diff --git a/diaspora/diaspora.php b/diaspora/diaspora.php index 79cd236d7..490cd4d8b 100644 --- a/diaspora/diaspora.php +++ b/diaspora/diaspora.php @@ -51,7 +51,7 @@ function diaspora_queue_hook(&$a,&$b) { $hostname = $a->get_hostname(); $qi = q("SELECT * FROM `queue` WHERE `network` = '%s'", - dbesc(NETWORK_DIASPORA2) + DBA::escape(NETWORK_DIASPORA2) ); if(! count($qi)) return; diff --git a/forumdirectory/forumdirectory.php b/forumdirectory/forumdirectory.php index c71c4a388..d3e724c15 100644 --- a/forumdirectory/forumdirectory.php +++ b/forumdirectory/forumdirectory.php @@ -100,7 +100,7 @@ function forumdirectory_content(&$a) if (strlen($search)) { $sql_extra = " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`," . "`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` )" - . " AGAINST ('" . dbesc($search) . "' IN BOOLEAN MODE) "; + . " AGAINST ('" . DBA::escape($search) . "' IN BOOLEAN MODE) "; } $publish = Config::get('system', 'publish_all') ? '' : " AND `publish` = 1 "; diff --git a/gravatar/gravatar.php b/gravatar/gravatar.php index 7e5a918bc..00d8e5b32 100644 --- a/gravatar/gravatar.php +++ b/gravatar/gravatar.php @@ -5,9 +5,12 @@ * Version: 1.1 * Author: Klaus Weidenbach */ + +use Friendica\App; use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; +use Friendica\Database\DBA; /** * Installs the addon hook @@ -29,7 +32,7 @@ function gravatar_uninstall() { logger("unregistered gravatar in avatar_lookup hook"); } -function gravatar_load_config(\Friendica\App $a) +function gravatar_load_config(App $a) { $a->loadConfigFile(__DIR__. '/config/gravatar.ini.php'); } @@ -93,7 +96,7 @@ function gravatar_addon_admin (&$a, &$o) { // Check if Libravatar is enabled and show warning $r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1", - dbesc('libravatar') + DBA::escape('libravatar') ); if (count($r)) { $o = '
' .L10n::t('Information') .'

' .L10n::t('Libravatar addon is installed, too. Please disable Libravatar addon or this Gravatar addon.
The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'



'; diff --git a/jappixmini/jappixmini.php b/jappixmini/jappixmini.php index 372193fbf..7b4a9cb64 100644 --- a/jappixmini/jappixmini.php +++ b/jappixmini/jappixmini.php @@ -67,6 +67,7 @@ use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\PConfig; +use Friendica\Database\DBA; use Friendica\Model\User; use Friendica\Util\Network; @@ -195,7 +196,7 @@ function jappixmini_init() $role = $_REQUEST["role"]; if ($role == "pub") { - $r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", dbesc($dfrn_id)); + $r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", DBA::escape($dfrn_id)); if (!count($r)) { killme(); } @@ -204,7 +205,7 @@ function jappixmini_init() $decrypt_func = openssl_public_decrypt; $key = $r[0]["pubkey"]; } else if ($role == "prv") { - $r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", dbesc($dfrn_id)); + $r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", DBA::escape($dfrn_id)); if (!count($r)) { killme(); } @@ -524,7 +525,7 @@ function jappixmini_script(App $a) $key = $row['k']; $pos = strpos($key, ":"); $dfrn_id = substr($key, $pos + 1); - $r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", dbesc($dfrn_id), dbesc($dfrn_id)); + $r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", DBA::escape($dfrn_id), DBA::escape($dfrn_id)); if (count($r)) $name = $r[0]["name"]; @@ -593,7 +594,7 @@ function jappixmini_cron(App $a, $d) // for each user, go through list of contacts $contacts = q("SELECT * FROM `contact` WHERE `uid`=%d AND ((LENGTH(`dfrn-id`) AND LENGTH(`pubkey`)) OR (LENGTH(`issued-id`) AND LENGTH(`prvkey`))) AND `network` = '%s'", - intval($uid), dbesc(NETWORK_DFRN)); + intval($uid), DBA::escape(NETWORK_DFRN)); foreach ($contacts as $contact_row) { $request = $contact_row["request"]; if (!$request) { diff --git a/libravatar/libravatar.php b/libravatar/libravatar.php index 14bc0358b..ee283f0c5 100644 --- a/libravatar/libravatar.php +++ b/libravatar/libravatar.php @@ -5,9 +5,12 @@ * Version: 1.1 * Author: Klaus Weidenbach */ + +use Friendica\App; use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; +use Friendica\Database\DBA; /** * Installs the addon hook @@ -29,7 +32,7 @@ function libravatar_uninstall() logger("unregistered libravatar in avatar_lookup hook"); } -function libravatar_load_config(\Friendica\App $a) +function libravatar_load_config(App $a) { $a->loadConfigFile(__DIR__. '/config/libravatar.ini.php'); } @@ -96,7 +99,7 @@ function libravatar_addon_admin(&$a, &$o) // Libravatar falls back to gravatar, so show warning about gravatar addon if enabled $r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1", - dbesc('gravatar') + DBA::escape('gravatar') ); if (count($r)) { $o = '
' .L10n::t('Information') .'

