X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fprofile.php;h=f93e45984b9ab3e65db6f25ed7e4228c8b37f341;hb=41663c7592abe55a958632c3a48265e0a8544d2b;hp=2c11f43b9c442273bdf53985df44d4091ed555b3;hpb=8fbe0d46e9ba6e1ab84d821bb5e5339f726f553e;p=friendica.git diff --git a/mod/profile.php b/mod/profile.php index 2c11f43b9c..f93e45984b 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -8,8 +8,8 @@ use Friendica\Content\Nav; use Friendica\Content\Pager; use Friendica\Content\Widget; use Friendica\Core\ACL; -use Friendica\Core\Addon; use Friendica\Core\Config; +use Friendica\Core\Hook; use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\PConfig; @@ -19,6 +19,7 @@ use Friendica\Model\Contact; use Friendica\Model\Group; use Friendica\Model\Item; use Friendica\Model\Profile; +use Friendica\Model\User; use Friendica\Module\Login; use Friendica\Protocol\ActivityPub; use Friendica\Protocol\DFRN; @@ -33,24 +34,16 @@ function profile_init(App $a) $a->page['aside'] = ''; } - if ($a->argc > 1) { - $which = htmlspecialchars($a->argv[1]); - } else { - $r = q("SELECT `nickname` FROM `user` WHERE `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 ORDER BY RAND() LIMIT 1"); - if (DBA::isResult($r)) { - $a->internalRedirect('profile/' . $r[0]['nickname']); - } else { - Logger::log('profile error: mod_profile ' . $a->query_string, Logger::DEBUG); - notice(L10n::t('Requested profile is not available.') . EOL); - $a->error = 404; - return; - } + if ($a->argc < 2) { + System::httpExit(400); } + $which = filter_var($a->argv[1], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH | FILTER_FLAG_STRIP_BACKTICK); + $profile = 0; if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') { $which = $a->user['nickname']; - $profile = htmlspecialchars($a->argv[1]); + $profile = filter_var($a->argv[1], FILTER_SANITIZE_NUMBER_INT); } else { DFRN::autoRedir($a, $which); } @@ -70,7 +63,7 @@ function profile_init(App $a) $blocked = !local_user() && !remote_user() && Config::get('system', 'block_public'); $userblock = !local_user() && !remote_user() && $a->profile['hidewall']; - if (!empty($a->profile['page-flags']) && $a->profile['page-flags'] == Contact::PAGE_COMMUNITY) { + if (!empty($a->profile['page-flags']) && $a->profile['page-flags'] == User::PAGE_FLAGS_COMMUNITY) { $a->page['htmlhead'] .= ''; } @@ -135,12 +128,9 @@ function profile_content(App $a, $update = 0) return Login::form(); } - require_once 'include/conversation.php'; - require_once 'include/items.php'; - $groups = []; + $remote_cid = null; - $tab = 'posts'; $o = ''; if ($update) { @@ -158,6 +148,7 @@ function profile_content(App $a, $update = 0) $cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']); if (!empty($cdata['user'])) { $groups = Group::getIdsByContactId($cdata['user']); + $remote_cid = $cdata['user']; } } @@ -176,13 +167,13 @@ function profile_content(App $a, $update = 0) if ($tab === 'profile') { $o .= Profile::getAdvanced($a); - Addon::callHooks('profile_advanced', $o); + Hook::callAll('profile_advanced', $o); return $o; } $o .= Widget::commonFriendsVisitor($a->profile['profile_uid']); - $commpage = $a->profile['page-flags'] == Contact::PAGE_COMMUNITY; + $commpage = $a->profile['page-flags'] == User::PAGE_FLAGS_COMMUNITY; $commvisitor = $commpage && $remote_contact; $a->page['aside'] .= posted_date_widget(System::baseUrl(true) . '/profile/' . $a->profile['nickname'], $a->profile['profile_uid'], true); @@ -211,9 +202,8 @@ function profile_content(App $a, $update = 0) } } - // Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups - $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $remote_contact, $groups); + $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $remote_contact, $groups, $remote_cid); $sql_extra2 = ''; if ($update) { @@ -267,7 +257,7 @@ function profile_content(App $a, $update = 0) // Does the profile page belong to a forum? // If not then we can improve the performance with an additional condition - $condition = ['uid' => $a->profile['profile_uid'], 'page-flags' => [Contact::PAGE_COMMUNITY, Contact::PAGE_PRVGROUP]]; + $condition = ['uid' => $a->profile['profile_uid'], 'page-flags' => [User::PAGE_FLAGS_COMMUNITY, User::PAGE_FLAGS_PRVGROUP]]; if (!DBA::exists('user', $condition)) { $sql_extra3 = sprintf(" AND `thread`.`contact-id` = %d ", intval(intval($a->profile['contact_id']))); } else { @@ -320,12 +310,11 @@ function profile_content(App $a, $update = 0) if ($is_owner) { $unseen = Item::exists(['wall' => true, 'unseen' => true, 'uid' => local_user()]); if ($unseen) { - $r = Item::update(['unseen' => false], - ['wall' => true, 'unseen' => true, 'uid' => local_user()]); + Item::update(['unseen' => false], ['wall' => true, 'unseen' => true, 'uid' => local_user()]); } } - $o .= conversation($a, $items, $pager, 'profile', $update, false, 'created', local_user()); + $o .= conversation($a, $items, $pager, 'profile', $update, false, 'created', $a->profile['profile_uid']); if (!$update) { $o .= $pager->renderMinimal(count($items));