From: Michael Vogel Date: Sun, 25 Nov 2018 09:46:22 +0000 (+0100) Subject: Merge pull request #6201 from JonnyTischbein/feature_admin_subsubpages X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=ced4911c4ab268c9e502a3c3e1aa43ebda837044;hp=5e577ed1330425ec8da7966e27d24a9ea692e2b8;p=friendica.git Merge pull request #6201 from JonnyTischbein/feature_admin_subsubpages admin/site Change html b to strong --- diff --git a/composer.json b/composer.json index 339211f6f0..2f12d076d4 100644 --- a/composer.json +++ b/composer.json @@ -14,6 +14,8 @@ }, "require": { "php": ">=5.6.1", + "ext-dom": "*", + "ext-json": "*", "ext-xml": "*", "asika/simple-console": "^1.0", "divineomega/password_exposed": "^2.4", diff --git a/composer.lock b/composer.lock index 16b9e50b52..d0ce1c4e72 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "ee7a6d8a1a9df21b46478dd91c1b73b7", + "content-hash": "11efc727fd6cae00c1230616e31ad2a2", "packages": [ { "name": "asika/simple-console", @@ -1019,22 +1019,6 @@ "require": { "npm-asset/ev-emitter": ">=1.0.0,<2.0.0" }, - "require-dev": { - "npm-asset/chalk": ">=1.1.1,<2.0.0", - "npm-asset/cheerio": ">=0.19.0,<0.20.0", - "npm-asset/gulp": ">=3.9.0,<4.0.0", - "npm-asset/gulp-jshint": ">=1.11.2,<2.0.0", - "npm-asset/gulp-json-lint": ">=0.1.0,<0.2.0", - "npm-asset/gulp-rename": ">=1.2.2,<2.0.0", - "npm-asset/gulp-replace": ">=0.5.4,<0.6.0", - "npm-asset/gulp-requirejs-optimize": "dev-github:metafizzy/gulp-requirejs-optimize", - "npm-asset/gulp-uglify": ">=1.4.2,<2.0.0", - "npm-asset/gulp-util": ">=3.0.7,<4.0.0", - "npm-asset/highlight.js": ">=8.9.1,<9.0.0", - "npm-asset/marked": ">=0.3.5,<0.4.0", - "npm-asset/minimist": ">=1.2.0,<2.0.0", - "npm-asset/transfob": ">=1.0.0,<2.0.0" - }, "type": "npm-asset-library", "extra": { "npm-asset-bugs": { @@ -1080,14 +1064,6 @@ "reference": null, "shasum": "2736e332aaee73ccf0a14a5f0066391a0a13f4a3" }, - "require-dev": { - "npm-asset/grunt": "~0.4.2", - "npm-asset/grunt-contrib-cssmin": "~0.9.0", - "npm-asset/grunt-contrib-jshint": "~0.6.3", - "npm-asset/grunt-contrib-less": "~0.11.0", - "npm-asset/grunt-contrib-uglify": "~0.4.0", - "npm-asset/grunt-contrib-watch": "~0.6.1" - }, "type": "npm-asset-library", "extra": { "npm-asset-bugs": { @@ -1121,32 +1097,6 @@ "reference": null, "shasum": "2c89d6889b5eac522a7eea32c14521559c6cbf02" }, - "require-dev": { - "npm-asset/commitplease": "2.0.0", - "npm-asset/core-js": "0.9.17", - "npm-asset/grunt": "0.4.5", - "npm-asset/grunt-babel": "5.0.1", - "npm-asset/grunt-cli": "0.1.13", - "npm-asset/grunt-compare-size": "0.4.0", - "npm-asset/grunt-contrib-jshint": "0.11.2", - "npm-asset/grunt-contrib-uglify": "0.9.2", - "npm-asset/grunt-contrib-watch": "0.6.1", - "npm-asset/grunt-git-authors": "2.0.1", - "npm-asset/grunt-jscs": "2.1.0", - "npm-asset/grunt-jsonlint": "1.0.4", - "npm-asset/grunt-npmcopy": "0.1.0", - "npm-asset/gzip-js": "0.3.2", - "npm-asset/jsdom": "5.6.1", - "npm-asset/load-grunt-tasks": "1.0.0", - "npm-asset/qunit-assert-step": "1.0.3", - "npm-asset/qunitjs": "1.17.1", - "npm-asset/requirejs": "2.1.17", - "npm-asset/sinon": "1.10.3", - "npm-asset/sizzle": "2.2.1", - "npm-asset/strip-json-comments": "1.0.3", - "npm-asset/testswarm": "1.1.0", - "npm-asset/win-spawn": "2.0.0" - }, "type": "npm-asset-library", "extra": { "npm-asset-bugs": { @@ -1244,6 +1194,18 @@ "npm-asset/jquery-mousewheel": ">=3.1.13", "npm-asset/php-date-formatter": ">=1.3.4,<2.0.0" }, + "require-dev": { + "npm-asset/chai": ">=4.1.2,<5.0.0", + "npm-asset/concat": "dev-github:azer/concat", + "npm-asset/concat-cli": ">=4.0.0,<5.0.0", + "npm-asset/karma": ">=2.0.0,<3.0.0", + "npm-asset/karma-chai": ">=0.1.0,<0.2.0", + "npm-asset/karma-firefox-launcher": ">=1.1.0,<2.0.0", + "npm-asset/karma-mocha": ">=1.3.0,<2.0.0", + "npm-asset/mocha": ">=5.0.4,<6.0.0", + "npm-asset/uglifycss": ">=0.0.27,<0.0.28", + "npm-asset/uglifyjs": ">=2.4.10,<3.0.0" + }, "type": "npm-asset-library", "extra": { "npm-asset-bugs": { @@ -1297,12 +1259,6 @@ "reference": null, "shasum": "06f0335f16e353a695e7206bf50503cb523a6ee5" }, - "require-dev": { - "npm-asset/grunt": "~0.4.1", - "npm-asset/grunt-contrib-connect": "~0.5.0", - "npm-asset/grunt-contrib-jshint": "~0.7.1", - "npm-asset/grunt-contrib-uglify": "~0.2.7" - }, "type": "npm-asset-library", "extra": { "npm-asset-bugs": { @@ -3607,6 +3563,8 @@ "prefer-lowest": false, "platform": { "php": ">=5.6.1", + "ext-dom": "*", + "ext-json": "*", "ext-xml": "*" }, "platform-dev": [] diff --git a/include/conversation.php b/include/conversation.php index 1b7b34e71a..2d613f0f38 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -462,17 +462,17 @@ function conversation(App $a, array $items, Pager $pager, $mode, $update, $previ . "\r\n"; } diff --git a/include/items.php b/include/items.php index b9e1a0c994..c311383613 100644 --- a/include/items.php +++ b/include/items.php @@ -97,7 +97,7 @@ function add_page_info_data(array $data, $no_photos = false) /// @TODO make a positive list of allowed characters $hashtag = str_replace([" ", "+", "/", ".", "#", "'", "’", "`", "(", ")", "„", "“"], ["", "", "", "", "", "", "", "", "", "", "", ""], $keyword); - $hashtags .