protect_sprintf calls

author Adam Magness <adam.magness@gmail.com>

Thu, 8 Nov 2018 15:30:45 +0000 (10:30 -0500)

committer Adam Magness <adam.magness@gmail.com>

Thu, 8 Nov 2018 15:30:45 +0000 (10:30 -0500)
author Adam Magness <adam.magness@gmail.com>
Thu, 8 Nov 2018 15:30:45 +0000 (10:30 -0500)
committer Adam Magness <adam.magness@gmail.com>
Thu, 8 Nov 2018 15:30:45 +0000 (10:30 -0500)
diff --git a/mod/network.php b/mod/network.php

index e1c077b6c58d1a12ed995def836e17e7dfb11b34..ec87e4c87ed1697d6883d66c15818226f7c5a438 100644 (file)
--- a/mod/network.php
+++ b/mod/network.php
@@ -650,7 +650,7 @@ function networkThreadedView(App $a, $update, $parent)
  
                         $sql_post_table .= " INNER JOIN `item` AS `temp1` ON `temp1`.`id` = " . $sql_table . "." . $sql_parent;
                         $sql_extra3 .= " AND (`thread`.`contact-id` IN ($contact_str) ";
-                       $sql_extra3 .= " OR (`thread`.`contact-id` = '$contact_str_self' AND `temp1`.`allow_gid` LIKE '" . protect_sprintf('%<' . intval($gid) . '>%') . "' AND `temp1`.`private`))";
+                       $sql_extra3 .= " OR (`thread`.`contact-id` = '$contact_str_self' AND `temp1`.`allow_gid` LIKE '" . Strings::protectSprintf('%<' . intval($gid) . '>%') . "' AND `temp1`.`private`))";
                 } else {
                         $sql_extra3 .= " AND false ";
                         info(L10n::t('Group is empty'));
@@ -698,11 +698,11 @@ function networkThreadedView(App $a, $update, $parent)
         }
  
         if ($datequery) {
-               $sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created <= '%s' ",
+               $sql_extra3 .= Strings::protectSprintf(sprintf(" AND $sql_table.created <= '%s' ",
                                 DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
         }
         if ($datequery2) {
-               $sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created >= '%s' ",
+               $sql_extra3 .= Strings::protectSprintf(sprintf(" AND $sql_table.created >= '%s' ",
                                 DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
         }
  
diff --git a/mod/profile.php b/mod/profile.php

index d07631dced8c592512e8898364476eecd221530b..f520ef94b7f191bb63e5b8c26fa057e995ab3d35 100644 (file)
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -273,19 +273,19 @@ function profile_content(App $a, $update = 0)
  
                 if (!empty($category)) {
                         $sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
-                               DBA::escape(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid']));
+                               DBA::escape(Strings::protectSprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid']));
                 }
  
                 if (!empty($hashtags)) {
                         $sql_post_table .= sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
-                               DBA::escape(protect_sprintf($hashtags)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval($a->profile['profile_uid']));
+                               DBA::escape(Strings::protectSprintf($hashtags)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval($a->profile['profile_uid']));
                 }
  
                 if (!empty($datequery)) {
-                       $sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` <= '%s' ", DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
+                       $sql_extra2 .= Strings::protectSprintf(sprintf(" AND `thread`.`created` <= '%s' ", DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
                 }
                 if (!empty($datequery2)) {
-                       $sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` >= '%s' ", DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
+                       $sql_extra2 .= Strings::protectSprintf(sprintf(" AND `thread`.`created` >= '%s' ", DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
                 }
  
                 // Does the profile page belong to a forum?
diff --git a/src/Module/Contact.php b/src/Module/Contact.php

index 8600b115d6f0c1184bba57f0d9e386774dcda1d6..faf1ecad5ffa12f3a8da78aef7f0cd797161c928 100644 (file)
--- a/src/Module/Contact.php
+++ b/src/Module/Contact.php
@@ -766,7 +766,7 @@ class Contact extends BaseModule
                 if ($search) {
                         $searching = true;
                         $search_hdr = $search;
-                       $search_txt = DBA::escape(protect_sprintf(preg_quote($search)));
+                       $search_txt = DBA::escape(Strings::protectSprintf(preg_quote($search)));
                         $sql_extra .= " AND (name REGEXP '$search_txt' OR url REGEXP '$search_txt'  OR nick REGEXP '$search_txt') ";
                 }
  
diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php

index a6efeb76a2aba90462d1dea765b85ab48aff2c46..96ed32010edb9ed835e0d20db29d194bc4ae9466 100644 (file)
--- a/src/Protocol/DFRN.php
+++ b/src/Protocol/DFRN.php
@@ -241,7 +241,7 @@ class DFRN
                 if (isset($category)) {
                         $sql_post_table = sprintf(
                                 "INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
-                               DBA::escape(protect_sprintf($category)),
+                               DBA::escape(Strings::protectSprintf($category)),
                                 intval(TERM_OBJ_POST),
                                 intval(TERM_CATEGORY),
                                 intval($owner_id)
diff --git a/view/theme/frio/theme.php b/view/theme/frio/theme.php

index 411e14361108d68fbb92b07e189dfc05696bd152..6621fd554004146cbbce99d18dc82f3ffbfe4481 100644 (file)
--- a/view/theme/frio/theme.php
+++ b/view/theme/frio/theme.php
@@ -311,7 +311,7 @@ function frio_acl_lookup(App $a, &$results)
  
         $sql_extra = '';
         if ($results['search']) {
-               $search_txt = DBA::escape(protect_sprintf(preg_quote($results['search'])));
+               $search_txt = DBA::escape(Strings::protectSprintf(preg_quote($results['search'])));
                 $sql_extra .= " AND (`attag` LIKE '%%" . $search_txt . "%%' OR `name` LIKE '%%" . $search_txt . "%%' OR `nick` LIKE '%%" . $search_txt . "%%') ";
         }
author	Adam Magness <adam.magness@gmail.com>
	Thu, 8 Nov 2018 15:30:45 +0000 (10:30 -0500)
committer	Adam Magness <adam.magness@gmail.com>
	Thu, 8 Nov 2018 15:30:45 +0000 (10:30 -0500)
mod/network.php		patch \| blob \| history
mod/profile.php		patch \| blob \| history
src/Module/Contact.php		patch \| blob \| history
src/Protocol/DFRN.php		patch \| blob \| history
view/theme/frio/theme.php		patch \| blob \| history