$hostname = $a->get_hostname();
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
- dbesc(NETWORK_DIASPORA2)
+ DBA::escape(NETWORK_DIASPORA2)
);
if(! count($qi))
return;
if (strlen($search)) {
$sql_extra = " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`,"
. "`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` )"
- . " AGAINST ('" . dbesc($search) . "' IN BOOLEAN MODE) ";
+ . " AGAINST ('" . DBA::escape($search) . "' IN BOOLEAN MODE) ";
}
$publish = Config::get('system', 'publish_all') ? '' : " AND `publish` = 1 ";
* Version: 1.1
* Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus>
*/
+
+use Friendica\App;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
+use Friendica\Database\DBA;
/**
* Installs the addon hook
logger("unregistered gravatar in avatar_lookup hook");
}
-function gravatar_load_config(\Friendica\App $a)
+function gravatar_load_config(App $a)
{
$a->loadConfigFile(__DIR__. '/config/gravatar.ini.php');
}
// Check if Libravatar is enabled and show warning
$r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1",
- dbesc('libravatar')
+ DBA::escape('libravatar')
);
if (count($r)) {
$o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Libravatar addon is installed, too. Please disable Libravatar addon or this Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>';
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\PConfig;
+use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Util\Network;
$role = $_REQUEST["role"];
if ($role == "pub") {
- $r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", dbesc($dfrn_id));
+ $r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
if (!count($r)) {
killme();
}
$decrypt_func = openssl_public_decrypt;
$key = $r[0]["pubkey"];
} else if ($role == "prv") {
- $r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", dbesc($dfrn_id));
+ $r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
if (!count($r)) {
killme();
}
$key = $row['k'];
$pos = strpos($key, ":");
$dfrn_id = substr($key, $pos + 1);
- $r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", dbesc($dfrn_id), dbesc($dfrn_id));
+ $r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
if (count($r))
$name = $r[0]["name"];
// for each user, go through list of contacts
$contacts = q("SELECT * FROM `contact` WHERE `uid`=%d AND ((LENGTH(`dfrn-id`) AND LENGTH(`pubkey`)) OR (LENGTH(`issued-id`) AND LENGTH(`prvkey`))) AND `network` = '%s'",
- intval($uid), dbesc(NETWORK_DFRN));
+ intval($uid), DBA::escape(NETWORK_DFRN));
foreach ($contacts as $contact_row) {
$request = $contact_row["request"];
if (!$request) {
* Version: 1.1
* Author: Klaus Weidenbach <http://friendica.dszdw.net/profile/klaus>
*/
+
+use Friendica\App;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
+use Friendica\Database\DBA;
/**
* Installs the addon hook
logger("unregistered libravatar in avatar_lookup hook");
}
-function libravatar_load_config(\Friendica\App $a)
+function libravatar_load_config(App $a)
{
$a->loadConfigFile(__DIR__. '/config/libravatar.ini.php');
}
// Libravatar falls back to gravatar, so show warning about gravatar addon if enabled
$r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1",
- dbesc('gravatar')
+ DBA::escape('gravatar')
);
if (count($r)) {
$o = '<h5>' .L10n::t('Information') .'</h5><p>' .L10n::t('Gravatar addon is installed. Please disable the Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') .'</p><br><br>';
$message_id = mailstream_generate_id($a, $item['uri']);
q("INSERT INTO `mailstream_item` (`uid`, `contact-id`, `uri`, `message-id`) " .
"VALUES (%d, '%s', '%s', '%s')", intval($item['uid']),
- intval($item['contact-id']), dbesc($item['uri']), dbesc($message_id));
- $r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), dbesc($item['uri']));
+ intval($item['contact-id']), DBA::escape($item['uri']), DBA::escape($message_id));
+ $r = q('SELECT * FROM `mailstream_item` WHERE `uid` = %d AND `contact-id` = %d AND `uri` = "%s"', intval($item['uid']), intval($item['contact-id']), DBA::escape($item['uri']));
if (count($r) != 1) {
logger('mailstream_post_remote_hook: Unexpected number of items returned from mailstream_item', LOGGER_NORMAL);
return;
// In case of failure, still set the item to completed. Otherwise
// we'll just try to send it over and over again and it'll fail
// every time.
