X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fprofile.php;h=a8a6ad3885d679a4bb40535c5df5191813655dd2;hb=6d16c39b7eff0eb4e7283e2b768a0608752f4b7b;hp=04611f583516aa03c4a489f04fc78c8c630d3a8f;hpb=787604026f21aea93e59dbfb838f1b7af521e943;p=friendica.git

diff --git a/mod/profile.php b/mod/profile.php
index 04611f5835..a8a6ad3885 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -10,7 +10,7 @@ function profile_init(&$a) {
 		$a->page['aside'] = '';
 
 	if($a->argc > 1)
-		$which = $a->argv[1];
+		$which = htmlspecialchars($a->argv[1]);
 	else {
 		$r = q("select nickname from user where blocked = 0 and account_expired = 0 and account_removed = 0 and verified = 1 order by rand() limit 1");
 		if(count($r)) {
@@ -27,7 +27,7 @@ function profile_init(&$a) {
 	$profile = 0;
 	if((local_user()) && ($a->argc > 2) && ($a->argv[2] === 'view')) {
 		$which = $a->user['nickname'];
-		$profile = $a->argv[1];
+		$profile = htmlspecialchars($a->argv[1]);
 	}
 	else {
 		auto_redir($a, $which);
@@ -181,27 +181,27 @@ function profile_content(&$a, $update = 0) {
 		$commpage = (($a->profile['page-flags'] == PAGE_COMMUNITY) ? true : false);
 		$commvisitor = (($commpage && $remote_contact == true) ? true : false);
 
-		$celeb = ((($a->profile['page-flags'] == PAGE_SOAPBOX) || ($a->profile['page-flags'] == PAGE_COMMUNITY)) ? true : false);
-
-		$a->page['aside'] .= posted_date_widget($a->get_baseurl(true) . '/profile/' . $a->profile['nickname'],$a->profile['profile_uid'],true);	
+		$a->page['aside'] .= posted_date_widget($a->get_baseurl(true) . '/profile/' . $a->profile['nickname'],$a->profile['profile_uid'],true);
 		$a->page['aside'] .= categories_widget($a->get_baseurl(true) . '/profile/' . $a->profile['nickname'],(x($category) ? xmlify($category) : ''));
 
 		if(can_write_wall($a,$a->profile['profile_uid'])) {
 
 			$x = array(
 				'is_owner' => $is_owner,
-            	'allow_location' => ((($is_owner || $commvisitor) && $a->profile['allow_location']) ? true : false),
-	            'default_location' => (($is_owner) ? $a->user['default-location'] : ''),
-    	        'nickname' => $a->profile['nickname'],
-        	    'lockstate' => (((is_array($a->user) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid']))))) ? 'lock' : 'unlock'),
-            	'acl' => (($is_owner) ? populate_acl($a->user, $celeb) : ''),
-	            'bang' => '',
-    	        'visitor' => (($is_owner || $commvisitor) ? 'block' : 'none'),
-        	    'profile_uid' => $a->profile['profile_uid'],
+				'allow_location' => ((($is_owner || $commvisitor) && $a->profile['allow_location']) ? true : false),
+				'default_location' => (($is_owner) ? $a->user['default-location'] : ''),
+				'nickname' => $a->profile['nickname'],
+				'lockstate' => (((is_array($a->user) && ((strlen($a->user['allow_cid'])) ||
+						(strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) ||
+						(strlen($a->user['deny_gid']))))) ? 'lock' : 'unlock'),
+				'acl' => (($is_owner) ? populate_acl($a->user, true) : ''),
+				'bang' => '',
+				'visitor' => (($is_owner || $commvisitor) ? 'block' : 'none'),
+				'profile_uid' => $a->profile['profile_uid'],
 				'acl_data' => ( $is_owner ? construct_acl_data($a, $a->user) : '' ), // For non-Javascript ACL selector
-        	);
+		);
 
