X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=a6a9fc95253efb6d64abd2eb4a30bf08ca1788dd;hb=9feab828c88dfdc0c66fef3269f6cdf0122d2840;hp=187708eb79bf794b1f8551047fc846d2dc840b01;hpb=b99925060aa7bbe3278156e20eae6990dc9dd920;p=friendica.git diff --git a/src/Model/User.php b/src/Model/User.php index 187708eb79..a6a9fc9525 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -9,6 +9,7 @@ use DivineOmega\PasswordExposed; use Exception; use Friendica\Core\Addon; use Friendica\Core\Config; +use Friendica\Core\Hook; use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\PConfig; @@ -61,7 +62,7 @@ class User */ public static function getIdForURL($url) { - $self = DBA::selectFirst('contact', ['uid'], ['nurl' => normalise_link($url), 'self' => true]); + $self = DBA::selectFirst('contact', ['uid'], ['nurl' => Strings::normaliseLink($url), 'self' => true]); if (!DBA::isResult($self)) { return false; } else { @@ -97,6 +98,19 @@ class User if (!DBA::isResult($r)) { return false; } + + if (empty($r['nickname'])) { + return false; + } + + // Check if the returned data is valid, otherwise fix it. See issue #6122 + $url = System::baseUrl() . '/profile/' . $r['nickname']; + $addr = $r['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3); + + if (($addr != $r['addr']) || ($r['url'] != $url) || ($r['nurl'] != Strings::normaliseLink($r['url']))) { + Contact::updateSelfFromUserID($uid); + } + return $r; } @@ -402,21 +416,21 @@ class User $using_invites = Config::get('system', 'invitation_only'); $num_invites = Config::get('system', 'number_invites'); - $invite_id = !empty($data['invite_id']) ? Strings::removeTags(trim($data['invite_id'])) : ''; - $username = !empty($data['username']) ? Strings::removeTags(trim($data['username'])) : ''; - $nickname = !empty($data['nickname']) ? Strings::removeTags(trim($data['nickname'])) : ''; - $email = !empty($data['email']) ? Strings::removeTags(trim($data['email'])) : ''; - $openid_url = !empty($data['openid_url']) ? Strings::removeTags(trim($data['openid_url'])) : ''; - $photo = !empty($data['photo']) ? Strings::removeTags(trim($data['photo'])) : ''; + $invite_id = !empty($data['invite_id']) ? Strings::escapeTags(trim($data['invite_id'])) : ''; + $username = !empty($data['username']) ? Strings::escapeTags(trim($data['username'])) : ''; + $nickname = !empty($data['nickname']) ? Strings::escapeTags(trim($data['nickname'])) : ''; + $email = !empty($data['email']) ? Strings::escapeTags(trim($data['email'])) : ''; + $openid_url = !empty($data['openid_url']) ? Strings::escapeTags(trim($data['openid_url'])) : ''; + $photo = !empty($data['photo']) ? Strings::escapeTags(trim($data['photo'])) : ''; $password = !empty($data['password']) ? trim($data['password']) : ''; $password1 = !empty($data['password1']) ? trim($data['password1']) : ''; $confirm = !empty($data['confirm']) ? trim($data['confirm']) : ''; - $blocked = !empty($data['blocked']) ? intval($data['blocked']) : 0; - $verified = !empty($data['verified']) ? intval($data['verified']) : 0; - $language = !empty($data['language']) ? Strings::removeTags(trim($data['language'])) : 'en'; + $blocked = !empty($data['blocked']); + $verified = !empty($data['verified']); + $language = !empty($data['language']) ? Strings::escapeTags(trim($data['language'])) : 'en'; - $publish = !empty($data['profile_publish_reg']) && intval($data['profile_publish_reg']) ? 1 : 0; - $netpublish = strlen(Config::get('system', 'directory')) ? $publish : 0; + $publish = !empty($data['profile_publish_reg']); + $netpublish = $publish && Config::get('system', 'directory'); if ($password1 != $confirm) { throw new Exception(L10n::t('Passwords do not match. Password unchanged.')); @@ -499,7 +513,7 @@ class User throw new Exception(L10n::t('Your email domain is not among those allowed on this site.')); } - if (!valid_email($email) || !Network::isEmailDomainValid($email)) { + if (!filter_var($email, FILTER_VALIDATE_EMAIL) || !Network::isEmailDomainValid($email)) { throw new Exception(L10n::t('Not a valid email address.')); } if (self::isNicknameBlocked($nickname)) { @@ -693,7 +707,7 @@ class User */ public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password) { - $body = deindent(L10n::t(' + $body = Strings::deindent(L10n::t(' Dear %1$s, Thank you for registering at %2$s. Your account is pending for approval by the administrator. @@ -728,13 +742,13 @@ class User */ public static function sendRegisterOpenEmail($user, $sitename, $siteurl, $password) { - $preamble = deindent(L10n::t(' + $preamble = Strings::deindent(L10n::t(' Dear %1$s, Thank you for registering at %2$s. Your account has been created. ', - $preamble, $user['username'], $sitename + $user['username'], $sitename )); - $body = deindent(L10n::t(' + $body = Strings::deindent(L10n::t(' The login details are as follows: Site Location: %3$s @@ -782,7 +796,7 @@ class User public static function remove($uid) { if (!$uid) { - return; + return false; } $a = get_app(); @@ -791,28 +805,24 @@ class User $user = DBA::selectFirst('user', [], ['uid' => $uid]); - Addon::callHooks('remove_user', $user); + Hook::callAll('remove_user', $user); // save username (actually the nickname as it is guaranteed // unique), so it cannot be re-registered in the future. DBA::insert('userd', ['username' => $user['nickname']]); // The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php) - DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc(DateTimeFormat::utcNow() . " + 7 day")], ['uid' => $uid]); - Worker::add(PRIORITY_HIGH, "Notifier", "removeme", $uid); + DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]); + Worker::add(PRIORITY_HIGH, 'Notifier', 'removeme', $uid); // Send an update to the directory $self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]); - Worker::add(PRIORITY_LOW, "Directory", $self['url']); + Worker::add(PRIORITY_LOW, 'Directory', $self['url']); // Remove the user relevant data - Worker::add(PRIORITY_LOW, "RemoveUser", $uid); + Worker::add(PRIORITY_LOW, 'RemoveUser', $uid); - if ($uid == local_user()) { - unset($_SESSION['authenticated']); - unset($_SESSION['uid']); - $a->internalRedirect(); - } + return true; } /**