Merge pull request #659 from MrPetovan/task/5410-remove-dbesc
Remove dbesc()
This commit is contained in:
commit
76a9630d40
14 changed files with 109 additions and 96 deletions
|
@ -51,7 +51,7 @@ function diaspora_queue_hook(&$a,&$b) {
|
|||
$hostname = $a->get_hostname();
|
||||
|
||||
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
|
||||
dbesc(NETWORK_DIASPORA2)
|
||||
DBA::escape(NETWORK_DIASPORA2)
|
||||
);
|
||||
if(! count($qi))
|
||||
return;
|
||||
|
|
|
@ -100,7 +100,7 @@ function forumdirectory_content(&$a)
|
|||
if (strlen($search)) {
|
||||
$sql_extra = " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`,"
|
||||
. "`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` )"
|
||||
. " AGAINST ('" . dbesc($search) . "' IN BOOLEAN MODE) ";
|
||||
. " AGAINST ('" . DBA::escape($search) . "' IN BOOLEAN MODE) ";
|
||||
}
|
||||
|
||||
$publish = Config::get('system', 'publish_all') ? '' : " AND `publish` = 1 ";
|
||||
|
|
|
@ -5,9 +5,12 @@
|
|||
* Version: 1.1
|
||||
* Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus>
|
||||
*/
|
||||
|
||||
use Friendica\App;
|
||||
use Friendica\Core\Addon;
|
||||
use Friendica\Core\Config;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Database\DBA;
|
||||
|
||||
/**
|
||||
* Installs the addon hook
|
||||
|
@ -29,7 +32,7 @@ function gravatar_uninstall() {
|
|||
logger("unregistered gravatar in avatar_lookup hook");
|
||||
}
|
||||
|
||||
function gravatar_load_config(\Friendica\App $a)
|
||||
function gravatar_load_config(App $a)
|
||||
{
|
||||
$a->loadConfigFile(__DIR__. '/config/gravatar.ini.php');
|
||||
}
|
||||
|
@ -93,7 +96,7 @@ function gravatar_addon_admin (&$a, &$o) {
|
|||
|
||||
// Check if Libravatar is enabled and show warning
|
||||
$r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1",
|
||||
dbesc('libravatar')
|
||||
DBA::escape('libravatar')
|
||||
);
|
||||
if (count($r)) {
|
||||
$o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Libravatar addon is installed, too. Please disable Libravatar addon or this Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>';
|
||||
|
|
|
@ -67,6 +67,7 @@ use Friendica\Core\Addon;
|
|||
use Friendica\Core\Config;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\PConfig;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\User;
|
||||
use Friendica\Util\Network;
|
||||
|
||||
|
@ -195,7 +196,7 @@ function jappixmini_init()
|
|||
|
||||
$role = $_REQUEST["role"];
|
||||
if ($role == "pub") {
|
||||
$r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", dbesc($dfrn_id));
|
||||
$r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
|
||||
if (!count($r)) {
|
||||
killme();
|
||||
}
|
||||
|
@ -204,7 +205,7 @@ function jappixmini_init()
|
|||
$decrypt_func = openssl_public_decrypt;
|
||||
$key = $r[0]["pubkey"];
|
||||
} else if ($role == "prv") {
|
||||
$r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", dbesc($dfrn_id));
|
||||
$r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
|
||||
if (!count($r)) {
|
||||
killme();
|
||||
}
|
||||
|
@ -524,7 +525,7 @@ function jappixmini_script(App $a)
|
|||
$key = $row['k'];
|
||||
$pos = strpos($key, ":");
|
||||
$dfrn_id = substr($key, $pos + 1);
|
||||
$r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", dbesc($dfrn_id), dbesc($dfrn_id));
|
||||
$r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
|
||||
if (count($r))
|
||||
$name = $r[0]["name"];
|
||||
|
||||
|
@ -593,7 +594,7 @@ function jappixmini_cron(App $a, $d)
|
|||
|
||||
// for each user, go through list of contacts
|
||||
$contacts = q("SELECT * FROM `contact` WHERE `uid`=%d AND ((LENGTH(`dfrn-id`) AND LENGTH(`pubkey`)) OR (LENGTH(`issued-id`) AND LENGTH(`prvkey`))) AND `network` = '%s'",
