Simplify openid query, and (needlessly) quote all fields

Fields quoting was requested by rabuzarus
This commit is contained in:
Sandro Santilli 2016-05-25 16:06:16 +02:00
parent b7bc428630
commit 10e6a243ea

View file

@ -18,7 +18,6 @@ function openid_content(&$a) {
if($openid->validate()) { if($openid->validate()) {
#$authid = normalise_openid($_REQUEST['openid_identity']);
$authid = $_REQUEST['openid_identity']; $authid = $_REQUEST['openid_identity'];
if(! strlen($authid)) { if(! strlen($authid)) {
@ -31,9 +30,11 @@ function openid_content(&$a) {
// mod/settings.php in 8367cad so it might have left mixed // mod/settings.php in 8367cad so it might have left mixed
// records in the user table // records in the user table
// //
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` $r = q("SELECT * FROM `user`
FROM `user` WHERE ( openid = '%s' OR openid = '%s' ) AND blocked = 0 WHERE ( `openid` = '%s' OR `openid` = '%s' )
AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", AND `blocked` = 0 AND `account_expired` = 0
AND `account_removed` = 0 AND `verified` = 1
LIMIT 1",
dbesc($authid), dbesc(normalise_openid($authid)) dbesc($authid), dbesc(normalise_openid($authid))
); );