From 9d0f18c0b334aa325e624cf40d13f59bf32d0568 Mon Sep 17 00:00:00 2001
From: Michael Vogel <icarus@dabo.de>
Date: Wed, 1 Aug 2018 07:29:58 +0200
Subject: [PATCH] Yeah, and again notices ... (#5536)
* Yeah, and again notices ...
* And some more
* Block access without given user name
* Reformatting
---
include/security.php | 4 +--
index.php | 2 +-
mod/cal.php | 72 ++++++++++++++++++++-------------------
mod/manage.php | 2 +-
mod/viewcontacts.php | 36 +++++++++++---------
src/Model/Contact.php | 10 ++++++
src/Model/Profile.php | 4 +--
src/Protocol/Diaspora.php | 2 +-
8 files changed, 73 insertions(+), 59 deletions(-)
diff --git a/include/security.php b/include/security.php
index af18a281a6..141738e4bc 100644
--- a/include/security.php
+++ b/include/security.php
@@ -179,7 +179,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
* The cookie will be renewed automatically.
* The week ensures that sessions will expire after some inactivity.
*/
- if ($_SESSION['remember']) {
+ if (!empty($_SESSION['remember'])) {
logger('Injecting cookie for remembered user ' . $a->user['nickname']);
new_cookie(604800, $user_record);
unset($_SESSION['remember']);
@@ -225,7 +225,7 @@ function can_write_wall($owner)
} else {
$cid = 0;
- if (is_array($_SESSION['remote'])) {
+ if (!empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $owner) {
$cid = $visitor['cid'];
diff --git a/index.php b/index.php
index b33db80b69..8d40dbf85f 100644
--- a/index.php
+++ b/index.php
@@ -100,7 +100,7 @@ if (x($_SESSION, 'authenticated') && !x($_SESSION, 'language')) {
}
}
-if ((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) {
+if (x($_SESSION, 'language') && ($_SESSION['language'] !== $lang)) {
$lang = $_SESSION['language'];
L10n::loadTranslationTable($lang);
}
diff --git a/mod/cal.php b/mod/cal.php
index 7796a459d0..5779b0316a 100644
--- a/mod/cal.php
+++ b/mod/cal.php
@@ -28,52 +28,54 @@ function cal_init(App $a)
DFRN::autoRedir($a, $a->argv[1]);
}
- if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
+ if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
return;
}
+ if ($a->argc < 2) {
+ System::httpExit(403, ["title" => L10n::t('Access denied.')]);
+ }
+
Nav::setSelected('events');
- if ($a->argc > 1) {
- $nick = $a->argv[1];
- $user = DBA::selectFirst('user', [], ['nickname' => $nick, 'blocked' => false]);
- if (!DBA::isResult($user)) {
- return;
- }
+ $nick = $a->argv[1];
+ $user = DBA::selectFirst('user', [], ['nickname' => $nick, 'blocked' => false]);
+ if (!DBA::isResult($user)) {
+ return;
+ }
- $a->data['user'] = $user;
- $a->profile_uid = $user['uid'];
+ $a->data['user'] = $user;
+ $a->profile_uid = $user['uid'];
- // if it's a json request abort here becaus we don't
- // need the widget data
- if (!empty($a->argv[2]) && ($a->argv[2] === 'json')) {
- return;
- }
-
- $profile = Profile::getByNickname($nick, $a->profile_uid);
+ // if it's a json request abort here becaus we don't
+ // need the widget data
+ if (!empty($a->argv[2]) && ($a->argv[2] === 'json')) {
+ return;
+ }
- $account_type = Contact::getAccountType($profile);
+ $profile = Profile::getByNickname($nick, $a->profile_uid);
- $tpl = get_markup_template("vcard-widget.tpl");
+ $account_type = Contact::getAccountType($profile);