= "#[url=" . System::baseUrl() . "/search?tag=" . rawurlencode($hashtag) . "]" . $hashtag . "[/url] "; + $hashtags .= "#[url=" . System::baseUrl() . "/search?tag=" . $hashtag . "]" . $hashtag . "[/url] "; } } @@ -148,7 +148,7 @@ function add_page_keywords($url, $photo = "", $keywords = false, $keyword_blackl $tags .= ", "; } - $tags .= "#[url=" . System::baseUrl() . "/search?tag=" . rawurlencode($hashtag) . "]" . $hashtag . "[/url]"; + $tags .= "#[url=" . System::baseUrl() . "/search?tag=" . $hashtag . "]" . $hashtag . "[/url]"; } } diff --git a/library/OAuth1.php b/library/OAuth1.php index c537f2b252..4746328316 100644 --- a/library/OAuth1.php +++ b/library/OAuth1.php @@ -3,8 +3,10 @@ /* Generic exception class */ -class OAuthException extends Exception { - // pass +if (!class_exists('OAuthException', false)) { + class OAuthException extends Exception { + // pass + } } class OAuthConsumer { diff --git a/mod/admin.php b/mod/admin.php index f22bb7be02..dca1c33620 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -664,13 +664,17 @@ function admin_page_federation(App $a) } while (!empty($parts) && ((strlen($part) >= 40) || (strlen($part) <= 3))); if (!empty($part)) { - $compacted[$part] += $v[$key]['total']; + if (empty($compacted[$part])) { + $compacted[$part] = $v[$key]['total']; + } else { + $compacted[$part] += $v[$key]['total']; + } } } $v = []; - foreach ($compacted as $version => $total) { - $v[] = ['version' => $version, 'total' => $total]; + foreach ($compacted as $version => $pl_total) { + $v[] = ['version' => $version, 'total' => $pl_total]; } } @@ -1779,7 +1783,11 @@ function admin_page_users_post(App $a) } if (x($_POST, 'page_users_delete')) { foreach ($users as $uid) { - User::remove($uid); + if (local_user() != $uid) { + User::remove($uid); + } else { + notice(L10n::t('You can\'t remove yourself')); + } } notice(L10n::tt("%s user deleted", "%s users deleted", count($users))); } @@ -1824,11 +1832,15 @@ function admin_page_users(App $a) } switch ($a->argv[2]) { case "delete": - BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't'); - // delete user - User::remove($uid); + if (local_user() != $uid) { + BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't'); + // delete user + User::remove($uid); - notice(L10n::t("User '%s' deleted", $user['username']) . EOL); + notice(L10n::t("User '%s' deleted", $user['username'])); + } else { + notice(L10n::t('You can\'t remove yourself')); + } break; case "block": BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't'); diff --git a/mod/filerm.php b/mod/filerm.php index 30a7f69df9..d240c2d6a7 100644 --- a/mod/filerm.php +++ b/mod/filerm.php @@ -36,6 +36,6 @@ function filerm_content(App $a) info('Item was not deleted'); } - $a->internalRedirect('/network?f=&file=' . $term); + $a->internalRedirect('/network?f=&file=' . rawurlencode($term)); killme(); } diff --git a/mod/friendica.php b/mod/friendica.php index 0e647eb5ea..77adccbfb6 100644 --- a/mod/friendica.php +++ b/mod/friendica.php @@ -13,7 +13,13 @@ use Friendica\Database\DBA; function friendica_init(App $a) { if (!empty($a->argv[1]) && ($a->argv[1] == "json")) { - $register_policy = ['REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN']; + $register_policies = ['REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN']; + + $register_policy = $register_policies[intval(Config::get('config', 'register_policy'))]; + + if ($register_policy == 'REGISTER_OPEN' && Config::get('config', 'invitation_only')) { + $register_policy = 'REGISTER_INVITATION'; + } $sql_extra = ''; if (x($a->config, 'admin_nickname')) { @@ -52,7 +58,7 @@ function friendica_init(App $a) 'locked_features' => $locked_features, 'explicit_content' => (int)Config::get('system', 'explicit_content', false), 'language' => Config::get('system','language'), - 'register_policy' => $register_policy[intval(Config::get('config', 'register_policy'))], + 'register_policy' => $register_policy, 'admin' => $admin, 'site_name' => Config::get('config', 'sitename'), 'platform' => FRIENDICA_PLATFORM, diff --git a/mod/hovercard.php b/mod/hovercard.php index f5ad3ef021..6160642762 100644 --- a/mod/hovercard.php +++ b/mod/hovercard.php @@ -107,7 +107,7 @@ function hovercard_content() 'about' => $contact['about'], 'network' => Strings::formatNetworkName($contact['network'], $contact['url']), 'tags' => $contact['keywords'], - 'bd' => $contact['birthday'] <= '0001-01-01' ? '' : $contact['birthday'], + 'bd' => $contact['birthday'] <= DBA::NULL_DATE ? '' : $contact['birthday'], 'account_type' => Contact::getAccountType($contact), 'actions' => $actions, ]; diff --git a/mod/network.php b/mod/network.php index 58f9484250..594a557997 100644 --- a/mod/network.php +++ b/mod/network.php @@ -170,21 +170,17 @@ function network_init(App $a) function saved_searches($search) { - $a = get_app(); - $srchurl = '/network?f=' - . ((x($_GET, 'cid')) ? '&cid=' . $_GET['cid'] : '') - . ((x($_GET, 'star')) ? '&star=' . $_GET['star'] : '') - . ((x($_GET, 