From 5dd6e6b5fb5170ecd9ca30b804b4045e1f2a9167 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Wed, 1 May 2019 19:36:14 -0400 Subject: [PATCH 1/5] Reworked /photos module without App->error - Moved confirm dialogs to photos_content() - Removed comments/interactions from photo edit page --- mod/photos.php | 250 ++++++++++---------- view/templates/album_edit.tpl | 1 - view/templates/photo_album.tpl | 6 + view/templates/photo_edit.tpl | 6 +- view/templates/photo_view.tpl | 19 +- view/theme/frio/js/mod_photos.js | 9 + view/theme/frio/templates/album_edit.tpl | 1 - view/theme/frio/templates/confirm.tpl | 4 +- view/theme/frio/templates/photo_album.tpl | 6 + view/theme/frio/templates/photo_view.tpl | 28 ++- view/theme/quattro/templates/photo_view.tpl | 19 +- view/theme/vier/templates/photo_view.tpl | 19 +- 12 files changed, 215 insertions(+), 153 deletions(-) diff --git a/mod/photos.php b/mod/photos.php index 137e0adb56..caacaf2ce1 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -235,36 +235,12 @@ function photos_post(App $a) } /* - * DELETE photo album and all its photos + * DELETE all photos filed in a given album */ - - if ($_POST['dropalbum'] == L10n::t('Delete Album')) { - // Check if we should do HTML-based delete confirmation - if (!empty($_REQUEST['confirm'])) { - $drop_url = $a->query_string; - - $extra_inputs = [ - ['name' => 'albumname', 'value' => $_POST['albumname']], - ]; - - $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ - '$method' => 'post', - '$message' => L10n::t('Do you really want to delete this photo album and all its photos?'), - '$extra_inputs' => $extra_inputs, - '$confirm' => L10n::t('Delete Album'), - '$confirm_url' => $drop_url, - '$confirm_name' => 'dropalbum', // Needed so that confirmation will bring us back into this if statement - '$cancel' => L10n::t('Cancel'), - ]); - - $a->error = 1; // Set $a->error so the other module functions don't execute - return; - } - + if (!empty($_POST['dropalbum'])) { $res = []; // get the list of photos we are about to delete - if ($visitor) { $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'", intval($visitor), @@ -282,77 +258,61 @@ function photos_post(App $a) foreach ($r as $rr) { $res[] = $rr['rid']; } + + // remove the associated photos + Photo::delete(['resource-id' => $res, 'uid' => $page_owner_uid]); + + // find and delete the corresponding item with all the comments and likes/dislikes + Item::deleteForUser(['resource-id' => $res, 'uid' => $page_owner_uid], $page_owner_uid); + + // Update the photo albums cache + Photo::clearAlbumCache($page_owner_uid); + notice(L10n::t('Album successfully deleted')); } else { - $a->internalRedirect($_SESSION['photo_return']); - return; // NOTREACHED + notice(L10n::t('Album was empty.')); + } + } + + $a->internalRedirect('photos/' . $a->argv[1]); + } + + if ($a->argc > 3 && $a->argv[2] === 'image') { + // Check if the user has responded to a delete confirmation query for a single photo + if (!empty($_POST['canceled'])) { + $a->internalRedirect('photos/' . $a->argv[1] . '/image/' . $a->argv[3]); + } + + if (!empty($_POST['delete'])) { + // same as above but remove single photo + if ($visitor) { + $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1", + intval($visitor), + intval($page_owner_uid), + DBA::escape($a->argv[3]) + ); + } else { + $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1", + intval(local_user()), + DBA::escape($a->argv[3]) + ); } - // remove the associated photos - Photo::delete(['resource-id' => $res, 'uid' => $page_owner_uid]); + if (DBA::isResult($r)) { + Photo::delete(['uid' => $page_owner_uid, 'resource-id' => $r[0]['resource-id']]); - // find and delete the