Rename dbesc to DBA::escape

author Hypolite Petovan <mrpetovan@gmail.com>

Sat, 21 Jul 2018 13:10:13 +0000 (09:10 -0400)

committer Hypolite Petovan <hypolite@mrpetovan.com>

Mon, 23 Jul 2018 19:30:54 +0000 (15:30 -0400)
author Hypolite Petovan <mrpetovan@gmail.com>
Sat, 21 Jul 2018 13:10:13 +0000 (09:10 -0400)
committer Hypolite Petovan <hypolite@mrpetovan.com>
Mon, 23 Jul 2018 19:30:54 +0000 (15:30 -0400)
diff --git a/include/api.php b/include/api.php

index 486805f9724319e33c7f8bd980e94e1334afc13f..35e2c480ccb0e49a41d04692823302cc0da82441 100644 (file)
--- a/include/api.php
+++ b/include/api.php
@@ -525,7 +525,7 @@ function api_get_user(App $a, $contact_id = null)
  
         // Searching for contact URL
         if (!is_null($contact_id) && (intval($contact_id) == 0)) {
-               $user = dbesc(normalise_link($contact_id));
+               $user = DBA::escape(normalise_link($contact_id));
                 $url = $user;
                 $extra_query = "AND `contact`.`nurl` = '%s' ";
                 if (api_user() !== false) {
@@ -535,7 +535,7 @@ function api_get_user(App $a, $contact_id = null)
  
         // Searching for contact id with uid = 0
         if (!is_null($contact_id) && (intval($contact_id) != 0)) {
-               $user = dbesc(api_unique_id_to_nurl(intval($contact_id)));
+               $user = DBA::escape(api_unique_id_to_nurl(intval($contact_id)));
  
                 if ($user == "") {
                         throw new BadRequestException("User ID ".$contact_id." not found.");
@@ -549,7 +549,7 @@ function api_get_user(App $a, $contact_id = null)
         }
  
         if (is_null($user) && x($_GET, 'user_id')) {
-               $user = dbesc(api_unique_id_to_nurl($_GET['user_id']));
+               $user = DBA::escape(api_unique_id_to_nurl($_GET['user_id']));
  
                 if ($user == "") {
                         throw new BadRequestException("User ID ".$_GET['user_id']." not found.");
@@ -562,7 +562,7 @@ function api_get_user(App $a, $contact_id = null)
                 }
         }
         if (is_null($user) && x($_GET, 'screen_name')) {
-               $user = dbesc($_GET['screen_name']);
+               $user = DBA::escape($_GET['screen_name']);
                 $extra_query = "AND `contact`.`nick` = '%s' ";
                 if (api_user() !== false) {
                         $extra_query .= "AND `contact`.`uid`=".intval(api_user());
@@ -570,7 +570,7 @@ function api_get_user(App $a, $contact_id = null)
         }
  
         if (is_null($user) && x($_GET, 'profileurl')) {
-               $user = dbesc(normalise_link($_GET['profileurl']));
+               $user = DBA::escape(normalise_link($_GET['profileurl']));
                 $extra_query = "AND `contact`.`nurl` = '%s' ";
                 if (api_user() !== false) {
                         $extra_query .= "AND `contact`.`uid`=".intval(api_user());
@@ -584,7 +584,7 @@ function api_get_user(App $a, $contact_id = null)
                         list($user, $null) = explode(".", $a->argv[$argid]);
                 }
                 if (is_numeric($user)) {
-                       $user = dbesc(api_unique_id_to_nurl(intval($user)));
+                       $user = DBA::escape(api_unique_id_to_nurl(intval($user)));
  
                         if ($user != "") {
                                 $url = $user;
@@ -594,7 +594,7 @@ function api_get_user(App $a, $contact_id = null)
                                 }
                         }
                 } else {
-                       $user = dbesc($user);
+                       $user = DBA::escape($user);
                         $extra_query = "AND `contact`.`nick` = '%s' ";
                         if (api_user() !== false) {
                                 $extra_query .= "AND `contact`.`uid`=" . intval(api_user());
@@ -634,7 +634,7 @@ function api_get_user(App $a, $contact_id = null)
                 $r = [];
  
                 if ($url != "") {
-                       $r = q("SELECT * FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s' LIMIT 1", dbesc(normalise_link($url)));
+                       $r = q("SELECT * FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s' LIMIT 1", DBA::escape(normalise_link($url)));
                 }
  
                 if (DBA::isResult($r)) {
@@ -1437,10 +1437,10 @@ function api_users_search($type)
         $userlist = [];
  
         if (x($_GET, 'q')) {
-               $r = q("SELECT id FROM `contact` WHERE `uid` = 0 AND `name` = '%s'", dbesc($_GET["q"]));
+               $r = q("SELECT id FROM `contact` WHERE `uid` = 0 AND `name` = '%s'", DBA::escape($_GET["q"]));
  
                 if (!DBA::isResult($r)) {
-                       $r = q("SELECT `id` FROM `contact` WHERE `uid` = 0 AND `nick` = '%s'", dbesc($_GET["q"]));
+                       $r = q("SELECT `id` FROM `contact` WHERE `uid` = 0 AND `nick` = '%s'", DBA::escape($_GET["q"]));
                 }
  
                 if (DBA::isResult($r)) {
@@ -3482,7 +3482,7 @@ function api_direct_messages_new($type)
                 $r = q(
                         "SELECT `id`, `nurl`, `network` FROM `contact` WHERE `uid`=%d AND `nick`='%s'",
                         intval(api_user()),
-                       dbesc($_POST['screen_name'])
+                       DBA::escape($_POST['screen_name'])
                 );
  
                 if (DBA::isResult($r)) {
@@ -3579,7 +3579,7 @@ function api_direct_messages_destroy($type)
         }
  
         // add parent-uri to sql command if specified by calling app
-       $sql_extra = ($parenturi != "" ? " AND `parent-uri` = '" . dbesc($parenturi) . "'" : "");
+       $sql_extra = ($parenturi != "" ? " AND `parent-uri` = '" . DBA::escape($parenturi) . "'" : "");
  
         // get data of the specified message id
         $r = q(
@@ -3668,13 +3668,13 @@ function api_direct_messages_box($type, $box, $verbose)
  
         // filters
         if ($box=="sentbox") {
-               $sql_extra = "`mail`.`from-url`='" . dbesc($profile_url) . "'";
+               $sql_extra = "`mail`.`from-url`='" . DBA::escape($profile_url) . "'";
         } elseif ($box == "conversation") {
-               $sql_extra = "`mail`.`parent-uri`='" . dbesc(defaults($_GET, 'uri', ''))  . "'";
+               $sql_extra = "`mail`.`parent-uri`='" . DBA::escape(defaults($_GET, 'uri', ''))  . "'";
         } elseif ($box == "all") {
                 $sql_extra = "true";
         } elseif ($box == "inbox") {
-               $sql_extra = "`mail`.`from-url`!='" . dbesc($profile_url) . "'";
+               $sql_extra = "`mail`.`from-url`!='" . DBA::escape($profile_url) . "'";
         }
  
         if ($max_id > 0) {
@@ -3684,7 +3684,7 @@ function api_direct_messages_box($type, $box, $verbose)
         if ($user_id != "") {
                 $sql_extra .= ' AND `mail`.`contact-id` = ' . intval($user_id);
         } elseif ($screen_name !="") {
-               $sql_extra .= " AND `contact`.`nick` = '" . dbesc($screen_name). "'";
+               $sql_extra .= " AND `contact`.`nick` = '" . DBA::escape($screen_name). "'";
         }
  
         $r = q(
@@ -3847,7 +3847,7 @@ function api_fr_photoalbum_delete($type)
         $r = q(
                 "SELECT DISTINCT `resource-id` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
                 intval(api_user()),
-               dbesc($album)
+               DBA::escape($album)
         );
         if (!DBA::isResult($r)) {
                 throw new BadRequestException("album not available");
@@ -4008,8 +4008,8 @@ function api_fr_photo_create_update($type)
                 $r = q(
                         "SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' AND `album` = '%s'",
                         intval(api_user()),
-                       dbesc($photo_id),
-                       dbesc($album)
+                       DBA::escape($photo_id),
+                       DBA::escape($album)
                 );
                 if (!DBA::isResult($r)) {
                         throw new BadRequestException("photo not available");
@@ -4078,8 +4078,8 @@ function api_fr_photo_create_update($type)
                                 $sql_extra,
                                 DateTimeFormat::utcNow(),   // update edited timestamp
                                 intval(api_user()),
-                               dbesc($photo_id),
-                               dbesc($album)
+                               DBA::escape($photo_id),
+                               DBA::escape($album)
                         );
                 } else {
                         $nothingtodo = true;
@@ -4132,7 +4132,7 @@ function api_fr_photo_delete($type)
         $r = q(
                 "SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'",
                 intval(api_user()),
-               dbesc($photo_id)
+               DBA::escape($photo_id)
         );
         if (!DBA::isResult($r)) {
                 throw new BadRequestException("photo not available");
@@ -4596,7 +4596,7 @@ function prepare_photo_data($type, $scale, $photo_id)
                         FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' %s GROUP BY `resource-id`",
                 $data_sql,
                 intval(local_user()),
-               dbesc($photo_id),
+               DBA::escape($photo_id),
                 $scale_sql
         );
  
@@ -4850,7 +4850,7 @@ function api_get_nick($profile)
  
         $r = q(
                 "SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'",
-               dbesc(normalise_link($profile))
+               DBA::escape(normalise_link($profile))
         );
  
         if (DBA::isResult($r)) {
@@ -4860,7 +4860,7 @@ function api_get_nick($profile)
         if (!$nick == "") {
                 $r = q(
                         "SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'",
-                       dbesc(normalise_link($profile))
+                       DBA::escape(normalise_link($profile))
                 );
  
                 if (DBA::isResult($r)) {
@@ -5205,7 +5205,7 @@ function api_friendica_group_delete($type)
                 "SELECT * FROM `group` WHERE `uid` = %d AND `id` = %d AND `name` = '%s'",
                 intval($uid),
                 intval($gid),
-               dbesc($name)
+               DBA::escape($name)
         );
         // error message if specified gid is not in database
         if (!DBA::isResult($rname)) {
@@ -5290,7 +5290,7 @@ function group_create($name, $uid, $users = [])
         $rname = q(
                 "SELECT * FROM `group` WHERE `uid` = %d AND `name` = '%s' AND `deleted` = 0",
                 intval($uid),
-               dbesc($name)
+               DBA::escape($name)
         );
         // error message if specified group name already exists
         if (DBA::isResult($rname)) {
@@ -5301,7 +5301,7 @@ function group_create($name, $uid, $users = [])
         $rname = q(
                 "SELECT * FROM `group` WHERE `uid` = %d AND `name` = '%s' AND `deleted` = 1",
                 intval($uid),
-               dbesc($name)
+               DBA::escape($name)
         );
         // error message if specified group name already exists
         if (DBA::isResult($rname)) {
@@ -5728,7 +5728,7 @@ function api_friendica_direct_messages_search($type, $box = "")
         $r = q(
                 "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid`=%d AND `body` LIKE '%s' ORDER BY `mail`.`id` DESC",
                 intval($uid),
-               dbesc('%'.$searchstring.'%')
+               DBA::escape('%'.$searchstring.'%')
         );
  
