X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FApp%2FPage.php;h=23f542f7def77545e637376ba498191272ca5446;hb=0b1f67f5b33cd9a57e9bebeec76cbb8898f2ab27;hp=37141426c36a269f05c65564d515e10229ed2297;hpb=2f3f41ed9cdb4229d78bdf2f91b0617403a8dd62;p=friendica.git

diff --git a/src/App/Page.php b/src/App/Page.php
index 37141426c3..23f542f7de 100644
--- a/src/App/Page.php
+++ b/src/App/Page.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2010-2022, the Friendica project
+ * @copyright Copyright (C) 2010-2023, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -27,18 +27,18 @@ use DOMXPath;
 use Friendica\App;
 use Friendica\Content\Nav;
 use Friendica\Core\Config\Capability\IManageConfigValues;
-use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
 use Friendica\Core\Hook;
 use Friendica\Core\L10n;
 use Friendica\Core\Logger;
+use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
 use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Core\Theme;
 use Friendica\Module\Response;
 use Friendica\Network\HTTPException;
 use Friendica\Util\Network;
-use Friendica\Util\Strings;
 use Friendica\Util\Profiler;
+use Friendica\Util\Strings;
 use Psr\Http\Message\ResponseInterface;
 
 /**
@@ -73,6 +73,8 @@ class Page implements ArrayAccess
 		'right_aside' => '',
 		'template'    => '',
 		'title'       => '',
+		'section'     => '',
+		'module'      => '',
 	];
 	/**
 	 * @var string The basepath of the page
@@ -245,11 +247,20 @@ class Page implements ArrayAccess
 			'$generator'       => 'Friendica' . ' ' . App::VERSION,
 			'$delitem'         => $l10n->t('Delete this item?'),
 			'$blockAuthor'     => $l10n->t('Block this author? They won\'t be able to follow you nor see your public posts, and you won\'t be able to see their posts and their notifications.'),
+			'$ignoreAuthor'    => $l10n->t('Ignore this author? You won\'t be able to see their posts and their notifications.'),
 			'$update_interval' => $interval,
 			'$shortcut_icon'   => $shortcut_icon,
 			'$touch_icon'      => $touch_icon,
 			'$block_public'    => intval($config->get('system', 'block_public')),
 			'$stylesheets'     => $this->stylesheets,
+			'$likeError'       => $l10n->t('Like not successfull'),
+			'$dislikeError'    => $l10n->t('Dislike not successfull'),
+			'$announceError'   => $l10n->t('Sharing not successfull'),
+			'$srvError'        => $l10n->t('Backend error'),
+			'$netError'        => $l10n->t('Network error'),
+			// Dropzone
+			'$max_imagesize' => round(\Friendica\Util\Strings::getBytesFromShorthand($config->get('system', 'maximagesize')) / 1000000, 1),
+
 		]) . $this->page['htmlhead'];
 	}
 
@@ -406,13 +417,16 @@ class Page implements ArrayAccess
 	 * @param Mode                        $mode     The current node mode
 	 * @param ResponseInterface           $response The Response of the module class, including type, content & headers
 	 * @param L10n                        $l10n     The l10n language class
+	 * @param Profiler                    $profiler
 	 * @param IManageConfigValues         $config   The Configuration of this node
 	 * @param IManagePersonalConfigValues $pconfig  The personal/user configuration
-	 * @param int                         $localUID The UID of the local user
-	 *
-	 * @throws HTTPException\InternalServerErrorException|HTTPException\ServiceUnavailableException
+	 * @param Nav                         $nav
+	 * @param int                         $localUID
+	 * @throws HTTPException\MethodNotAllowedException
+	 * @throws HTTPException\InternalServerErrorException
+	 * @throws HTTPException\ServiceUnavailableException
 	 */
-	public function run(App $app, BaseURL $baseURL, Arguments $args, Mode $mode, ResponseInterface $response, L10n $l10n, Profiler $profiler, IManageConfigValues $config, IManagePersonalConfigValues $pconfig, int $localUID)
+	public function run(App $app, BaseURL $baseURL, Arguments $args, Mode $mode, ResponseInterface $response, L10n $l10n, Profiler $profiler, IManageConfigValues $config, IManagePersonalConfigValues $pconfig, Nav $nav, int $localUID)
 	{
 		$moduleName = $args->getModuleName();
 
@@ -462,7 +476,7 @@ class Page implements ArrayAccess
 		// Add the navigation (menu) template
 		if ($moduleName != 'install' && $moduleName != 'maintenance') {
 			$this->page['htmlhead'] .= Renderer::replaceMacros(Renderer::getMarkupTemplate('nav_head.tpl'), []);
-			$this->page['nav']      = Nav::build($app);
+			$this->page['nav']      = $nav->getHtml();
 		}
 
 		foreach ($response->getHeaders() as $key => $header) {
@@ -509,10 +523,15 @@ class Page implements ArrayAccess
 
 		$page    = $this->page;
 
+		// add and escape some common but crucial content for direct "echo" in HTML (security)
+		$page['title']   = htmlspecialchars($page['title'] ?? '');
+		$page['section'] = htmlspecialchars($args->get(0) ?? 'generic');
+		$page['module']  = htmlspecialchars($args->getModuleName() ?? '');
+
 		header("X-Friendica-Version: " . App::VERSION);
 		header("Content-type: text/html; charset=utf-8");
 
-		if ($config->get('system', 'hsts') && ($baseURL->getSSLPolicy() == BaseURL::SSL_POLICY_FULL)) {
+		if ($config->get('system', 'hsts') && ($baseURL->getScheme() === 'https')) {
 			header("Strict-Transport-Security: max-age=31536000");
 		}