' .L10n::t('Gravatar addon is installed. Please disable the Gravatar addon.
The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'



'; diff --git a/mailstream/mailstream.php b/mailstream/mailstream.php index 012416b81..8b3c6ede0 100644 --- a/mailstream/mailstream.php +++ b/mailstream/mailstream.php @@ -120,8 +120,8 @@ function mailstream_post_hook(&$a, &$item) { $message_id = mailstream_generate_id($a, $item['uri']); q("INSERT INTO `mailstream_item` (`uid`, `contact-id`, `uri`, `message-id`) " . "VALUES (%d, '%s', '%s', '%s')", intval($item['uid']), - intval($item['contact-id']), dbesc($item['uri']), dbesc($message_id)); - $r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), dbesc($item['uri'])); + intval($item['contact-id']), DBA::escape($item['uri']), DBA::escape($message_id)); + $r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), DBA::escape($item['uri'])); if (count($r) != 1) { logger('mailstream_post_remote_hook: Unexpected number of items returned from mailstream_item', LOGGER_NORMAL); return; @@ -307,7 +307,7 @@ function mailstream_send($a, $message_id, $item, $user) { // In case of failure, still set the item to completed. Otherwise // we'll just try to send it over and over again and it'll fail // every time. - q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', dbesc($message_id)); + q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', DBA::escape($message_id)); } /** diff --git a/public_server/public_server.php b/public_server/public_server.php index 1fbd41b8c..19aca3a86 100644 --- a/public_server/public_server.php +++ b/public_server/public_server.php @@ -57,7 +57,7 @@ function public_server_cron($a, $b) $r = q("SELECT * FROM `user` WHERE `account_expires_on` < UTC_TIMESTAMP() + INTERVAL 5 DAY AND `account_expires_on` > '%s' AND `expire_notification_sent` <= '%s'", - dbesc(NULL_DATE), dbesc(NULL_DATE)); + DBA::escape(NULL_DATE), DBA::escape(NULL_DATE)); if (DBA::isResult($r)) { foreach ($r as $rr) { @@ -81,7 +81,7 @@ function public_server_cron($a, $b) $nologin = Config::get('public_server', 'nologin', false); if ($nologin) { $r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` <= '%s' AND `register_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s'", - dbesc(NULL_DATE), intval($nologin), dbesc(NULL_DATE)); + DBA::escape(NULL_DATE), intval($nologin), DBA::escape(NULL_DATE)); if (DBA::isResult($r)) { foreach ($r as $rr) { $fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')]; @@ -93,7 +93,7 @@ function public_server_cron($a, $b) $flagusers = Config::get('public_server', 'flagusers', false); if ($flagusers) { $r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' AND `page-flags` = 0", - intval($flagusers), dbesc(NULL_DATE)); + intval($flagusers), DBA::escape(NULL_DATE)); if (DBA::isResult($r)) { foreach ($r as $rr) { $fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')]; @@ -106,7 +106,7 @@ function public_server_cron($a, $b) $flagpostsexpire = Config::get('public_server', 'flagpostsexpire'); if ($flagposts && $flagpostsexpire) { $r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' and `expire` = 0 AND `page-flags` = 0", - intval($flagposts), dbesc(NULL_DATE)); + intval($flagposts), DBA::escape(NULL_DATE)); if (DBA::isResult($r)) { foreach ($r as $rr) { DBA::update('user', ['expire' => $flagpostsexpire], ['uid' => $rr['uid']]); diff --git a/pumpio/pumpio.php b/pumpio/pumpio.php index 6a6cc606b..fb96d5b69 100644 --- a/pumpio/pumpio.php +++ b/pumpio/pumpio.php @@ -883,7 +883,7 @@ function pumpio_dounlike(App $a, $uid, $self, $post, $own_id) $contactid = $self[0]['id']; } else { $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", - dbesc(normalise_link($post->actor->url)), + DBA::escape(normalise_link($post->actor->url)), intval($uid) ); @@ -938,7 +938,7 @@ function