Merge pull request #659 from MrPetovan/task/5410-remove-dbesc

Remove dbesc()
pull/662/head
Michael Vogel 2018-07-23 21:51:20 +02:00 committed by GitHub
commit 76a9630d40
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 109 additions and 96 deletions

View File

@ -51,7 +51,7 @@ function diaspora_queue_hook(&$a,&$b) {
$hostname = $a->get_hostname(); $hostname = $a->get_hostname();
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'", $qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
dbesc(NETWORK_DIASPORA2) DBA::escape(NETWORK_DIASPORA2)
); );
if(! count($qi)) if(! count($qi))
return; return;

View File

@ -100,7 +100,7 @@ function forumdirectory_content(&$a)
if (strlen($search)) { if (strlen($search)) {
$sql_extra = " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`," $sql_extra = " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`,"
. "`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` )" . "`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` )"
. " AGAINST ('" . dbesc($search) . "' IN BOOLEAN MODE) "; . " AGAINST ('" . DBA::escape($search) . "' IN BOOLEAN MODE) ";
} }
$publish = Config::get('system', 'publish_all') ? '' : " AND `publish` = 1 "; $publish = Config::get('system', 'publish_all') ? '' : " AND `publish` = 1 ";

View File

@ -5,9 +5,12 @@
* Version: 1.1 * Version: 1.1
* Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus> * Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus>
*/ */
use Friendica\App;
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Database\DBA;
/** /**
* Installs the addon hook * Installs the addon hook
@ -29,7 +32,7 @@ function gravatar_uninstall() {
logger("unregistered gravatar in avatar_lookup hook"); logger("unregistered gravatar in avatar_lookup hook");
} }
function gravatar_load_config(\Friendica\App $a) function gravatar_load_config(App $a)
{ {
$a->loadConfigFile(__DIR__. '/config/gravatar.ini.php'); $a->loadConfigFile(__DIR__. '/config/gravatar.ini.php');
} }
@ -93,7 +96,7 @@ function gravatar_addon_admin (&$a, &$o) {
// Check if Libravatar is enabled and show warning // Check if Libravatar is enabled and show warning
$r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1", $r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1",
dbesc('libravatar') DBA::escape('libravatar')
); );
if (count($r)) { if (count($r)) {
$o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Libravatar addon is installed, too. Please disable Libravatar addon or this Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>'; $o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Libravatar addon is installed, too. Please disable Libravatar addon or this Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>';

View File

@ -67,6 +67,7 @@ use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Core\PConfig; use Friendica\Core\PConfig;
use Friendica\Database\DBA;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Util\Network; use Friendica\Util\Network;
@ -195,7 +196,7 @@ function jappixmini_init()
$role = $_REQUEST["role"]; $role = $_REQUEST["role"];
if ($role == "pub") { if ($role == "pub") {
$r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", dbesc($dfrn_id)); $r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
if (!count($r)) { if (!count($r)) {
killme(); killme();
} }
@ -204,7 +205,7 @@ function jappixmini_init()
$decrypt_func = openssl_public_decrypt; $decrypt_func = openssl_public_decrypt;
$key = $r[0]["pubkey"]; $key = $r[0]["pubkey"];
} else if ($role == "prv") { } else if ($role == "prv") {
$r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", dbesc($dfrn_id)); $r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
if (!count($r)) { if (!count($r)) {
killme(); killme();
} }
@ -524,7 +525,7 @@ function jappixmini_script(App $a)
$key = $row['k']; $key = $row['k'];
$pos = strpos($key, ":"); $pos = strpos($key, ":");
$dfrn_id = substr($key, $pos + 1); $dfrn_id = substr($key, $pos + 1);
$r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", dbesc($dfrn_id), dbesc($dfrn_id)); $r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
if (count($r)) if (count($r))
$name = $r[0]["name"]; $name = $r[0]["name"];
@ -593,7 +594,7 @@ function jappixmini_cron(App $a, $d)
// for each user, go through list of contacts // for each user, go through list of contacts
$contacts = q("SELECT * FROM `contact` WHERE `uid`=%d AND ((LENGTH(`dfrn-id`) AND LENGTH(`pubkey`)) OR (LENGTH(`issued-id`) AND LENGTH(`prvkey`))) AND `network` = '%s'", $contacts = q("SELECT * FROM `contact` WHERE `uid`=%d AND ((LENGTH(`dfrn-id`) AND LENGTH(`pubkey`)) OR (LENGTH(`issued-id`) AND LENGTH(`prvkey`))) AND `network` = '%s'",
intval($uid), dbesc(NETWORK_DFRN)); intval($uid), DBA::escape(NETWORK_DFRN));
foreach ($contacts as $contact_row) { foreach ($contacts as $contact_row) {
$request = $contact_row["request"]; $request = $contact_row["request"];
if (!$request) { if (!$request) {

