X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphotos.php;h=5fb6ba368354aab0735da2000e17d1d55354b6de;hb=deca48e39d847dbc64bf7053f107ffdff53f3d02;hp=6d611cafa2ffb05ec45105757972cda670b594fe;hpb=ea24ac9d950125d83e3b6a8f2abcaa24a0f316f9;p=friendica.git diff --git a/mod/photos.php b/mod/photos.php index 6d611cafa2..5fb6ba3683 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -14,7 +14,6 @@ use Friendica\Core\L10n; use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBA; -use Friendica\Database\DBM; use Friendica\Model\Contact; use Friendica\Model\Group; use Friendica\Model\Item; @@ -46,10 +45,10 @@ function photos_init(App $a) { if ($a->argc > 1) { $nick = $a->argv[1]; $user = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1", - dbesc($nick) + DBA::escape($nick) ); - if (!DBM::is_result($user)) { + if (!DBA::isResult($user)) { return; } @@ -80,6 +79,7 @@ function photos_init(App $a) { if ($albums) { $a->data['albums'] = $albums; + if ($albums_visible) { $ret['success'] = true; } @@ -118,13 +118,15 @@ function photos_init(App $a) { ]); } - if (empty($a->page['aside'])) { $a->page['aside'] = ''; } $a->page['aside'] .= $vcard_widget; - $a->page['aside'] .= $photo_albums_widget; + + if (!empty($photo_albums_widget)) { + $a->page['aside'] .= $photo_albums_widget; + } $tpl = get_markup_template("photos_head.tpl"); @@ -148,7 +150,7 @@ function photos_post(App $a) $visitor = 0; $page_owner_uid = $a->data['user']['uid']; - $community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY; + $community_page = $a->data['user']['page-flags'] == Contact::PAGE_COMMUNITY; if (local_user() && (local_user() == $page_owner_uid)) { $can_post = true; @@ -164,13 +166,13 @@ function photos_post(App $a) } } - if ($contact_id) { + if ($contact_id > 0) { $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($page_owner_uid) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $can_post = true; $visitor = $contact_id; } @@ -199,10 +201,11 @@ function photos_post(App $a) } $r = q("SELECT `album` FROM `photo` WHERE `album` = '%s' AND `uid` = %d", - dbesc($album), + DBA::escape($album), intval($page_owner_uid) ); - if (!DBM::is_result($r)) { + + if (!DBA::isResult($r)) { notice(L10n::t('Album not found.') . EOL); goaway($_SESSION['photo_return']); return; // NOTREACHED @@ -217,8 +220,8 @@ function photos_post(App $a) $newalbum = notags(trim($_POST['albumname'])); if ($newalbum != $album) { q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d", - dbesc($newalbum), - dbesc($album), + DBA::escape($newalbum), + DBA::escape($album), intval($page_owner_uid) ); // Update the photo albums cache @@ -251,6 +254,7 @@ function photos_post(App $a) '$confirm_name' => 'dropalbum', // Needed so that confirmation will bring us back into this if statement '$cancel' => L10n::t('Cancel'), ]); + $a->error = 1; // Set $a->error so the other module functions don't execute return; } @@ -263,17 +267,18 @@ function photos_post(App $a) $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'", intval($visitor), intval($page_owner_uid), - dbesc($album) + DBA::escape($album) ); } else { $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", intval(local_user()), - dbesc($album) + DBA::escape($album) ); } - if (DBM::is_result($r)) { + + if (DBA::isResult($r)) { foreach ($r as $rr) { - $res[] = "'" . dbesc($rr['rid']) . "'" ; + $res[] = "'" . DBA::escape($rr['rid']) . "'" ; } } else { goaway($_SESSION['photo_return']); @@ -311,6 +316,7 @@ function photos_post(App $a) // Check if we should do HTML-based delete confirmation if (!empty($_REQUEST['confirm'])) { $drop_url = $a->query_string; + $a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), [ '$method' => 'post', '$message' => L10n::t('Do you really want to delete this photo?'), @@ -320,6 +326,7 @@ function photos_post(App $a) '$confirm_name' => 'delete', // Needed so that confirmation will bring us back into this if statement '$cancel' => L10n::t('Cancel'), ]); + $a->error = 1; // Set $a->error so the other module functions don't execute return; } @@ -328,19 +335,19 @@ function photos_post(App $a) $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1", intval($visitor), intval($page_owner_uid), - dbesc($a->argv[2]) + DBA::escape($a->argv[2]) ); } else { $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1", intval(local_user()), - dbesc($a->argv[2]) + DBA::escape($a->argv[2]) ); } - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'", intval($page_owner_uid), - dbesc($r[0]['resource-id']) + DBA::escape($r[0]['resource-id']) ); Item::deleteForUser(['resource-id' => $r[0]['resource-id'], 'uid' => $page_owner_uid], $page_owner_uid); @@ -375,11 +382,11 @@ function photos_post(App $a) logger('rotate'); $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0 LIMIT 1", - dbesc($resource_id), + DBA::escape($resource_id), intval($page_owner_uid) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $image = new Image($r[0]['data'], $r[0]['type']); if ($image->isValid()) { @@ -390,10 +397,10 @@ function photos_post(App $a) $height = $image->getHeight(); $x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0", - dbesc($image->asString()), + DBA::escape($image->asString()), intval($height), intval($width), - dbesc($resource_id), + DBA::escape($resource_id), intval($page_owner_uid) ); @@ -403,10 +410,10 @@ function photos_post(App $a) $height = $image->getHeight(); $x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 1", - dbesc($image->asString()), + DBA::escape($image->asString()), intval($height), intval($width), - dbesc($resource_id), + DBA::escape($resource_id), intval($page_owner_uid) ); } @@ -417,10 +424,10 @@ function photos_post(App $a) $height = $image->getHeight(); $x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 2", - dbesc($image->asString()), + DBA::escape($image->asString()), intval($height), intval($width), - dbesc($resource_id), + DBA::escape($resource_id), intval($page_owner_uid) ); } @@ -429,19 +436,20 @@ function photos_post(App $a) } $p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC", - dbesc($resource_id), + DBA::escape($resource_id), intval($page_owner_uid) ); - if (DBM::is_result($p)) { + + if (DBA::isResult($p)) { $ext = $phototypes[$p[0]['type']]; $r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d", - dbesc($desc), - dbesc($albname), - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), - dbesc($resource_id), + DBA::escape($desc), + DBA::escape($albname), + DBA::escape($str_contact_allow), + DBA::escape($str_group_allow), + DBA::escape($str_contact_deny), + DBA::escape($str_group_deny), + DBA::escape($resource_id), intval($page_owner_uid) ); @@ -496,7 +504,7 @@ function photos_post(App $a) if ($item_id) { $item = Item::selectFirst(['tag', 'inform'], ['id' => $item_id, 'uid' => $page_owner_uid]); } - if (DBM::is_result($item)) { + if (DBA::isResult($item)) { $old_tag = $item['tag']; $old_inform = $item['inform']; } @@ -519,28 +527,35 @@ function photos_post(App $a) if (strpos($tag, '@') === 0) { $profile = ''; $name = substr($tag,1); + if ((strpos($name, '@')) || (strpos($name, 'http://'))) { $newname = $name; $links = @Probe::lrdd($name); + if (count($links)) { foreach ($links as $link) { if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') { $profile = $link['@attributes']['href']; } + if ($link['@attributes']['rel'] === 'salmon') { $salmon = '$url:' . str_replace(',', '%sc', $link['@attributes']['href']); + if (strlen($inform)) { $inform .= ','; } + $inform .= $salmon; } } } + $taginfo[] = [$newname, $profile, $salmon]; } else { $newname = $name; $alias = ''; $tagcid = 0; + if (strrpos($newname, '+')) { $tagcid = intval(substr($newname, strrpos($newname, '+') + 1)); } @@ -555,23 +570,24 @@ function photos_post(App $a) //select someone from this user's contacts by name $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", - dbesc($newname), + DBA::escape($newname), intval($page_owner_uid) ); - if (!DBM::is_result($r)) { + if (!DBA::isResult($r)) { //select someone by attag or nick and the name passed in $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", - dbesc($name), - dbesc($name), + DBA::escape($name), + DBA::escape($name), intval($page_owner_uid) ); } } - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $newname = $r[0]['name']; $profile = $r[0]['url']; + $notify = 'cid:' . $r[0]['id']; if (strlen($inform)) { $inform .