friendica
/
friendica-addons
6
0
Fork 0
Code Issues Pull Requests 2 Releases 12 Wiki Activity

[multiple] Rename dbesc to DBA::escape

Browse Source
pull/659/head
Hypolite Petovan 5 years ago committed by Hypolite Petovan
parent d9ec1ef80d
commit 522e8e58c2
14 changed files with 109 additions and 96 deletions
Show Stats Download Patch File Download Diff File

2
diaspora/diaspora.php
Unescape View File

@ -51,7 +51,7 @@ function diaspora_queue_hook(&$a,&$b) {
$hostname = $a->get_hostname();
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
dbesc(NETWORK_DIASPORA2)
DBA::escape(NETWORK_DIASPORA2)
);
if(! count($qi))
return;

2
forumdirectory/forumdirectory.php
Unescape View File

@ -100,7 +100,7 @@ function forumdirectory_content(&$a)
if (strlen($search)) {
$sql_extra = " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`,"
. "`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` )"
. " AGAINST ('" . dbesc($search) . "' IN BOOLEAN MODE) ";
. " AGAINST ('" . DBA::escape($search) . "' IN BOOLEAN MODE) ";
}
$publish = Config::get('system', 'publish_all') ? '' : " AND `publish` = 1 ";

7
gravatar/gravatar.php
Unescape View File

@ -5,9 +5,12 @@
* Version: 1.1
* Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus>
*/
use Friendica\App;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Database\DBA;
/**
* Installs the addon hook
@ -29,7 +32,7 @@ function gravatar_uninstall() {
logger("unregistered gravatar in avatar_lookup hook");
}
function gravatar_load_config(\Friendica\App $a)
function gravatar_load_config(App $a)
{
$a->loadConfigFile(__DIR__. '/config/gravatar.ini.php');
}
@ -93,7 +96,7 @@ function gravatar_addon_admin (&$a, &$o) {
// Check if Libravatar is enabled and show warning
$r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1",
dbesc('libravatar')
DBA::escape('libravatar')
);
if (count($r)) {
$o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Libravatar addon is installed, too. Please disable Libravatar addon or this Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>';

9
jappixmini/jappixmini.php
Unescape View File

@ -67,6 +67,7 @@ use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\PConfig;
use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Util\Network;
@ -195,7 +196,7 @@ function jappixmini_init()
$role = $_REQUEST["role"];
if ($role == "pub") {
$r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", dbesc($dfrn_id));
$r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
if (!count($r)) {
killme();
}
@ -204,7 +205,7 @@ function jappixmini_init()
$decrypt_func = openssl_public_decrypt;
$key = $r[0]["pubkey"];
} else if ($role == "prv") {
$r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", dbesc($dfrn_id));
$r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
if (!count($r)) {
killme();
}
@ -524,7 +525,7 @@ function jappixmini_script(App $a)
$key = $row['k'];
$pos = strpos($key, ":");
$dfrn_id = substr($key, $pos + 1);
$r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", dbesc($dfrn_id), dbesc($dfrn_id));
$r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
if (count($r))
$name = $r[0]["name"];
@ -593,7 +594,7 @@ function jappixmini_cron(App $a, $d)
// for each user, go through list of contacts
$contacts = q("SELECT * FROM `contact` WHERE `uid`=%d AND ((LENGTH(`dfrn-id`) AND LENGTH(`pubkey`)) OR (LENGTH(`issued-id`) AND LENGTH(`prvkey`))) AND `network` = '%s'",
intval($uid), dbesc(NETWORK_DFRN));
intval($uid), DBA::escape(NETWORK_DFRN));
foreach ($contacts as $contact_row) {
$request = $contact_row["request"];
if (!$request) {

