X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Facl.php;h=86eafe29028db053ed55d380db8869fa982ffb15;hb=3fc5c1ad840f98926319478a855dab3686a0ace3;hp=29e53394b5ef3cb87e07d3c61f723cbf9ad80b06;hpb=4d39164c1ee6de2b1a09c2a1a8a4c89531d47ee5;p=friendica.git

diff --git a/mod/acl.php b/mod/acl.php
index 29e53394b5..86eafe2902 100644
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -6,10 +6,13 @@ use Friendica\App;
 use Friendica\Content\Widget;
 use Friendica\Core\ACL;
 use Friendica\Core\Addon;
+use Friendica\Core\Logger;
+use Friendica\Core\Protocol;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\Item;
 use Friendica\Util\Proxy as ProxyUtils;
+use Friendica\Util\Strings;
 
 require_once 'include/dba.php';
 
@@ -33,7 +36,7 @@ function acl_content(App $a)
 		$search = $_REQUEST['query'];
 	}
 
-	logger("Searching for ".$search." - type ".$type." conversation ".$conv_id, LOGGER_DEBUG);
+	Logger::log("Searching for ".$search." - type ".$type." conversation ".$conv_id, Logger::DEBUG);
 
 	if ($search != '') {
 		$sql_extra = "AND `name` LIKE '%%" . DBA::escape($search) . "%%'";
@@ -82,10 +85,11 @@ function acl_content(App $a)
 				WHERE `uid` = %d AND NOT `self`
 				AND NOT `blocked` AND NOT `pending` AND NOT `archive`
 				AND `success_update` >= `failure_update`
-				AND `network` IN ('%s', '%s') $sql_extra2",
+				AND `network` IN ('%s', '%s', '%s') $sql_extra2",
 			intval(local_user()),
-			DBA::escape(NETWORK_DFRN),
-			DBA::escape(NETWORK_DIASPORA)
+			DBA::escape(Protocol::ACTIVITYPUB),
+			DBA::escape(Protocol::DFRN),
+			DBA::escape(Protocol::DIASPORA)
 		);
 		$contact_count = (int) $r[0]['c'];
 	} elseif ($type == 'a') {
@@ -123,7 +127,7 @@ function acl_content(App $a)
 			$groups[] = [
 				'type'  => 'g',
 				'photo' => 'images/twopeople.png',
-				'name'  => htmlentities($g['name']),
+				'name'  => htmlspecialchars($g['name']),
 				'id'    => intval($g['id']),
 				'uids'  => array_map('intval', explode(',', $g['uids'])),
 				'link'  => '',
@@ -143,8 +147,8 @@ function acl_content(App $a)
 				$sql_extra2
 				ORDER BY `name` ASC ",
 			intval(local_user()),
-			DBA::escape(NETWORK_OSTATUS),
-			DBA::escape(NETWORK_STATUSNET)
+			DBA::escape(Protocol::OSTATUS),
+			DBA::escape(Protocol::STATUSNET)
 		);
 	} elseif ($type == 'c') {
 		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
@@ -153,7 +157,7 @@ function acl_content(App $a)
 				$sql_extra2
 				ORDER BY `name` ASC ",
 			intval(local_user()),
-			DBA::escape(NETWORK_STATUSNET)
+			DBA::escape(Protocol::STATUSNET)
 		);
 	} elseif ($type == 'f') {
 		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
@@ -163,17 +167,18 @@ function acl_content(App $a)
 				$sql_extra2
 				ORDER BY `name` ASC ",
 			intval(local_user()),
-			DBA::escape(NETWORK_STATUSNET)
+			DBA::escape(Protocol::STATUSNET)
 		);
 	} elseif ($type == 'm') {
 		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr` FROM `contact`
 				WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive`
-				AND `success_update` >= `failure_update` AND `network` IN ('%s', '%s')
+				AND `success_update` >= `failure_update` AND `network` IN ('%s', '%s', '%s')
 				$sql_extra2
 				ORDER BY `name` ASC ",
 			intval(local_user()),
-			DBA::escape(NETWORK_DFRN),
-			DBA::escape(NETWORK_DIASPORA)
+			DBA::escape(Protocol::ACTIVITYPUB),
+			DBA::escape(Protocol::DFRN),
+			DBA::escape(Protocol::DIASPORA)
 		);
 	} elseif ($type == 'a') {
 		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
@@ -184,7 +189,7 @@ function acl_content(App $a)
 		);
 	} elseif ($type == 'x') {
 		// autocomplete for global contact search (e.g. navbar search)
-		$search = notags(trim($_REQUEST['search']));
+		$search = Strings::escapeTags(trim($_REQUEST['search']));
 		$mode = $_REQUEST['smode'];
 
 		$r = ACL::contactAutocomplete($search, $mode);
@@ -193,7 +198,7 @@ function acl_content(App $a)
 		foreach ($r as $g) {
 			$contacts[] = [
 				'photo'   => ProxyUtils::proxifyUrl($g['photo'], false, ProxyUtils::SIZE_MICRO),
-				'name'    => $g['name'],
+				'name'    => htmlspecialchars($g['name']),
 				'nick'    => defaults($g, 'addr', $g['url']),
 				'network' => $g['network'],
 				'link'    => $g['url'],
@@ -215,7 +220,7 @@ function acl_content(App $a)
 			$entry = [
 				'type'    => 'c',
 				'photo'   => ProxyUtils::proxifyUrl($g['micro'], false, ProxyUtils::SIZE_MICRO),
-				'name'    => htmlentities($g['name']),
+				'name'    => htmlspecialchars($g['name']),
 				'id'      => intval($g['id']),
 				'network' => $g['network'],
 				'link'    => $g['url'],
@@ -276,7 +281,7 @@ function acl_content(App $a)
 				$unknown_contacts[] = [
 					'type'    => 'c',
 					'photo'   => ProxyUtils::proxifyUrl($contact['micro'], false, ProxyUtils::SIZE_MICRO),
-					'name'    => htmlentities($contact['name']),
+					'name'    => htmlspecialchars($contact['name']),
 					'id'      => intval($contact['cid']),
 					'network' => $contact['network'],
 					'link'    => $contact['url'],