dbstructure now switches in the maintenance mode when updating

[friendica.git] / mod / profile.php

diff --git a/mod/profile.php b/mod/profile.php
index 88de0227b6075a8192463a49746679564ed3efaa..a8a6ad3885d679a4bb40535c5df5191813655dd2 100644 (file)
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -10,7 +10,7 @@ function profile_init(&$a) {
                $a->page['aside'] = '';
 
        if($a->argc > 1)
-               $which = $a->argv[1];
+               $which = htmlspecialchars($a->argv[1]);
        else {
                $r = q("select nickname from user where blocked = 0 and account_expired = 0 and account_removed = 0 and verified = 1 order by rand() limit 1");
                if(count($r)) {
@@ -27,7 +27,7 @@ function profile_init(&$a) {
        $profile = 0;
        if((local_user()) && ($a->argc > 2) && ($a->argv[2] === 'view')) {
                $which = $a->user['nickname'];
-               $profile = $a->argv[1];
+               $profile = htmlspecialchars($a->argv[1]);
        }
        else {
                auto_redir($a, $which);
@@ -298,18 +298,14 @@ function profile_content(&$a, $update = 0) {
        $parents_arr = array();
        $parents_str = '';
 
-       if(count($r)) {
+       if (dbm::is_result($r)) {
                foreach($r as $rr)
                        $parents_arr[] = $rr['item_id'];
                $parents_str = implode(', ', $parents_arr);
 
-               $items = q("SELECT %s, %s FROM `item`
-                       INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND %s
-                       WHERE %s AND `item`.`uid` = %d
+               $items = q(item_query()." AND `item`.`uid` = %d
                        AND `item`.`parent` IN (%s)
                        $sql_extra ",
-                       item_fieldlist(), contact_fieldlist(),
-                       contact_condition(), item_condition(),
                        intval($a->profile['profile_uid']),
                        dbesc($parents_str)
                );