- q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', dbesc($message_id));
+ q('UPDATE `mailstream_item` SET `completed` = now() WHERE `message-id` = "%s"', DBA::escape($message_id));
}
/**
$r = q("SELECT * FROM `user` WHERE `account_expires_on` < UTC_TIMESTAMP() + INTERVAL 5 DAY AND
`account_expires_on` > '%s' AND
`expire_notification_sent` <= '%s'",
- dbesc(NULL_DATE), dbesc(NULL_DATE));
+ DBA::escape(NULL_DATE), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) {
foreach ($r as $rr) {
$nologin = Config::get('public_server', 'nologin', false);
if ($nologin) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` <= '%s' AND `register_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s'",
- dbesc(NULL_DATE), intval($nologin), dbesc(NULL_DATE));
+ DBA::escape(NULL_DATE), intval($nologin), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) {
foreach ($r as $rr) {
$fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')];
$flagusers = Config::get('public_server', 'flagusers', false);
if ($flagusers) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' AND `page-flags` = 0",
- intval($flagusers), dbesc(NULL_DATE));
+ intval($flagusers), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) {
foreach ($r as $rr) {
$fields = ['account_expires_on' => DateTimeFormat::utc('now +6 days')];
$flagpostsexpire = Config::get('public_server', 'flagpostsexpire');
if ($flagposts && $flagpostsexpire) {
$r = q("SELECT `uid` FROM `user` WHERE NOT `account_expired` AND `login_date` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `account_expires_on` <= '%s' and `expire` = 0 AND `page-flags` = 0",
- intval($flagposts), dbesc(NULL_DATE));
+ intval($flagposts), DBA::escape(NULL_DATE));
if (DBA::isResult($r)) {
foreach ($r as $rr) {
DBA::update('user', ['expire' => $flagpostsexpire], ['uid' => $rr['uid']]);
$contactid = $self[0]['id'];
} else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
- dbesc(normalise_link($post->actor->url)),
+ DBA::escape(normalise_link($post->actor->url)),
intval($uid)
);
$post->actor->image->url = $self[0]['photo'];
} else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
- dbesc(normalise_link($post->actor->url)),
+ DBA::escape(normalise_link($post->actor->url)),
intval($uid)
);
}
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1",
- intval($uid), dbesc(normalise_link($contact->url)));
+ intval($uid), DBA::escape(normalise_link($contact->url)));
if (!DBA::isResult($r)) {
// create contact record
`location`, `about`, `writable`, `blocked`, `readonly`, `pending` )
VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0)",
intval($uid),
- dbesc(DateTimeFormat::utcNow()),
- dbesc($contact->url),
- dbesc(normalise_link($contact->url)),
- dbesc(str_replace("acct:", "", $contact->id)),
- dbesc(''),
- dbesc($contact->id), // What is it for?
- dbesc('pump.io ' . $contact->id), // What is it for?
- dbesc($contact->displayName),
- dbesc($contact->preferredUsername),
- dbesc($contact->image->url),
- dbesc(NETWORK_PUMPIO),
+ DBA::escape(DateTimeFormat::utcNow()),
+ DBA::escape($contact->url),
+ DBA::escape(normalise_link($contact->url)),
+ DBA::escape(str_replace("acct:", "", $contact->id)),
+ DBA::escape(''),
+ DBA::escape($contact->id), // What is it for?
+ DBA::escape('pump.io ' . $contact->id), // What is it for?
