Merge pull request #2414 from annando/1603-display-query

The display contained bad sql queries
This commit is contained in:
Tobias Diekershoff 2016-03-13 13:18:53 +01:00
commit e884b0e579

View file

@ -17,7 +17,7 @@ function display_init(&$a) {
// Does the local user have this item? // Does the local user have this item?
if (local_user()) { if (local_user()) {
$r = q("SELECT `id`, `parent`, `author-name`, `author-link`, `author-avatar`, `network`, `body`, `uid` FROM `item` $r = q("SELECT `id`, `parent`, `author-name`, `author-link`, `author-avatar`, `network`, `body`, `uid` FROM `item`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `guid` = '%s' AND `uid` = %d", dbesc($a->argv[1]), local_user()); AND `guid` = '%s' AND `uid` = %d", dbesc($a->argv[1]), local_user());
if (count($r)) { if (count($r)) {
$nick = $a->user["nickname"]; $nick = $a->user["nickname"];
@ -30,12 +30,12 @@ function display_init(&$a) {
$r = q("SELECT `user`.`nickname`, `item`.`id`, `item`.`parent`, `item`.`author-name`, $r = q("SELECT `user`.`nickname`, `item`.`id`, `item`.`parent`, `item`.`author-name`,
`item`.`author-link`, `item`.`author-avatar`, `item`.`network`, `item`.`uid`, `item`.`body` `item`.`author-link`, `item`.`author-avatar`, `item`.`network`, `item`.`uid`, `item`.`body`
FROM `item` INNER JOIN `user` ON `user`.`uid` = `item`.`uid` FROM `item` INNER JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
AND `item`.`private` = 0 AND NOT `user`.`hidewall` AND NOT `item`.`private` AND NOT `user`.`hidewall`
AND `item`.`guid` = '%s'", dbesc($a->argv[1])); AND `item`.`guid` = '%s'", dbesc($a->argv[1]));
// AND `item`.`private` = 0 AND `item`.`wall` = 1 // AND NOT `item`.`private` AND `item`.`wall`
if (count($r)) { if (count($r)) {
$nick = $r[0]["nickname"]; $nick = $r[0]["nickname"];
$itemuid = $r[0]["uid"]; $itemuid = $r[0]["uid"];
@ -46,17 +46,17 @@ function display_init(&$a) {
if ($nick == "") { if ($nick == "") {
$r = q("SELECT `item`.`id`, `item`.`parent`, `item`.`author-name`, $r = q("SELECT `item`.`id`, `item`.`parent`, `item`.`author-name`,
`item`.`author-link`, `item`.`author-avatar`, `item`.`network`, `item`.`uid`, `item`.`body` `item`.`author-link`, `item`.`author-avatar`, `item`.`network`, `item`.`uid`, `item`.`body`
FROM `item` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 FROM `item` WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
AND `item`.`private` = 0 AND `item`.`uid` = 0 AND NOT `item`.`private` AND `item`.`uid` = 0
AND `item`.`guid` = '%s'", dbesc($a->argv[1])); AND `item`.`guid` = '%s'", dbesc($a->argv[1]));
// AND `item`.`private` = 0 AND `item`.`wall` = 1 // AND NOT `item`.`private` AND `item`.`wall`
} }
if (count($r)) { if (count($r)) {
if ($r[0]["id"] != $r[0]["parent"]) if ($r[0]["id"] != $r[0]["parent"])
$r = q("SELECT `id`, `author-name`, `author-link`, `author-avatar`, `network`, `body`, `uid` FROM `item` $r = q("SELECT `id`, `author-name`, `author-link`, `author-avatar`, `network`, `body`, `uid` FROM `item`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `id` = %d", $r[0]["parent"]); AND `id` = %d", $r[0]["parent"]);
$profiledata = display_fetchauthor($a, $r[0]); $profiledata = display_fetchauthor($a, $r[0]);
@ -67,7 +67,7 @@ function display_init(&$a) {
if (($nickname != $a->user["nickname"])) { if (($nickname != $a->user["nickname"])) {
$r = q("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `contact`.`avatar-date` AS picdate, `user`.* FROM `profile` $r = q("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `contact`.`avatar-date` AS picdate, `user`.* FROM `profile`
INNER JOIN `contact` on `contact`.`uid` = `profile`.`uid` INNER JOIN `user` ON `profile`.`uid` = `user`.`uid` INNER JOIN `contact` on `contact`.`uid` = `profile`.`uid` INNER JOIN `user` ON `profile`.`uid` = `user`.`uid`
WHERE `user`.`nickname` = '%s' AND `profile`.`is-default` = 1 and `contact`.`self` = 1 LIMIT 1", WHERE `user`.`nickname` = '%s' AND `profile`.`is-default` AND `contact`.`self` LIMIT 1",
