Merge pull request #6365 from MrPetovan/bug/6363-unescape-prev-next-link

[friendica.git] / view / theme / frio / theme.php

diff --git a/view/theme/frio/theme.php b/view/theme/frio/theme.php
index c7d38baeb970edae0b865533fe8cae449d52e2a3..a61810f99e4196b9387ab5be4c9852d8a866ea43 100644 (file)
--- a/view/theme/frio/theme.php
+++ b/view/theme/frio/theme.php
@@ -20,6 +20,7 @@ use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\Model;
 use Friendica\Module;
+use Friendica\Util\Strings;
 
 $frio = 'view/theme/frio';
 
@@ -300,7 +301,7 @@ function frio_remote_nav($a, &$nav)
  */
 function frio_acl_lookup(App $a, &$results)
 {
-       $nets = x($_GET, 'nets') ? notags(trim($_GET['nets'])) : '';
+       $nets = !empty($_GET['nets']) ? Strings::escapeTags(trim($_GET['nets'])) : '';
 
        // we introduce a new search type, r should do the same query like it's
        // done in /src/Module/Contact.php for connections
@@ -310,7 +311,7 @@ function frio_acl_lookup(App $a, &$results)
 
        $sql_extra = '';
        if ($results['search']) {
-               $search_txt = DBA::escape(protect_sprintf(preg_quote($results['search'])));
+               $search_txt = DBA::escape(Strings::protectSprintf(preg_quote($results['search'])));
                $sql_extra .= " AND (`attag` LIKE '%%" . $search_txt . "%%' OR `name` LIKE '%%" . $search_txt . "%%' OR `nick` LIKE '%%" . $search_txt . "%%') ";
        }