X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphotos.php;h=d1dffd4d058ef8ab892005fffb696546725aef6c;hb=7d6717d97e3e6710b87566a7ed0bafcd49607c79;hp=92f79d7c94d3f4ddc01681d1ea42978f3e19da54;hpb=91facd2d0a2869e2c26a5943d8afe1849d3891f8;p=friendica.git diff --git a/mod/photos.php b/mod/photos.php index 92f79d7c94..d1dffd4d05 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -26,10 +26,13 @@ use Friendica\Model\User; use Friendica\Network\Probe; use Friendica\Object\Image; use Friendica\Protocol\DFRN; +use Friendica\Util\Crypto; use Friendica\Util\DateTimeFormat; use Friendica\Util\Map; use Friendica\Util\Security; use Friendica\Util\Temporal; +use Friendica\Util\Strings; +use Friendica\Util\XML; require_once 'include/items.php'; @@ -63,7 +66,7 @@ function photos_init(App $a) { $account_type = Contact::getAccountType($profile); - $tpl = get_markup_template("vcard-widget.tpl"); + $tpl = Renderer::getMarkupTemplate("vcard-widget.tpl"); $vcard_widget = Renderer::replaceMacros($tpl, [ '$name' => $profile['name'], @@ -110,7 +113,7 @@ function photos_init(App $a) { } if ($ret['success']) { - $photo_albums_widget = Renderer::replaceMacros(get_markup_template('photo_albums.tpl'), [ + $photo_albums_widget = Renderer::replaceMacros(Renderer::getMarkupTemplate('photo_albums.tpl'), [ '$nick' => $a->data['user']['nickname'], '$title' => L10n::t('Photo Albums'), '$recent' => L10n::t('Recent Photos'), @@ -131,7 +134,7 @@ function photos_init(App $a) { $a->page['aside'] .= $photo_albums_widget; } - $tpl = get_markup_template("photos_head.tpl"); + $tpl = Renderer::getMarkupTemplate("photos_head.tpl"); $a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[ '$ispublic' => L10n::t('everybody') @@ -220,7 +223,7 @@ function photos_post(App $a) } // RENAME photo album - $newalbum = notags(trim($_POST['albumname'])); + $newalbum = Strings::escapeTags(trim($_POST['albumname'])); if ($newalbum != $album) { q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d", DBA::escape($newalbum), @@ -247,7 +250,7 @@ function photos_post(App $a) ['name' => 'albumname', 'value' => $_POST['albumname']], ]; - $a->page['content'] = Renderer::replaceMacros(get_markup_template('confirm.tpl'), [ + $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ '$method' => 'post', '$message' => L10n::t('Do you really want to delete this photo album and all its photos?'), '$extra_inputs' => $extra_inputs, @@ -280,7 +283,7 @@ function photos_post(App $a) if (DBA::isResult($r)) { foreach ($r as $rr) { - $res[] = "'" . DBA::escape($rr['rid']) . "'" ; + $res[] = "'" . DBA::escape($rr['rid']) . "'"; } } else { $a->internalRedirect($_SESSION['photo_return']); @@ -319,7 +322,7 @@ function photos_post(App $a) if (!empty($_REQUEST['confirm'])) { $drop_url = $a->query_string; - $a->page['content'] = Renderer::replaceMacros(get_markup_template('confirm.tpl'), [ + $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ '$method' => 'post', '$message' => L10n::t('Do you really want to delete this photo?'), '$extra_inputs' => [], @@ -362,12 +365,12 @@ function photos_post(App $a) return; // NOTREACHED } - if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || !empty($_POST['albname']) !== false)) { - $desc = !empty($_POST['desc']) ? notags(trim($_POST['desc'])) : ''; - $rawtags = !empty($_POST['newtag']) ? notags(trim($_POST['newtag'])) : ''; - $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; - $albname = !empty($_POST['albname']) ? notags(trim($_POST['albname'])) : ''; - $origaname = !empty($_POST['origaname']) ? notags(trim($_POST['origaname'])) : ''; + if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) { + $desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : ''; + $rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : ''; + $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; + $albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : ''; + $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : ''; $str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : ''; $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : ''; @@ -522,7 +525,7 @@ function photos_post(App $a) } $taginfo = []; - $tags = get_tags($rawtags); + $tags = BBCode::getTags($rawtags); if (count($tags)) { foreach ($tags as $tag) { @@ -610,7 +613,7 @@ function photos_post(App $a) } $profile = str_replace(',', '%2c', $profile); - $str_tags .= '@[url='.$profile.']'.$newname.'[/url]'; + $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]'; } } elseif (strpos($tag, '#') === 0) { $tagname = substr($tag, 1); @@ -678,19 +681,19 @@ function photos_post(App $a) $arr['tag'] = $tagged[4]; $arr['inform'] = $tagged[2]; $arr['origin'] = 1; - $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]') ; - $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ; + $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]'); + $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n"; $arr['object'] = '' . ACTIVITY_OBJ_PERSON . '' . $tagged[0] . '' . $tagged[1] . '/' . $tagged[0] . ''; - $arr['object'] .= '' . xmlify('' . "\n"); + $arr['object'] .= '' . XML::escape('' . "\n"); if ($tagged[3]) { - $arr['object'] .= xmlify('' . "\n"); + $arr['object'] .= XML::escape('' . "\n"); } $arr['object'] .= '' . "\n"; $arr['target'] = '' . ACTIVITY_OBJ_IMAGE . '' . $p[0]['desc'] . '' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ''; - $arr['target'] .= '' . xmlify('' . "\n" . '') . ''; + $arr['target'] .= '' . XML::escape('' . "\n" . '') . ''; $item_id = Item::insert($arr); } @@ -705,8 +708,8 @@ function photos_post(App $a) Addon::callHooks('photo_post_init', $_POST); // Determine the album to use - $album = !empty($_REQUEST['album']) ? notags(trim($_REQUEST['album'])) : ''; - $newalbum = !empty($_REQUEST['newalbum']) ? notags(trim($_REQUEST['newalbum'])) : ''; + $album = !empty($_REQUEST['album']) ? Strings::escapeTags(trim($_REQUEST['album'])) : ''; + $newalbum = !empty($_REQUEST['newalbum']) ? Strings::escapeTags(trim($_REQUEST['newalbum'])) : ''; Logger::log('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum , Logger::DEBUG); @@ -777,7 +780,7 @@ function photos_post(App $a) notice(L10n::t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL); break; case UPLOAD_ERR_FORM_SIZE: - notice(L10n::t('Image exceeds size limit of %s', formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL); + notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL); break; case UPLOAD_ERR_PARTIAL: notice(L10n::t('Image upload didn\'t complete, please try again') . EOL); @@ -806,7 +809,7 @@ function photos_post(App $a) $maximagesize = Config::get('system', 'maximagesize'); if ($maximagesize && ($filesize > $maximagesize)) { - notice(L10n::t('Image exceeds size limit of %s', formatBytes($maximagesize)) . EOL); + notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize)) . EOL); @unlink($src); $foo = 0; Addon::callHooks('photo_post_end', $foo); @@ -1085,14 +1088,14 @@ function photos_content(App $a) Addon::callHooks('photo_upload_form',$ret); - $default_upload_box = Renderer::replaceMacros(get_markup_template('photos_default_uploader_box.tpl'), []); - $default_upload_submit = Renderer::replaceMacros(get_markup_template('photos_default_uploader_submit.tpl'), [ + $default_upload_box = Renderer::replaceMacros(Renderer::getMarkupTemplate('photos_default_uploader_box.tpl'), []); + $default_upload_submit = Renderer::replaceMacros(Renderer::getMarkupTemplate('photos_default_uploader_submit.tpl'), [ '$submit' => L10n::t('Submit'), ]); $usage_message = ''; - $tpl = get_markup_template('photos_upload.tpl'); + $tpl = Renderer::getMarkupTemplate('photos_upload.tpl'); $aclselect_e = ($visitor ? '' : ACL::getFullSelectorHTML($a->user)); @@ -1166,7 +1169,7 @@ function photos_content(App $a) if ($cmd === 'edit') { if (($album !