View File

@ -5,9 +5,12 @@
* Version: 1.1 * Version: 1.1
* Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus> * Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus>
*/ */
use Friendica\App;
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Database\DBA;
/** /**
* Installs the addon hook * Installs the addon hook
@ -29,7 +32,7 @@ function libravatar_uninstall()
logger("unregistered libravatar in avatar_lookup hook"); logger("unregistered libravatar in avatar_lookup hook");
} }
function libravatar_load_config(\Friendica\App $a) function libravatar_load_config(App $a)
{ {
$a->loadConfigFile(__DIR__. '/config/libravatar.ini.php'); $a->loadConfigFile(__DIR__. '/config/libravatar.ini.php');
} }
@ -96,7 +99,7 @@ function libravatar_addon_admin(&$a, &$o)
// Libravatar falls back to gravatar, so show warning about gravatar addon if enabled // Libravatar falls back to gravatar, so show warning about gravatar addon if enabled
$r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1", $r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1",
dbesc('gravatar') DBA::escape('gravatar')
); );
if (count($r)) { if (count($r)) {
$o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Gravatar addon is installed. Please disable the Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>'; $o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Gravatar addon is installed. Please disable the Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>';

View File

@ -120,8 +120,8 @@ function mailstream_post_hook(&$a, &$item) {
$message_id = mailstream_generate_id($a, $item['uri']); $message_id = mailstream_generate_id($a, $item['uri']);
q("INSERT INTO `mailstream_item` (`uid`, `contact-id`, `uri`, `message-id`) " . q("INSERT INTO `mailstream_item` (`uid`, `contact-id`, `uri`, `message-id`) " .
"VALUES (%d, '%s', '%s', '%s')", intval($item['uid']), "VALUES (%d, '%s', '%s', '%s')", intval($item['uid']),
intval($item['contact-id']), dbesc($item['uri']), dbesc($message_id)); intval($item['contact-id']), DBA::escape($item['uri']), DBA::escape($message_id));
$r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), dbesc($item['uri'])); $r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), DBA::escape($item['uri']));
if (count($r) != 1) { if (count($r) != 1) {
logger('mailstream_post_remote_hook: Unexpected number of items returned from mailstream_item', LOGGER_NORMAL); logger('mailstream_post_remote_hook: Unexpected number of items returned from mailstream_item', LOGGER_NORMAL);
return; return;
@ -307,7 +307,7 @@ function mailstream_send($a, $message_id, $item, $user) {
// In case of failure, still set the item to completed. Otherwise // In case of failure, still set the item to completed. Otherwise
// we'll just try to send it over and over again and it'll fail // we'll just try to send it over and over again and it'll fail
// every time. // every time.
q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', dbesc($message_id)); q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', DBA::escape($message_id));
} }
/** /**