|
||||
intval($uid), dbesc(NETWORK_DFRN));
|
||||
intval($uid), DBA::escape(NETWORK_DFRN));
|
||||
foreach ($contacts as $contact_row) {
|
||||
$request = $contact_row["request"];
|
||||
if (!$request) {
|
||||
|
|
|
@ -5,9 +5,12 @@
|
|||
* Version: 1.1
|
||||
* Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus>
|
||||
*/
|
||||
|
||||
use Friendica\App;
|
||||
use Friendica\Core\Addon;
|
||||
use Friendica\Core\Config;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Database\DBA;
|
||||
|
||||
/**
|
||||
* Installs the addon hook
|
||||
|
@ -29,7 +32,7 @@ function libravatar_uninstall()
|
|||
logger("unregistered libravatar in avatar_lookup hook");
|
||||
}
|
||||
|
||||
function libravatar_load_config(\Friendica\App $a)
|
||||
function libravatar_load_config(App $a)
|
||||
{
|
||||
$a->loadConfigFile(__DIR__. '/config/libravatar.ini.php');
|
||||
}
|
||||
|
@ -96,7 +99,7 @@ function libravatar_addon_admin(&$a, &$o)
|
|||
|
||||
// Libravatar falls back to gravatar, so show warning about gravatar addon if enabled
|
||||
$r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1",
|
||||
dbesc('gravatar')
|
||||
DBA::escape('gravatar')
|
||||
);
|
||||
if (count($r)) {
|
||||
$o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Gravatar addon is installed. Please disable the Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>';
|
||||
|
|
|
@ -120,8 +120,8 @@ function mailstream_post_hook(&$a, &$item) {
|
|||
$message_id = mailstream_generate_id($a, $item['uri']);
|
||||
q("INSERT INTO `mailstream_item` (`uid`, `contact-id`, `uri`, `message-id`) " .
|
||||
"VALUES (%d, '%s', '%s', '%s')", intval($item['uid']),
|
||||
intval($item['contact-id']), dbesc($item['uri']), dbesc($message_id));
|
||||
$r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), dbesc($item['uri']));
|
||||
intval($item['contact-id']), DBA::escape($item['uri']), DBA::escape($message_id));
|
||||
$r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), DBA::escape($item['uri']));
|
||||
if (count($r) != 1) {
|
||||
logger('mailstream_post_remote_hook: Unexpected number of items returned from mailstream_item', LOGGER_NORMAL);
|
||||
return;
|
||||
|
@ -307,7 +307,7 @@ function mailstream_send($a, $message_id, $item, $user) {
|
|||
// In case of failure, still set the item to completed. Otherwise
|
||||
// we'll just try to send it over and over again and it'll fail
|
||||
// every time.
|
||||
q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', dbesc($message_id));
|
||||
q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', DBA::escape($message_id));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -57,7 +57,7 @@ function public_server_cron($a, $b)
|
|||
$r = q("SELECT * FROM `user` WHERE `account_expires_on` < UTC_TIMESTAMP() + INTERVAL 5 DAY AND
|
||||
`account_expires_on` > '%s' AND
|
||||
`expire_notification_sent` <= '%s'",
|
||||
dbesc(NULL_DATE), dbesc(NULL_DATE));
|
||||
DBA::escape(NULL_DATE), DBA::escape(NULL_DATE));
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
foreach ($r as $rr) {
|
||||
|
@ -81,7 +81,7 @@ function public_server_cron($a, $b)
|
|||
$nologin = Config::get('public_server', 'nologin', false);
|
||||
if ($nologin) {
|
||||
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` <= '%s' AND `register_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s'",
|
||||
dbesc(NULL_DATE), intval($nologin), dbesc(NULL_DATE));
|
||||
DBA::escape(NULL_DATE), intval($nologin), DBA::escape(NULL_DATE));
|
||||
if (DBA::isResult($r)) {
|
||||
foreach ($r as $rr) {
|
||||
$fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')];
|
||||
|
