X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fdirfind.php;h=909a723165b49c84b678535ba713ee38f1127930;hb=8db4af3d001cd105d0d769f03395138945209e77;hp=2451beb18cd3f5fbe184bf7879425a2c1af43b8e;hpb=7d5494dd67f58e1fc63c6571946e26290092321c;p=friendica.git

diff --git a/mod/dirfind.php b/mod/dirfind.php
index 2451beb18c..909a723165 100644
--- a/mod/dirfind.php
+++ b/mod/dirfind.php
@@ -20,6 +20,7 @@ use Friendica\Network\Probe;
 use Friendica\Protocol\PortableContact;
 use Friendica\Util\Network;
 use Friendica\Util\Proxy as ProxyUtils;
+use Friendica\Util\Strings;
 
 
 function dirfind_init(App $a) {
@@ -29,7 +30,7 @@ function dirfind_init(App $a) {
 		return;
 	}
 
-	if (! x($a->page,'aside')) {
+	if (empty($a->page['aside'])) {
 		$a->page['aside'] = '';
 	}
 
@@ -45,15 +46,15 @@ function dirfind_content(App $a, $prefix = "") {
 
 	$local = Config::get('system','poco_local_search');
 
-	$search = $prefix.notags(trim(defaults($_REQUEST, 'search', '')));
+	$search = $prefix.Strings::escapeTags(trim(defaults($_REQUEST, 'search', '')));
 
 	$header = '';
 
 	if (strpos($search,'@') === 0) {
 		$search = substr($search,1);
 		$header = L10n::t('People Search - %s', $search);
-		if ((valid_email($search) && Network::isEmailDomainValid($search)) ||
-			(substr(normalise_link($search), 0, 7) == "http://")) {
+		if ((filter_var($search, FILTER_VALIDATE_EMAIL) && Network::isEmailDomainValid($search)) ||
+			(substr(Strings::normaliseLink($search), 0, 7) == "http://")) {
 			$user_data = Probe::uri($search);
 			$discover_user = (in_array($user_data["network"], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::OSTATUS, Protocol::DIASPORA]));
 		}
@@ -120,25 +121,25 @@ function dirfind_content(App $a, $prefix = "") {
 
 			/// @TODO These 2 SELECTs are not checked on validity with DBA::isResult()
 			$count = q("SELECT count(*) AS `total` FROM `gcontact`
-					WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s') AND
+					WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s', '%s') AND
 						((`last_contact` >= `last_failure`) OR (`updated` >= `last_failure`)) AND
 						(`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
 						`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql",
-					DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
-					DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
-					DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)));
+					DBA::escape(Protocol::ACTIVITYPUB), DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
+					DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
+					DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)));
 
 			$results = q("SELECT `nurl`
 					FROM `gcontact`
-					WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s') AND
+					WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s', '%s') AND
 						((`last_contact` >= `last_failure`) OR (`updated` >= `last_failure`)) AND
 						(`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
 						`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql
 						GROUP BY `nurl`
 						ORDER BY `updated` DESC LIMIT %d, %d",
-					DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
-					DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
-					DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
+					DBA::escape(Protocol::ACTIVITYPUB), DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
+					DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
+					DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
 					$pager->getStart(), $pager->getItemsPerPage());
 			$j = new stdClass();
 			$j->total = $count[0]["total"];
@@ -234,7 +235,7 @@ function dirfind_content(App $a, $prefix = "") {
 					'alt_text' => $alt_text,
 					'url' => Model\Contact::magicLink($jj->url),
 					'itemurl' => $itemurl,
-					'name' => htmlentities($jj->name),
+					'name' => $jj->name,
 					'thumb' => ProxyUtils::proxifyUrl($jj->photo, false, ProxyUtils::SIZE_THUMB),
 					'img_hover' => $jj->tags,
 					'conntxt' => $conntxt,