Commit ba65ad71 authored by Malcolm Blaney's avatar Malcolm Blaney

Add support for SimplePie image cache in Detail->User.

Escape return result from SimplePie->sanitize in microformats.php.
parent 781733c8
Pipeline #17700496 passed with stage
in 3 minutes and 6 seconds
......@@ -674,10 +674,10 @@ class Detail extends Base {
else {
$user = $mysqli->escape_string($user);
}
$query = 'SELECT email, first, last, thumbnail, phone, address, '.
'description, display, reminder_time, reminder_repeat, supplier_only '.
'FROM users LEFT JOIN user_detail ON users.user = user_detail.user '.
'WHERE users.user = "'.$user.'"';
$query = 'SELECT email, first, last, thumbnail, phone, address, ' .
'description, display, reminder_time, reminder_repeat, supplier_only ' .
'FROM users LEFT JOIN user_detail ON users.user = user_detail.user ' .
'WHERE users.user = "' . $user . '"';
if ($result = $mysqli->query($query)) {
if ($detail = $result->fetch_assoc()) {
$img = '<img class="thumb u-photo" src="/images/default_thumb.jpg">';
......@@ -685,8 +685,19 @@ class Detail extends Base {
$name = $match[1];
$type = $match[2];
if (in_array($type, ['gif', 'jpeg', 'jpg', 'png'])) {
$name .= '_thumb.'.$type;
$img = '<img class="thumb u-photo" src="'.$name.'">';
$name .= '_thumb.' . $type;
$img = '<img class="thumb u-photo" src="' . $name . '">';
}
}
else {
// Support the SimplePie image cache too.
$base_url = $this->user->config->Secure() ? 'https://' : 'http://';
$base_url .= $this->user->config->ServerName();
$regex = '/^' . preg_quote($base_url . '/php/image.php?i=', '/') .
'[[:xdigit:]]+$/';
if (preg_match($regex, $detail['thumbnail'])) {
$img =
'<img class="thumb u-photo" src="' . $detail['thumbnail'] . '">';
}
}
$email = htmlspecialchars($detail['email']);
......@@ -703,7 +714,7 @@ class Detail extends Base {
$result->close();
}
else {
$this->Log('Detail->User: '.$mysqli->error);
$this->Log('Detail->User: ' . $mysqli->error);
}
$mysqli->close();
......
......@@ -162,12 +162,12 @@ function discover_endpoint($url, $rels) {
$mysqli->escape_string($properties['name'][0]) : '';
$nickname = isset($properties['nickname'][0]) ?
$mysqli->escape_string($properties['nickname'][0]) : '';
$photo = isset($properties['photo'][0]) ?
$mysqli->escape_string($properties['photo'][0]) : '';
if ($photo !== '') {
$photo = $simple_pie->sanitize($photo, SIMPLEPIE_CONSTRUCT_IRI, '',
true);
$us_photo = isset($properties['photo'][0]) ? $properties['photo'][0] : '';
if ($us_photo !== '') {
$us_photo = $simple_pie->sanitize($us_photo, SIMPLEPIE_CONSTRUCT_IRI,
'', true);
}
$photo = $mysqli->escape_string($us_photo);
$reachable = stripos($result['webmention'], 'http') === 0 ? '1' : '0';
$query = 'INSERT INTO nickname VALUES ("' . $name . '", ' .
'"' . $mysqli->escape_string($url) . '", "' . $photo . '", ' .
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment