Remove GET page parameter access from Core\ACL

This commit is contained in:
Hypolite Petovan 2019-09-13 20:06:57 -04:00
parent 1a81ed8616
commit 32707022bf
2 changed files with 6 additions and 4 deletions

View file

@ -186,8 +186,9 @@ function acl_content(App $a)
// autocomplete for global contact search (e.g. navbar search) // autocomplete for global contact search (e.g. navbar search)
$search = Strings::escapeTags(trim($_REQUEST['search'])); $search = Strings::escapeTags(trim($_REQUEST['search']));
$mode = $_REQUEST['smode']; $mode = $_REQUEST['smode'];
$page = $_REQUEST['page'] ?? 1;
$r = ACL::contactAutocomplete($search, $mode); $r = ACL::contactAutocomplete($search, $mode, $page);
$contacts = []; $contacts = [];
foreach ($r as $g) { foreach ($r as $g) {

View file

@ -327,10 +327,11 @@ class ACL extends BaseObject
* @brief Searching for global contacts for autocompletion * @brief Searching for global contacts for autocompletion
* @param string $search Name or part of a name or nick * @param string $search Name or part of a name or nick
* @param string $mode Search mode (e.g. "community") * @param string $mode Search mode (e.g. "community")
* @param int $page Page number (starts at 1)
* @return array with the search results * @return array with the search results
* @throws \Friendica\Network\HTTPException\InternalServerErrorException * @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/ */
public static function contactAutocomplete($search, $mode) public static function contactAutocomplete($search, $mode, int $page = 1)
{ {
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
return []; return [];
@ -349,9 +350,9 @@ class ACL extends BaseObject
if (Config::get('system', 'poco_local_search')) { if (Config::get('system', 'poco_local_search')) {
$return = GContact::searchByName($search, $mode); $return = GContact::searchByName($search, $mode);
} else { } else {
$p = defaults($_GET, 'page', 1) != 1 ? '&p=' . defaults($_GET, 'page', 1) : ''; $p = $page > 1 ? 'p=' . $page : '';
$curlResult = Network::curl(get_server() . '/lsearch?f=' . $p . '&search=' . urlencode($search)); $curlResult = Network::curl(get_server() . '/lsearch?' . $p . '&search=' . urlencode($search));
if ($curlResult->isSuccess()) { if ($curlResult->isSuccess()) {
$lsearch = json_decode($curlResult->getBody(), true); $lsearch = json_decode($curlResult->getBody(), true);
if (!empty($lsearch['results'])) { if (!empty($lsearch['results'])) {