slight improvement in a couple of queries

diff --git a/boot.php b/boot.php
index d44d2bddc2126aed14d7bede6569f00a261bce41..e98bfea9dea8f8f1cb5981364fbdf43274039559 100644 (file)
--- a/boot.php
+++ b/boot.php
@@ -29,6 +29,12 @@ define ( 'ATOM_TIME',              'Y-m-d\TH:i:s\Z' );
 
 define ( 'JPEG_QUALITY',            100  );
 
+/**
+ * Not yet used
+ */
+
+define ( 'DEFAULT_DB_ENGINE',  'MyISAM'  );
+
 /**
  * SSL redirection policies
  */

diff --git a/include/text.php b/include/text.php
index 1b5b0afd44e0b589eeb00e0c38db2107b1f628b4..e3c6833387858986c07f52c762933c8a965db92e 100644 (file)
--- a/include/text.php
+++ b/include/text.php
@@ -1524,3 +1524,9 @@ function fix_mce_lf($s) {
        $s = str_replace("\n\n","\n",$s);
        return $s;
 }
+
+
+function protect_sprintf($s) {
+       return(str_replace('%','%%',$s));
+}
+

diff --git a/mod/network.php b/mod/network.php
index 5655f1bfa7f544f141aaff66d36e38075c19e51d..e59839ccc1ea615e2b1e11af66d8fd3e651191fd 100644 (file)
--- a/mod/network.php
+++ b/mod/network.php
@@ -340,7 +340,7 @@ function network_content(&$a, $update = 0) {
                                info( t('Group is empty'));
                }
 
-               $sql_extra = " AND `item`.`parent` IN ( SELECT DISTINCT(`parent`) FROM `item` WHERE 1 $sql_options AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` REGEXP '<" . intval($group) . ">' ) and deleted = 0 ) ";
+               $sql_extra = " AND `item`.`parent` IN ( SELECT DISTINCT(`parent`) FROM `item` WHERE 1 $sql_options AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` like '" . protect_sprintf('%<' . intval($group) . '>%') . "' ) and deleted = 0 ) ";
                $o = '<h2>' . t('Group: ') . $r[0]['name'] . '</h2>' . $o;
        }
        elseif($cid) {
@@ -398,9 +398,9 @@ function network_content(&$a, $update = 0) {
 
        if(x($_GET,'search')) {
                $search = escape_tags($_GET['search']);
-               $sql_extra .= sprintf(" AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' ) ",
-                       dbesc(preg_quote($search)),
-                       dbesc('\\]' . preg_quote($search) . '\\[')
+               $sql_extra .= sprintf(" AND ( `item`.`body` like '%s' OR `item`.`tag` like '%s' ) ",
+                       dbesc(protect_sprintf('%' . $search . '%')),
+                       dbesc(protect_sprintf('%]' . $search . '[%'))
                );
        }
        if(strlen($file)) {
@@ -412,10 +412,10 @@ function network_content(&$a, $update = 0) {
                $myurl = substr($myurl,strpos($myurl,'://')+3);
                $myurl = str_replace(array('www.','.'),array('','\\.'),$myurl);
                $diasp_url = str_replace('/profile/','/u/',$myurl);
-               $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` regexp '%s' or `tag` regexp '%s' or tag regexp '%s' )) ",
-                       dbesc($myurl . '$'),
-                       dbesc($myurl . '\\]'),
-                       dbesc($diasp_url . '\\]')
+               $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ",
+                       dbesc(protect_sprintf('%s' . $myurl)),
+                       dbesc(protect_sprintf('%' . $myurl . '\\]%')),
+                       dbesc(protect_sprintf('%' . $diasp_url . '\\]%'))
                );
        }