= ','; @@ -579,15 +595,18 @@ function photos_post(App $a) $inform .= $notify; } } + if ($profile) { if (substr($notify, 0, 4) === 'cid:') { $taginfo[] = [$newname, $profile, $notify, $r[0], '@[url=' . str_replace(',','%2c',$profile) . ']' . $newname . '[/url]']; } else { $taginfo[] = [$newname, $profile, $notify, null, $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]']; } + if (strlen($str_tags)) { $str_tags .= ','; } + $profile = str_replace(',', '%2c', $profile); $str_tags .= '@[url='.$profile.']'.$newname.'[/url]'; } @@ -620,6 +639,7 @@ function photos_post(App $a) $best = 2; break; } + if (intval($scales['scale']) == 4) { $best = 4; break; @@ -708,11 +728,11 @@ function photos_post(App $a) */ $r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `created` > UTC_TIMESTAMP() - INTERVAL 3 HOUR ", - dbesc($album), + DBA::escape($album), intval($page_owner_uid) ); - if (!DBM::is_result($r) || ($album == L10n::t('Profile Photos'))) { + if (!DBA::isResult($r) || ($album == L10n::t('Profile Photos'))) { $visible = 1; } else { $visible = 0; @@ -901,7 +921,7 @@ function photos_post(App $a) Worker::add(PRIORITY_HIGH, "Notifier", 'wall-new', $item_id); } - Addon::callHooks('photo_post_end', intval($item_id)); + Addon::callHooks('photo_post_end', $item_id); // addon uploaders should call "killme()" [e.g. exit] within the photo_post_end hook // if they do not wish to be redirected @@ -965,7 +985,7 @@ function photos_content(App $a) $owner_uid = $a->data['user']['uid']; - $community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false); + $community_page = (($a->data['user']['page-flags'] == Contact::PAGE_COMMUNITY) ? true : false); if (local_user() && (local_user() == $owner_uid)) { $can_post = true; @@ -985,7 +1005,7 @@ function photos_content(App $a) intval($contact_id), intval($owner_uid) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $can_post = true; $contact = $r[0]; $remote_contact = true; @@ -1014,7 +1034,7 @@ function photos_content(App $a) intval($contact_id), intval($owner_uid) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $contact = $r[0]; $remote_contact = true; } @@ -1051,7 +1071,7 @@ function photos_content(App $a) $albumselect = ''; $albumselect .= ''; - if (count($a->data['albums'])) { + if (!empty($a->data['albums'])) { foreach ($a->data['albums'] as $album) { if (($album['album'] === '') || ($album['album'] === 'Contact Photos') || ($album['album'] === L10n::t('Contact Photos'))) { continue; @@ -1091,6 +1111,12 @@ function photos_content(App $a) '$albumselect' => $albumselect, '$permissions' => L10n::t('Permissions'), '$aclselect' => $aclselect_e, + '$lockstate' => is_array($a->user) + && (strlen($a->user['allow_cid']) + || strlen($a->user['allow_gid']) + || strlen($a->user['deny_cid']) + || strlen($a->user['deny_gid']) + ) ? 'lock' : 'unlock', '$alt_uploader' => $ret['addon_text'], '$default_upload_box' => ($ret['default_upload'] ? $default_upload_box : ''), '$default_upload_submit' => ($ret['default_upload'] ? $default_upload_submit : ''), @@ -1112,9 +1138,9 @@ function photos_content(App $a) $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' AND `scale` <= 4 $sql_extra GROUP BY `resource-id`", intval($owner_uid), - dbesc($album) + DBA::escape($album) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(20); } @@ -1133,7 +1159,7 @@ function photos_content(App $a) FROM `photo` WHERE `uid` = %d AND `album` = '%s' AND `scale` <= 4 $sql_extra GROUP BY `resource-id` ORDER BY `created` $order LIMIT %d , %d", intval($owner_uid), - dbesc($album), + DBA::escape($album), intval($a->pager['start']), intval($a->pager['itemspage']) ); @@ -1170,7 +1196,7 @@ function photos_content(App $a) $photos = []; - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { // "Twist" is only used for the duepunto theme with style "slackr" $twist = false; foreach ($r as $rr) { @@ -1217,16 +1243,16 @@ function photos_content(App $a) $ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' $sql_extra ORDER BY `scale` ASC ", intval($owner_uid), - dbesc($datum) + DBA::escape($datum) ); - if (!DBM::is_result($ph)) { + if (!DBA::isResult($ph)) { $ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1", intval($owner_uid), - dbesc($datum) + DBA::escape($datum) ); - if (DBM::is_result($ph)) { + if (DBA::isResult($ph)) { notice(L10n::t('Permission denied. Access to this item may be restricted.')); } else { notice(L10n::t('Photo not available') . EOL); @@ -1253,11 +1279,13 @@ function photos_content(App $a) $prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0 $sql_extra ORDER BY `created` $order ", - dbesc($ph[0]['album']), + DBA::escape($ph[0]['album']), intval($owner_uid) ); - if (DBM::is_result($prvnxt)) { + if (DBA::isResult($prvnxt)) { + $prv = null; + $nxt = null; foreach ($prvnxt as $z => $entry) { if ($entry['resource-id'] == $ph[0]['resource-id']) { $prv = $z - 1; @@ -1272,8 +1300,12 @@ function photos_content(App $a) } } $edit_suffix = ((($cmd === 'edit') && $can_post) ? '/edit' : ''); - $prevlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : ''); - $nextlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : ''); + if (!is_null($prv)) { + $prevlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : ''); + } + if (!is_null($nxt)) { + $nextlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : ''); + } } } @@ -1348,13 +1380,13 @@ function photos_content(App $a) /// @todo Rewrite this query. To do so, $sql_extra must be changed $linked_items = q("SELECT `id` FROM `item` WHERE `resource-id` = '%s' $sql_extra LIMIT 1", - dbesc($datum) + DBA::escape($datum) ); $map = null; $link_item = []; - if (DBM::is_result($linked_items)) { + if (DBA::isResult($linked_items)) { // This is a workaround to not being forced to rewrite the while $sql_extra handling $link_item = Item::selectFirst([], ['id' => $linked_items[0]['id']]); @@ -1362,7 +1394,7 @@ function photos_content(App $a) $a->set_pager_total(DBA::count('item', $condition)); $params = ['order' => ['id'], 'limit' => [$a->pager['start'], $a->pager['itemspage']]]; - $result = Item::selectForUser($link_item['uid'], [], $condition, $params); + $result = Item::selectForUser($link_item['uid'], Item::ITEM_FIELDLIST, $condition, $params); $items = Item::inArray($result); if (local_user() && (local_user() == $link_item['uid'])) { @@ -1400,7 +1432,7 @@ function photos_content(App $a) $album_e = $ph[0]['album']; $caption_e = $ph[0]['desc']; - $aclselect_e = ACL::getFullSelectorHTML($ph[0]); + $aclselect_e = ACL::getFullSelectorHTML($a->user, false, $ph[0]); $edit = replace_macros($edit_tpl, [ '$id' => $ph[0]['id'], @@ -1450,7 +1482,7 @@ function photos_content(App $a) ]); } - if (!DBM::is_result($items)) { + if (!DBA::isResult($items)) { if (($can_post || can_write_wall($owner_uid))) { $comments .= replace_macros($cmnt_tpl, [ '$return_path' => '', @@ -1477,7 +1509,7 @@ function photos_content(App $a) ]; // display comments - if (DBM::is_result($items)) { + if (DBA::isResult($items)) { foreach ($items as $item) { builtin_activity_puller($item, $conv_responses); } @@ -1537,7 +1569,7 @@ function photos_content(App $a) $body_e = BBCode::convert($item['body']); $comments .= replace_macros($template,[ - '$id' => $item['item_id'], + '$id' => $item['id'], '$profile_url' => $profile_url, '$name' => $item['author-name'], '$thumb' => $item['author-avatar'], @@ -1616,11 +1648,11 @@ function photos_content(App $a) $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' $sql_extra GROUP BY `resource-id`", intval($a->data['user']['uid']), - dbesc('Contact Photos'), - dbesc(L10n::t('Contact Photos')) + DBA::escape('Contact Photos'), + DBA::escape(L10n::t('Contact Photos')) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(20); } @@ -1631,14 +1663,14 @@ function photos_content(App $a) WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", intval($a->data['user']['uid']), - dbesc('Contact Photos'), - dbesc(L10n::t('Contact Photos')), + DBA::escape('Contact Photos'), + DBA::escape(L10n::t('Contact Photos')), intval($a->pager['start']), intval($a->pager['itemspage']) ); $photos = []; - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { // "Twist" is only used for the duepunto theme with style "slackr" $twist = false; foreach ($r as $rr) {