X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphotos.php;h=d1dffd4d058ef8ab892005fffb696546725aef6c;hb=64887387906e9774ef1810c0029353086bcda43b;hp=008d59cd9cd23d08dff9b41e7a8ecaf5a3098aab;hpb=dbfe5c9d2a7173292db9c053feb99ffcd0182000;p=friendica.git diff --git a/mod/photos.php b/mod/photos.php index 008d59cd9c..d1dffd4d05 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -12,6 +12,8 @@ use Friendica\Core\ACL; use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; +use Friendica\Core\Logger; +use Friendica\Core\Renderer; use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBA; @@ -24,10 +26,13 @@ use Friendica\Model\User; use Friendica\Network\Probe; use Friendica\Object\Image; use Friendica\Protocol\DFRN; +use Friendica\Util\Crypto; use Friendica\Util\DateTimeFormat; use Friendica\Util\Map; use Friendica\Util\Security; use Friendica\Util\Temporal; +use Friendica\Util\Strings; +use Friendica\Util\XML; require_once 'include/items.php'; @@ -61,9 +66,9 @@ function photos_init(App $a) { $account_type = Contact::getAccountType($profile); - $tpl = get_markup_template("vcard-widget.tpl"); + $tpl = Renderer::getMarkupTemplate("vcard-widget.tpl"); - $vcard_widget = replace_macros($tpl, [ + $vcard_widget = Renderer::replaceMacros($tpl, [ '$name' => $profile['name'], '$photo' => $profile['photo'], '$addr' => defaults($profile, 'addr', ''), @@ -108,7 +113,7 @@ function photos_init(App $a) { } if ($ret['success']) { - $photo_albums_widget = replace_macros(get_markup_template('photo_albums.tpl'), [ + $photo_albums_widget = Renderer::replaceMacros(Renderer::getMarkupTemplate('photo_albums.tpl'), [ '$nick' => $a->data['user']['nickname'], '$title' => L10n::t('Photo Albums'), '$recent' => L10n::t('Recent Photos'), @@ -129,9 +134,9 @@ function photos_init(App $a) { $a->page['aside'] .= $photo_albums_widget; } - $tpl = get_markup_template("photos_head.tpl"); + $tpl = Renderer::getMarkupTemplate("photos_head.tpl"); - $a->page['htmlhead'] .= replace_macros($tpl,[ + $a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[ '$ispublic' => L10n::t('everybody') ]); } @@ -141,9 +146,9 @@ function photos_init(App $a) { function photos_post(App $a) { - logger('mod-photos: photos_post: begin' , LOGGER_DEBUG); - logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA); - logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA); + Logger::log('mod-photos: photos_post: begin' , Logger::DEBUG); + Logger::log('mod_photos: REQUEST ' . print_r($_REQUEST, true), Logger::DATA); + Logger::log('mod_photos: FILES ' . print_r($_FILES, true), Logger::DATA); $phototypes = Image::supportedTypes(); @@ -189,7 +194,7 @@ function photos_post(App $a) if (!$owner_record) { notice(L10n::t('Contact information unavailable') . EOL); - logger('photos_post: unable to locate contact record for page owner. uid=' . $page_owner_uid); + Logger::log('photos_post: unable to locate contact record for page owner. uid=' . $page_owner_uid); killme(); } @@ -218,7 +223,7 @@ function photos_post(App $a) } // RENAME photo album - $newalbum = notags(trim($_POST['albumname'])); + $newalbum = Strings::escapeTags(trim($_POST['albumname'])); if ($newalbum != $album) { q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d", DBA::escape($newalbum), @@ -245,7 +250,7 @@ function photos_post(App $a) ['name' => 'albumname', 'value' => $_POST['albumname']], ]; - $a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), [ + $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ '$method' => 'post', '$message' => L10n::t('Do you really want to