X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fprofiles.php;h=6a32fbee5a75e916d0143b4b880ce35552d41b97;hb=75daf9659092c5854808adbf5d735c193e6a09fd;hp=9c925924f78c1a1db01759465d3a2d2190d8338c;hpb=cb1b182f7c6c7445aaed8c2023f33a0728febd79;p=friendica.git diff --git a/mod/profiles.php b/mod/profiles.php index 9c925924f7..6a32fbee5a 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -4,6 +4,7 @@ */ use Friendica\App; +use Friendica\BaseModule; use Friendica\Content\ContactSelector; use Friendica\Content\Feature; use Friendica\Content\Nav; @@ -11,15 +12,17 @@ use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\PConfig; +use Friendica\Core\Renderer; use Friendica\Core\System; use Friendica\Core\Worker; -use Friendica\Database\DBM; +use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\GContact; -use Friendica\Model\Item; use Friendica\Model\Profile; +use Friendica\Module\Login; use Friendica\Network\Probe; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Strings; use Friendica\Util\Temporal; function profiles_init(App $a) { @@ -35,13 +38,13 @@ function profiles_init(App $a) { intval($a->argv[2]), intval(local_user()) ); - if (! DBM::is_result($r)) { + if (! DBA::isResult($r)) { notice(L10n::t('Profile not found.') . EOL); - goaway('profiles'); + $a->internalRedirect('profiles'); return; // NOTREACHED } - check_form_security_token_redirectOnErr('/profiles', 'profile_drop', 't'); + BaseModule::checkFormSecurityTokenRedirectOnError('/profiles', 'profile_drop', 't'); // move every contact using this profile as their default to the user default @@ -54,22 +57,22 @@ function profiles_init(App $a) { intval($a->argv[2]), intval(local_user()) ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { info(L10n::t('Profile deleted.').EOL); } - goaway('profiles'); + $a->internalRedirect('profiles'); return; // NOTREACHED } if (($a->argc > 1) && ($a->argv[1] === 'new')) { - check_form_security_token_redirectOnErr('/profiles', 'profile_new', 't'); + BaseModule::checkFormSecurityTokenRedirectOnError('/profiles', 'profile_new', 't'); $r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d", intval(local_user())); - $num_profiles = (DBM::is_result($r0) ? count($r0) : 0); + $num_profiles = (DBA::isResult($r0) ? count($r0) : 0); $name = L10n::t('Profile-') . ($num_profiles + 1); @@ -79,40 +82,40 @@ function profiles_init(App $a) { $r2 = q("INSERT INTO `profile` (`uid` , `profile-name` , `name`, `photo`, `thumb`) VALUES ( %d, '%s', '%s', '%s', '%s' )", intval(local_user()), - dbesc($name), - dbesc($r1[0]['name']), - dbesc($r1[0]['photo']), - dbesc($r1[0]['thumb']) + DBA::escape($name), + DBA::escape($r1[0]['name']), + DBA::escape($r1[0]['photo']), + DBA::escape($r1[0]['thumb']) ); $r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1", intval(local_user()), - dbesc($name) + DBA::escape($name) ); info(L10n::t('New profile created.') . EOL); - if (DBM::is_result($r3) && count($r3) == 1) { - goaway('profiles/' . $r3[0]['id']); + if (DBA::isResult($r3) && count($r3) == 1) { + $a->internalRedirect('profiles/' . $r3[0]['id']); } - goaway('profiles'); + $a->internalRedirect('profiles'); } if (($a->argc > 2) && ($a->argv[1] === 'clone')) { - check_form_security_token_redirectOnErr('/profiles', 'profile_clone', 't'); + BaseModule::checkFormSecurityTokenRedirectOnError('/profiles', 'profile_clone', 't'); $r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d", intval(local_user())); - $num_profiles = (DBM::is_result($r0) ? count($r0) : 0); + $num_profiles = (DBA::isResult($r0) ? count($r0) : 0); $name = L10n::t('Profile-') . ($num_profiles + 1); $r1 = q("SELECT * FROM `profile` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval(local_user()), intval($a->argv[2]) ); - if(! DBM::is_result($r1)) { + if(! DBA::isResult($r1)) { notice(L10n::t('Profile