Friendica/friendica-addons
1
1
Fork 1
mirror of https://git.friendi.ca/friendica/friendica-addons.git synced 2024-11-22 00:33:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

[multiple] Rename dbesc to DBA::escape

Browse source
This commit is contained in:
Hypolite Petovan 2018-07-21 09:13:02 -04:00 committed by Hypolite Petovan
parent d9ec1ef80d
commit 522e8e58c2
14 changed files with 109 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
diaspora/diaspora.php
View file

@ -51,7 +51,7 @@ function diaspora_queue_hook(&$a,&$b) {
$hostname = $a->get_hostname(); $hostname = $a->get_hostname();
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'", $qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
dbesc(NETWORK_DIASPORA2) DBA::escape(NETWORK_DIASPORA2)
); );
if(! count($qi)) if(! count($qi))
return; return;

2
forumdirectory/forumdirectory.php
View file

@ -100,7 +100,7 @@ function forumdirectory_content(&$a)
if (strlen($search)) { if (strlen($search)) {
$sql_extra = " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`," $sql_extra = " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`,"
. "`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` )" . "`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` )"
. " AGAINST ('" . dbesc($search) . "' IN BOOLEAN MODE) "; . " AGAINST ('" . DBA::escape($search) . "' IN BOOLEAN MODE) ";
} }
$publish = Config::get('system', 'publish_all') ? '' : " AND `publish` = 1 "; $publish = Config::get('system', 'publish_all') ? '' : " AND `publish` = 1 ";

7
gravatar/gravatar.php
View file

@ -5,9 +5,12 @@
* Version: 1.1 * Version: 1.1
* Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus> * Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus>
*/ */
use Friendica\App;
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Database\DBA;
/** /**
* Installs the addon hook * Installs the addon hook
@ -29,7 +32,7 @@ function gravatar_uninstall() {
logger("unregistered gravatar in avatar_lookup hook"); logger("unregistered gravatar in avatar_lookup hook");
} }
function gravatar_load_config(\Friendica\App $a) function gravatar_load_config(App $a)
{ {
$a->loadConfigFile(__DIR__. '/config/gravatar.ini.php'); $a->loadConfigFile(__DIR__. '/config/gravatar.ini.php');
} }
@ -93,7 +96,7 @@ function gravatar_addon_admin (&$a, &$o) {
// Check if Libravatar is enabled and show warning // Check if Libravatar is enabled and show warning
$r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1", $r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1",
dbesc('libravatar') DBA::escape('libravatar')
); );
if (count($r)) { if (count($r)) {
$o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Libravatar addon is installed, too. Please disable Libravatar addon or this Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>'; $o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Libravatar addon is installed, too. Please disable Libravatar addon or this Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>';

9
jappixmini/jappixmini.php
View file

@ -67,6 +67,7 @@ use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Core\PConfig; use Friendica\Core\PConfig;
use Friendica\Database\DBA;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Util\Network; use Friendica\Util\Network;
@ -195,7 +196,7 @@ function jappixmini_init()
$role = $_REQUEST["role"]; $role = $_REQUEST["role"];
if ($role == "pub") { if ($role == "pub") {
$r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", dbesc($dfrn_id)); $r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
if (!count($r)) { if (!count($r)) {
killme(); killme();
} }
@ -204,7 +205,7 @@ function jappixmini_init()
$decrypt_func = openssl_public_decrypt; $decrypt_func = openssl_public_decrypt;
$key = $r[0]["pubkey"]; $key = $r[0]["pubkey"];
} else if ($role == "prv") { } else if ($role == "prv") {
$r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", dbesc($dfrn_id)); $r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
if (!count($r)) { if (!count($r)) {
killme(); killme();
} }
@ -524,7 +525,7 @@ function jappixmini_script(App $a)
$key = $row['k']; $key = $row['k'];
$pos = strpos($key, ":"); $pos = strpos($key, ":");
$dfrn_id = substr($key, $pos + 1); $dfrn_id = substr($key, $pos + 1);
$r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", dbesc($dfrn_id), dbesc($dfrn_id)); $r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
if (count($r)) if (count($r))
$name = $r[0]["name"]; $name = $r[0]["name"];
@ -593,7 +594,7 @@ function jappixmini_cron(App $a, $d)
// for each user, go through list of contacts // for each user, go through list of contacts
$contacts = q("SELECT * FROM `contact` WHERE `uid`=%d AND ((LENGTH(`dfrn-id`) AND LENGTH(`pubkey`)) OR (LENGTH(`issued-id`) AND LENGTH(`prvkey`))) AND `network` = '%s'", $contacts = q("SELECT * FROM `contact` WHERE `uid`=%d AND ((LENGTH(`dfrn-id`) AND LENGTH(`pubkey`)) OR (LENGTH(`issued-id`) AND LENGTH(`prvkey`))) AND `network` = '%s'",
intval($uid), dbesc(NETWORK_DFRN)); intval($uid), DBA::escape(NETWORK_DFRN));
foreach ($contacts as $contact_row) { foreach ($contacts as $contact_row) {
$request = $contact_row["request"]; $request = $contact_row["request"];
if (!$request) { if (!$request) {