7
libravatar/libravatar.php
Unescape View File

@ -5,9 +5,12 @@
* Version: 1.1
* Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus>
*/
use Friendica\App;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Database\DBA;
/**
* Installs the addon hook
@ -29,7 +32,7 @@ function libravatar_uninstall()
logger("unregistered libravatar in avatar_lookup hook");
}
function libravatar_load_config(\Friendica\App $a)
function libravatar_load_config(App $a)
{
$a->loadConfigFile(__DIR__. '/config/libravatar.ini.php');
}
@ -96,7 +99,7 @@ function libravatar_addon_admin(&$a, &$o)
// Libravatar falls back to gravatar, so show warning about gravatar addon if enabled
$r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1",
dbesc('gravatar')
DBA::escape('gravatar')
);
if (count($r)) {
$o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Gravatar addon is installed. Please disable the Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>';

6
mailstream/mailstream.php
Unescape View File

@ -120,8 +120,8 @@ function mailstream_post_hook(&$a, &$item) {
$message_id = mailstream_generate_id($a, $item['uri']);
q("INSERT INTO `mailstream_item` (`uid`, `contact-id`, `uri`, `message-id`) " .
"VALUES (%d, '%s', '%s', '%s')", intval($item['uid']),
intval($item['contact-id']), dbesc($item['uri']), dbesc($message_id));
$r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), dbesc($item['uri']));
intval($item['contact-id']), DBA::escape($item['uri']), DBA::escape($message_id));
$r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), DBA::escape($item['uri']));
if (count($r) != 1) {
logger('mailstream_post_remote_hook: Unexpected number of items returned from mailstream_item', LOGGER_NORMAL);
return;
@ -307,7 +307,7 @@ function mailstream_send($a, $message_id, $item, $user) {
// In case of failure, still set the item to completed. Otherwise
// we'll just try to send it over and over again and it'll fail
// every time.
q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', dbesc($message_id));
q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', DBA::escape($message_id));
}
/**

8
public_server/public_server.php
Unescape View File

@ -57,7 +57,7 @@ function public_server_cron($a, $b)
$r = q("SELECT * FROM `user` WHERE `account_expires_on` < UTC_TIMESTAMP() + INTERVAL 5 DAY AND
`account_expires_on` > '%s' AND
`expire_notification_sent` <= '%s'",
dbesc(NULL_DATE), dbesc(NULL_DATE));
DBA::escape(NULL_DATE), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) {
foreach ($r as $rr) {
@ -81,7 +81,7 @@ function public_server_cron($a, $b)
$nologin = Config::get('public_server', 'nologin', false);
if ($nologin) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` <= '%s' AND `register_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s'",
dbesc(NULL_DATE), intval($nologin), dbesc(NULL_DATE));
DBA::escape(NULL_DATE), intval($nologin), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) {
foreach ($r as $rr) {
$fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')];
@ -93,7 +93,7 @@ function public_server_cron($a, $b)
$flagusers = Config::get('public_server', 'flagusers', false);
if ($flagusers) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' AND `page-flags` = 0",
intval($flagusers), dbesc(NULL_DATE));
intval($flagusers), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) {
foreach ($r as $rr) {
$fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')];
@ -106,7 +106,7 @@ function public_server_cron($a, $b)
$flagpostsexpire = Config::get('public_server', 'flagpostsexpire');
if ($flagposts && $flagpostsexpire) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' and `expire` = 0 AND `page-flags` = 0",
intval($flagposts), dbesc(NULL_DATE));
intval($flagposts), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) {
foreach ($r as $rr) {
DBA::update('user', ['expire' => $flagpostsexpire], ['uid' => $rr['uid']]);