corresponding item with all the comments and likes/dislikes - Item::deleteForUser(['resource-id' => $res, 'uid' => $page_owner_uid], $page_owner_uid); + Item::deleteForUser(['resource-id' => $r[0]['resource-id'], 'uid' => $page_owner_uid], $page_owner_uid); - // Update the photo albums cache - Photo::clearAlbumCache($page_owner_uid); + // Update the photo albums cache + Photo::clearAlbumCache($page_owner_uid); + notice('Successfully deleted the photo.'); + } else { + notice('Failed to delete the photo.'); + $a->internalRedirect('photos/' . $a->argv[1] . '/image/' . $a->argv[3]); + } + + $a->internalRedirect('photos/' . $a->argv[1]); + return; // NOTREACHED } - - $a->internalRedirect('photos/' . $a->data['user']['nickname']); - return; // NOTREACHED - } - - - // Check if the user has responded to a delete confirmation query for a single photo - if ($a->argc > 2 && !empty($_REQUEST['canceled'])) { - $a->internalRedirect($_SESSION['photo_return']); - } - - if ($a->argc > 2 && defaults($_POST, 'delete', '') === L10n::t('Delete Photo')) { - - // same as above but remove single photo - - // Check if we should do HTML-based delete confirmation - if (!empty($_REQUEST['confirm'])) { - $drop_url = $a->query_string; - - $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ - '$method' => 'post', - '$message' => L10n::t('Do you really want to delete this photo?'), - '$extra_inputs' => [], - '$confirm' => L10n::t('Delete Photo'), - '$confirm_url' => $drop_url, - '$confirm_name' => 'delete', // Needed so that confirmation will bring us back into this if statement - '$cancel' => L10n::t('Cancel'), - ]); - - $a->error = 1; // Set $a->error so the other module functions don't execute - return; - } - - if ($visitor) { - $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1", - intval($visitor), - intval($page_owner_uid), - DBA::escape($a->argv[2]) - ); - } else { - $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1", - intval(local_user()), - DBA::escape($a->argv[2]) - ); - } - - if (DBA::isResult($r)) { - Photo::delete(['uid' => $page_owner_uid, 'resource-id' => $r[0]['resource-id']]); - - Item::deleteForUser(['resource-id' => $r[0]['resource-id'], 'uid' => $page_owner_uid], $page_owner_uid); - - // Update the photo albums cache - Photo::clearAlbumCache($page_owner_uid); - } - - $a->internalRedirect('photos/' . $a->data['user']['nickname']); - return; // NOTREACHED } if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) { @@ -896,8 +856,10 @@ function photos_content(App $a) // photos/name/upload/xxxxx (xxxxx is album name) // photos/name/album/xxxxx // photos/name/album/xxxxx/edit + // photos/name/album/xxxxx/drop // photos/name/image/xxxxx // photos/name/image/xxxxx/edit + // photos/name/image/xxxxx/drop if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { notice(L10n::t('Public access denied.') . EOL); @@ -936,7 +898,8 @@ function photos_content(App $a) $contact = null; $remote_contact = false; $contact_id = 0; - $edit = false; + $edit = ''; + $drop = ''; $owner_uid = $a->data['user']['uid']; @@ -1121,6 +1084,24 @@ function photos_content(App $a) $pager->getItemsPerPage() ); + if ($cmd === 'drop') { + $drop_url = $a->query_string; + + $extra_inputs = [ + ['name' => 'albumname', 'value' => $_POST['albumname']], + ]; + + return Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ + '$method' => 'post', + '$message' => L10n::t('Do you really want to delete this photo album and all its photos?'), + '$extra_inputs' => $extra_inputs, + '$confirm' => L10n::t('Delete Album'), + '$confirm_url' => $drop_url, + '$confirm_name' => 'dropalbum', + '$cancel' => L10n::t('Cancel'), + ]); + } + // edit album name if ($cmd === 'edit') { if (($album !