From f0267fc441c0e8f1a4e9ea9bffa4e2d4b8f8490b Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Wed, 30 Dec 2020 21:10:26 -0500
Subject: [PATCH 1/3] Simplify user public contact id retrieval in mod/events

---
 mod/events.php | 22 ++++++----------------
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/mod/events.php b/mod/events.php
index bf813f683..4fd6706bd 100644
--- a/mod/events.php
+++ b/mod/events.php
@@ -66,9 +66,7 @@ function events_init(App $a)
 
 function events_post(App $a)
 {
-
 	Logger::debug('post', ['request' => $_REQUEST]);
-
 	if (!local_user()) {
 		return;
 	}
@@ -83,6 +81,8 @@ function events_post(App $a)
 	$adjust   = intval($_POST['adjust'] ?? 0);
 	$nofinish = intval($_POST['nofinish'] ?? 0);
 
+	$share = intval($_POST['share'] ?? 0);
+
 	// The default setting for the `private` field in event_store() is false, so mirror that
 	$private_event = false;
 
@@ -150,18 +150,9 @@ function events_post(App $a)
 		DI::baseUrl()->redirect($onerror_path);
 	}
 
-	$share = intval($_POST['share'] ?? 0);
-
-	$c = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `self` LIMIT 1",
-		intval(local_user())
-	);
-
-	if (DBA::isResult($c)) {
-		$self = $c[0]['id'];
-	} else {
-		$self = 0;
-	}
+	$self = \Friendica\Model\Contact::getPublicIdByUserId($uid);
 
+	$aclFormatter = DI::aclFormatter();
 
 	if ($share) {
 		$user = User::getById($uid, ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid']);
@@ -169,7 +160,6 @@ function events_post(App $a)
 			return;
 		}
 
-		$aclFormatter = DI::aclFormatter();
 		$str_contact_allow = isset($_REQUEST['contact_allow']) ? $aclFormatter->toString($_REQUEST['contact_allow']) : $user['allow_cid'] ?? '';
 		$str_group_allow   = isset($_REQUEST['group_allow'])   ? $aclFormatter->toString($_REQUEST['group_allow'])   : $user['allow_gid'] ?? '';
 		$str_contact_deny  = isset($_REQUEST['contact_deny'])  ? $aclFormatter->toString($_REQUEST['contact_deny'])  : $user['deny_cid']  ?? '';
@@ -183,10 +173,10 @@ function events_post(App $a)
 			// Since we know from the visibility parameter the item should be private, we have to prevent the empty ACL
 			// case that would make it public. So we always append the author's contact id to the allowed contacts.
 			// See https://github.com/friendica/friendica/issues/9672
-			$str_contact_allow .= $aclFormatter->toString(Contact::getPublicIdByUserId($uid));
+			$str_contact_allow .= $aclFormatter->toString($self);
 		}
 	} else {
-		$str_contact_allow = '<' . $self . '>';
+		$str_contact_allow = $aclFormatter->toString($self);
 		$str_group_allow = $str_contact_deny = $str_group_deny = '';
 	}
 

From e342f69e211d03d5647cf88be5558a120a78b43b Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Wed, 30 Dec 2020 21:11:24 -0500
Subject: [PATCH 2/3] Simplify item sanitization in Util\ACLFormatter

---
 src/Util/ACLFormatter.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Util/ACLFormatter.php b/src/Util/ACLFormatter.php
index 7719daf45..0c53e08c9 100644
--- a/src/Util/ACLFormatter.php
+++ b/src/Util/ACLFormatter.php
@@ -84,7 +84,7 @@ final class ACLFormatter
 	private function sanitizeItem(string &$item) {
 		// The item is an ACL int value
 		if (intval($item)) {
-			$item = '<' . intval(Strings::escapeTags(trim($item))) . '>';
+			$item = '<' . intval($item) . '>';
 		// The item is a allowed ACL character
 		} elseif (in_array($item, [Group::FOLLOWERS, Group::MUTUALS])) {
 			$item = '<' . $item . '>';

From beaef1229636ba6998eff703dfda7857772bc475 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Wed, 30 Dec 2020 21:15:01 -0500
Subject: [PATCH 3/3] Add missing first file/line in exception template

---
 src/Module/Special/HTTPException.php | 8 +++++++-
 view/templates/exception.tpl         | 6 ++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/Module/Special/HTTPException.php b/src/Module/Special/HTTPException.php
index ed962a423..1bfae2a36 100644
--- a/src/Module/Special/HTTPException.php
+++ b/src/Module/Special/HTTPException.php
@@ -69,9 +69,15 @@ class HTTPException
 			$message = $explanation[$e->getCode()] ?? '';
 		}
 
-		$vars = ['$title' => $title, '$message' => $message, '$back' => DI::l10n()->t('Go back')];
+		$vars = [
+			'$title' => $title,
+			'$message' => $message,
+			'$back' => DI::l10n()->t('Go back'),
+			'$stack_trace' => DI::l10n()->t('Stack trace:'),
+		];
 
 		if (is_site_admin()) {
+			$vars['$thrown'] = DI::l10n()->t('Exception thrown in %s:%d', $e->getFile(), $e->getLine());
 			$vars['$trace'] = $e->getTraceAsString();
 		}
 
diff --git a/view/templates/exception.tpl b/view/templates/exception.tpl
index 04e9f82c0..4b2966141 100644
--- a/view/templates/exception.tpl
+++ b/view/templates/exception.tpl
@@ -2,8 +2,10 @@
     <img class="hare" src="images/friendica-404_svg_flexy-o-hare.png"/>
     <h1>{{$title}}</h1>
     <p>{{$message}}</p>
-{{if $trace}}
-	<pre>{{$trace nofilter}}</pre>
+{{if $thrown}}
+	<pre>{{$thrown}}
+{{$stack_trace}}
+{{$trace}}</pre>
 {{/if}}
 	<p><button type="button" onclick="window.history.back()" class="btn btn-primary">{{$back}}</button></p>
 </div>