X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphotos.php;h=d1dffd4d058ef8ab892005fffb696546725aef6c;hb=7d6717d97e3e6710b87566a7ed0bafcd49607c79;hp=92f79d7c94d3f4ddc01681d1ea42978f3e19da54;hpb=91facd2d0a2869e2c26a5943d8afe1849d3891f8;p=friendica.git
diff --git a/mod/photos.php b/mod/photos.php
index 92f79d7c94..d1dffd4d05 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -26,10 +26,13 @@ use Friendica\Model\User;
use Friendica\Network\Probe;
use Friendica\Object\Image;
use Friendica\Protocol\DFRN;
+use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map;
use Friendica\Util\Security;
use Friendica\Util\Temporal;
+use Friendica\Util\Strings;
+use Friendica\Util\XML;
require_once 'include/items.php';
@@ -63,7 +66,7 @@ function photos_init(App $a) {
$account_type = Contact::getAccountType($profile);
- $tpl = get_markup_template("vcard-widget.tpl");
+ $tpl = Renderer::getMarkupTemplate("vcard-widget.tpl");
$vcard_widget = Renderer::replaceMacros($tpl, [
'$name' => $profile['name'],
@@ -110,7 +113,7 @@ function photos_init(App $a) {
}
if ($ret['success']) {
- $photo_albums_widget = Renderer::replaceMacros(get_markup_template('photo_albums.tpl'), [
+ $photo_albums_widget = Renderer::replaceMacros(Renderer::getMarkupTemplate('photo_albums.tpl'), [
'$nick' => $a->data['user']['nickname'],
'$title' => L10n::t('Photo Albums'),
'$recent' => L10n::t('Recent Photos'),
@@ -131,7 +134,7 @@ function photos_init(App $a) {
$a->page['aside'] .= $photo_albums_widget;
}
- $tpl = get_markup_template("photos_head.tpl");
+ $tpl = Renderer::getMarkupTemplate("photos_head.tpl");
$a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[
'$ispublic' => L10n::t('everybody')
@@ -220,7 +223,7 @@ function photos_post(App $a)
}
// RENAME photo album
- $newalbum = notags(trim($_POST['albumname']));
+ $newalbum = Strings::escapeTags(trim($_POST['albumname']));
if ($newalbum != $album) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
DBA::escape($newalbum),
@@ -247,7 +250,7 @@ function photos_post(App $a)
['name' => 'albumname', 'value' => $_POST['albumname']],
];
- $a->page['content'] = Renderer::replaceMacros(get_markup_template('confirm.tpl'), [
+ $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [
'$method' => 'post',
'$message' => L10n::t('Do you really want to delete this photo album and all its photos?'),
'$extra_inputs' => $extra_inputs,
@@ -280,7 +283,7 @@ function photos_post(App $a)
if (DBA::isResult($r)) {
foreach ($r as $rr) {
- $res[] = "'" . DBA::escape($rr['rid']) . "'" ;
+ $res[] = "'" . DBA::escape($rr['rid']) . "'";
}
} else {
$a->internalRedirect($_SESSION['photo_return']);
@@ -319,7 +322,7 @@ function photos_post(App $a)
if (!empty($_REQUEST['confirm'])) {
$drop_url = $a->query_string;
- $a->page['content'] = Renderer::replaceMacros(get_markup_template('confirm.tpl'), [
+ $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [
'$method' => 'post',
'$message' => L10n::t('Do you really want to delete this photo?'),
'$extra_inputs' => [],
@@ -362,12 +365,12 @@ function photos_post(App $a)
return; // NOTREACHED
}
- if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || !empty($_POST['albname']) !== false)) {
- $desc = !empty($_POST['desc']) ? notags(trim($_POST['desc'])) : '';
- $rawtags = !empty($_POST['newtag']) ? notags(trim($_POST['newtag'])) : '';
- $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
- $albname = !empty($_POST['albname']) ? notags(trim($_POST['albname'])) : '';
- $origaname = !empty($_POST['origaname']) ? notags(trim($_POST['origaname'])) : '';
+ if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) {
+ $desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : '';
+ $rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : '';
+ $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
+ $albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : '';
+ $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
$str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : '';
$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
@@ -522,7 +525,7 @@ function photos_post(App $a)
}
$taginfo = [];
- $tags = get_tags($rawtags);
+ $tags = BBCode::getTags($rawtags);
if (count($tags)) {
foreach ($tags as $tag) {
@@ -610,7 +613,7 @@ function photos_post(App $a)
}
$profile = str_replace(',', '%2c', $profile);
- $str_tags .= '@[url='.$profile.']'.$newname.'[/url]';
+ $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]';
}
} elseif (strpos($tag, '#') === 0) {
$tagname = substr($tag, 1);
@@ -678,19 +681,19 @@ function photos_post(App $a)
$arr['tag'] = $tagged[4];
$arr['inform'] = $tagged[2];
$arr['origin'] = 1;
- $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]') ;
- $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ;
+ $arr['body'] = L10n::t('%1$s was tagged in %2$s by %3$s', '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . L10n::t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]');
+ $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n";
$arr['object'] = '' . "\n";
$arr['target'] = '