'bmark')) ? '&bmark=' . $_GET['bmark'] : '') - . ((x($_GET, 'conv')) ? '&conv=' . $_GET['conv'] : '') - . ((x($_GET, 'nets')) ? '&nets=' . $_GET['nets'] : '') - . ((x($_GET, 'cmin')) ? '&cmin=' . $_GET['cmin'] : '') - . ((x($_GET, 'cmax')) ? '&cmax=' . $_GET['cmax'] : '') - . ((x($_GET, 'file')) ? '&file=' . $_GET['file'] : ''); + . ((x($_GET, 'cid')) ? '&cid=' . rawurlencode($_GET['cid']) : '') + . ((x($_GET, 'star')) ? '&star=' . rawurlencode($_GET['star']) : '') + . ((x($_GET, 'bmark')) ? '&bmark=' . rawurlencode($_GET['bmark']) : '') + . ((x($_GET, 'conv')) ? '&conv=' . rawurlencode($_GET['conv']) : '') + . ((x($_GET, 'nets')) ? '&nets=' . rawurlencode($_GET['nets']) : '') + . ((x($_GET, 'cmin')) ? '&cmin=' . rawurlencode($_GET['cmin']) : '') + . ((x($_GET, 'cmax')) ? '&cmax=' . rawurlencode($_GET['cmax']) : '') + . ((x($_GET, 'file')) ? '&file=' . rawurlencode($_GET['file']) : ''); ; - $o = ''; - $terms = DBA::select('search', ['id', 'term'], ['uid' => local_user()]); $saved = []; @@ -202,7 +198,7 @@ function saved_searches($search) $o = Renderer::replaceMacros($tpl, [ '$title' => L10n::t('Saved Searches'), '$add' => L10n::t('add'), - '$searchbox' => HTML::search($search, 'netsearch-box', $srchurl, true), + '$searchbox' => HTML::search($search, 'netsearch-box', $srchurl), '$saved' => $saved, ]); diff --git a/mod/ostatus_subscribe.php b/mod/ostatus_subscribe.php index 7fce9d0b69..5670820623 100644 --- a/mod/ostatus_subscribe.php +++ b/mod/ostatus_subscribe.php @@ -2,6 +2,7 @@ /** * @file mod/ostatus_subscribe.php */ + use Friendica\App; use Friendica\Core\L10n; use Friendica\Core\PConfig; @@ -11,15 +12,15 @@ use Friendica\Model\Contact; use Friendica\Network\Probe; use Friendica\Util\Network; -function ostatus_subscribe_content(App $a) { - - if (! local_user()) { +function ostatus_subscribe_content(App $a) +{ + if (!local_user()) { notice(L10n::t('Permission denied.') . EOL); $a->internalRedirect('ostatus_subscribe'); // NOTREACHED } - $o = "

".L10n::t("Subscribing to OStatus contacts")."

"; + $o = '

' . L10n::t('Subscribing to OStatus contacts') . '

'; $uid = local_user(); @@ -27,42 +28,46 @@ function ostatus_subscribe_content(App $a) { $counter = intval($_REQUEST['counter']); - if (PConfig::get($uid, "ostatus", "legacy_friends") == "") { + if (PConfig::get($uid, 'ostatus', 'legacy_friends') == '') { - if ($_REQUEST["url"] == "") { - PConfig::delete($uid, "ostatus", "legacy_contact"); - return $o.L10n::t("No contact provided."); + if ($_REQUEST['url'] == '') { + PConfig::delete($uid, 'ostatus', 'legacy_contact'); + return $o . L10n::t('No contact provided.'); } - $contact = Probe::uri($_REQUEST["url"]); + $contact = Probe::uri($_REQUEST['url']); if (!$contact) { - PConfig::delete($uid, "ostatus", "legacy_contact"); - return $o.L10n::t("Couldn't fetch information for contact."); + PConfig::delete($uid, 'ostatus', 'legacy_contact'); + return $o . L10n::t('Couldn\'t fetch information for contact.'); } - $api = $contact["baseurl"]."/api/"; + $api = $contact['baseurl'] . '/api/'; // Fetching friends - $curlResult = Network::curl($api."statuses/friends.json?screen_name=".$contact["nick"]); + $curlResult = Network::curl($api . 'statuses/friends.json?screen_name=' . $contact['nick']); if (!$curlResult->isSuccess()) { - PConfig::delete($uid, "ostatus", "legacy_contact"); - return $o.L10n::t("Couldn't fetch friends for contact."); + PConfig::delete($uid, 'ostatus', 'legacy_contact'); + return $o . L10n::t('Couldn\'t fetch friends for contact.'); } - PConfig::set($uid, "ostatus", "legacy_friends", $curlResult->getBody()); + PConfig::set($uid, 'ostatus', 'legacy_friends', $curlResult->getBody()); } - $friends = json_decode(PConfig::get($uid, "ostatus", "legacy_friends")); + $friends = json_decode(PConfig::get($uid, 'ostatus', 'legacy_friends')); + + if (empty($friends)) { + $friends = []; + } $total = sizeof($friends); if ($counter >= $total) { - $a->page['htmlhead'] = ''; - PConfig::delete($uid, "ostatus", "legacy_friends"); - PConfig::delete($uid, "ostatus", "legacy_contact"); - $o .= L10n::t("Done"); + $a->page['htmlhead'] = ''; + PConfig::delete($uid, 'ostatus', 'legacy_friends'); + PConfig::delete($uid, 'ostatus', 'legacy_contact'); + $o .= L10n::t('Done'); return $o; } @@ -70,25 +75,25 @@ function ostatus_subscribe_content(App $a) { $url = $friend->statusnet_profile_url; - $o .= "

".$counter."/".$total.": ".$url; + $o .= '

' . $counter . '/' . $total . ': ' . $url; $curlResult = Probe::uri($url); - if ($curlResult["network"] == Protocol::OSTATUS) { + if ($curlResult['network'] == Protocol::OSTATUS) { $result = Contact::createFromProbe($uid, $url, true, Protocol::OSTATUS); - if ($result["success"]) { - $o .= " - ".L10n::t("success"); + if ($result['success']) { + $o .= ' - ' . L10n::t('success'); } else { - $o .= " - ".L10n::t("failed"); + $o .= ' - ' . L10n::t('failed'); } } else { - $o .= " - ".L10n::t("ignored"); + $o .= ' - ' . L10n::t('ignored'); } - $o .= "

"; + $o .= '

'; - $o .= "

".L10n::t("Keep this window open until done.")."