@ -93,7 +93,7 @@ function public_server_cron($a, $b)
|
|||
$flagusers = Config::get('public_server', 'flagusers', false);
|
||||
if ($flagusers) {
|
||||
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' AND `page-flags` = 0",
|
||||
intval($flagusers), dbesc(NULL_DATE));
|
||||
intval($flagusers), DBA::escape(NULL_DATE));
|
||||
if (DBA::isResult($r)) {
|
||||
foreach ($r as $rr) {
|
||||
$fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')];
|
||||
|
@ -106,7 +106,7 @@ function public_server_cron($a, $b)
|
|||
$flagpostsexpire = Config::get('public_server', 'flagpostsexpire');
|
||||
if ($flagposts && $flagpostsexpire) {
|
||||
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' and `expire` = 0 AND `page-flags` = 0",
|
||||
intval($flagposts), dbesc(NULL_DATE));
|
||||
intval($flagposts), DBA::escape(NULL_DATE));
|
||||
if (DBA::isResult($r)) {
|
||||
foreach ($r as $rr) {
|
||||
DBA::update('user', ['expire' => $flagpostsexpire], ['uid' => $rr['uid']]);
|
||||
|
|
|
@ -883,7 +883,7 @@ function pumpio_dounlike(App $a, $uid, $self, $post, $own_id)
|
|||
$contactid = $self[0]['id'];
|
||||
} else {
|
||||
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
|
||||
dbesc(normalise_link($post->actor->url)),
|
||||
DBA::escape(normalise_link($post->actor->url)),
|
||||
intval($uid)
|
||||
);
|
||||
|
||||
|
@ -938,7 +938,7 @@ function pumpio_dolike(App $a, $uid, $self, $post, $own_id, $threadcompletion =
|
|||
$post->actor->image->url = $self[0]['photo'];
|
||||
} else {
|
||||
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
|
||||
dbesc(normalise_link($post->actor->url)),
|
||||
DBA::escape(normalise_link($post->actor->url)),
|
||||
intval($uid)
|
||||
);
|
||||
|
||||
|
@ -1015,7 +1015,7 @@ function pumpio_get_contact($uid, $contact, $no_insert = false)
|
|||
}
|
||||
|
||||
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1",
|
||||
intval($uid), dbesc(normalise_link($contact->url)));
|
||||
intval($uid), DBA::escape(normalise_link($contact->url)));
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
// create contact record
|
||||
|
@ -1024,26 +1024,26 @@ function pumpio_get_contact($uid, $contact, $no_insert = false)
|
|||
`location`, `about`, `writable`, `blocked`, `readonly`, `pending` )
|
||||
VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0)",
|
||||
intval($uid),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
dbesc($contact->url),
|
||||
dbesc(normalise_link($contact->url)),
|
||||
dbesc(str_replace("acct:", "", $contact->id)),
|
||||
dbesc(''),
|
||||
dbesc($contact->id), // What is it for?
|
||||
dbesc('pump.io ' . $contact->id), // What is it for?
|
||||
dbesc($contact->displayName),
|
||||
dbesc($contact->preferredUsername),
|
||||
dbesc($contact->image->url),
|
||||
dbesc(NETWORK_PUMPIO),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
DBA::escape($contact->url),
|
||||
DBA::escape(normalise_link($contact->url)),
|
||||
DBA::escape(str_replace("acct:", "", $contact->id)),
|
||||
DBA::escape(''),
|
||||
DBA::escape($contact->id), // What is it for?
|
||||
DBA::escape('pump.io ' . $contact->id), // What is it for?
|
||||
DBA::escape($contact->displayName),
|
||||
DBA::escape($contact->preferredUsername),
|
||||
DBA::escape($contact->image->url),
|
||||
DBA::escape(NETWORK_PUMPIO),
|
||||
intval(CONTACT_IS_FRIEND),
|
||||
intval(1),
|
||||
dbesc($contact->location->displayName),
|
||||
dbesc($contact->summary),
|
||||
DBA::escape($contact->location->displayName),
|
||||
DBA::escape($contact->summary),
|
||||
intval(1)
|
||||
);
|
||||
|
||||
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1",
|
||||
dbesc(normalise_link($contact->url)),
|
||||
