 'include/dba.php'; -require_once 'mod/proxy.php'; function acl_content(App $a) { @@ -18,42 +20,42 @@ function acl_content(App $a) return ''; } - $start = defaults($_REQUEST, 'start', 0); - $count = defaults($_REQUEST, 'count', 100); - $search = defaults($_REQUEST, 'search', ''); - $type = defaults($_REQUEST, 'type', ''); + $start = defaults($_REQUEST, 'start' , 0); + $count = defaults($_REQUEST, 'count' , 100); + $search = defaults($_REQUEST, 'search' , ''); + $type = defaults($_REQUEST, 'type' , ''); $conv_id = defaults($_REQUEST, 'conversation', null); // For use with jquery.textcomplete for private mail completion - if (x($_REQUEST, 'query')) { + if (!empty($_REQUEST['query'])) { if (!$type) { $type = 'm'; } $search = $_REQUEST['query']; } - logger('Searching for ' . $search . ' - type ' . $type, LOGGER_DEBUG); + logger("Searching for ".$search." - type ".$type." conversation ".$conv_id, LOGGER_DEBUG); if ($search != '') { - $sql_extra = "AND `name` LIKE '%%" . dbesc($search) . "%%'"; - $sql_extra2 = "AND (`attag` LIKE '%%" . dbesc($search) . "%%' OR `name` LIKE '%%" . dbesc($search) . "%%' OR `nick` LIKE '%%" . dbesc($search) . "%%')"; + $sql_extra = "AND `name` LIKE '%%" . DBA::escape($search) . "%%'"; + $sql_extra2 = "AND (`attag` LIKE '%%" . DBA::escape($search) . "%%' OR `name` LIKE '%%" . DBA::escape($search) . "%%' OR `nick` LIKE '%%" . DBA::escape($search) . "%%')"; } else { /// @TODO Avoid these needless else blocks by putting variable-initialization atop of if() $sql_extra = $sql_extra2 = ''; } // count groups and contacts + $group_count = 0; if ($type == '' || $type == 'g') { $r = q("SELECT COUNT(*) AS g FROM `group` WHERE `deleted` = 0 AND `uid` = %d $sql_extra", intval(local_user()) ); $group_count = (int) $r[0]['g']; - } else { - $group_count = 0; } $sql_extra2 .= ' ' . Widget::unavailableNetworks(); + $contact_count = 0; if ($type == '' || $type == 'c') { // autocomplete for editor mentions $r = q("SELECT COUNT(*) AS c FROM `contact` @@ -81,10 +83,11 @@ function acl_content(App $a) WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `success_update` >= `failure_update` - AND `network` IN ('%s', '%s') $sql_extra2", + AND `network` IN ('%s', '%s', '%s') $sql_extra2", intval(local_user()), - dbesc(NETWORK_DFRN), - dbesc(NETWORK_DIASPORA) + DBA::escape(Protocol::ACTIVITYPUB), + DBA::escape(Protocol::DFRN), + DBA::escape(Protocol::DIASPORA) ); $contact_count = (int) $r[0]['c']; } elseif ($type == 'a') { @@ -95,8 +98,6 @@ function acl_content(App $a) intval(local_user()) ); $contact_count = (int) $r[0]['c']; - } else { - $contact_count = 0; } $tot = $group_count + $contact_count; @@ -122,12 +123,12 @@ function acl_content(App $a) foreach ($r as $g) { $groups[] = [ - 'type' => 'g', + 'type' => 'g', 'photo' => 'images/twopeople.png', - 'name' => htmlentities($g['name']), - 'id' => intval($g['id']), - 'uids' => array_map('intval', explode(',', $g['uids'])), - 'link' => '', + 'name' => htmlentities($g['name']), + 'id' => intval($g['id']), + 'uids' => array_map('intval', explode(',', $g['uids'])), + 'link' => '', 'forum' => '0' ]; } @@ -136,50 +137,52 @@ function acl_content(App $a) } } + $r = []; if ($type == '') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv`, (`prv` OR `forum`) AS `frm` FROM `contact` - WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' - AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s', '%s')) - $sql_extra2 - ORDER BY `name` ASC ", + WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' + AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s', '%s')) + $sql_extra2 + ORDER BY `name` ASC ", intval(local_user()), - dbesc(NETWORK_OSTATUS), - dbesc(NETWORK_STATUSNET) + DBA::escape(Protocol::OSTATUS), + DBA::escape(Protocol::STATUSNET) ); } elseif ($type == 'c') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact` - WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' - AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s')) - $sql_extra2 - ORDER BY `name` ASC ", + WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' + AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s')) + $sql_extra2 + ORDER BY `name` ASC ", intval(local_user()), - dbesc(NETWORK_STATUSNET) + DBA::escape(Protocol::STATUSNET) ); } elseif ($type == 'f') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact` - WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' - AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s')) - AND (`forum` OR `prv`) - $sql_extra2 - ORDER BY `name` ASC ", + WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != '' + AND `success_update` >= `failure_update` AND NOT (`network` IN ('%s')) + AND (`forum` OR `prv`) + $sql_extra2 + ORDER BY `name` ASC ", intval(local_user()), - dbesc(NETWORK_STATUSNET) + DBA::escape(Protocol::STATUSNET) ); } elseif ($type == 'm') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr` FROM `contact` - WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` - AND `success_update` >= `failure_update` AND `network` IN ('%s', '%s') - $sql_extra2 - ORDER BY `name` ASC ", + WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` + AND `success_update` >= `failure_update` AND `network` IN ('%s', '%s', '%s') + $sql_extra2 + ORDER BY `name` ASC ", intval(local_user()), - dbesc(NETWORK_DFRN), - dbesc(NETWORK_DIASPORA) + DBA::escape(Protocol::ACTIVITYPUB), + DBA::escape(Protocol::DFRN), + DBA::escape(Protocol::DIASPORA) ); } elseif ($type == 'a') { $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact` - WHERE `uid` = %d AND `pending` = 0 AND `success_update` >= `failure_update` - $sql_extra2 - ORDER BY `name` ASC ", + WHERE `uid` = %d AND `pending` = 0 AND `success_update` >= `failure_update` + $sql_extra2 + ORDER BY `name` ASC ", intval(local_user()) ); } elseif ($type == 'x') { @@ -187,17 +190,17 @@ function acl_content(App $a) $search = notags(trim($_REQUEST['search'])); $mode = $_REQUEST['smode']; - $r = Acl::contactAutocomplete($search, $mode); + $r = ACL::contactAutocomplete($search, $mode); $contacts = []; foreach ($r as $g) { $contacts[] = [ - 'photo' => proxy_url($g['photo'], false, PROXY_SIZE_MICRO), + 'photo' => ProxyUtils::proxifyUrl($g['photo'], false, ProxyUtils::SIZE_MICRO), 'name' => $g['name'], - 'nick' => (x($g['addr']) ? $g['addr'] : $g['url']), + 'nick' => defaults($g, 'addr', $g['url']), 'network' => $g['network'], 'link' => $g['url'], - 'forum' => (x($g['community']) ? 1 : 0), + 'forum' => !empty($g['community']) ? 