Rename dbesc to DBA::escape

src/Protocol/DFRN.php

@@ -129,7 +129,7 @@ class DFRN
 			"SELECT `contact`.*, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`, `user`.`account-type`
 			FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`
 			WHERE `contact`.`self` AND `user`.`nickname` = '%s' LIMIT 1",
-			dbesc($owner_nick)
+			DBA::escape($owner_nick)
 		);
 
 		if (! DBA::isResult($r)) {
@@ -147,15 +147,15 @@ class DFRN
 			$sql_extra = '';
 			switch ($direction) {
 				case (-1):
-					$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
+					$sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
 					$my_id = $dfrn_id;
 					break;
 				case 0:
-					$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+					$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
 					$my_id = '1:' . $dfrn_id;
 					break;
 				case 1:
-					$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+					$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
 					$my_id = '0:' . $dfrn_id;
 					break;
 				default:
@@ -196,8 +196,8 @@ class DFRN
 			",
 				intval($contact['id']),
 				intval($contact['id']),
-				dbesc($gs),
-				dbesc($gs)
+				DBA::escape($gs),
+				DBA::escape($gs)
 			);
 		}
 
@@ -214,7 +214,7 @@ class DFRN
 		if (isset($category)) {
 			$sql_post_table = sprintf(
 				"INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
-				dbesc(protect_sprintf($category)),
+				DBA::escape(protect_sprintf($category)),
 				intval(TERM_OBJ_POST),
 				intval(TERM_CATEGORY),
 				intval($owner_id)
@@ -236,8 +236,8 @@ class DFRN
 			$sql_extra
 			ORDER BY `item`.`parent` ".$sort.", `item`.`created` ASC LIMIT 0, 300",
 			intval($owner_id),
-			dbesc($check_date),
-			dbesc($sort)
+			DBA::escape($check_date),
+			DBA::escape($sort)
 		);
 
 		$ids = [];
@@ -1073,7 +1073,7 @@ class DFRN
 			$r = q(
 				"SELECT `forum`, `prv` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s'",
 				intval($owner["uid"]),
-				dbesc(normalise_link($mention))
+				DBA::escape(normalise_link($mention))
 			);
 
 			if (DBA::isResult($r) && ($r[0]["forum"] || $r[0]["prv"])) {
@@ -1498,8 +1498,8 @@ class DFRN
 			"SELECT `id` FROM `event` WHERE `uid` = %d AND `cid` = %d AND `start` = '%s' AND `type` = '%s' LIMIT 1",
 			intval($contact['uid']),
 			intval($contact['id']),
-			dbesc(DateTimeFormat::utc($birthday)),
-			dbesc('birthday')
+			DBA::escape(DateTimeFormat::utc($birthday)),
+			DBA::escape('birthday')
 		);
 
 		if (DBA::isResult($r)) {
@@ -1516,13 +1516,13 @@ class DFRN
 			VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
 			intval($contact['uid']),
 			intval($contact['id']),
-			dbesc(DateTimeFormat::utcNow()),
-			dbesc(DateTimeFormat::utcNow()),
-			dbesc(DateTimeFormat::utc($birthday)),
-			dbesc(DateTimeFormat::utc($birthday . ' + 1 day ')),
-			dbesc($bdtext),
-			dbesc($bdtext2),
-			dbesc('birthday')
+			DBA::escape(DateTimeFormat::utcNow()),
+			DBA::escape(DateTimeFormat::utcNow()),
+			DBA::escape(DateTimeFormat::utc($birthday)),
+			DBA::escape(DateTimeFormat::utc($birthday . ' + 1 day ')),
+			DBA::escape($bdtext),
+			DBA::escape($bdtext2),
+			DBA::escape('birthday')
 		);
 	}
 
@@ -1744,11 +1744,11 @@ class DFRN
 					`addr` = '%s', `keywords` = '%s', `bdyear` = '%s', `bd` = '%s', `hidden` = %d,
 					`xmpp` = '%s', `name-date`  = '%s', `uri-date` = '%s'
 					WHERE `id` = %d AND `network` = '%s'",
-					dbesc($contact["name"]), dbesc($contact["nick"]), dbesc($contact["about"]),	dbesc($contact["location"]),
-					dbesc($contact["addr"]), dbesc($contact["keywords"]), dbesc($contact["bdyear"]),
-					dbesc($contact["bd"]), intval($contact["hidden"]), dbesc($contact["xmpp"]),
-					dbesc(DateTimeFormat::utc($contact["name-date"])), dbesc(DateTimeFormat::utc($contact["uri-date"])),
-					intval($contact["id"]),	dbesc($contact["network"])
+					DBA::escape($contact["name"]), DBA::escape($contact["nick"]), DBA::escape($contact["about"]),	DBA::escape($contact["location"]),
+					DBA::escape($contact["addr"]), DBA::escape($contact["keywords"]), DBA::escape($contact["bdyear"]),
+					DBA::escape($contact["bd"]), intval($contact["hidden"]), DBA::escape($contact["xmpp"]),
+					DBA::escape(DateTimeFormat::utc($contact["name-date"])), DBA::escape(DateTimeFormat::utc($contact["uri-date"])),
+					intval($contact["id"]),	DBA::escape($contact["network"])
 				);
 			}
 