48
pumpio/pumpio.php
Unescape View File

@ -883,7 +883,7 @@ function pumpio_dounlike(App $a, $uid, $self, $post, $own_id)
$contactid = $self[0]['id'];
} else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)),
DBA::escape(normalise_link($post->actor->url)),
intval($uid)
);
@ -938,7 +938,7 @@ function pumpio_dolike(App $a, $uid, $self, $post, $own_id, $threadcompletion =
$post->actor->image->url = $self[0]['photo'];
} else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)),
DBA::escape(normalise_link($post->actor->url)),
intval($uid)
);
@ -1015,7 +1015,7 @@ function pumpio_get_contact($uid, $contact, $no_insert = false)
}
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1",
intval($uid), dbesc(normalise_link($contact->url)));
intval($uid), DBA::escape(normalise_link($contact->url)));
if (!DBA::isResult($r)) {
// create contact record
@ -1024,26 +1024,26 @@ function pumpio_get_contact($uid, $contact, $no_insert = false)
`location`, `about`, `writable`, `blocked`, `readonly`, `pending` )
VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0)",
intval($uid),
dbesc(DateTimeFormat::utcNow()),
dbesc($contact->url),
dbesc(normalise_link($contact->url)),
dbesc(str_replace("acct:", "", $contact->id)),
dbesc(''),
dbesc($contact->id), // What is it for?
dbesc('pump.io ' . $contact->id), // What is it for?
dbesc($contact->displayName),
dbesc($contact->preferredUsername),
dbesc($contact->image->url),
dbesc(NETWORK_PUMPIO),
DBA::escape(DateTimeFormat::utcNow()),
DBA::escape($contact->url),
DBA::escape(normalise_link($contact->url)),
DBA::escape(str_replace("acct:", "", $contact->id)),
DBA::escape(''),
DBA::escape($contact->id), // What is it for?
DBA::escape('pump.io ' . $contact->id), // What is it for?
DBA::escape($contact->displayName),
DBA::escape($contact->preferredUsername),
DBA::escape($contact->image->url),
DBA::escape(NETWORK_PUMPIO),
intval(CONTACT_IS_FRIEND),
intval(1),
dbesc($contact->location->displayName),
dbesc($contact->summary),
DBA::escape($contact->location->displayName),
DBA::escape($contact->summary),
intval(1)
);
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1",
dbesc(normalise_link($contact->url)),
DBA::escape(normalise_link($contact->url)),
intval($uid)
);
@ -1171,7 +1171,7 @@ function pumpio_dopost(App $a, $client, $uid, $self, $post, $own_id, $threadcomp
} elseif ($contact_id == 0) {
// Take an existing contact, the contact of the note or - as a fallback - the id of the user
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)),
DBA::escape(normalise_link($post->actor->url)),
intval($uid)
);
@ -1179,7 +1179,7 @@ function pumpio_dopost(App $a, $client, $uid, $self, $post, $own_id, $threadcomp
$contact_id = $r[0]['id'];
} else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)),
DBA::escape(normalise_link($post->actor->url)),
intval($uid)
);
@ -1304,7 +1304,7 @@ function pumpio_fetchinbox(App $a, $uid)
INNER JOIN `item` ON `item`.`id` = `thread`.`iid`
WHERE `thread`.`network` = '%s' AND `thread`.`uid` = %d AND `item`.`extid` != ''
ORDER BY `thread`.`commented` DESC LIMIT 10",
dbesc(NETWORK_PUMPIO),
DBA::escape(NETWORK_PUMPIO),
intval($uid)
);
@ -1401,7 +1401,7 @@ function pumpio_getallusers(App &$a, $uid)
function pumpio_queue_hook(App $a, array &$b)
{
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
dbesc(NETWORK_PUMPIO)
DBA::escape(NETWORK_PUMPIO)
);
if (!DBA::isResult($qi)) {
@ -1508,7 +1508,7 @@ function pumpio_getreceiver(App $a, array $b)
$r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
intval($cid),
intval($b["uid"]),
dbesc(NETWORK_PUMPIO)
DBA::escape(NETWORK_PUMPIO)
);
if (DBA::isResult($r)) {
@ -1526,7 +1526,7 @@ function pumpio_getreceiver(App $a, array $b)
"FROM `group_member`, `contact` WHERE `group_member`.`gid` = %d ".
"AND `contact`.`id` = `group_member`.`contact-id` AND `contact`.`network` = '%s'",
intval($gid),
dbesc(NETWORK_PUMPIO)
DBA::escape(NETWORK_PUMPIO)
);
foreach ($r AS $row)
@ -1551,7 +1551,7 @@ function pumpio_getreceiver(App $a, array $b)
$r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
intval($cid),
intval($b["uid"]),
dbesc(NETWORK_PUMPIO)
DBA::escape(NETWORK_PUMPIO)
);
if (DBA::isResult($r)) {

