X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Ffollow.php;h=276a389e837b4c1f8f7833a65601a72afd0e1f36;hb=6c36fd9e01510a14fea9de766b4afe6760912a2e;hp=2a069e72ae7ec58c3c2ac9e38bbd0a3ef83f21c8;hpb=91facd2d0a2869e2c26a5943d8afe1849d3891f8;p=friendica.git diff --git a/mod/follow.php b/mod/follow.php index 2a069e72ae..276a389e83 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -4,29 +4,28 @@ */ use Friendica\App; use Friendica\Core\Config; -use Friendica\Core\L10n; use Friendica\Core\Protocol; use Friendica\Core\Renderer; -use Friendica\Core\System; +use Friendica\DI; use Friendica\Model\Contact; use Friendica\Model\Profile; use Friendica\Network\Probe; use Friendica\Database\DBA; -use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; function follow_post(App $a) { if (!local_user()) { - System::httpExit(403, ['title' => L10n::t('Access denied.')]); + throw new \Friendica\Network\HTTPException\ForbiddenException(DI::l10n()->t('Access denied.')); } if (isset($_REQUEST['cancel'])) { - $a->internalRedirect('contacts'); + DI::baseUrl()->redirect('contact'); } $uid = local_user(); - $url = notags(trim($_REQUEST['url'])); - $return_path = 'contacts'; + $url = Strings::escapeTags(trim($_REQUEST['url'])); + $return_path = 'follow?url=' . urlencode($url); // Makes the connection request for friendica contacts easier // This is just a precaution if maybe this page is called somewhere directly via POST @@ -38,42 +37,53 @@ function follow_post(App $a) if ($result['message']) { notice($result['message']); } - $a->internalRedirect($return_path); + DI::baseUrl()->redirect($return_path); } elseif ($result['cid']) { - $a->internalRedirect('contact/' . $result['cid']); + DI::baseUrl()->redirect('contact/' . $result['cid']); } - info(L10n::t('The contact could not be added.')); + info(DI::l10n()->t('The contact could not be added.')); - $a->internalRedirect($return_path); + DI::baseUrl()->redirect($return_path); // NOTREACHED } function follow_content(App $a) { - $return_path = 'contacts'; + $return_path = 'contact'; if (!local_user()) { - notice(L10n::t('Permission denied.')); - $a->internalRedirect($return_path); + notice(DI::l10n()->t('Permission denied.')); + DI::baseUrl()->redirect($return_path); // NOTREACHED } $uid = local_user(); - $url = notags(trim($_REQUEST['url'])); - $submit = L10n::t('Submit Request'); + // Issue 4815: Silently removing a prefixing @ + $url = ltrim(Strings::escapeTags(trim($_REQUEST['url'] ?? '')), '@!'); + + // Issue 6874: Allow remote following from Peertube + if (strpos($url, 'acct:') === 0) { + $url = str_replace('acct:', '', $url); + } + + if (!$url) { + DI::baseUrl()->redirect($return_path); + } + + $submit = DI::l10n()->t('Submit Request'); // Don't try to add a pending contact $r = q("SELECT `pending` FROM `contact` WHERE `uid` = %d AND ((`rel` != %d) OR (`network` = '%s')) AND (`nurl` = '%s' OR `alias` = '%s' OR `alias` = '%s') AND `network` != '%s' LIMIT 1", - intval(local_user()), DBA::escape(Contact::FOLLOWER), DBA::escape(Protocol::DFRN), DBA::escape(normalise_link($url)), - DBA::escape(normalise_link($url)), DBA::escape($url), DBA::escape(Protocol::STATUSNET)); + intval(local_user()), DBA::escape(Contact::FOLLOWER), DBA::escape(Protocol::DFRN), DBA::escape(Strings::normaliseLink($url)), + DBA::escape(Strings::normaliseLink($url)), DBA::escape($url), DBA::escape(Protocol::STATUSNET)); if ($r) { if ($r[0]['pending']) { - notice(L10n::t('You already added this contact.')); + notice(DI::l10n()->t('You already added this contact.')); $submit = ''; //$a->internalRedirect($_SESSION['return_path']); // NOTREACHED @@ -82,44 +92,46 @@ function follow_content(App $a) $ret = Probe::uri($url); - if (($ret['network'] == Protocol::DIASPORA) && !Config::get('system', 'diaspora_enabled')) { - notice(L10n::t("Diaspora support isn't enabled. Contact can't be added.")); + $protocol = Contact::getProtocol($ret['url'], $ret['network']); + + if (($protocol == Protocol::DIASPORA) && !DI::config()->get('system', 'diaspora_enabled')) { + notice(DI::l10n()->t("Diaspora support isn't enabled. Contact can't be added.")); $submit = ''; //$a->internalRedirect($_SESSION['return_path']); // NOTREACHED } - if (($ret['network'] == Protocol::OSTATUS) && Config::get('system', 'ostatus_disabled')) { - notice(L10n::t("OStatus support