View File

@ -57,7 +57,7 @@ function public_server_cron($a, $b)
$r = q("SELECT * FROM `user` WHERE `account_expires_on` < UTC_TIMESTAMP() + INTERVAL 5 DAY AND $r = q("SELECT * FROM `user` WHERE `account_expires_on` < UTC_TIMESTAMP() + INTERVAL 5 DAY AND
`account_expires_on` > '%s' AND `account_expires_on` > '%s' AND
`expire_notification_sent` <= '%s'", `expire_notification_sent` <= '%s'",
dbesc(NULL_DATE), dbesc(NULL_DATE)); DBA::escape(NULL_DATE), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
foreach ($r as $rr) { foreach ($r as $rr) {
@ -81,7 +81,7 @@ function public_server_cron($a, $b)
$nologin = Config::get('public_server', 'nologin', false); $nologin = Config::get('public_server', 'nologin', false);
if ($nologin) { if ($nologin) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` <= '%s' AND `register_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s'", $r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` <= '%s' AND `register_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s'",
dbesc(NULL_DATE), intval($nologin), dbesc(NULL_DATE)); DBA::escape(NULL_DATE), intval($nologin), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
foreach ($r as $rr) { foreach ($r as $rr) {
$fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')]; $fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')];
@ -93,7 +93,7 @@ function public_server_cron($a, $b)
$flagusers = Config::get('public_server', 'flagusers', false); $flagusers = Config::get('public_server', 'flagusers', false);
if ($flagusers) { if ($flagusers) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' AND `page-flags` = 0", $r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' AND `page-flags` = 0",
intval($flagusers), dbesc(NULL_DATE)); intval($flagusers), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
foreach ($r as $rr) { foreach ($r as $rr) {
$fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')]; $fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')];
@ -106,7 +106,7 @@ function public_server_cron($a, $b)
$flagpostsexpire = Config::get('public_server', 'flagpostsexpire'); $flagpostsexpire = Config::get('public_server', 'flagpostsexpire');
if ($flagposts && $flagpostsexpire) { if ($flagposts && $flagpostsexpire) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' and `expire` = 0 AND `page-flags` = 0", $r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' and `expire` = 0 AND `page-flags` = 0",
intval($flagposts), dbesc(NULL_DATE)); intval($flagposts), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
foreach ($r as $rr) { foreach ($r as $rr) {
DBA::update('user', ['expire' => $flagpostsexpire], ['uid' => $rr['uid']]); DBA::update('user', ['expire' => $flagpostsexpire], ['uid' => $rr['uid']]);

View File

@ -883,7 +883,7 @@ function pumpio_dounlike(App $a, $uid, $self, $post, $own_id)
$contactid = $self[0]['id']; $contactid = $self[0]['id'];
} else { } else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)), DBA::escape(normalise_link($post->actor->url)),
intval($uid) intval($uid)
); );
@ -938,7 +938,7 @@ function pumpio_dolike(App $a, $uid, $self, $post, $own_id, $threadcompletion =
$post->actor->image->url = $self[0]['photo']; $post->actor->image->url = $self[0]['photo'];
} else { } else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)), DBA::escape(normalise_link($post->actor->url)),
intval($uid) intval($uid)
); );
@ -1015,7 +1015,7 @@ function pumpio_get_contact($uid, $contact, $no_insert = false)
} }
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1",
intval($uid), dbesc(normalise_link($contact->url))); intval($uid), DBA::escape(normalise_link($contact->url)));
if (!DBA::isResult($r)) { if (!DBA::isResult($r)) {
// create contact record // create contact record
@ -1024,26 +1024,26 @@ function pumpio_get_contact($uid, $contact, $no_insert = false)
`location`, `about`, `writable`, `blocked`, `readonly`, `pending` ) `location`, `about`, `writable`, `blocked`, `readonly`, `pending` )
VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0)", VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0)",
