X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FGroup.php;h=3cd8166f1fadc2a37275b27b39787c29fc7ef917;hb=d7df0825db598012871d8555de04575d0c30247a;hp=063e41589fbcc518b4b38e8dff2cfbef5980a7d5;hpb=3cef3ab107f87f999cf4adcc909259925a631cea;p=friendica.git diff --git a/src/Module/Group.php b/src/Module/Group.php index 063e41589f..3cd8166f1f 100644 --- a/src/Module/Group.php +++ b/src/Module/Group.php @@ -1,6 +1,6 @@ isAjax()) { - self::ajaxPost(); + $this->ajaxPost(); } if (!local_user()) { @@ -50,7 +47,7 @@ class Group extends BaseModule if ((DI::args()->getArgc() == 2) && (DI::args()->getArgv()[1] === 'new')) { BaseModule::checkFormSecurityTokenRedirectOnError('/group/new', 'group_edit'); - $name = Strings::escapeTags(trim($_POST['groupname'])); + $name = trim($request['groupname']); $r = Model\Group::create(local_user(), $name); if ($r) { $r = Model\Group::getIdByName(local_user(), $name); @@ -72,7 +69,7 @@ class Group extends BaseModule notice(DI::l10n()->t('Group not found.')); DI::baseUrl()->redirect('contact'); } - $groupname = Strings::escapeTags(trim($_POST['groupname'])); + $groupname = trim($_POST['groupname']); if (strlen($groupname) && ($groupname != $group['name'])) { if (!Model\Group::update($group['id'], $groupname)) { notice(DI::l10n()->t('Group name was not changed.')); @@ -81,26 +78,32 @@ class Group extends BaseModule } } - public static function ajaxPost() + public function ajaxPost() { try { - $a = DI::app(); - if (!local_user()) { throw new \Exception(DI::l10n()->t('Permission denied.'), 403); } - // POST /group/123/add/123 - // POST /group/123/remove/123 - // @TODO: Replace with parameter from router - if (DI::args()->getArgc() == 4) { - list($group_id, $command, $contact_id) = array_slice(DI::args()->getArgv(), 1); + if (isset($this->parameters['command'])) { + $group_id = $this->parameters['group']; + $contact_id = $this->parameters['contact']; if (!Model\Group::exists($group_id, local_user())) { throw new \Exception(DI::l10n()->t('Unknown group.'), 404); } - $contact = DBA::selectFirst('contact', ['deleted'], ['id' => $contact_id, 'uid' => local_user()]); + // @TODO Backward compatibility with user contacts, remove by version 2022.03 + $cdata = Model\Contact::getPublicAndUserContactID($contact_id, local_user()); + if (empty($cdata['public'])) { + throw new \Exception(DI::l10n()->t('Contact not found.'), 404); + } + + if (empty($cdata['user'])) { + throw new \Exception(DI::l10n()->t('Invalid contact.'), 404); + } + + $contact = Model\Contact::getById($cdata['user'], ['deleted']); if (!DBA::isResult($contact)) { throw new \Exception(DI::l10n()->t('Contact not found.'), 404); } @@ -109,23 +112,21 @@ class Group extends BaseModule throw new \Exception(DI::l10n()->t('Contact is deleted.'), 410); } - switch($command) { + switch($this->parameters['command']) { case 'add': - if (!Model\Group::addMember($group_id, $contact_id)) { + if (!Model\Group::addMember($group_id, $cdata['user'])) { throw new \Exception(DI::l10n()->t('Unable to add the contact to the group.'), 500); } $message = DI::l10n()->t('Contact successfully added to group.'); break; case 'remove': - if (!Model\Group::removeMember($group_id, $contact_id)) { + if (!Model\Group::removeMember($group_id, $cdata['user'])) { throw new \Exception(DI::l10n()->t('Unable to remove the contact from the group.'), 500); } $message = DI::l10n()->t('Contact successfully removed from group.'); break; - default: - throw new \Exception(DI::l10n()->t('Unknown group command.'), 400); } } else { throw new \Exception(DI::l10n()->t('Bad request.'), 400); @@ -139,7 +140,7 @@ class Group extends BaseModule } } - public static function content(array $parameters = []) + protected function content(array $request = []): string { $change = false;