DBA::escape(normalise_link($contact->url)),
|
||||
intval($uid)
|
||||
);
|
||||
|
||||
|
@ -1171,7 +1171,7 @@ function pumpio_dopost(App $a, $client, $uid, $self, $post, $own_id, $threadcomp
|
|||
} elseif ($contact_id == 0) {
|
||||
// Take an existing contact, the contact of the note or - as a fallback - the id of the user
|
||||
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
|
||||
dbesc(normalise_link($post->actor->url)),
|
||||
DBA::escape(normalise_link($post->actor->url)),
|
||||
intval($uid)
|
||||
);
|
||||
|
||||
|
@ -1179,7 +1179,7 @@ function pumpio_dopost(App $a, $client, $uid, $self, $post, $own_id, $threadcomp
|
|||
$contact_id = $r[0]['id'];
|
||||
} else {
|
||||
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
|
||||
dbesc(normalise_link($post->actor->url)),
|
||||
DBA::escape(normalise_link($post->actor->url)),
|
||||
intval($uid)
|
||||
);
|
||||
|
||||
|
@ -1304,7 +1304,7 @@ function pumpio_fetchinbox(App $a, $uid)
|
|||
INNER JOIN `item` ON `item`.`id` = `thread`.`iid`
|
||||
WHERE `thread`.`network` = '%s' AND `thread`.`uid` = %d AND `item`.`extid` != ''
|
||||
ORDER BY `thread`.`commented` DESC LIMIT 10",
|
||||
dbesc(NETWORK_PUMPIO),
|
||||
DBA::escape(NETWORK_PUMPIO),
|
||||
intval($uid)
|
||||
);
|
||||
|
||||
|
@ -1401,7 +1401,7 @@ function pumpio_getallusers(App &$a, $uid)
|
|||
function pumpio_queue_hook(App $a, array &$b)
|
||||
{
|
||||
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
|
||||
dbesc(NETWORK_PUMPIO)
|
||||
DBA::escape(NETWORK_PUMPIO)
|
||||
);
|
||||
|
||||
if (!DBA::isResult($qi)) {
|
||||
|
@ -1508,7 +1508,7 @@ function pumpio_getreceiver(App $a, array $b)
|
|||
$r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
|
||||
intval($cid),
|
||||
intval($b["uid"]),
|
||||
dbesc(NETWORK_PUMPIO)
|
||||
DBA::escape(NETWORK_PUMPIO)
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
|
@ -1526,7 +1526,7 @@ function pumpio_getreceiver(App $a, array $b)
|
|||
"FROM `group_member`, `contact` WHERE `group_member`.`gid` = %d ".
|
||||
"AND `contact`.`id` = `group_member`.`contact-id` AND `contact`.`network` = '%s'",
|
||||
intval($gid),
|
||||
dbesc(NETWORK_PUMPIO)
|
||||
DBA::escape(NETWORK_PUMPIO)
|
||||
);
|
||||
|
||||
foreach ($r AS $row)
|
||||
|
@ -1551,7 +1551,7 @@ function pumpio_getreceiver(App $a, array $b)
|
|||
$r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
|
||||
intval($cid),
|
||||
intval($b["uid"]),
|
||||
dbesc(NETWORK_PUMPIO)
|
||||
DBA::escape(NETWORK_PUMPIO)
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
|
|
|
@ -6,10 +6,12 @@
|
|||
* Author: Zach <https://f.shmuz.in/profile/techcity>
|
||||
*
|
||||
*/
|
||||
|
||||
use Friendica\Core\Addon;
|
||||
use Friendica\Core\Config;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\PConfig;
|
||||
use Friendica\Database\DBA;
|
||||
|
||||
function remote_permissions_install() {
|
||||
Addon::registerHook('lockview_content', 'addon/remote_permissions/remote_permissions.php', 'remote_permissions_content');
|
||||
|
@ -84,7 +86,7 @@ function remote_permissions_content($a, $item_copy) {
|
|||
// The contact lives here. Get his/her user info
|
||||
$nick = $r[0]['nick'];
|
||||
$r = q("SELECT uid FROM user WHERE nickname = '%s' LIMIT 1",
|
||||
dbesc($nick)
|
||||
DBA::escape($nick)
|
||||
);
|
||||
if(! $r)
|
||||
return;
|
||||
|
@ -104,15 +106,15 @@ function remote_permissions_content($a, $item_copy) {
|
|||
if($item_copy['uri'] === $item_copy['parent-uri']) {
|
||||
// Lockview for a top-level post
|
||||
$r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s' AND type = 'wall' LIMIT 1",
|
||||
dbesc($item_copy['uri'])
|
||||
DBA::escape($item_copy['uri'])
|
||||
);
|
||||
}
|