1 : 0, ]; } $o = [ @@ -206,24 +209,22 @@ function acl_content(App $a) 'items' => $contacts, ]; echo json_encode($o); - killme(); - } else { - $r = []; + exit; } - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $forums = []; foreach ($r as $g) { $entry = [ 'type' => 'c', - 'photo' => proxy_url($g['micro'], false, PROXY_SIZE_MICRO), + 'photo' => ProxyUtils::proxifyUrl($g['micro'], false, ProxyUtils::SIZE_MICRO), 'name' => htmlentities($g['name']), 'id' => intval($g['id']), 'network' => $g['network'], 'link' => $g['url'], - 'nick' => htmlentities(($g['attag']) ? $g['attag'] : $g['nick']), - 'addr' => htmlentities(($g['addr']) ? $g['addr'] : $g['url']), - 'forum' => ((x($g, 'forum') || x($g, 'prv')) ? 1 : 0), + 'nick' => htmlentities(defaults($g, 'attag', $g['nick'])), + 'addr' => htmlentities(defaults($g, 'addr', $g['url'])), + 'forum' => !empty($g['forum']) || !empty($g['prv']) ? 1 : 0, ]; if ($entry['forum']) { $forums[] = $entry; @@ -242,44 +243,50 @@ function acl_content(App $a) $items = array_merge($groups, $contacts); if ($conv_id) { + // In multi threaded posts the conv_id is not the parent of the whole thread + $parent_item = Item::selectFirst(['parent'], ['id' => $conv_id]); + if (DBA::isResult($parent_item)) { + $conv_id = $parent_item['parent']; + } + /* * if $conv_id is set, get unknown contacts in thread * but first get known contacts url to filter them out */ $known_contacts = array_map(function ($i) { - return dbesc($i['link']); + return $i['link']; }, $contacts); $unknown_contacts = []; - $r = q("SELECT `author-link` - FROM `item` WHERE `parent` = %d - AND (`author-name` LIKE '%%%s%%' OR `author-link` LIKE '%%%s%%') - AND `author-link` NOT IN ('%s') - GROUP BY `author-link`, `author-avatar`, `author-name` - ORDER BY `author-name` ASC - ", - intval($conv_id), - dbesc($search), - dbesc($search), - implode("', '", $known_contacts) - ); - if (DBM::is_result($r)) { - foreach ($r as $row) { - $contact = Contact::getDetailsByURL($row['author-link']); - - if (count($contact) > 0) { - $unknown_contacts[] = [ - 'type' => 'c', - 'photo' => proxy_url($contact['micro'], false, PROXY_SIZE_MICRO), - 'name' => htmlentities($contact['name']), - 'id' => intval($contact['cid']), - 'network' => $contact['network'], - 'link' => $contact['url'], - 'nick' => htmlentities($contact['nick'] ?: $contact['addr']), - 'addr' => htmlentities(($contact['addr']) ? $contact['addr'] : $contact['url']), - 'forum' => $contact['forum'] - ]; - } + + $condition = ["`parent` = ?", $conv_id]; + $params = ['order' => ['author-name' => true]]; + $authors = Item::selectForUser(local_user(), ['author-link'], $condition, $params); + $item_authors = []; + while ($author = Item::fetch($authors)) { + $item_authors[$author['author-link']] = $author['author-link']; + } + DBA::close($authors); + + foreach ($item_authors as $author) { + if (in_array($author, $known_contacts)) { + continue; + } + + $contact = Contact::getDetailsByURL($author); + + if (count($contact) > 0) { + $unknown_contacts[] = [ + 'type' => 'c', + 'photo' => ProxyUtils::proxifyUrl($contact['micro'], false, ProxyUtils::SIZE_MICRO), + 'name' => htmlentities($contact['name']), + 'id' => intval($contact['cid']), + 'network' => $contact['network'], + 'link' => $contact['url'], + 'nick' => htmlentities(defaults($contact, 'nick', $contact['addr'])), + 'addr' => htmlentities(defaults($contact, 'addr', $contact['url'])), + 'forum' => $contact['forum'] + ]; } } @@ -301,13 +308,12 @@ function acl_content(App $a) Addon::callHooks('acl_lookup_end', $results); $o = [ - 'tot' => $results['tot'], + 'tot' => $results['tot'], 'start' => $results['start'], 'count' => $results['count'], 'items' => $results['items'], ]; echo json_encode($o); - - killme(); + exit; }