@@ -1914,8 +1914,8 @@ class DFRN
 
 		$r = q(
 			"SELECT `id` FROM `contact` WHERE `name` = '%s' AND `nurl` = '%s' AND `uid` = %d LIMIT 1",
-			dbesc($suggest["name"]),
-			dbesc(normalise_link($suggest["url"])),
+			DBA::escape($suggest["name"]),
+			DBA::escape(normalise_link($suggest["url"])),
 			intval($suggest["uid"])
 		);
 
@@ -1935,9 +1935,9 @@ class DFRN
 		$fid = 0;
 		$r = q(
 			"SELECT `id` FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1",
-			dbesc($suggest["url"]),
-			dbesc($suggest["name"]),
-			dbesc($suggest["request"])
+			DBA::escape($suggest["url"]),
+			DBA::escape($suggest["name"]),
+			DBA::escape($suggest["request"])
 		);
 		if (DBA::isResult($r)) {
 			$fid = $r[0]["id"];
@@ -1963,17 +1963,17 @@ class DFRN
 		if (!$fid) {
 			$r = q(
 				"INSERT INTO `fcontact` (`name`,`url`,`photo`,`request`) VALUES ('%s', '%s', '%s', '%s')",
-				dbesc($suggest["name"]),
-				dbesc($suggest["url"]),
-				dbesc($suggest["photo"]),
-				dbesc($suggest["request"])
+				DBA::escape($suggest["name"]),
+				DBA::escape($suggest["url"]),
+				DBA::escape($suggest["photo"]),
+				DBA::escape($suggest["request"])
 			);
 		}
 		$r = q(
 			"SELECT `id` FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1",
-			dbesc($suggest["url"]),
-			dbesc($suggest["name"]),
-			dbesc($suggest["request"])
+			DBA::escape($suggest["url"]),
+			DBA::escape($suggest["name"]),
+			DBA::escape($suggest["request"])
 		);
 
 		/*
@@ -1995,9 +1995,9 @@ class DFRN
 			intval($suggest["uid"]),
 			intval($fid),
 			intval($suggest["cid"]),
-			dbesc($suggest["body"]),
-			dbesc($hash),
-			dbesc(DateTimeFormat::utcNow()),
+			DBA::escape($suggest["body"]),
+			DBA::escape($hash),
+			DBA::escape(DateTimeFormat::utcNow()),
 			intval(0)
 		);
 
@@ -2172,9 +2172,9 @@ class DFRN
 					AND `item`.`uid` = %d
 					$sql_extra
 					LIMIT 1",
-					dbesc($parent["parent-uri"]),
-					dbesc($parent["parent-uri"]),
-					dbesc($parent["parent-uri"]),
+					DBA::escape($parent["parent-uri"]),
+					DBA::escape($parent["parent-uri"]),
+					DBA::escape($parent["parent-uri"]),
 					intval($importer["importer_uid"])
 				);
 				if (DBA::isResult($r)) {
@@ -2645,7 +2645,7 @@ class DFRN
 
 					$r = q(
 						"SELECT `id` FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
-						dbesc($item["uri"]),
+						DBA::escape($item["uri"]),
 						intval($importer["importer_uid"])
 					);
 					if (DBA::isResult($r)) {
@@ -2952,10 +2952,10 @@ class DFRN
 			/// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange.
 			$r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1)
 					AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1",
-				dbesc($contact_nick),
-				dbesc($a->user['nickname']),
-				dbesc($baseurl),
-				dbesc($nurl)
+				DBA::escape($contact_nick),
+				DBA::escape($a->user['nickname']),
+				DBA::escape($baseurl),
+				DBA::escape($nurl)
 			);
 			if ((! DBA::isResult($r)) || $r[0]['id'] == remote_user()) {
 				return;
@@ -2963,10 +2963,10 @@ class DFRN
 