== L10n::t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== L10n::t('Contact Photos'))) { @@ -1142,6 +1123,7 @@ function photos_content(App $a) } else { if (($album !== L10n::t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== L10n::t('Contact Photos')) && $can_post) { $edit = [L10n::t('Edit Album'), 'photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit']; + $drop = [L10n::t('Drop Album'), 'photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/drop']; } } @@ -1187,6 +1169,7 @@ function photos_content(App $a) '$upload' => [L10n::t('Upload New Photos'), 'photos/' . $a->data['user']['nickname'] . '/upload/' . bin2hex($album)], '$order' => $order, '$edit' => $edit, + '$drop' => $drop, '$paginate' => $pager->renderFull($total), ]); @@ -1217,6 +1200,20 @@ function photos_content(App $a) return; } + if ($cmd === 'drop') { + $drop_url = $a->query_string; + + return Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ + '$method' => 'post', + '$message' => L10n::t('Do you really want to delete this photo?'), + '$extra_inputs' => [], + '$confirm' => L10n::t('Delete Photo'), + '$confirm_url' => $drop_url, + '$confirm_name' => 'delete', + '$cancel' => L10n::t('Cancel'), + ]); + } + $prevlink = ''; $nextlink = ''; @@ -1225,7 +1222,7 @@ function photos_content(App $a) * The query leads to a really intense used index. * By now we hide it if someone wants to. */ - if (!Config::get('system', 'no_count', false)) { + if ($cmd === 'view' && !Config::get('system', 'no_count', false)) { $order_field = defaults($_GET, 'order', ''); if ($order_field === 'posted') { @@ -1256,12 +1253,26 @@ function photos_content(App $a) break; } } - $edit_suffix = ((($cmd === 'edit') && $can_post) ? '/edit' : ''); + if (!is_null($prv)) { - $prevlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : ''); + $prevlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . ($order_field === 'posted' ? '?f=&order=posted' : ''); } if (!is_null($nxt)) { - $nextlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : ''); + $nextlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . ($order_field === 'posted' ? '?f=&order=posted' : ''); + } + + $tpl = Renderer::getMarkupTemplate('photo_edit_head.tpl'); + $a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[ + '$prevlink' => $prevlink, + '$nextlink' => $nextlink + ]); + + if ($prevlink) { + $prevlink = [$prevlink, '']; + } + + if ($nextlink) { + $nextlink = [$nextlink, '']; } } } @@ -1283,33 +1294,23 @@ function photos_content(App $a) $album_link = 'photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']); $tools = null; - $lock = null; if ($can_post && ($ph[0]['uid'] == $owner_uid)) { - $tools = [ - 'edit' => ['photos/' . $a->data['user']['nickname'] . '/image/' . $datum . (($cmd === 'edit') ? '' : '/edit'), (($cmd === 'edit') ? L10n::t('View photo') : L10n::t('Edit photo'))], - 'profile'=>['profile_photo/use/'.$ph[0]['resource-id'], L10n::t('Use as profile photo')], - ]; + $tools = []; + if ($cmd === 'edit') { + $tools['view'] = ['photos/' . $a->data['user']['nickname'] . '/image/' . $datum, L10n::t('View photo')]; + } else { + $tools['edit'] = ['photos/' . $a->data['user']['nickname'] . '/image/' . $datum . '/edit', L10n::t('Edit photo')]; + $tools['delete'] = ['photos/' . $a->data['user']['nickname'] . '/image/' . $datum . '/drop', L10n::t('Delete photo')]; + $tools['profile'] = ['profile_photo/use/'.$ph[0]['resource-id'], L10n::t('Use as profile photo')]; + } - // lock - $lock = ((($ph[0]['uid'] == local_user()) && (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) - || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid']))) - ? L10n::t('Private Message') - : Null); - - - } - - if ($cmd === 'edit') { - $tpl = Renderer::getMarkupTemplate('photo_edit_head.tpl'); - $a->page['htmlhead'] .