||||
else {
|
||||
// Lockview for a comment
|
||||
$r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s'
|
||||
AND parent = ( SELECT id FROM item WHERE uri = '%s' AND type = 'wall' ) LIMIT 1",
|
||||
dbesc($item_copy['uri']),
|
||||
dbesc($item_copy['parent-uri'])
|
||||
DBA::escape($item_copy['uri']),
|
||||
DBA::escape($item_copy['parent-uri'])
|
||||
);
|
||||
}
|
||||
if($r) {
|
||||
|
@ -130,7 +132,7 @@ function remote_permissions_content($a, $item_copy) {
|
|||
|
||||
if(count($allowed_groups)) {
|
||||
$r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )",
|
||||
dbesc(implode(', ', $allowed_groups))
|
||||
DBA::escape(implode(', ', $allowed_groups))
|
||||
);
|
||||
foreach($r as $rr)
|
||||
$allow[] = $rr['contact-id'];
|
||||
|
@ -139,7 +141,7 @@ function remote_permissions_content($a, $item_copy) {
|
|||
|
||||
if(count($deny_groups)) {
|
||||
$r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )",
|
||||
dbesc(implode(', ', $deny_groups))
|
||||
DBA::escape(implode(', ', $deny_groups))
|
||||
);
|
||||
foreach($r as $rr)
|
||||
$deny[] = $rr['contact-id'];
|
||||
|
@ -149,7 +151,7 @@ function remote_permissions_content($a, $item_copy) {
|
|||
if($allow)
|
||||
{
|
||||
$r = q("SELECT name FROM contact WHERE id IN ( %s )",
|
||||
dbesc(implode(', ', array_diff($allow, $deny)))
|
||||
DBA::escape(implode(', ', array_diff($allow, $deny)))
|
||||
);
|
||||
foreach($r as $rr)
|
||||
$allow_names[] = $rr['name'];
|
||||
|
@ -162,8 +164,8 @@ function remote_permissions_content($a, $item_copy) {
|
|||
// will have different URIs than the original. We can match the GUID for
|
||||
// those
|
||||
$r = q("SELECT `uid` FROM item WHERE uri = '%s' OR guid = '%s'",
|
||||
dbesc($item_copy['uri']),
|
||||
dbesc($item_copy['guid'])
|
||||
DBA::escape($item_copy['uri']),
|
||||
DBA::escape($item_copy['guid'])
|
||||
);
|
||||
if(! $r)
|
||||
return;
|
||||
|
@ -173,7 +175,7 @@ function remote_permissions_content($a, $item_copy) {
|
|||
$allow[] = $rr['uid'];
|
||||
|
||||
$r = q("SELECT username FROM user WHERE uid IN ( %s )",
|
||||
dbesc(implode(', ', $allow))
|
||||
DBA::escape(implode(', ', $allow))
|
||||
);
|
||||
if(! $r)
|
||||
return;
|
||||
|
|
|
@ -899,7 +899,7 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
|
|||
"location" => $contact->location, "about" => $contact->description,
|
||||
"addr" => statusnet_address($contact), "generation" => 3]);
|
||||
|
||||
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), dbesc(normalise_link($contact->statusnet_profile_url)), dbesc(NETWORK_STATUSNET));
|
||||
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), DBA::escape(normalise_link($contact->statusnet_profile_url)), DBA::escape(NETWORK_STATUSNET));
|
||||
|
||||
if (!DBA::isResult($r) && !$create_user) {
|
||||
return 0;
|
||||
|
@ -917,28 +917,28 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
|
|||
`location`, `about`, `writable`, `blocked`, `readonly`, `pending` )
|
||||
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0 ) ",
|
||||
intval($uid),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
dbesc($contact->statusnet_profile_url),
|
||||
dbesc(normalise_link($contact->statusnet_profile_url)),
|
||||
dbesc(statusnet_address($contact)),
|
||||
dbesc(normalise_link($contact->statusnet_profile_url)),
|
||||
dbesc(''),
|
||||
dbesc(''),
|
||||
dbesc($contact->name),
|
||||
dbesc($contact->screen_name),
|
||||
dbesc($contact->profile_image_url),
|
||||
dbesc(NETWORK_STATUSNET),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
DBA::escape($contact->statusnet_profile_url),
|
||||
DBA::escape(normalise_link($contact->statusnet_profile_url)),
|
||||
