X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fevents.php;h=cb91fae35147ad36480722ae8756b3940e0fe6ee;hb=64887387906e9774ef1810c0029353086bcda43b;hp=e5ebf8646531cf1e2688966a6e6171dea7928d1f;hpb=28456de249fe05a1edd88b9451451a22e18b27b3;p=friendica.git

diff --git a/mod/events.php b/mod/events.php
index e5ebf86465..cb91fae351 100644
--- a/mod/events.php
+++ b/mod/events.php
@@ -9,15 +9,18 @@ use Friendica\Content\Nav;
 use Friendica\Content\Widget\CalendarExport;
 use Friendica\Core\ACL;
 use Friendica\Core\L10n;
+use Friendica\Core\Logger;
+use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
 use Friendica\Model\Event;
 use Friendica\Model\Item;
 use Friendica\Model\Profile;
+use Friendica\Module\Login;
 use Friendica\Util\DateTimeFormat;
+use Friendica\Util\Strings;
 use Friendica\Util\Temporal;
-use Friendica\Module\Login;
 
 require_once 'include/items.php';
 
@@ -47,7 +50,7 @@ function events_init(App $a)
 function events_post(App $a)
 {
 
-	logger('post: ' . print_r($_REQUEST, true), LOGGER_DATA);
+	Logger::log('post: ' . print_r($_REQUEST, true), Logger::DATA);
 
 	if (!local_user()) {
 		return;
@@ -57,8 +60,8 @@ function events_post(App $a)
 	$cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0;
 	$uid = local_user();
 
-	$start_text  = escape_tags(defaults($_REQUEST, 'start_text', ''));
-	$finish_text = escape_tags(defaults($_REQUEST, 'finish_text', ''));
+	$start_text  = Strings::escapeHtml(defaults($_REQUEST, 'start_text', ''));
+	$finish_text = Strings::escapeHtml(defaults($_REQUEST, 'finish_text', ''));
 
 	$adjust   = intval(defaults($_POST, 'adjust', 0));
 	$nofinish = intval(defaults($_POST, 'nofinish', 0));
@@ -66,8 +69,8 @@ function events_post(App $a)
 	// The default setting for the `private` field in event_store() is false, so mirror that
 	$private_event = false;
 
-	$start  = NULL_DATE;
-	$finish = NULL_DATE;
+	$start  = DBA::NULL_DATETIME;
+	$finish = DBA::NULL_DATETIME;
 
 	if ($start_text) {
 		$start = $start_text;
@@ -94,13 +97,23 @@ function events_post(App $a)
 	// and we'll waste a bunch of time responding to it. Time that
 	// could've been spent doing something else.
 
-	$summary  = escape_tags(trim(defaults($_POST, 'summary', '')));
-	$desc     = escape_tags(trim(defaults($_POST, 'desc', '')));
-	$location = escape_tags(trim(defaults($_POST, 'location', '')));
+	$summary  = trim(defaults($_POST, 'summary' , ''));
+	$desc     = trim(defaults($_POST, 'desc'    , ''));
+	$location = trim(defaults($_POST, 'location', ''));
 	$type     = 'event';
 
-	$action = ($event_id == '') ? 'new' : "event/" . $event_id;
-	$onerror_url = System::baseUrl() . "/events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish";
+	$params = [
+		'summary'     => $summary,
+		'description' => $desc,
+		'location'    => $location,
+		'start'       => $start_text,
+		'finish'      => $finish_text,
+		'adjust'      => $adjust,
+		'nofinish'    => $nofinish,
+	];
+
+	$action = ($event_id == '') ? 'new' : 'event/' . $event_id;
+	$onerror_path = 'events/' . $action . '?' . http_build_query($params, null, null, PHP_QUERY_RFC3986);
 
 	if (strcmp($finish, $start) < 0 && !$nofinish) {
 		notice(L10n::t('Event can not end before it has started.') . EOL);
@@ -108,16 +121,16 @@ function events_post(App $a)
 			echo L10n::t('Event can not end before it has started.');
 			killme();
 		}
-		goaway($onerror_url);
+		$a->internalRedirect($onerror_path);
 	}
 
-	if (!$summary || ($start === NULL_DATE)) {
+	if (!$summary || ($start === DBA::NULL_DATETIME)) {
 		notice(L10n::t('Event title and start time are required.') . EOL);
 		if (intval($_REQUEST['preview'])) {
 			echo L10n::t('Event title and start time are required.');
 			killme();
 		}
-		goaway($onerror_url);
+		$a->internalRedirect($onerror_path);
 	}
 