delete this photo album and all its photos?'), '$extra_inputs' => $extra_inputs, @@ -278,7 +283,7 @@ function photos_post(App $a) if (DBA::isResult($r)) { foreach ($r as $rr) { - $res[] = "'" . DBA::escape($rr['rid']) . "'" ; + $res[] = "'" . DBA::escape($rr['rid']) . "'"; } } else { $a->internalRedirect($_SESSION['photo_return']); @@ -317,7 +322,7 @@ function photos_post(App $a) if (!empty($_REQUEST['confirm'])) { $drop_url = $a->query_string; - $a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), [ + $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ '$method' => 'post', '$message' => L10n::t('Do you really want to delete this photo?'), '$extra_inputs' => [], @@ -360,12 +365,12 @@ function photos_post(App $a) return; // NOTREACHED } - if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || !empty($_POST['albname']) !== false)) { - $desc = !empty($_POST['desc']) ? notags(trim($_POST['desc'])) : ''; - $rawtags = !empty($_POST['newtag']) ? notags(trim($_POST['newtag'])) : ''; - $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; - $albname = !empty($_POST['albname']) ? notags(trim($_POST['albname'])) : ''; - $origaname = !empty($_POST['origaname']) ? notags(trim($_POST['origaname'])) : ''; + if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) { + $desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : ''; + $rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : ''; + $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; + $albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : ''; + $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : ''; $str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : ''; $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : ''; @@ -379,7 +384,7 @@ function photos_post(App $a) } if (!empty($_POST['rotate']) && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) { - logger('rotate'); + Logger::log('rotate'); $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0 LIMIT 1", DBA::escape($resource_id), @@ -520,7 +525,7 @@ function photos_post(App $a) } $taginfo = []; - $tags = get_tags($rawtags); + $tags = BBCode::getTags($rawtags); if (count($tags)) { foreach ($tags as $tag) { @@ -608,11 +613,11 @@ function photos_post(App $a) } $profile = str_replace(',', '%2c', $profile); - $str_tags .= '@[url='.$profile.']'.$newname.'[/url]'; + $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]'; } } elseif (strpos($tag, '#') === 0) { $tagname = substr($tag, 1); - $str_tags .= '#[url=' . System::baseUrl() . "/search?tag=" . $tagname . ']' . $tagname . '[/url]'; + $str_tags .= '#[url=' . System::baseUrl() . "/search?tag=" . $tagname . ']' . $tagname . '[/url],'; } } } @@ -676,24 +681,21 @@ function photos_post(App $a) $arr['tag'] = $tagged[4]; $arr['inform'] = $tagged[2]; $arr['origin'] = 1; - $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]') ; - $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ; + $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]'); + $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n"; $arr['object'] = '' . ACTIVITY_OBJ_PERSON . '' . $tagged[0] . '' . $tagged[1] . '/' . $tagged[0] . ''; - $arr['object'] .= '' . xmlify('' . "\n"); + $arr['object'] .= '' . XML::escape('' . "\n"); if ($tagged[3]) { - $arr['object'] .= xmlify('' . "\n"); + $arr['object'] .= XML::escape('' . "\n"); } $arr['object'] .= '' . "\n"; $arr['target'] = '' . ACTIVITY_OBJ_IMAGE . '' . $p[0]['desc'] . '' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ''; - $arr['target'] .= '' . xmlify('' . "\n" . '') . ''; + $arr['target'] .