"; + $o .= '

' . L10n::t('Keep this window open until done.') . '

'; - $a->page['htmlhead'] = ''; + $a->page['htmlhead'] = ''; return $o; } diff --git a/mod/photos.php b/mod/photos.php index 65a48c4c3f..70e0e1882d 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -613,7 +613,7 @@ function photos_post(App $a) } $profile = str_replace(',', '%2c', $profile); - $str_tags .= '@[url='.$profile.']'.$newname.'[/url]'; + $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]'; } } elseif (strpos($tag, '#') === 0) { $tagname = substr($tag, 1); diff --git a/mod/profile.php b/mod/profile.php index 0aa42cf446..3164f173bf 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -253,7 +253,7 @@ function profile_content(App $a, $update = 0) $sql_extra4 = " AND `item`.`received` > '" . $gmupdate . "'"; } - $items = q("SELECT DISTINCT(`parent-uri`) AS `uri` + $items = q("SELECT DISTINCT(`parent-uri`) AS `uri`, `item`.`created` FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND NOT `contact`.`blocked` AND NOT `contact`.`pending` WHERE `item`.`uid` = %d AND `item`.`visible` AND diff --git a/mod/profiles.php b/mod/profiles.php index 459a1c5e75..fe3b362317 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -216,7 +216,7 @@ function profiles_post(App $a) { } else { $ignore_year = false; } - if (!in_array($dob, ['0000-00-00', '0001-01-01'])) { + if (!in_array($dob, ['0000-00-00', DBA::NULL_DATE])) { if (strpos($dob, '0000-') === 0 || strpos($dob, '0001-') === 0) { $ignore_year = true; $dob = substr($dob, 5); diff --git a/mod/redir.php b/mod/redir.php index f22af545f7..701b85953c 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -43,7 +43,7 @@ function redir_init(App $a) { if ($contact['uid'] == 0 && local_user()) { // Let's have a look if there is an established connection - // between the puplic contact we have found and the local user. + // between the public contact we have found and the local user. $contact = DBA::selectFirst('contact', $fields, ['nurl' => $contact['nurl'], 'uid' => local_user()]); if (DBA::isResult($contact)) { diff --git a/mod/removeme.php b/mod/removeme.php index 49b8f6d534..ee0b66db8a 100644 --- a/mod/removeme.php +++ b/mod/removeme.php @@ -57,8 +57,12 @@ function removeme_post(App $a) ]); } - if (User::authenticate($a->user, trim($_POST['qxz_password']))) { + if (User::getIdFromPasswordAuthentication($a->user, trim($_POST['qxz_password']))) { User::remove($a->user['uid']); + + unset($_SESSION['authenticated']); + unset($_SESSION['uid']); + $a->internalRedirect(); // NOTREACHED } } diff --git a/mod/search.php b/mod/search.php index 1ada76a9e6..2810b23b13 100644 --- a/mod/search.php +++ b/mod/search.php @@ -162,7 +162,7 @@ function search_content(App $a) { 'name' => "search-header", '$title' => L10n::t("Search"), '$title_size' => 3, - '$content' => HTML::search($search,'search-box','search',((local_user()) ? true : false), false) + '$content' => HTML::search($search,'search-box','search', false) ]); if (strpos($search,'#') === 0) { diff --git a/mod/tagger.php b/mod/tagger.php index 6c3c6157a5..5a8047414d 100644 --- a/mod/tagger.php +++ b/mod/tagger.php @@ -93,7 +93,7 @@ function tagger_content(App $a) { EOT; - $tagid = System::baseUrl() . '/search?tag=' . $term; + $tagid = System::baseUrl() . '/search?tag=' . $xterm; $objtype = ACTIVITY_OBJ_TAGTERM; $obj = <<< EOT @@ -113,7 +113,7 @@ EOT; return; } - $termlink = html_entity_decode('⌗') . '[url=' . System::baseUrl() . '/search?tag=' . urlencode($term) . ']'. $term . '[/url]'; + $termlink = html_entity_decode('⌗') . '[url=' . System::baseUrl() . '/search?tag=' . $term . ']'. $term . '[/url]'; $arr = []; @@ -170,7 +170,7 @@ EOT; $term_objtype, TERM_HASHTAG, DBA::escape($term), - DBA::escape(System::baseUrl() . '/search?tag=' . $term), + '', intval($owner_uid) ); } @@ -192,7 +192,7 @@ EOT; $term_objtype, TERM_HASHTAG, DBA::escape($term), - DBA::escape(System::baseUrl() . '/search?tag=' . $term), + '', intval($owner_uid) ); } diff --git a/mod/viewcontacts.php b/mod/viewcontacts.php index f3d457e295..8b7acffbdc 100644 --- a/mod/viewcontacts.php +++ b/mod/viewcontacts.php @@ -68,8 +68,9 @@ function viewcontacts_content(App $a) $r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE `uid` = %d AND NOT `blocked` AND NOT `pending` AND NOT `hidden` AND NOT `archive` - AND `network` IN ('%s', '%s', '%s')", + AND `network` IN ('%s', '%s', '%s', '%s')", intval($a->profile['uid']), + DBA::escape(Protocol::ACTIVITYPUB), DBA::escape(Protocol::DFRN), DBA::escape(Protocol::DIASPORA), DBA::escape(Protocol::OSTATUS) @@ -82,9 +83,10 @@ function viewcontacts_content(App $a) $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND NOT `blocked` AND NOT `pending` AND NOT `hidden` AND NOT `archive` - AND `network` IN ('%s', '%s', '%s') + AND `network` IN ('%s', '%s', '%s', '%s') ORDER BY `name` ASC LIMIT %d, %d", intval($a->profile['uid']), + DBA::escape(Protocol::ACTIVITYPUB), DBA::escape(Protocol::DFRN), DBA::escape(Protocol::DIASPORA), DBA::escape(Protocol::OSTATUS), diff --git a/src/App.php b/src/App.php index 4451013093..67625228b4 100644 --- a/src/App.php +++ b/src/App.php @@ -1013,11 +1013,11 @@ class App $meminfo[$key] = (int) ($meminfo[$key] / 1024); } - if (!isset($meminfo['MemAvailable']) || !isset($meminfo['MemFree'])) { + if (!isset($meminfo['MemFree'])) { return false; } - $free = $meminfo['MemAvailable'] + $meminfo['MemFree']; + $free = $meminfo['MemFree']; $reached = ($free < $min_memory); diff --git a/src/Content/OEmbed.php b/src/Content/OEmbed.php index c77db3827f..c37e36f607 100644 --- a/src/Content/OEmbed.php +++ b/src/Content/OEmbed.php @@ -247,8 +247,7 @@ class OEmbed $ret .