-        	$o .= status_editor($a,$x);
+		$o .= status_editor($a,$x);
 		}
 
 	}
@@ -216,13 +216,14 @@ function profile_content(&$a, $update = 0) {
 
 	if($update) {
 
-		$r = q("SELECT distinct(parent) AS `item_id`, `item`.`network` AS `item_network`,
-			`contact`.`uid` AS `contact-uid`
+		$r = q("SELECT distinct(parent) AS `item_id`, `item`.`network` AS `item_network`
 			FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
 			AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
 			WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND
-			(`item`.`deleted` = 0 OR item.verb = '" . ACTIVITY_LIKE ."' OR item.verb = '" . ACTIVITY_DISLIKE . "')
-			and `item`.`moderated` = 0 and `item`.`unseen` = 1
+			(`item`.`deleted` = 0 OR item.verb = '" . ACTIVITY_LIKE ."'
+			OR item.verb = '" . ACTIVITY_DISLIKE . "' OR item.verb = '" . ACTIVITY_ATTEND . "'
+			OR item.verb = '" . ACTIVITY_ATTENDNO . "' OR item.verb = '" . ACTIVITY_ATTENDMAYBE . "')
+			AND `item`.`moderated` = 0 and `item`.`unseen` = 1
 			AND `item`.`wall` = 1
 			$sql_extra
 			ORDER BY `item`.`created` DESC",
@@ -266,10 +267,10 @@ function profile_content(&$a, $update = 0) {
 		//  accordingly
 		if ($a->is_mobile) {
 		    $itemspage_network = get_pconfig(local_user(),'system','itemspage_mobile_network');
-		    $itemspage_network = ((intval($itemspage_network)) ? $itemspage_network : 20);
+		    $itemspage_network = ((intval($itemspage_network)) ? $itemspage_network : 10);
 		} else {
 		    $itemspage_network = get_pconfig(local_user(),'system','itemspage_network');
-		    $itemspage_network = ((intval($itemspage_network)) ? $itemspage_network : 40);
+		    $itemspage_network = ((intval($itemspage_network)) ? $itemspage_network : 20);
 		}
 		//  now that we have the user settings, see if the theme forces
 		//  a maximum item number which is lower then the user choice
@@ -280,9 +281,8 @@ function profile_content(&$a, $update = 0) {
 
 		$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage']));
 
-		$r = q("SELECT `thread`.`iid` AS `item_id`, `thread`.`network` AS `item_network`,
-			`thread`.`uid` AS `contact-uid`
-			FROM `thread` INNER JOIN `item` ON `item`.`id` = `thread`.`iid`
+		$r = q("SELECT `thread`.`iid` AS `item_id`, `thread`.`network` AS `item_network`
+			FROM `thread` FORCE INDEX (`uid_created`) INNER JOIN `item` ON `item`.`id` = `thread`.`iid`
 			$sql_post_table INNER JOIN `contact` ON `contact`.`id` = `thread`.`contact-id`
 			AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
 			WHERE `thread`.`uid` = %d AND `thread`.`visible` = 1 AND `thread`.`deleted` = 0
@@ -298,21 +298,13 @@ function profile_content(&$a, $update = 0) {
 	$parents_arr = array();
 	$parents_str = '';
 
-	if(count($r)) {
+	if (dbm::is_result($r)) {
 		foreach($r as $rr)
 			$parents_arr[] = $rr['item_id'];
 		$parents_str = implode(', ', $parents_arr);
- 
-		$items = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
-			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`network`, `contact`.`rel`, 
-			`contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
-			`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
-			FROM `item`, `contact`
-			WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
-			and `item`.`moderated` = 0
-			AND `contact`.`id` = `item`.`contact-id`
-			AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
-			AND `item`.`parent` IN ( %s )
+
+		$items = q(item_query()." AND `item`.`uid` = %d
+			AND `item`.`parent` IN (%s)
 			$sql_extra ",
 			intval($a->profile['profile_uid']),
 			dbesc($parents_str)