7
libravatar/libravatar.php
View file

@ -5,9 +5,12 @@
* Version: 1.1 * Version: 1.1
* Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus> * Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus>
*/ */
use Friendica\App;
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Database\DBA;
/** /**
* Installs the addon hook * Installs the addon hook
@ -29,7 +32,7 @@ function libravatar_uninstall()
logger("unregistered libravatar in avatar_lookup hook"); logger("unregistered libravatar in avatar_lookup hook");
} }
function libravatar_load_config(\Friendica\App $a) function libravatar_load_config(App $a)
{ {
$a->loadConfigFile(__DIR__. '/config/libravatar.ini.php'); $a->loadConfigFile(__DIR__. '/config/libravatar.ini.php');
} }
@ -96,7 +99,7 @@ function libravatar_addon_admin(&$a, &$o)
// Libravatar falls back to gravatar, so show warning about gravatar addon if enabled // Libravatar falls back to gravatar, so show warning about gravatar addon if enabled
$r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1", $r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1",
dbesc('gravatar') DBA::escape('gravatar')
); );
if (count($r)) { if (count($r)) {
$o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Gravatar addon is installed. Please disable the Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>'; $o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Gravatar addon is installed. Please disable the Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>';

6
mailstream/mailstream.php
View file

@ -120,8 +120,8 @@ function mailstream_post_hook(&$a, &$item) {
$message_id = mailstream_generate_id($a, $item['uri']); $message_id = mailstream_generate_id($a, $item['uri']);
q("INSERT INTO `mailstream_item` (`uid`, `contact-id`, `uri`, `message-id`) " . q("INSERT INTO `mailstream_item` (`uid`, `contact-id`, `uri`, `message-id`) " .
"VALUES (%d, '%s', '%s', '%s')", intval($item['uid']), "VALUES (%d, '%s', '%s', '%s')", intval($item['uid']),
intval($item['contact-id']), dbesc($item['uri']), dbesc($message_id)); intval($item['contact-id']), DBA::escape($item['uri']), DBA::escape($message_id));
$r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), dbesc($item['uri'])); $r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), DBA::escape($item['uri']));
if (count($r) != 1) { if (count($r) != 1) {
logger('mailstream_post_remote_hook: Unexpected number of items returned from mailstream_item', LOGGER_NORMAL); logger('mailstream_post_remote_hook: Unexpected number of items returned from mailstream_item', LOGGER_NORMAL);
return; return;
@ -307,7 +307,7 @@ function mailstream_send($a, $message_id, $item, $user) {
// In case of failure, still set the item to completed. Otherwise // In case of failure, still set the item to completed. Otherwise
// we'll just try to send it over and over again and it'll fail // we'll just try to send it over and over again and it'll fail
// every time. // every time.
q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', dbesc($message_id)); q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', DBA::escape($message_id));
} }
/** /**