 			$r = q("SELECT * FROM contact WHERE nick = '%s'
 					AND network = '%s' AND uid = %d  AND url LIKE '%%%s%%' LIMIT 1",
-				dbesc($contact_nick),
-				dbesc(NETWORK_DFRN),
+				DBA::escape($contact_nick),
+				DBA::escape(NETWORK_DFRN),
 				intval(local_user()),
-				dbesc($baseurl)
+				DBA::escape($baseurl)
 			);
 			if (! DBA::isResult($r)) {
 				return;

src/Protocol/Diaspora.php

@@ -1016,8 +1016,8 @@ class Diaspora
 
 		$r = q(
 			"SELECT `url` FROM `fcontact` WHERE `url` != '' AND `network` = '%s' AND `guid` = '%s'",
-			dbesc(NETWORK_DIASPORA),
-			dbesc($fcontact_guid)
+			DBA::escape(NETWORK_DIASPORA),
+			DBA::escape($fcontact_guid)
 		);
 
 		if (DBA::isResult($r)) {
@@ -1787,7 +1787,7 @@ class Diaspora
 
 		$r = q(
 			"SELECT `id` FROM `mail` WHERE `guid` = '%s' AND `uid` = %d LIMIT 1",
-			dbesc($msg_guid),
+			DBA::escape($msg_guid),
 			intval($importer["uid"])
 		);
 		if (DBA::isResult($r)) {
@@ -1799,19 +1799,19 @@ class Diaspora
 			"INSERT INTO `mail` (`uid`, `guid`, `convid`, `from-name`,`from-photo`,`from-url`,`contact-id`,`title`,`body`,`seen`,`reply`,`uri`,`parent-uri`,`created`)
 			VALUES (%d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s','%s','%s')",
 			intval($importer["uid"]),
-			dbesc($msg_guid),
+			DBA::escape($msg_guid),
 			intval($conversation["id"]),
-			dbesc($person["name"]),
-			dbesc($person["photo"]),
-			dbesc($person["url"]),
+			DBA::escape($person["name"]),
+			DBA::escape($person["photo"]),
+			DBA::escape($person["url"]),
 			intval($contact["id"]),
-			dbesc($subject),
-			dbesc($body),
+			DBA::escape($subject),
+			DBA::escape($body),
 			0,
 			0,
-			dbesc($message_uri),
-			dbesc($author.":".$guid),
-			dbesc($msg_created_at)
+			DBA::escape($message_uri),
+			DBA::escape($author.":".$guid),
+			DBA::escape($msg_created_at)
 		);
 
 		DBA::unlock();
@@ -1870,7 +1870,7 @@ class Diaspora
 		$c = q(
 			"SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
 			intval($importer["uid"]),
-			dbesc($guid)
+			DBA::escape($guid)
 		);
 		if ($c)
 			$conversation = $c[0];
@@ -1879,18 +1879,18 @@ class Diaspora
 				"INSERT INTO `conv` (`uid`, `guid`, `creator`, `created`, `updated`, `subject`, `recips`)
 				VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s')",
 				intval($importer["uid"]),
-				dbesc($guid),
-				dbesc($author),
-				dbesc($created_at),
-				dbesc(DateTimeFormat::utcNow()),
-				dbesc($subject),
-				dbesc($participants)
+				DBA::escape($guid),
+				DBA::escape($author),
+				DBA::escape($created_at),
+				DBA::escape(DateTimeFormat::utcNow()),
+				DBA::escape($subject),
+				DBA::escape($participants)
 			);
 			if ($r) {
 				$c = q(
 					"SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
 					intval($importer["uid"]),
-					dbesc($guid)
+					DBA::escape($guid)
 				);
 			}
 
@@ -2049,7 +2049,7 @@ class Diaspora
 		$c = q(
 			"SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
 			intval($importer["uid"]),
-			dbesc($conversation_guid)
+			DBA::escape($conversation_guid)
 		);
 		if ($c) {
 			$conversation = $c[0];
@@ -2074,7 +2074,7 @@ class Diaspora
 