= Renderer::replaceMacros($tpl,[ - '$prevlink' => $prevlink, - '$nextlink' => $nextlink - ]); - } - - if ($prevlink) { - $prevlink = [$prevlink, '']; + if ( + $ph[0]['uid'] == local_user() + && (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) + ) { + $tools['lock'] = L10n::t('Private Photo'); + } } $photo = [ @@ -1322,9 +1323,7 @@ function photos_content(App $a) 'filename' => $hires['filename'], ]; - if ($nextlink) { - $nextlink = [$nextlink, '']; - } + // Do we have an item for this photo? @@ -1431,7 +1430,7 @@ function photos_content(App $a) $tpl = Renderer::getMarkupTemplate('photo_item.tpl'); $return_path = $a->cmd; - if ($can_post || Security::canWriteToUserWall($owner_uid)) { + if ($cmd === 'view' && ($can_post || Security::canWriteToUserWall($owner_uid))) { $like_tpl = Renderer::getMarkupTemplate('like_noshare.tpl'); $likebuttons = Renderer::replaceMacros($like_tpl, [ '$id' => $link_item['id'], @@ -1510,7 +1509,7 @@ function photos_content(App $a) continue; } - $profile_url = Contact::MagicLinkById($item['author-id']); + $profile_url = Contact::magicLinkbyId($item['author-id']); if (strpos($profile_url, 'redir/') === 0) { $sparkle = ' sparkle'; } else { @@ -1574,7 +1573,6 @@ function photos_content(App $a) '$id' => $ph[0]['id'], '$album' => [$album_link, $ph[0]['album']], '$tools' => $tools, - '$lock' => $lock, '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, diff --git a/view/templates/album_edit.tpl b/view/templates/album_edit.tpl index 72aedd8b70..b6f24ec3b2 100644 --- a/view/templates/album_edit.tpl +++ b/view/templates/album_edit.tpl @@ -9,7 +9,6 @@
- diff --git a/view/templates/photo_album.tpl b/view/templates/photo_album.tpl index cae3b868af..5080663abd 100644 --- a/view/templates/photo_album.tpl +++ b/view/templates/photo_album.tpl @@ -3,6 +3,12 @@ {{if $edit}} {{/if}} +{{if $edit}} + +{{/if}} +{{if $drop}} + +{{/if}} {{if $can_post}} diff --git a/view/templates/photo_edit.tpl b/view/templates/photo_edit.tpl index 8b22dfb44c..49a550e42b 100644 --- a/view/templates/photo_edit.tpl +++ b/view/templates/photo_edit.tpl @@ -1,6 +1,5 @@ - -
+ @@ -28,9 +27,6 @@
-
- - diff --git a/view/templates/photo_view.tpl b/view/templates/photo_view.tpl index 372bcb536e..7170ceb333 100644 --- a/view/templates/photo_view.tpl +++ b/view/templates/photo_view.tpl @@ -4,11 +4,22 @@ {{if $prevlink}}{{/if}} diff --git a/view/theme/frio/js/mod_photos.js b/view/theme/frio/js/mod_photos.js index 77173385b1..2e7160aafa 100644 --- a/view/theme/frio/js/mod_photos.js +++ b/view/theme/frio/js/mod_photos.js @@ -23,6 +23,15 @@ $(document).ready(function() { addToModal(modalUrl, 'photo-album-edit-wrapper'); } }); + + // Click event listener for the album drop link/button. + $("body").on('click', '#album-drop-link', function() { + var modalUrl = $(this).attr("data-modal-url"); + + if (typeof modalUrl !== "undefined") { + addToModal(modalUrl); + } + }); }); $(window).load(function() { diff --git a/view/theme/frio/templates/album_edit.tpl b/view/theme/frio/templates/album_edit.tpl index 0b58d520d8..4f240922a7 100644 --- a/view/theme/frio/templates/album_edit.tpl +++ b/view/theme/frio/templates/album_edit.tpl @@ -7,7 +7,6 @@
-
diff --git a/view/theme/frio/templates/confirm.tpl b/view/theme/frio/templates/confirm.tpl index 62611593c8..36072a56b1 100644 --- a/view/theme/frio/templates/confirm.tpl +++ b/view/theme/frio/templates/confirm.tpl @@ -1,6 +1,5 @@ -
- +
{{$message}}
{{foreach $extra_inputs as $input}} @@ -10,5 +9,4 @@ -