intval($uid), intval($uid),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
dbesc($contact->url), DBA::escape($contact->url),
dbesc(normalise_link($contact->url)), DBA::escape(normalise_link($contact->url)),
dbesc(str_replace("acct:", "", $contact->id)), DBA::escape(str_replace("acct:", "", $contact->id)),
dbesc(''), DBA::escape(''),
dbesc($contact->id), // What is it for? DBA::escape($contact->id), // What is it for?
dbesc('pump.io ' . $contact->id), // What is it for? DBA::escape('pump.io ' . $contact->id), // What is it for?
dbesc($contact->displayName), DBA::escape($contact->displayName),
dbesc($contact->preferredUsername), DBA::escape($contact->preferredUsername),
dbesc($contact->image->url), DBA::escape($contact->image->url),
dbesc(NETWORK_PUMPIO), DBA::escape(NETWORK_PUMPIO),
intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_FRIEND),
intval(1), intval(1),
dbesc($contact->location->displayName), DBA::escape($contact->location->displayName),
dbesc($contact->summary), DBA::escape($contact->summary),
intval(1) intval(1)
); );
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1",
dbesc(normalise_link($contact->url)), DBA::escape(normalise_link($contact->url)),
intval($uid) intval($uid)
); );
@ -1171,7 +1171,7 @@ function pumpio_dopost(App $a, $client, $uid, $self, $post, $own_id, $threadcomp
} elseif ($contact_id == 0) { } elseif ($contact_id == 0) {
// Take an existing contact, the contact of the note or - as a fallback - the id of the user // Take an existing contact, the contact of the note or - as a fallback - the id of the user
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)), DBA::escape(normalise_link($post->actor->url)),
intval($uid) intval($uid)
); );
@ -1179,7 +1179,7 @@ function pumpio_dopost(App $a, $client, $uid, $self, $post, $own_id, $threadcomp
$contact_id = $r[0]['id']; $contact_id = $r[0]['id'];
} else { } else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)), DBA::escape(normalise_link($post->actor->url)),
intval($uid) intval($uid)
); );
@ -1304,7 +1304,7 @@ function pumpio_fetchinbox(App $a, $uid)
INNER JOIN `item` ON `item`.`id` = `thread`.`iid` INNER JOIN `item` ON `item`.`id` = `thread`.`iid`
WHERE `thread`.`network` = '%s' AND `thread`.`uid` = %d AND `item`.`extid` != '' WHERE `thread`.`network` = '%s' AND `thread`.`uid` = %d AND `item`.`extid` != ''
ORDER BY `thread`.`commented` DESC LIMIT 10", ORDER BY `thread`.`commented` DESC LIMIT 10",
dbesc(NETWORK_PUMPIO), DBA::escape(NETWORK_PUMPIO),
intval($uid) intval($uid)
); );
@ -1401,7 +1401,7 @@ function pumpio_getallusers(App &$a, $uid)
function pumpio_queue_hook(App $a, array &$b) function pumpio_queue_hook(App $a, array &$b)
{ {
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'", $qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
dbesc(NETWORK_PUMPIO) DBA::escape(NETWORK_PUMPIO)
); );
if (!DBA::isResult($qi)) { if (!DBA::isResult($qi)) {
@ -1508,7 +1508,7 @@ function pumpio_getreceiver(App $a, array $b)
$r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
intval($cid), intval($cid),
intval($b["uid"]), intval($b["uid"]),
dbesc(NETWORK_PUMPIO) DBA::escape(NETWORK_PUMPIO)
); );
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
@ -1526,7 +1526,7 @@ function pumpio_getreceiver(App $a, array $b)
"FROM `group_member`, `contact` WHERE `group_member`.`gid` = %d ". "FROM `group_member`, `contact` WHERE `group_member`.`gid` = %d ".
"AND `contact`.`id` = `group_member`.`contact-id` AND `contact`.`network` = '%s'", "AND `contact`.`id` = `group_member`.`contact-id` AND `contact`.`network` = '%s'",
intval($gid), intval($gid),
dbesc(NETWORK_PUMPIO) DBA::escape(NETWORK_PUMPIO)
); );
foreach ($r AS $row) foreach ($r AS $row)
@ -1551,7 +1551,7 @@ function pumpio_getreceiver(App $a, array $b)
$r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
intval($cid), intval($cid),
intval($b["uid"]), intval($b["uid"]),
dbesc(NETWORK_PUMPIO) DBA::escape(NETWORK_PUMPIO)
); );
if (DBA::isResult($r)) { if (DBA::isResult($r)) {