is disabled. Contact can't be added.")); + if (($protocol == Protocol::OSTATUS) && DI::config()->get('system', 'ostatus_disabled')) { + notice(DI::l10n()->t("OStatus support is disabled. Contact can't be added.")); $submit = ''; //$a->internalRedirect($_SESSION['return_path']); // NOTREACHED } - if ($ret['network'] == Protocol::PHANTOM) { - notice(L10n::t("The network type couldn't be detected. Contact can't be added.")); + if ($protocol == Protocol::PHANTOM) { + notice(DI::l10n()->t("The network type couldn't be detected. Contact can't be added.")); $submit = ''; //$a->internalRedirect($_SESSION['return_path']); // NOTREACHED } - if ($ret['network'] == Protocol::MAIL) { + if ($protocol == Protocol::MAIL) { $ret['url'] = $ret['addr']; } - if (($ret['network'] === Protocol::DFRN) && !DBA::isResult($r)) { + if (($protocol === Protocol::DFRN) && !DBA::isResult($r)) { $request = $ret['request']; - $tpl = get_markup_template('dfrn_request.tpl'); + $tpl = Renderer::getMarkupTemplate('dfrn_request.tpl'); } else { - $request = System::baseUrl() . '/follow'; - $tpl = get_markup_template('auto_request.tpl'); + $request = DI::baseUrl() . '/follow'; + $tpl = Renderer::getMarkupTemplate('auto_request.tpl'); } $r = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND `self` LIMIT 1", intval($uid)); if (!$r) { - notice(L10n::t('Permission denied.')); - $a->internalRedirect($return_path); + notice(DI::l10n()->t('Permission denied.')); + DI::baseUrl()->redirect($return_path); // NOTREACHED } @@ -130,7 +142,7 @@ function follow_content(App $a) $_SESSION['fastlane'] = $ret['url']; $r = q("SELECT `id`, `location`, `about`, `keywords` FROM `gcontact` WHERE `nurl` = '%s'", - normalise_link($ret['url'])); + Strings::normaliseLink($ret['url'])); if (!$r) { $r = [['location' => '', 'about' => '', 'keywords' => '']]; @@ -138,49 +150,39 @@ function follow_content(App $a) $gcontact_id = $r[0]['id']; } - if ($ret['network'] === Protocol::DIASPORA) { + if ($protocol === Protocol::DIASPORA) { $r[0]['location'] = ''; $r[0]['about'] = ''; } - $header = L10n::t('Connect/Follow'); - $o = Renderer::replaceMacros($tpl, [ - '$header' => htmlentities($header), - //'$photo' => ProxyUtils::proxifyUrl($ret['photo'], false, ProxyUtils::SIZE_SMALL), + '$header' => DI::l10n()->t('Connect/Follow'), '$desc' => '', - '$pls_answer' => L10n::t('Please answer the following:'), - '$does_know_you' => ['knowyou', L10n::t('Does %s know you?', $ret['name']), false, '', [L10n::t('No'), L10n::t('Yes')]], - '$add_note' => L10n::t('Add a personal note:'), + '$pls_answer' => DI::l10n()->t('Please answer the following:'), + '$does_know_you' => ['knowyou', DI::l10n()->t('Does %s know you?', $ret['name']), false, '', [DI::l10n()->t('No'), DI::l10n()->t('Yes')]], + '$add_note' => DI::l10n()->t('Add a personal note:'), '$page_desc' => '', '$friendica' => '', '$statusnet' => '', '$diaspora' => '', '$diasnote' => '', - '$your_address' => L10n::t('Your Identity Address:'), + '$your_address' => DI::l10n()->t('Your Identity Address:'), '$invite_desc' => '', '$emailnet' => '', '$submit' => $submit, - '$cancel' => L10n::t('Cancel'), + '$cancel' => DI::l10n()->t('Cancel'), '$nickname' => '', '$name' => $ret['name'], '$url' => $ret['url'], '$zrl' => Profile::zrl($ret['url']), - '$url_label' => L10n::t('Profile URL'), + '$url_label' => DI::l10n()->t('Profile URL'), '$myaddr' => $myaddr, '$request' => $request, - /* - * @TODO commented out? - '$location' => Friendica\Content\Text\BBCode::::convert($r[0]['location']), - '$location_label'=> L10n::t('Location:'), - '$about' => Friendica\Content\Text\BBCode::::convert($r[0]['about'], false, false), - '$about_label' => L10n::t('About:'), - */ '$keywords' => $r[0]['keywords'], - '$keywords_label'=> L10n::t('Tags:') + '$keywords_label'=> DI::l10n()->t('Tags:') ]); - $a->page['aside'] = ''; + DI::page()['aside'] = ''; $profiledata = Contact::getDetailsByURL($ret['url']); if ($profiledata) { @@ -188,8 +190,8 @@ function follow_content(App $a) } if ($gcontact_id <> 0) { - $o .= Renderer::replaceMacros(get_markup_template('section_title.tpl'), - ['$title' => L10n::t('Status Messages and Posts')] + $o .= Renderer::replaceMacros(Renderer::getMarkupTemplate('section_title.tpl'), + ['$title' => DI::l10n()->t('Status Messages and Posts')] ); // Show last public posts