= ''; - $ret = str_replace("\n", "", $ret); - return mb_convert_encoding($ret, 'HTML-ENTITIES', mb_detect_encoding($ret)); + return str_replace("\n", "", $ret); } public static function BBCode2HTML($text) diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php index 9c9adec0fa..cb375dcd21 100644 --- a/src/Content/Text/BBCode.php +++ b/src/Content/Text/BBCode.php @@ -28,6 +28,7 @@ use Friendica\Util\Network; use Friendica\Util\ParseUrl; use Friendica\Util\Proxy as ProxyUtils; use Friendica\Util\Strings; +use Friendica\Util\XML; class BBCode extends BaseObject { @@ -1340,15 +1341,21 @@ class BBCode extends BaseObject $expression = "=diaspora://.*?/post/([0-9A-Za-z\-_@.:]{15,254}[0-9A-Za-z])=ism"; $text = preg_replace($expression, System::baseUrl()."/display/$1", $text); - $text = preg_replace("/([#])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", - '$1$3', $text); - - $text = preg_replace("/\[url\=([$URLSearchString]*)\]#(.*?)\[\/url\]/ism", - '#$2', $text); + /* Tag conversion + * Supports: + * - #[url=][/url] + * - [url=]#[/url] + */ + $text = preg_replace_callback("/(?:#\[url\=[$URLSearchString]*\]|\[url\=[$URLSearchString]*\]#)(.*?)\[\/url\]/ism", function($matches) { + return '#' + . XML::escape($matches[1]) + . ''; + }, $text); $text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '$1', $text); $text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$2', $text); - //$Text = preg_replace("/\[url\=([$URLSearchString]*)\]([$URLSearchString]*)\[\/url\]/ism", '$2', $Text); // Red compatibility, though the link can't be authenticated on Friendica $text = preg_replace("/\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '$2', $text); diff --git a/src/Content/Text/HTML.php b/src/Content/Text/HTML.php index 544811536b..6451b74faa 100644 --- a/src/Content/Text/HTML.php +++ b/src/Content/Text/HTML.php @@ -951,7 +951,7 @@ class HTML * * @return string Formatted HTML. */ - public static function search($s, $id = 'search-box', $url = 'search', $save = false, $aside = true) + public static function search($s, $id = 'search-box', $url = 'search', $aside = true) { $mode = 'text'; diff --git a/src/Model/Contact.php b/src/Model/Contact.php index 1c90d0c815..bb6fc25851 100644 --- a/src/Model/Contact.php +++ b/src/Model/Contact.php @@ -740,7 +740,7 @@ class Contact extends BaseObject // "bd" always contains the upcoming birthday of a contact. // "birthday" might contain the birthday including the year of birth. - if ($profile["birthday"] > '0001-01-01') { + if ($profile["birthday"] > DBA::NULL_DATE) { $bd_timestamp = strtotime($profile["birthday"]); $month = date("m", $bd_timestamp); $day = date("d", $bd_timestamp); @@ -757,7 +757,7 @@ class Contact extends BaseObject $profile["bd"] = ( ++$current_year) . "-" . $month . "-" . $day; } } else { - $profile["bd"] = '0001-01-01'; + $profile["bd"] = DBA::NULL_DATE; } } else { $profile = $default; @@ -794,7 +794,7 @@ class Contact extends BaseObject $profile["location"] = ""; $profile["about"] = ""; $profile["gender"] = ""; - $profile["birthday"] = '0001-01-01'; + $profile["birthday"] = DBA::NULL_DATE; } $cache[$url][$uid] = $profile; @@ -1285,10 +1285,15 @@ class Contact extends BaseObject return false; } - $blocked = DBA::selectFirst('contact', ['blocked'], ['id' => $cid]); + $blocked = DBA::selectFirst('contact', ['blocked', 'url'], ['id' => $cid]); if (!DBA::isResult($blocked)) { return false; } + + if (Network::isUrlBlocked($blocked['url'])) { + return true; + } + return (bool) $blocked['blocked']; } @@ -1957,44 +1962,33 @@ class Contact extends BaseObject */ public static function updateBirthdays() { - // This only handles foreign or alien networks where a birthday has been provided. - // In-network birthdays are handled within local_delivery - - $r = q("SELECT * FROM `contact` WHERE `bd` != '' AND `bd` > '0001-01-01' AND SUBSTRING(`bd`, 1, 4) != `bdyear` "); - if (DBA::isResult($r)) { - foreach ($r as $rr) { - Logger::log('update_contact_birthday: ' . $rr['bd']); - - $nextbd = DateTimeFormat::utcNow('Y') . substr($rr['bd'], 4); - - /* - * Add new birthday event for this person - * - * $bdtext is just a readable placeholder in case the event is shared - * with others. We will replace it during presentation to our $importer - * to contain a sparkle link and perhaps a photo. - */ - - // Check for duplicates - $condition = ['uid' => $rr['uid'], 'cid' => $rr['id'], - 'start' => DateTimeFormat::utc($nextbd), 'type' => 'birthday']; - if (DBA::exists('event', $condition)) { - continue; - } - - $bdtext = L10n::t('%s\'s birthday', $rr['name']); - $bdtext2 = L10n::t('Happy Birthday %s', ' [url=' . $rr['url'] . ']' . $rr['name'] . '[/url]'); - - q("INSERT INTO `event` (`uid`,`cid`,`created`,`edited`,`start`,`finish`,`summary`,`desc`,`type`,`adjust`) - VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%d' ) ", intval($rr['uid']), intval($rr['id']), - DBA::escape(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utc($nextbd)), - DBA::escape(DateTimeFormat::utc($nextbd . ' + 1 day ')), DBA::escape($bdtext), DBA::escape($bdtext2), DBA::escape('birthday'), - intval(0) - ); - + $condition = [ + '`bd` != "" + AND `bd` > "0001-01-01" + AND SUBSTRING(`bd`, 1, 4) != `bdyear` + AND (`contact`.