View File

@ -6,10 +6,12 @@
* Author: Zach <https://f.shmuz.in/profile/techcity> * Author: Zach <https://f.shmuz.in/profile/techcity>
* *
*/ */
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Core\PConfig; use Friendica\Core\PConfig;
use Friendica\Database\DBA;
function remote_permissions_install() { function remote_permissions_install() {
Addon::registerHook('lockview_content', 'addon/remote_permissions/remote_permissions.php', 'remote_permissions_content'); Addon::registerHook('lockview_content', 'addon/remote_permissions/remote_permissions.php', 'remote_permissions_content');
@ -84,7 +86,7 @@ function remote_permissions_content($a, $item_copy) {
// The contact lives here. Get his/her user info // The contact lives here. Get his/her user info
$nick = $r[0]['nick']; $nick = $r[0]['nick'];
$r = q("SELECT uid FROM user WHERE nickname = '%s' LIMIT 1", $r = q("SELECT uid FROM user WHERE nickname = '%s' LIMIT 1",
dbesc($nick) DBA::escape($nick)
); );
if(! $r) if(! $r)
return; return;
@ -104,15 +106,15 @@ function remote_permissions_content($a, $item_copy) {
if($item_copy['uri'] === $item_copy['parent-uri']) { if($item_copy['uri'] === $item_copy['parent-uri']) {
// Lockview for a top-level post // Lockview for a top-level post
$r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s' AND type = 'wall' LIMIT 1", $r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s' AND type = 'wall' LIMIT 1",
dbesc($item_copy['uri']) DBA::escape($item_copy['uri'])
); );
} }
else { else {
// Lockview for a comment // Lockview for a comment
$r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s' $r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s'
AND parent = ( SELECT id FROM item WHERE uri = '%s' AND type = 'wall' ) LIMIT 1", AND parent = ( SELECT id FROM item WHERE uri = '%s' AND type = 'wall' ) LIMIT 1",
dbesc($item_copy['uri']), DBA::escape($item_copy['uri']),
dbesc($item_copy['parent-uri']) DBA::escape($item_copy['parent-uri'])
); );
} }
if($r) { if($r) {
@ -130,7 +132,7 @@ function remote_permissions_content($a, $item_copy) {
if(count($allowed_groups)) { if(count($allowed_groups)) {
$r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )", $r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )",
dbesc(implode(', ', $allowed_groups)) DBA::escape(implode(', ', $allowed_groups))
); );
foreach($r as $rr) foreach($r as $rr)
$allow[] = $rr['contact-id']; $allow[] = $rr['contact-id'];
@ -139,7 +141,7 @@ function remote_permissions_content($a, $item_copy) {
if(count($deny_groups)) { if(count($deny_groups)) {
$r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )", $r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )",
dbesc(implode(', ', $deny_groups)) DBA::escape(implode(', ', $deny_groups))
); );
foreach($r as $rr) foreach($r as $rr)
$deny[] = $rr['contact-id']; $deny[] = $rr['contact-id'];
@ -149,7 +151,7 @@ function remote_permissions_content($a, $item_copy) {
if($allow) if($allow)
{ {
$r = q("SELECT name FROM contact WHERE id IN ( %s )", $r = q("SELECT name FROM contact WHERE id IN ( %s )",
dbesc(implode(', ', array_diff($allow, $deny))) DBA::escape(implode(', ', array_diff($allow, $deny)))
); );
foreach($r as $rr) foreach($r as $rr)
$allow_names[] = $rr['name']; $allow_names[] = $rr['name'];
@ -162,8 +164,8 @@ function remote_permissions_content($a, $item_copy) {
// will have different URIs than the original. We can match the GUID for // will have different URIs than the original. We can match the GUID for
// those // those
$r = q("SELECT `uid` FROM item WHERE uri = '%s' OR guid = '%s'", $r = q("SELECT `uid` FROM item WHERE uri = '%s' OR guid = '%s'",
dbesc($item_copy['uri']), DBA::escape($item_copy['uri']),
dbesc($item_copy['guid']) DBA::escape($item_copy['guid'])
); );
if(! $r) if(! $r)
return; return;
@ -173,7 +175,7 @@ function remote_permissions_content($a, $item_copy) {
$allow[] = $rr['uid']; $allow[] = $rr['uid'];
$r = q("SELECT username FROM user WHERE uid IN ( %s )", $r = q("SELECT username FROM user WHERE uid IN ( %s )",
dbesc(implode(', ', $allow)) DBA::escape(implode(', ', $allow))
); );
if(! $r) if(! $r)
return; return;

