aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Widget/Photo.php
blob: 10031f028a9ed1b722af1d89bb86958f9386a979 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<?php

namespace Zotlabs\Widget;


class Photo {


	/**
	 * @brief Widget to display a single photo.
	 *
	 * @param array $arr associative array with
	 *    * \e string \b src URL of photo; URL must be an http or https URL
	 *    * \e boolean \b zrl use zid in URL
	 *    * \e string \b style CSS string
	 *
	 * @return string with parsed HTML
	 */

	function widget($arr) {

		$style = $zrl = false;

		if(array_key_exists('src', $arr) && isset($arr['src']))
			$url = $arr['src'];

		if(strpos($url, 'http') !== 0)
			return '';

		if(array_key_exists('style', $arr) && isset($arr['style']))
			$style = $arr['style'];

		// ensure they can't sneak in an eval(js) function

		if(strpbrk($style, '(\'"<>' ) !== false)
			$style = '';

		if(array_key_exists('zrl', $arr) && isset($arr['zrl']))
			$zrl = (($arr['zrl']) ? true : false);

		if($zrl)
			$url = zid($url);

		$o = '<div class="widget">';

		$o .= '<img ' . (($zrl) ? ' class="zrl" ' : '')
					  . (($style) ? ' style="' . $style . '"' : '')
					  . ' src="' . $url . '" alt="' . t('photo/image') . '">';

		$o .= '</div>';

		return $o;
	}
}