         $profile_url = $user_info["url"];
diff --git a/include/enotify.php b/include/enotify.php

index 4dfb53f8cb48a9c804a6b753718b05dab17c0917..f678fa01ffd9c278c238214c2a4cb01ad159458f 100644 (file)
--- a/include/enotify.php
+++ b/include/enotify.php
@@ -118,7 +118,7 @@ function notification($params)
                         intval(NOTIFY_TAGSELF),
                         intval(NOTIFY_COMMENT),
                         intval(NOTIFY_SHARE),
-                       dbesc($params['link']),
+                       DBA::escape($params['link']),
                         intval($params['uid'])
                 );
                 if ($p && count($p)) {
@@ -436,7 +436,7 @@ function notification($params)
                         $dups = false;
                         $hash = random_string();
                         $r = q("SELECT `id` FROM `notify` WHERE `hash` = '%s' LIMIT 1",
-                               dbesc($hash));
+                               DBA::escape($hash));
                         if (DBA::isResult($r)) {
                                 $dups = true;
                         }
@@ -469,23 +469,23 @@ function notification($params)
                 // create notification entry in DB
                 q("INSERT INTO `notify` (`hash`, `name`, `url`, `photo`, `date`, `uid`, `link`, `iid`, `parent`, `type`, `verb`, `otype`, `name_cache`)
                         values('%s', '%s', '%s', '%s', '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s')",
-                       dbesc($datarray['hash']),
-                       dbesc($datarray['name']),
-                       dbesc($datarray['url']),
-                       dbesc($datarray['photo']),
-                       dbesc($datarray['date']),
+                       DBA::escape($datarray['hash']),
+                       DBA::escape($datarray['name']),
+                       DBA::escape($datarray['url']),
+                       DBA::escape($datarray['photo']),
+                       DBA::escape($datarray['date']),
                         intval($datarray['uid']),
-                       dbesc($datarray['link']),
+                       DBA::escape($datarray['link']),
                         intval($datarray['iid']),
                         intval($datarray['parent']),
                         intval($datarray['type']),
-                       dbesc($datarray['verb']),
-                       dbesc($datarray['otype']),
-                       dbesc($datarray["name_cache"])
+                       DBA::escape($datarray['verb']),
+                       DBA::escape($datarray['otype']),
+                       DBA::escape($datarray["name_cache"])
                 );
  
                 $r = q("SELECT `id` FROM `notify` WHERE `hash` = '%s' AND `uid` = %d LIMIT 1",
-                       dbesc($hash),
+                       DBA::escape($hash),
                         intval($params['uid'])
                 );
                 if ($r) {
@@ -500,7 +500,7 @@ function notification($params)
                 $p = q("SELECT `id` FROM `notify` WHERE `type` IN (%d, %d) AND `link` = '%s' AND `uid` = %d ORDER BY `id`",
                         intval(NOTIFY_TAGSELF),
                         intval(NOTIFY_COMMENT),
-                       dbesc($params['link']),
+                       DBA::escape($params['link']),
                         intval($params['uid'])
                 );
                 if ($p && (count($p) > 1)) {
@@ -519,8 +519,8 @@ function notification($params)
                 $msg = replace_macros($epreamble, ['$itemlink' => $itemlink]);
                 $msg_cache = format_notification_message($datarray['name_cache'], strip_tags(BBCode::convert($msg)));
                 q("UPDATE `notify` SET `msg` = '%s', `msg_cache` = '%s' WHERE `id` = %d AND `uid` = %d",
-                       dbesc($msg),
-                       dbesc($msg_cache),
+                       DBA::escape($msg),
+                       DBA::escape($msg_cache),
                         intval($notify_id),
                         intval($params['uid'])
                 );
diff --git a/include/items.php b/include/items.php

index 55c69a041ac334cb462e3112d62a94162e8bc303..5e250284c6bd6d367e2634c830fb494ec7f85a5d 100644 (file)
--- a/include/items.php
+++ b/include/items.php
@@ -263,7 +263,7 @@ function consume_feed($xml, $importer, $contact, &$hub, $datedir = 0, $pass = 0)
                         FROM `contact`
                         LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
                         WHERE `contact`.`id` = %d AND `user`.`uid` = %d",
-                       dbesc($contact["id"]), dbesc($importer["uid"])
+                       DBA::escape($contact["id"]), DBA::escape($importer["uid"])
                 );
                 if (DBA::isResult($r)) {
                         logger("Now import the DFRN feed");
diff --git a/include/security.php b/include/security.php

index ad76509fdd6a1cc865d3ddcb222f3bad7016e31e..cd24279119c889cae44814caadd0ef11c659d7cd 100644 (file)
--- a/include/security.php
+++ b/include/security.php
@@ -322,9 +322,9 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null)
                                   )
                                 ",
                                 intval($remote_user),
-                               dbesc($gs),
+                               DBA::escape($gs),
                                 intval($remote_user),
-                               dbesc($gs)
+                               DBA::escape($gs)
                         );
                 }
         }
@@ -385,9 +385,9 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul
                                   AND ( `item`.allow_cid REGEXP '<%d>' OR `item`.allow_gid REGEXP '%s' OR ( `item`.allow_cid = '' AND `item`.allow_gid = '')))))
                                 ",
                                 intval($remote_user),
-                               dbesc($gs),
+                               DBA::escape($gs),
                                 intval($remote_user),
-                               dbesc($gs)
+                               DBA::escape($gs)
                         );
                 }
         }
diff --git a/include/text.php b/include/text.php

index b791480d8ffcce27a695026ac15cb3f0f1423633..aee0a7034223f83533f7fded4461fac6db695d76 100644 (file)
--- a/include/text.php
+++ b/include/text.php
@@ -755,9 +755,9 @@ function contact_block() {
                                 AND NOT `pending` AND NOT `hidden` AND NOT `archive`
                                 AND `network` IN ('%s', '%s', '%s')",
                         intval($a->profile['uid']),
-                       dbesc(NETWORK_DFRN),
-                       dbesc(NETWORK_OSTATUS),
-                       dbesc(NETWORK_DIASPORA)
+                       DBA::escape(NETWORK_DFRN),
+                       DBA::escape(NETWORK_OSTATUS),
+                       DBA::escape(NETWORK_DIASPORA)
         );
         if (DBA::isResult($r)) {
                 $total = intval($r[0]['total']);
@@ -773,9 +773,9 @@ function contact_block() {
                                         AND `network` IN ('%s', '%s', '%s')
                                 ORDER BY RAND() LIMIT %d",
                                 intval($a->profile['uid']),
-                               dbesc(NETWORK_DFRN),
-                               dbesc(NETWORK_OSTATUS),
-                               dbesc(NETWORK_DIASPORA),
+                               DBA::escape(NETWORK_DFRN),
+                               DBA::escape(NETWORK_OSTATUS),
+                               DBA::escape(NETWORK_DIASPORA),
                                 intval($shown)
                 );
                 if (DBA::isResult($r)) {
@@ -784,7 +784,7 @@ function contact_block() {
                                 $contacts[] = $contact["id"];
                         }
                         $r = q("SELECT `id`, `uid`, `addr`, `url`, `name`, `thumb`, `network` FROM `contact` WHERE `id` IN (%s)",
-                               dbesc(implode(",", $contacts)));
+                               DBA::escape(implode(",", $contacts)));
  
                         if (DBA::isResult($r)) {
                                 $contacts = L10n::tt('%d Contact', '%d Contacts', $total);
@@ -1467,7 +1467,7 @@ function generate_user_guid() {
         do {
                 $guid = System::createGUID(32);
                 $x = q("SELECT `uid` FROM `user` WHERE `guid` = '%s' LIMIT 1",
-                       dbesc($guid)
+                       DBA::escape($guid)
                 );
                 if (!DBA::isResult($x)) {
                         $found = false;
@@ -1659,7 +1659,7 @@ function file_tag_file_query($table,$s,$type = 'file') {
         } else {
                 $str = preg_quote('<' . str_replace('%', '%%', file_tag_encode($s)) . '>');
         }
-       return " AND " . (($table) ? dbesc($table) . '.' : '') . "file regexp '" . dbesc($str) . "' ";
+       return " AND " . (($table) ? DBA::escape($table) . '.' : '') . "file regexp '" . DBA::escape($str) . "' ";
  }
  
  // ex. given music,video return <music><video> or [music][video]
@@ -1753,7 +1753,7 @@ function file_tag_update_pconfig($uid, $file_old, $file_new, $type = 'file') {
  
                 foreach ($deleted_tags as $key => $tag) {
                         $r = q("SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d",
-                               dbesc($tag),
+                               DBA::escape($tag),
                                 intval(TERM_OBJ_POST),
                                 intval($termtype),
                                 intval($uid));
@@ -1819,7 +1819,7 @@ function file_tag_unsave_file($uid, $item_id, $file, $cat = false)
         Item::update($fields, ['id' => $item_id]);
  
         $r = q("SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d",
-               dbesc($file),
+               DBA::escape($file),
                 intval(TERM_OBJ_POST),
                 intval($termtype),
                 intval($uid)
diff --git a/mod/acl.php b/mod/acl.php

index 90e85040f03b8ec1a1fa77fd812c8089f084766b..5d155511dbb478dba8ac0f27b0d08baf62dfde05 100644 (file)
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -36,8 +36,8 @@ function acl_content(App $a)
         logger("Searching for ".$search." - type ".$type." conversation ".$conv_id, LOGGER_DEBUG);
  