= '' . XML::escape('' . "\n" . '') . ''; $item_id = Item::insert($arr); - if ($item_id) { - Worker::add(PRIORITY_HIGH, "Notifier", "tag", $item_id); - } } } } @@ -706,10 +708,10 @@ function photos_post(App $a) Addon::callHooks('photo_post_init', $_POST); // Determine the album to use - $album = !empty($_REQUEST['album']) ? notags(trim($_REQUEST['album'])) : ''; - $newalbum = !empty($_REQUEST['newalbum']) ? notags(trim($_REQUEST['newalbum'])) : ''; + $album = !empty($_REQUEST['album']) ? Strings::escapeTags(trim($_REQUEST['album'])) : ''; + $newalbum = !empty($_REQUEST['newalbum']) ? Strings::escapeTags(trim($_REQUEST['newalbum'])) : ''; - logger('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum , LOGGER_DEBUG); + Logger::log('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum , Logger::DEBUG); if (!strlen($album)) { if (strlen($newalbum)) { @@ -778,7 +780,7 @@ function photos_post(App $a) notice(L10n::t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL); break; case UPLOAD_ERR_FORM_SIZE: - notice(L10n::t('Image exceeds size limit of %s', formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL); + notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL); break; case UPLOAD_ERR_PARTIAL: notice(L10n::t('Image upload didn\'t complete, please try again') . EOL); @@ -802,12 +804,12 @@ function photos_post(App $a) $type = Image::guessType($filename); } - logger('photos: upload: received file: ' . $filename . ' as ' . $src . ' ('. $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG); + Logger::log('photos: upload: received file: ' . $filename . ' as ' . $src . ' ('. $type . ') ' . $filesize . ' bytes', Logger::DEBUG); $maximagesize = Config::get('system', 'maximagesize'); if ($maximagesize && ($filesize > $maximagesize)) { - notice(L10n::t('Image exceeds size limit of %s', formatBytes($maximagesize)) . EOL); + notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize)) . EOL); @unlink($src); $foo = 0; Addon::callHooks('photo_post_end', $foo); @@ -822,14 +824,14 @@ function photos_post(App $a) return; } - logger('mod/photos.php: photos_post(): loading the contents of ' . $src , LOGGER_DEBUG); + Logger::log('mod/photos.php: photos_post(): loading the contents of ' . $src , Logger::DEBUG); $imagedata = @file_get_contents($src); $image = new Image($imagedata, $type); if (!$image->isValid()) { - logger('mod/photos.php: photos_post(): unable to process image' , LOGGER_DEBUG); + Logger::log('mod/photos.php: photos_post(): unable to process image' , Logger::DEBUG); notice(L10n::t('Unable to process image.') . EOL); @unlink($src); $foo = 0; @@ -858,7 +860,7 @@ function photos_post(App $a) $r = Photo::store($image, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); if (!$r) { - logger('mod/photos.php: photos_post(): image store failed', LOGGER_DEBUG); + Logger::log('mod/photos.php: photos_post(): image store failed', Logger::DEBUG); notice(L10n::t('Image upload failed.') . EOL); killme(); } @@ -919,10 +921,6 @@ function photos_post(App $a) // Update the photo albums cache Photo::clearAlbumCache($page_owner_uid); - if ($visible) { - Worker::add(PRIORITY_HIGH, "Notifier", 'wall-new', $item_id); - } - Addon::callHooks('photo_post_end', $item_id); // addon uploaders should call "killme()" [e.g. exit] within the photo_post_end hook @@ -1090,18 +1088,18 @@ function photos_content(App $a) Addon::callHooks('photo_upload_form',$ret); - $default_upload_box = replace_macros(get_markup_template('photos_default_uploader_box.tpl'), []); - $default_upload_submit = replace_macros(get_markup_template('photos_default_uploader_submit.tpl'), [ + $default_upload_box = Renderer::replaceMacros(Renderer::getMarkupTemplate('photos_default_uploader_box.tpl'), []); + $default_upload_submit = Renderer::replaceMacros(Renderer::getMarkupTemplate('photos_default_uploader_submit.tpl'), [ '$submit' => L10n::t('Submit'), ]); $usage_message = ''; - $tpl = get_markup_template('photos_upload.tpl'); + $tpl = Renderer::getMarkupTemplate('photos_upload.tpl'); $aclselect_e = ($visitor ? '' : ACL::getFullSelectorHTML($a->user)); - $o .= replace_macros($tpl,[ + $o .= Renderer::replaceMacros($tpl,[ '$pagename' => L10n::t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, @@ -1171,11 +1169,11 @@ function photos_content(App $a) if ($cmd === 'edit') { if (($album !== L10n::t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== L10n::t('Contact Photos'))) { if ($can_post) { - $edit_tpl = get_markup_template('album_edit.tpl'); + $edit_tpl = Renderer::getMarkupTemplate('album_edit.tpl'); $album_e = $album; - $o .= replace_macros($edit_tpl,[ + $o .= Renderer::replaceMacros($edit_tpl,[ '$nametext' => L10n::t('New album name: '), '$nickname' => $a->data['user']['nickname'], '$album' => $album_e, @@ -1225,8 +1223,8 @@ function photos_content(App $a) } } - $tpl = get_markup_template('photo_album.tpl'); - $o .= replace_macros($tpl, [ + $tpl = Renderer::getMarkupTemplate('photo_album.tpl'); + $o .= Renderer::replaceMacros($tpl, [ '$photos' => $photos, '$album' => $album, '$can_post' => $can_post, @@ -1347,15 +1345,15 @@ function photos_content(App $a) } if ($cmd === 'edit') { - $tpl = get_markup_template('photo_edit_head.tpl'); - $a->page['htmlhead'] .= replace_macros($tpl,[ + $tpl = Renderer::getMarkupTemplate('photo_edit_head.tpl'); + $a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[ '$prevlink' => $prevlink, '$nextlink' => $nextlink ]); } if ($prevlink) { - $prevlink = [$prevlink, ''] ; + $prevlink = [$prevlink, '']; } $photo = [ @@ -1417,30 +1415,30 @@ function photos_content(App $a) if (count($linked_items) && strlen($link_item['tag'])) { $arr = explode(',', $link_item['tag']); // parse tags and add links - $tag_str = ''; - foreach ($arr as $t) { - if (strlen($tag_str)) { - $tag_str .= ', '; - } - $tag_str .= BBCode::convert($t); + $tag_arr = []; + foreach ($arr as $tag) { + $tag_arr[] = [ + 'name' => BBCode::convert($tag), + 'removeurl' => '/tagrm/'.$link_item['id'] . '/' . bin2hex($tag) + ]; } - $tags = [L10n::t('Tags: '), $tag_str]; + $tags = ['title' => L10n::t('Tags: '), 'tags' => $tag_arr]; if ($cmd === 'edit') { - $tags[] = 'tagrm/' . $link_item['id']; - $tags[] = L10n::t('[Remove any tag]'); + $tags['removeanyurl'] = 'tagrm/' . $link_item['id']; + $tags['removetitle'] = L10n::t('[Select tags to remove]'); } } $edit = Null; if ($cmd === 'edit' && $can_post) { - $edit_tpl = get_markup_template('photo_edit.tpl'); + $edit_tpl = Renderer::getMarkupTemplate('photo_edit.tpl'); $album_e = $ph[0]['album']; $caption_e = $ph[0]['desc']; $aclselect_e = ACL::getFullSelectorHTML($a->user, false, $ph[0]); - $edit = replace_macros($edit_tpl, [ + $edit = Renderer::replaceMacros($edit_tpl, [ '$id' => $ph[0]['id'], '$album' => ['albname', L10n::t('New album name'), $album_e,''], '$caption' => ['desc', L10n::t('Caption'), $caption_e, ''], @@ -1473,16 +1471,16 @@ function photos_content(App $a) $responses = ''; if (count($linked_items)) { - $cmnt_tpl = get_markup_template('comment_item.tpl'); - $tpl = get_markup_template('photo_item.tpl'); + $cmnt_tpl = Renderer::getMarkupTemplate('comment_item.tpl'); + $tpl = Renderer::getMarkupTemplate('photo_item.tpl'); $return_path = $a->cmd; if ($can_post || Security::canWriteToUserWall($owner_uid)) { - $like_tpl = get_markup_template('like_noshare.tpl'); - $likebuttons = replace_macros($like_tpl, [ + $like_tpl = Renderer::getMarkupTemplate('like_noshare.tpl'); + $likebuttons = Renderer::replaceMacros($like_tpl, [ '$id' => $link_item['id'], '$likethis' => L10n::t("I like this \x28toggle\x29"), - '$nolike' => (Feature::isEnabled(local_user(), 'dislike') ? L10n::t("I don't like this \x28toggle\x29") : ''), + '$nolike' => L10n::t("I don't like this \x28toggle\x29"), '$wait' => L10n::t('Please wait'), '$return_path' => $a->query_string, ]); @@ -1490,7 +1488,7 @@ function photos_content(App $a) if (!DBA::isResult($items)) { if (($can_post || Security::canWriteToUserWall($owner_uid))) { - $comments .= replace_macros($cmnt_tpl, [ + $comments .= Renderer::replaceMacros($cmnt_tpl, [ '$return_path' => '', '$jsreload' => $return_path, '$id' => $link_item['id'], @@ -1504,7 +1502,7 @@ function photos_content(App $a) '$preview' => L10n::t('Preview'), '$sourceapp' => L10n::t($a->sourcename), '$ww' => '', - '$rand_num' => random_digits(12) + '$rand_num' => Crypto::randomDigits(12) ]); } } @@ -1529,7 +1527,7 @@ function photos_content(App $a) } if (($can_post || Security::canWriteToUserWall($owner_uid))) { - $comments .= replace_macros($cmnt_tpl,[ + $comments .= Renderer::replaceMacros($cmnt_tpl,[ '$return_path' => '', '$jsreload' => $return_path, '$id' => $link_item['id'], @@ -1543,7 +1541,7 @@ function photos_content(App $a) '$preview' => L10n::t('Preview'), '$sourceapp' => L10n::t($a->sourcename), '$ww' => '', - '$rand_num' => random_digits(12) + '$rand_num' => Crypto::randomDigits(12) ]); } @@ -1574,7 +1572,7 @@ function photos_content(App $a) $title_e = $item['title']; $body_e = BBCode::convert($item['body']); - $comments .= replace_macros($template,[ + $comments .= Renderer::replaceMacros($template,[ '$id' => $item['id'], '$profile_url' => $profile_url, '$name' => $item['author-name'], @@ -1589,7 +1587,7 @@ function photos_content(App $a) ]); if (($can_post || Security::canWriteToUserWall($owner_uid))) { - $comments .= replace_macros($cmnt_tpl, [ + $comments .= Renderer::replaceMacros($cmnt_tpl, [ '$return_path' => '', '$jsreload' => $return_path, '$id' => $item['item_id'], @@ -1603,22 +1601,20 @@ function photos_content(App $a) '$preview' => L10n::t('Preview'), '$sourceapp' => L10n::t($a->sourcename), '$ww' => '', - '$rand_num' => random_digits(12) + '$rand_num' => Crypto::randomDigits(12) ]); } } } $response_verbs = ['like']; - if (Feature::isEnabled($owner_uid, 'dislike')) { - $response_verbs[] = 'dislike'; - } + $response_verbs[] = 'dislike'; $responses = get_responses($conv_responses, $response_verbs, '', $link_item); $paginate = $pager->renderFull($total); } - $photo_tpl = get_markup_template('photo_view.tpl'); - $o .= replace_macros($photo_tpl, [ + $photo_tpl = Renderer::getMarkupTemplate('photo_view.tpl'); + $o .= Renderer::replaceMacros($photo_tpl, [ '$id' => $ph[0]['id'], '$album' => [$album_link, $ph[0]['album']], '$tools' => $tools, @@ -1709,8 +1705,8 @@ function photos_content(App $a) } } - $tpl = get_markup_template('photos_recent.tpl'); - $o .= replace_macros($tpl, [ + $tpl = Renderer::getMarkupTemplate('photos_recent.tpl'); + $o .= Renderer::replaceMacros($tpl, [ '$title' => L10n::t('Recent Photos'), '$can_post' => $can_post, '$upload' => [L10n::t('Upload New Photos'), 'photos/'.$a->data['user']['nickname'].'/upload'],