diff --git a/include/items.php b/include/items.php index 9922c447f0..08858682e6 100644 --- a/include/items.php +++ b/include/items.php @@ -371,7 +371,7 @@ function drop_item($id) if ((local_user() == $item['uid']) || $contact_id) { // Check if we should do HTML-based delete confirmation - if ($_REQUEST['confirm']) { + if (!empty($_REQUEST['confirm'])) { //
can't take arguments in its "action" parameter // so add any arguments as hidden inputs $query = explode_querystring($a->query_string); @@ -395,7 +395,7 @@ function drop_item($id) ]); } // Now check how the user responded to the confirmation query - if ($_REQUEST['canceled']) { + if (!empty($_REQUEST['canceled'])) { goaway(System::baseUrl() . '/' . $_SESSION['return_url']); } diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index 5e5540be14..54539ee03d 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -480,6 +480,12 @@ function dfrn_poll_content(App $a) } if (($type === 'profile') && (strlen($sec))) { + // heluecht: I don't know why we don't fail immediately when the user or contact hadn't been found. + // Since it doesn't make sense to continue from this point on, we now fail here. This should be safe. + if (!DBA::isResult($r)) { + System::httpExit(404, ["title" => L10n::t('Page not found.')]); + } + // URL reply if ($dfrn_version < 2.2) { $s = Network::fetchUrl($r[0]['poll'] diff --git a/mod/follow.php b/mod/follow.php index ef2325ad03..627ab52033 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -16,9 +16,7 @@ use Friendica\Util\Proxy as ProxyUtils; function follow_post(App $a) { if (!local_user()) { - notice(L10n::t('Permission denied.')); - goaway($_SESSION['return_url']); - // NOTREACHED + System::httpExit(403, ['title' => L10n::t('Access denied.')]); } if (isset($_REQUEST['cancel'])) { diff --git a/src/Core/NotificationsManager.php b/src/Core/NotificationsManager.php index c994755e7a..d256b9adc1 100644 --- a/src/Core/NotificationsManager.php +++ b/src/Core/NotificationsManager.php @@ -344,6 +344,10 @@ class NotificationsManager extends BaseObject break; case ACTIVITY_FRIEND: + if (!isset($it['object'])) { + logger('Incomplete data: ' . json_encode($it) . ' - ' . System::callstack(20), LOGGER_DEBUG); + } + $xmlhead = "<" . "?xml version='1.0' encoding='UTF-8' ?" . ">"; $obj = XML::parseString($xmlhead . $it['object']); $it['fname'] = $obj->title; diff --git a/src/Model/Contact.php b/src/Model/Contact.php index f8bfe3f0b8..4c41fdc3fe 100644 --- a/src/Model/Contact.php +++ b/src/Model/Contact.php @@ -364,8 +364,13 @@ class Contact extends BaseObject */ public static function markForArchival(array $contact) { - - if (!isset($contact['url'])) { + if (!isset($contact['url']) && !empty($contact['id'])) { + $fields = ['id', 'url', 'archive', 'self', 'term-date']; + $contact = DBA::selectFirst('contact', [], ['id' => $contact['id']]); + if (!DBA::isResult($contact)) { + return; + } + } elseif (!isset($contact['url'])) { logger('Empty contact: ' . json_encode($contact) . ' - ' . System::callstack(20), LOGGER_DEBUG); } @@ -376,10 +381,7 @@ class Contact extends BaseObject if ($contact['term-date'] <= NULL_DATE) { DBA::update('contact', ['term-date' => DateTimeFormat::utcNow()], ['id' => $contact['id']]); - - if ($contact['url'] != '') { - DBA::update('contact', ['term-date' => DateTimeFormat::utcNow()], ['`nurl` = ? AND `term-date` <= ? AND NOT `self`', normalise_link($contact['url']), NULL_DATE]); - } + DBA::update('contact', ['term-date' => DateTimeFormat::utcNow()], ['`nurl` = ? AND `term-date` <= ? AND NOT `self`', normalise_link($contact['url']), NULL_DATE]); } else { /* @todo * We really should send a notification to the owner after 2-3 weeks @@ -397,10 +399,7 @@ class Contact extends BaseObject * the whole process over again. */ DBA::update('contact', ['archive' => 1], ['id' => $contact['id']]); - - if ($contact['url'] != '') { - DBA::update('contact', ['archive' => 1], ['nurl' => normalise_link($contact['url']), 'self' => false]); - } + DBA::update('contact', ['archive' => 1], ['nurl' => normalise_link($contact['url']), 'self' => false]); } } } @@ -423,13 +422,18 @@ class Contact extends BaseObject return; } + if (!isset($contact['url']) && !empty($contact['id'])) { + $fields = ['id', 'url', 'batch']; + $contact = DBA::selectFirst('contact', [], ['id' => $contact['id']]); + if (!DBA::isResult($contact)) { + return; + } + } + // It's a miracle. Our dead contact has inexplicably come back to life. $fields = ['term-date' => NULL_DATE, 'archive' => false]; DBA::update('contact', $fields, ['id' => $contact['id']]); - - if (!empty($contact['url'])) { - DBA::update('contact', $fields, ['nurl' => normalise_link($contact['url'])]); - } + DBA::update('contact', $fields, ['nurl' => normalise_link($contact['url'])]); if (!empty($contact['batch'])) { $condition = ['batch' => $contact['batch'], 'contact-type' => self::ACCOUNT_TYPE_RELAY]; diff --git a/src/Network/Probe.php b/src/Network/Probe.php index 6e4996de54..5bbdf7c4e0 100644 --- a/src/Network/Probe.php +++ b/src/Network/Probe.php @@ -933,7 +933,12 @@ class Probe } $prof_data = []; - $prof_data["addr"] = $data["addr"]; + + // The "addr" is not always part of the fetched data + if (!empty($data["addr"])) { + $prof_data["addr"] = $data["addr"]; + } + $prof_data["nick"] = $data["nick"]; $prof_data["dfrn-request"] = $data["request"]; $prof_data["dfrn-confirm"] = $data["confirm"]; diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php index d833f410f4..e62329e180 100644 --- a/src/Protocol/Diaspora.php +++ b/src/Protocol/Diaspora.php @@ -3075,7 +3075,7 @@ class Diaspora logger("transmit: ".$logid."-".$guid." to ".$dest_url." returns: ".$return_code); if (!$return_code || (($return_code == 503) && (stristr($a->get_curl_headers(), "retry-after")))) { - if (!$no_queue && ($contact['contact-type'] != Contact::ACCOUNT_TYPE_RELAY)) { + if (!$no_queue && !empty($contact['contact-type']) && ($contact['contact-type'] != Contact::ACCOUNT_TYPE_RELAY)) { logger("queue message"); // queue message for redelivery Queue::add($contact["id"], Protocol::DIASPORA, $envelope, $public_batch, $guid); diff --git a/src/Worker/DiscoverPoCo.php b/src/Worker/DiscoverPoCo.php index bf1c2a64a7..e6fc8391ff 100644 --- a/src/Worker/DiscoverPoCo.php +++ b/src/Worker/DiscoverPoCo.php @@ -216,7 +216,7 @@ class DiscoverPoCo $x = Network::fetchUrl(get_server()."/lsearch?p=1&n=500&search=".urlencode($search)); $j = json_decode($x); - if (count($j->results)) { + if (!empty($j->results)) { foreach ($j->results as $jj) { // Check if the contact already exists $exists = q("SELECT `id`, `last_contact`, `last_failure`, `updated` FROM `gcontact` WHERE `nurl` = '%s'", normalise_link($jj->url)); diff --git a/view/templates/profile_edit.tpl b/view/templates/profile_edit.tpl index a25945c689..2363bd3f06 100644 --- a/view/templates/profile_edit.tpl +++ b/view/templates/profile_edit.tpl @@ -439,8 +439,10 @@ + + diff --git a/view/theme/vier/templates/profile_edit.tpl b/view/theme/vier/templates/profile_edit.tpl index f1280f41c8..0951847b0a 100644 --- a/view/theme/vier/templates/profile_edit.tpl +++ b/view/theme/vier/templates/profile_edit.tpl @@ -434,8 +434,10 @@ + +