+ DBA::escape($contact->displayName),
+ DBA::escape($contact->preferredUsername),
+ DBA::escape($contact->image->url),
+ DBA::escape(NETWORK_PUMPIO),
intval(CONTACT_IS_FRIEND),
intval(1),
- dbesc($contact->location->displayName),
- dbesc($contact->summary),
+ DBA::escape($contact->location->displayName),
+ DBA::escape($contact->summary),
intval(1)
);
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1",
- dbesc(normalise_link($contact->url)),
+ DBA::escape(normalise_link($contact->url)),
intval($uid)
);
} elseif ($contact_id == 0) {
// Take an existing contact, the contact of the note or - as a fallback - the id of the user
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
- dbesc(normalise_link($post->actor->url)),
+ DBA::escape(normalise_link($post->actor->url)),
intval($uid)
);
$contact_id = $r[0]['id'];
} else {
$r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
- dbesc(normalise_link($post->actor->url)),
+ DBA::escape(normalise_link($post->actor->url)),
intval($uid)
);
INNER JOIN `item` ON `item`.`id` = `thread`.`iid`
WHERE `thread`.`network` = '%s' AND `thread`.`uid` = %d AND `item`.`extid` != ''
ORDER BY `thread`.`commented` DESC LIMIT 10",
- dbesc(NETWORK_PUMPIO),
+ DBA::escape(NETWORK_PUMPIO),
intval($uid)
);
function pumpio_queue_hook(App $a, array &$b)
{
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
- dbesc(NETWORK_PUMPIO)
+ DBA::escape(NETWORK_PUMPIO)
);
if (!DBA::isResult($qi)) {
$r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
intval($cid),
intval($b["uid"]),
- dbesc(NETWORK_PUMPIO)
+ DBA::escape(NETWORK_PUMPIO)
);
if (DBA::isResult($r)) {
"FROM `group_member`, `contact` WHERE `group_member`.`gid` = %d ".
"AND `contact`.`id` = `group_member`.`contact-id` AND `contact`.`network` = '%s'",
intval($gid),
- dbesc(NETWORK_PUMPIO)
+ DBA::escape(NETWORK_PUMPIO)
);
foreach ($r AS $row)
$r = q("SELECT `name`, `nick`, `url` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `network` = '%s' AND `blocked` = 0 AND `readonly` = 0 LIMIT 1",
intval($cid),
intval($b["uid"]),
- dbesc(NETWORK_PUMPIO)
+ DBA::escape(NETWORK_PUMPIO)
);
if (DBA::isResult($r)) {
* Author: Zach <https://f.shmuz.in/profile/techcity>
*
*/
+
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\PConfig;
+use Friendica\Database\DBA;
function remote_permissions_install() {
Addon::registerHook('lockview_content', 'addon/remote_permissions/remote_permissions.php', 'remote_permissions_content');
// The contact lives here. Get his/her user info
$nick = $r[0]['nick'];
$r = q("SELECT uid FROM user WHERE nickname = '%s' LIMIT 1",
- dbesc($nick)
+ DBA::escape($nick)
);
if(! $r)
return;
if($item_copy['uri'] === $item_copy['parent-uri']) {
// Lockview for a top-level post
$r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s' AND type = 'wall' LIMIT 1",
- dbesc($item_copy['uri'])
+ DBA::escape($item_copy['uri'])
);
}
else {
// Lockview for a comment
$r = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid FROM item WHERE uri = '%s'
AND parent = ( SELECT id FROM item WHERE uri = '%s' AND type = 'wall' ) LIMIT 1",
- dbesc($item_copy['uri']),
- dbesc($item_copy['parent-uri'])
+ DBA::escape($item_copy['uri']),
+ DBA::escape($item_copy['parent-uri'])
);
}
if($r) {
if(count($allowed_groups)) {
$r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )",
- dbesc(implode(', ', $allowed_groups))
+ DBA::escape(implode(', ', $allowed_groups))
);
foreach($r as $rr)
$allow[] = $rr['contact-id'];
if(count($deny_groups)) {
$r = q("SELECT DISTINCT `contact-id` FROM group_member WHERE gid IN ( %s )",
- dbesc(implode(', ', $deny_groups))
+ DBA::escape(implode(', ', $deny_groups))
);
foreach($r as $rr)