pumpio_dolike(App $a, $uid, $self, $post, $own_id, $threadcompletion = $post->actor->image->url = $self[0]['photo']; } else { $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", - dbesc(normalise_link($post->actor->url)), + DBA::escape(normalise_link($post->actor->url)), intval($uid) ); @@ -1015,7 +1015,7 @@ function pumpio_get_contact($uid, $contact, $no_insert = false) } $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1", - intval($uid), dbesc(normalise_link($contact->url))); + intval($uid), DBA::escape(normalise_link($contact->url))); if (!DBA::isResult($r)) { // create contact record @@ -1024,26 +1024,26 @@ function pumpio_get_contact($uid, $contact, $no_insert = false) `location`, `about`, `writable`, `blocked`, `readonly`, `pending` ) VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0)", intval($uid), - dbesc(DateTimeFormat::utcNow()), - dbesc($contact->url), - dbesc(normalise_link($contact->url)), - dbesc(str_replace("acct:", "", $contact->id)), - dbesc(''), - dbesc($contact->id), // What is it for? - dbesc('pump.io ' . $contact->id), // What is it for? - dbesc($contact->displayName), - dbesc($contact->preferredUsername), - dbesc($contact->image->url), - dbesc(NETWORK_PUMPIO), + DBA::escape(DateTimeFormat::utcNow()), + DBA::escape($contact->url), + DBA::escape(normalise_link($contact->url)), + DBA::escape(str_replace("acct:", "", $contact->id)), + DBA::escape(''), + DBA::escape($contact->id), // What is it for? + DBA::escape('pump.io ' . $contact->id), // What is it for? + DBA::escape($contact->displayName), + DBA::escape($contact->preferredUsername), + DBA::escape($contact->image->url), + DBA::escape(NETWORK_PUMPIO), intval(CONTACT_IS_FRIEND), intval(1), - dbesc($contact->location->displayName), - dbesc($contact->summary), + DBA::escape($contact->location->displayName), + DBA::escape($contact->summary), intval(1) ); $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1", - dbesc(normalise_link($contact->url)), + DBA::escape(normalise_link($contact->url)), intval($uid) ); @@ -1171,7 +1171,7 @@ function pumpio_dopost(App $a, $client, $uid, $self, $post, $own_id, $threadcomp } elseif ($contact_id == 0) { // Take an existing contact, the contact of the note or - as a fallback - the id of the user $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", - dbesc(normalise_link($post->actor->url)), + DBA::escape(normalise_link($post->actor->url)), intval($uid) ); @@ -1179,7 +1179,7 @@ function pumpio_dopost(App $a, $client, $uid, $self, $post, $own_id, $threadcomp $contact_id = $r[0]['id']; } else { $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", - dbesc(normalise_link($post->actor->url)), + DBA::escape(normalise_link($post->actor->url)), intval($uid) ); @@ -1304,7 +1304,7 @@ function pumpio_fetchinbox(App $a, $uid) INNER JOIN `item` ON `item`.`id` = `thread`.`iid` WHERE `thread`.`network` = '%s' AND `thread`.`uid` = %d AND `item`.`extid` != '' ORDER BY `thread`.`commented` DESC LIMIT 10", - dbesc(NETWORK_PUMPIO), + DBA::escape(NETWORK_PUMPIO), intval($uid) ); @@ -1401,7 +1401,7 @@ function pumpio_getallusers(App &$a, $uid) function pumpio_queue_hook(App $a, array &$b) { $qi = q("SELECT * FROM `queue` WHERE `network` = '%s'", - dbesc(NETWORK_PUMPIO) + DBA::escape(NETWORK_PUMPIO) ); if (!DBA::isResult($qi)) { @@ -1508,7 +1508,7 @@ function pumpio_getreceiver(App $a, array $b) $r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", intval($cid), intval($b["uid"]), - dbesc(NETWORK_PUMPIO) + DBA::escape(NETWORK_PUMPIO) ); if (DBA::isResult($r)) { @@ -1526,7 +1526,7 @@ function pumpio_getreceiver(App $a, array $b) "FROM `group_member`, `contact` WHERE `group_member`.`gid` = %d ". "AND `contact`.`id` = `group_member`.`contact-id` AND `contact`.