X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Ffollow.php;h=c7a96f734f6a01ad7dd9b0449618eee1e95787d3;hb=b2d685482928363ce86c3c0519c8ff39d0af43ca;hp=83263f4031e5d1181e810c2462024853affe1002;hpb=219182d41ea84faec0164aed80d0dfbe15f2067d;p=friendica.git diff --git a/mod/follow.php b/mod/follow.php index 83263f4031..c7a96f734f 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -5,30 +5,32 @@ use Friendica\App; use Friendica\Core\Config; use Friendica\Core\L10n; +use Friendica\Core\Protocol; +use Friendica\Core\Renderer; use Friendica\Core\System; use Friendica\Model\Contact; use Friendica\Model\Profile; use Friendica\Network\Probe; +use Friendica\Database\DBA; +use Friendica\Util\Strings; -function follow_post(App $a) { - +function follow_post(App $a) +{ if (!local_user()) { - notice(L10n::t('Permission denied.') . EOL); - goaway($_SESSION['return_url']); - // NOTREACHED + throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.')); } - if ($_REQUEST['cancel']) { - goaway($_SESSION['return_url']); + if (isset($_REQUEST['cancel'])) { + $a->internalRedirect('contact'); } $uid = local_user(); - $url = notags(trim($_REQUEST['url'])); - $return_url = $_SESSION['return_url']; + $url = Strings::escapeTags(trim($_REQUEST['url'])); + $return_path = 'follow?url=' . urlencode($url); // Makes the connection request for friendica contacts easier // This is just a precaution if maybe this page is called somewhere directly via POST - $_SESSION["fastlane"] = $url; + $_SESSION['fastlane'] = $url; $result = Contact::createFromProbe($uid, $url, true); @@ -36,153 +38,165 @@ function follow_post(App $a) { if ($result['message']) { notice($result['message']); } - goaway($return_url); + $a->internalRedirect($return_path); } elseif ($result['cid']) { - goaway(System::baseUrl().'/contacts/'.$result['cid']); + $a->internalRedirect('contact/' . $result['cid']); } - info(L10n::t('The contact could not be added.').EOL); + info(L10n::t('The contact could not be added.')); - goaway($return_url); + $a->internalRedirect($return_path); // NOTREACHED } -function follow_content(App $a) { +function follow_content(App $a) +{ + $return_path = 'contact'; if (!local_user()) { - notice(L10n::t('Permission denied.') . EOL); - goaway($_SESSION['return_url']); + notice(L10n::t('Permission denied.')); + $a->internalRedirect($return_path); // NOTREACHED } $uid = local_user(); - $url = notags(trim($_REQUEST['url'])); + + // Issue 4815: Silently removing a prefixing @ + $url = ltrim(Strings::escapeTags(trim(defaults($_REQUEST, 'url', ''))), '@!'); + + // Issue 6874: Allow remote following from Peertube + if (strpos($url, 'acct:') === 0) { + $url = str_replace('acct:', '', $url); + } + + if (!$url) { + $a->internalRedirect($return_path); + } $submit = L10n::t('Submit Request'); - // There is a current issue. It seems as if you can't start following a Friendica that is following you - // With Diaspora this works - but Friendica is special, it seems ... - $r = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND ((`rel` != %d) OR (`network` = '%s')) AND + // Don't try to add a pending contact + $r = q("SELECT `pending` FROM `contact` WHERE `uid` = %d AND ((`rel` != %d) OR (`network` = '%s')) AND (`nurl` = '%s' OR `alias` = '%s' OR `alias` = '%s') AND `network` != '%s' LIMIT 1", - intval(local_user()), dbesc(CONTACT_IS_FOLLOWER), dbesc(NETWORK_DFRN), dbesc(normalise_link($url)), - dbesc(normalise_link($url)), dbesc($url), dbesc(NETWORK_STATUSNET)); + intval(local_user()), DBA::escape(Contact::FOLLOWER), DBA::escape(Protocol::DFRN), DBA::escape(Strings::normaliseLink($url)), + DBA::escape(Strings::normaliseLink($url)), DBA::escape($url), DBA::escape(Protocol::STATUSNET)); if ($r) { - notice(L10n::t('You already added this contact.').EOL); - $submit = ""; - //goaway($_SESSION['return_url']); - // NOTREACHED + if ($r[0]['pending']) { + notice(L10n::t('You already added this contact.')); + $submit = ''; + //$a->internalRedirect($_SESSION['return_path']); + // NOTREACHED + } } $ret = Probe::uri($url); - if (($ret["network"] == NETWORK_DIASPORA) && !Config::get('system', 'diaspora_enabled')) { - notice(L10n::t("Diaspora support isn't enabled. Contact can't be added.") . EOL); - $submit = ""; - //goaway($_SESSION['return_url']); + $protocol = Contact::getProtocol($ret['url'], $ret['network']); + + if (($protocol == Protocol::DIASPORA) && !Config::get('system', 'diaspora_enabled')) { + notice(L10n::t("Diaspora support isn't enabled. Contact can't be added.")); + $submit = ''; + //$a->internalRedirect($_SESSION['return_path']); // NOTREACHED } - if (($ret["network"] == NETWORK_OSTATUS) && Config::get('system', 'ostatus_disabled')) { - notice(L10n::t("OStatus support is disabled. Contact can't be added.") . EOL); - $submit = ""; - //goaway($_SESSION['return_url']); + if (($protocol == Protocol::OSTATUS) && Config::get('system', 'ostatus_disabled')) { + notice(L10n::t("OStatus