X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fitem.php;h=b77e725756b11f9cf1c1af41b7236dc997b90399;hb=e076998ffe7ed9e29c01463c10a0b36a49659e9d;hp=57fb64e3dac8d3c4864407cb775bdad493a5a23a;hpb=3fc3ded750afe4b90c95f3036bded015ed5c9572;p=friendica.git diff --git a/mod/item.php b/mod/item.php index 57fb64e3da..b77e725756 100644 --- a/mod/item.php +++ b/mod/item.php @@ -54,7 +54,7 @@ use Friendica\Object\EMail\ItemCCEMail; use Friendica\Protocol\Activity; use Friendica\Protocol\Diaspora; use Friendica\Util\DateTimeFormat; -use Friendica\Util\Security; +use Friendica\Security\Security; use Friendica\Util\Strings; use Friendica\Worker\Delivery; @@ -139,7 +139,7 @@ function item_post(App $a) { // When commenting on a public post then store the post for the current user // This enables interaction like starring and saving into folders if ($toplevel_item['uid'] == 0) { - $stored = Item::storeForUser($toplevel_item, local_user()); + $stored = Item::storeForUserByUriId($toplevel_item['uri-id'], local_user()); Logger::info('Public item stored for user', ['uri-id' => $toplevel_item['uri-id'], 'uid' => $uid, 'stored' => $stored]); if ($stored) { $toplevel_item = Item::selectFirst([], ['id' => $stored]); @@ -260,7 +260,7 @@ function item_post(App $a) { $objecttype = $orig_post['object-type']; $app = $orig_post['app']; $categories = $orig_post['file'] ?? ''; - $title = Strings::escapeTags(trim($_REQUEST['title'])); + $title = trim($_REQUEST['title'] ?? ''); $body = trim($body); $private = $orig_post['private']; $pubmail_enabled = $orig_post['pubmail']; @@ -281,13 +281,13 @@ function item_post(App $a) { $str_group_deny = isset($_REQUEST['group_deny']) ? $aclFormatter->toString($_REQUEST['group_deny']) : $user['deny_gid'] ?? ''; } - $title = Strings::escapeTags(trim($_REQUEST['title'] ?? '')); - $location = Strings::escapeTags(trim($_REQUEST['location'] ?? '')); - $coord = Strings::escapeTags(trim($_REQUEST['coord'] ?? '')); - $verb = Strings::escapeTags(trim($_REQUEST['verb'] ?? '')); - $emailcc = Strings::escapeTags(trim($_REQUEST['emailcc'] ?? '')); + $title = trim($_REQUEST['title'] ?? ''); + $location = trim($_REQUEST['location'] ?? ''); + $coord = trim($_REQUEST['coord'] ?? ''); + $verb = trim($_REQUEST['verb'] ?? ''); + $emailcc = trim($_REQUEST['emailcc'] ?? ''); $body = trim($body); - $network = Strings::escapeTags(trim(($_REQUEST['network'] ?? '') ?: Protocol::DFRN)); + $network = trim(($_REQUEST['network'] ?? '') ?: Protocol::DFRN); $guid = System::createUUID(); $postopts = $_REQUEST['postopts'] ?? ''; @@ -888,7 +888,7 @@ function drop_item(int $id, string $return = '') $item = Item::selectFirstForUser(local_user(), $fields, ['id' => $id]); if (!DBA::isResult($item)) { - notice(DI::l10n()->t('Item not found.') . EOL); + notice(DI::l10n()->t('Item not found.')); DI::baseUrl()->redirect('network'); } @@ -904,40 +904,8 @@ function drop_item(int $id, string $return = '') } if ((local_user() == $item['uid']) || $contact_id) { - // Check if we should do HTML-based delete confirmation - if (!empty($_REQUEST['confirm'])) { - //
can't take arguments in its "action" parameter - // so add any arguments as hidden inputs - $query = explode_querystring(DI::args()->getQueryString()); - $inputs = []; - - foreach ($query['args'] as $arg) { - if (strpos($arg, 'confirm=') === false) { - $arg_parts = explode('=', $arg); - $inputs[] = ['name' => $arg_parts[0], 'value' => $arg_parts[1]]; - } - } - - return Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ - '$method' => 'get', - '$message' => DI::l10n()->t('Do you really want to delete this item?'), - '$extra_inputs' => $inputs, - '$confirm' => DI::l10n()->t('Yes'), - '$confirm_url' => $query['base'], - '$confirm_name' => 'confirmed', - '$cancel' => DI::l10n()->t('Cancel'), - ]); - } - // Now check how the user responded to the confirmation query - if (!empty($_REQUEST['canceled'])) { - DI::baseUrl()->redirect('display/' . $item['guid']); - } - - $is_comment = $item['gravity'] == GRAVITY_COMMENT; - $parentitem = null; if (!empty($item['parent'])) { - $fields = ['guid']; - $parentitem = Item::selectFirstForUser(local_user(), $fields, ['id' => $item['parent']]); + $parentitem = Item::selectFirstForUser(local_user(), ['guid'], ['id' => $item['parent']]); } // delete the item @@ -949,7 +917,7 @@ function drop_item(int $id, string $return = '') $return_url = str_replace("update_", "", $return_url); // Check if delete a comment - if ($is_comment) { + if ($item['gravity'] == GRAVITY_COMMENT) { // Return to parent guid if (!empty($parentitem)) { DI::baseUrl()->redirect('display/' . $parentitem['guid']);