diff --git a/include/auth.php b/include/auth.php
index 973aabe65..5e454745e 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -71,23 +71,21 @@ else {
}
}
-// Returns an array of group names this contact is a member of.
-// Since contact-id's are unique and each "belongs" to a given user uid,
-// this array will only contain group names related to the uid of this
+// Returns an array of group id's this contact is a member of.
+// This array will only contain group id's related to the uid of this
// DFRN contact. They are *not* neccessarily unique across the entire site.
if(! function_exists('init_groups_visitor')) {
function init_groups_visitor($contact_id) {
$groups = array();
- $r = q("SELECT `group_member`.`gid`, `group`.`name`
- FROM `group_member` LEFT JOIN `group` ON `group_member`.`gid` = `group`.`id`
- WHERE `group_member`.`contact-id` = %d ",
+ $r = q("SELECT `gid` FROM `group_member`
+ WHERE `contact-id` = %d ",
intval($contact_id)
);
if(count($r)) {
foreach($r as $rr)
- $groups[] = $rr['name'];
+ $groups[] = $rr['gid'];
}
return $groups;
}}
diff --git a/mod/item.php b/mod/item.php
index 672084fe8..ff3f41138 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -1,12 +1,7 @@
';
-}
-
-
function sanitise_acl(&$item) {
- $item = '<' . notags(trim($item)) . '>';
+ $item = '<' . intval(notags(trim($item))) . '>';
}
function item_post(&$a) {
@@ -35,7 +30,7 @@ function item_post(&$a) {
$str_contact_allow = '';
$contact_allow = $_POST['contact_allow'];
if(is_array($contact_allow)) {
- array_walk($contact_allow,'sanitise_intacl');
+ array_walk($contact_allow,'sanitise_acl');
$str_contact_allow = implode('',$contact_allow);
}
@@ -49,7 +44,7 @@ function item_post(&$a) {
$str_contact_deny = '';
$contact_deny = $_POST['contact_deny'];
if(is_array($contact_deny)) {
- array_walk($contact_deny,'sanitise_intacl');
+ array_walk($contact_deny,'sanitise_acl');
$str_contact_deny = implode('',$contact_deny);
}
diff --git a/mod/profile.php b/mod/profile.php
index 37bf04a0c..5a1ac0639 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -170,7 +170,7 @@ function profile_content(&$a) {
$gs = '<<>>'; // should be impossible to match
if(count($groups)) {
foreach($groups as $g)
- $gs .= '|<' . dbesc($g) . '>';
+ $gs .= '|<' . intval($g) . '>';
}
$sql_extra = sprintf(
" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
@@ -180,8 +180,8 @@ function profile_content(&$a) {
intval($_SESSION['visitor_id']),
intval($_SESSION['visitor_id']),
- $gs,
- $gs
+ dbesc($gs),
+ dbesc($gs)
);
}
diff --git a/view/acl_selectors.php b/view/acl_selectors.php
index 7a8072af6..e5df4c65e 100644
--- a/view/acl_selectors.php
+++ b/view/acl_selectors.php
@@ -13,12 +13,12 @@ function group_select($selname,$selclass,$preselected = false) {
if(count($r)) {
foreach($r as $rr) {
- if((is_array($preselected)) && in_array($rr['name'], $preselected))
+ if((is_array($preselected)) && in_array($rr['id'], $preselected))
$selected = " selected=\"selected\" ";
else
$selected = '';
- $o .= "\r\n";
+ $o .= "\r\n";
}
}