8
public_server/public_server.php
View file

@ -57,7 +57,7 @@ function public_server_cron($a, $b)
$r = q("SELECT * FROM `user` WHERE `account_expires_on` < UTC_TIMESTAMP() + INTERVAL 5 DAY AND $r = q("SELECT * FROM `user` WHERE `account_expires_on` < UTC_TIMESTAMP() + INTERVAL 5 DAY AND
`account_expires_on` > '%s' AND `account_expires_on` > '%s' AND
`expire_notification_sent` <= '%s'", `expire_notification_sent` <= '%s'",
dbesc(NULL_DATE), dbesc(NULL_DATE)); DBA::escape(NULL_DATE), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
foreach ($r as $rr) { foreach ($r as $rr) {
@ -81,7 +81,7 @@ function public_server_cron($a, $b)
$nologin = Config::get('public_server', 'nologin', false); $nologin = Config::get('public_server', 'nologin', false);
if ($nologin) { if ($nologin) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` <= '%s' AND `register_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s'", $r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` <= '%s' AND `register_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s'",
dbesc(NULL_DATE), intval($nologin), dbesc(NULL_DATE)); DBA::escape(NULL_DATE), intval($nologin), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
foreach ($r as $rr) { foreach ($r as $rr) {
$fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')]; $fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')];
@ -93,7 +93,7 @@ function public_server_cron($a, $b)
$flagusers = Config::get('public_server', 'flagusers', false); $flagusers = Config::get('public_server', 'flagusers', false);
if ($flagusers) { if ($flagusers) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' AND `page-flags` = 0", $r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' AND `page-flags` = 0",
intval($flagusers), dbesc(NULL_DATE)); intval($flagusers), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
foreach ($r as $rr) { foreach ($r as $rr) {
$fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')]; $fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')];
@ -106,7 +106,7 @@ function public_server_cron($a, $b)
$flagpostsexpire = Config::get('public_server', 'flagpostsexpire'); $flagpostsexpire = Config::get('public_server', 'flagpostsexpire');
if ($flagposts && $flagpostsexpire) { if ($flagposts && $flagpostsexpire) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' and `expire` = 0 AND `page-flags` = 0", $r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' and `expire` = 0 AND `page-flags` = 0",
intval($flagposts), dbesc(NULL_DATE)); intval($flagposts), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
foreach ($r as $rr) { foreach ($r as $rr) {
DBA::update('user', ['expire' => $flagpostsexpire], ['uid' => $rr['uid']]); DBA::update('user', ['expire' => $flagpostsexpire], ['uid' => $rr['uid']]);

