From 1213fce8e596a27af9de4be308d05d28da626982 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roland=20H=C3=A4der?= Date: Wed, 25 Jul 2018 04:54:00 +0200 Subject: [PATCH] Fixes/rewrites on videos.php (#5489) * Fixes/rewrites: - use empty()/isset() instead of deprecated x() - merged 2 nested if() blocks into one - avoided nested if() block inside else block by rewriting it to elseif() - $contact_id is an integer, let's test on > 0 here - added a lot spaces and some empty lines for better readability * CR request: - removed stray spaces - added some where they improve readability --- mod/videos.php | 155 ++++++++++++++++++++++++------------------------- 1 file changed, 75 insertions(+), 80 deletions(-) diff --git a/mod/videos.php b/mod/videos.php index 42f7f2b15..b0f8868d5 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -18,12 +18,13 @@ use Friendica\Protocol\DFRN; require_once 'include/items.php'; require_once 'include/security.php'; -function videos_init(App $a) { - - if($a->argc > 1) +function videos_init(App $a) +{ + if ($a->argc > 1) { DFRN::autoRedir($a, $a->argv[1]); + } - if((Config::get('system','block_public')) && (! local_user()) && (! remote_user())) { + if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) { return; } @@ -31,14 +32,15 @@ function videos_init(App $a) { $o = ''; - if($a->argc > 1) { + if ($a->argc > 1) { $nick = $a->argv[1]; $user = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1", DBA::escape($nick) ); - if(! count($user)) + if (!DBA::isResult($user)) { return; + } $a->data['user'] = $user[0]; $a->profile_uid = $user[0]['uid']; @@ -57,7 +59,7 @@ function videos_init(App $a) { '$pdesc' => defaults($profile, 'pdesc', ''), ]); - + /// @TODO Old-lost code? /*$sql_extra = permissions_sql($a->data['user']['uid']); $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra order by created desc", @@ -67,7 +69,7 @@ function videos_init(App $a) { if(count($albums)) { $a->data['albums'] = $albums; - $albums_visible = ((intval($a->data['user']['hidewall']) && (! local_user()) && (! remote_user())) ? false : true); + $albums_visible = ((intval($a->data['user']['hidewall']) && (!local_user()) && (!remote_user())) ? false : true); if($albums_visible) { $o .= ''; }*/ - if(! x($a->page,'aside')) + // If not there, create 'aside' empty + if (!isset($a->page['aside'])) { $a->page['aside'] = ''; - $a->page['aside'] .= $vcard_widget; + } + $a->page['aside'] .= $vcard_widget; $tpl = get_markup_template("videos_head.tpl"); $a->page['htmlhead'] .= replace_macros($tpl,[ @@ -112,31 +116,29 @@ function videos_init(App $a) { return; } - - -function videos_post(App $a) { - +function videos_post(App $a) +{ $owner_uid = $a->data['user']['uid']; if (local_user() != $owner_uid) { goaway(System::baseUrl() . '/videos/' . $a->data['user']['nickname']); } - if (($a->argc == 2) && x($_POST,'delete') && x($_POST, 'id')) { - + if (($a->argc == 2) && !empty($_POST['delete']) && !empty($_POST['id'])) { // Check if we should do HTML-based delete confirmation - if (!x($_REQUEST,'confirm')) { - if (x($_REQUEST,'canceled')) { + if (empty($_REQUEST['confirm'])) { + if (!empty($_REQUEST['canceled'])) { goaway(System::baseUrl() . '/videos/' . $a->data['user']['nickname']); } $drop_url = $a->query_string; + $a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), [ '$method' => 'post', '$message' => L10n::t('Do you really want to delete this video?'), '$extra_inputs' => [ - ['name'=>'id', 'value'=> $_POST['id']], - ['name'=>'delete', 'value'=>'x'] + ['name' => 'id' , 'value' => $_POST['id']], + ['name' => 'delete', 'value' => 'x'] ], '$confirm' => L10n::t('Delete Video'), '$confirm_url' => $drop_url, @@ -144,7 +146,9 @@ function videos_post(App $a) { '$cancel' => L10n::t('Cancel'), ]); + $a->error = 1; // Set $a->error so the other module functions don't execute + return; } @@ -160,6 +164,7 @@ function videos_post(App $a) { intval(local_user()), DBA::escape($video_id) ); + $i = q("SELECT `id` FROM `item` WHERE `attach` like '%%attach/%s%%' AND `uid` = %d LIMIT 1", DBA::escape($video_id), intval(local_user()) @@ -175,13 +180,10 @@ function videos_post(App $a) { } goaway(System::baseUrl() . '/videos/' . $a->data['user']['nickname']); - } - - -function videos_content(App $a) { - +function videos_content(App $a) +{ // URLs (most aren't currently implemented): // videos/name // videos/name/upload @@ -192,15 +194,15 @@ function videos_content(App $a) { // videos/name/video/xxxxx/edit - if((Config::get('system','block_public')) && (! local_user()) && (! remote_user())) { + if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) { notice(L10n::t('Public access denied.') . EOL); return; } - require_once('include/security.php'); - require_once('include/conversation.php'); + require_once 