unavailable to clone.') . EOL); killme(); return; @@ -121,20 +124,20 @@ function profiles_init(App $a) { $r1[0]['is-default'] = 0; $r1[0]['publish'] = 0; $r1[0]['net-publish'] = 0; - $r1[0]['profile-name'] = dbesc($name); + $r1[0]['profile-name'] = DBA::escape($name); - dba::insert('profile', $r1[0]); + DBA::insert('profile', $r1[0]); $r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1", intval(local_user()), - dbesc($name) + DBA::escape($name) ); info(L10n::t('New profile created.') . EOL); - if ((DBM::is_result($r3)) && (count($r3) == 1)) { - goaway('profiles/'.$r3[0]['id']); + if ((DBA::isResult($r3)) && (count($r3) == 1)) { + $a->internalRedirect('profiles/'.$r3[0]['id']); } - goaway('profiles'); + $a->internalRedirect('profiles'); return; // NOTREACHED } @@ -145,7 +148,7 @@ function profiles_init(App $a) { intval($a->argv[1]), intval(local_user()) ); - if (! DBM::is_result($r)) { + if (! DBA::isResult($r)) { notice(L10n::t('Profile not found.') . EOL); killme(); return; @@ -153,12 +156,10 @@ function profiles_init(App $a) { Profile::load($a, $a->user['nickname'], $r[0]['id']); } - - - } -function profile_clean_keywords($keywords) { +function profile_clean_keywords($keywords) +{ $keywords = str_replace(",", " ", $keywords); $keywords = explode(" ", $keywords); @@ -192,22 +193,22 @@ function profiles_post(App $a) { intval($a->argv[1]), intval(local_user()) ); - if (! DBM::is_result($orig)) { + if (! DBA::isResult($orig)) { notice(L10n::t('Profile not found.') . EOL); return; } - check_form_security_token_redirectOnErr('/profiles', 'profile_edit'); + BaseModule::checkFormSecurityTokenRedirectOnError('/profiles', 'profile_edit'); $is_default = (($orig[0]['is-default']) ? 1 : 0); - $profile_name = notags(trim($_POST['profile_name'])); + $profile_name = Strings::escapeTags(trim($_POST['profile_name'])); if (! strlen($profile_name)) { notice(L10n::t('Profile Name is required.') . EOL); return; } - $dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00'; + $dob = $_POST['dob'] ? Strings::escapeHtml(trim($_POST['dob'])) : '0000-00-00'; $y = substr($dob, 0, 4); if ((! ctype_digit($y)) || ($y < 1900)) { @@ -215,7 +216,7 @@ function profiles_post(App $a) { } else { $ignore_year = false; } - if (!in_array($dob, ['0000-00-00', '0001-01-01'])) { + if (!in_array($dob, ['0000-00-00', DBA::NULL_DATE])) { if (strpos($dob, '0000-') === 0 || strpos($dob, '0001-') === 0) { $ignore_year = true; $dob = substr($dob, 5); @@ -228,7 +229,7 @@ function profiles_post(App $a) { } } - $name = notags(trim($_POST['name'])); + $name = Strings::escapeTags(trim($_POST['name'])); if (! strlen($name)) { $name = '[No Name]'; @@ -238,22 +239,22 @@ function profiles_post(App $a) { $namechanged = true; } - $pdesc = notags(trim($_POST['pdesc'])); - $gender = notags(trim($_POST['gender'])); - $address = notags(trim($_POST['address'])); - $locality = notags(trim($_POST['locality'])); - $region = notags(trim($_POST['region'])); - $postal_code = notags(trim($_POST['postal_code'])); - $country_name = notags(trim($_POST['country_name'])); - $pub_keywords = profile_clean_keywords(notags(trim($_POST['pub_keywords']))); - $prv_keywords = profile_clean_keywords(notags(trim($_POST['prv_keywords']))); - $marital = notags(trim($_POST['marital'])); - $howlong = notags(trim($_POST['howlong'])); + $pdesc = Strings::escapeTags(trim($_POST['pdesc'])); + $gender = Strings::escapeTags(trim($_POST['gender'])); + $address = Strings::escapeTags(trim($_POST['address'])); + $locality = Strings::escapeTags(trim($_POST['locality'])); + $region = Strings::escapeTags(trim($_POST['region'])); + $postal_code = Strings::escapeTags(trim($_POST['postal_code'])); + $country_name = Strings::escapeTags(trim($_POST['country_name'])); + $pub_keywords = profile_clean_keywords(Strings::escapeTags(trim($_POST['pub_keywords']))); + $prv_keywords = profile_clean_keywords(Strings::escapeTags(trim($_POST['prv_keywords']))); + $marital = Strings::escapeTags(trim($_POST['marital'])); + $howlong = Strings::escapeTags(trim($_POST['howlong'])); - $with = ((x($_POST,'with')) ? notags(trim($_POST['with'])) : ''); + $with = (!empty($_POST['with']) ? Strings::escapeTags(trim($_POST['with'])) : ''); if (! strlen($howlong)) { - $howlong = NULL_DATE; + $howlong = DBA::NULL_DATETIME; } else { $howlong = DateTimeFormat::convert($howlong, 'UTC', date_default_timezone_get()); } @@ -284,16 +285,16 @@ function profiles_post(App $a) { $newname = $lookup; $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", - dbesc($newname), + DBA::escape($newname), intval(local_user()) ); - if (! DBM::is_result($r)) { + if (! DBA::isResult($r)) { $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1", - dbesc($lookup), + DBA::escape($lookup), intval(local_user()) ); } - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { $prf = $r[0]['url']; $newname = $r[0]['name']; } @@ -311,30 +312,30 @@ function profiles_post(App $a) { } /// @TODO Not flexible enough for later expansion, let's have more OOP here - $sexual = notags(trim($_POST['sexual'])); - $xmpp = notags(trim($_POST['xmpp'])); - $homepage = notags(trim($_POST['homepage'])); + $sexual = Strings::escapeTags(trim($_POST['sexual'])); + $xmpp = Strings::escapeTags(trim($_POST['xmpp'])); + $homepage = Strings::escapeTags(trim($_POST['homepage'])); if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) { // neither http nor https in URL, add them $homepage = 'http://'.$homepage; } - $hometown = notags(trim($_POST['hometown'])); - $politic = notags(trim($_POST['politic'])); - $religion = notags(trim($_POST['religion'])); - - $likes = escape_tags(trim($_POST['likes'])); - $dislikes = escape_tags(trim($_POST['dislikes'])); - - $about = escape_tags(trim($_POST['about'])); - $interest = escape_tags(trim($_POST['interest'])); - $contact = escape_tags(trim($_POST['contact'])); - $music = escape_tags(trim($_POST['music'])); - $book = escape_tags(trim($_POST['book'])); - $tv = escape_tags(trim($_POST['tv'])); - $film = escape_tags(trim($_POST['film'])); - $romance = escape_tags(trim($_POST['romance'])); - $work = escape_tags(trim($_POST['work'])); - $education = escape_tags(trim($_POST['education'])); + $hometown = Strings::escapeTags(trim($_POST['hometown'])); + $politic = Strings::escapeTags(trim($_POST['politic'])); + $religion = Strings::escapeTags(trim($_POST['religion'])); + + $likes = Strings::escapeHtml(trim($_POST['likes'])); + $dislikes = Strings::escapeHtml(trim($_POST['dislikes'])); + + $about = Strings::escapeHtml(trim($_POST['about'])); + $interest = Strings::escapeHtml(trim($_POST['interest'])); + $contact = Strings::escapeHtml(trim($_POST['contact'])); + $music = Strings::escapeHtml(trim($_POST['music'])); + $book = Strings::escapeHtml(trim($_POST['book'])); + $tv = Strings::escapeHtml(trim($_POST['tv'])); + $film = Strings::escapeHtml(trim($_POST['film'])); + $romance = Strings::escapeHtml(trim($_POST['romance'])); + $work = Strings::escapeHtml(trim($_POST['work'])); + $education = Strings::escapeHtml(trim($_POST['education'])); $hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0); @@ -441,44 +442,45 @@ function profiles_post(App $a) { `education` = '%s', `hide-friends` = %d WHERE `id` = %d AND `uid` = %d", - dbesc($profile_name), - dbesc($name), - dbesc($pdesc), - dbesc($gender), - dbesc($dob), - dbesc($address), - dbesc($locality), - dbesc($region), - dbesc($postal_code), - dbesc($country_name), - dbesc($marital), - dbesc($with), - dbesc($howlong), - dbesc($sexual), - dbesc($xmpp), - dbesc($homepage), - dbesc($hometown), - dbesc($politic), - dbesc($religion), - dbesc($pub_keywords), - dbesc($prv_keywords), - dbesc($likes), - dbesc($dislikes), - dbesc($about), - dbesc($interest), - dbesc($contact), - dbesc($music), - dbesc($book), - dbesc($tv), - dbesc($film), - dbesc($romance), - dbesc($work), - dbesc($education), + DBA::escape($profile_name), + DBA::escape($name), + DBA::escape($pdesc), + DBA::escape($gender), + DBA::escape($dob), + DBA::escape($address), + DBA::escape($locality), + DBA::escape($region), + DBA::escape($postal_code), + DBA::escape($country_name), + DBA::escape($marital), + DBA::escape($with), + DBA::escape($howlong), + DBA::escape($sexual), + DBA::escape($xmpp), + DBA::escape($homepage), + DBA::escape($hometown), + DBA::escape($politic), + DBA::escape($religion), + DBA::escape($pub_keywords), + DBA::escape($prv_keywords), + DBA::escape($likes), + DBA::escape($dislikes), + DBA::escape($about), + DBA::escape($interest), + DBA::escape($contact), + DBA::escape($music), + DBA::escape($book), + DBA::escape($tv), + DBA::escape($film), + DBA::escape($romance), + DBA::escape($work), + DBA::escape($education), intval($hide_friends), intval($a->argv[1]), intval(local_user()) ); + /// @TODO decide to use DBA::isResult() here and check $r if ($r) { info(L10n::t('Profile updated.') . EOL); } @@ -486,7 +488,7 @@ function profiles_post(App $a) { if ($is_default) { if ($namechanged) { $r = q("UPDATE `user` set `username` = '%s' where `uid` = %d", - dbesc($name), + DBA::escape($name), intval(local_user()) ); } @@ -511,7 +513,7 @@ function profiles_content(App $a) { if (! local_user()) { notice(L10n::t('Permission denied.') . EOL); - return; + return Login::form(); } $o = ''; @@ -521,20 +523,17 @@ function profiles_content(App $a) { intval($a->argv[1]), intval(local_user()) ); - if (! DBM::is_result($r)) { + if (! DBA::isResult($r)) { notice(L10n::t('Profile not found.') . EOL); return; } - $a->page['htmlhead'] .= replace_macros(get_markup_template('profed_head.tpl'), [ - '$baseurl' => System::baseUrl(true), - ]); - $a->page['end'] .= replace_macros(get_markup_template('profed_end.tpl'), [ + $a->page['htmlhead'] .= Renderer::replaceMacros(Renderer::getMarkupTemplate('profed_head.tpl'), [ '$baseurl' => System::baseUrl(true), ]); - $opt_tpl = get_markup_template("profile-hide-friends.tpl"); - $hide_friends = replace_macros($opt_tpl,[ + $opt_tpl = Renderer::getMarkupTemplate("profile-hide-friends.tpl"); + $hide_friends = Renderer::replaceMacros($opt_tpl,[ '$yesno' => [ 'hide-friends', //Name L10n::t('Hide contacts and friends:'), //Label @@ -550,13 +549,13 @@ function profiles_content(App $a) { ]); $personal_account = !(in_array($a->user["page-flags"], - [PAGE_COMMUNITY, PAGE_PRVGROUP])); + [Contact::PAGE_COMMUNITY, Contact::PAGE_PRVGROUP])); $detailled_profile = (PConfig::get(local_user(), 'system', 'detailled_profile') AND $personal_account); $is_default = (($r[0]['is-default']) ? 1 : 0); - $tpl = get_markup_template("profile_edit.tpl"); - $o .= replace_macros($tpl, [ + $tpl = Renderer::getMarkupTemplate("profile_edit.tpl"); + $o .= Renderer::replaceMacros($tpl, [ '$personal_account' => $personal_account, '$detailled_profile' => $detailled_profile, @@ -569,16 +568,18 @@ function profiles_content(App $a) { ], '$multi_profiles' => Feature::isEnabled(local_user(), 'multi_profiles'), - '$form_security_token' => get_form_security_token("profile_edit"), - '$form_security_token_photo' => get_form_security_token("profile_photo"), - '$profile_clone_link' => ((Feature::isEnabled(local_user(), 'multi_profiles')) ? 'profiles/clone/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_clone") : ""), - '$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_drop"), + '$form_security_token' => BaseModule::getFormSecurityToken("profile_edit"), + '$form_security_token_photo' => BaseModule::getFormSecurityToken("profile_photo"), + '$profile_clone_link' => ((Feature::isEnabled(local_user(), 'multi_profiles')) ? 