48
pumpio/pumpio.php
View file

@ -883,7 +883,7 @@ function pumpio_dounlike(App $a, $uid, $self, $post, $own_id)
$contactid = $self[0]['id']; $contactid = $self[0]['id'];
} else { } else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)), DBA::escape(normalise_link($post->actor->url)),
intval($uid) intval($uid)
); );
@ -938,7 +938,7 @@ function pumpio_dolike(App $a, $uid, $self, $post, $own_id, $threadcompletion =
$post->actor->image->url = $self[0]['photo']; $post->actor->image->url = $self[0]['photo'];
} else { } else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)), DBA::escape(normalise_link($post->actor->url)),
intval($uid) intval($uid)
); );
@ -1015,7 +1015,7 @@ function pumpio_get_contact($uid, $contact, $no_insert = false)
} }
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1",
intval($uid), dbesc(normalise_link($contact->url))); intval($uid), DBA::escape(normalise_link($contact->url)));
if (!DBA::isResult($r)) { if (!DBA::isResult($r)) {
// create contact record // create contact record
@ -1024,26 +1024,26 @@ function pumpio_get_contact($uid, $contact, $no_insert = false)
`location`, `about`, `writable`, `blocked`, `readonly`, `pending` ) `location`, `about`, `writable`, `blocked`, `readonly`, `pending` )
VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0)", VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0)",
intval($uid), intval($uid),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
dbesc($contact->url), DBA::escape($contact->url),
dbesc(normalise_link($contact->url)), DBA::escape(normalise_link($contact->url)),
dbesc(str_replace("acct:", "", $contact->id)), DBA::escape(str_replace("acct:", "", $contact->id)),
dbesc(''), DBA::escape(''),
dbesc($contact->id), // What is it for? DBA::escape($contact->id), // What is it for?
dbesc('pump.io ' . $contact->id), // What is it for? DBA::escape('pump.io ' . $contact->id), // What is it for?
dbesc($contact->displayName), DBA::escape($contact->displayName),
dbesc($contact->preferredUsername), DBA::escape($contact->preferredUsername),
dbesc($contact->image->url), DBA::escape($contact->image->url),
dbesc(NETWORK_PUMPIO), DBA::escape(NETWORK_PUMPIO),
intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_FRIEND),
intval(1), intval(1),
dbesc($contact->location->displayName), DBA::escape($contact->location->displayName),
dbesc($contact->summary), DBA::escape($contact->summary),
intval(1) intval(1)
); );
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1",
dbesc(normalise_link($contact->url)), DBA::escape(normalise_link($contact->url)),
intval($uid) intval($uid)
); );
@ -1171,7 +1171,7 @@ function pumpio_dopost(App $a, $client, $uid, $self, $post, $own_id, $threadcomp
} elseif ($contact_id == 0) { } elseif ($contact_id == 0) {
// Take an existing contact, the contact of the note or - as a fallback - the id of the user // Take an existing contact, the contact of the note or - as a fallback - the id of the user
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)), DBA::escape(normalise_link($post->actor->url)),
intval($uid) intval($uid)
); );
@ -1179,7 +1179,7 @@ function pumpio_dopost(App $a, $client, $uid, $self, $post, $own_id, $threadcomp
$contact_id = $r[0]['id']; $contact_id = $r[0]['id'];
} else { } else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
dbesc(normalise_link($post->actor->url)), DBA::escape(normalise_link($post->actor->url)),
intval($uid) intval($uid)
); );
@ -1304,7 +1304,7 @@ function pumpio_fetchinbox(App $a, $uid)
INNER JOIN `item` ON `item`.`id` = `thread`.`iid` INNER JOIN `item` ON `item`.`id` = `thread`.`iid`
WHERE `thread`.`network` = '%s' AND `thread`.`uid` = %d AND `item`.`extid` != '' WHERE `thread`.`network` = '%s' AND `thread`.`uid` = %d AND `item`.`extid` != ''
ORDER BY `thread`.`commented` DESC LIMIT 10", ORDER BY `thread`.`commented` DESC LIMIT 10",
dbesc(NETWORK_PUMPIO), DBA::escape(NETWORK_PUMPIO),
intval($uid) intval($uid)
); );
@ -1401,7 +1401,7 @@ function pumpio_getallusers(App &$a, $uid)
function pumpio_queue_hook(App $a, array &$b) function pumpio_queue_hook(App $a, array &$b)
{ {
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'", $qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
dbesc(NETWORK_PUMPIO) DBA::escape(NETWORK_PUMPIO)
); );
if (!DBA::isResult($qi)) { if (!DBA::isResult($qi)) {
@ -1508,7 +1508,7 @@ function pumpio_getreceiver(App $a, array $b)
$r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
intval($cid), intval($cid),
intval($b["uid"]), intval($b["uid"]),
dbesc(NETWORK_PUMPIO) DBA::escape(NETWORK_PUMPIO)
); );
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
@ -1526,7 +1526,7 @@ function pumpio_getreceiver(App $a, array $b)
"FROM `group_member`, `contact` WHERE `group_member`.`gid` = %d ". "FROM `group_member`, `contact` WHERE `group_member`.`gid` = %d ".
"AND `contact`.`id` = `group_member`.`contact-id` AND `contact`.`network` = '%s'", "AND `contact`.`id` = `group_member`.`contact-id` AND `contact`.`network` = '%s'",
intval($gid), intval($gid),
dbesc(NETWORK_PUMPIO) DBA::escape(NETWORK_PUMPIO)
); );
foreach ($r AS $row) foreach ($r AS $row)
@ -1551,7 +1551,7 @@ function pumpio_getreceiver(App $a, array $b)
$r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", $r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
intval($cid), intval($cid),
intval($b["uid"]), intval($b["uid"]),
dbesc(NETWORK_PUMPIO) DBA::escape(NETWORK_PUMPIO)
); );
if (DBA::isResult($r)) { if (DBA::isResult($r)) {

