From 19247b62aecb69f2854cdbb09e36767a4d580e73 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Mon, 15 Jul 2019 21:46:55 -0400 Subject: [PATCH] Ensure $uid parameter of Feature::isEnabled to be an integer --- mod/cal.php | 8 ++++---- mod/photos.php | 2 +- src/Content/Widget.php | 14 +++++++++----- src/Content/Widget/CalendarExport.php | 2 +- src/Model/Profile.php | 2 +- 5 files changed, 16 insertions(+), 12 deletions(-) diff --git a/mod/cal.php b/mod/cal.php index 0a2a02e53..05ad314b0 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -110,7 +110,7 @@ function cal_content(App $a) $remote_contact = false; $contact_id = 0; - $owner_uid = $a->data['user']['uid']; + $owner_uid = intval($a->data['user']['uid']); $nick = $a->data['user']['nickname']; if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) { @@ -290,14 +290,14 @@ function cal_content(App $a) } if ($mode == 'export') { - if (!intval($owner_uid)) { + if (!$owner_uid) { notice(L10n::t('User not found')); return; } // Test permissions // Respect the export feature setting for all other /cal pages if it's not the own profile - if ((local_user() !== intval($owner_uid)) && !Feature::isEnabled($owner_uid, "export_calendar")) { + if ((local_user() !== $owner_uid) && !Feature::isEnabled($owner_uid, "export_calendar")) { notice(L10n::t('Permission denied.') . EOL); $a->internalRedirect('cal/' . $nick); } @@ -314,7 +314,7 @@ function cal_content(App $a) // If it the own calendar return to the events page // otherwise to the profile calendar page - if (local_user() === intval($owner_uid)) { + if (local_user() === $owner_uid) { $return_path = "events"; } else { $return_path = "cal/" . $nick; diff --git a/mod/photos.php b/mod/photos.php index 5a477c3bc..1ccfecdef 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -149,7 +149,7 @@ function photos_post(App $a) $can_post = false; $visitor = 0; - $page_owner_uid = $a->data['user']['uid']; + $page_owner_uid = intval($a->data['user']['uid']); $community_page = $a->data['user']['page-flags'] == User::PAGE_FLAGS_COMMUNITY; if (local_user() && (local_user() == $page_owner_uid)) { diff --git a/src/Content/Widget.php b/src/Content/Widget.php index dcfc1d0e3..e8b08d427 100644 --- a/src/Content/Widget.php +++ b/src/Content/Widget.php @@ -297,11 +297,13 @@ class Widget { $a = \get_app(); - if (!Feature::isEnabled($a->profile['profile_uid'], 'categories')) { + $uid = intval($a->profile['profile_uid']); + + if (!Feature::isEnabled($uid, 'categories')) { return ''; } - $saved = PConfig::get($a->profile['profile_uid'], 'system', 'filetags'); + $saved = PConfig::get($uid, 'system', 'filetags'); if (!strlen($saved)) { return; } @@ -420,17 +422,19 @@ class Widget { $a = \get_app(); - if (!$a->profile['profile_uid'] || !$a->profile['url']) { + $uid = intval($a->profile['profile_uid']); + + if (!$uid || !$a->profile['url']) { return ''; } - if (Feature::isEnabled($a->profile['profile_uid'], 'tagadelic')) { + if (Feature::isEnabled($uid, 'tagadelic')) { $owner_id = Contact::getIdForURL($a->profile['url'], 0, true); if (!$owner_id) { return ''; } - return Widget\TagCloud::getHTML($a->profile['profile_uid'], $limit, $owner_id, 'wall'); + return Widget\TagCloud::getHTML($uid, $limit, $owner_id, 'wall'); } return ''; diff --git a/src/Content/Widget/CalendarExport.php b/src/Content/Widget/CalendarExport.php index 84482f638..829d267d8 100644 --- a/src/Content/Widget/CalendarExport.php +++ b/src/Content/Widget/CalendarExport.php @@ -30,7 +30,7 @@ class CalendarExport return; } - $owner_uid = $a->data['user']['uid']; + $owner_uid = intval($a->data['user']['uid']); // The permission testing is a little bit tricky because we have to respect many cases. diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 10bd3a1d7..5a2adea9d 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -717,7 +717,7 @@ class Profile public static function getAdvanced(App $a) { - $uid = $a->profile['uid']; + $uid = intval($a->profile['uid']); if ($a->profile['name']) { $tpl = Renderer::getMarkupTemplate('profile_advanced.tpl');