 		$r = q(
 			"SELECT `id` FROM `mail` WHERE `guid` = '%s' AND `uid` = %d LIMIT 1",
-			dbesc($guid),
+			DBA::escape($guid),
 			intval($importer["uid"])
 		);
 		if (DBA::isResult($r)) {
@@ -2086,19 +2086,19 @@ class Diaspora
 			"INSERT INTO `mail` (`uid`, `guid`, `convid`, `from-name`,`from-photo`,`from-url`,`contact-id`,`title`,`body`,`seen`,`reply`,`uri`,`parent-uri`,`created`)
 				VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s','%s','%s')",
 			intval($importer["uid"]),
-			dbesc($guid),
+			DBA::escape($guid),
 			intval($conversation["id"]),
-			dbesc($person["name"]),
-			dbesc($person["photo"]),
-			dbesc($person["url"]),
+			DBA::escape($person["name"]),
+			DBA::escape($person["photo"]),
+			DBA::escape($person["url"]),
 			intval($contact["id"]),
-			dbesc($conversation["subject"]),
-			dbesc($body),
+			DBA::escape($conversation["subject"]),
+			DBA::escape($body),
 			0,
 			1,
-			dbesc($message_uri),
-			dbesc($author.":".$conversation["guid"]),
-			dbesc($created_at)
+			DBA::escape($message_uri),
+			DBA::escape($author.":".$conversation["guid"]),
+			DBA::escape($created_at)
 		);
 
 		DBA::unlock();
@@ -2401,18 +2401,18 @@ class Diaspora
 			"INSERT INTO `contact` (`uid`, `network`,`addr`,`created`,`url`,`nurl`,`batch`,`name`,`nick`,`photo`,`pubkey`,`notify`,`poll`,`blocked`,`priority`)
 			VALUES (%d, '%s', '%s', '%s', '%s','%s','%s','%s','%s','%s','%s','%s','%s',%d,%d)",
 			intval($importer["uid"]),
-			dbesc($ret["network"]),
-			dbesc($ret["addr"]),
+			DBA::escape($ret["network"]),
+			DBA::escape($ret["addr"]),
 			DateTimeFormat::utcNow(),
-			dbesc($ret["url"]),
-			dbesc(normalise_link($ret["url"])),
-			dbesc($batch),
-			dbesc($ret["name"]),
-			dbesc($ret["nick"]),
-			dbesc($ret["photo"]),
-			dbesc($ret["pubkey"]),
-			dbesc($ret["notify"]),
-			dbesc($ret["poll"]),
+			DBA::escape($ret["url"]),
+			DBA::escape(normalise_link($ret["url"])),
+			DBA::escape($batch),
+			DBA::escape($ret["name"]),
+			DBA::escape($ret["nick"]),
+			DBA::escape($ret["photo"]),
+			DBA::escape($ret["pubkey"]),
+			DBA::escape($ret["notify"]),
+			DBA::escape($ret["poll"]),
 			1,
 			2
 		);
@@ -2444,9 +2444,9 @@ class Diaspora
 				intval($contact_record["id"]),
 				0,
 				0,
-				dbesc(L10n::t("Sharing notification from Diaspora network")),
-				dbesc($hash),
-				dbesc(DateTimeFormat::utcNow())
+				DBA::escape(L10n::t("Sharing notification from Diaspora network")),
+				DBA::escape($hash),
+				DBA::escape(DateTimeFormat::utcNow())
 			);
 		} else {
 			// automatic friend approval
@@ -2477,8 +2477,8 @@ class Diaspora
 				WHERE `id` = %d
 				",
 				intval($new_relation),
-				dbesc(DateTimeFormat::utcNow()),
-				dbesc(DateTimeFormat::utcNow()),
+				DBA::escape(DateTimeFormat::utcNow()),
+				DBA::escape(DateTimeFormat::utcNow()),
 				intval($contact_record["id"])
 			);
 
@@ -4129,7 +4129,7 @@ class Diaspora
 			$recips = q(
 				"SELECT `id`,`name`,`network`,`pubkey`,`notify` FROM `contact` WHERE `network` = '%s'
 				AND `uid` = %d AND `rel` != %d",
-				dbesc(NETWORK_DIASPORA),
+				DBA::escape(NETWORK_DIASPORA),
 				intval($uid),
 				intval(CONTACT_IS_SHARING)
 			);

src/Protocol/OStatus.php

@@ -1573,7 +1573,7 @@ class OStatus
 	{
 		$r = q(
 			"SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` IN (0, %d) ORDER BY `uid` DESC LIMIT 1",
-			dbesc(normalise_link($url)),
+			DBA::escape(normalise_link($url)),
 			intval($owner["uid"])
 		);
 		if (DBA::isResult($r)) {
@@ -1584,7 +1584,7 @@ class OStatus
 		if (!DBA::isResult($r)) {
 			$r = q(
 				"SELECT * FROM `gcontact` WHERE `nurl` = '%s' LIMIT 1",
-				dbesc(normalise_link($url))
+				DBA::escape(normalise_link($url))
 			);
 			if (DBA::isResult($r)) {
 				$contact = $r[0];
@@ -1790,7 +1790,7 @@ class OStatus
 		$r = q(
 			"SELECT `id` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s'",
 			intval($owner['uid']),
-			dbesc(normalise_link($contact["url"]))
+			DBA::escape(normalise_link($contact["url"]))
 		);
 