22
remote_permissions/remote_permissions.php
Unescape View File

@ -6,10 +6,12 @@
* Author: Zach <https://f.shmuz.in/profile/techcity>
*
*/
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\PConfig;
use Friendica\Database\DBA;
function remote_permissions_install() {
Addon::registerHook('lockview_content', 'addon/remote_permissions/remote_permissions.php', 'remote_permissions_content');
@ -84,7 +86,7 @@ function remote_permissions_content($a, $item_copy) {
// The contact lives here. Get his/her user info
$nick = $r[0]['nick'];
$r = q("SELECT uid FROM user WHERE nickname = '%s' LIMIT 1",
dbesc($nick)
DBA::escape($nick)
);
if(! $r)
return;
@ -104,15 +106,15 @@ function remote_permissions_content($a, $item_copy) {
if($item_copy['uri'] === $item_copy['parent-uri']) {
// Lockview for a top-level post
$r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s' AND type = 'wall' LIMIT 1",
dbesc($item_copy['uri'])
DBA::escape($item_copy['uri'])
);
}
else {
// Lockview for a comment
$r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s'
AND parent = ( SELECT id FROM item WHERE uri = '%s' AND type = 'wall' ) LIMIT 1",
dbesc($item_copy['uri']),
dbesc($item_copy['parent-uri'])
DBA::escape($item_copy['uri']),
DBA::escape($item_copy['parent-uri'])
);
}
if($r) {
@ -130,7 +132,7 @@ function remote_permissions_content($a, $item_copy) {
if(count($allowed_groups)) {
$r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )",
dbesc(implode(', ', $allowed_groups))
DBA::escape(implode(', ', $allowed_groups))
);
foreach($r as $rr)
$allow[] = $rr['contact-id'];
@ -139,7 +141,7 @@ function remote_permissions_content($a, $item_copy) {
if(count($deny_groups)) {
$r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )",
dbesc(implode(', ', $deny_groups))
DBA::escape(implode(', ', $deny_groups))
);
foreach($r as $rr)
$deny[] = $rr['contact-id'];
@ -149,7 +151,7 @@ function remote_permissions_content($a, $item_copy) {
if($allow)
{
$r = q("SELECT name FROM contact WHERE id IN ( %s )",
dbesc(implode(', ', array_diff($allow, $deny)))
DBA::escape(implode(', ', array_diff($allow, $deny)))
);
foreach($r as $rr)
$allow_names[] = $rr['name'];
@ -162,8 +164,8 @@ function remote_permissions_content($a, $item_copy) {
// will have different URIs than the original. We can match the GUID for
// those
$r = q("SELECT `uid` FROM item WHERE uri = '%s' OR guid = '%s'",
dbesc($item_copy['uri']),
dbesc($item_copy['guid'])
DBA::escape($item_copy['uri']),
DBA::escape($item_copy['guid'])
);
if(! $r)
return;
@ -173,7 +175,7 @@ function remote_permissions_content($a, $item_copy) {
$allow[] = $rr['uid'];
$r = q("SELECT username FROM user WHERE uid IN ( %s )",
dbesc(implode(', ', $allow))
DBA::escape(implode(', ', $allow))
);
if(! $r)
return;