         if ($search != '') {
-               $sql_extra = "AND `name` LIKE '%%" . dbesc($search) . "%%'";
-               $sql_extra2 = "AND (`attag` LIKE '%%" . dbesc($search) . "%%' OR `name` LIKE '%%" . dbesc($search) . "%%' OR `nick` LIKE '%%" . dbesc($search) . "%%')";
+               $sql_extra = "AND `name` LIKE '%%" . DBA::escape($search) . "%%'";
+               $sql_extra2 = "AND (`attag` LIKE '%%" . DBA::escape($search) . "%%' OR `name` LIKE '%%" . DBA::escape($search) . "%%' OR `nick` LIKE '%%" . DBA::escape($search) . "%%')";
         } else {
                 /// @TODO Avoid these needless else blocks by putting variable-initialization atop of if()
                 $sql_extra = $sql_extra2 = '';
@@ -84,8 +84,8 @@ function acl_content(App $a)
                                 AND `success_update` >= `failure_update`
                                 AND `network` IN ('%s', '%s') $sql_extra2",
                         intval(local_user()),
-                       dbesc(NETWORK_DFRN),
-                       dbesc(NETWORK_DIASPORA)
+                       DBA::escape(NETWORK_DFRN),
+                       DBA::escape(NETWORK_DIASPORA)
                 );
                 $contact_count = (int) $r[0]['c'];
         } elseif ($type == 'a') {
@@ -143,8 +143,8 @@ function acl_content(App $a)
                                 $sql_extra2
                                 ORDER BY `name` ASC ",
                         intval(local_user()),
-                       dbesc(NETWORK_OSTATUS),
-                       dbesc(NETWORK_STATUSNET)
+                       DBA::escape(NETWORK_OSTATUS),
+                       DBA::escape(NETWORK_STATUSNET)
                 );
         } elseif ($type == 'c') {
                 $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
@@ -153,7 +153,7 @@ function acl_content(App $a)
                                 $sql_extra2
                                 ORDER BY `name` ASC ",
                         intval(local_user()),
-                       dbesc(NETWORK_STATUSNET)
+                       DBA::escape(NETWORK_STATUSNET)
                 );
         } elseif ($type == 'f') {
                 $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
@@ -163,7 +163,7 @@ function acl_content(App $a)
                                 $sql_extra2
                                 ORDER BY `name` ASC ",
                         intval(local_user()),
-                       dbesc(NETWORK_STATUSNET)
+                       DBA::escape(NETWORK_STATUSNET)
                 );
         } elseif ($type == 'm') {
                 $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr` FROM `contact`
@@ -172,8 +172,8 @@ function acl_content(App $a)
                                 $sql_extra2
                                 ORDER BY `name` ASC ",
                         intval(local_user()),
-                       dbesc(NETWORK_DFRN),
-                       dbesc(NETWORK_DIASPORA)
+                       DBA::escape(NETWORK_DFRN),
+                       DBA::escape(NETWORK_DIASPORA)
                 );
         } elseif ($type == 'a') {
                 $r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
diff --git a/mod/admin.php b/mod/admin.php

index c8ad5204a47f50fc80efe39fc79a7525b0b5c7c6..ec91a8a22bb47c4a8d33878d2c01b8feadf1ccee 100644 (file)
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -815,7 +815,7 @@ function admin_page_workerqueue(App $a)
  function admin_page_summary(App $a)
  {
         // are there MyISAM tables in the DB? If so, trigger a warning message
-       $r = q("SELECT `engine` FROM `information_schema`.`tables` WHERE `engine` = 'myisam' AND `table_schema` = '%s' LIMIT 1", dbesc(DBA::databaseName()));
+       $r = q("SELECT `engine` FROM `information_schema`.`tables` WHERE `engine` = 'myisam' AND `table_schema` = '%s' LIMIT 1", DBA::escape(DBA::databaseName()));
         $showwarning = false;
         $warningtext = [];
         if (DBA::isResult($r)) {
@@ -948,8 +948,8 @@ function admin_page_site_post(App $a)
  
                 function update_table($table_name, $fields, $old_url, $new_url)
                 {
-                       $dbold = dbesc($old_url);
-                       $dbnew = dbesc($new_url);
+                       $dbold = DBA::escape($old_url);
+                       $dbnew = DBA::escape($new_url);
  
                         $upd = [];
                         foreach ($fields as $f) {
diff --git a/mod/api.php b/mod/api.php

index 2a871a9a9e1a499075b95d122c31a1964de76749..e978461655071c7774390b7d89dfe3d675ca0899 100644 (file)
--- a/mod/api.php
+++ b/mod/api.php
@@ -20,7 +20,7 @@ function oauth_get_client($request)
         $r = q("SELECT `clients`.*
                         FROM `clients`, `tokens`
                         WHERE `clients`.`client_id`=`tokens`.`client_id`
-                       AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", dbesc($token));
+                       AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", DBA::escape($token));
  
         if (!DBA::isResult($r)) {
                 return null;
diff --git a/mod/attach.php b/mod/attach.php

index a04fba9ca14d276e9ff824844704dc3b2fc4ab74..99f0fc46000bdb54c6ef74678a53779bb3a64a1c 100644 (file)
--- a/mod/attach.php
+++ b/mod/attach.php
@@ -32,7 +32,7 @@ function attach_init(App $a)
         // Now we'll see if we can access the attachment
  
         $r = q("SELECT * FROM `attach` WHERE `id` = '%d' $sql_extra LIMIT 1",
-               dbesc($item_id)
+               DBA::escape($item_id)
         );
  
         if (!DBA::isResult($r)) {
diff --git a/mod/contacts.php b/mod/contacts.php

index 71961a3df5a6f39539b9d960d91cd08b46c0be82..52363d742c78a7392f434be494c4ff223ae953d3 100644 (file)
--- a/mod/contacts.php
+++ b/mod/contacts.php
@@ -216,11 +216,11 @@ function contacts_post(App $a)
                 `ffi_keyword_blacklist` = '%s' WHERE `id` = %d AND `uid` = %d",
                 intval($profile_id),
                 intval($priority),
-               dbesc($info),
+               DBA::escape($info),
                 intval($hidden),
                 intval($notify),
                 intval($fetch_further_information),
-               dbesc($ffi_keyword_blacklist),
+               DBA::escape($ffi_keyword_blacklist),
                 intval($contact_id),
                 intval(local_user())
         );
@@ -308,7 +308,7 @@ function _contact_update_profile($contact_id)
                         $query .= ", ";
                 }
  
-               $query .= "`" . $key . "` = '" . dbesc($value) . "'";
+               $query .= "`" . $key . "` = '" . DBA::escape($value) . "'";
         }
  
         if ($query == "") {
@@ -773,12 +773,12 @@ function contacts_content(App $a)
         if ($search) {
                 $searching = true;
                 $search_hdr = $search;
-               $search_txt = dbesc(protect_sprintf(preg_quote($search)));
+               $search_txt = DBA::escape(protect_sprintf(preg_quote($search)));
                 $sql_extra .= " AND (name REGEXP '$search_txt' OR url REGEXP '$search_txt'  OR nick REGEXP '$search_txt') ";
         }
  
         if ($nets) {
-               $sql_extra .= sprintf(" AND network = '%s' ", dbesc($nets));
+               $sql_extra .= sprintf(" AND network = '%s' ", DBA::escape($nets));
         }
  
         $sql_extra2 = ((($sort_type > 0) && ($sort_type <= CONTACT_IS_FRIEND)) ? sprintf(" AND `rel` = %d ", intval($sort_type)) : '');
diff --git a/mod/crepair.php b/mod/crepair.php

index 97569a2a079924ffcc48a1f49c31d2a7763539d8..309a356d5393e6638415943468e9a6e4f18ec1f9 100644 (file)
--- a/mod/crepair.php
+++ b/mod/crepair.php
@@ -64,15 +64,15 @@ function crepair_post(App $a)
  
         $r = q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `url` = '%s', `nurl` = '%s', `request` = '%s', `confirm` = '%s', `notify` = '%s', `poll` = '%s', `attag` = '%s' , `remote_self` = %d
                 WHERE `id` = %d AND `uid` = %d",
-               dbesc($name),
-               dbesc($nick),
-               dbesc($url),
-               dbesc($nurl),
-               dbesc($request),
-               dbesc($confirm),
-               dbesc($notify),
-               dbesc($poll),
-               dbesc($attag),
+               DBA::escape($name),
+               DBA::escape($nick),
+               DBA::escape($url),
+               DBA::escape($nurl),
+               DBA::escape($request),
+               DBA::escape($confirm),
+               DBA::escape($notify),
+               DBA::escape($poll),
+               DBA::escape($attag),
                 intval($remote_self),
                 intval($contact['id']),
                 local_user()
diff --git a/mod/delegate.php b/mod/delegate.php

index e9760fa3f5cafd0c06d2c991576d5c06cf9a32b0..d0fd78cecc879e71d42b41b6bb75d0c6d9f86949 100644 (file)
--- a/mod/delegate.php
+++ b/mod/delegate.php
@@ -110,14 +110,14 @@ function delegate_content(App $a)
                 AND SUBSTRING_INDEX(`nurl`, '/', 3) = '%s'
                 AND `uid` = %d
                 AND `network` = '%s' ",
-               dbesc(normalise_link(System::baseUrl())),
+               DBA::escape(normalise_link(System::baseUrl())),
                 intval(local_user()),
-               dbesc(NETWORK_DFRN)
+               DBA::escape(NETWORK_DFRN)
         );
         if (DBA::isResult($r)) {
                 $nicknames = [];
                 foreach ($r as $rr) {
-                       $nicknames[] = "'" . dbesc(basename($rr['nurl'])) . "'";
+                       $nicknames[] = "'" . DBA::escape(basename($rr['nurl'])) . "'";
                 }
  
                 $nicks = implode(',', $nicknames);
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php

index d6e8470238035e89d26b2d5b0d628c20f3c9b00b..a2871b3b39e751ecc78f8b30fe356605e1d274dc 100644 (file)
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -117,7 +117,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
                         AND `uid` = %d
                         AND `duplex` = 0
                         LIMIT 1",
-                       dbesc($dfrn_id),
+                       DBA::escape($dfrn_id),
                         intval($cid),
                         intval($uid)
                 );
@@ -157,7 +157,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
  
                         // Save the private key. Send them the public key.
                         q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d",
-                               dbesc($private_key),
+                               DBA::escape($private_key),
                                 intval($contact_id),
                                 intval($uid)
                         );
@@ -261,7 +261,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
                                         // birthday paradox - generate new dfrn-id and fall through.
                                         $new_dfrn_id = random_string();
                                         q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d",
-                                               dbesc($new_dfrn_id),
+                                               DBA::escape($new_dfrn_id),
                                                 intval($contact_id),
                                                 intval($uid)
                                         );
@@ -324,11 +324,11 @@ function dfrn_confirm_post(App $a, $handsfree = null)
                                 `network` = '%s' WHERE `id` = %d
                         ",
                                 intval($new_relation),
-                               dbesc(DateTimeFormat::utcNow()),
-                               dbesc(DateTimeFormat::utcNow()),
+                               DBA::escape(DateTimeFormat::utcNow()),
+                               DBA::escape(DateTimeFormat::utcNow()),
                                 intval($duplex),
                                 intval($hidden),
-                               dbesc(NETWORK_DFRN),
+                               DBA::escape(NETWORK_DFRN),
                                 intval($contact_id)
                         );
                 } else {
@@ -372,12 +372,12 @@ function dfrn_confirm_post(App $a, $handsfree = null)
                                 `rel` = %d
                                 WHERE `id` = %d
                         ",
-                               dbesc(DateTimeFormat::utcNow()),
-                               dbesc(DateTimeFormat::utcNow()),
-                               dbesc($addr),
-                               dbesc($notify),
-                               dbesc($poll),
-                               dbesc($network),
+                               DBA::escape(DateTimeFormat::utcNow()),
+                               DBA::escape(DateTimeFormat::utcNow()),
+                               DBA::escape($addr),
+                               DBA::escape($notify),
+                               DBA::escape($poll),
+                               DBA::escape($network),
                                 intval($writable),
                                 intval($hidden),
                                 intval($new_relation),
@@ -517,8 +517,8 @@ function dfrn_confirm_post(App $a, $handsfree = null)
                 }
  
