X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Ffsuggest.php;h=d41363ad7b38d153043b2afa7484bff30fdd8370;hb=49767e0555ce13c0f1a3cb986e544b7d13ca42c1;hp=e84a8bd54d3ad552913984dfaf3e46ff9bdd6ce6;hpb=14d4132ad02334bcc22e503290cada91f3d67967;p=friendica.git

diff --git a/mod/fsuggest.php b/mod/fsuggest.php
index e84a8bd54d..d41363ad7b 100644
--- a/mod/fsuggest.php
+++ b/mod/fsuggest.php
@@ -10,6 +10,7 @@ use Friendica\Core\Worker;
 use Friendica\Database\DBA;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Strings;
+use Friendica\Worker\Delivery;
 
 function fsuggest_post(App $a)
 {
@@ -26,29 +27,32 @@ function fsuggest_post(App $a)
 		return;
 	}
 
-	$contact = DBA::selectFirst('contact', ['name', 'url', 'request', 'photo'], ['id' => $contact_id, 'uid' => local_user()]);
-	if (!DBA::isResult($contact)) {
+	// We do query the "uid" as well to ensure that it is our contact
+	if (!DBA::exists('contact', ['id' => $contact_id, 'uid' => local_user()])) {
 		notice(L10n::t('Contact not found.') . EOL);
 		return;
 	}
 
-	$note = Strings::escapeHtml(trim(defaults($_POST, 'note', '')));
-
-	$new_contact = intval($_POST['suggest']);
-	if (empty($new_contact)) {
+	$suggest_contact_id = intval($_POST['suggest']);
+	if (empty($suggest_contact_id)) {
 		return;
 	}
 
-	if (!DBA::exists('contact', ['id' => $new_contact])) {
+	// We do query the "uid" as well to ensure that it is our contact
+	$contact = DBA::selectFirst('contact', ['name', 'url', 'request', 'avatar'], ['id' => $suggest_contact_id, 'uid' => local_user()]);
+	if (!DBA::isResult($contact)) {
+		notice(L10n::t('Suggested contact not found.') . EOL);
 		return;
 	}
 
+	$note = Strings::escapeHtml(trim($_POST['note'] ?? ''));
+
 	$fields = ['uid' => local_user(),'cid' => $contact_id, 'name' => $contact['name'],
 		'url' => $contact['url'], 'request' => $contact['request'],
-		'photo' => $contact['photo'], 'note' => $note, 'created' => DateTimeFormat::utcNow()];
+		'photo' => $contact['avatar'], 'note' => $note, 'created' => DateTimeFormat::utcNow()];
 	DBA::insert('fsuggest', $fields);
 
-	Worker::add(PRIORITY_HIGH, 'Notifier', 'suggest', DBA::lastInsertId());
+	Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::SUGGESTION, DBA::lastInsertId());
 
 	info(L10n::t('Friend suggestion sent.') . EOL);
 }