X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fprofile.php;h=a8a6ad3885d679a4bb40535c5df5191813655dd2;hb=6d16c39b7eff0eb4e7283e2b768a0608752f4b7b;hp=88de0227b6075a8192463a49746679564ed3efaa;hpb=869a4394661bf1399f44d3f745b0a15c3224d5b2;p=friendica.git

diff --git a/mod/profile.php b/mod/profile.php
index 88de0227b6..a8a6ad3885 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -10,7 +10,7 @@ function profile_init(&$a) {
 		$a->page['aside'] = '';
 
 	if($a->argc > 1)
-		$which = $a->argv[1];
+		$which = htmlspecialchars($a->argv[1]);
 	else {
 		$r = q("select nickname from user where blocked = 0 and account_expired = 0 and account_removed = 0 and verified = 1 order by rand() limit 1");
 		if(count($r)) {
@@ -27,7 +27,7 @@ function profile_init(&$a) {
 	$profile = 0;
 	if((local_user()) && ($a->argc > 2) && ($a->argv[2] === 'view')) {
 		$which = $a->user['nickname'];
-		$profile = $a->argv[1];
+		$profile = htmlspecialchars($a->argv[1]);
 	}
 	else {
 		auto_redir($a, $which);
@@ -298,18 +298,14 @@ function profile_content(&$a, $update = 0) {
 	$parents_arr = array();
 	$parents_str = '';
 
-	if(count($r)) {
+	if (dbm::is_result($r)) {
 		foreach($r as $rr)
 			$parents_arr[] = $rr['item_id'];
 		$parents_str = implode(', ', $parents_arr);
 
-		$items = q("SELECT %s, %s FROM `item`
-			INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND %s
-			WHERE %s AND `item`.`uid` = %d
+		$items = q(item_query()." AND `item`.`uid` = %d
 			AND `item`.`parent` IN (%s)
 			$sql_extra ",
-			item_fieldlist(), contact_fieldlist(),
-			contact_condition(), item_condition(),
 			intval($a->profile['profile_uid']),
 			dbesc($parents_str)
 		);