                 $r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d",
-                       dbesc($decrypted_dfrn_id),
-                       dbesc($dfrn_pubkey),
+                       DBA::escape($decrypted_dfrn_id),
+                       DBA::escape($dfrn_pubkey),
                         intval($dfrn_record)
                 );
                 if (!DBA::isResult($r)) {
@@ -568,12 +568,12 @@ function dfrn_confirm_post(App $a, $handsfree = null)
                         `network` = '%s' WHERE `id` = %d
                 ",
                         intval($new_relation),
-                       dbesc(DateTimeFormat::utcNow()),
-                       dbesc(DateTimeFormat::utcNow()),
+                       DBA::escape(DateTimeFormat::utcNow()),
+                       DBA::escape(DateTimeFormat::utcNow()),
                         intval($duplex),
                         intval($forum),
                         intval($prv),
-                       dbesc(NETWORK_DFRN),
+                       DBA::escape(NETWORK_DFRN),
                         intval($dfrn_record)
                 );
                 if (!DBA::isResult($r)) {       // indicates schema is messed up or total db failure
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php

index 5c59fc73ff0f74a7b3ecd776c0be613dea87d1f2..6f03bc6c15f6f5a0c04f15b025034b057d785339 100644 (file)
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -74,13 +74,13 @@ function dfrn_notify_post(App $a) {
         $sql_extra = '';
         switch ($direction) {
                 case (-1):
-                       $sql_extra = sprintf(" AND ( `issued-id` = '%s' OR `dfrn-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
+                       $sql_extra = sprintf(" AND ( `issued-id` = '%s' OR `dfrn-id` = '%s' ) ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
                         break;
                 case 0:
-                       $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                       $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                         break;
                 case 1:
-                       $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                       $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                         break;
                 default:
                         System::xmlExit(3, 'Invalid direction');
@@ -104,7 +104,7 @@ function dfrn_notify_post(App $a) {
                         LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
                         WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
                                 AND `user`.`nickname` = '%s' AND `user`.`account_expired` = 0 AND `user`.`account_removed` = 0 $sql_extra LIMIT 1",
-               dbesc($a->argv[1])
+               DBA::escape($a->argv[1])
         );
  
         if (!DBA::isResult($r)) {
@@ -312,15 +312,15 @@ function dfrn_notify_content(App $a) {
                 $sql_extra = '';
                 switch($direction) {
                         case (-1):
-                               $sql_extra = sprintf(" AND (`issued-id` = '%s' OR `dfrn-id` = '%s') ", dbesc($dfrn_id), dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND (`issued-id` = '%s' OR `dfrn-id` = '%s') ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
                                 $my_id = $dfrn_id;
                                 break;
                         case 0:
-                               $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                 $my_id = '1:' . $dfrn_id;
                                 break;
                         case 1:
-                               $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                 $my_id = '0:' . $dfrn_id;
                                 break;
                         default:
@@ -331,7 +331,7 @@ function dfrn_notify_content(App $a) {
                 $r = q("SELECT `contact`.*, `user`.`nickname`, `user`.`page-flags` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
                                 WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s'
                                 AND `user`.`account_expired` = 0 AND `user`.`account_removed` = 0 $sql_extra LIMIT 1",
-                               dbesc($a->argv[1])
+                               DBA::escape($a->argv[1])
                 );
  
                 if (!DBA::isResult($r)) {
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php

index d835f5a884fae861efe129a62c6ac2d2492c1ca8..943ddddecc53623fe1b10c23f3e8f28fbd55c7f9 100644 (file)
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -56,7 +56,7 @@ function dfrn_poll_init(App $a)
                 $user = '';
                 if ($a->argc > 1) {
                         $r = q("SELECT `hidewall`,`nickname` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
-                               dbesc($a->argv[1])
+                               DBA::escape($a->argv[1])
                         );
                         if (!$r) {
                                 System::httpExit(404);
@@ -77,15 +77,15 @@ function dfrn_poll_init(App $a)
                 $sql_extra = '';
                 switch ($direction) {
                         case -1:
-                               $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
                                 $my_id = $dfrn_id;
                                 break;
                         case 0:
-                               $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                 $my_id = '1:' . $dfrn_id;
                                 break;
                         case 1:
-                               $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                 $my_id = '0:' . $dfrn_id;
                                 break;
                         default:
@@ -97,7 +97,7 @@ function dfrn_poll_init(App $a)
                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
                         WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
                         AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
-                       dbesc($a->argv[1])
+                       DBA::escape($a->argv[1])
                 );
  
                 if (DBA::isResult($r)) {
@@ -129,8 +129,8 @@ function dfrn_poll_init(App $a)
                                         $session_id = session_id();
                                         $expire = time() + 86400;
                                         q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s'",
-                                               dbesc($expire),
-                                               dbesc($session_id)
+                                               DBA::escape($expire),
+                                               DBA::escape($session_id)
                                         );
                                 }
                         }
@@ -144,7 +144,7 @@ function dfrn_poll_init(App $a)
                 if ((strlen($challenge)) && (strlen($sec))) {
                         DBA::delete('profile_check', ["`expire` < ?", time()]);
                         $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
-                               dbesc($sec)
+                               DBA::escape($sec)
                         );
                         if (!DBA::isResult($r)) {
                                 System::xmlExit(3, 'No ticket');
@@ -209,7 +209,7 @@ function dfrn_poll_init(App $a)
  
                         DBA::delete('profile_check', ["`expire` < ?", time()]);
                         $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
-                               dbesc($dfrn_id));
+                               DBA::escape($dfrn_id));
                         if (DBA::isResult($r)) {
                                 System::xmlExit(1);
                                 return; // NOTREACHED
@@ -236,7 +236,7 @@ function dfrn_poll_post(App $a)
  
                         DBA::delete('profile_check', ["`expire` < ?", time()]);
                         $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
-                               dbesc($sec)
+                               DBA::escape($sec)
                         );
                         if (!DBA::isResult($r)) {
                                 System::xmlExit(3, 'No ticket');
@@ -296,8 +296,8 @@ function dfrn_poll_post(App $a)
         }
  
         $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
-               dbesc($dfrn_id),
-               dbesc($challenge)
+               DBA::escape($dfrn_id),
+               DBA::escape($challenge)
         );
  
         if (!DBA::isResult($r)) {
@@ -312,15 +312,15 @@ function dfrn_poll_post(App $a)
         $sql_extra = '';
         switch ($direction) {
                 case -1:
-                       $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
+                       $sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
                         $my_id = $dfrn_id;
                         break;
                 case 0:
-                       $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                       $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                         $my_id = '1:' . $dfrn_id;
                         break;
                 case 1:
-                       $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                       $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                         $my_id = '0:' . $dfrn_id;
                         break;
                 default:
@@ -339,7 +339,7 @@ function dfrn_poll_post(App $a)
  
         if ($type === 'reputation' && strlen($url)) {
                 $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
-                       dbesc($url),
+                       DBA::escape($url),
                         intval($owner_uid)
                 );
                 $reputation = 0;
@@ -417,11 +417,11 @@ function dfrn_poll_content(App $a)
                 if ($type !== 'profile') {
                         $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
                                 VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
-                               dbesc($hash),
-                               dbesc($dfrn_id),
+                               DBA::escape($hash),
+                               DBA::escape($dfrn_id),
                                 intval(time() + 60 ),
-                               dbesc($type),
-                               dbesc($last_update)
+                               DBA::escape($type),
+                               DBA::escape($last_update)
                         );
                 }
  
@@ -429,19 +429,19 @@ function dfrn_poll_content(App $a)
                 switch ($direction) {
                         case -1:
                                 if ($type === 'profile') {
-                                       $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
+                                       $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
                                 } else {
-                                       $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
+                                       $sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
                                 }
  
                                 $my_id = $dfrn_id;
                                 break;
                         case 0:
-                               $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                 $my_id = '1:' . $dfrn_id;
                                 break;
                         case 1:
-                               $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                               $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                 $my_id = '0:' . $dfrn_id;
                                 break;
                         default:
@@ -455,7 +455,7 @@ function dfrn_poll_content(App $a)
                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
                         WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
                         AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
-                       dbesc($nickname)
+                       DBA::escape($nickname)
                 );
                 if (DBA::isResult($r)) {
                         $challenge = '';
@@ -546,8 +546,8 @@ function dfrn_poll_content(App $a)
                                         $session_id = session_id();
                                         $expire = time() + 86400;
                                         q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s'",
-                                               dbesc($expire),
-                                               dbesc($session_id)
+                                               DBA::escape($expire),
+                                               DBA::escape($session_id)
                                         );
                                 }
  
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php

index 5c7e2adf54182acb79b02a315e1c59fff3ef2b98..ede469e1ffa9b0d0ecf91062b23e770fddf05d2a 100644 (file)
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -84,7 +84,7 @@ function dfrn_request_post(App $a)
                                 // Lookup the contact based on their URL (which is the only unique thing we have at the moment)
                                 $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND NOT `self` LIMIT 1",
                                         intval(local_user()),
-                                       dbesc(normalise_link($dfrn_url))
+                                       DBA::escape(normalise_link($dfrn_url))
                                 );
  
                                 if (DBA::isResult($r)) {
@@ -137,8 +137,8 @@ function dfrn_request_post(App $a)
                                                 VALUES ( %d, '%s', '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d)",
                                                 intval(local_user()),
                                                 DateTimeFormat::utcNow(),
-                                               dbesc($dfrn_url),
-                                               dbesc(normalise_link($dfrn_url)),
+                                               DBA::escape($dfrn_url),
+                                               DBA::escape(normalise_link($dfrn_url)),
                                                 $parms['addr'],
                                                 $parms['fn'],
                                                 $parms['nick'],
@@ -149,7 +149,7 @@ function dfrn_request_post(App $a)
                                                 $parms['dfrn-notify'],
                                                 $parms['dfrn-poll'],
                                                 $parms['dfrn-poco'],
-                                               dbesc(NETWORK_DFRN),
+                                               DBA::escape(NETWORK_DFRN),
                                                 intval($aes_allow),
                                                 intval($hidden),
                                                 intval($blocked),
@@ -163,7 +163,7 @@ function dfrn_request_post(App $a)
  
                                 $r = q("SELECT `id`, `network` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `site-pubkey` = '%s' LIMIT 1",
                                         intval(local_user()),
-                                       dbesc($dfrn_url),
+                                       DBA::escape($dfrn_url),
                                         $parms['key'] // this was already escaped
                                 );
                                 if (DBA::isResult($r)) {
@@ -239,7 +239,7 @@ function dfrn_request_post(App $a)
                 // Block friend request spam
                 if ($maxreq) {
                         $r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d",
-                               dbesc(DateTimeFormat::utc('now - 24 hours')),
+                               DBA::escape(DateTimeFormat::utc('now - 24 hours')),
                                 intval($uid)
                         );
                         if (DBA::isResult($r) && count($r) > $maxreq) {
@@ -302,7 +302,7 @@ function dfrn_request_post(App $a)
                 if ($network === NETWORK_DFRN) {
                         $ret = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `self` = 0 LIMIT 1",
                                 intval($uid),
-                               dbesc($url)
+                               DBA::escape($url)
                         );
  