68
statusnet/statusnet.php
Unescape View File

@ -899,7 +899,7 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
"location" => $contact->location, "about" => $contact->description,
"addr" => statusnet_address($contact), "generation" => 3]);
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), dbesc(normalise_link($contact->statusnet_profile_url)), dbesc(NETWORK_STATUSNET));
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), DBA::escape(normalise_link($contact->statusnet_profile_url)), DBA::escape(NETWORK_STATUSNET));
if (!DBA::isResult($r) && !$create_user) {
return 0;
@ -917,28 +917,28 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
`location`, `about`, `writable`, `blocked`, `readonly`, `pending` )
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0 ) ",
intval($uid),
dbesc(DateTimeFormat::utcNow()),
dbesc($contact->statusnet_profile_url),
dbesc(normalise_link($contact->statusnet_profile_url)),
dbesc(statusnet_address($contact)),
dbesc(normalise_link($contact->statusnet_profile_url)),
dbesc(''),
dbesc(''),
dbesc($contact->name),
dbesc($contact->screen_name),
dbesc($contact->profile_image_url),
dbesc(NETWORK_STATUSNET),
DBA::escape(DateTimeFormat::utcNow()),
DBA::escape($contact->statusnet_profile_url),
DBA::escape(normalise_link($contact->statusnet_profile_url)),
DBA::escape(statusnet_address($contact)),
DBA::escape(normalise_link($contact->statusnet_profile_url)),
DBA::escape(''),
DBA::escape(''),
DBA::escape($contact->name),
DBA::escape($contact->screen_name),
DBA::escape($contact->profile_image_url),
DBA::escape(NETWORK_STATUSNET),
intval(CONTACT_IS_FRIEND),
intval(1),
dbesc($contact->location),
dbesc($contact->description),
DBA::escape($contact->location),
DBA::escape($contact->description),
intval(1)
);
$r = q("SELECT * FROM `contact` WHERE `alias` = '%s' AND `uid` = %d AND `network` = '%s' LIMIT 1",
dbesc($contact->statusnet_profile_url),
DBA::escape($contact->statusnet_profile_url),
intval($uid),
dbesc(NETWORK_STATUSNET));
DBA::escape(NETWORK_STATUSNET));
if (!DBA::isResult($r)) {
return false;
@ -955,10 +955,10 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
`micro` = '%s',
`avatar-date` = '%s'
WHERE `id` = %d",
dbesc($photos[0]),
dbesc($photos[1]),
dbesc($photos[2]),
dbesc(DateTimeFormat::utcNow()),
DBA::escape($photos[0]),
DBA::escape($photos[1]),
DBA::escape($photos[2]),
DBA::escape(DateTimeFormat::utcNow()),
intval($contact_id)
);
} else {
@ -986,19 +986,19 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
`location` = '%s',
`about` = '%s'
WHERE `id` = %d",
dbesc($photos[0]),
dbesc($photos[1]),
dbesc($photos[2]),
dbesc(DateTimeFormat::utcNow()),
dbesc(DateTimeFormat::utcNow()),
dbesc(DateTimeFormat::utcNow()),
dbesc($contact->statusnet_profile_url),
dbesc(normalise_link($contact->statusnet_profile_url)),
dbesc(statusnet_address($contact)),
dbesc($contact->name),
dbesc($contact->screen_name),
dbesc($contact->location),
dbesc($contact->description),
DBA::escape($photos[0]),
DBA::escape($photos[1]),
DBA::escape($photos[2]),
DBA::escape(DateTimeFormat::utcNow()),
DBA::escape(DateTimeFormat::utcNow()),
DBA::escape(DateTimeFormat::utcNow()),
DBA::escape($contact->statusnet_profile_url),
DBA::escape(normalise_link($contact->statusnet_profile_url)),
DBA::escape(statusnet_address($contact)),
DBA::escape($contact->name),
DBA::escape($contact->screen_name),
DBA::escape($contact->location),
DBA::escape($contact->description),
intval($r[0]['id'])
);
}
@ -1520,7 +1520,7 @@ function statusnet_fetch_own_contact(App $a, $uid)
$contact_id = statusnet_fetch_contact($uid, $user, true);
} else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
intval($uid), dbesc($own_url));
intval($uid), DBA::escape($own_url));
if (DBA::isResult($r)) {
$contact_id = $r[0]["id"];
} else {

