X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Ffsuggest.php;h=2195f455af56605e5ed3288ad74b02029f57c934;hb=5e1ceb57de62e4f2b6af957fa7952eed09c1aedb;hp=86878a5295c0463af912ac405a45fbdbb6f11158;hpb=9b37f5c0855c8071075fa3ce49b7e9c38f2c6a2e;p=friendica.git diff --git a/mod/fsuggest.php b/mod/fsuggest.php index 86878a5295..2195f455af 100644 --- a/mod/fsuggest.php +++ b/mod/fsuggest.php @@ -4,10 +4,12 @@ */ use Friendica\App; +use Friendica\Core\ACL; use Friendica\Core\L10n; use Friendica\Core\Worker; -use Friendica\Database\DBM; +use Friendica\Database\DBA; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Strings; function fsuggest_post(App $a) { @@ -25,7 +27,7 @@ function fsuggest_post(App $a) intval($contact_id), intval(local_user()) ); - if (! DBM::is_result($r)) { + if (! DBA::isResult($r)) { notice(L10n::t('Contact not found.') . EOL); return; } @@ -33,35 +35,35 @@ function fsuggest_post(App $a) $new_contact = intval($_POST['suggest']); - $hash = random_string(); + $hash = Strings::getRandomHex(); - $note = escape_tags(trim($_POST['note'])); + $note = Strings::escapeHtml(trim(defaults($_POST, 'note', ''))); if ($new_contact) { $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($new_contact), intval(local_user()) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $x = q("INSERT INTO `fsuggest` ( `uid`,`cid`,`name`,`url`,`request`,`photo`,`note`,`created`) VALUES ( %d, %d, '%s','%s','%s','%s','%s','%s')", intval(local_user()), intval($contact_id), - dbesc($r[0]['name']), - dbesc($r[0]['url']), - dbesc($r[0]['request']), - dbesc($r[0]['photo']), - dbesc($hash), - dbesc(DateTimeFormat::utcNow()) + DBA::escape($r[0]['name']), + DBA::escape($r[0]['url']), + DBA::escape($r[0]['request']), + DBA::escape($r[0]['photo']), + DBA::escape($hash), + DBA::escape(DateTimeFormat::utcNow()) ); $r = q("SELECT `id` FROM `fsuggest` WHERE `note` = '%s' AND `uid` = %d LIMIT 1", - dbesc($hash), + DBA::escape($hash), intval(local_user()) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $fsuggest_id = $r[0]['id']; q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d", - dbesc($note), + DBA::escape($note), intval($fsuggest_id), intval(local_user()) ); @@ -75,8 +77,6 @@ function fsuggest_post(App $a) function fsuggest_content(App $a) { - require_once 'include/acl_selectors.php'; - if (! local_user()) { notice(L10n::t('Permission denied.') . EOL); return; @@ -93,7 +93,7 @@ function fsuggest_content(App $a) intval($contact_id), intval(local_user()) ); - if (! DBM::is_result($r)) { + if (! DBA::isResult($r)) { notice(L10n::t('Contact not found.') . EOL); return; } @@ -105,11 +105,10 @@ function fsuggest_content(App $a) $o .= '
'; - $o .= contact_selector( + $o .= ACL::getSuggestContactSelectHTML( 'suggest', 'suggest-select', - ['size' => 4, 'exclude' => $contact_id, 'networks' => 'DFRN_ONLY', 'single' => true], - false + ['size' => 4, 'exclude' => $contact_id, 'networks' => 'DFRN_ONLY', 'single' => true] );