22
remote_permissions/remote_permissions.php
View file

@ -6,10 +6,12 @@
* Author: Zach <https://f.shmuz.in/profile/techcity> * Author: Zach <https://f.shmuz.in/profile/techcity>
* *
*/ */
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Core\PConfig; use Friendica\Core\PConfig;
use Friendica\Database\DBA;
function remote_permissions_install() { function remote_permissions_install() {
Addon::registerHook('lockview_content', 'addon/remote_permissions/remote_permissions.php', 'remote_permissions_content'); Addon::registerHook('lockview_content', 'addon/remote_permissions/remote_permissions.php', 'remote_permissions_content');
@ -84,7 +86,7 @@ function remote_permissions_content($a, $item_copy) {
// The contact lives here. Get his/her user info // The contact lives here. Get his/her user info
$nick = $r[0]['nick']; $nick = $r[0]['nick'];
$r = q("SELECT uid FROM user WHERE nickname = '%s' LIMIT 1", $r = q("SELECT uid FROM user WHERE nickname = '%s' LIMIT 1",
dbesc($nick) DBA::escape($nick)
); );
if(! $r) if(! $r)
return; return;
@ -104,15 +106,15 @@ function remote_permissions_content($a, $item_copy) {
if($item_copy['uri'] === $item_copy['parent-uri']) { if($item_copy['uri'] === $item_copy['parent-uri']) {
// Lockview for a top-level post // Lockview for a top-level post
$r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s' AND type = 'wall' LIMIT 1", $r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s' AND type = 'wall' LIMIT 1",
dbesc($item_copy['uri']) DBA::escape($item_copy['uri'])
); );
} }
else { else {
// Lockview for a comment // Lockview for a comment
$r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s' $r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s'
AND parent = ( SELECT id FROM item WHERE uri = '%s' AND type = 'wall' ) LIMIT 1", AND parent = ( SELECT id FROM item WHERE uri = '%s' AND type = 'wall' ) LIMIT 1",
dbesc($item_copy['uri']), DBA::escape($item_copy['uri']),
dbesc($item_copy['parent-uri']) DBA::escape($item_copy['parent-uri'])
); );
} }
if($r) { if($r) {
@ -130,7 +132,7 @@ function remote_permissions_content($a, $item_copy) {
if(count($allowed_groups)) { if(count($allowed_groups)) {
$r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )", $r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )",
dbesc(implode(', ', $allowed_groups)) DBA::escape(implode(', ', $allowed_groups))
); );
foreach($r as $rr) foreach($r as $rr)
$allow[] = $rr['contact-id']; $allow[] = $rr['contact-id'];
@ -139,7 +141,7 @@ function remote_permissions_content($a, $item_copy) {
if(count($deny_groups)) { if(count($deny_groups)) {
$r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )", $r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )",
dbesc(implode(', ', $deny_groups)) DBA::escape(implode(', ', $deny_groups))
); );
foreach($r as $rr) foreach($r as $rr)
$deny[] = $rr['contact-id']; $deny[] = $rr['contact-id'];
@ -149,7 +151,7 @@ function remote_permissions_content($a, $item_copy) {
if($allow) if($allow)
{ {
$r = q("SELECT name FROM contact WHERE id IN ( %s )", $r = q("SELECT name FROM contact WHERE id IN ( %s )",
dbesc(implode(', ', array_diff($allow, $deny))) DBA::escape(implode(', ', array_diff($allow, $deny)))
); );
foreach($r as $rr) foreach($r as $rr)
$allow_names[] = $rr['name']; $allow_names[] = $rr['name'];
@ -162,8 +164,8 @@ function remote_permissions_content($a, $item_copy) {
// will have different URIs than the original. We can match the GUID for // will have different URIs than the original. We can match the GUID for
// those // those
$r = q("SELECT `uid` FROM item WHERE uri = '%s' OR guid = '%s'", $r = q("SELECT `uid` FROM item WHERE uri = '%s' OR guid = '%s'",
dbesc($item_copy['uri']), DBA::escape($item_copy['uri']),
dbesc($item_copy['guid']) DBA::escape($item_copy['guid'])
); );
if(! $r) if(! $r)
return; return;
@ -173,7 +175,7 @@ function remote_permissions_content($a, $item_copy) {
$allow[] = $rr['uid']; $allow[] = $rr['uid'];
$r = q("SELECT username FROM user WHERE uid IN ( %s )", $r = q("SELECT username FROM user WHERE uid IN ( %s )",
dbesc(implode(', ', $allow)) DBA::escape(implode(', ', $allow))
); );
if(! $r) if(! $r)
return; return;