- $vcard_widget = replace_macros($tpl, [
- '$name' => $profile['name'],
- '$photo' => $profile['photo'],
- '$addr' => (($profile['addr'] != "") ? $profile['addr'] : ""),
- '$account_type' => $account_type,
- '$pdesc' => (($profile['pdesc'] != "") ? $profile['pdesc'] : ""),
- ]);
+ $tpl = get_markup_template("vcard-widget.tpl");
- $cal_widget = Widget\CalendarExport::getHTML();
+ $vcard_widget = replace_macros($tpl, [
+ '$name' => $profile['name'],
+ '$photo' => $profile['photo'],
+ '$addr' => (($profile['addr'] != "") ? $profile['addr'] : ""),
+ '$account_type' => $account_type,
+ '$pdesc' => (($profile['pdesc'] != "") ? $profile['pdesc'] : ""),
+ ]);
- if (!x($a->page, 'aside')) {
- $a->page['aside'] = '';
- }
+ $cal_widget = Widget\CalendarExport::getHTML();
- $a->page['aside'] .= $vcard_widget;
- $a->page['aside'] .= $cal_widget;
+ if (!x($a->page, 'aside')) {
+ $a->page['aside'] = '';
}
+ $a->page['aside'] .= $vcard_widget;
+ $a->page['aside'] .= $cal_widget;
+
return;
}
@@ -100,7 +102,7 @@ function cal_content(App $a)
$mode = 'view';
$y = 0;
$m = 0;
- $ignored = ((x($_REQUEST, 'ignored')) ? intval($_REQUEST['ignored']) : 0);
+ $ignored = (x($_REQUEST, 'ignored') ? intval($_REQUEST['ignored']) : 0);
$format = 'ical';
if ($a->argc == 4 && $a->argv[2] == 'export') {
@@ -138,7 +140,7 @@ function cal_content(App $a)
$is_owner = local_user() == $a->profile['profile_uid'];
- if ($a->profile['hidewall'] && (!$is_owner) && (!$remote_contact)) {
+ if ($a->profile['hidewall'] && !$is_owner && !$remote_contact) {
notice(L10n::t('Access to this profile has been restricted.') . EOL);
return;
}
@@ -293,14 +295,14 @@ function cal_content(App $a)
}
if ($mode == 'export') {
- if (!(intval($owner_uid))) {
+ if (!intval($owner_uid)) {
notice(L10n::t('User not found'));
return;
}
// Test permissions
// Respect the export feature setting for all other /cal pages if it's not the own profile
- if (((local_user() !== intval($owner_uid))) && !Feature::isEnabled($owner_uid, "export_calendar")) {
+ if ((local_user() !== intval($owner_uid)) && !Feature::isEnabled($owner_uid, "export_calendar")) {
notice(L10n::t('Permission denied.') . EOL);
goaway('cal/' . $nick);
}
diff --git a/mod/manage.php b/mod/manage.php
index 457b0eede4..f81afb09a6 100644
--- a/mod/manage.php
+++ b/mod/manage.php
@@ -132,7 +132,7 @@ function manage_content(App $a) {
return;
}
- if ($_GET['identity']) {
+ if (!empty($_GET['identity'])) {
$_POST['identity'] = $_GET['identity'];
manage_post($a);
return;
diff --git a/mod/viewcontacts.php b/mod/viewcontacts.php
index f0a5f0cd85..3b3579ce76 100644
--- a/mod/viewcontacts.php
+++ b/mod/viewcontacts.php
@@ -11,36 +11,39 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Profile;
use Friendica\Util\Proxy as ProxyUtils;
+use Friendica\Core\System;
function viewcontacts_init(App $a)
{
- if ((Config::get('system', 'block_public')) && (! local_user()) && (! remote_user())) {
+ if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
return;
}
+ if ($a->argc < 2) {
+ System::httpExit(403, ["title" => L10n::t('Access denied.')]);
+ }
+
Nav::setSelected('home');
- if ($a->argc > 1) {
- $nick = $a->argv[1];
- $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
- DBA::escape($nick)
- );
+ $nick = $a->argv[1];
