diff --git a/mod/contacts.php b/mod/contacts.php index 4e87697172..cfe968226d 100644 --- a/mod/contacts.php +++ b/mod/contacts.php @@ -122,11 +122,12 @@ function contacts_init(App $a) function contacts_batch_actions(App $a) { - $contacts_id = $_POST['contact_batch']; - if (!is_array($contacts_id)) { + if (empty($_POST['contact_batch']) || !is_array($_POST['contact_batch'])) { return; } + $contacts_id = $_POST['contact_batch']; + $orig_records = q("SELECT * FROM `contact` WHERE `id` IN (%s) AND `uid` = %d AND `self` = 0", implode(",", $contacts_id), intval(local_user()) diff --git a/src/Module/Proxy.php b/src/Module/Proxy.php index ccd00c6040..7983e01f7a 100644 --- a/src/Module/Proxy.php +++ b/src/Module/Proxy.php @@ -133,6 +133,10 @@ class Proxy extends BaseModule $direct_cache = false; } + if (empty($_REQUEST['url'])) { + System::httpExit(400, ["title" => L10n::t('Bad Request.')]); + } + if (!$direct_cache) { $urlhash = 'pic:' . sha1($_REQUEST['url']); diff --git a/src/Object/Image.php b/src/Object/Image.php index 9506aedc22..620929df51 100644 --- a/src/Object/Image.php +++ b/src/Object/Image.php @@ -792,7 +792,7 @@ class Image try { if (function_exists("getimagesizefromstring")) { - $data = getimagesizefromstring($img_str); + $data = @getimagesizefromstring($img_str); } else { $tempfile = tempnam(get_temppath(), "cache"); diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index 759f7f5f28..c435550313 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -2407,8 +2407,11 @@ class DFRN break; case "enclosure": $enclosure = $href; - if (strlen($item["attach"])) { + + if (!empty($item["attach"])) { $item["attach"] .= ","; + } else { + $item["attach"] = ""; } $item["attach"] .= '[attach]href="' . $href . '" length="' . $length . '" type="' . $type . '" title="' . $title . '"[/attach]';