$a->page['aside'] = '';
if($a->argc > 1)
- $which = $a->argv[1];
+ $which = htmlspecialchars($a->argv[1]);
else {
$r = q("select nickname from user where blocked = 0 and account_expired = 0 and account_removed = 0 and verified = 1 order by rand() limit 1");
if(count($r)) {
$profile = 0;
if((local_user()) && ($a->argc > 2) && ($a->argv[2] === 'view')) {
$which = $a->user['nickname'];
- $profile = $a->argv[1];
+ $profile = htmlspecialchars($a->argv[1]);
}
else {
auto_redir($a, $which);
$parents_arr = array();
$parents_str = '';
- if(count($r)) {
+ if (dbm::is_result($r)) {
foreach($r as $rr)
$parents_arr[] = $rr['item_id'];
$parents_str = implode(', ', $parents_arr);
- $items = q("SELECT %s, %s FROM `item`
- INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND %s
- WHERE %s AND `item`.`uid` = %d
+ $items = q(item_query()." AND `item`.`uid` = %d
AND `item`.`parent` IN (%s)
$sql_extra ",
- item_fieldlist(), contact_fieldlist(),
- contact_condition(), item_condition(),
intval($a->profile['profile_uid']),
dbesc($parents_str)
);