1
1
Fork 0

Remove random profile behavior from /profile

This commit is contained in:
Hypolite Petovan 2018-12-25 11:33:48 -05:00
parent a3928ec3b6
commit 00f90571ad

View file

@ -33,24 +33,16 @@ function profile_init(App $a)
$a->page['aside'] = ''; $a->page['aside'] = '';
} }
if ($a->argc > 1) { if ($a->argc < 2) {
$which = htmlspecialchars($a->argv[1]); System::httpExit(400);
} else {
$r = q("SELECT `nickname` FROM `user` WHERE `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 ORDER BY RAND() LIMIT 1");
if (DBA::isResult($r)) {
$a->internalRedirect('profile/' . $r[0]['nickname']);
} else {
Logger::log('profile error: mod_profile ' . $a->query_string, Logger::DEBUG);
notice(L10n::t('Requested profile is not available.') . EOL);
$a->error = 404;
return;
}
} }
$which = filter_var($a->argv[1], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH | FILTER_FLAG_STRIP_BACKTICK);
$profile = 0; $profile = 0;
if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') { if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') {
$which = $a->user['nickname']; $which = $a->user['nickname'];
$profile = htmlspecialchars($a->argv[1]); $profile = filter_var($a->argv[1], FILTER_SANITIZE_NUMBER_INT);
} else { } else {
DFRN::autoRedir($a, $which); DFRN::autoRedir($a, $which);
} }