 		if (DBA::isResult($r)) {

src/Protocol/PortableContact.php

@@ -281,7 +281,7 @@ class PortableContact
 
 		$r = q(
 			"SELECT `id` FROM `gserver` WHERE `nurl` = '%s' AND `last_contact` > `last_failure`",
-			dbesc(normalise_link($server_url))
+			DBA::escape(normalise_link($server_url))
 		);
 
 		if (DBA::isResult($r)) {
@@ -306,7 +306,7 @@ class PortableContact
 	{
 		$gcontacts = q(
 			"SELECT * FROM `gcontact` WHERE `nurl` = '%s'",
-			dbesc(normalise_link($profile))
+			DBA::escape(normalise_link($profile))
 		);
 
 		if (!DBA::isResult($gcontacts)) {
@@ -353,7 +353,7 @@ class PortableContact
 		if (in_array($gcontacts[0]["network"], ["", NETWORK_FEED])) {
 			$server = q(
 				"SELECT `network` FROM `gserver` WHERE `nurl` = '%s' AND `network` != ''",
-				dbesc(normalise_link($server_url))
+				DBA::escape(normalise_link($server_url))
 			);
 
 			if ($server) {
@@ -366,7 +366,7 @@ class PortableContact
 		// noscrape is really fast so we don't cache the call.
 		if (($server_url != "") && ($gcontacts[0]["nick"] != "")) {
 			//  Use noscrape if possible
-			$server = q("SELECT `noscrape`, `network` FROM `gserver` WHERE `nurl` = '%s' AND `noscrape` != ''", dbesc(normalise_link($server_url)));
+			$server = q("SELECT `noscrape`, `network` FROM `gserver` WHERE `nurl` = '%s' AND `noscrape` != ''", DBA::escape(normalise_link($server_url)));
 
 			if ($server) {
 				$noscraperet = Network::curl($server[0]["noscrape"]."/".$gcontacts[0]["nick"]);
@@ -1477,9 +1477,9 @@ class PortableContact
 			WHERE `network` IN ('%s', '%s', '%s') AND `last_contact` > `last_failure`
 			ORDER BY `last_contact`
 			LIMIT 1000",
-			dbesc(NETWORK_DFRN),
-			dbesc(NETWORK_DIASPORA),
-			dbesc(NETWORK_OSTATUS)
+			DBA::escape(NETWORK_DFRN),
+			DBA::escape(NETWORK_DIASPORA),
+			DBA::escape(NETWORK_OSTATUS)
 		);
 
 		if (!DBA::isResult($r)) {
@@ -1509,7 +1509,7 @@ class PortableContact
 		foreach ($serverlist as $server) {
 			$server_url = str_replace("/index.php", "", $server->url);
 
-			$r = q("SELECT `nurl` FROM `gserver` WHERE `nurl` = '%s'", dbesc(normalise_link($server_url)));
+			$r = q("SELECT `nurl` FROM `gserver` WHERE `nurl` = '%s'", DBA::escape(normalise_link($server_url)));
 			if (!DBA::isResult($r)) {
 				logger("Call server check for server ".$server_url, LOGGER_DEBUG);
 				Worker::add(PRIORITY_LOW, "DiscoverPoCo", "server", $server_url);
@@ -1654,7 +1654,7 @@ class PortableContact
 		}
 		$last_update = date("c", time() - (60 * 60 * 24 * $requery_days));
 
-		$r = q("SELECT `id`, `url`, `nurl`, `network` FROM `gserver` WHERE `last_contact` >= `last_failure` AND `poco` != '' AND `last_poco_query` < '%s' ORDER BY RAND()", dbesc($last_update));
+		$r = q("SELECT `id`, `url`, `nurl`, `network` FROM `gserver` WHERE `last_contact` >= `last_failure` AND `poco` != '' AND `last_poco_query` < '%s' ORDER BY RAND()", DBA::escape($last_update));
 		if (DBA::isResult($r)) {
 			foreach ($r as $server) {
 				if (!self::checkServer($server["url"], $server["network"])) {