DBA::escape(statusnet_address($contact)),
|
||||
DBA::escape(normalise_link($contact->statusnet_profile_url)),
|
||||
DBA::escape(''),
|
||||
DBA::escape(''),
|
||||
DBA::escape($contact->name),
|
||||
DBA::escape($contact->screen_name),
|
||||
DBA::escape($contact->profile_image_url),
|
||||
DBA::escape(NETWORK_STATUSNET),
|
||||
intval(CONTACT_IS_FRIEND),
|
||||
intval(1),
|
||||
dbesc($contact->location),
|
||||
dbesc($contact->description),
|
||||
DBA::escape($contact->location),
|
||||
DBA::escape($contact->description),
|
||||
intval(1)
|
||||
);
|
||||
|
||||
$r = q("SELECT * FROM `contact` WHERE `alias` = '%s' AND `uid` = %d AND `network` = '%s' LIMIT 1",
|
||||
dbesc($contact->statusnet_profile_url),
|
||||
DBA::escape($contact->statusnet_profile_url),
|
||||
intval($uid),
|
||||
dbesc(NETWORK_STATUSNET));
|
||||
DBA::escape(NETWORK_STATUSNET));
|
||||
|
||||
if (!DBA::isResult($r)) {
|
||||
return false;
|
||||
|
@ -955,10 +955,10 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
|
|||
`micro` = '%s',
|
||||
`avatar-date` = '%s'
|
||||
WHERE `id` = %d",
|
||||
dbesc($photos[0]),
|
||||
dbesc($photos[1]),
|
||||
dbesc($photos[2]),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
DBA::escape($photos[0]),
|
||||
DBA::escape($photos[1]),
|
||||
DBA::escape($photos[2]),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
intval($contact_id)
|
||||
);
|
||||
} else {
|
||||
|
@ -986,19 +986,19 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
|
|||
`location` = '%s',
|
||||
`about` = '%s'
|
||||
WHERE `id` = %d",
|
||||
dbesc($photos[0]),
|
||||
dbesc($photos[1]),
|
||||
dbesc($photos[2]),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
dbesc($contact->statusnet_profile_url),
|
||||
dbesc(normalise_link($contact->statusnet_profile_url)),
|
||||
dbesc(statusnet_address($contact)),
|
||||
dbesc($contact->name),
|
||||
dbesc($contact->screen_name),
|
||||
dbesc($contact->location),
|
||||
dbesc($contact->description),
|
||||
DBA::escape($photos[0]),
|
||||
DBA::escape($photos[1]),
|
||||
DBA::escape($photos[2]),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
DBA::escape($contact->statusnet_profile_url),
|
||||
DBA::escape(normalise_link($contact->statusnet_profile_url)),
|
||||
DBA::escape(statusnet_address($contact)),
|
||||
DBA::escape($contact->name),
|
||||
DBA::escape($contact->screen_name),
|
||||
DBA::escape($contact->location),
|
||||
DBA::escape($contact->description),
|
||||
intval($r[0]['id'])
|
||||
);
|
||||
}
|
||||
|
@ -1520,7 +1520,7 @@ function statusnet_fetch_own_contact(App $a, $uid)
|
|||
$contact_id = statusnet_fetch_contact($uid, $user, true);
|
||||
} else {
|
||||
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
|
||||
intval($uid), dbesc($own_url));
|
||||
intval($uid), DBA::escape($own_url));
|
||||
if (DBA::isResult($r)) {
|
||||
$contact_id = $r[0]["id"];
|
||||
} else {
|
||||
|
|
|
@ -6,9 +6,11 @@
|
|||
* Author: Mike Macgirvin <http://macgirvin.com/profile/mike>
|
||||
*/
|
||||
|
||||
use Friendica\App;
|
||||
use Friendica\Core\Addon;
|
||||
use Friendica\Core\Config;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\User;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
|
||||
|
@ -33,7 +35,7 @@ function testdrive_uninstall() {
|
|||
|
||||
}
|
||||
|
||||
function testdrive_load_config(\Friendica\App $a)
|
||||
function testdrive_load_config(App $a)
|
||||
{
|
||||
$a->loadConfigFile(__DIR__. '/config/testdrive.ini.php');
|
||||
}
|
||||
|
@ -51,7 +53,7 @@ function testdrive_register_account($a,$b) {
|
|||
return;
|
||||
|
||||
$r = q("UPDATE user set account_expires_on = '%s' where uid = %d",
|
||||
dbesc(DateTimeFormat::convert('now +' . $days . ' days')),