                         if (DBA::isResult($ret)) {
@@ -324,7 +324,7 @@ function dfrn_request_post(App $a)
                                 // There is a contact record but no issued-id, so this
                                 // is a reciprocal introduction from a known contact
                                 $r = q("UPDATE `contact` SET `issued-id` = '%s' WHERE `id` = %d",
-                                       dbesc($issued_id),
+                                       DBA::escape($issued_id),
                                         intval($contact_record['id'])
                                 );
                         } else {
@@ -376,9 +376,9 @@ function dfrn_request_post(App $a)
                                         `request`, `confirm`, `notify`, `poll`, `poco`, `network`, `blocked`, `pending` )
                                         VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
                                         intval($uid),
-                                       dbesc(DateTimeFormat::utcNow()),
+                                       DBA::escape(DateTimeFormat::utcNow()),
                                         $parms['url'],
-                                       dbesc(normalise_link($url)),
+                                       DBA::escape(normalise_link($url)),
                                         $parms['addr'],
                                         $parms['fn'],
                                         $parms['nick'],
@@ -390,7 +390,7 @@ function dfrn_request_post(App $a)
                                         $parms['dfrn-notify'],
                                         $parms['dfrn-poll'],
                                         $parms['dfrn-poco'],
-                                       dbesc(NETWORK_DFRN),
+                                       DBA::escape(NETWORK_DFRN),
                                         intval($blocked),
                                         intval($pending)
                                 );
@@ -422,9 +422,9 @@ function dfrn_request_post(App $a)
                                         intval($uid),
                                         intval($contact_record['id']),
                                         ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0),
-                                       dbesc(notags(trim($_POST['dfrn-request-message']))),
-                                       dbesc($hash),
-                                       dbesc(DateTimeFormat::utcNow())
+                                       DBA::escape(notags(trim($_POST['dfrn-request-message']))),
+                                       DBA::escape($hash),
+                                       DBA::escape(DateTimeFormat::utcNow())
                                 );
                         }
  
@@ -534,7 +534,7 @@ function dfrn_request_content(App $a)
                 // We could just unblock it, but first we have to jump through a few hoops to
                 // send an email, or even to find out if we need to send an email.
                 $intro = q("SELECT * FROM `intro` WHERE `hash` = '%s' LIMIT 1",
-                       dbesc($_GET['confirm_key'])
+                       DBA::escape($_GET['confirm_key'])
                 );
  
                 if (DBA::isResult($intro)) {
@@ -586,7 +586,7 @@ function dfrn_request_content(App $a)
                                 // in dfrn_confirm_post()
  
                                 $r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s'",
-                                       dbesc($_GET['confirm_key'])
+                                       DBA::escape($_GET['confirm_key'])
                                 );
                         }
                 }
diff --git a/mod/directory.php b/mod/directory.php

index f7e37591aef95887abb2b0e16619bfea7f26d51d..129c3388c9d7e346a04f5e1c352fa819558f6aa9 100644 (file)
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -60,7 +60,7 @@ function directory_content(App $a)
         }
  
         if ($search) {
-               $search = dbesc($search);
+               $search = DBA::escape($search);
  
                 $sql_extra = " AND ((`profile`.`name` LIKE '%$search%') OR
                                 (`user`.`nickname` LIKE '%$search%') OR
diff --git a/mod/dirfind.php b/mod/dirfind.php

index 74e2cc9a9bf6f8652c2b856adf3b844ab2f236e7..40275523fd1829d73c40ed49c63b53713e19239b 100644 (file)
--- a/mod/dirfind.php
+++ b/mod/dirfind.php
@@ -118,9 +118,9 @@ function dirfind_content(App $a, $prefix = "") {
                                                 ((`last_contact` >= `last_failure`) OR (`updated` >= `last_failure`)) AND
                                                 (`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
                                                 `addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql",
-                                       dbesc(NETWORK_DFRN), dbesc($ostatus), dbesc($diaspora),
-                                       dbesc(escape_tags($search2)), dbesc(escape_tags($search2)), dbesc(escape_tags($search2)),
-                                       dbesc(escape_tags($search2)), dbesc(escape_tags($search2)), dbesc(escape_tags($search2)));
+                                       DBA::escape(NETWORK_DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
+                                       DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
+                                       DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)));
  
                         $results = q("SELECT `nurl`
                                         FROM `gcontact`
@@ -130,9 +130,9 @@ function dirfind_content(App $a, $prefix = "") {
                                                 `addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql
                                                 GROUP BY `nurl`
                                                 ORDER BY `updated` DESC LIMIT %d, %d",
-                                       dbesc(NETWORK_DFRN), dbesc($ostatus), dbesc($diaspora),
-                                       dbesc(escape_tags($search2)), dbesc(escape_tags($search2)), dbesc(escape_tags($search2)),
-                                       dbesc(escape_tags($search2)), dbesc(escape_tags($search2)), dbesc(escape_tags($search2)),
+                                       DBA::escape(NETWORK_DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
+                                       DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
+                                       DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
                                         intval($startrec), intval($perpage));
                         $j = new stdClass();
                         $j->total = $count[0]["total"];
diff --git a/mod/fbrowser.php b/mod/fbrowser.php

index 631888d7e462f181571d12391957b9e044abd4da..14802b08f4c3435490af445828c45bd59e21f556 100644 (file)
--- a/mod/fbrowser.php
+++ b/mod/fbrowser.php
@@ -39,8 +39,8 @@ function fbrowser_content(App $a)
                         if ($a->argc==2) {
                                 $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' ",
                                         intval(local_user()),
-                                       dbesc('Contact Photos'),
-                                       dbesc(L10n::t('Contact Photos'))
+                                       DBA::escape('Contact Photos'),
+                                       DBA::escape(L10n::t('Contact Photos'))
                                 );
  
                                 function _map_folder1($el)
@@ -54,7 +54,7 @@ function fbrowser_content(App $a)
                         $album = "";
                         if ($a->argc==3) {
                                 $album = hex2bin($a->argv[2]);
-                               $sql_extra = sprintf("AND `album` = '%s' ", dbesc($album));
+                               $sql_extra = sprintf("AND `album` = '%s' ", DBA::escape($album));
                                 $sql_extra2 = "";
                                 $path[]=[$a->argv[2], $album];
                         }
@@ -64,8 +64,8 @@ function fbrowser_content(App $a)
                                         FROM `photo` WHERE `uid` = %d $sql_extra AND `album` != '%s' AND `album` != '%s'
                                         GROUP BY `resource-id` $sql_extra2",
                                 intval(local_user()),
-                               dbesc('Contact Photos'),
-                               dbesc(L10n::t('Contact Photos'))
+                               DBA::escape('Contact Photos'),
+                               DBA::escape(L10n::t('Contact Photos'))
                         );
  
                         function _map_files1($rr)
@@ -77,7 +77,7 @@ function fbrowser_content(App $a)
  
                                 // Take the largest picture that is smaller or equal 640 pixels
                                 $p = q("SELECT `scale` FROM `photo` WHERE `resource-id` = '%s' AND `height` <= 640 AND `width` <= 640 ORDER BY `resource-id`, `scale` LIMIT 1",
-                                       dbesc($rr['resource-id']));
+                                       DBA::escape($rr['resource-id']));
                                 if ($p) {
                                         $scale = $p[0]["scale"];
                                 } else {
diff --git a/mod/follow.php b/mod/follow.php

index 76180fef51d106fc61e70742d260a8c4f4c47398..df1977aba99dae3d8b8317f14d138c3f2bf45c4d 100644 (file)
--- a/mod/follow.php
+++ b/mod/follow.php
@@ -65,8 +65,8 @@ function follow_content(App $a)
         $r = q("SELECT `pending` FROM `contact` WHERE `uid` = %d AND ((`rel` != %d) OR (`network` = '%s')) AND
                 (`nurl` = '%s' OR `alias` = '%s' OR `alias` = '%s') AND
                 `network` != '%s' LIMIT 1",
-               intval(local_user()), dbesc(CONTACT_IS_FOLLOWER), dbesc(NETWORK_DFRN), dbesc(normalise_link($url)),
-               dbesc(normalise_link($url)), dbesc($url), dbesc(NETWORK_STATUSNET));
+               intval(local_user()), DBA::escape(CONTACT_IS_FOLLOWER), DBA::escape(NETWORK_DFRN), DBA::escape(normalise_link($url)),
+               DBA::escape(normalise_link($url)), DBA::escape($url), DBA::escape(NETWORK_STATUSNET));
  
         if ($r) {
                 if ($r[0]['pending']) {
diff --git a/mod/friendica.php b/mod/friendica.php

index 8c3e4485862b5ec97b42e58f05b190b3a86e8f01..05a76b44da1b55aad6c5fb237b079159bec6372f 100644 (file)
--- a/mod/friendica.php
+++ b/mod/friendica.php
@@ -17,12 +17,12 @@ function friendica_init(App $a)
  
                 $sql_extra = '';
                 if (x($a->config, 'admin_nickname')) {
-                       $sql_extra = sprintf(" AND `nickname` = '%s' ", dbesc(Config::get('config', 'admin_nickname')));
+                       $sql_extra = sprintf(" AND `nickname` = '%s' ", DBA::escape(Config::get('config', 'admin_nickname')));
                 }
                 if (!empty(Config::get('config', 'admin_email'))) {
                         $adminlist = explode(",", str_replace(" ", "", Config::get('config', 'admin_email')));
  
