X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fbookmarklet.php;h=e1ae9aa64ce60dd94119865d570d8962e773e169;hb=f32ea03911e81ccb1ce9f6553f8fc3bdaa815ffb;hp=7a6a3ee21cf9ad5c65b79a9da85645d15b9e2716;hpb=c845415a99ebc348103815a7b2c55b15c75cdd24;p=friendica.git diff --git a/mod/bookmarklet.php b/mod/bookmarklet.php index 7a6a3ee21c..e1ae9aa64c 100644 --- a/mod/bookmarklet.php +++ b/mod/bookmarklet.php @@ -2,7 +2,10 @@ /** * @file mod/bookmarklet.php */ + use Friendica\App; +use Friendica\Core\ACL; +use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\System; use Friendica\Module\Login; @@ -19,14 +22,18 @@ function bookmarklet_content(App $a) { if (!local_user()) { $o = '

' . L10n::t('Login') . '

'; - $o .= Login::form($a->query_string, $a->config['register_policy'] == REGISTER_CLOSED ? false : true); + $o .= Login::form($a->query_string, intval(Config::get('config', 'register_policy')) === REGISTER_CLOSED ? false : true); return $o; } - $referer = normalise_link($_SERVER["HTTP_REFERER"]); + $referer = normalise_link(defaults($_SERVER, 'HTTP_REFERER', '')); $page = normalise_link(System::baseUrl() . "/bookmarklet"); if (!strstr($referer, $page)) { + if (empty($_REQUEST["url"])) { + System::httpExit(400, ["title" => L10n::t('Bad Request')]); + } + $content = add_page_info($_REQUEST["url"]); $x = [ @@ -35,12 +42,12 @@ function bookmarklet_content(App $a) 'default_location' => $a->user['default-location'], 'nickname' => $a->user['nickname'], 'lockstate' => ((is_array($a->user) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid'])))) ? 'lock' : 'unlock'), - 'default_perms' => get_acl_permissions($a->user), - 'acl' => populate_acl($a->user, true), + 'default_perms' => ACL::getDefaultUserPermissions($a->user), + 'acl' => ACL::getFullSelectorHTML($a->user, true), 'bang' => '', 'visitor' => 'block', 'profile_uid' => local_user(), - 'title' => trim($_REQUEST["title"], "*"), + 'title' => trim(defaults($_REQUEST, 'title', ''), "*"), 'content' => $content ]; $o = status_editor($a, $x, 0, false);