X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Ffollow.php;h=f8e2539d97e2cf6c9e0f14adb266bcc21dd4d2e4;hb=e9b05bd13f1bf3f74c63202f6f9f9fa2f65f19f1;hp=5c6c6d9d34c37a50d3404f4fced854702aa001d6;hpb=bd972151478f40f73585519110700222a1931d44;p=friendica.git diff --git a/mod/follow.php b/mod/follow.php index 5c6c6d9d34..f8e2539d97 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -13,6 +13,7 @@ use Friendica\Model\Profile; use Friendica\Network\Probe; use Friendica\Database\DBA; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; function follow_post(App $a) { @@ -21,12 +22,12 @@ function follow_post(App $a) } if (isset($_REQUEST['cancel'])) { - $a->internalRedirect('contacts'); + $a->internalRedirect('contact'); } $uid = local_user(); - $url = notags(trim($_REQUEST['url'])); - $return_path = 'contacts'; + $url = Strings::escapeTags(trim($_REQUEST['url'])); + $return_path = 'follow?url=' . urlencode($url); // Makes the connection request for friendica contacts easier // This is just a precaution if maybe this page is called somewhere directly via POST @@ -51,7 +52,7 @@ function follow_post(App $a) function follow_content(App $a) { - $return_path = 'contacts'; + $return_path = 'contact'; if (!local_user()) { notice(L10n::t('Permission denied.')); @@ -60,7 +61,7 @@ function follow_content(App $a) } $uid = local_user(); - $url = notags(trim($_REQUEST['url'])); + $url = Strings::escapeTags(trim($_REQUEST['url'])); $submit = L10n::t('Submit Request'); @@ -68,8 +69,8 @@ function follow_content(App $a) $r = q("SELECT `pending` FROM `contact` WHERE `uid` = %d AND ((`rel` != %d) OR (`network` = '%s')) AND (`nurl` = '%s' OR `alias` = '%s' OR `alias` = '%s') AND `network` != '%s' LIMIT 1", - intval(local_user()), DBA::escape(Contact::FOLLOWER), DBA::escape(Protocol::DFRN), DBA::escape(normalise_link($url)), - DBA::escape(normalise_link($url)), DBA::escape($url), DBA::escape(Protocol::STATUSNET)); + intval(local_user()), DBA::escape(Contact::FOLLOWER), DBA::escape(Protocol::DFRN), DBA::escape(Strings::normaliseLink($url)), + DBA::escape(Strings::normaliseLink($url)), DBA::escape($url), DBA::escape(Protocol::STATUSNET)); if ($r) { if ($r[0]['pending']) { @@ -130,7 +131,7 @@ function follow_content(App $a) $_SESSION['fastlane'] = $ret['url']; $r = q("SELECT `id`, `location`, `about`, `keywords` FROM `gcontact` WHERE `nurl` = '%s'", - normalise_link($ret['url'])); + Strings::normaliseLink($ret['url'])); if (!$r) { $r = [['location' => '', 'about' => '', 'keywords' => '']]; @@ -143,11 +144,8 @@ function follow_content(App $a) $r[0]['about'] = ''; } - $header = L10n::t('Connect/Follow'); - $o = Renderer::replaceMacros($tpl, [ - '$header' => htmlentities($header), - //'$photo' => ProxyUtils::proxifyUrl($ret['photo'], false, ProxyUtils::SIZE_SMALL), + '$header' => L10n::t('Connect/Follow'), '$desc' => '', '$pls_answer' => L10n::t('Please answer the following:'), '$does_know_you' => ['knowyou', L10n::t('Does %s know you?', $ret['name']), false, '', [L10n::t('No'), L10n::t('Yes')]], @@ -169,13 +167,6 @@ function follow_content(App $a) '$url_label' => L10n::t('Profile URL'), '$myaddr' => $myaddr, '$request' => $request, - /* - * @TODO commented out? - '$location' => Friendica\Content\Text\BBCode::::convert($r[0]['location']), - '$location_label'=> L10n::t('Location:'), - '$about' => Friendica\Content\Text\BBCode::::convert($r[0]['about'], false, false), - '$about_label' => L10n::t('About:'), - */ '$keywords' => $r[0]['keywords'], '$keywords_label'=> L10n::t('Tags:') ]);