View File

@ -899,7 +899,7 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
"location" => $contact->location, "about" => $contact->description, "location" => $contact->location, "about" => $contact->description,
"addr" => statusnet_address($contact), "generation" => 3]); "addr" => statusnet_address($contact), "generation" => 3]);
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), dbesc(normalise_link($contact->statusnet_profile_url)), dbesc(NETWORK_STATUSNET)); $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), DBA::escape(normalise_link($contact->statusnet_profile_url)), DBA::escape(NETWORK_STATUSNET));
if (!DBA::isResult($r) && !$create_user) { if (!DBA::isResult($r) && !$create_user) {
return 0; return 0;
@ -917,28 +917,28 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
`location`, `about`, `writable`, `blocked`, `readonly`, `pending` ) `location`, `about`, `writable`, `blocked`, `readonly`, `pending` )
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0 ) ", VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0 ) ",
intval($uid), intval($uid),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
dbesc($contact->statusnet_profile_url), DBA::escape($contact->statusnet_profile_url),
dbesc(normalise_link($contact->statusnet_profile_url)), DBA::escape(normalise_link($contact->statusnet_profile_url)),
dbesc(statusnet_address($contact)), DBA::escape(statusnet_address($contact)),
dbesc(normalise_link($contact->statusnet_profile_url)), DBA::escape(normalise_link($contact->statusnet_profile_url)),
dbesc(''), DBA::escape(''),
dbesc(''), DBA::escape(''),
dbesc($contact->name), DBA::escape($contact->name),
dbesc($contact->screen_name), DBA::escape($contact->screen_name),
dbesc($contact->profile_image_url), DBA::escape($contact->profile_image_url),
dbesc(NETWORK_STATUSNET), DBA::escape(NETWORK_STATUSNET),
intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_FRIEND),
intval(1), intval(1),
dbesc($contact->location), DBA::escape($contact->location),
dbesc($contact->description), DBA::escape($contact->description),
intval(1) intval(1)
); );
$r = q("SELECT * FROM `contact` WHERE `alias` = '%s' AND `uid` = %d AND `network` = '%s' LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `alias` = '%s' AND `uid` = %d AND `network` = '%s' LIMIT 1",
dbesc($contact->statusnet_profile_url), DBA::escape($contact->statusnet_profile_url),
intval($uid), intval($uid),
dbesc(NETWORK_STATUSNET)); DBA::escape(NETWORK_STATUSNET));
if (!DBA::isResult($r)) { if (!DBA::isResult($r)) {
return false; return false;
@ -955,10 +955,10 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
`micro` = '%s', `micro` = '%s',
`avatar-date` = '%s' `avatar-date` = '%s'
WHERE `id` = %d", WHERE `id` = %d",
dbesc($photos[0]), DBA::escape($photos[0]),
dbesc($photos[1]), DBA::escape($photos[1]),
dbesc($photos[2]), DBA::escape($photos[2]),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
intval($contact_id) intval($contact_id)
); );
} else { } else {
@ -986,19 +986,19 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
`location` = '%s', `location` = '%s',
`about` = '%s' `about` = '%s'
WHERE `id` = %d", WHERE `id` = %d",
dbesc($photos[0]), DBA::escape($photos[0]),
dbesc($photos[1]), DBA::escape($photos[1]),
dbesc($photos[2]), DBA::escape($photos[2]),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
dbesc($contact->statusnet_profile_url), DBA::escape($contact->statusnet_profile_url),
dbesc(normalise_link($contact->statusnet_profile_url)), DBA::escape(normalise_link($contact->statusnet_profile_url)),
dbesc(statusnet_address($contact)), DBA::escape(statusnet_address($contact)),
dbesc($contact->name), DBA::escape($contact->name),
dbesc($contact->screen_name), DBA::escape($contact->screen_name),
dbesc($contact->location), DBA::escape($contact->location),
dbesc($contact->description), DBA::escape($contact->description),
intval($r[0]['id']) intval($r[0]['id'])
); );
} }
@ -1520,7 +1520,7 @@ function statusnet_fetch_own_contact(App $a, $uid)
$contact_id = statusnet_fetch_contact($uid, $user, true); $contact_id = statusnet_fetch_contact($uid, $user, true);
} else { } else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
intval($uid), dbesc($own_url)); intval($uid), DBA::escape($own_url));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
$contact_id = $r[0]["id"]; $contact_id = $r[0]["id"];
} else { } else {

View File

@ -6,9 +6,11 @@
* Author: Mike Macgirvin <http://macgirvin.com/profile/mike> * Author: Mike Macgirvin <http://macgirvin.com/profile/mike>
*/ */
use Friendica\App;
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Database\DBA;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
@ -33,7 +35,7 @@ function testdrive_uninstall() {
} }
function testdrive_load_config(\Friendica\App $a) function testdrive_load_config(App $a)
{ {
$a->loadConfigFile(__DIR__. '/config/testdrive.ini.php'); $a->loadConfigFile(__DIR__. '/config/testdrive.ini.php');
} }
@ -51,7 +53,7 @@ function testdrive_register_account($a,$b) {
return; return;
$r = q("UPDATE user set account_expires_on = '%s' where uid = %d", $r = q("UPDATE user set account_expires_on = '%s' where uid = %d",
dbesc(DateTimeFormat::convert('now +' . $days . ' days')), DBA::escape(DateTimeFormat::convert('now +' . $days . ' days')),
intval($uid) intval($uid)
); );
@ -79,7 +81,7 @@ function testdrive_cron($a,$b) {
]); ]);
q("update user set expire_notification_sent = '%s' where uid = %d", q("update user set expire_notification_sent = '%s' where uid = %d",
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
intval($rr['uid']) intval($rr['uid'])
); );