 	$share = intval(defaults($_POST, 'share', 0));
@@ -134,10 +147,10 @@ function events_post(App $a)
 
 
 	if ($share) {
-		$str_group_allow   = !empty($_POST['group_allow'])   ? perms2str($_POST['group_allow'])   : '';
-		$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
-		$str_group_deny    = !empty($_POST['group_deny'])    ? perms2str($_POST['group_deny'])    : '';
-		$str_contact_deny  = !empty($_POST['contact_deny'])  ? perms2str($_POST['contact_deny'])  : '';
+		$str_group_allow   = perms2str(defaults($_POST, 'group_allow'  , ''));
+		$str_contact_allow = perms2str(defaults($_POST, 'contact_allow', ''));
+		$str_group_deny    = perms2str(defaults($_POST, 'group_deny'   , ''));
+		$str_contact_deny  = perms2str(defaults($_POST, 'contact_deny' , ''));
 
 		// Undo the pseudo-contact of self, since there are real contacts now
 		if (strpos($str_contact_allow, '<' . $self . '>') !== false) {
@@ -178,7 +191,7 @@ function events_post(App $a)
 	if (intval($_REQUEST['preview'])) {
 		$html = Event::getHTML($datarray);
 		echo $html;
-		killme();
+		exit();
 	}
 
 	$item_id = Event::store($datarray);
@@ -187,7 +200,7 @@ function events_post(App $a)
 		Worker::add(PRIORITY_HIGH, "Notifier", "event", $item_id);
 	}
 
-	goaway($_SESSION['return_url']);
+	$a->internalRedirect('events');
 }
 
 function events_content(App $a)
@@ -198,7 +211,7 @@ function events_content(App $a)
 	}
 
 	if ($a->argc == 1) {
-		$_SESSION['return_url'] = System::baseUrl() . '/' . $a->cmd;
+		$_SESSION['return_path'] = $a->cmd;
 	}
 
 	if (($a->argc > 2) && ($a->argv[1] === 'ignore') && intval($a->argv[2])) {
@@ -224,8 +237,8 @@ function events_content(App $a)
 	// get the translation strings for the callendar
 	$i18n = Event::getStrings();
 
-	$htpl = get_markup_template('event_head.tpl');
-	$a->page['htmlhead'] .= replace_macros($htpl, [
+	$htpl = Renderer::getMarkupTemplate('event_head.tpl');
+	$a->page['htmlhead'] .= Renderer::replaceMacros($htpl, [
 		'$baseurl' => System::baseUrl(),
 		'$module_url' => '/events',
 		'$modparams' => 1,
@@ -361,14 +374,15 @@ function events_content(App $a)
 		}
 
 		if ($a->argc > 1 && $a->argv[1] === 'json') {
+			header('Content-Type: application/json');
 			echo json_encode($events);
-			killme();
+			exit();
 		}
 
 		if (!empty($_GET['id'])) {
-			$tpl = get_markup_template("event.tpl");
+			$tpl = Renderer::getMarkupTemplate("event.tpl");
 		} else {
-			$tpl = get_markup_template("events_js.tpl");
+			$tpl = Renderer::getMarkupTemplate("events_js.tpl");
 		}
 
 		// Get rid of dashes in key names, Smarty3 can't handle them
@@ -381,7 +395,7 @@ function events_content(App $a)
 			$events[$key]['item'] = $event_item;
 		}
 
-		$o = replace_macros($tpl, [
+		$o = Renderer::replaceMacros($tpl, [
 			'$baseurl'   => System::baseUrl(),
 			'$tabs'      => $tabs,
 			'$title'     => L10n::t('Events'),
@@ -496,9 +510,9 @@ function events_content(App $a)
 			$uri = '';
 		}
 
-		$tpl = get_markup_template('event_form.tpl');
+		$tpl = Renderer::getMarkupTemplate('event_form.tpl');
 
-		$o .= replace_macros($tpl, [
+		$o .= Renderer::replaceMacros($tpl, [
 			'$post' => System::baseUrl() . '/events',
 			'$eid'  => $eid,
 			'$cid'  => $cid,
@@ -577,6 +591,6 @@ function events_content(App $a)
 			info(L10n::t('Event removed') . EOL);
 		}
 
-		goaway(System::baseUrl() . '/events');
+		$a->internalRedirect('events');
 	}
 }