'profiles/clone/' . $r[0]['id'] . '?t=' . BaseModule::getFormSecurityToken("profile_clone") : ""), + '$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' . BaseModule::getFormSecurityToken("profile_drop"), '$profile_action' => L10n::t('Profile Actions'), '$banner' => L10n::t('Edit Profile Details'), '$submit' => L10n::t('Submit'), '$profpic' => L10n::t('Change Profile Photo'), + '$profpiclink' => '/photos/' . $a->user['nickname'], '$viewprof' => L10n::t('View this profile'), + '$viewallprof' => L10n::t('View all profiles'), '$editvis' => L10n::t('Edit visibility'), '$cr_prof' => L10n::t('Create a new profile using these settings'), '$cl_prof' => L10n::t('Clone this profile'), @@ -618,10 +619,10 @@ function profiles_content(App $a) { '$country_name' => ['country_name', L10n::t('Country:'), $r[0]['country-name']], '$age' => ((intval($r[0]['dob'])) ? '(' . L10n::t('Age: ') . Temporal::getAgeByTimezone($r[0]['dob'],$a->user['timezone'],$a->user['timezone']) . ')' : ''), '$gender' => ContactSelector::gender($r[0]['gender']), - '$marital' => ContactSelector::maritalStatus($r[0]['marital']), + '$marital' => ['selector' => ContactSelector::maritalStatus($r[0]['marital']), 'value' => $r[0]['marital']], '$with' => ['with', L10n::t("Who: \x28if applicable\x29"), strip_tags($r[0]['with']), L10n::t('Examples: cathy123, Cathy Williams, cathy@example.com')], - '$howlong' => ['howlong', L10n::t('Since [date]:'), ($r[0]['howlong'] <= NULL_DATE ? '' : DateTimeFormat::local($r[0]['howlong']))], - '$sexual' => ContactSelector::sexualPreference($r[0]['sexual']), + '$howlong' => ['howlong', L10n::t('Since [date]:'), ($r[0]['howlong'] <= DBA::NULL_DATETIME ? '' : DateTimeFormat::local($r[0]['howlong']))], + '$sexual' => ['selector' => ContactSelector::sexualPreference($r[0]['sexual']), 'value' => $r[0]['sexual']], '$about' => ['about', L10n::t('Tell us about yourself...'), $r[0]['about']], '$xmpp' => ['xmpp', L10n::t("XMPP \x28Jabber\x29 address:"), $r[0]['xmpp'], L10n::t("The XMPP address will be propagated to your contacts so that they can follow you.")], '$homepage' => ['homepage', L10n::t('Homepage URL:'), $r[0]['homepage']], @@ -653,23 +654,23 @@ function profiles_content(App $a) { $r = q("SELECT * FROM `profile` WHERE `uid` = %d AND `is-default`=1", local_user() ); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { //Go to the default profile. - goaway('profiles/' . $r[0]['id']); + $a->internalRedirect('profiles/' . $r[0]['id']); } } $r = q("SELECT * FROM `profile` WHERE `uid` = %d", local_user()); - if (DBM::is_result($r)) { + if (DBA::isResult($r)) { - $tpl = get_markup_template('profile_entry.tpl'); + $tpl = Renderer::getMarkupTemplate('profile_entry.tpl'); $profiles = ''; foreach ($r as $rr) { - $profiles .= replace_macros($tpl, [ - '$photo' => $a->remove_baseurl($rr['thumb']), + $profiles .= Renderer::replaceMacros($tpl, [ + '$photo' => $a->removeBaseURL($rr['thumb']), '$id' => $rr['id'], '$alt' => L10n::t('Profile Image'), '$profile_name' => $rr['profile-name'], @@ -678,12 +679,12 @@ function profiles_content(App $a) { ]); } - $tpl_header = get_markup_template('profile_listing_header.tpl'); - $o .= replace_macros($tpl_header,[ + $tpl_header = Renderer::getMarkupTemplate('profile_listing_header.tpl'); + $o .= Renderer::replaceMacros($tpl_header,[ '$header' => L10n::t('Edit/Manage Profiles'), '$chg_photo' => L10n::t('Change profile photo'), '$cr_new' => L10n::t('Create New Profile'), - '$cr_new_link' => 'profiles/new?t=' . get_form_security_token("profile_new"), + '$cr_new_link' => 'profiles/new?t=' . BaseModule::getFormSecurityToken("profile_new"), '$profiles' => $profiles ]); }