X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphotos.php;h=d1dffd4d058ef8ab892005fffb696546725aef6c;hb=3fc5c1ad840f98926319478a855dab3686a0ace3;hp=82a6ccca2962e9292e6bec004354a224301c8273;hpb=8a46c786f37550160d81e7b7ecbcacb4c9fff493;p=friendica.git
diff --git a/mod/photos.php b/mod/photos.php
index 82a6ccca29..d1dffd4d05 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -26,10 +26,13 @@ use Friendica\Model\User;
use Friendica\Network\Probe;
use Friendica\Object\Image;
use Friendica\Protocol\DFRN;
+use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map;
use Friendica\Util\Security;
use Friendica\Util\Temporal;
+use Friendica\Util\Strings;
+use Friendica\Util\XML;
require_once 'include/items.php';
@@ -220,7 +223,7 @@ function photos_post(App $a)
}
// RENAME photo album
- $newalbum = notags(trim($_POST['albumname']));
+ $newalbum = Strings::escapeTags(trim($_POST['albumname']));
if ($newalbum != $album) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
DBA::escape($newalbum),
@@ -280,7 +283,7 @@ function photos_post(App $a)
if (DBA::isResult($r)) {
foreach ($r as $rr) {
- $res[] = "'" . DBA::escape($rr['rid']) . "'" ;
+ $res[] = "'" . DBA::escape($rr['rid']) . "'";
}
} else {
$a->internalRedirect($_SESSION['photo_return']);
@@ -362,12 +365,12 @@ function photos_post(App $a)
return; // NOTREACHED
}
- if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || !empty($_POST['albname']) !== false)) {
- $desc = !empty($_POST['desc']) ? notags(trim($_POST['desc'])) : '';
- $rawtags = !empty($_POST['newtag']) ? notags(trim($_POST['newtag'])) : '';
- $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
- $albname = !empty($_POST['albname']) ? notags(trim($_POST['albname'])) : '';
- $origaname = !empty($_POST['origaname']) ? notags(trim($_POST['origaname'])) : '';
+ if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) {
+ $desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : '';
+ $rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : '';
+ $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
+ $albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : '';
+ $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
$str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : '';
$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
@@ -522,7 +525,7 @@ function photos_post(App $a)
}
$taginfo = [];
- $tags = get_tags($rawtags);
+ $tags = BBCode::getTags($rawtags);
if (count($tags)) {
foreach ($tags as $tag) {
@@ -610,7 +613,7 @@ function photos_post(App $a)
}
$profile = str_replace(',', '%2c', $profile);
- $str_tags .= '@[url='.$profile.']'.$newname.'[/url]';
+ $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]';
}
} elseif (strpos($tag, '#') === 0) {
$tagname = substr($tag, 1);
@@ -678,19 +681,19 @@ function photos_post(App $a)
$arr['tag'] = $tagged[4];
$arr['inform'] = $tagged[2];
$arr['origin'] = 1;
- $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]') ;
- $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ;
+ $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]');
+ $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n";
$arr['object'] = '' . "\n";
$arr['target'] = '