bitPickups/friendica_2019-12_sharedHosting_hotFix
1
1
Fork 0
Code Pull requests Activity

Yeah, and again notices ... (#5536)

Browse source 
* Yeah, and again notices ...

* And some more

* Block access without given user name

* Reformatting
This commit is contained in:
Michael Vogel 2018-08-01 07:29:58 +02:00 committed by Tobias Diekershoff
commit 9d0f18c0b3
8 changed files with 82 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

88
mod/cal.php
View file

@ -28,52 +28,54 @@ function cal_init(App $a)
DFRN::autoRedir($a, $a->argv[1]);
}
if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
return;
}
if ($a->argc < 2) {
System::httpExit(403, ["title" => L10n::t('Access denied.')]);
}
Nav::setSelected('events');
if ($a->argc > 1) {
$nick = $a->argv[1];
$user = DBA::selectFirst('user', [], ['nickname' => $nick, 'blocked' => false]);
if (!DBA::isResult($user)) {
return;
}
$a->data['user'] = $user;
$a->profile_uid = $user['uid'];
// if it's a json request abort here becaus we don't
// need the widget data
if (!empty($a->argv[2]) && ($a->argv[2] === 'json')) {
return;
}
$profile = Profile::getByNickname($nick, $a->profile_uid);
$account_type = Contact::getAccountType($profile);
$tpl = get_markup_template("vcard-widget.tpl");
$vcard_widget = replace_macros($tpl, [
'$name' => $profile['name'],
'$photo' => $profile['photo'],
'$addr' => (($profile['addr'] != "") ? $profile['addr'] : ""),
'$account_type' => $account_type,
'$pdesc' => (($profile['pdesc'] != "") ? $profile['pdesc'] : ""),
]);
$cal_widget = Widget\CalendarExport::getHTML();
if (!x($a->page, 'aside')) {
$a->page['aside'] = '';
}
$a->page['aside'] .= $vcard_widget;
$a->page['aside'] .= $cal_widget;
$nick = $a->argv[1];
$user = DBA::selectFirst('user', [], ['nickname' => $nick, 'blocked' => false]);
if (!DBA::isResult($user)) {
return;
}
$a->data['user'] = $user;
$a->profile_uid = $user['uid'];
// if it's a json request abort here becaus we don't
// need the widget data
if (!empty($a->argv[2]) && ($a->argv[2] === 'json')) {
return;
}
$profile = Profile::getByNickname($nick, $a->profile_uid);
$account_type = Contact::getAccountType($profile);
$tpl = get_markup_template("vcard-widget.tpl");
$vcard_widget = replace_macros($tpl, [
'$name' => $profile['name'],
'$photo' => $profile['photo'],
'$addr' => (($profile['addr'] != "") ? $profile['addr'] : ""),
'$account_type' => $account_type,
'$pdesc' => (($profile['pdesc'] != "") ? $profile['pdesc'] : ""),
]);
$cal_widget = Widget\CalendarExport::getHTML();
if (!x($a->page, 'aside')) {
$a->page['aside'] = '';
}
$a->page['aside'] .= $vcard_widget;
$a->page['aside'] .= $cal_widget;
return;
}
@ -100,7 +102,7 @@ function cal_content(App $a)
$mode = 'view';
$y = 0;
$m = 0;
$ignored = ((x($_REQUEST, 'ignored')) ? intval($_REQUEST['ignored']) : 0);
$ignored = (x($_REQUEST, 'ignored') ? intval($_REQUEST['ignored']) : 0);
$format = 'ical';
if ($a->argc == 4 && $a->argv[2] == 'export') {
@ -138,7 +140,7 @@ function cal_content(App $a)
$is_owner = local_user() == $a->profile['profile_uid'];
if ($a->profile['hidewall'] && (!$is_owner) && (!$remote_contact)) {
if ($a->profile['hidewall'] && !$is_owner && !$remote_contact) {
notice(L10n::t('Access to this profile has been restricted.') . EOL);
return;
}
@ -293,14 +295,14 @@ function cal_content(App $a)
}
if ($mode == 'export') {
if (!(intval($owner_uid))) {
if (!intval($owner_uid)) {
notice(L10n::t('User not found'));
return;
}
// Test permissions
// Respect the export feature setting for all other /cal pages if it's not the own profile
if (((local_user() !== intval($owner_uid))) && !Feature::isEnabled($owner_uid, "export_calendar")) {
if ((local_user() !== intval($owner_uid)) && !Feature::isEnabled($owner_uid, "export_calendar")) {
notice(L10n::t('Permission denied.') . EOL);
goaway('cal/' . $nick);
}