$deny[] = $rr['contact-id'];
if($allow)
{
$r = q("SELECT name FROM contact WHERE id IN ( %s )",
- dbesc(implode(', ', array_diff($allow, $deny)))
+ DBA::escape(implode(', ', array_diff($allow, $deny)))
);
foreach($r as $rr)
$allow_names[] = $rr['name'];
// will have different URIs than the original. We can match the GUID for
// those
$r = q("SELECT `uid` FROM item WHERE uri = '%s' OR guid = '%s'",
- dbesc($item_copy['uri']),
- dbesc($item_copy['guid'])
+ DBA::escape($item_copy['uri']),
+ DBA::escape($item_copy['guid'])
);
if(! $r)
return;
$allow[] = $rr['uid'];
$r = q("SELECT username FROM user WHERE uid IN ( %s )",
- dbesc(implode(', ', $allow))
+ DBA::escape(implode(', ', $allow))
);
if(! $r)
return;
"location" => $contact->location, "about" => $contact->description,
"addr" => statusnet_address($contact), "generation" => 3]);
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), dbesc(normalise_link($contact->statusnet_profile_url)), dbesc(NETWORK_STATUSNET));
+ $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' AND `network` = '%s'LIMIT 1", intval($uid), DBA::escape(normalise_link($contact->statusnet_profile_url)), DBA::escape(NETWORK_STATUSNET));
if (!DBA::isResult($r) && !$create_user) {
return 0;
`location`, `about`, `writable`, `blocked`, `readonly`, `pending` )
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0, 0, 0 ) ",
intval($uid),
- dbesc(DateTimeFormat::utcNow()),
- dbesc($contact->statusnet_profile_url),
- dbesc(normalise_link($contact->statusnet_profile_url)),
- dbesc(statusnet_address($contact)),
- dbesc(normalise_link($contact->statusnet_profile_url)),
- dbesc(''),
- dbesc(''),
- dbesc($contact->name),
- dbesc($contact->screen_name),
- dbesc($contact->profile_image_url),
- dbesc(NETWORK_STATUSNET),
+ DBA::escape(DateTimeFormat::utcNow()),
+ DBA::escape($contact->statusnet_profile_url),
+ DBA::escape(normalise_link($contact->statusnet_profile_url)),
+ DBA::escape(statusnet_address($contact)),
+ DBA::escape(normalise_link($contact->statusnet_profile_url)),
+ DBA::escape(''),
+ DBA::escape(''),
+ DBA::escape($contact->name),
+ DBA::escape($contact->screen_name),
+ DBA::escape($contact->profile_image_url),
+ DBA::escape(NETWORK_STATUSNET),
intval(CONTACT_IS_FRIEND),
intval(1),
- dbesc($contact->location),
- dbesc($contact->description),
+ DBA::escape($contact->location),
+ DBA::escape($contact->description),
intval(1)
);
$r = q("SELECT * FROM `contact` WHERE `alias` = '%s' AND `uid` = %d AND `network` = '%s' LIMIT 1",
- dbesc($contact->statusnet_profile_url),
+ DBA::escape($contact->statusnet_profile_url),
intval($uid),
- dbesc(NETWORK_STATUSNET));
+ DBA::escape(NETWORK_STATUSNET));
if (!DBA::isResult($r)) {
return false;
`micro` = '%s',
`avatar-date` = '%s'
WHERE `id` = %d",
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- dbesc(DateTimeFormat::utcNow()),
+ DBA::escape($photos[0]),
+ DBA::escape($photos[1]),
+ DBA::escape($photos[2]),
+ DBA::escape(DateTimeFormat::utcNow()),
intval($contact_id)
);
} else {
`location` = '%s',
`about` = '%s'
WHERE `id` = %d",
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- dbesc(DateTimeFormat::utcNow()),
- dbesc(DateTimeFormat::utcNow()),
- dbesc(DateTimeFormat::utcNow()),
- dbesc($contact->statusnet_profile_url),
- dbesc(normalise_link($contact->statusnet_profile_url)),
- dbesc(statusnet_address($contact)),
- dbesc($contact->name),
- dbesc($contact->screen_name),
- dbesc($contact->location),
- dbesc($contact->description),
+ DBA::escape($photos[0]),
+ DBA::escape($photos[1]),
+ DBA::escape($photos[2]),
+ DBA::escape(DateTimeFormat::utcNow()),
+ DBA::escape(DateTimeFormat::utcNow()),
