X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FBaseModule.php;h=0e0fedb80c35925b4809595287c88254ae2a4c12;hb=d4f7bfa676bc9a8ffcb304912b48b360453d0f3c;hp=61bfe8e8d3d7fbcaf802f39e640f7d59d16b6782;hpb=f0eea6f87590f10081f5bc61395bb7eca9e76ec5;p=friendica.git

diff --git a/src/BaseModule.php b/src/BaseModule.php
index 61bfe8e8d3..0e0fedb80c 100644
--- a/src/BaseModule.php
+++ b/src/BaseModule.php
@@ -1,8 +1,26 @@
 <?php
+/**
+ * @copyright Copyright (C) 2020, Friendica
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
 
 namespace Friendica;
 
-use Friendica\Core\L10n;
 use Friendica\Core\Logger;
 
 /**
@@ -17,7 +35,7 @@ use Friendica\Core\Logger;
 abstract class BaseModule
 {
 	/**
-	 * @brief Initialization method common to both content() and post()
+	 * Initialization method common to both content() and post()
 	 *
 	 * Extend this method if you need to do any shared processing before both
 	 * content() or post()
@@ -27,7 +45,7 @@ abstract class BaseModule
 	}
 
 	/**
-	 * @brief Module GET method to display raw content from technical endpoints
+	 * Module GET method to display raw content from technical endpoints
 	 *
 	 * Extend this method if the module is supposed to return communication data,
 	 * e.g. from protocol implementations.
@@ -39,7 +57,7 @@ abstract class BaseModule
 	}
 
 	/**
-	 * @brief Module GET method to display any content
+	 * Module GET method to display any content
 	 *
 	 * Extend this method if the module is supposed to return any display
 	 * through a GET request. It can be an HTML page through templating or a
@@ -55,19 +73,18 @@ abstract class BaseModule
 	}
 
 	/**
-	 * @brief Module POST method to process submitted data
+	 * Module POST method to process submitted data
 	 *
 	 * Extend this method if the module is supposed to process POST requests.
 	 * Doesn't display any content
 	 */
 	public static function post(array $parameters = [])
 	{
-		// $a = self::getApp();
-		// $a->internalRedirect('module');
+		// DI::baseurl()->redirect('module');
 	}
 
 	/**
-	 * @brief Called after post()
+	 * Called after post()
 	 *
 	 * Unknown purpose
 	 */
@@ -79,11 +96,11 @@ abstract class BaseModule
 	 * Functions used to protect against Cross-Site Request Forgery
 	 * The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key.
 	 * In this implementation, a security token is reusable (if the user submits a form, goes back and resubmits the form, maybe with small changes;
-	 * or if the security token is used for ajax-calls that happen several times), but only valid for a certain amout of time (3hours).
-	 * The "typename" seperates the security tokens of different types of forms. This could be relevant in the following case:
-	 *    A security token is used to protekt a link from CSRF (e.g. the "delete this profile"-link).
+	 * or if the security token is used for ajax-calls that happen several times), but only valid for a certain amount of time (3hours).
+	 * The "typename" separates the security tokens of different types of forms. This could be relevant in the following case:
+	 *    A security token is used to protect a link from CSRF (e.g. the "delete this profile"-link).
 	 *    If the new page contains by any chance external elements, then the used security token is exposed by the referrer.
-	 *    Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are,
+	 *    Actually, important actions should not be triggered by Links / GET-Requests at all, but sometimes they still are,
 	 *    so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
 	 */
 	public static function getFormSecurityToken($typename = '')
@@ -91,7 +108,7 @@ abstract class BaseModule
 		$a = DI::app();
 
 		$timestamp = time();
-		$sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $timestamp . $typename);
+		$sec_hash = hash('whirlpool', ($a->user['guid'] ?? '') . ($a->user['prvkey'] ?? '') . session_id() . $timestamp . $typename);
 
 		return $timestamp . '.' . $sec_hash;
 	}
@@ -130,7 +147,7 @@ abstract class BaseModule
 
 	public static function getFormSecurityStandardErrorMessage()
 	{
-		return L10n::t("The form security token was not correct. This probably happened because the form has been opened for too long \x28>3 hours\x29 before submitting it.") . EOL;
+		return DI::l10n()->t("The form security token was not correct. This probably happened because the form has been opened for too long \x28>3 hours\x29 before submitting it.") . EOL;
 	}
 
 	public static function checkFormSecurityTokenRedirectOnError($err_redirect, $typename = '', $formname = 'form_security_token')