diff --git a/view/theme/frio/templates/photo_album.tpl b/view/theme/frio/templates/photo_album.tpl index a34e8ea861..a3b030477a 100644 --- a/view/theme/frio/templates/photo_album.tpl +++ b/view/theme/frio/templates/photo_album.tpl @@ -16,6 +16,12 @@ {{/if}} + {{if $drop}} + + + {{/if}} {{if ! $noorder}} diff --git a/view/theme/frio/templates/photo_view.tpl b/view/theme/frio/templates/photo_view.tpl index 359c426696..82bddcfc61 100644 --- a/view/theme/frio/templates/photo_view.tpl +++ b/view/theme/frio/templates/photo_view.tpl @@ -10,22 +10,38 @@
@@ -80,10 +96,12 @@
+{{if !$edit}} {{* Insert the comments *}}
{{$comments nofilter}}
{{$paginate nofilter}} +{{/if}} diff --git a/view/theme/quattro/templates/photo_view.tpl b/view/theme/quattro/templates/photo_view.tpl index a4787270fe..1ce336b0a6 100644 --- a/view/theme/quattro/templates/photo_view.tpl +++ b/view/theme/quattro/templates/photo_view.tpl @@ -3,11 +3,22 @@
diff --git a/view/theme/vier/templates/photo_view.tpl b/view/theme/vier/templates/photo_view.tpl index 617bcc5b25..f70ec5b561 100644 --- a/view/theme/vier/templates/photo_view.tpl +++ b/view/theme/vier/templates/photo_view.tpl @@ -4,11 +4,22 @@ {{if $prevlink}}{{/if}} From 9fa21396819fd1ffe70635e417d29c1be5d865f7 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Wed, 1 May 2019 20:29:01 -0400 Subject: [PATCH 2/5] Remove unused code mentioning App->error in mod/videos --- mod/videos.php | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/mod/videos.php b/mod/videos.php index 4120c136f1..2e4aa6b1fa 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -84,33 +84,6 @@ function videos_post(App $a) } if (($a->argc == 2) && !empty($_POST['delete']) && !empty($_POST['id'])) { - // Check if we should do HTML-based delete confirmation - if (empty($_REQUEST['confirm'])) { - if (!empty($_REQUEST['canceled'])) { - $a->internalRedirect('videos/' . $a->data['user']['nickname']); - } - - $drop_url = $a->query_string; - - $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ - '$method' => 'post', - '$message' => L10n::t('Do you really want to delete this video?'), - '$extra_inputs' => [ - ['name' => 'id' , 'value' => $_POST['id']], - ['name' => 'delete', 'value' => 'x'] - ], - '$confirm' => L10n::t('Delete Video'), - '$confirm_url' => $drop_url, - '$confirm_name' => 'confirm', // Needed so that confirmation will bring us back into this if statement - '$cancel' => L10n::t('Cancel'), - - ]); - - $a->error = 1; // Set $a->error so the other module functions don't execute - - return; - } - $video_id = $_POST['id']; if (Attach::exists(['id' => $video_id, 'uid' => local_user()])) { From 9b91b0550d0220377c1fce3dc3d0875f07552d6a Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Wed, 1 May 2019 21:13:33 -0400 Subject: [PATCH 3/5] Rework suggest module without App->error - Add POST treatment for ignore request --- mod/suggest.php | 62 ++++++++++++++++++++++++------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/mod/suggest.php b/mod/suggest.php index bca2694d37..4b67dd6eb8 100644 --- a/mod/suggest.php +++ b/mod/suggest.php @@ -19,39 +19,16 @@ function suggest_init(App $a) if (! local_user()) { return; } +} - if (!empty($_GET['ignore'])) { - // Check if we should do HTML-based delete confirmation - if ($_REQUEST['confirm']) { - //