`network` = '%s'", intval($gid), - dbesc(NETWORK_PUMPIO) + DBA::escape(NETWORK_PUMPIO) ); foreach ($r AS $row) @@ -1551,7 +1551,7 @@ function pumpio_getreceiver(App $a, array $b) $r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", intval($cid), intval($b["uid"]), - dbesc(NETWORK_PUMPIO) + DBA::escape(NETWORK_PUMPIO) ); if (DBA::isResult($r)) { diff --git a/remote_permissions/remote_permissions.php b/remote_permissions/remote_permissions.php index 94bdf5c11..a9f5b51ef 100644 --- a/remote_permissions/remote_permissions.php +++ b/remote_permissions/remote_permissions.php @@ -6,10 +6,12 @@ * Author: Zach * */ + use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\PConfig; +use Friendica\Database\DBA; function remote_permissions_install() { Addon::registerHook('lockview_content', 'addon/remote_permissions/remote_permissions.php', 'remote_permissions_content'); @@ -84,7 +86,7 @@ function remote_permissions_content($a, $item_copy) { // The contact lives here. Get his/her user info $nick = $r[0]['nick']; $r = q("SELECT uid FROM user WHERE nickname = '%s' LIMIT 1", - dbesc($nick) + DBA::escape($nick) ); if(! $r) return; @@ -104,15 +106,15 @@ function remote_permissions_content($a, $item_copy) { if($item_copy['uri'] === $item_copy['parent-uri']) { // Lockview for a top-level post $r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s' AND type = 'wall' LIMIT 1", - dbesc($item_copy['uri']) + DBA::escape($item_copy['uri']) ); } else { // Lockview for a comment $r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s' AND parent = ( SELECT id FROM item WHERE uri = '%s' AND type = 'wall' ) LIMIT 1", - dbesc($item_copy['uri']), - dbesc($item_copy['parent-uri']) + DBA::escape($item_copy['uri']), + DBA::escape($item_copy['parent-uri']) ); } if($r) { @@ -130,7 +132,7 @@ function remote_permissions_content($a, $item_copy) { if(count($allowed_groups)) { $r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )", - dbesc(implode(', ', $allowed_groups)) + DBA::escape(implode(', ', $allowed_groups)) ); foreach($r as $rr) $allow[] = $rr['contact-id']; @@ -139,7 +141,7 @@ function remote_permissions_content($a, $item_copy) { if(count($deny_groups)) { $r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )", - dbesc(implode(', ', $deny_groups)) + DBA::escape(implode(', ', $deny_groups)) ); foreach($r as $rr) $deny[] = $rr['contact-id']; @@ -149,7 +151,7 @@ function remote_permissions_content($a, $item_copy) { if($allow) { $r = q("SELECT name FROM contact WHERE id IN ( %s )", - dbesc(implode(', ', array_diff($allow, $deny))) + DBA::escape(implode(', ', array_diff($allow, $deny))) ); foreach($r as $rr) $allow_names[] = $rr['name']; @@ -162,8 +164,8 @@ function remote_permissions_content($a, $item_copy) { // will have different URIs than the original. We can match the GUID for // those $r = q("SELECT `uid` FROM item WHERE uri = '%s' OR guid = '%s'", - dbesc($item_copy['uri']), - dbesc($item_copy['guid']) + DBA::escape($item_copy['uri']), + DBA::escape($item_copy['guid']) ); if(! $r) return; @@ -173,7 +175,7 @@ function remote_permissions_content($a, $item_copy) { $allow[] = $rr['uid']; $r = q("SELECT username FROM user WHERE uid IN ( %s )", - dbesc(implode(', ', $allow)) + DBA::escape(implode(', ', $allow)) ); if(! $r) return; diff --git a/statusnet/statusnet.php b/statusnet/statusnet.php index c1701e088..58f4485e1 100644 --- a/statusnet/statusnet.php +++ b/statusnet/statusnet.php @@ -899,7 +899,7 @@ function statusnet_fetch_contact($uid, $contact, $create_user) "location" => $contact->location, "about" => $contact->description, "addr" => statusnet_address($contact), "generation" => 3]); - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), dbesc(normalise_link($contact->statusnet_profile_url)), dbesc(NETWORK_STATUSNET)); + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), DBA::escape(normalise_link($contact->statusnet_profile_url)), DBA::escape(NETWORK_STATUSNET)); if (!DBA::isResult($r) && !