dbesc($nickname) dbesc($nickname)
); );
if (count($r)) if (count($r))
@ -120,27 +120,27 @@ function display_fetchauthor($a, $item) {
} }
if (!$skip) { if (!$skip) {
$author = ""; $author = "";
preg_match("/author='(.*?)'/ism", $attributes, $matches); preg_match("/author='(.*?)'/ism", $attributes, $matches);
if ($matches[1] != "") if ($matches[1] != "")
$profiledata["name"] = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8'); $profiledata["name"] = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8');
preg_match('/author="(.*?)"/ism', $attributes, $matches); preg_match('/author="(.*?)"/ism', $attributes, $matches);
if ($matches[1] != "") if ($matches[1] != "")
$profiledata["name"] = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8'); $profiledata["name"] = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8');
$profile = ""; $profile = "";
preg_match("/profile='(.*?)'/ism", $attributes, $matches); preg_match("/profile='(.*?)'/ism", $attributes, $matches);
if ($matches[1] != "") if ($matches[1] != "")
$profiledata["url"] = $matches[1]; $profiledata["url"] = $matches[1];
preg_match('/profile="(.*?)"/ism', $attributes, $matches); preg_match('/profile="(.*?)"/ism', $attributes, $matches);
if ($matches[1] != "") if ($matches[1] != "")
$profiledata["url"] = $matches[1]; $profiledata["url"] = $matches[1];
$avatar = ""; $avatar = "";
preg_match("/avatar='(.*?)'/ism", $attributes, $matches); preg_match("/avatar='(.*?)'/ism", $attributes, $matches);
if ($matches[1] != "") if ($matches[1] != "")
$profiledata["photo"] = $matches[1]; $profiledata["photo"] = $matches[1];
preg_match('/avatar="(.*?)"/ism', $attributes, $matches); preg_match('/avatar="(.*?)"/ism', $attributes, $matches);
@ -257,7 +257,7 @@ function display_content(&$a, $update = 0) {
if (local_user()) { if (local_user()) {
$r = q("SELECT `id` FROM `item` $r = q("SELECT `id` FROM `item`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `guid` = '%s' AND `uid` = %d", dbesc($a->argv[1]), local_user()); AND `guid` = '%s' AND `uid` = %d", dbesc($a->argv[1]), local_user());
if (count($r)) { if (count($r)) {
$item_id = $r[0]["id"]; $item_id = $r[0]["id"];
@ -267,12 +267,12 @@ function display_content(&$a, $update = 0) {
if ($nick == "") { if ($nick == "") {
$r = q("SELECT `user`.`nickname`, `item`.`id` FROM `item` INNER JOIN `user` ON `user`.`uid` = `item`.`uid` $r = q("SELECT `user`.`nickname`, `item`.`id` FROM `item` INNER JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
AND `item`.`private` = 0 AND NOT `user`.`hidewall` AND NOT `item`.`private` AND NOT `user`.`hidewall`
AND `item`.`guid` = '%s'", dbesc($a->argv[1])); AND `item`.`guid` = '%s'", dbesc($a->argv[1]));
// AND `item`.`private` = 0 AND `item`.`wall` = 1 // AND NOT `item`.`private` AND `item`.`wall`
if (count($r)) { if (count($r)) {
$item_id = $r[0]["id"]; $item_id = $r[0]["id"];
$nick = $r[0]["nickname"]; $nick = $r[0]["nickname"];
@ -280,12 +280,12 @@ function display_content(&$a, $update = 0) {
} }
if ($nick == "") { if ($nick == "") {
$r = q("SELECT `item`.`id` FROM `item` $r = q("SELECT `item`.`id` FROM `item`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 WHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
AND `item`.`private` = 0 AND `item`.`uid` = 0 AND NOT `item`.`private` AND `item`.`uid` = 0
AND `item`.`guid` = '%s'", dbesc($a->argv[1])); AND `item`.`guid` = '%s'", dbesc($a->argv[1]));
// AND `item`.`private` = 0 AND `item`.`wall` = 1 // AND NOT `item`.`private` AND `item`.`wall`
if (count($r)) { if (count($r)) {
$item_id = $r[0]["id"]; $item_id = $r[0]["id"];
} }
@ -293,12 +293,22 @@ function display_content(&$a, $update = 0) {
} }
} }
if(! $item_id) { if ($item_id AND !is_numeric($item_id)) {
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($item_id), intval($a->profile['uid']));
if ($r)