|
||||
DBA::escape(DateTimeFormat::convert('now +' . $days . ' days')),
|
||||
intval($uid)
|
||||
);
|
||||
|
||||
|
@ -79,7 +81,7 @@ function testdrive_cron($a,$b) {
|
|||
]);
|
||||
|
||||
q("update user set expire_notification_sent = '%s' where uid = %d",
|
||||
dbesc(DateTimeFormat::utcNow()),
|
||||
DBA::escape(DateTimeFormat::utcNow()),
|
||||
intval($rr['uid'])
|
||||
);
|
||||
|
||||
|
|
|
@ -142,7 +142,7 @@ function twitter_check_item_notification(App $a, &$notification_data)
|
|||
|
||||
$own_user = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
|
||||
intval($notification_data["uid"]),
|
||||
dbesc("twitter::".$own_id)
|
||||
DBA::escape("twitter::".$own_id)
|
||||
);
|
||||
|
||||
if ($own_user) {
|
||||
|
@ -183,7 +183,7 @@ function twitter_follow(App $a, &$contact)
|
|||
$r = q("SELECT name,nick,url,addr,batch,notify,poll,request,confirm,poco,photo,priority,network,alias,pubkey
|
||||
FROM `contact` WHERE `uid` = %d AND `nick` = '%s'",
|
||||
intval($uid),
|
||||
dbesc($nickname));
|
||||
DBA::escape($nickname));
|
||||
if (DBA::isResult($r)) {
|
||||
$contact["contact"] = $r[0];
|
||||
}
|
||||
|
@ -922,7 +922,7 @@ function twitter_fetchtimeline(App $a, $uid)
|
|||
function twitter_queue_hook(App $a, &$b)
|
||||
{
|
||||
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
|
||||
dbesc(NETWORK_TWITTER)
|
||||
DBA::escape(NETWORK_TWITTER)
|
||||
);
|
||||
if (!DBA::isResult($qi)) {
|
||||
return;
|
||||
|
@ -1751,7 +1751,7 @@ function twitter_fetch_own_contact(App $a, $uid)
|
|||
} else {
|
||||
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
|
||||
intval($uid),
|
||||
dbesc("twitter::" . $own_id));
|
||||
DBA::escape("twitter::" . $own_id));
|
||||
if (DBA::isResult($r)) {
|
||||
$contact_id = $r[0]["id"];
|
||||
} else {
|
||||
|
|
|
@ -37,7 +37,7 @@ function like_widget_content(&$a, $conf){
|
|||
// count likes
|
||||
$r = q( $baseq . "AND `item`.`verb` = 'http://activitystrea.ms/schema/1.0/like'",
|
||||
intval($conf['uid']),
|
||||
dbesc($args[0])
|
||||
DBA::escape($args[0])
|
||||
);
|
||||
$likes = $r[0]['c'];
|
||||
$iid = $r[0]['id'];
|
||||
|
@ -45,7 +45,7 @@ function like_widget_content(&$a, $conf){
|
|||
// count dislikes
|
||||
$r = q( $baseq . "AND `item`.`verb` = 'http://purl.org/macgirvin/dfrn/1.0/dislike'",
|
||||
intval($conf['uid']),
|
||||
dbesc($args[0])
|
||||
DBA::escape($args[0])
|
||||
);
|
||||
$dislikes = $r[0]['c'];
|
||||
|
||||
|
|
|
@ -5,21 +5,23 @@
|
|||
* Version: 1.0
|
||||
* Author: Fabio Comuni <http://kirgroup.com/profile/fabrix/>
|
||||
*/
|
||||
|
||||
use Friendica\Core\Addon;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\PConfig;
|
||||
use Friendica\Database\DBA;
|
||||
|
||||
function widgets_install() {
|
||||
Addon::registerHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings');
|
||||
Addon::registerHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post');
|
||||
logger("installed widgets");
|
||||
}
|
||||
|
||||
function widgets_uninstall() {
|
||||
Addon::unregisterHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings');
|
||||
Addon::unregisterHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post');
|
||||
}
|
||||
|
||||
|
||||
function widgets_settings_post(){
|
||||
if(! local_user())
|
||||
return;
|
||||
|
@ -89,7 +91,7 @@ function widgets_content(&$a) {
|
|||
}
|
||||
|
||||
$r = q("SELECT * FROM pconfig WHERE uid IN (SELECT uid FROM pconfig WHERE v='%s')AND cat='widgets'",
|
||||
dbesc($_GET['k'])
|
||||
DBA::escape($_GET['k'])
|
||||
);
|
||||
if (!count($r)){
|
||||
if($a->argv[2]=="cb"){header('HTTP/1.0 400 Bad Request'); killme();}
|
||||
|
|
Loading…
Reference in a new issue