8
testdrive/testdrive.php
Unescape View File

@ -6,9 +6,11 @@
* Author: Mike Macgirvin <http://macgirvin.com/profile/mike>
*/
use Friendica\App;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Util\DateTimeFormat;
@ -33,7 +35,7 @@ function testdrive_uninstall() {
}
function testdrive_load_config(\Friendica\App $a)
function testdrive_load_config(App $a)
{
$a->loadConfigFile(__DIR__. '/config/testdrive.ini.php');
}
@ -51,7 +53,7 @@ function testdrive_register_account($a,$b) {
return;
$r = q("UPDATE user set account_expires_on = '%s' where uid = %d",
dbesc(DateTimeFormat::convert('now +' . $days . ' days')),
DBA::escape(DateTimeFormat::convert('now +' . $days . ' days')),
intval($uid)
);
@ -79,7 +81,7 @@ function testdrive_cron($a,$b) {
]);
q("update user set expire_notification_sent = '%s' where uid = %d",
dbesc(DateTimeFormat::utcNow()),
DBA::escape(DateTimeFormat::utcNow()),
intval($rr['uid'])
);

8
twitter/twitter.php
Unescape View File

@ -142,7 +142,7 @@ function twitter_check_item_notification(App $a, &$notification_data)
$own_user = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
intval($notification_data["uid"]),
dbesc("twitter::".$own_id)
DBA::escape("twitter::".$own_id)
);
if ($own_user) {
@ -183,7 +183,7 @@ function twitter_follow(App $a, &$contact)
$r = q("SELECT name,nick,url,addr,batch,notify,poll,request,confirm,poco,photo,priority,network,alias,pubkey
FROM `contact` WHERE `uid` = %d AND `nick` = '%s'",
intval($uid),
dbesc($nickname));
DBA::escape($nickname));
if (DBA::isResult($r)) {
$contact["contact"] = $r[0];
}
@ -922,7 +922,7 @@ function twitter_fetchtimeline(App $a, $uid)
function twitter_queue_hook(App $a, &$b)
{
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
dbesc(NETWORK_TWITTER)
DBA::escape(NETWORK_TWITTER)
);
if (!DBA::isResult($qi)) {
return;
@ -1751,7 +1751,7 @@ function twitter_fetch_own_contact(App $a, $uid)
} else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
intval($uid),
dbesc("twitter::" . $own_id));
DBA::escape("twitter::" . $own_id));
if (DBA::isResult($r)) {
$contact_id = $r[0]["id"];
} else {

4
widgets/widget_like.php
Unescape View File

@ -37,7 +37,7 @@ function like_widget_content(&$a, $conf){
// count likes
$r = q( $baseq . "AND `item`.`verb` = 'http://activitystrea.ms/schema/1.0/like'",
intval($conf['uid']),
dbesc($args[0])
DBA::escape($args[0])
);
$likes = $r[0]['c'];
$iid = $r[0]['id'];
@ -45,7 +45,7 @@ function like_widget_content(&$a, $conf){
// count dislikes
$r = q( $baseq . "AND `item`.`verb` = 'http://purl.org/macgirvin/dfrn/1.0/dislike'",
intval($conf['uid']),
dbesc($args[0])
DBA::escape($args[0])
);
$dislikes = $r[0]['c'];

6
widgets/widgets.php
Unescape View File

@ -5,21 +5,23 @@
* Version: 1.0
* Author: Fabio Comuni <http://kirgroup.com/profile/fabrix/>
*/
use Friendica\Core\Addon;
use Friendica\Core\L10n;
use Friendica\Core\PConfig;
use Friendica\Database\DBA;
function widgets_install() {
Addon::registerHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings');
Addon::registerHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post');
logger("installed widgets");
}
function widgets_uninstall() {
Addon::unregisterHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings');
Addon::unregisterHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post');
}
function widgets_settings_post(){
if(! local_user())
return;
@ -89,7 +91,7 @@ function widgets_content(&$a) {
}
$r = q("SELECT * FROM pconfig WHERE uid IN (SELECT uid FROM pconfig WHERE v='%s')AND cat='widgets'",
dbesc($_GET['k'])
DBA::escape($_GET['k'])
);
if (!count($r)){
if($a->argv[2]=="cb"){header('HTTP/1.0 400 Bad Request'); killme();}

Write Preview
Loading…
Cancel
Save