`rel` = ? OR `contact`.`rel` = ?) + AND NOT `contact`.`pending` + AND NOT `contact`.`hidden` + AND NOT `contact`.`blocked` + AND NOT `contact`.`archive` + AND NOT `contact`.`deleted`', + Contact::SHARING, + Contact::FRIEND + ]; + + $contacts = DBA::select('contact', ['id', 'uid', 'name', 'url', 'bd'], $condition); + + while ($contact = DBA::fetch($contacts)) { + Logger::log('update_contact_birthday: ' . $contact['bd']); + + $nextbd = DateTimeFormat::utcNow('Y') . substr($contact['bd'], 4); + + if (Event::createBirthday($contact, $nextbd)) { // update bdyear - q("UPDATE `contact` SET `bdyear` = '%s', `bd` = '%s' WHERE `uid` = %d AND `id` = %d", DBA::escape(substr($nextbd, 0, 4)), - DBA::escape($nextbd), intval($rr['uid']), intval($rr['id']) + DBA::update( + 'contact', + ['bdyear' => substr($nextbd, 0, 4), 'bd' => $nextbd], + ['id' => $contact['id']] ); } } diff --git a/src/Model/Event.php b/src/Model/Event.php index 7356382871..886f124153 100644 --- a/src/Model/Event.php +++ b/src/Model/Event.php @@ -322,43 +322,48 @@ class Event extends BaseObject // New event. Store it. DBA::insert('event', $event); - $event['id'] = DBA::lastInsertId(); - - $item_arr = []; - - $item_arr['uid'] = $event['uid']; - $item_arr['contact-id'] = $event['cid']; - $item_arr['uri'] = $event['uri']; - $item_arr['parent-uri'] = $event['uri']; - $item_arr['guid'] = $event['guid']; - $item_arr['plink'] = defaults($arr, 'plink', ''); - $item_arr['post-type'] = Item::PT_EVENT; - $item_arr['wall'] = $event['cid'] ? 0 : 1; - $item_arr['contact-id'] = $contact['id']; - $item_arr['owner-name'] = $contact['name']; - $item_arr['owner-link'] = $contact['url']; - $item_arr['owner-avatar'] = $contact['thumb']; - $item_arr['author-name'] = $contact['name']; - $item_arr['author-link'] = $contact['url']; - $item_arr['author-avatar'] = $contact['thumb']; - $item_arr['title'] = ''; - $item_arr['allow_cid'] = $event['allow_cid']; - $item_arr['allow_gid'] = $event['allow_gid']; - $item_arr['deny_cid'] = $event['deny_cid']; - $item_arr['deny_gid'] = $event['deny_gid']; - $item_arr['private'] = $private; - $item_arr['visible'] = 1; - $item_arr['verb'] = ACTIVITY_POST; - $item_arr['object-type'] = ACTIVITY_OBJ_EVENT; - $item_arr['origin'] = $event['cid'] === 0 ? 1 : 0; - $item_arr['body'] = self::getBBCode($event); - $item_arr['event-id'] = $event['id']; - - $item_arr['object'] = '' . XML::escape(ACTIVITY_OBJ_EVENT) . '' . XML::escape($event['uri']) . ''; - $item_arr['object'] .= '' . XML::escape(self::getBBCode($event)) . ''; - $item_arr['object'] .= '' . "\n"; - - $item_id = Item::insert($item_arr); + $item_id = 0; + + // Don't create an item for birthday events + if ($event['type'] == 'event') { + $event['id'] = DBA::lastInsertId(); + + $item_arr = []; + + $item_arr['uid'] = $event['uid']; + $item_arr['contact-id'] = $event['cid']; + $item_arr['uri'] = $event['uri']; + $item_arr['parent-uri'] = $event['uri']; + $item_arr['guid'] = $event['guid']; + $item_arr['plink'] = defaults($arr, 'plink', ''); + $item_arr['post-type'] = Item::PT_EVENT; + $item_arr['wall'] = $event['cid'] ? 0 : 1; + $item_arr['contact-id'] = $contact['id']; + $item_arr['owner-name'] = $contact['name']; + $item_arr['owner-link'] = $contact['url']; + $item_arr['owner-avatar'] = $contact['thumb']; + $item_arr['author-name'] = $contact['name']; + $item_arr['author-link'] = $contact['url']; + $item_arr['author-avatar'] = $contact['thumb']; + $item_arr['title'] = ''; + $item_arr['allow_cid'] = $event['allow_cid']; + $item_arr['allow_gid'] = $event['allow_gid']; + $item_arr['deny_cid'] = $event['deny_cid']; + $item_arr['deny_gid'] = $event['deny_gid']; + $item_arr['private'] = $private; + $item_arr['visible'] = 1; + $item_arr['verb'] = ACTIVITY_POST; + $item_arr['object-type'] = ACTIVITY_OBJ_EVENT; + $item_arr['origin'] = $event['cid'] === 0 ? 1 : 0; + $item_arr['body'] = self::getBBCode($event); + $item_arr['event-id'] = $event['id']; + + $item_arr['object'] = '' . XML::escape(ACTIVITY_OBJ_EVENT) . '' . XML::escape($event['uri']) . ''; + $item_arr['object'] .= '' . XML::escape(self::getBBCode($event)) . ''; + $item_arr['object'] .= '' . "\n"; + + $item_id = Item::insert($item_arr); + } Addon::callHooks("event_created", $event['id']); } @@ -981,4 +986,47 @@ class Event extends BaseObject return $location; } + + /** + * @brief Add new birthday event for this person + * + * @param array $contact Contact array, expects: id, uid, url, name + * @param string $birthday Birthday of the contact + * @return bool + */ + public static function createBirthday($contact, $birthday) + { + // Check for duplicates + $condition = [ + 'uid' => $contact['uid'], + 'cid' => $contact['id'], + 'start' => DateTimeFormat::utc($birthday), + 'type' => 'birthday' + ]; + if (DBA::exists('event', $condition)) { + return false; + } + + /* + * Add new birthday event for this person + * + * summary is just a readable placeholder in case the event is shared + * with others. We will replace it during presentation to our $importer + * to contain a sparkle link and perhaps a photo. + */ + $values = [ + 'uid' => $contact['uid'], + 'cid' => $contact['id'], + 'start' => DateTimeFormat::utc($birthday), + 'finish' => DateTimeFormat::utc($birthday . ' + 1 day '), + 'summary' => L10n::t('%s\'s birthday', $contact['name']), + 'desc' => L10n::t('Happy Birthday %s', ' [url=' . $contact['url'] . ']' . $contact['name'] . '[/url]'), + 'type' => 'birthday', + 'adjust' => 0 + ]; + + self::store($values); + + return true; + } } diff --git a/src/Model/GContact.php b/src/Model/GContact.php index 1fed1fc3ef..3acffb059d 100644 --- a/src/Model/GContact.php +++ b/src/Model/GContact.php @@ -864,7 +864,7 @@ class GContact 'location' => $contact['location'], 'about' => $contact['about']]; // Don't update the birthday field if not set or invalid - if (empty($contact['birthday']) || ($contact['birthday'] < '0001-01-01')) { + if (empty($contact['birthday']) || ($contact['birthday'] <= DBA::NULL_DATE)) { unset($fields['bd']); } diff --git a/src/Model/Group.php b/src/Model/Group.php index b32b61e103..1640cb87b1 100644 --- a/src/Model/Group.php +++ b/src/Model/Group.php @@ -400,6 +400,11 @@ class Group extends BaseObject ]; } + // Don't show the groups when there is only one + if (count($display_groups) <= 2) { + return ''; + } + $tpl = Renderer::getMarkupTemplate('group_side.tpl'); $o = Renderer::replaceMacros($tpl, [ '$add' => L10n::t('add'), diff --git a/src/Model/Item.php b/src/Model/Item.php index 9aaac7f7a0..0c420550b8 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -2448,15 +2448,15 @@ class Item extends BaseObject $basetag = str_replace('_',' ',substr($tag,1)); - $newtag = '#[url=' . System::baseUrl() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; + $newtag = '#[url=' . System::baseUrl() . '/search?tag=' . $basetag . ']' . $basetag . '[/url]'; $item["body"] = str_replace($tag, $newtag, $item["body"]); if (!stristr($item["tag"], "/search?tag=" . $basetag . "]" . $basetag . "[/url]")) { if (strlen($item["tag"])) { - $item["tag"] = ','.$item["tag"]; + $item["tag"] = ',' . $item["tag"]; } - $item["tag"] = $newtag.$item["tag"]; + $item["tag"] = $newtag . $item["tag"]; } } diff --git a/src/Model/Profile.php b/src/Model/Profile.php index c45bcdb84b..61357ef77a 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -572,9 +572,18 @@ class Profile if (is_null($r)) { $s = DBA::p( "SELECT `event`.*, `event`.`id` AS `eid`, `contact`.* FROM `event` - INNER JOIN `contact` ON `contact`.`id` = `event`.`cid` + INNER JOIN `contact` + ON `contact`.`id` = `event`.`cid` + AND (`contact`.`rel` = ? OR `contact`.`rel` = ?) + AND NOT `contact`.`pending` + AND NOT `contact`.`hidden` + AND NOT `contact`.`blocked` + AND NOT `contact`.`archive` + AND NOT `contact`.`deleted` WHERE `event`.`uid` = ? AND `type` = 'birthday' AND `start` < ? AND `finish` > ? ORDER BY `start` ASC ", + Contact::SHARING, + Contact::FRIEND, local_user(), DateTimeFormat::utc('now + 6 days'), DateTimeFormat::utcNow() @@ -749,7 +758,7 @@ class Profile $profile['gender'] = [L10n::t('Gender:'), $a->profile['gender']]; } - if (($a->profile['dob']) && ($a->profile['dob'] > '0001-01-01')) { + if (!empty($a->profile['dob']) && $a->profile['dob'] > DBA::NULL_DATE) { $year_bd_format = L10n::t('j F, Y'); $short_bd_format = L10n::t('j F'); @@ -763,7 +772,7 @@ class Profile } if (!empty($a->profile['dob']) - && $a->profile['dob'] > '0001-01-01' + && $a->profile['dob'] > DBA::NULL_DATE && $age = Temporal::getAgeByTimezone($a->profile['dob'], $a->profile['timezone'], '') ) { $profile['age'] = [L10n::t('Age:'), $age]; diff --git a/src/Model/Term.php b/src/Model/Term.php index 2870eb167d..3718887122 100644 --- a/src/Model/Term.php +++ b/src/Model/Term.php @@ -140,6 +140,7 @@ class Term $type = TERM_HASHTAG; $term = substr($tag, 1); + $link = ''; } elseif ((substr(trim($tag), 0, 1) == '@') || (substr(trim($tag), 0, 1) == '!')) { $type = TERM_MENTION; @@ -152,6 +153,7 @@ class Term } else { // This shouldn't happen $type = TERM_HASHTAG; $term = $tag; + $link = ''; } if (DBA::exists('term', ['uid' => $message['uid'], 'otype' => TERM_OBJ_POST, 'oid' => $itemid, 'url' => $link])) { @@ -262,29 +264,29 @@ class Term ); while ($tag = DBA::fetch($taglist)) { - if ($tag["url"] == "") { - $tag["url"] = $searchpath . $tag["term"]; + if ($tag['url'] == '') { + $tag['url'] = $searchpath . rawurlencode($tag['term']); } - $orig_tag = $tag["url"]; + $orig_tag = $tag['url']; $author = ['uid' => 0, 'id' => $item['author-id'], 'network' => $item['author-network'], 'url' => $item['author-link']]; - $tag["url"] = Contact::magicLinkByContact($author, $tag['url']); + $tag['url'] = Contact::magicLinkByContact($author, $tag['url']); - if ($tag["type"] == TERM_HASHTAG) { - if ($orig_tag != $tag["url"]) { - $item['body'] = str_replace($orig_tag, $tag["url"], $item['body']); + if ($tag['type'] == TERM_HASHTAG) { + if ($orig_tag != $tag['url']) { + $item['body'] = str_replace($orig_tag, $tag['url'], $item['body']); } - $return['hashtags'][] = "#" . $tag["term"] . ""; - $prefix = "#"; - } elseif ($tag["type"] == TERM_MENTION) { - $return['mentions'][] = "@" . $tag["term"] . ""; - $prefix = "@"; + $return['hashtags'][] = '#' . $tag['term'] . ''; + $prefix = '#'; + } elseif ($tag['type'] == TERM_MENTION) { + $return['mentions'][] = '@' . $tag['term'] . ''; + $prefix = '@'; } - $return['tags'][] = $prefix . "" . $tag["term"] . ""; + $return['tags'][] = $prefix . '' . $tag['term'] . ''; } DBA::close($taglist); diff --git a/src/Model/User.php b/src/Model/User.php index 0f397aadc2..aef4bcbfc2 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -9,6 +9,7 @@ use DivineOmega\PasswordExposed; use Exception; use Friendica\Core\Addon; use Friendica\Core\Config; +use Friendica\Core\Hook; use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\PConfig; @@ -732,7 +733,7 @@ class User Dear %1$s, Thank you for registering at %2$s. Your account has been created. ', - $preamble, $user['username'], $sitename + $user['username'], $sitename )); $body = Strings::deindent(L10n::t(' The login details are as follows: @@ -782,7 +783,7 @@ class User public static function remove($uid) { if (!