68
statusnet/statusnet.php
View file

@ -899,7 +899,7 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
"location" => $contact->location, "about" => $contact->description, "location" => $contact->location, "about" => $contact->description,
"addr" => statusnet_address($contact), "generation" => 3]); "addr" => statusnet_address($contact), "generation" => 3]);
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), dbesc(normalise_link($contact->statusnet_profile_url)), dbesc(NETWORK_STATUSNET)); $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), DBA::escape(normalise_link($contact->statusnet_profile_url)), DBA::escape(NETWORK_STATUSNET));
if (!DBA::isResult($r) && !$create_user) { if (!DBA::isResult($r) && !$create_user) {
return 0; return 0;
@ -917,28 +917,28 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
`location`, `about`, `writable`, `blocked`, `readonly`, `pending` ) `location`, `about`, `writable`, `blocked`, `readonly`, `pending` )
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0 ) ", VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0 ) ",
intval($uid), intval($uid),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
dbesc($contact->statusnet_profile_url), DBA::escape($contact->statusnet_profile_url),
dbesc(normalise_link($contact->statusnet_profile_url)), DBA::escape(normalise_link($contact->statusnet_profile_url)),
dbesc(statusnet_address($contact)), DBA::escape(statusnet_address($contact)),
dbesc(normalise_link($contact->statusnet_profile_url)), DBA::escape(normalise_link($contact->statusnet_profile_url)),
dbesc(''), DBA::escape(''),
dbesc(''), DBA::escape(''),
dbesc($contact->name), DBA::escape($contact->name),
dbesc($contact->screen_name), DBA::escape($contact->screen_name),
dbesc($contact->profile_image_url), DBA::escape($contact->profile_image_url),
dbesc(NETWORK_STATUSNET), DBA::escape(NETWORK_STATUSNET),
intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_FRIEND),
intval(1), intval(1),
dbesc($contact->location), DBA::escape($contact->location),
dbesc($contact->description), DBA::escape($contact->description),
intval(1) intval(1)
); );
$r = q("SELECT * FROM `contact` WHERE `alias` = '%s' AND `uid` = %d AND `network` = '%s' LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `alias` = '%s' AND `uid` = %d AND `network` = '%s' LIMIT 1",
dbesc($contact->statusnet_profile_url), DBA::escape($contact->statusnet_profile_url),
intval($uid), intval($uid),
dbesc(NETWORK_STATUSNET)); DBA::escape(NETWORK_STATUSNET));
if (!DBA::isResult($r)) { if (!DBA::isResult($r)) {
return false; return false;
@ -955,10 +955,10 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
`micro` = '%s', `micro` = '%s',
`avatar-date` = '%s' `avatar-date` = '%s'
WHERE `id` = %d", WHERE `id` = %d",
dbesc($photos[0]), DBA::escape($photos[0]),
dbesc($photos[1]), DBA::escape($photos[1]),
dbesc($photos[2]), DBA::escape($photos[2]),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
intval($contact_id) intval($contact_id)
); );
} else { } else {
@ -986,19 +986,19 @@ function statusnet_fetch_contact($uid, $contact, $create_user)
`location` = '%s', `location` = '%s',
`about` = '%s' `about` = '%s'
WHERE `id` = %d", WHERE `id` = %d",
dbesc($photos[0]), DBA::escape($photos[0]),
dbesc($photos[1]), DBA::escape($photos[1]),
dbesc($photos[2]), DBA::escape($photos[2]),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
dbesc($contact->statusnet_profile_url), DBA::escape($contact->statusnet_profile_url),
dbesc(normalise_link($contact->statusnet_profile_url)), DBA::escape(normalise_link($contact->statusnet_profile_url)),
dbesc(statusnet_address($contact)), DBA::escape(statusnet_address($contact)),
dbesc($contact->name), DBA::escape($contact->name),
dbesc($contact->screen_name), DBA::escape($contact->screen_name),
dbesc($contact->location), DBA::escape($contact->location),
dbesc($contact->description), DBA::escape($contact->description),
intval($r[0]['id']) intval($r[0]['id'])
); );
} }
@ -1520,7 +1520,7 @@ function statusnet_fetch_own_contact(App $a, $uid)
$contact_id = statusnet_fetch_contact($uid, $user, true); $contact_id = statusnet_fetch_contact($uid, $user, true);
} else { } else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
intval($uid), dbesc($own_url)); intval($uid), DBA::escape($own_url));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
$contact_id = $r[0]["id"]; $contact_id = $r[0]["id"];
} else { } else {

