From ee8468affef27864f5f9798942653b33989e3a9e Mon Sep 17 00:00:00 2001
From: Pierre Rudloff <contact@rudloff.pro>
Date: Mon, 18 Dec 2017 13:35:36 +0100
Subject: [PATCH] Improve api_search()

Use dba::p() instead of q()
Move exception to the beginning
Remove useless GROUP BY
Remove useless protect_sprintf()
---
 include/api.php | 79 ++++++++++++++++++++++++-------------------------
 1 file changed, 39 insertions(+), 40 deletions(-)

diff --git a/include/api.php b/include/api.php
index 9cc82560d2..2cf79fa5aa 100644
--- a/include/api.php
+++ b/include/api.php
@@ -1500,49 +1500,48 @@ function api_search($type)
 {
 	$data = array();
 
-	if (x($_REQUEST, 'q')) {
-		if (x($_REQUEST, 'rpp')) {
-			$count = $_REQUEST['rpp'];
-		} elseif (x($_REQUEST, 'count')) {
-			$count = $_REQUEST['count'];
-		} else {
-			$count = 15;
-		}
-
-		$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-		$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-		$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
-
-		$start = $page * $count;
-
-		if ($max_id > 0) {
-			$sql_extra .= ' AND `item`.`id` <= ' . intval($max_id);
-		}
-
-		$r = q(
-			"SELECT %s
-			FROM `item` %s
-			WHERE %s AND (`item`.`uid` = 0 OR (`item`.`uid` = %s AND NOT `item`.`global`))
-			AND `item`.`body` REGEXP '%s'
-			$sql_extra
-			AND `item`.`id`>%d
-			GROUP BY `item`.`uri`, `item`.`id`
-			ORDER BY `item`.`id` DESC LIMIT %d ,%d ",
-			item_fieldlists(),
-			item_joins(),
-			item_condition(),
-			intval(local_user()),
-			dbesc(protect_sprintf(preg_quote($_REQUEST['q']))),
-			intval($since_id),
-			intval($start),
-			intval($count)
-		);
-
-		$data['status'] = api_format_items($r, api_get_user(get_app()));
-	} else {
+	if (!x($_REQUEST, 'q')) {
 		throw new BadRequestException("q parameter is required.");
 	}
 
+	if (x($_REQUEST, 'rpp')) {
+		$count = $_REQUEST['rpp'];
+	} elseif (x($_REQUEST, 'count')) {
+		$count = $_REQUEST['count'];
+	} else {
+		$count = 15;
+	}
+
+	$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
+	$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
+	$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
+
+	$start = $page * $count;
+
+	if ($max_id > 0) {
+		$sql_extra .= ' AND `item`.`id` <= ' . intval($max_id);
+	}
+
+	$r = dba::p(
+		"SELECT ".item_fieldlists()."
+		FROM `item` ".item_joins()."
+		WHERE ".item_condition()." AND (`item`.`uid` = 0 OR (`item`.`uid` = ? AND NOT `item`.`global`))
+		AND `item`.`body` REGEXP ?
+		$sql_extra
+		AND `item`.`id`>?
+		ORDER BY `item`.`id` DESC LIMIT ".intval($start)." ,".intval($count)." ",
+		intval(api_user()),
+		$_REQUEST['q'],
+		intval($since_id)
+	);
+
+	$statuses = array();
+	while ($row = dba::fetch($r)) {
+		$statuses[] = $row;
+	}
+
+	$data['status'] = api_format_items($statuses, api_get_user(get_app()));
+
 	return api_format_data("statuses", $type, $data);
 }