View File

@ -142,7 +142,7 @@ function twitter_check_item_notification(App $a, &$notification_data)
$own_user = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1", $own_user = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
intval($notification_data["uid"]), intval($notification_data["uid"]),
dbesc("twitter::".$own_id) DBA::escape("twitter::".$own_id)
); );
if ($own_user) { if ($own_user) {
@ -183,7 +183,7 @@ function twitter_follow(App $a, &$contact)
$r = q("SELECT name,nick,url,addr,batch,notify,poll,request,confirm,poco,photo,priority,network,alias,pubkey $r = q("SELECT name,nick,url,addr,batch,notify,poll,request,confirm,poco,photo,priority,network,alias,pubkey
FROM `contact` WHERE `uid` = %d AND `nick` = '%s'", FROM `contact` WHERE `uid` = %d AND `nick` = '%s'",
intval($uid), intval($uid),
dbesc($nickname)); DBA::escape($nickname));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
$contact["contact"] = $r[0]; $contact["contact"] = $r[0];
} }
@ -922,7 +922,7 @@ function twitter_fetchtimeline(App $a, $uid)
function twitter_queue_hook(App $a, &$b) function twitter_queue_hook(App $a, &$b)
{ {
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'", $qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
dbesc(NETWORK_TWITTER) DBA::escape(NETWORK_TWITTER)
); );
if (!DBA::isResult($qi)) { if (!DBA::isResult($qi)) {
return; return;
@ -1751,7 +1751,7 @@ function twitter_fetch_own_contact(App $a, $uid)
} else { } else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
intval($uid), intval($uid),
dbesc("twitter::" . $own_id)); DBA::escape("twitter::" . $own_id));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
$contact_id = $r[0]["id"]; $contact_id = $r[0]["id"];
} else { } else {

View File

@ -37,7 +37,7 @@ function like_widget_content(&$a, $conf){
// count likes // count likes
$r = q( $baseq . "AND `item`.`verb` = 'http://activitystrea.ms/schema/1.0/like'", $r = q( $baseq . "AND `item`.`verb` = 'http://activitystrea.ms/schema/1.0/like'",
intval($conf['uid']), intval($conf['uid']),
dbesc($args[0]) DBA::escape($args[0])
); );
$likes = $r[0]['c']; $likes = $r[0]['c'];
$iid = $r[0]['id']; $iid = $r[0]['id'];
@ -45,7 +45,7 @@ function like_widget_content(&$a, $conf){
// count dislikes // count dislikes
$r = q( $baseq . "AND `item`.`verb` = 'http://purl.org/macgirvin/dfrn/1.0/dislike'", $r = q( $baseq . "AND `item`.`verb` = 'http://purl.org/macgirvin/dfrn/1.0/dislike'",
intval($conf['uid']), intval($conf['uid']),
dbesc($args[0]) DBA::escape($args[0])
); );
$dislikes = $r[0]['c']; $dislikes = $r[0]['c'];

View File

@ -5,21 +5,23 @@
* Version: 1.0 * Version: 1.0
* Author: Fabio Comuni <http://kirgroup.com/profile/fabrix/> * Author: Fabio Comuni <http://kirgroup.com/profile/fabrix/>
*/ */
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Core\PConfig; use Friendica\Core\PConfig;
use Friendica\Database\DBA;
function widgets_install() { function widgets_install() {
Addon::registerHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings'); Addon::registerHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings');
Addon::registerHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post'); Addon::registerHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post');
logger("installed widgets"); logger("installed widgets");
} }
function widgets_uninstall() { function widgets_uninstall() {
Addon::unregisterHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings'); Addon::unregisterHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings');
Addon::unregisterHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post'); Addon::unregisterHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post');
} }
function widgets_settings_post(){ function widgets_settings_post(){
if(! local_user()) if(! local_user())
return; return;
@ -89,7 +91,7 @@ function widgets_content(&$a) {
} }
$r = q("SELECT * FROM pconfig WHERE uid IN (SELECT uid FROM pconfig WHERE v='%s')AND cat='widgets'", $r = q("SELECT * FROM pconfig WHERE uid IN (SELECT uid FROM pconfig WHERE v='%s')AND cat='widgets'",
dbesc($_GET['k']) DBA::escape($_GET['k'])
); );
if (!count($r)){ if (!count($r)){
if($a->argv[2]=="cb"){header('HTTP/1.0 400 Bad Request'); killme();} if($a->argv[2]=="cb"){header('HTTP/1.0 400 Bad Request'); killme();}