8
testdrive/testdrive.php
View file

@ -6,9 +6,11 @@
* Author: Mike Macgirvin <http://macgirvin.com/profile/mike> * Author: Mike Macgirvin <http://macgirvin.com/profile/mike>
*/ */
use Friendica\App;
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Database\DBA;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
@ -33,7 +35,7 @@ function testdrive_uninstall() {
} }
function testdrive_load_config(\Friendica\App $a) function testdrive_load_config(App $a)
{ {
$a->loadConfigFile(__DIR__. '/config/testdrive.ini.php'); $a->loadConfigFile(__DIR__. '/config/testdrive.ini.php');
} }
@ -51,7 +53,7 @@ function testdrive_register_account($a,$b) {
return; return;
$r = q("UPDATE user set account_expires_on = '%s' where uid = %d", $r = q("UPDATE user set account_expires_on = '%s' where uid = %d",
dbesc(DateTimeFormat::convert('now +' . $days . ' days')), DBA::escape(DateTimeFormat::convert('now +' . $days . ' days')),
intval($uid) intval($uid)
); );
@ -79,7 +81,7 @@ function testdrive_cron($a,$b) {
]); ]);
q("update user set expire_notification_sent = '%s' where uid = %d", q("update user set expire_notification_sent = '%s' where uid = %d",
dbesc(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()),
intval($rr['uid']) intval($rr['uid'])
); );