$uid) { - return; + return false; } $a = get_app(); @@ -791,28 +792,24 @@ class User $user = DBA::selectFirst('user', [], ['uid' => $uid]); - Addon::callHooks('remove_user', $user); + Hook::callAll('remove_user', $user); // save username (actually the nickname as it is guaranteed // unique), so it cannot be re-registered in the future. DBA::insert('userd', ['username' => $user['nickname']]); // The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php) - DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc(DateTimeFormat::utcNow() . " + 7 day")], ['uid' => $uid]); - Worker::add(PRIORITY_HIGH, "Notifier", "removeme", $uid); + DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]); + Worker::add(PRIORITY_HIGH, 'Notifier', 'removeme', $uid); // Send an update to the directory $self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]); - Worker::add(PRIORITY_LOW, "Directory", $self['url']); + Worker::add(PRIORITY_LOW, 'Directory', $self['url']); // Remove the user relevant data - Worker::add(PRIORITY_LOW, "RemoveUser", $uid); + Worker::add(PRIORITY_LOW, 'RemoveUser', $uid); - if ($uid == local_user()) { - unset($_SESSION['authenticated']); - unset($_SESSION['uid']); - $a->internalRedirect(); - } + return true; } /** diff --git a/src/Module/Contact.php b/src/Module/Contact.php index 80e9c73b63..ec7e896925 100644 --- a/src/Module/Contact.php +++ b/src/Module/Contact.php @@ -570,12 +570,12 @@ class Contact extends BaseModule /// @todo Only show the following link with DFRN when the remote version supports it $follow = ''; $follow_text = ''; - if (in_array($contact['rel'], [Model\Contact::FRIEND, Model\Contact::SHARING])) { + if ($contact['uid'] && in_array($contact['rel'], [Model\Contact::FRIEND, Model\Contact::SHARING])) { if (in_array($contact['network'], Protocol::NATIVE_SUPPORT)) { $follow = $a->getBaseURL(true) . '/unfollow?url=' . urlencode($contact['url']); $follow_text = L10n::t('Disconnect/Unfollow'); } - } else { + } elseif(!$contact['pending']) { $follow = $a->getBaseURL(true) . '/follow?url=' . urlencode($contact['url']); $follow_text = L10n::t('Connect/Follow'); } diff --git a/src/Network/CurlResult.php b/src/Network/CurlResult.php index dd98853ae8..b2587799d1 100644 --- a/src/Network/CurlResult.php +++ b/src/Network/CurlResult.php @@ -4,6 +4,7 @@ namespace Friendica\Network; use Friendica\Core\Logger; use Friendica\Network\HTTPException\InternalServerErrorException; +use Friendica\Util\Network; /** * A content class for Curl call results @@ -159,28 +160,22 @@ class CurlResult } if ($this->returnCode == 301 || $this->returnCode == 302 || $this->returnCode == 303 || $this->returnCode== 307) { - $new_location_info = (!array_key_exists('redirect_url', $this->info) ? '' : @parse_url($this->info['redirect_url'])); - $old_location_info = (!array_key_exists('url', $this->info) ? '' : @parse_url($this->info['url'])); - - $this->redirectUrl = $new_location_info; - - if (empty($new_location_info['path']) && !empty($new_location_info['host'])) { - $this->redirectUrl = $new_location_info['scheme'] . '://' . $new_location_info['host'] . $old_location_info['path']; + $redirect_parts = parse_url(defaults($this->info, 'redirect_url', '')); + if (preg_match('/(Location:|URI:)(.*?)\n/i', $this->header, $matches)) { + $redirect_parts = array_merge($redirect_parts, parse_url(trim(array_pop($matches)))); } - $matches = []; + $parts = parse_url(defaults($this->info, 'url', '')); - if (preg_match('/(Location:|URI:)(.*?)\n/i', $this->header, $matches)) { - $this->redirectUrl = trim(array_pop($matches)); - } - if (strpos($this->redirectUrl, '/') === 0) { - $this->redirectUrl = $old_location_info["scheme"] . "://" . $old_location_info["host"] . $this->redirectUrl; + /// @todo Checking the corresponding RFC which parts of a redirect can be ommitted. + $components = ['scheme', 'host', 'path', 'query', 'fragment']; + foreach ($components as $component) { + if (empty($redirect_parts[$component]) && !empty($parts[$component])) { + $redirect_parts[$component] = $parts[$component]; + } } - $old_location_query = @parse_url($this->url, PHP_URL_QUERY); - if ($old_location_query != '') { - $this->redirectUrl .= '?' . $old_location_query; - } + $this->redirectUrl = Network::unparseURL($redirect_parts); $this->isRedirectUrl = filter_var($this->redirectUrl, FILTER_VALIDATE_URL) !== false; } else { diff --git a/src/Object/OEmbed.php b/src/Object/OEmbed.php index 20f27ae0bf..bd336f7583 100644 --- a/src/Object/OEmbed.php +++ b/src/Object/OEmbed.php @@ -42,6 +42,17 @@ class OEmbed } foreach ($properties as $key => $value) { + if (in_array($key, ['thumbnail_width', 'thumbnail_height', 'width', 'height'])) { + // These values should be numbers, so ensure that they really are numbers. + $value = (int)$value; + } elseif ($key != 'html') { + // Avoid being able to inject some ugly stuff through these fields. + $value = htmlentities($value); + } else { + /// @todo Add a way to sanitize the html as well, possibly with an