can't take arguments in its "action" parameter - // so add any arguments as hidden inputs - $query = explode_querystring($a->query_string); - $inputs = []; - foreach ($query['args'] as $arg) { - if (strpos($arg, 'confirm=') === false) { - $arg_parts = explode('=', $arg); - $inputs[] = ['name' => $arg_parts[0], 'value' => $arg_parts[1]]; - } - } - - $a->page['content'] = Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ - '$method' => 'get', - '$message' => L10n::t('Do you really want to delete this suggestion?'), - '$extra_inputs' => $inputs, - '$confirm' => L10n::t('Yes'), - '$confirm_url' => $query['base'], - '$confirm_name' => 'confirmed', - '$cancel' => L10n::t('Cancel'), - ]); - $a->error = 1; // Set $a->error so the other module functions don't execute - return; - } - // Now check how the user responded to the confirmation query - if (!$_REQUEST['canceled']) { - DBA::insert('gcign', ['uid' => local_user(), 'gcid' => $_GET['ignore']]); - } +function suggest_post(App $a) +{ + if (!empty($_POST['ignore']) && !empty($_POST['confirm'])) { + DBA::insert('gcign', ['uid' => local_user(), 'gcid' => $_POST['ignore']]); + notice(L10n::t('Contact suggestion successfully ignored.')); } + $a->internalRedirect('suggest'); } function suggest_content(App $a) @@ -76,11 +53,34 @@ function suggest_content(App $a) return $o; } + + if (!empty($_GET['ignore'])) { + // can't take arguments in its "action" parameter + // so add any arguments as hidden inputs + $query = explode_querystring($a->query_string); + $inputs = []; + foreach ($query['args'] as $arg) { + if (strpos($arg, 'confirm=') === false) { + $arg_parts = explode('=', $arg); + $inputs[] = ['name' => $arg_parts[0], 'value' => $arg_parts[1]]; + } + } + + return Renderer::replaceMacros(Renderer::getMarkupTemplate('confirm.tpl'), [ + '$method' => 'post', + '$message' => L10n::t('Do you really want to delete this suggestion?'), + '$extra_inputs' => $inputs, + '$confirm' => L10n::t('Yes'), + '$confirm_url' => $query['base'], + '$confirm_name' => 'confirm', + '$cancel' => L10n::t('Cancel'), + ]); + } + $id = 0; $entries = []; foreach ($r as $rr) { - $connlnk = System::baseUrl() . '/follow/?url=' . (($rr['connect']) ? $rr['connect'] : $rr['url']); $ignlnk = System::baseUrl() . '/suggest?ignore=' . $rr['id']; $photo_menu = [ From 7b1ea6cad6f714a669a1d0a8a1fea8c2bb3f3782 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Wed, 1 May 2019 21:17:03 -0400 Subject: [PATCH 4/5] Remove App->error --- mod/hcard.php | 1 - mod/notice.php | 1 - mod/viewsrc.php | 1 - src/App.php | 9 +-------- src/Model/Profile.php | 2 -- 5 files changed, 1 insertion(+), 13 deletions(-) diff --git a/mod/hcard.php b/mod/hcard.php index cbaebc8ff4..e27ea29be4 100644 --- a/mod/hcard.php +++ b/mod/hcard.php @@ -18,7 +18,6 @@ function hcard_init(App $a) $which = $a->argv[1]; } else { notice(L10n::t('No profile') . EOL); - $a->error = 404; return; } diff --git a/mod/notice.php b/mod/notice.php index 1a584000c7..edcbefdad2 100644 --- a/mod/notice.php +++ b/mod/notice.php @@ -16,7 +16,6 @@ function notice_init(App $a) $nick = $r[0]['nickname']; $a->internalRedirect('display/' . $nick . '/' . $id); } else { - $a->error = 404; notice(L10n::t('Item not found.') . EOL); } diff --git a/mod/viewsrc.php b/mod/viewsrc.php index f05996d2fb..939c73a142 100644 --- a/mod/viewsrc.php +++ b/mod/viewsrc.php @@ -18,7 +18,6 @@ function viewsrc_content(App $a) $item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0); if (!$item_id) { - $a->error = 404; notice(L10n::t('Item not found.') . EOL); return; } diff --git a/src/App.php b/src/App.php index 9cde124998..328a1a1522 100644 --- a/src/App.php +++ b/src/App.php @@ -49,7 +49,6 @@ class App public $page_contact; public $content; public $data = []; - public $error = false; public $cmd = ''; public $argv; public $argc; @@ -1252,9 +1251,7 @@ class App // "rawContent" is especially meant for technical endpoints. // This endpoint doesn't need any theme initialization or other comparable stuff. - if (!