'include/security.php'; + require_once 'include/conversation.php'; - if(! x($a->data,'user')) { + if (empty($a->data['user'])) { notice(L10n::t('No videos selected') . EOL ); return; } @@ -212,25 +214,24 @@ function videos_content(App $a) { // // Parse arguments // - - if($a->argc > 3) { + if ($a->argc > 3) { $datatype = $a->argv[2]; $datum = $a->argv[3]; - } - elseif(($a->argc > 2) && ($a->argv[2] === 'upload')) + } elseif(($a->argc > 2) && ($a->argv[2] === 'upload')) { $datatype = 'upload'; - else + } else { $datatype = 'summary'; + } - if($a->argc > 4) + if ($a->argc > 4) { $cmd = $a->argv[4]; - else + } else { $cmd = 'view'; + } // // Setup permissions structures // - $can_post = false; $visitor = 0; $contact = null; @@ -241,30 +242,29 @@ function videos_content(App $a) { $community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false); - if((local_user()) && (local_user() == $owner_uid)) + if ((local_user()) && (local_user() == $owner_uid)) { $can_post = true; - else { - if($community_page && remote_user()) { - if(is_array($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $v) { - if($v['uid'] == $owner_uid) { - $contact_id = $v['cid']; - break; - } + } elseif ($community_page && remote_user()) { + if (!empty($_SESSION['remote'])) { + foreach ($_SESSION['remote'] as $v) { + if ($v['uid'] == $owner_uid) { + $contact_id = $v['cid']; + break; } } - if($contact_id) { + } - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($owner_uid) - ); - if (DBA::isResult($r)) { - $can_post = true; - $contact = $r[0]; - $remote_contact = true; - $visitor = $contact_id; - } + if ($contact_id > 0) { + $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval($owner_uid) + ); + + if (DBA::isResult($r)) { + $can_post = true; + $contact = $r[0]; + $remote_contact = true; + $visitor = $contact_id; } } } @@ -272,9 +272,9 @@ function videos_content(App $a) { $groups = []; // perhaps they're visiting - but not a community page, so they wouldn't have write access - if(remote_user() && (! $visitor)) { + if (remote_user() && (!$visitor)) { $contact_id = 0; - if(is_array($_SESSION['remote'])) { + if (!empty($_SESSION['remote'])) { foreach($_SESSION['remote'] as $v) { if($v['uid'] == $owner_uid) { $contact_id = $v['cid']; @@ -282,12 +282,14 @@ function videos_content(App $a) { } } } - if($contact_id) { + + if ($contact_id > 0) { $groups = Group::getIdsByContactId($contact_id); $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($owner_uid) ); + if (DBA::isResult($r)) { $contact = $r[0]; $remote_contact = true; @@ -295,14 +297,12 @@ function videos_content(App $a) { } } - if(! $remote_contact) { - if(local_user()) { - $contact_id = $_SESSION['cid']; - $contact = $a->contact; - } + if (!$remote_contact && local_user()) { + $contact_id = $_SESSION['cid']; + $contact = $a->contact; } - if($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (! $remote_contact)) { + if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (!$remote_contact)) { notice(L10n::t('Access to this item is restricted.') . EOL); return; } @@ -318,24 +318,20 @@ function videos_content(App $a) { // // dispatch request // - - - if($datatype === 'upload') { + if ($datatype === 'upload') { return; // no uploading for now // DELETED -- look at mod/photos.php if you want to implement } - if($datatype === 'album') { - + if ($datatype === 'album') { return; // no albums for now // DELETED -- look at mod/photos.php if you want to implement } - if($datatype === 'video') { - + if ($datatype === 'video') { return; // no single video view for now // DELETED -- look at mod/photos.php if you want to implement @@ -348,6 +344,7 @@ function videos_content(App $a) { $sql_extra GROUP BY hash", intval($a->data['user']['uid']) ); + if (DBA::isResult($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(20); @@ -363,9 +360,8 @@ function videos_content(App $a) { intval($a->pager['itemspage']) ); - - $videos = []; + if (DBA::isResult($r)) { foreach ($r as $rr) { $alt_e = $rr['filename']; @@ -383,7 +379,6 @@ function videos_content(App $a) { 'name' => $name_e, 'alt' => L10n::t('View Album'), ], - ]; } } @@ -392,12 +387,12 @@ function videos_content(App $a) { $o .= replace_macros($tpl, [ '$title' => L10n::t('Recent Videos'), '$can_post' => $can_post, - '$upload' => [L10n::t('Upload New Videos'), System::baseUrl().'/videos/'.$a->data['user']['nickname'].'/upload'], + '$upload' => [L10n::t('Upload New Videos'), System::baseUrl() . '/videos/' . $a->data['user']['nickname'] . '/upload'], '$videos' => $videos, - '$delete_url' => (($can_post)?System::baseUrl().'/videos/'.$a->data['user']['nickname']:False) + '$delete_url' => (($can_post) ? System::baseUrl() . '/videos/' . $a->data['user']['nickname'] : false) ]); - $o .= paginate($a); + return $o; }