support is disabled. Contact can't be added.")); + $submit = ''; + //$a->internalRedirect($_SESSION['return_path']); // NOTREACHED } - if ($ret["network"] == NETWORK_PHANTOM) { - notice(L10n::t("The network type couldn't be detected. Contact can't be added.") . EOL); - $submit = ""; - //goaway($_SESSION['return_url']); + if ($protocol == Protocol::PHANTOM) { + notice(L10n::t("The network type couldn't be detected. Contact can't be added.")); + $submit = ''; + //$a->internalRedirect($_SESSION['return_path']); // NOTREACHED } - if ($ret["network"] == NETWORK_MAIL) { - $ret["url"] = $ret["addr"]; + if ($protocol == Protocol::MAIL) { + $ret['url'] = $ret['addr']; } - if ($ret['network'] === NETWORK_DFRN) { - $request = $ret["request"]; - $tpl = get_markup_template('dfrn_request.tpl'); + if (($protocol === Protocol::DFRN) && !DBA::isResult($r)) { + $request = $ret['request']; + $tpl = Renderer::getMarkupTemplate('dfrn_request.tpl'); } else { - $request = System::baseUrl()."/follow"; - $tpl = get_markup_template('auto_request.tpl'); + $request = System::baseUrl() . '/follow'; + $tpl = Renderer::getMarkupTemplate('auto_request.tpl'); } $r = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND `self` LIMIT 1", intval($uid)); if (!$r) { - notice(L10n::t('Permission denied.') . EOL); - goaway($_SESSION['return_url']); + notice(L10n::t('Permission denied.')); + $a->internalRedirect($return_path); // NOTREACHED } - $myaddr = $r[0]["url"]; + $myaddr = $r[0]['url']; $gcontact_id = 0; // Makes the connection request for friendica contacts easier - $_SESSION["fastlane"] = $ret["url"]; + $_SESSION['fastlane'] = $ret['url']; $r = q("SELECT `id`, `location`, `about`, `keywords` FROM `gcontact` WHERE `nurl` = '%s'", - normalise_link($ret["url"])); + Strings::normaliseLink($ret['url'])); if (!$r) { - $r = [["location" => "", "about" => "", "keywords" => ""]]; + $r = [['location' => '', 'about' => '', 'keywords' => '']]; } else { - $gcontact_id = $r[0]["id"]; - } - - if ($ret['network'] === NETWORK_DIASPORA) { - $r[0]["location"] = ""; - $r[0]["about"] = ""; - } - - $header = L10n::t("Connect/Follow"); - - $o = replace_macros($tpl, [ - '$header' => htmlentities($header), - //'$photo' => proxy_url($ret["photo"], false, PROXY_SIZE_SMALL), - '$desc' => "", - '$pls_answer' => L10n::t('Please answer the following:'), - '$does_know_you' => ['knowyou', L10n::t('Does %s know you?', $ret["name"]), false, '', [L10n::t('No'), L10n::t('Yes')]], - '$add_note' => L10n::t('Add a personal note:'), - '$page_desc' => "", - '$friendica' => "", - '$statusnet' => "", - '$diaspora' => "", - '$diasnote' => "", - '$your_address' => L10n::t('Your Identity Address:'), - '$invite_desc' => "", - '$emailnet' => "", - '$submit' => $submit, - '$cancel' => L10n::t('Cancel'), - '$nickname' => "", - '$name' => $ret["name"], - '$url' => $ret["url"], - '$zrl' => Profile::zrl($ret["url"]), - '$url_label' => L10n::t("Profile URL"), - '$myaddr' => $myaddr, - '$request' => $request, - /*'$location' => bbcode($r[0]["location"]), - '$location_label' => L10n::t("Location:"), - '$about' => bbcode($r[0]["about"], false, false), - '$about_label' => L10n::t("About:"), */ - '$keywords' => $r[0]["keywords"], - '$keywords_label' => L10n::t("Tags:") + $gcontact_id = $r[0]['id']; + } + + if ($protocol === Protocol::DIASPORA) { + $r[0]['location'] = ''; + $r[0]['about'] = ''; + } + + $o = Renderer::replaceMacros($tpl, [ + '$header' => L10n::t('Connect/Follow'), + '$desc' => '', + '$pls_answer' => L10n::t('Please answer the following:'), + '$does_know_you' => ['knowyou', L10n::t('Does %s know you?', $ret['name']), false, '', [L10n::t('No'), L10n::t('Yes')]], + '$add_note' => L10n::t('Add a personal note:'), + '$page_desc' => '', + '$friendica' => '', + '$statusnet' => '', + '$diaspora' => '', + '$diasnote' => '', + '$your_address' => L10n::t('Your Identity Address:'), + '$invite_desc' => '', + '$emailnet' => '', + '$submit' => $submit, + '$cancel' => L10n::t('Cancel'), + '$nickname' => '', + '$name' => $ret['name'], + '$url' => $ret['url'], + '$zrl' => Profile::zrl($ret['url']), + '$url_label' => L10n::t('Profile URL'), + '$myaddr' => $myaddr, + '$request' => $request, + '$keywords' => $r[0]['keywords'], + '$keywords_label'=> L10n::t('Tags:') ]); - $a->page['aside'] = ""; + $a->page['aside'] = ''; - Profile::load($a, "", 0, Contact::getDetailsByURL($ret["url"]), false); + $profiledata = Contact::getDetailsByURL($ret['url']); + if ($profiledata) { + Profile::load($a, '', 0, $profiledata, false); + } if ($gcontact_id <> 0) { - $o .= replace_macros(get_markup_template('section_title.tpl'), + $o .= Renderer::replaceMacros(Renderer::getMarkupTemplate('section_title.tpl'), ['$title' => L10n::t('Status Messages and Posts')] ); // Show last public posts - $o .= Contact::getPostsFromUrl($ret["url"]); + $o .= Contact::getPostsFromUrl($ret['url']); } return $o;