X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphotos.php;h=d1dffd4d058ef8ab892005fffb696546725aef6c;hb=7d6717d97e3e6710b87566a7ed0bafcd49607c79;hp=8b11e72421cf878e87c3f6c462c1b94c97136e3f;hpb=b5a97c1abe5246f45911e63e3412d60c90603578;p=friendica.git diff --git a/mod/photos.php b/mod/photos.php index 8b11e72421..d1dffd4d05 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -223,7 +223,7 @@ function photos_post(App $a) } // RENAME photo album - $newalbum = Strings::removeTags(trim($_POST['albumname'])); + $newalbum = Strings::escapeTags(trim($_POST['albumname'])); if ($newalbum != $album) { q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d", DBA::escape($newalbum), @@ -283,7 +283,7 @@ function photos_post(App $a) if (DBA::isResult($r)) { foreach ($r as $rr) { - $res[] = "'" . DBA::escape($rr['rid']) . "'" ; + $res[] = "'" . DBA::escape($rr['rid']) . "'"; } } else { $a->internalRedirect($_SESSION['photo_return']); @@ -365,12 +365,12 @@ function photos_post(App $a) return; // NOTREACHED } - if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || !empty($_POST['albname']) !== false)) { - $desc = !empty($_POST['desc']) ? Strings::removeTags(trim($_POST['desc'])) : ''; - $rawtags = !empty($_POST['newtag']) ? Strings::removeTags(trim($_POST['newtag'])) : ''; - $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; - $albname = !empty($_POST['albname']) ? Strings::removeTags(trim($_POST['albname'])) : ''; - $origaname = !empty($_POST['origaname']) ? Strings::removeTags(trim($_POST['origaname'])) : ''; + if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) { + $desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : ''; + $rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : ''; + $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; + $albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : ''; + $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : ''; $str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : ''; $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : ''; @@ -613,7 +613,7 @@ function photos_post(App $a) } $profile = str_replace(',', '%2c', $profile); - $str_tags .= '@[url='.$profile.']'.$newname.'[/url]'; + $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]'; } } elseif (strpos($tag, '#') === 0) { $tagname = substr($tag, 1); @@ -681,8 +681,8 @@ function photos_post(App $a) $arr['tag'] = $tagged[4]; $arr['inform'] = $tagged[2]; $arr['origin'] = 1; - $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]') ; - $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ; + $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]'); + $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n"; $arr['object'] = '' . ACTIVITY_OBJ_PERSON . '' . $tagged[0] . '' . $tagged[1] . '/' . $tagged[0] . ''; $arr['object'] .= '' . XML::escape('' . "\n"); @@ -708,8 +708,8 @@ function photos_post(App $a) Addon::callHooks('photo_post_init', $_POST); // Determine the album to use - $album = !empty($_REQUEST['album']) ? Strings::removeTags(trim($_REQUEST['album'])) : ''; - $newalbum = !empty($_REQUEST['newalbum']) ? Strings::removeTags(trim($_REQUEST['newalbum'])) : ''; + $album = !empty($_REQUEST['album']) ? Strings::escapeTags(trim($_REQUEST['album'])) : ''; + $newalbum = !empty($_REQUEST['newalbum']) ? Strings::escapeTags(trim($_REQUEST['newalbum'])) : ''; Logger::log('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum , Logger::DEBUG); @@ -1353,7 +1353,7 @@ function photos_content(App $a) } if ($prevlink) { - $prevlink = [$prevlink, ''] ; + $prevlink = [$prevlink, '']; } $photo = [ @@ -1480,7 +1480,7 @@ function photos_content(App $a) $likebuttons = Renderer::replaceMacros($like_tpl, [ '$id' => $link_item['id'], '$likethis' => L10n::t("I like this \x28toggle\x29"), - '$nolike' => (Feature::isEnabled(local_user(), 'dislike') ? L10n::t("I don't like this \x28toggle\x29") : ''), + '$nolike' => L10n::t("I don't like this \x28toggle\x29"), '$wait' => L10n::t('Please wait'), '$return_path' => $a->query_string, ]); @@ -1607,9 +1607,7 @@ function photos_content(App $a) } } $response_verbs = ['like']; - if (Feature::isEnabled($owner_uid, 'dislike')) { - $response_verbs[] = 'dislike'; - } + $response_verbs[] = 'dislike'; $responses = get_responses($conv_responses, $response_verbs, '', $link_item); $paginate = $pager->renderFull($total);