X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fpoco.php;h=064e0e9a85f919178aefcd6372a4092efd324a69;hb=6c341962648b73c935c2de26996b07332b776a1f;hp=9150299547176e4cbb8bdd5fa42465daeb52a5cb;hpb=14fde5dc9b1915392601fb94efc6224c01f2b216;p=friendica.git

diff --git a/mod/poco.php b/mod/poco.php
index 9150299547..064e0e9a85 100644
--- a/mod/poco.php
+++ b/mod/poco.php
@@ -10,10 +10,13 @@ use Friendica\Core\Cache;
 use Friendica\Core\Config;
 use Friendica\Core\Logger;
 use Friendica\Core\Protocol;
+use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\Protocol\PortableContact;
 use Friendica\Util\DateTimeFormat;
+use Friendica\Util\Strings;
+use Friendica\Util\XML;
 
 function poco_init(App $a) {
 	$system_mode = false;
@@ -23,9 +26,9 @@ function poco_init(App $a) {
 	}
 
 	if ($a->argc > 1) {
-		$user = notags(trim($a->argv[1]));
+		$nickname = Strings::escapeTags(trim($a->argv[1]));
 	}
-	if (empty($user)) {
+	if (empty($nickname)) {
 		$c = q("SELECT * FROM `pconfig` WHERE `cat` = 'system' AND `k` = 'suggestme' AND `v` = 1");
 		if (!DBA::isResult($c)) {
 			System::httpExit(401);
@@ -43,7 +46,7 @@ function poco_init(App $a) {
 		$ret = PortableContact::serverlist();
 		header('Content-type: application/json');
 		echo json_encode($ret);
-		killme();
+		exit();
 	}
 
 	if ($a->argc > 1 && $a->argv[1] === '@global') {
@@ -67,7 +70,7 @@ function poco_init(App $a) {
 	if (! $system_mode && ! $global) {
 		$users = q("SELECT `user`.*,`profile`.`hide-friends` from user left join profile on `user`.`uid` = `profile`.`uid`
 			where `user`.`nickname` = '%s' and `profile`.`is-default` = 1 limit 1",
-			DBA::escape($user)
+			DBA::escape($nickname)
 		);
 		if (! DBA::isResult($users) || $users[0]['hidewall'] || $users[0]['hide-friends']) {
 			System::httpExit(404);
@@ -85,7 +88,7 @@ function poco_init(App $a) {
 	if (!empty($cid)) {
 		$sql_extra = sprintf(" AND `contact`.`id` = %d ", intval($cid));
 	}
-	if (x($_GET, 'updatedSince')) {
+	if (!empty($_GET['updatedSince'])) {
 		$update_limit = date(DateTimeFormat::MYSQL, strtotime($_GET['updatedSince']));
 	}
 	if ($global) {
@@ -119,10 +122,10 @@ function poco_init(App $a) {
 	} else {
 		$startIndex = 0;
 	}
-	$itemsPerPage = ((x($_GET, 'count') && intval($_GET['count'])) ? intval($_GET['count']) : $totalResults);
+	$itemsPerPage = ((!empty($_GET['count'])) ? intval($_GET['count']) : $totalResults);
 
 	if ($global) {
-		Logger::log("Start global query", LOGGER_DEBUG);
+		Logger::log("Start global query", Logger::DEBUG);
 		$contacts = q("SELECT * FROM `gcontact` WHERE `updated` > '%s' AND NOT `hide` AND `network` IN ('%s', '%s', '%s') AND `updated` > `last_failure`
 			ORDER BY `updated` DESC LIMIT %d, %d",
 			DBA::escape($update_limit),
@@ -133,7 +136,7 @@ function poco_init(App $a) {
 			intval($itemsPerPage)
 		);
 	} elseif ($system_mode) {
-		Logger::log("Start system mode query", LOGGER_DEBUG);
+		Logger::log("Start system mode query", Logger::DEBUG);
 		$contacts = q("SELECT `contact`.*, `profile`.`about` AS `pabout`, `profile`.`locality` AS `plocation`, `profile`.`pub_keywords`,
 				`profile`.`gender` AS `pgender`, `profile`.`address` AS `paddress`, `profile`.`region` AS `pregion`,
 				`profile`.`postal-code` AS `ppostalcode`, `profile`.`country-name` AS `pcountry`, `user`.`account-type`
@@ -145,7 +148,7 @@ function poco_init(App $a) {
 			intval($itemsPerPage)
 		);
 	} else {
-		Logger::log("Start query for user " . $user['nickname'], LOGGER_DEBUG);
+		Logger::log("Start query for user " . $user['nickname'], Logger::DEBUG);
 		$contacts = q("SELECT * FROM `contact` WHERE `uid` = %d AND `blocked` = 0 AND `pending` = 0 AND `hidden` = 0 AND `archive` = 0
 			AND (`success_update` >= `failure_update` OR `last-item` >= `failure_update`)
 			AND `network` IN ('%s', '%s', '%s', '%s') $sql_extra LIMIT %d, %d",
@@ -158,16 +161,16 @@ function poco_init(App $a) {
 			intval($itemsPerPage)
 		);
 	}
-	Logger::log("Query done", LOGGER_DEBUG);
+	Logger::log("Query done", Logger::DEBUG);
 
 	$ret = [];
-	if (x($_GET, 'sorted')) {
+	if (!empty($_GET['sorted'])) {
 		$ret['sorted'] = false;
 	}
-	if (x($_GET, 'filtered')) {
+	if (!empty($_GET['filtered'])) {
 		$ret['filtered'] = false;
 	}
-	if (x($_GET, 'updatedSince') && ! $global) {
+	if (!empty($_GET['updatedSince']) && ! $global) {
 		$ret['updatedSince'] = false;
 	}
 	$ret['startIndex']   = (int) $startIndex;
@@ -193,7 +196,7 @@ function poco_init(App $a) {
 		'generation' => false
 	];
 
-	if ((! x($_GET, 'fields')) || ($_GET['fields'] === '@all')) {
+	if (empty($_GET['fields']) || ($_GET['fields'] === '@all')) {
 		foreach ($fields_ret as $k => $v) {
 			$fields_ret[$k] = true;
 		}
@@ -370,17 +373,17 @@ function poco_init(App $a) {
 	} else {
 		System::httpExit(500);
 	}
-	Logger::log("End of poco", LOGGER_DEBUG);
+	Logger::log("End of poco", Logger::DEBUG);
 
 	if ($format === 'xml') {
 		header('Content-type: text/xml');
-		echo replace_macros(get_markup_template('poco_xml.tpl'), array_xmlify(['$response' => $ret]));
-		killme();
+		echo Renderer::replaceMacros(Renderer::getMarkupTemplate('poco_xml.tpl'), XML::arrayEscape(['$response' => $ret]));
+		exit();
 	}
 	if ($format === 'json') {
 		header('Content-type: application/json');
 		echo json_encode($ret);
-		killme();
+		exit();
 	} else {
 		System::httpExit(500);
 	}