escape user data to sql
This commit is contained in:
parent
f9e61f20cc
commit
e94e6d7500
1 changed files with 7 additions and 7 deletions
|
@ -18,7 +18,7 @@ function display_init(&$a) {
|
||||||
if (local_user()) {
|
if (local_user()) {
|
||||||
$r = q("SELECT `id`, `parent`, `author-name`, `author-link`, `author-avatar`, `network`, `body`, `uid` FROM `item`
|
$r = q("SELECT `id`, `parent`, `author-name`, `author-link`, `author-avatar`, `network`, `body`, `uid` FROM `item`
|
||||||
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
|
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
|
||||||
AND `guid` = '%s' AND `uid` = %d", $a->argv[1], local_user());
|
AND `guid` = '%s' AND `uid` = %d", dbesc($a->argv[1]), local_user());
|
||||||
if (count($r)) {
|
if (count($r)) {
|
||||||
$nick = $a->user["nickname"];
|
$nick = $a->user["nickname"];
|
||||||
$itemuid = local_user();
|
$itemuid = local_user();
|
||||||
|
@ -34,7 +34,7 @@ function display_init(&$a) {
|
||||||
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
|
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
|
||||||
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
|
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
|
||||||
AND `item`.`private` = 0 AND NOT `user`.`hidewall`
|
AND `item`.`private` = 0 AND NOT `user`.`hidewall`
|
||||||
AND `item`.`guid` = '%s'", $a->argv[1]);
|
AND `item`.`guid` = '%s'", dbesc($a->argv[1]));
|
||||||
// AND `item`.`private` = 0 AND `item`.`wall` = 1
|
// AND `item`.`private` = 0 AND `item`.`wall` = 1
|
||||||
if (count($r)) {
|
if (count($r)) {
|
||||||
$nick = $r[0]["nickname"];
|
$nick = $r[0]["nickname"];
|
||||||
|
@ -50,7 +50,7 @@ function display_init(&$a) {
|
||||||
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
|
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
|
||||||
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
|
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
|
||||||
AND `item`.`private` = 0 AND `item`.`uid` = 0
|
AND `item`.`private` = 0 AND `item`.`uid` = 0
|
||||||
AND `item`.`guid` = '%s'", $a->argv[1]);
|
AND `item`.`guid` = '%s'", dbesc($a->argv[1]));
|
||||||
// AND `item`.`private` = 0 AND `item`.`wall` = 1
|
// AND `item`.`private` = 0 AND `item`.`wall` = 1
|
||||||
}
|
}
|
||||||
if (count($r)) {
|
if (count($r)) {
|
||||||
|
@ -255,7 +255,7 @@ function display_content(&$a, $update = 0) {
|
||||||
if (local_user()) {
|
if (local_user()) {
|
||||||
$r = q("SELECT `id` FROM `item`
|
$r = q("SELECT `id` FROM `item`
|
||||||
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
|
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
|
||||||
AND `guid` = '%s' AND `uid` = %d", $a->argv[1], local_user());
|
AND `guid` = '%s' AND `uid` = %d", dbesc($a->argv[1]), local_user());
|
||||||
if (count($r)) {
|
if (count($r)) {
|
||||||
$item_id = $r[0]["id"];
|
$item_id = $r[0]["id"];
|
||||||
$nick = $a->user["nickname"];
|
$nick = $a->user["nickname"];
|
||||||
|
@ -268,7 +268,7 @@ function display_content(&$a, $update = 0) {
|
||||||
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
|
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
|
||||||
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
|
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
|
||||||
AND `item`.`private` = 0 AND NOT `user`.`hidewall`
|
AND `item`.`private` = 0 AND NOT `user`.`hidewall`
|
||||||
AND `item`.`guid` = '%s'", $a->argv[1]);
|
AND `item`.`guid` = '%s'", dbesc($a->argv[1]));
|
||||||
// AND `item`.`private` = 0 AND `item`.`wall` = 1
|
// AND `item`.`private` = 0 AND `item`.`wall` = 1
|
||||||
if (count($r)) {
|
if (count($r)) {
|
||||||
$item_id = $r[0]["id"];
|
$item_id = $r[0]["id"];
|
||||||
|
@ -281,7 +281,7 @@ function display_content(&$a, $update = 0) {
|
||||||
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
|
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
|
||||||
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
|
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
|
||||||
AND `item`.`private` = 0 AND `item`.`uid` = 0
|
AND `item`.`private` = 0 AND `item`.`uid` = 0
|
||||||
AND `item`.`guid` = '%s'", $a->argv[1]);
|
AND `item`.`guid` = '%s'", dbesc($a->argv[1]));
|
||||||
// AND `item`.`private` = 0 AND `item`.`wall` = 1
|
// AND `item`.`private` = 0 AND `item`.`wall` = 1
|
||||||
if (count($r)) {
|
if (count($r)) {
|
||||||
$item_id = $r[0]["id"];
|
$item_id = $r[0]["id"];
|
||||||
|
@ -412,7 +412,7 @@ function display_content(&$a, $update = 0) {
|
||||||
|
|
||||||
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
|
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
|
||||||
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
|
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
|
||||||
`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
|
`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
|
||||||
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
|
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
|
||||||
FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
||||||
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
||||||
|
|
Loading…
Reference in a new issue