Code cleanup in events

- Replace killme() with exit()
- Use correctly escaped query string
- Simplify perms2str input filtering
- Add expected json header to /events/json

diff --git a/mod/events.php b/mod/events.php
index f147e005459ab85f1b7c21710007c368a833254e..a788cc157cf9be977f73ae3ee02d5a742a019a3f 100644 (file)
--- a/mod/events.php
+++ b/mod/events.php
@@ -102,8 +102,18 @@ function events_post(App $a)
        $location = Strings::escapeHtml(trim(defaults($_POST, 'location', '')));
        $type     = 'event';
 
-       $action = ($event_id == '') ? 'new' : "event/" . $event_id;
-       $onerror_path = "events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish";
+       $params = [
+               'summary'     => $summary,
+               'description' => $desc,
+               'location'    => $location,
+               'start'       => $start_text,
+               'finish'      => $finish_text,
+               'adjust'      => $adjust,
+               'nofinish'    => $nofinish,
+       ];
+
+       $action = ($event_id == '') ? 'new' : 'event/' . $event_id;
+       $onerror_path = 'events/' . $action . '?' . http_build_query($params, null, null, PHP_QUERY_RFC3986);
 
        if (strcmp($finish, $start) < 0 && !$nofinish) {
                notice(L10n::t('Event can not end before it has started.') . EOL);
@@ -137,10 +147,10 @@ function events_post(App $a)
 
 
        if ($share) {
-               $str_group_allow   = !empty($_POST['group_allow'])   ? perms2str($_POST['group_allow'])   : '';
-               $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
-               $str_group_deny    = !empty($_POST['group_deny'])    ? perms2str($_POST['group_deny'])    : '';
-               $str_contact_deny  = !empty($_POST['contact_deny'])  ? perms2str($_POST['contact_deny'])  : '';
+               $str_group_allow   = perms2str(defaults($_POST, 'group_allow'  , ''));
+               $str_contact_allow = perms2str(defaults($_POST, 'contact_allow', ''));
+               $str_group_deny    = perms2str(defaults($_POST, 'group_deny'   , ''));
+               $str_contact_deny  = perms2str(defaults($_POST, 'contact_deny' , ''));
 
                // Undo the pseudo-contact of self, since there are real contacts now
                if (strpos($str_contact_allow, '<' . $self . '>') !== false) {
@@ -181,7 +191,7 @@ function events_post(App $a)
        if (intval($_REQUEST['preview'])) {
                $html = Event::getHTML($datarray);
                echo $html;
-               killme();
+               exit();
        }
 
        $item_id = Event::store($datarray);
@@ -364,8 +374,9 @@ function events_content(App $a)
                }
 
                if ($a->argc > 1 && $a->argv[1] === 'json') {
+                       header('Content-Type: application/json');
                        echo json_encode($events);
-                       killme();
+                       exit();
                }
 
                if (!empty($_GET['id'])) {

diff --git a/src/Model/Event.php b/src/Model/Event.php
index 886f124153ac0a41bbbd1e7f58f6f4907aeba085..348ced5256ff99f68540065e652dfd56406e2402 100644 (file)
--- a/src/Model/Event.php
+++ b/src/Model/Event.php
@@ -14,7 +14,6 @@ use Friendica\Core\PConfig;
 use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Database\DBA;
-use Friendica\Model\Contact;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Map;
 use Friendica\Util\XML;