$create_user) { return 0; @@ -917,28 +917,28 @@ function statusnet_fetch_contact($uid, $contact, $create_user) `location`, `about`, `writable`, `blocked`, `readonly`, `pending` ) VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0 ) ", intval($uid), - dbesc(DateTimeFormat::utcNow()), - dbesc($contact->statusnet_profile_url), - dbesc(normalise_link($contact->statusnet_profile_url)), - dbesc(statusnet_address($contact)), - dbesc(normalise_link($contact->statusnet_profile_url)), - dbesc(''), - dbesc(''), - dbesc($contact->name), - dbesc($contact->screen_name), - dbesc($contact->profile_image_url), - dbesc(NETWORK_STATUSNET), + DBA::escape(DateTimeFormat::utcNow()), + DBA::escape($contact->statusnet_profile_url), + DBA::escape(normalise_link($contact->statusnet_profile_url)), + DBA::escape(statusnet_address($contact)), + DBA::escape(normalise_link($contact->statusnet_profile_url)), + DBA::escape(''), + DBA::escape(''), + DBA::escape($contact->name), + DBA::escape($contact->screen_name), + DBA::escape($contact->profile_image_url), + DBA::escape(NETWORK_STATUSNET), intval(CONTACT_IS_FRIEND), intval(1), - dbesc($contact->location), - dbesc($contact->description), + DBA::escape($contact->location), + DBA::escape($contact->description), intval(1) ); $r = q("SELECT * FROM `contact` WHERE `alias` = '%s' AND `uid` = %d AND `network` = '%s' LIMIT 1", - dbesc($contact->statusnet_profile_url), + DBA::escape($contact->statusnet_profile_url), intval($uid), - dbesc(NETWORK_STATUSNET)); + DBA::escape(NETWORK_STATUSNET)); if (!DBA::isResult($r)) { return false; @@ -955,10 +955,10 @@ function statusnet_fetch_contact($uid, $contact, $create_user) `micro` = '%s', `avatar-date` = '%s' WHERE `id` = %d", - dbesc($photos[0]), - dbesc($photos[1]), - dbesc($photos[2]), - dbesc(DateTimeFormat::utcNow()), + DBA::escape($photos[0]), + DBA::escape($photos[1]), + DBA::escape($photos[2]), + DBA::escape(DateTimeFormat::utcNow()), intval($contact_id) ); } else { @@ -986,19 +986,19 @@ function statusnet_fetch_contact($uid, $contact, $create_user) `location` = '%s', `about` = '%s' WHERE `id` = %d", - dbesc($photos[0]), - dbesc($photos[1]), - dbesc($photos[2]), - dbesc(DateTimeFormat::utcNow()), - dbesc(DateTimeFormat::utcNow()), - dbesc(DateTimeFormat::utcNow()), - dbesc($contact->statusnet_profile_url), - dbesc(normalise_link($contact->statusnet_profile_url)), - dbesc(statusnet_address($contact)), - dbesc($contact->name), - dbesc($contact->screen_name), - dbesc($contact->location), - dbesc($contact->description), + DBA::escape($photos[0]), + DBA::escape($photos[1]), + DBA::escape($photos[2]), + DBA::escape(DateTimeFormat::utcNow()), + DBA::escape(DateTimeFormat::utcNow()), + DBA::escape(DateTimeFormat::utcNow()), + DBA::escape($contact->statusnet_profile_url), + DBA::escape(normalise_link($contact->statusnet_profile_url)), + DBA::escape(statusnet_address($contact)), + DBA::escape($contact->name), + DBA::escape($contact->screen_name), + DBA::escape($contact->location), + DBA::escape($contact->description), intval($r[0]['id']) ); } @@ -1520,7 +1520,7 @@ function statusnet_fetch_own_contact(App $a, $uid) $contact_id = statusnet_fetch_contact($uid, $user, true); } else { $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1", - intval($uid), dbesc($own_url)); + intval($uid), DBA::escape($own_url)); if (DBA::isResult($r)) { $contact_id = $r[0]["id"]; } else { diff --git a/testdrive/testdrive.php b/testdrive/testdrive.php index 8e71103f7..e67479df8 100644 --- a/testdrive/testdrive.php +++ b/testdrive/testdrive.php @@ -6,9 +6,11 @@ * Author: Mike Macgirvin */ +use Friendica\App; use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; +use Friendica\Database\DBA; use