$item_id = $r[0]["id"];
else
$item_id = false;
}
if (!$item_id) {
$a->error = 404; $a->error = 404;
notice( t('Item not found.') . EOL); notice(t('Item not found.').EOL);
return; return;
} }
$groups = array(); $groups = array();
$contact = null; $contact = null;
@ -334,7 +344,7 @@ function display_content(&$a, $update = 0) {
} }
} }
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` LIMIT 1",
intval($a->profile['uid']) intval($a->profile['uid'])
); );
if(count($r)) if(count($r))
@ -367,62 +377,53 @@ function display_content(&$a, $update = 0) {
$sql_extra = item_permissions_sql($a->profile['uid'],$remote_contact,$groups); $sql_extra = item_permissions_sql($a->profile['uid'],$remote_contact,$groups);
// AND `item`.`parent` = ( SELECT `parent` FROM `item` FORCE INDEX (PRIMARY, `uri`) WHERE ( `id` = '%s' OR `uri` = '%s' ))
if($update) { if($update) {
$r = q("SELECT id FROM item WHERE item.uid = %d $r = q("SELECT `id` FROM `item` WHERE `item`.`uid` = %d
AND `item`.`parent` = (SELECT `parent` FROM `item` WHERE (`id` = '%s' OR `uri` = '%s')) AND `item`.`parent` = (SELECT `parent` FROM `item` WHERE `id` = %d)
$sql_extra AND unseen = 1", $sql_extra AND `unseen`",
intval($a->profile['uid']), intval($a->profile['uid']),
dbesc($item_id), intval($item_id)
dbesc($item_id)
); );
if(!$r) if(!$r)
return ''; return '';
} }
// AND `item`.`parent` = ( SELECT `parent` FROM `item` FORCE INDEX (PRIMARY, `uri`) WHERE ( `id` = '%s' OR `uri` = '%s' )
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`, $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND NOT `contact`.`blocked` AND NOT `contact`.`pending`
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 WHERE `item`.`uid` = %d AND `item`.`visible` AND NOT `item`.`deleted`
and `item`.`moderated` = 0 AND NOT `item`.`moderated`
AND `item`.`parent` = (SELECT `parent` FROM `item` WHERE (`id` = '%s' OR `uri` = '%s') AND `item`.`parent` = (SELECT `parent` FROM `item` WHERE `id` = %d)
AND uid = %d)
$sql_extra $sql_extra
ORDER BY `parent` DESC, `gravity` ASC, `id` ASC", ORDER BY `parent` DESC, `gravity` ASC, `id` ASC",
intval($a->profile['uid']), intval($a->profile['uid']),
dbesc($item_id), intval($item_id)
dbesc($item_id),
intval($a->profile['uid'])
); );
if(!$r && local_user()) { if(!$r && local_user()) {
// Check if this is another person's link to a post that we have // Check if this is another person's link to a post that we have
$r = q("SELECT `item`.uri FROM `item` $r = q("SELECT `item`.uri FROM `item`
WHERE (`item`.`id` = '%s' OR `item`.`uri` = '%s' ) WHERE (`item`.`id` = %d OR `item`.`uri` = '%s')
LIMIT 1", LIMIT 1",
dbesc($item_id), intval($item_id),
dbesc($item_id) dbesc($item_id)
); );
if($r) { if($r) {
$item_uri = $r[0]['uri']; $item_uri = $r[0]['uri'];
// AND `item`.`parent` = ( SELECT `parent` FROM `item` FORCE INDEX (PRIMARY, `uri`) WHERE `uri` = '%s' AND uid = %d )
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`, $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND NOT `contact`.`blocked` AND NOT `contact`.`pending`
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 WHERE `item`.`uid` = %d AND `item`.`visible` AND NOT `item`.`deleted`
and `item`.`moderated` = 0 AND NOT `item`.`moderated`
AND `item`.`parent` = (SELECT `parent` FROM `item` WHERE `uri` = '%s' AND uid = %d) AND `item`.`parent` = (SELECT `parent` FROM `item` WHERE `uri` = '%s' AND uid = %d)
ORDER BY `parent` DESC, `gravity` ASC, `id` ASC ", ORDER BY `parent` DESC, `gravity` ASC, `id` ASC ",
intval(local_user()), intval(local_user()),
@ -437,7 +438,7 @@ function display_content(&$a, $update = 0) {
if((local_user()) && (local_user() == $a->profile['uid'])) { if((local_user()) && (local_user() == $a->profile['uid'])) {
q("UPDATE `item` SET `unseen` = 0 q("UPDATE `item` SET `unseen` = 0
WHERE `parent` = %d AND `unseen` = 1", WHERE `parent` = %d AND `unseen`",
intval($r[0]['parent']) intval($r[0]['parent'])
); );
} }