X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fprofile_photo.php;h=567a7f3a2512b3e05c79edb68a57546637a47f76;hb=807ad145218ab6d4c57b6d200f4c89f63620502f;hp=65c4b6dc72db5ca30c5e3a5487f266f50b2e4d29;hpb=cfa68c52b9117616fa95a4639ad74e7d220d193d;p=friendica.git

diff --git a/mod/profile_photo.php b/mod/profile_photo.php
index 65c4b6dc72..567a7f3a25 100644
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -69,8 +69,8 @@ function profile_photo_post(App $a)
 		$srcW = $_POST['xfinal'] - $srcX;
 		$srcH = $_POST['yfinal'] - $srcY;
 
-		$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", dbesc($image_id),
-			dbesc(local_user()), intval($scale));
+		$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", DBA::escape($image_id),
+			DBA::escape(local_user()), intval($scale));
 
 		$url = System::baseUrl() . '/profile/' . $a->user['nickname'];
 		if (DBA::isResult($r)) {
@@ -109,12 +109,12 @@ function profile_photo_post(App $a)
 
 				if ($is_default_profile) {
 					$r = q("UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d",
-						dbesc($base_image['resource-id']), intval(local_user())
+						DBA::escape($base_image['resource-id']), intval(local_user())
 					);
 				} else {
 					$r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d",
-						dbesc(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-4.' . $Image->getExt()),
-						dbesc(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-5.' . $Image->getExt()),
+						DBA::escape(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-4.' . $Image->getExt()),
+						DBA::escape(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-5.' . $Image->getExt()),
 						intval($_REQUEST['profile']), intval(local_user())
 					);
 				}
@@ -191,7 +191,7 @@ function profile_photo_content(App $a)
 		$resource_id = $a->argv[2];
 		//die(":".local_user());
 		$r = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC", intval(local_user()),
-			dbesc($resource_id)
+			DBA::escape($resource_id)
 		);
 
 		if (!DBA::isResult($r)) {
@@ -212,7 +212,7 @@ function profile_photo_content(App $a)
 			$r = q("UPDATE `photo` SET `profile`=0 WHERE `profile`=1 AND `uid`=%d", intval(local_user()));
 
 			$r = q("UPDATE `photo` SET `profile`=1 WHERE `uid` = %d AND `resource-id` = '%s'", intval(local_user()),
-				dbesc($resource_id)
+				DBA::escape($resource_id)
 			);
 
 			Contact::updateSelfFromUserID(local_user(), true);