From 4a47425bfd64f5ba04139899880fce21ddcc0623 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Wed, 27 Feb 2019 20:17:35 +0100 Subject: [PATCH 1/2] admin mail list seems wrong escaped --- src/Core/Update.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Core/Update.php b/src/Core/Update.php index 0a0f365d1..1a1566ad8 100644 --- a/src/Core/Update.php +++ b/src/Core/Update.php @@ -209,7 +209,7 @@ class Update */ private static function updateFailed($update_id, $error_message) { //send the administrators an e-mail - $admin_mail_list = "'".implode("','", array_map(['Friendica\Database\DBA', 'escape'], explode(",", str_replace(" ", "", Config::get('config', 'admin_email')))))."'"; + $admin_mail_list = explode(",", str_replace(" ", "", Config::get('config', 'admin_email'))); $adminlist = DBA::select('user', ['uid', 'language', 'email'], ['`email` IN (%s)', $admin_mail_list]); // No valid result? @@ -251,7 +251,7 @@ class Update private static function updateSuccessfull($from_build, $to_build) { //send the administrators an e-mail - $admin_mail_list = "'".implode("','", array_map(['Friendica\Database\DBA', 'escape'], explode(",", str_replace(" ", "", Config::get('config', 'admin_email')))))."'"; + $admin_mail_list = explode(",", str_replace(" ", "", Config::get('config', 'admin_email'))); $adminlist = DBA::select('user', ['uid', 'language', 'email'], ['`email` IN (%s)', $admin_mail_list]); if (DBA::isResult($adminlist)) { From 739449926cb1af9cdd948d164caa21f896d69b9f Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Wed, 27 Feb 2019 20:30:08 +0100 Subject: [PATCH 2/2] '%' is deprecated --- src/Core/Update.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/Core/Update.php b/src/Core/Update.php index 1a1566ad8..115abbab1 100644 --- a/src/Core/Update.php +++ b/src/Core/Update.php @@ -209,8 +209,7 @@ class Update */ private static function updateFailed($update_id, $error_message) { //send the administrators an e-mail - $admin_mail_list = explode(",", str_replace(" ", "", Config::get('config', 'admin_email'))); - $adminlist = DBA::select('user', ['uid', 'language', 'email'], ['`email` IN (%s)', $admin_mail_list]); + $adminlist = DBA::select('user', ['uid', 'language', 'email'], ['email' => explode(",", str_replace(" ", "", Config::get('config', 'admin_email')))]); // No valid result? if (!DBA::isResult($adminlist)) { @@ -251,8 +250,7 @@ class Update private static function updateSuccessfull($from_build, $to_build) { //send the administrators an e-mail - $admin_mail_list = explode(",", str_replace(" ", "", Config::get('config', 'admin_email'))); - $adminlist = DBA::select('user', ['uid', 'language', 'email'], ['`email` IN (%s)', $admin_mail_list]); + $adminlist = DBA::select('user', ['uid', 'language', 'email'], ['email' => explode(",", str_replace(" ", "", Config::get('config', 'admin_email')))]); if (DBA::isResult($adminlist)) { // every admin could had different language