$this->error) { call_user_func([$this->module_class, 'rawContent']); - } } // Load current theme info after module has been initialized as theme could have been set in module @@ -1269,24 +1266,20 @@ class App } if ($this->module_class) { - if (! $this->error && $_SERVER['REQUEST_METHOD'] === 'POST') { + if ($_SERVER['REQUEST_METHOD'] === 'POST') { Core\Hook::callAll($this->module . '_mod_post', $_POST); call_user_func([$this->module_class, 'post']); } - if (! $this->error) { Core\Hook::callAll($this->module . '_mod_afterpost', $placeholder); call_user_func([$this->module_class, 'afterpost']); - } - if (! $this->error) { $arr = ['content' => $content]; Core\Hook::callAll($this->module . '_mod_content', $arr); $content = $arr['content']; $arr = ['content' => call_user_func([$this->module_class, 'content'])]; Core\Hook::callAll($this->module . '_mod_aftercontent', $arr); $content .= $arr['content']; - } } // initialise content region diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 79971cd999..3c4ca6fed5 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -113,7 +113,6 @@ class Profile if (!DBA::isResult($user) && empty($profiledata)) { Logger::log('profile error: ' . $a->query_string, Logger::DEBUG); notice(L10n::t('Requested account is not available.') . EOL); - $a->error = 404; return; } @@ -131,7 +130,6 @@ class Profile if (empty($pdata) && empty($profiledata)) { Logger::log('profile error: ' . $a->query_string, Logger::DEBUG); notice(L10n::t('Requested profile is not available.') . EOL); - $a->error = 404; return; } From dd0b7d26428d6bac9c57bd430385e651455d78e8 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Thu, 2 May 2019 09:49:20 -0400 Subject: [PATCH 5/5] Replace straightforward q() calls by DBA::selectFirst or DBA::exists in mod/photos --- mod/photos.php | 102 +++++++++++++++++-------------------------------- 1 file changed, 35 insertions(+), 67 deletions(-) diff --git a/mod/photos.php b/mod/photos.php index caacaf2ce1..f6deb32709 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -47,16 +47,14 @@ function photos_init(App $a) { if ($a->argc > 1) { $nick = $a->argv[1]; - $user = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1", - DBA::escape($nick) - ); + $user = DBA::selectFirst('user', [], ['nickname' => $nick, 'blocked' => false]); if (!DBA::isResult($user)) { return; } - $a->data['user'] = $user[0]; - $a->profile_uid = $user[0]['uid']; + $a->data['user'] = $user; + $a->profile_uid = $user['uid']; $is_owner = (local_user() && (local_user() == $a->profile_uid)); $profile = Profile::getByNickname($nick, $a->profile_uid); @@ -170,12 +168,7 @@ function photos_post(App $a) } if ($contact_id > 0) { - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($page_owner_uid) - ); - - if (DBA::isResult($r)) { + if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) { $can_post = true; $visitor = $contact_id; } @@ -285,22 +278,18 @@ function photos_post(App $a) if (!empty($_POST['delete'])) { // same as above but remove single photo if ($visitor) { - $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1", - intval($visitor), - intval($page_owner_uid), - DBA::escape($a->argv[3]) - ); + $condition = ['contact-id' => $visitor, 'uid' => $page_owner_uid, 'resource-id' => $a->argv[3]]; + } else { - $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1", - intval(local_user()), - DBA::escape($a->argv[3]) - ); + $condition = ['uid' => local_user(), 'resource-id' => $a->argv[3]]; } - if (DBA::isResult($r)) { - Photo::delete(['uid' => $page_owner_uid, 'resource-id' => $r[0]['resource-id']]); + $photo = DBA::selectFirst('photo', ['resource-id'], $condition); - Item::deleteForUser(['resource-id' => $r[0]['resource-id'], 'uid' => $page_owner_uid], $page_owner_uid); + if (DBA::isResult($photo)) { + Photo::delete(['uid' => $page_owner_uid, 