+ $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
+ DBA::escape($nick)
+ );
- if (! DBA::isResult($r)) {
- return;
- }
+ if (!DBA::isResult($r)) {
+ return;
+ }
- $a->data['user'] = $r[0];
- $a->profile_uid = $r[0]['uid'];
- $is_owner = (local_user() && (local_user() == $a->profile_uid));
+ $a->data['user'] = $r[0];
+ $a->profile_uid = $r[0]['uid'];
+ $is_owner = (local_user() && (local_user() == $a->profile_uid));
- Profile::load($a, $a->argv[1]);
- }
+ Profile::load($a, $a->argv[1]);
}
function viewcontacts_content(App $a)
{
- if ((Config::get('system', 'block_public')) && (! local_user()) && (! remote_user())) {
+ if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
notice(L10n::t('Public access denied.') . EOL);
return;
}
@@ -52,7 +55,7 @@ function viewcontacts_content(App $a)
// tabs
$o .= Profile::getTabs($a, $is_owner, $a->data['user']['nickname']);
- if (((! count($a->profile)) || ($a->profile['hide-friends']))) {
+ if (!count($a->profile) || $a->profile['hide-friends']) {
notice(L10n::t('Permission denied.') . EOL);
return $o;
}
@@ -123,6 +126,5 @@ function viewcontacts_content(App $a)
'$paginate' => paginate($a),
]);
-
return $o;
}
diff --git a/src/Model/Contact.php b/src/Model/Contact.php
index d93e0cb57e..52eaa437f1 100644
--- a/src/Model/Contact.php
+++ b/src/Model/Contact.php
@@ -339,6 +339,11 @@ class Contact extends BaseObject
$item = [];
$item['verb'] = NAMESPACE_OSTATUS . "/unfollow";
$item['follow'] = $contact["url"];
+ $item['body'] = '';
+ $item['title'] = '';
+ $item['guid'] = '';
+ $item['tag'] = '';
+ $item['attach'] = '';
$slap = OStatus::salmon($item, $user);
if (!empty($contact['notify'])) {
@@ -1505,6 +1510,11 @@ class Contact extends BaseObject
$item = [];
$item['verb'] = ACTIVITY_FOLLOW;
$item['follow'] = $contact["url"];
+ $item['body'] = '';
+ $item['title'] = '';
+ $item['guid'] = '';
+ $item['tag'] = '';
+ $item['attach'] = '';
$slap = OStatus::salmon($item, $r[0]);
if (!empty($contact['notify'])) {
Salmon::slapper($r[0], $contact['notify'], $slap);
diff --git a/src/Model/Profile.php b/src/Model/Profile.php
index 9d1b002a79..3ac147396d 100644
--- a/src/Model/Profile.php
+++ b/src/Model/Profile.php
@@ -199,7 +199,7 @@ class Profile
*/
public static function getByNickname($nickname, $uid = 0, $profile_id = 0)
{
- if (remote_user() && count($_SESSION['remote'])) {
+ if (remote_user() && !empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $uid) {
$contact = DBA::selectFirst('contact', ['profile-id'], ['id' => $visitor['cid']]);
@@ -293,7 +293,7 @@ class Profile
$connect = $profile['uid'] != local_user() ? L10n::t('Connect') : false;
// don't show connect link to authenticated visitors either
- if (remote_user() && count($_SESSION['remote'])) {
+ if (remote_user() && !empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $profile['uid']) {
$connect = false;
diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php
index 82255eac9f..e463857857 100644
--- a/src/Protocol/Diaspora.php
+++ b/src/Protocol/Diaspora.php
@@ -4089,7 +4089,7 @@ class Diaspora
$arr = explode(' ', $profile['pub_keywords']);
if (count($arr)) {
for ($x = 0; $x < 5; $x ++) {
- if (trim($arr[$x])) {
+ if (!empty($arr[$x])) {
$tags .= '#'. trim($arr[$x]) .' ';
}
}
--
2.39.5