-                       $r = q("SELECT `username`, `nickname` FROM `user` WHERE `email` = '%s' $sql_extra", dbesc($adminlist[0]));
+                       $r = q("SELECT `username`, `nickname` FROM `user` WHERE `email` = '%s' $sql_extra", DBA::escape($adminlist[0]));
                         $admin = [
                                 'name' => $r[0]['username'],
                                 'profile'=> System::baseUrl() . '/profile/' . $r[0]['nickname'],
diff --git a/mod/fsuggest.php b/mod/fsuggest.php

index 5c469894ca88b4b9682ec196267c543089db943b..8fc0f07deef7b8b6becee9cd7f2d2a849c6cfbf7 100644 (file)
--- a/mod/fsuggest.php
+++ b/mod/fsuggest.php
@@ -48,21 +48,21 @@ function fsuggest_post(App $a)
                                 VALUES ( %d, %d, '%s','%s','%s','%s','%s','%s')",
                                 intval(local_user()),
                                 intval($contact_id),
-                               dbesc($r[0]['name']),
-                               dbesc($r[0]['url']),
-                               dbesc($r[0]['request']),
-                               dbesc($r[0]['photo']),
-                               dbesc($hash),
-                               dbesc(DateTimeFormat::utcNow())
+                               DBA::escape($r[0]['name']),
+                               DBA::escape($r[0]['url']),
+                               DBA::escape($r[0]['request']),
+                               DBA::escape($r[0]['photo']),
+                               DBA::escape($hash),
+                               DBA::escape(DateTimeFormat::utcNow())
                         );
                         $r = q("SELECT `id` FROM `fsuggest` WHERE `note` = '%s' AND `uid` = %d LIMIT 1",
-                               dbesc($hash),
+                               DBA::escape($hash),
                                 intval(local_user())
                         );
                         if (DBA::isResult($r)) {
                                 $fsuggest_id = $r[0]['id'];
                                 q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d",
-                                       dbesc($note),
+                                       DBA::escape($note),
                                         intval($fsuggest_id),
                                         intval(local_user())
                                 );
diff --git a/mod/group.php b/mod/group.php

index f9a3d0b6db8a5ae9ca78c6474ba2c71038ecd664..71a84a80ca5f2420b21e2c853374fce684112e13 100644 (file)
--- a/mod/group.php
+++ b/mod/group.php
@@ -61,7 +61,7 @@ function group_post(App $a) {
                 $groupname = notags(trim($_POST['groupname']));
                 if ((strlen($groupname))  && ($groupname != $group['name'])) {
                         $r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d",
-                               dbesc($groupname),
+                               DBA::escape($groupname),
                                 intval(local_user()),
                                 intval($group['id'])
                         );
diff --git a/mod/invite.php b/mod/invite.php

index d8d98bec28eb0bcd40b4f2bbea1b25845a52ed0f..7087e497ea9bbda74e7ef5d03fd9edd9ff12b206 100644 (file)
--- a/mod/invite.php
+++ b/mod/invite.php
@@ -61,8 +61,8 @@ function invite_post(App $a)
                         $nmessage = str_replace('$invite_code', $code, $message);
  
                         $r = q("INSERT INTO `register` (`hash`,`created`) VALUES ('%s', '%s') ",
-                               dbesc($code),
-                               dbesc(DateTimeFormat::utcNow())
+                               DBA::escape($code),
+                               DBA::escape(DateTimeFormat::utcNow())
                         );
  
                         if (! is_site_admin()) {
diff --git a/mod/lockview.php b/mod/lockview.php

index 3bccd3585e25b244367f8d386256183351a37d55..b1c3e3776754968bd4aafdd56dd5852b606f03cd 100644 (file)
--- a/mod/lockview.php
+++ b/mod/lockview.php
@@ -24,7 +24,7 @@ function lockview_content(App $a) {
                 killme();
  
         $r = q("SELECT * FROM `%s` WHERE `id` = %d LIMIT 1",
-               dbesc($type),
+               DBA::escape($type),
                 intval($item_id)
         );
         if (! DBA::isResult($r)) {
@@ -57,7 +57,7 @@ function lockview_content(App $a) {
  
         if(count($allowed_groups)) {
                 $r = q("SELECT `name` FROM `group` WHERE `id` IN ( %s )",
-                       dbesc(implode(', ', $allowed_groups))
+                       DBA::escape(implode(', ', $allowed_groups))
                 );
                 if (DBA::isResult($r))
                         foreach($r as $rr)
@@ -65,7 +65,7 @@ function lockview_content(App $a) {
         }
         if(count($allowed_users)) {
                 $r = q("SELECT `name` FROM `contact` WHERE `id` IN ( %s )",
-                       dbesc(implode(', ',$allowed_users))
+                       DBA::escape(implode(', ',$allowed_users))
                 );
                 if (DBA::isResult($r))
                         foreach($r as $rr)
@@ -75,7 +75,7 @@ function lockview_content(App $a) {
  
         if(count($deny_groups)) {
                 $r = q("SELECT `name` FROM `group` WHERE `id` IN ( %s )",
-                       dbesc(implode(', ', $deny_groups))
+                       DBA::escape(implode(', ', $deny_groups))
                 );
                 if (DBA::isResult($r))
                         foreach($r as $rr)
@@ -83,7 +83,7 @@ function lockview_content(App $a) {
         }
         if(count($deny_users)) {
                 $r = q("SELECT `name` FROM `contact` WHERE `id` IN ( %s )",
-                       dbesc(implode(', ',$deny_users))
+                       DBA::escape(implode(', ',$deny_users))
                 );
                 if (DBA::isResult($r))
                         foreach($r as $rr)
diff --git a/mod/manage.php b/mod/manage.php

index 2943a229cfd24d3f591503ae7807ac4faf128d1a..457b0eede492a8a5964e82c5b4040cbef213139a 100644 (file)
--- a/mod/manage.php
+++ b/mod/manage.php
@@ -60,14 +60,14 @@ function manage_post(App $a) {
                 // Check if the target user is one of our children
                 $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
                         intval($identity),
-                       dbesc($orig_record['uid'])
+                       DBA::escape($orig_record['uid'])
                 );
  
                 // Check if the target user is one of our siblings
                 if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0)) {
                         $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
                                 intval($identity),
-                               dbesc($orig_record['parent-uid'])
+                               DBA::escape($orig_record['parent-uid'])
                         );
                 }
  
@@ -143,7 +143,7 @@ function manage_content(App $a) {
         //getting additinal information for each identity
         foreach ($identities as $key=>$id) {
                 $thumb = q("SELECT `thumb` FROM `contact` WHERE `uid` = '%s' AND `self` = 1",
-                       dbesc($id['uid'])
+                       DBA::escape($id['uid'])
                 );
  
                 $identities[$key]['thumb'] = $thumb[0]['thumb'];
diff --git a/mod/match.php b/mod/match.php

index a79d4568005c7ee83ea230a2b99b5c22db1a9fe4..75e7403d74815b36e462ea8c207cc829ded53096 100644 (file)
--- a/mod/match.php
+++ b/mod/match.php
@@ -2,6 +2,7 @@
  /**
   * @file mod/match.php
   */
+
  use Friendica\App;
  use Friendica\Content\Widget;
  use Friendica\Core\Config;
@@ -9,7 +10,6 @@ use Friendica\Core\L10n;
  use Friendica\Core\System;
  use Friendica\Database\DBA;
  use Friendica\Model\Contact;
-use Friendica\Model\Profile;
  use Friendica\Util\Network;
  
  require_once 'include/text.php';
@@ -79,7 +79,7 @@ function match_content(App $a)
                                 $match = q(
                                         "SELECT `nurl` FROM `contact` WHERE `uid` = '%d' AND nurl='%s' LIMIT 1",
                                         intval(local_user()),
-                                       dbesc($match_nurl)
+                                       DBA::escape($match_nurl)
                                 );
  
                                 if (!count($match)) {
diff --git a/mod/message.php b/mod/message.php

index fbb1391699490b056ad77032132f5d479dc6e1e7..ac93cc73e97e562a2f73537ac78222dc77754abb 100644 (file)
--- a/mod/message.php
+++ b/mod/message.php
@@ -217,14 +217,14 @@ function message_content(App $a)
                         if (!DBA::isResult($r)) {
                                 $r = q("SELECT `name`, `url`, `id` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1",
                                         intval(local_user()),
-                                       dbesc(normalise_link(base64_decode($a->argv[2])))
+                                       DBA::escape(normalise_link(base64_decode($a->argv[2])))
                                 );
                         }
  
                         if (!DBA::isResult($r)) {
                                 $r = q("SELECT `name`, `url`, `id` FROM `contact` WHERE `uid` = %d AND `addr` = '%s' LIMIT 1",
                                         intval(local_user()),
-                                       dbesc(base64_decode($a->argv[2]))
+                                       DBA::escape(base64_decode($a->argv[2]))
                                 );
                         }
  
@@ -311,10 +311,10 @@ function message_content(App $a)
                         $contact_id = $r[0]['contact-id'];
                         $convid = $r[0]['convid'];
  
-                       $sql_extra = sprintf(" and `mail`.`parent-uri` = '%s' ", dbesc($r[0]['parent-uri']));
+                       $sql_extra = sprintf(" and `mail`.`parent-uri` = '%s' ", DBA::escape($r[0]['parent-uri']));
                         if ($convid)
                                 $sql_extra = sprintf(" and ( `mail`.`parent-uri` = '%s' OR `mail`.`convid` = '%d' ) ",
-                                       dbesc($r[0]['parent-uri']),
+                                       DBA::escape($r[0]['parent-uri']),
                                         intval($convid)
                                 );
  
@@ -332,7 +332,7 @@ function message_content(App $a)
                 }
  
                 $r = q("UPDATE `mail` SET `seen` = 1 WHERE `parent-uri` = '%s' AND `uid` = %d",
-                       dbesc($r[0]['parent-uri']),
+                       DBA::escape($r[0]['parent-uri']),
                         intval(local_user())
                 );
  
diff --git a/mod/modexp.php b/mod/modexp.php

index 7c80b08c4317d23708d9a6e709ab65625d6096d7..966c111d569370e84631f0ca392e042585a888de 100644 (file)
--- a/mod/modexp.php
+++ b/mod/modexp.php
@@ -10,7 +10,7 @@ function modexp_init(App $a) {
  
         $nick = $a->argv[1];
         $r = q("SELECT `spubkey` FROM `user` WHERE `nickname` = '%s' LIMIT 1",
-                       dbesc($nick)
+                       DBA::escape($nick)
         );
  
         if (! DBA::isResult($r)) {
diff --git a/mod/msearch.php b/mod/msearch.php

index 56e2266acffe4924098b2a2bfaf2a88e04625382..d3477b0d59127e490c2bc683c70cdd839fc26473 100644 (file)
--- a/mod/msearch.php
+++ b/mod/msearch.php
@@ -15,7 +15,7 @@ function msearch_post(App $a) {
                 killme();
  
         $r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 AND `user`.`hidewall` = 0 AND MATCH `pub_keywords` AGAINST ('%s') ",
-               dbesc($search)
+               DBA::escape($search)
         );
  
         if (DBA::isResult($r))
@@ -24,7 +24,7 @@ function msearch_post(App $a) {
         $results = [];
  
         $r = q("SELECT `pub_keywords`, `username`, `nickname`, `user`.`uid` FROM `user` LEFT JOIN `profile` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 AND `user`.`hidewall` = 0 AND MATCH `pub_keywords` AGAINST ('%s') LIMIT %d , %d ",
-               dbesc($search),
+               DBA::escape($search),
                 intval($startrec),
                 intval($perpage)
         );
diff --git a/mod/network.php b/mod/network.php

index 95f240953a760130f02563e88b499bd7d5cba473..aec992756dfdee03726eddf83310973a105c696e 100644 (file)
--- a/mod/network.php
+++ b/mod/network.php
@@ -604,8 +604,8 @@ function networkThreadedView(App $a, $update, $parent)
                 $sql_post_table = " INNER JOIN `thread` ON `thread`.`iid` = `item`.`parent`";
         }
  