'resource-id' => $photo['resource-id']]); + + Item::deleteForUser(['resource-id' => $photo['resource-id'], 'uid' => $page_owner_uid], $page_owner_uid); // Update the photo albums cache Photo::clearAlbumCache($page_owner_uid); @@ -453,6 +442,7 @@ function photos_post(App $a) foreach ($tags as $tag) { if (strpos($tag, '@') === 0) { $profile = ''; + $contact = null; $name = substr($tag,1); if ((strpos($name, '@')) || (strpos($name, 'http://'))) { @@ -487,34 +477,26 @@ function photos_post(App $a) } if ($tagcid) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($tagcid), - intval($page_owner_uid) - ); + $contact = DBA::selectFirst('contact', [], ['id' => $tagcid, 'uid' => $page_owner_uid]); } else { $newname = str_replace('_',' ',$name); //select someone from this user's contacts by name - $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", - DBA::escape($newname), - intval($page_owner_uid) - ); - - if (!DBA::isResult($r)) { + $contact = DBA::selectFirst('contact', [], ['name' => $newname, 'uid' => $page_owner_uid]); + if (!DBA::isResult($contact)) { //select someone by attag or nick and the name passed in - $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", - DBA::escape($name), - DBA::escape($name), - intval($page_owner_uid) + $contact = DBA::selectFirst('contact', [], + ['(`attag` = ? OR `nick` = ?) AND `uid` = ?', $name, $name, $page_owner_uid], + ['order' => ['attag' => true]] ); } } - if (DBA::isResult($r)) { - $newname = $r[0]['name']; - $profile = $r[0]['url']; + if (DBA::isResult($contact)) { + $newname = $contact['name']; + $profile = $contact['url']; - $notify = 'cid:' . $r[0]['id']; + $notify = 'cid:' . $contact['id']; if (strlen($inform)) { $inform .= ','; } @@ -523,8 +505,8 @@ function photos_post(App $a) } if ($profile) { - if (substr($notify, 0, 4) === 'cid:') { - $taginfo[] = [$newname, $profile, $notify, $r[0], '@[url=' . str_replace(',','%2c',$profile) . ']' . $newname . '[/url]']; + if (!empty($contact)) { + $taginfo[] = [$newname, $profile, $notify, $contact, '@[url=' . str_replace(',', '%2c', $profile) . ']' . $newname . '[/url]']; } else { $taginfo[] = [$newname, $profile, $notify, null, $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]']; } @@ -917,15 +899,12 @@ function photos_content(App $a) } } } - if ($contact_id) { - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($owner_uid) - ); - if (DBA::isResult($r)) { + if ($contact_id) { + $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); + + if (DBA::isResult($contact)) { $can_post = true; - $contact = $r[0]; $remote_contact = true; $visitor = $contact_id; } @@ -946,16 +925,13 @@ function photos_content(App $a) } } } + if ($contact_id) { $groups = Group::getIdsByContactId($contact_id); - $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($owner_uid) - ); - if (DBA::isResult($r)) { - $contact = $r[0]; - $remote_contact = true; - } + + $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); + + $remote_contact = DBA::isResult($contact); } } @@ -1187,12 +1163,7 @@ function photos_content(App $a) ); if (!DBA::isResult($ph)) { - $ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' - LIMIT 1", - intval($owner_uid), - DBA::escape($datum) - ); - if (DBA::isResult($ph)) { + if (DBA::exists('photo', ['resource-id' => $datum, 'uid' => $owner_uid])) { notice(L10n::t('Permission denied. Access to this item may be restricted.')); } else { notice(L10n::t('Photo not available') . EOL); @@ -1323,9 +1294,6 @@ function photos_content(App $a) 'filename' => $hires['filename'], ]; - - - // Do we have an item for this photo? // FIXME! - replace following code to display the conversation with our normal