From 32707022bf60945ae14d8fcf52fcd784f1c8f075 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Fri, 13 Sep 2019 20:06:57 -0400 Subject: [PATCH] Remove GET page parameter access from Core\ACL --- mod/acl.php | 3 ++- src/Core/ACL.php | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/mod/acl.php b/mod/acl.php index 3649b03a39..2b3f2a26c0 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -186,8 +186,9 @@ function acl_content(App $a) // autocomplete for global contact search (e.g. navbar search) $search = Strings::escapeTags(trim($_REQUEST['search'])); $mode = $_REQUEST['smode']; + $page = $_REQUEST['page'] ?? 1; - $r = ACL::contactAutocomplete($search, $mode); + $r = ACL::contactAutocomplete($search, $mode, $page); $contacts = []; foreach ($r as $g) { diff --git a/src/Core/ACL.php b/src/Core/ACL.php index e4de02589a..6d9a95a725 100644 --- a/src/Core/ACL.php +++ b/src/Core/ACL.php @@ -327,10 +327,11 @@ class ACL extends BaseObject * @brief Searching for global contacts for autocompletion * @param string $search Name or part of a name or nick * @param string $mode Search mode (e.g. "community") + * @param int $page Page number (starts at 1) * @return array with the search results * @throws \Friendica\Network\HTTPException\InternalServerErrorException */ - public static function contactAutocomplete($search, $mode) + public static function contactAutocomplete($search, $mode, int $page = 1) { if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { return []; @@ -349,9 +350,9 @@ class ACL extends BaseObject if (Config::get('system', 'poco_local_search')) { $return = GContact::searchByName($search, $mode); } else { - $p = defaults($_GET, 'page', 1) != 1 ? '&p=' . defaults($_GET, 'page', 1) : ''; + $p = $page > 1 ? 'p=' . $page : ''; - $curlResult = Network::curl(get_server() . '/lsearch?f=' . $p . '&search=' . urlencode($search)); + $curlResult = Network::curl(get_server() . '/lsearch?' . $p . '&search=' . urlencode($search)); if ($curlResult->isSuccess()) { $lsearch = json_decode($curlResult->getBody(), true); if (!empty($lsearch['results'])) { -- 2.39.5