Friendica\Model\User; use Friendica\Util\DateTimeFormat; @@ -33,7 +35,7 @@ function testdrive_uninstall() { } -function testdrive_load_config(\Friendica\App $a) +function testdrive_load_config(App $a) { $a->loadConfigFile(__DIR__. '/config/testdrive.ini.php'); } @@ -51,7 +53,7 @@ function testdrive_register_account($a,$b) { return; $r = q("UPDATE user set account_expires_on = '%s' where uid = %d", - dbesc(DateTimeFormat::convert('now +' . $days . ' days')), + DBA::escape(DateTimeFormat::convert('now +' . $days . ' days')), intval($uid) ); @@ -79,7 +81,7 @@ function testdrive_cron($a,$b) { ]); q("update user set expire_notification_sent = '%s' where uid = %d", - dbesc(DateTimeFormat::utcNow()), + DBA::escape(DateTimeFormat::utcNow()), intval($rr['uid']) ); diff --git a/twitter/twitter.php b/twitter/twitter.php index 786b34743..591887057 100644 --- a/twitter/twitter.php +++ b/twitter/twitter.php @@ -142,7 +142,7 @@ function twitter_check_item_notification(App $a, &$notification_data) $own_user = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1", intval($notification_data["uid"]), - dbesc("twitter::".$own_id) + DBA::escape("twitter::".$own_id) ); if ($own_user) { @@ -183,7 +183,7 @@ function twitter_follow(App $a, &$contact) $r = q("SELECT name,nick,url,addr,batch,notify,poll,request,confirm,poco,photo,priority,network,alias,pubkey FROM `contact` WHERE `uid` = %d AND `nick` = '%s'", intval($uid), - dbesc($nickname)); + DBA::escape($nickname)); if (DBA::isResult($r)) { $contact["contact"] = $r[0]; } @@ -922,7 +922,7 @@ function twitter_fetchtimeline(App $a, $uid) function twitter_queue_hook(App $a, &$b) { $qi = q("SELECT * FROM `queue` WHERE `network` = '%s'", - dbesc(NETWORK_TWITTER) + DBA::escape(NETWORK_TWITTER) ); if (!DBA::isResult($qi)) { return; @@ -1751,7 +1751,7 @@ function twitter_fetch_own_contact(App $a, $uid) } else { $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1", intval($uid), - dbesc("twitter::" . $own_id)); + DBA::escape("twitter::" . $own_id)); if (DBA::isResult($r)) { $contact_id = $r[0]["id"]; } else { diff --git a/widgets/widget_like.php b/widgets/widget_like.php index 5f03c12eb..2e3879544 100644 --- a/widgets/widget_like.php +++ b/widgets/widget_like.php @@ -37,7 +37,7 @@ function like_widget_content(&$a, $conf){ // count likes $r = q( $baseq . "AND `item`.`verb` = 'http://activitystrea.ms/schema/1.0/like'", intval($conf['uid']), - dbesc($args[0]) + DBA::escape($args[0]) ); $likes = $r[0]['c']; $iid = $r[0]['id']; @@ -45,7 +45,7 @@ function like_widget_content(&$a, $conf){ // count dislikes $r = q( $baseq . "AND `item`.`verb` = 'http://purl.org/macgirvin/dfrn/1.0/dislike'", intval($conf['uid']), - dbesc($args[0]) + DBA::escape($args[0]) ); $dislikes = $r[0]['c']; diff --git a/widgets/widgets.php b/widgets/widgets.php index 1c7489f1c..deea77acc 100644 --- a/widgets/widgets.php +++ b/widgets/widgets.php @@ -5,21 +5,23 @@ * Version: 1.0 * Author: Fabio Comuni */ + use Friendica\Core\Addon; use Friendica\Core\L10n; use Friendica\Core\PConfig; +use Friendica\Database\DBA; function widgets_install() { Addon::registerHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings'); Addon::registerHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post'); logger("installed widgets"); } + function widgets_uninstall() { Addon::unregisterHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings'); Addon::unregisterHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post'); } - function widgets_settings_post(){ if(! local_user()) return; @@ -89,7 +91,7 @@ function widgets_content(&$a) { } $r = q("SELECT * FROM pconfig WHERE uid IN (SELECT uid FROM pconfig WHERE v='%s')AND cat='widgets'", - dbesc($_GET['k']) + DBA::escape($_GET['k']) ); if (!count($r)){ if($a->argv[2]=="cb"){header('HTTP/1.0 400 Bad Request'); killme();}