-       $sql_nets = (($nets) ? sprintf(" AND $sql_table.`network` = '%s' ", dbesc($nets)) : '');
-       $sql_tag_nets = (($nets) ? sprintf(" AND `item`.`network` = '%s' ", dbesc($nets)) : '');
+       $sql_nets = (($nets) ? sprintf(" AND $sql_table.`network` = '%s' ", DBA::escape($nets)) : '');
+       $sql_tag_nets = (($nets) ? sprintf(" AND `item`.`network` = '%s' ", DBA::escape($nets)) : '');
  
         if ($gid) {
                 $group = DBA::selectFirst('group', ['name'], ['id' => $gid, 'uid' => local_user()]);
@@ -680,11 +680,11 @@ function networkThreadedView(App $a, $update, $parent)
  
         if ($datequery) {
                 $sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created <= '%s' ",
-                               dbesc(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
+                               DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
         }
         if ($datequery2) {
                 $sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created >= '%s' ",
-                               dbesc(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
+                               DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
         }
  
         if ($conv) {
@@ -703,7 +703,7 @@ function networkThreadedView(App $a, $update, $parent)
         $sql_order = "$sql_table.$ordering";
  
         if (x($_GET, 'offset')) {
-               $sql_range = sprintf(" AND $sql_order <= '%s'", dbesc($_GET['offset']));
+               $sql_range = sprintf(" AND $sql_order <= '%s'", DBA::escape($_GET['offset']));
         } else {
                 $sql_range = '';
         }
@@ -716,7 +716,7 @@ function networkThreadedView(App $a, $update, $parent)
                 case 'received':
                         if ($last_received != '') {
                                 $last_date = $last_received;
-                               $sql_range .= sprintf(" AND $sql_table.`received` < '%s'", dbesc($last_received));
+                               $sql_range .= sprintf(" AND $sql_table.`received` < '%s'", DBA::escape($last_received));
                                 $a->set_pager_page(1);
                                 $pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
                         }
@@ -724,7 +724,7 @@ function networkThreadedView(App $a, $update, $parent)
                 case 'commented':
                         if ($last_commented != '') {
                                 $last_date = $last_commented;
-                               $sql_range .= sprintf(" AND $sql_table.`commented` < '%s'", dbesc($last_commented));
+                               $sql_range .= sprintf(" AND $sql_table.`commented` < '%s'", DBA::escape($last_commented));
                                 $a->set_pager_page(1);
                                 $pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
                         }
@@ -732,14 +732,14 @@ function networkThreadedView(App $a, $update, $parent)
                 case 'created':
                         if ($last_created != '') {
                                 $last_date = $last_created;
-                               $sql_range .= sprintf(" AND $sql_table.`created` < '%s'", dbesc($last_created));
+                               $sql_range .= sprintf(" AND $sql_table.`created` < '%s'", DBA::escape($last_created));
                                 $a->set_pager_page(1);
                                 $pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
                         }
                         break;
                 case 'id':
                         if (($last_id > 0) && ($sql_table == '`thread`')) {
-                               $sql_range .= sprintf(" AND $sql_table.`iid` < '%s'", dbesc($last_id));
+                               $sql_range .= sprintf(" AND $sql_table.`iid` < '%s'", DBA::escape($last_id));
                                 $a->set_pager_page(1);
                                 $pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
                         }
@@ -902,7 +902,7 @@ function networkThreadedView(App $a, $update, $parent)
                 $condition = ['unseen' => true, 'uid' => local_user()];
                 networkSetSeen($condition);
         } elseif ($parents_str) {
-               $condition = ["`uid` = ? AND `unseen` AND `parent` IN (" . dbesc($parents_str) . ")", local_user()];
+               $condition = ["`uid` = ? AND `unseen` AND `parent` IN (" . DBA::escape($parents_str) . ")", local_user()];
                 networkSetSeen($condition);
         }
  
diff --git a/mod/noscrape.php b/mod/noscrape.php

index 7af0d9933c4bc26f0faa2535b5e9902880e44f3b..b80444baad433244d7ef6a7f1a160fb0375769f3 100644 (file)
--- a/mod/noscrape.php
+++ b/mod/noscrape.php
@@ -61,9 +61,9 @@ function noscrape_init(App $a)
                 $r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 and `pending` = 0 AND `hidden` = 0 AND `archive` = 0
                                 AND `network` IN ('%s', '%s', '%s', '')",
                         intval($a->profile['uid']),
-                       dbesc(NETWORK_DFRN),
-                       dbesc(NETWORK_DIASPORA),
-                       dbesc(NETWORK_OSTATUS)
+                       DBA::escape(NETWORK_DFRN),
+                       DBA::escape(NETWORK_DIASPORA),
+                       DBA::escape(NETWORK_OSTATUS)
                 );
                 if (DBA::isResult($r)) {
                         $json_info["contacts"] = intval($r[0]['total']);
diff --git a/mod/openid.php b/mod/openid.php

index 449db73955198557c994246ad1d57c5a0caa8d47..41d45c1f608a887889abc087baa6119f40b67113 100644 (file)
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -41,7 +41,7 @@ function openid_content(App $a) {
                                 AND `blocked` = 0 AND `account_expired` = 0
                                 AND `account_removed` = 0 AND `verified` = 1
                                 LIMIT 1",
-                               dbesc($authid), dbesc(normalise_openid($authid))
+                               DBA::escape($authid), DBA::escape(normalise_openid($authid))
                         );
  
                         if (DBA::isResult($r)) {
diff --git a/mod/photo.php b/mod/photo.php

index 15a623e3c2b280796ae2187a0fafc028f9ea05fe..6d456b349e9c496ff7168407bde68dcdf5ca9565 100644 (file)
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -107,7 +107,7 @@ function photo_init(App $a)
  
                 // check if the photo exists and get the owner of the photo
                 $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1",
-                       dbesc($photo),
+                       DBA::escape($photo),
                         intval($resolution)
                 );
                 if (DBA::isResult($r)) {
@@ -115,7 +115,7 @@ function photo_init(App $a)
  
                         // Now we'll see if we can access the photo
                         $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` <= %d $sql_extra ORDER BY scale DESC LIMIT 1",
-                               dbesc($photo),
+                               DBA::escape($photo),
                                 intval($resolution)
                         );
                         if (DBA::isResult($r)) {
diff --git a/mod/photos.php b/mod/photos.php

index bc6261029b22f32b79753d083031e0f8bbb6b597..fb66cef1dbe2579ee1499064c950682ad18627b8 100644 (file)
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -45,7 +45,7 @@ function photos_init(App $a) {
         if ($a->argc > 1) {
                 $nick = $a->argv[1];
                 $user = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
-                       dbesc($nick)
+                       DBA::escape($nick)
                 );
  
                 if (!DBA::isResult($user)) {
@@ -198,7 +198,7 @@ function photos_post(App $a)
                 }
  
                 $r = q("SELECT `album` FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
-                       dbesc($album),
+                       DBA::escape($album),
                         intval($page_owner_uid)
                 );
                 if (!DBA::isResult($r)) {
@@ -216,8 +216,8 @@ function photos_post(App $a)
                 $newalbum = notags(trim($_POST['albumname']));
                 if ($newalbum != $album) {
                         q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
-                               dbesc($newalbum),
-                               dbesc($album),
+                               DBA::escape($newalbum),
+                               DBA::escape($album),
                                 intval($page_owner_uid)
                         );
                         // Update the photo albums cache
@@ -262,17 +262,17 @@ function photos_post(App $a)
                                 $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'",
                                         intval($visitor),
                                         intval($page_owner_uid),
-                                       dbesc($album)
+                                       DBA::escape($album)
                                 );
                         } else {
                                 $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
                                         intval(local_user()),
-                                       dbesc($album)
+                                       DBA::escape($album)
                                 );
                         }
                         if (DBA::isResult($r)) {
                                 foreach ($r as $rr) {
-                                       $res[] = "'" . dbesc($rr['rid']) . "'" ;
+                                       $res[] = "'" . DBA::escape($rr['rid']) . "'" ;
                                 }
                         } else {
                                 goaway($_SESSION['photo_return']);
@@ -327,19 +327,19 @@ function photos_post(App $a)
                         $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1",
                                 intval($visitor),
                                 intval($page_owner_uid),
-                               dbesc($a->argv[2])
+                               DBA::escape($a->argv[2])
                         );
                 } else {
                         $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1",
                                 intval(local_user()),
-                               dbesc($a->argv[2])
+                               DBA::escape($a->argv[2])
                         );
                 }
  
                 if (DBA::isResult($r)) {
                         q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'",
                                 intval($page_owner_uid),
-                               dbesc($r[0]['resource-id'])
+                               DBA::escape($r[0]['resource-id'])
                         );
  
                         Item::deleteForUser(['resource-id' => $r[0]['resource-id'], 'uid' => $page_owner_uid], $page_owner_uid);
@@ -374,7 +374,7 @@ function photos_post(App $a)
                         logger('rotate');
  
                         $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0 LIMIT 1",
-                               dbesc($resource_id),
+                               DBA::escape($resource_id),
                                 intval($page_owner_uid)
                         );
  
@@ -389,10 +389,10 @@ function photos_post(App $a)
                                         $height = $image->getHeight();
  
                                         $x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0",
-                                               dbesc($image->asString()),
+                                               DBA::escape($image->asString()),
                                                 intval($height),
                                                 intval($width),
-                                               dbesc($resource_id),
+                                               DBA::escape($resource_id),
                                                 intval($page_owner_uid)
                                         );
  
@@ -402,10 +402,10 @@ function photos_post(App $a)
                                                 $height = $image->getHeight();
  
                                                 $x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 1",
-                                                       dbesc($image->asString()),
+                                                       DBA::escape($image->asString()),
                                                         intval($height),
                                                         intval($width),
-                                                       dbesc($resource_id),
+                                                       DBA::escape($resource_id),
                                                         intval($page_owner_uid)
                                                 );
                                         }
@@ -416,10 +416,10 @@ function photos_post(App $a)
                                                 $height = $image->getHeight();
  
                                                 $x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 2",
-                                                       dbesc($image->asString()),
+                                                       DBA::escape($image->asString()),
                                                         intval($height),
                                                         intval($width),
-                                                       dbesc($resource_id),
+                                                       DBA::escape($resource_id),
                                                         intval($page_owner_uid)
                                                 );
                                         }
@@ -428,19 +428,19 @@ function photos_post(App $a)
                 }
  
                 $p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC",
-                       dbesc($resource_id),
+                       DBA::escape($resource_id),
                         intval($page_owner_uid)
                 );
                 if (DBA::isResult($p)) {
                         $ext = $phototypes[$p[0]['type']];
                         $r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d",
-                               dbesc($desc),
-                               dbesc($albname),
-                               dbesc($str_contact_allow),
-                               dbesc($str_group_allow),
-                               dbesc($str_contact_deny),
-                               dbesc($str_group_deny),
-                               dbesc($resource_id),
+                               DBA::escape($desc),
+                               DBA::escape($albname),
+                               DBA::escape($str_contact_allow),
+                               DBA::escape($str_group_allow),
+                               DBA::escape($str_contact_deny),
+                               DBA::escape($str_group_deny),
+                               DBA::escape($resource_id),
                                 intval($page_owner_uid)
                         );
  
