X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphotos.php;h=5a477c3bce4a468145cd829eb6b476dd2694b517;hb=b124c414dcaebaf15ab1f82c2e47e348400b582e;hp=b18c06e2a3a4e5bf4b410f47b1a83f3c910b1245;hpb=32b8c6f65e9b50cec79e7c5021b80e5541c74143;p=friendica.git

diff --git a/mod/photos.php b/mod/photos.php
index b18c06e2a3..5a477c3bce 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -188,6 +188,9 @@ function photos_post(App $a)
 	}
 
 	if ($a->argc > 3 && $a->argv[2] === 'album') {
+		if (!Strings::isHex($a->argv[3])) {
+			$a->internalRedirect('photos/' . $a->data['user']['nickname'] . '/album');
+		}
 		$album = hex2bin($a->argv[3]);
 
 		if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) {
@@ -960,7 +963,7 @@ function photos_content(App $a)
 			return;
 		}
 
-		$selname = $datum ? hex2bin($datum) : '';
+		$selname = Strings::isHex($datum) ? hex2bin($datum) : '';
 
 		$albumselect = '';
 
@@ -1027,6 +1030,10 @@ function photos_content(App $a)
 
 	// Display a single photo album
 	if ($datatype === 'album') {
+		// if $datum is not a valid hex, redirect to the default page
+		if (!Strings::isHex($datum)) {
+			$a->internalRedirect('photos/' . $a->data['user']['nickname']. '/album');
+		}
 		$album = hex2bin($datum);
 
 		$total = 0;
@@ -1294,6 +1301,10 @@ function photos_content(App $a)
 			'filename' => $hires['filename'],
 		];
 
+		$map = null;
+		$link_item = [];
+		$total = 0;
+
 		// Do we have an item for this photo?
 
 		// FIXME! - replace following code to display the conversation with our normal
@@ -1306,15 +1317,12 @@ function photos_content(App $a)
 		$linked_items = q("SELECT `id` FROM `item` WHERE `resource-id` = '%s' $sql_extra LIMIT 1",
 			DBA::escape($datum)
 		);
-
-		$map = null;
-		$link_item = [];
-		$total = 0;
-
 		if (DBA::isResult($linked_items)) {
 			// This is a workaround to not being forced to rewrite the while $sql_extra handling
 			$link_item = Item::selectFirst([], ['id' => $linked_items[0]['id']]);
+		}
 
+		if (!empty($link_item['parent']) && !empty($link_item['uid'])) {
 			$condition = ["`parent` = ? AND `parent` != `id`",  $link_item['parent']];
 			$total = DBA::count('item', $condition);
 
@@ -1324,25 +1332,25 @@ function photos_content(App $a)
 			$result = Item::selectForUser($link_item['uid'], Item::ITEM_FIELDLIST, $condition, $params);
 			$items = Item::inArray($result);
 
-			if (local_user() && (local_user() == $link_item['uid'])) {
+			if (local_user() == $link_item['uid']) {
 				Item::update(['unseen' => false], ['parent' => $link_item['parent']]);
 			}
+		}
 
-			if ($link_item['coord']) {
-				$map = Map::byCoordinates($link_item['coord']);
-			}
+		if (!empty($link_item['coord'])) {
+			$map = Map::byCoordinates($link_item['coord']);
 		}
 
 		$tags = null;
 
-		if (count($linked_items) && strlen($link_item['tag'])) {
+		if (!empty($link_item['id']) && !empty($link_item['tag'])) {
 			$arr = explode(',', $link_item['tag']);
 			// parse tags and add links
 			$tag_arr = [];
 			foreach ($arr as $tag) {
 				$tag_arr[] = [
 					'name' => BBCode::convert($tag),
-					'removeurl' => '/tagrm/'.$link_item['id'] . '/' . bin2hex($tag)
+					'removeurl' => '/tagrm/' . $link_item['id'] . '/' . bin2hex($tag)
 				];
 			}
 			$tags = ['title' => L10n::t('Tags: '), 'tags' => $tag_arr];
@@ -1375,7 +1383,7 @@ function photos_content(App $a)
 				'$permissions' => L10n::t('Permissions'),
 				'$aclselect' => $aclselect_e,
 
-				'$item_id' => defaults($link_item, 'id', 0),
+				'$item_id' => $link_item['id'] ?? 0,
 				'$submit' => L10n::t('Submit'),
 				'$delete' => L10n::t('Delete Photo'),
 
@@ -1393,7 +1401,7 @@ function photos_content(App $a)
 		$paginate = '';
 		$responses = '';
 
-		if (count($linked_items)) {
+		if (!empty($link_item['id']) && !empty($link_item['uri'])) {
 			$cmnt_tpl = Renderer::getMarkupTemplate('comment_item.tpl');
 			$tpl = Renderer::getMarkupTemplate('photo_item.tpl');
 			$return_path = $a->cmd;
@@ -1504,7 +1512,7 @@ function photos_content(App $a)
 						'$title' => $title_e,
 						'$body' => $body_e,
 						'$ago' => Temporal::getRelativeDate($item['created']),
-						'$indent' => (($item['parent'] != $item['item_id']) ? ' comment' : ''),
+						'$indent' => (($item['parent'] != $item['id']) ? ' comment' : ''),
 						'$drop' => $drop,
 						'$comment' => $comment
 					]);
@@ -1513,7 +1521,7 @@ function photos_content(App $a)
 						$comments .= Renderer::replaceMacros($cmnt_tpl, [
 							'$return_path' => '',
 							'$jsreload' => $return_path,
-							'$id' => $item['item_id'],
+							'$id' => $item['id'],
 							'$parent' => $item['parent'],
 							'$profile_uid' =>  $owner_uid,
 							'$mylink' => $contact['url'],