== L10n::t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== L10n::t('Contact Photos'))) { if ($can_post) { - $edit_tpl = get_markup_template('album_edit.tpl'); + $edit_tpl = Renderer::getMarkupTemplate('album_edit.tpl'); $album_e = $album; @@ -1220,7 +1223,7 @@ function photos_content(App $a) } } - $tpl = get_markup_template('photo_album.tpl'); + $tpl = Renderer::getMarkupTemplate('photo_album.tpl'); $o .= Renderer::replaceMacros($tpl, [ '$photos' => $photos, '$album' => $album, @@ -1342,7 +1345,7 @@ function photos_content(App $a) } if ($cmd === 'edit') { - $tpl = get_markup_template('photo_edit_head.tpl'); + $tpl = Renderer::getMarkupTemplate('photo_edit_head.tpl'); $a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[ '$prevlink' => $prevlink, '$nextlink' => $nextlink @@ -1350,7 +1353,7 @@ function photos_content(App $a) } if ($prevlink) { - $prevlink = [$prevlink, ''] ; + $prevlink = [$prevlink, '']; } $photo = [ @@ -1429,7 +1432,7 @@ function photos_content(App $a) $edit = Null; if ($cmd === 'edit' && $can_post) { - $edit_tpl = get_markup_template('photo_edit.tpl'); + $edit_tpl = Renderer::getMarkupTemplate('photo_edit.tpl'); $album_e = $ph[0]['album']; $caption_e = $ph[0]['desc']; @@ -1468,16 +1471,16 @@ function photos_content(App $a) $responses = ''; if (count($linked_items)) { - $cmnt_tpl = get_markup_template('comment_item.tpl'); - $tpl = get_markup_template('photo_item.tpl'); + $cmnt_tpl = Renderer::getMarkupTemplate('comment_item.tpl'); + $tpl = Renderer::getMarkupTemplate('photo_item.tpl'); $return_path = $a->cmd; if ($can_post || Security::canWriteToUserWall($owner_uid)) { - $like_tpl = get_markup_template('like_noshare.tpl'); + $like_tpl = Renderer::getMarkupTemplate('like_noshare.tpl'); $likebuttons = Renderer::replaceMacros($like_tpl, [ '$id' => $link_item['id'], '$likethis' => L10n::t("I like this \x28toggle\x29"), - '$nolike' => (Feature::isEnabled(local_user(), 'dislike') ? L10n::t("I don't like this \x28toggle\x29") : ''), + '$nolike' => L10n::t("I don't like this \x28toggle\x29"), '$wait' => L10n::t('Please wait'), '$return_path' => $a->query_string, ]); @@ -1499,7 +1502,7 @@ function photos_content(App $a) '$preview' => L10n::t('Preview'), '$sourceapp' => L10n::t($a->sourcename), '$ww' => '', - '$rand_num' => random_digits(12) + '$rand_num' => Crypto::randomDigits(12) ]); } } @@ -1538,7 +1541,7 @@ function photos_content(App $a) '$preview' => L10n::t('Preview'), '$sourceapp' => L10n::t($a->sourcename), '$ww' => '', - '$rand_num' => random_digits(12) + '$rand_num' => Crypto::randomDigits(12) ]); } @@ -1598,21 +1601,19 @@ function photos_content(App $a) '$preview' => L10n::t('Preview'), '$sourceapp' => L10n::t($a->sourcename), '$ww' => '', - '$rand_num' => random_digits(12) + '$rand_num' => Crypto::randomDigits(12) ]); } } } $response_verbs = ['like']; - if (Feature::isEnabled($owner_uid, 'dislike')) { - $response_verbs[] = 'dislike'; - } + $response_verbs[] = 'dislike'; $responses = get_responses($conv_responses, $response_verbs, '', $link_item); $paginate = $pager->renderFull($total); } - $photo_tpl = get_markup_template('photo_view.tpl'); + $photo_tpl = Renderer::getMarkupTemplate('photo_view.tpl'); $o .= Renderer::replaceMacros($photo_tpl, [ '$id' => $ph[0]['id'], '$album' => [$album_link, $ph[0]['album']], @@ -1704,7 +1705,7 @@ function photos_content(App $a) } } - $tpl = get_markup_template('photos_recent.tpl'); + $tpl = Renderer::getMarkupTemplate('photos_recent.tpl'); $o .= Renderer::replaceMacros($tpl, [ '$title' => L10n::t('Recent Photos'), '$can_post' => $can_post,