From 760abd869449719ebf0276130374f6521ae6d180 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <mrpetovan@gmail.com>
Date: Wed, 7 Feb 2018 20:19:22 -0500
Subject: [PATCH 1/2] [twitter] Fix TwitterOauth library usage

- Use array result instead of object
---
 twitter/twitter.php | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/twitter/twitter.php b/twitter/twitter.php
index 47b4fa07..82651812 100644
--- a/twitter/twitter.php
+++ b/twitter/twitter.php
@@ -288,34 +288,28 @@ function twitter_settings(App $a, &$s)
 	$s .= '</span>';
 
 	if ((!$ckey) && (!$csecret)) {
-		/*		 * *
-		 * no global consumer keys
+		/* no global consumer keys
 		 * display warning and skip personal config
 		 */
 		$s .= '<p>' . L10n::t('No consumer key pair for Twitter found. Please contact your site administrator.') . '</p>';
 	} else {
-		/*		 * *
-		 * ok we have a consumer key pair now look into the OAuth stuff
-		 */
+		// ok we have a consumer key pair now look into the OAuth stuff
 		if ((!$otoken) && (!$osecret)) {
-			/*			 * *
-			 * the user has not yet connected the account to twitter...
+			/* the user has not yet connected the account to twitter...
 			 * get a temporary OAuth key/secret pair and display a button with
 			 * which the user can request a PIN to connect the account to a
 			 * account at Twitter.
 			 */
 			$connection = new TwitterOAuth($ckey, $csecret);
 			$result = $connection->oauth('oauth/request_token', ['oauth_callback' => 'oob']);
-			/*			 * *
-			 *  make some nice form
-			 */
+
 			$s .= '<p>' . L10n::t('At this Friendica instance the Twitter addon was enabled but you have not yet connected your account to your Twitter account. To do so click the button below to get a PIN from Twitter which you have to copy into the input box below and submit the form. Only your <strong>public</strong> posts will be posted to Twitter.') . '</p>';
-			$s .= '<a href="' . $connection->url('oauth/authorize', ['oauth_token' => $result->oauth_token]) . '" target="_twitter"><img src="addon/twitter/lighter.png" alt="' . L10n::t('Log in with Twitter') . '"></a>';
+			$s .= '<a href="' . $connection->url('oauth/authorize', ['oauth_token' => $result['oauth_token']]) . '" target="_twitter"><img src="addon/twitter/lighter.png" alt="' . L10n::t('Log in with Twitter') . '"></a>';
 			$s .= '<div id="twitter-pin-wrapper">';
 			$s .= '<label id="twitter-pin-label" for="twitter-pin">' . L10n::t('Copy the PIN from Twitter here') . '</label>';
 			$s .= '<input id="twitter-pin" type="text" name="twitter-pin" />';
-			$s .= '<input id="twitter-token" type="hidden" name="twitter-token" value="' . $result->oauth_token . '" />';
-			$s .= '<input id="twitter-token2" type="hidden" name="twitter-token2" value="' . $result->oauth_token_secret . '" />';
+			$s .= '<input id="twitter-token" type="hidden" name="twitter-token" value="' . $result['oauth_token'] . '" />';
+			$s .= '<input id="twitter-token2" type="hidden" name="twitter-token2" value="' . $result['oauth_token_secret'] . '" />';
 			$s .= '</div><div class="clear"></div>';
 			$s .= '<div class="settings-submit-wrapper" ><input type="submit" name="twitter-submit" class="settings-submit" value="' . L10n::t('Save Settings') . '" /></div>';
 		} else {

From afae967c5d0bb43e6e24944ee75422f7febeff98 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <mrpetovan@gmail.com>
Date: Wed, 7 Feb 2018 20:20:42 -0500
Subject: [PATCH 2/2] [twitter] Add POST parameter checks

- Add Exception handling
---
 twitter/twitter.php | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/twitter/twitter.php b/twitter/twitter.php
index 82651812..ca67dfbc 100644
--- a/twitter/twitter.php
+++ b/twitter/twitter.php
@@ -200,11 +200,11 @@ function twitter_settings_post(App $a, $post)
 		return;
 	}
 	// don't check twitter settings if twitter submit button is not clicked
-	if (!x($_POST, 'twitter-submit')) {
+	if (empty($_POST['twitter-disconnect']) && empty($_POST['twitter-submit'])) {
 		return;
 	}
 
-	if (isset($_POST['twitter-disconnect'])) {
+	if (!empty($_POST['twitter-disconnect'])) {
 		/*		 * *
 		 * if the twitter-disconnect checkbox is set, clear the OAuth key/secret pair
 		 * from the user configuration
@@ -229,12 +229,20 @@ function twitter_settings_post(App $a, $post)
 			//  the token and secret for which the PIN was generated were hidden in the settings
 			//  form as token and token2, we need a new connection to Twitter using these token
 			//  and secret to request a Access Token with the PIN
-			$connection = new TwitterOAuth($ckey, $csecret, $_POST['twitter-token'], $_POST['twitter-token2']);
-			$token = $connection->oauth("oauth/access_token", ["oauth_verifier" => $_POST['twitter-pin']]);
-			//  ok, now that we have the Access Token, save them in the user config
-			PConfig::set(local_user(), 'twitter', 'oauthtoken', $token['oauth_token']);
-			PConfig::set(local_user(), 'twitter', 'oauthsecret', $token['oauth_token_secret']);
-			PConfig::set(local_user(), 'twitter', 'post', 1);
+			try {
+				if (empty($_POST['twitter-pin'])) {
+					throw new Exception(L10n::t('You submitted an empty PIN, please Sign In with Twitter again to get a new one.'));
+				}
+
+				$connection = new TwitterOAuth($ckey, $csecret, $_POST['twitter-token'], $_POST['twitter-token2']);
+				$token = $connection->oauth("oauth/access_token", ["oauth_verifier" => $_POST['twitter-pin']]);
+				//  ok, now that we have the Access Token, save them in the user config
+				PConfig::set(local_user(), 'twitter', 'oauthtoken', $token['oauth_token']);
+				PConfig::set(local_user(), 'twitter', 'oauthsecret', $token['oauth_token_secret']);
+				PConfig::set(local_user(), 'twitter', 'post', 1);
+			} catch(Exception $e) {
+				info($e->getMessage());
+			}
 			//  reload the Addon Settings page, if we don't do it see Bug #42
 			goaway('settings/connectors');
 		} else {