+ DBA::escape(DateTimeFormat::utcNow()),
+ DBA::escape($contact->statusnet_profile_url),
+ DBA::escape(normalise_link($contact->statusnet_profile_url)),
+ DBA::escape(statusnet_address($contact)),
+ DBA::escape($contact->name),
+ DBA::escape($contact->screen_name),
+ DBA::escape($contact->location),
+ DBA::escape($contact->description),
intval($r[0]['id'])
);
}
$contact_id = statusnet_fetch_contact($uid, $user, true);
} else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
- intval($uid), dbesc($own_url));
+ intval($uid), DBA::escape($own_url));
if (DBA::isResult($r)) {
$contact_id = $r[0]["id"];
} else {
* Author: Mike Macgirvin <http://macgirvin.com/profile/mike>
*/
+use Friendica\App;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
+use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Util\DateTimeFormat;
}
-function testdrive_load_config(\Friendica\App $a)
+function testdrive_load_config(App $a)
{
$a->loadConfigFile(__DIR__. '/config/testdrive.ini.php');
}
return;
$r = q("UPDATE user set account_expires_on = '%s' where uid = %d",
- dbesc(DateTimeFormat::convert('now +' . $days . ' days')),
+ DBA::escape(DateTimeFormat::convert('now +' . $days . ' days')),
intval($uid)
);
]);
q("update user set expire_notification_sent = '%s' where uid = %d",
- dbesc(DateTimeFormat::utcNow()),
+ DBA::escape(DateTimeFormat::utcNow()),
intval($rr['uid'])
);
$own_user = q("SELECT `url` FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
intval($notification_data["uid"]),
- dbesc("twitter::".$own_id)
+ DBA::escape("twitter::".$own_id)
);
if ($own_user) {
$r = q("SELECT name,nick,url,addr,batch,notify,poll,request,confirm,poco,photo,priority,network,alias,pubkey
FROM `contact` WHERE `uid` = %d AND `nick` = '%s'",
intval($uid),
- dbesc($nickname));
+ DBA::escape($nickname));
if (DBA::isResult($r)) {
$contact["contact"] = $r[0];
}
function twitter_queue_hook(App $a, &$b)
{
$qi = q("SELECT * FROM `queue` WHERE `network` = '%s'",
- dbesc(NETWORK_TWITTER)
+ DBA::escape(NETWORK_TWITTER)
);
if (!DBA::isResult($qi)) {
return;
} else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `alias` = '%s' LIMIT 1",
intval($uid),
- dbesc("twitter::" . $own_id));
+ DBA::escape("twitter::" . $own_id));
if (DBA::isResult($r)) {
$contact_id = $r[0]["id"];
} else {
// count likes
$r = q( $baseq . "AND `item`.`verb` = 'http://activitystrea.ms/schema/1.0/like'",
intval($conf['uid']),
- dbesc($args[0])
+ DBA::escape($args[0])
);
$likes = $r[0]['c'];
$iid = $r[0]['id'];
// count dislikes
$r = q( $baseq . "AND `item`.`verb` = 'http://purl.org/macgirvin/dfrn/1.0/dislike'",
intval($conf['uid']),
- dbesc($args[0])
+ DBA::escape($args[0])
);
$dislikes = $r[0]['c'];
* Version: 1.0
* Author: Fabio Comuni <http://kirgroup.com/profile/fabrix/>
*/
+
use Friendica\Core\Addon;
use Friendica\Core\L10n;
use Friendica\Core\PConfig;
+use Friendica\Database\DBA;
function widgets_install() {
Addon::registerHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings');
Addon::registerHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post');
logger("installed widgets");
}
+
function widgets_uninstall() {
Addon::unregisterHook('addon_settings', 'addon/widgets/widgets.php', 'widgets_settings');
Addon::unregisterHook('addon_settings_post', 'addon/widgets/widgets.php', 'widgets_settings_post');
}
-
function widgets_settings_post(){
if(! local_user())
return;
}
$r = q("SELECT * FROM pconfig WHERE uid IN (SELECT uid FROM pconfig WHERE v='%s')AND cat='widgets'",
- dbesc($_GET['k'])
+ DBA::escape($_GET['k'])
);
if (!count($r)){
if($a->argv[2]=="cb"){header('HTTP/1.0 400 Bad Request'); killme();}
projects / friendica-addons.git / commitdiff