8
twitter/twitter.php
View file

@ -142,7 +142,7 @@ function twitter_check_item_notification(App $a, &$notification_data)
$own_user = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1", $own_user = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
intval($notification_data["uid"]), intval($notification_data["uid"]),
dbesc("twitter::".$own_id) DBA::escape("twitter::".$own_id)
); );
if ($own_user) { if ($own_user) {
@ -183,7 +183,7 @@ function twitter_follow(App $a, &$contact)
$r = q("SELECT name,nick,url,addr,batch,notify,poll,request,confirm,poco,photo,priority,network,alias,pubkey $r = q("SELECT name,nick,url,addr,batch,notify,poll,request,confirm,poco,photo,priority,network,alias,pubkey
FROM `contact` WHERE `uid` = %d AND `nick` = '%s'", FROM `contact` WHERE `uid` = %d AND `nick` = '%s'",
intval($uid), intval($uid),
dbesc($nickname)); DBA::escape($nickname));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
$contact["contact"] = $r[0]; $contact["contact"] = $r[0];
} }
@ -922,7 +922,7 @@ function twitter_fetchtimeline(App $a, $uid)
function twitter_queue_hook(App $a, &$b) function twitter_queue_hook(App $a, &$b)
{ {
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'", $qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
dbesc(NETWORK_TWITTER) DBA::escape(NETWORK_TWITTER)
); );
if (!DBA::isResult($qi)) { if (!DBA::isResult($qi)) {
return; return;
@ -1751,7 +1751,7 @@ function twitter_fetch_own_contact(App $a, $uid)
} else { } else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
intval($uid), intval($uid),
dbesc("twitter::" . $own_id)); DBA::escape("twitter::" . $own_id));
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
$contact_id = $r[0]["id"]; $contact_id = $r[0]["id"];
} else { } else {

4
widgets/widget_like.php
View file

@ -37,7 +37,7 @@ function like_widget_content(&$a, $conf){
// count likes // count likes
$r = q( $baseq . "AND `item`.`verb` = 'http://activitystrea.ms/schema/1.0/like'", $r = q( $baseq . "AND `item`.`verb` = 'http://activitystrea.ms/schema/1.0/like'",
intval($conf['uid']), intval($conf['uid']),
dbesc($args[0]) DBA::escape($args[0])
); );
$likes = $r[0]['c']; $likes = $r[0]['c'];
$iid = $r[0]['id']; $iid = $r[0]['id'];
@ -45,7 +45,7 @@ function like_widget_content(&$a, $conf){
// count dislikes // count dislikes
$r = q( $baseq . "AND `item`.`verb` = 'http://purl.org/macgirvin/dfrn/1.0/dislike'", $r = q( $baseq . "AND `item`.`verb` = 'http://purl.org/macgirvin/dfrn/1.0/dislike'",
intval($conf['uid']), intval($conf['uid']),
dbesc($args[0]) DBA::escape($args[0])
); );
$dislikes = $r[0]['c']; $dislikes = $r[0]['c'];

6
widgets/widgets.php
View file

@ -5,21 +5,23 @@
* Version: 1.0 * Version: 1.0
* Author: Fabio Comuni <http://kirgroup.com/profile/fabrix/> * Author: Fabio Comuni <http://kirgroup.com/profile/fabrix/>
*/ */
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Core\PConfig; use Friendica\Core\PConfig;
use Friendica\Database\DBA;
function widgets_install() { function widgets_install() {
Addon::registerHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings'); Addon::registerHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings');
Addon::registerHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post'); Addon::registerHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post');
logger("installed widgets"); logger("installed widgets");
} }
function widgets_uninstall() { function widgets_uninstall() {
Addon::unregisterHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings'); Addon::unregisterHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings');
Addon::unregisterHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post'); Addon::unregisterHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post');
} }
function widgets_settings_post(){ function widgets_settings_post(){
if(! local_user()) if(! local_user())
return; return;
@ -89,7 +91,7 @@ function widgets_content(&$a) {
} }
$r = q("SELECT * FROM pconfig WHERE uid IN (SELECT uid FROM pconfig WHERE v='%s')AND cat='widgets'", $r = q("SELECT * FROM pconfig WHERE uid IN (SELECT uid FROM pconfig WHERE v='%s')AND cat='widgets'",
dbesc($_GET['k']) DBA::escape($_GET['k'])
); );
if (!count($r)){ if (!count($r)){
if($a->argv[2]=="cb"){header('HTTP/1.0 400 Bad Request'); killme();} if($a->argv[2]=="cb"){header('HTTP/1.0 400 Bad Request'); killme();}