Merge pull request #7207 from nupplaphil/bug/6917-php_warnings

Add hexadecimal check (fix warnings)

mod/parse_url.php

@@ -9,12 +9,14 @@
  *
  * @see ParseUrl::getSiteinfo() for more information about scraping embeddable content
  */
+
 use Friendica\App;
 use Friendica\Core\Hook;
 use Friendica\Core\Logger;
 use Friendica\Core\System;
 use Friendica\Util\Network;
 use Friendica\Util\ParseUrl;
+use Friendica\Util\Strings;
 
 function parse_url_content(App $a)
 {
@@ -25,10 +27,14 @@ function parse_url_content(App $a)
 
 	$br = "\n";
 
-	if (!empty($_GET['binurl'])) {
+	if (!empty($_GET['binurl']) && Strings::isHex($_GET['binurl'])) {
 		$url = trim(hex2bin($_GET['binurl']));
-	} else {
+	} elseif (!empty($_GET['url'])) {
 		$url = trim($_GET['url']);
+	// fallback in case no url is valid
+	} else {
+		Logger::info('No url given');
+		exit();
 	}
 
 	if (!empty($_GET['title'])) {

mod/photos.php

@@ -188,6 +188,9 @@ function photos_post(App $a)
 	}
 
 	if ($a->argc > 3 && $a->argv[2] === 'album') {
+		if (!Strings::isHex($a->argv[3])) {
+			$a->internalRedirect('photos/' . $a->data['user']['nickname'] . '/album');
+		}
 		$album = hex2bin($a->argv[3]);
 
 		if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) {
@@ -960,7 +963,7 @@ function photos_content(App $a)
 			return;
 		}
 
-		$selname = $datum ? hex2bin($datum) : '';
+		$selname = Strings::isHex($datum) ? hex2bin($datum) : '';
 
 		$albumselect = '';
 
@@ -1027,6 +1030,10 @@ function photos_content(App $a)
 
 	// Display a single photo album
 	if ($datatype === 'album') {
+		// if $datum is not a valid hex, redirect to the default page
+		if (!Strings::isHex($datum)) {
+			$a->internalRedirect('photos/' . $a->data['user']['nickname']. '/album');
+		}
 		$album = hex2bin($datum);
 
 		$total = 0;