Continued a bit:

- removed/fixed whitespaces and mixture of spaces/tabs (some) - added new-line character at end of files (POSIX-compilant) - reverted some code which I had messed up (compared to upstream/develop) - removed duplicate dba::update() invocation in src/Protocol/DFRN.php - also removed no longer valid TODO Signed-off-by: Roland Häder <roland@mxchange.org>
2018-06-20 22:12:59 +02:00 · 2018-06-20 22:12:59 +02:00 · 8ad523fbc8
parent f806fa91b1
commit 8ad523fbc8
9 changed files with 24 additions and 22 deletions
--- a/mod/message.php
+++ b/mod/message.php
@ -141,6 +141,7 @@ function message_content(App $a)
 				'$cancel' => L10n::t('Cancel'),
 			]);
 		}
+
 		// Now check how the user responded to the confirmation query
 		if ($_REQUEST['canceled']) {
 			goaway($_SESSION['return_url']);
@ -148,9 +149,10 @@ function message_content(App $a)

 		$cmd = $a->argv[1];
 		if ($cmd === 'drop') {
-			if (dba::delete('mail', ['id' => $a->argv[2]])) {
+			if (dba::delete('mail', ['id' => $a->argv[2], 'uid' => local_user()])) {
 				info(L10n::t('Message deleted.') . EOL);
 			}
+
 			//goaway(System::baseUrl(true) . '/message' );
 			goaway($_SESSION['return_url']);
 		} else {
--- a/mod/photos.php
+++ b/mod/photos.php
@ -1230,7 +1230,9 @@ function photos_content(App $a)
 		 * By now we hide it if someone wants to.
 		 */
 		if (!Config::get('system', 'no_count', false)) {
-			if ($_GET['order'] === 'posted') {
+			$order_field = defaults($_GET, 'order', '');
+
+			if ($order_field === 'posted') {
 				$order = 'ASC';
 			} else {
 				$order = 'DESC';
--- a/mod/settings.php
+++ b/mod/settings.php
@ -149,7 +149,7 @@ function settings_post(App $a)
 		check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');

 		$key = $_POST['remove'];
-		dba::delete('tokens', ['id' => $key]);
+		dba::delete('tokens', ['id' => $key, 'uid' => local_user()]);
 		goaway(System::baseUrl(true)."/settings/oauth/");
 		return;
 	}
--- a/mods/sample-nginx.config
+++ b/mods/sample-nginx.config
@ -83,11 +83,10 @@ server {
  # rewrite to front controller as default rule
  location / {
    if (!-e $request_filename) {
-    	rewrite ^(.*)$ /index.php?pagename=$1;
+      rewrite ^(.*)$ /index.php?pagename=$1;
    }
  }

-
  # make sure webfinger and other well known services aren't blocked
  # by denying dot files and rewrite request to the front controller
  location ^~ /.well-known/ {
--- a/src/Protocol/DFRN.php
+++ b/src/Protocol/DFRN.php
@ -2081,7 +2081,6 @@ class DFRN
 			'poll' => $relocate["poll"], 'site-pubkey' => $relocate["sitepubkey"]];
 		$condition = ["(`id` = ?) OR (`nurl` = ?)", $importer["id"], normalise_link($old["url"])];

-		// @TODO No dba:update here?
 		dba::update('contact', $fields, $condition);

 		Contact::updateAvatar($relocate["avatar"], $importer["importer_uid"], $importer["id"], true);