diff --git a/boot.php b/boot.php
index d44d2bddc..e98bfea9d 100644
--- a/boot.php
+++ b/boot.php
@@ -29,6 +29,12 @@ define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
define ( 'JPEG_QUALITY', 100 );
+/**
+ * Not yet used
+ */
+
+define ( 'DEFAULT_DB_ENGINE', 'MyISAM' );
+
/**
* SSL redirection policies
*/
diff --git a/include/text.php b/include/text.php
index 1b5b0afd4..e3c683338 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1524,3 +1524,9 @@ function fix_mce_lf($s) {
$s = str_replace("\n\n","\n",$s);
return $s;
}
+
+
+function protect_sprintf($s) {
+ return(str_replace('%','%%',$s));
+}
+
diff --git a/mod/network.php b/mod/network.php
index 5655f1bfa..e59839ccc 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -340,7 +340,7 @@ function network_content(&$a, $update = 0) {
info( t('Group is empty'));
}
- $sql_extra = " AND `item`.`parent` IN ( SELECT DISTINCT(`parent`) FROM `item` WHERE 1 $sql_options AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` REGEXP '<" . intval($group) . ">' ) and deleted = 0 ) ";
+ $sql_extra = " AND `item`.`parent` IN ( SELECT DISTINCT(`parent`) FROM `item` WHERE 1 $sql_options AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` like '" . protect_sprintf('%<' . intval($group) . '>%') . "' ) and deleted = 0 ) ";
$o = '
' . t('Group: ') . $r[0]['name'] . '
' . $o;
}
elseif($cid) {
@@ -398,9 +398,9 @@ function network_content(&$a, $update = 0) {
if(x($_GET,'search')) {
$search = escape_tags($_GET['search']);
- $sql_extra .= sprintf(" AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' ) ",
- dbesc(preg_quote($search)),
- dbesc('\\]' . preg_quote($search) . '\\[')
+ $sql_extra .= sprintf(" AND ( `item`.`body` like '%s' OR `item`.`tag` like '%s' ) ",
+ dbesc(protect_sprintf('%' . $search . '%')),
+ dbesc(protect_sprintf('%]' . $search . '[%'))
);
}
if(strlen($file)) {
@@ -412,10 +412,10 @@ function network_content(&$a, $update = 0) {
$myurl = substr($myurl,strpos($myurl,'://')+3);
$myurl = str_replace(array('www.','.'),array('','\\.'),$myurl);
$diasp_url = str_replace('/profile/','/u/',$myurl);
- $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` regexp '%s' or `tag` regexp '%s' or tag regexp '%s' )) ",
- dbesc($myurl . '$'),
- dbesc($myurl . '\\]'),
- dbesc($diasp_url . '\\]')
+ $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ",
+ dbesc(protect_sprintf('%s' . $myurl)),
+ dbesc(protect_sprintf('%' . $myurl . '\\]%')),
+ dbesc(protect_sprintf('%' . $diasp_url . '\\]%'))
);
}