return;
}
- if (! x($a->page,'aside')) {
+ if (empty($a->page['aside'])) {
$a->page['aside'] = '';
}
$local = Config::get('system','poco_local_search');
- $search = $prefix.Strings::removeTags(trim(defaults($_REQUEST, 'search', '')));
+ $search = $prefix.Strings::escapeTags(trim(defaults($_REQUEST, 'search', '')));
$header = '';
if (strpos($search,'@') === 0) {
$search = substr($search,1);
$header = L10n::t('People Search - %s', $search);
- if ((valid_email($search) && Network::isEmailDomainValid($search)) ||
- (substr(normalise_link($search), 0, 7) == "http://")) {
+ if ((filter_var($search, FILTER_VALIDATE_EMAIL) && Network::isEmailDomainValid($search)) ||
+ (substr(Strings::normaliseLink($search), 0, 7) == "http://")) {
$user_data = Probe::uri($search);
$discover_user = (in_array($user_data["network"], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::OSTATUS, Protocol::DIASPORA]));
}
/// @TODO These 2 SELECTs are not checked on validity with DBA::isResult()
$count = q("SELECT count(*) AS `total` FROM `gcontact`
- WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s') AND
+ WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s', '%s') AND
((`last_contact` >= `last_failure`) OR (`updated` >= `last_failure`)) AND
(`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql",
- DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
- DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
- DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)));
+ DBA::escape(Protocol::ACTIVITYPUB), DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)));
$results = q("SELECT `nurl`
FROM `gcontact`
- WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s') AND
+ WHERE NOT `hide` AND `network` IN ('%s', '%s', '%s', '%s') AND
((`last_contact` >= `last_failure`) OR (`updated` >= `last_failure`)) AND
(`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql
GROUP BY `nurl`
ORDER BY `updated` DESC LIMIT %d, %d",
- DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
- DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
- DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)),
+ DBA::escape(Protocol::ACTIVITYPUB), DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
+ DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
$pager->getStart(), $pager->getItemsPerPage());
$j = new stdClass();
$j->total = $count[0]["total"];
'alt_text' => $alt_text,
'url' => Model\Contact::magicLink($jj->url),
'itemurl' => $itemurl,
- 'name' => htmlentities($jj->name),
+ 'name' => $jj->name,
'thumb' => ProxyUtils::proxifyUrl($jj->photo, false, ProxyUtils::SIZE_THUMB),
'img_hover' => $jj->tags,
'conntxt' => $conntxt,