X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fdfrn_confirm.php;h=6f365c5315bf99aa3a35deaa08ea40fe1ca7bf7c;hb=3fc5c1ad840f98926319478a855dab3686a0ace3;hp=0f001b11a294e9069f562368b458d11976488b5d;hpb=b07d47b0f78c93543b742b04446a923a474e25fc;p=friendica.git

diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 0f001b11a2..6f365c5315 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -33,6 +33,7 @@ use Friendica\Protocol\ActivityPub;
 use Friendica\Util\Crypto;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Network;
+use Friendica\Util\Strings;
 use Friendica\Util\XML;
 
 require_once 'include/enotify.php';
@@ -62,7 +63,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
 	 * this being a page type which supports automatic friend acceptance. That is also Scenario 1
 	 * since we are operating on behalf of our registered user to approve a friendship.
 	 */
-	if (!x($_POST, 'source_url')) {
+	if (empty($_POST['source_url'])) {
 		$uid = defaults($handsfree, 'uid', local_user());
 		if (!$uid) {
 			notice(L10n::t('Permission denied.') . EOL);
@@ -84,7 +85,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
 			$cid      = 0;
 			$hidden   = intval(defaults($handsfree, 'hidden'  , 0));
 		} else {
-			$dfrn_id  = notags(trim(defaults($_POST, 'dfrn_id'   , '')));
+			$dfrn_id  = Strings::escapeTags(trim(defaults($_POST, 'dfrn_id'   , '')));
 			$intro_id =      intval(defaults($_POST, 'intro_id'  , 0));
 			$duplex   =      intval(defaults($_POST, 'duplex'    , 0));
 			$cid      =      intval(defaults($_POST, 'contact_id', 0));
@@ -263,7 +264,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
 					break;
 				case 1:
 					// birthday paradox - generate new dfrn-id and fall through.
-					$new_dfrn_id = random_string();
+					$new_dfrn_id = Strings::getRandomHex();
 					q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d",
 						DBA::escape($new_dfrn_id),
 						intval($contact_id),
@@ -416,7 +417,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
 	 * In the section above where the confirming party makes a POST and
 	 * retrieves xml status information, they are communicating with the following code.
 	 */
-	if (x($_POST, 'source_url')) {
+	if (!empty($_POST['source_url'])) {
 		// We are processing an external confirmation to an introduction created by our user.
 		$public_key =         defaults($_POST, 'public_key', '');
 		$dfrn_id    = hex2bin(defaults($_POST, 'dfrn_id'   , ''));
@@ -434,7 +435,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
 
 		// If $aes_key is set, both of these items require unpacking from the hex transport encoding.
 
-		if (x($aes_key)) {
+		if (!empty($aes_key)) {
 			$aes_key = hex2bin($aes_key);
 			$public_key = hex2bin($public_key);
 		}