@@ -554,15 +554,15 @@ function photos_post(App $a)
  
                                                                 //select someone from this user's contacts by name
                                                                 $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
-                                                                               dbesc($newname),
+                                                                               DBA::escape($newname),
                                                                                 intval($page_owner_uid)
                                                                 );
  
                                                                 if (!DBA::isResult($r)) {
                                                                         //select someone by attag or nick and the name passed in
                                                                         $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
-                                                                                       dbesc($name),
-                                                                                       dbesc($name),
+                                                                                       DBA::escape($name),
+                                                                                       DBA::escape($name),
                                                                                         intval($page_owner_uid)
                                                                         );
                                                                 }
@@ -707,7 +707,7 @@ function photos_post(App $a)
          */
  
         $r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `created` > UTC_TIMESTAMP() - INTERVAL 3 HOUR ",
-               dbesc($album),
+               DBA::escape($album),
                 intval($page_owner_uid)
         );
  
@@ -1111,7 +1111,7 @@ function photos_content(App $a)
                 $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
                         AND `scale` <= 4 $sql_extra GROUP BY `resource-id`",
                         intval($owner_uid),
-                       dbesc($album)
+                       DBA::escape($album)
                 );
                 if (DBA::isResult($r)) {
                         $a->set_pager_total(count($r));
@@ -1132,7 +1132,7 @@ function photos_content(App $a)
                         FROM `photo` WHERE `uid` = %d AND `album` = '%s'
                         AND `scale` <= 4 $sql_extra GROUP BY `resource-id` ORDER BY `created` $order LIMIT %d , %d",
                         intval($owner_uid),
-                       dbesc($album),
+                       DBA::escape($album),
                         intval($a->pager['start']),
                         intval($a->pager['itemspage'])
                 );
@@ -1216,14 +1216,14 @@ function photos_content(App $a)
                 $ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
                         $sql_extra ORDER BY `scale` ASC ",
                         intval($owner_uid),
-                       dbesc($datum)
+                       DBA::escape($datum)
                 );
  
                 if (!DBA::isResult($ph)) {
                         $ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
                                 LIMIT 1",
                                 intval($owner_uid),
-                               dbesc($datum)
+                               DBA::escape($datum)
                         );
                         if (DBA::isResult($ph)) {
                                 notice(L10n::t('Permission denied. Access to this item may be restricted.'));
@@ -1252,7 +1252,7 @@ function photos_content(App $a)
  
                         $prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0
                                 $sql_extra ORDER BY `created` $order ",
-                               dbesc($ph[0]['album']),
+                               DBA::escape($ph[0]['album']),
                                 intval($owner_uid)
                         );
  
@@ -1347,7 +1347,7 @@ function photos_content(App $a)
  
                 /// @todo Rewrite this query. To do so, $sql_extra must be changed
                 $linked_items = q("SELECT `id` FROM `item` WHERE `resource-id` = '%s' $sql_extra LIMIT 1",
-                       dbesc($datum)
+                       DBA::escape($datum)
                 );
  
                 $map = null;
@@ -1615,8 +1615,8 @@ function photos_content(App $a)
         $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
                 $sql_extra GROUP BY `resource-id`",
                 intval($a->data['user']['uid']),
-               dbesc('Contact Photos'),
-               dbesc(L10n::t('Contact Photos'))
+               DBA::escape('Contact Photos'),
+               DBA::escape(L10n::t('Contact Photos'))
         );
  
         if (DBA::isResult($r)) {
@@ -1630,8 +1630,8 @@ function photos_content(App $a)
                 WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
                 $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
                 intval($a->data['user']['uid']),
-               dbesc('Contact Photos'),
-               dbesc(L10n::t('Contact Photos')),
+               DBA::escape('Contact Photos'),
+               DBA::escape(L10n::t('Contact Photos')),
                 intval($a->pager['start']),
                 intval($a->pager['itemspage'])
         );
diff --git a/mod/ping.php b/mod/ping.php

index 11968eec75164ec96c15ca6b0e700a14575bf3f9..4c4bc81ac1de7bc6827ac88a022c0d49f5a3dd5c 100644 (file)
--- a/mod/ping.php
+++ b/mod/ping.php
@@ -197,7 +197,7 @@ function ping_init(App $a)
                         "SELECT `id`, `from-name`, `from-url`, `from-photo`, `created` FROM `mail`
                         WHERE `uid` = %d AND `seen` = 0 AND `from-url` != '%s' ",
                         intval(local_user()),
-                       dbesc($myurl)
+                       DBA::escape($myurl)
                 );
                 $mail_count = count($mails);
  
@@ -221,8 +221,8 @@ function ping_init(App $a)
                                 WHERE `event`.`uid` = %d AND `start` < '%s' AND `finish` > '%s' and `ignore` = 0
                                 ORDER BY `start` ASC ",
                                 intval(local_user()),
-                               dbesc(DateTimeFormat::utc('now + 7 days')),
-                               dbesc(DateTimeFormat::utcNow())
+                               DBA::escape(DateTimeFormat::utc('now + 7 days')),
+                               DBA::escape(DateTimeFormat::utcNow())
                         );
                         if (DBA::isResult($ev)) {
                                 Cache::set($cachekey, $ev, CACHE_HOUR);
@@ -481,8 +481,8 @@ function ping_get_notifications($uid)
  
                                 q(
                                         "UPDATE `notify` SET `name_cache` = '%s', `msg_cache` = '%s' WHERE `id` = %d",
-                                       dbesc($notification["name"]),
-                                       dbesc($notification["message"]),
+                                       DBA::escape($notification["name"]),
+                                       DBA::escape($notification["message"]),
                                         intval($notification["id"])
                                 );
                         }
diff --git a/mod/poco.php b/mod/poco.php

index a545862c53397305a1bab04fc83dff63dd12e176..a2f038d08cfdad85f099184a0bbcf4f3d17e940c 100644 (file)
--- a/mod/poco.php
+++ b/mod/poco.php
@@ -65,7 +65,7 @@ function poco_init(App $a) {
         if (! $system_mode && ! $global) {
                 $users = q("SELECT `user`.*,`profile`.`hide-friends` from user left join profile on `user`.`uid` = `profile`.`uid`
                         where `user`.`nickname` = '%s' and `profile`.`is-default` = 1 limit 1",
-                       dbesc($user)
+                       DBA::escape($user)
                 );
                 if (! DBA::isResult($users) || $users[0]['hidewall'] || $users[0]['hide-friends']) {
                         System::httpExit(404);
@@ -88,10 +88,10 @@ function poco_init(App $a) {
         }
         if ($global) {
                 $contacts = q("SELECT count(*) AS `total` FROM `gcontact` WHERE `updated` >= '%s' AND `updated` >= `last_failure` AND NOT `hide` AND `network` IN ('%s', '%s', '%s')",
-                       dbesc($update_limit),
-                       dbesc(NETWORK_DFRN),
-                       dbesc(NETWORK_DIASPORA),
-                       dbesc(NETWORK_OSTATUS)
+                       DBA::escape($update_limit),
+                       DBA::escape(NETWORK_DFRN),
+                       DBA::escape(NETWORK_DIASPORA),
+                       DBA::escape(NETWORK_OSTATUS)
                 );
         } elseif ($system_mode) {
                 $contacts = q("SELECT count(*) AS `total` FROM `contact` WHERE `self` = 1
@@ -101,10 +101,10 @@ function poco_init(App $a) {
                         AND (`success_update` >= `failure_update` OR `last-item` >= `failure_update`)
                         AND `network` IN ('%s', '%s', '%s', '%s') $sql_extra",
                         intval($user['uid']),
-                       dbesc(NETWORK_DFRN),
-                       dbesc(NETWORK_DIASPORA),
-                       dbesc(NETWORK_OSTATUS),
-                       dbesc(NETWORK_STATUSNET)
+                       DBA::escape(NETWORK_DFRN),
+                       DBA::escape(NETWORK_DIASPORA),
+                       DBA::escape(NETWORK_OSTATUS),
+                       DBA::escape(NETWORK_STATUSNET)
                 );
         }
         if (DBA::isResult($contacts)) {
@@ -123,10 +123,10 @@ function poco_init(App $a) {
                 logger("Start global query", LOGGER_DEBUG);
                 $contacts = q("SELECT * FROM `gcontact` WHERE `updated` > '%s' AND NOT `hide` AND `network` IN ('%s', '%s', '%s') AND `updated` > `last_failure`
                         ORDER BY `updated` DESC LIMIT %d, %d",
-                       dbesc($update_limit),
-                       dbesc(NETWORK_DFRN),
-                       dbesc(NETWORK_DIASPORA),
-                       dbesc(NETWORK_OSTATUS),
+                       DBA::escape($update_limit),
+                       DBA::escape(NETWORK_DFRN),
+                       DBA::escape(NETWORK_DIASPORA),
+                       DBA::escape(NETWORK_OSTATUS),
                         intval($startIndex),
                         intval($itemsPerPage)
                 );
@@ -148,10 +148,10 @@ function poco_init(App $a) {
                         AND (`success_update` >= `failure_update` OR `last-item` >= `failure_update`)
                         AND `network` IN ('%s', '%s', '%s', '%s') $sql_extra LIMIT %d, %d",
                         intval($user['uid']),
-                       dbesc(NETWORK_DFRN),
-                       dbesc(NETWORK_DIASPORA),
-                       dbesc(NETWORK_OSTATUS),
-                       dbesc(NETWORK_STATUSNET),
+                       DBA::escape(NETWORK_DFRN),
+                       DBA::escape(NETWORK_DIASPORA),
+                       DBA::escape(NETWORK_OSTATUS),
+                       DBA::escape(NETWORK_STATUSNET),
                         intval($startIndex),
                         intval($itemsPerPage)
                 );
diff --git a/mod/profile.php b/mod/profile.php

index 15f12be6d904104553bbcac7be9ebeee93ce4a77..c2167b3bd64857021ba3ada088d1e27964689da1 100644 (file)
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -257,19 +257,19 @@ function profile_content(App $a, $update = 0)
  
                 if (x($category)) {
                         $sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
-                               dbesc(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid']));
+                               DBA::escape(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid']));
                 }
  
                 if (x($hashtags)) {
                         $sql_post_table .= sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
-                               dbesc(protect_sprintf($hashtags)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval($a->profile['profile_uid']));
+                               DBA::escape(protect_sprintf($hashtags)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval($a->profile['profile_uid']));
                 }
  
                 if ($datequery) {
-                       $sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` <= '%s' ", dbesc(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
+                       $sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` <= '%s' ", DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
                 }
                 if ($datequery2) {
-                       $sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` >= '%s' ", dbesc(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
+                       $sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` >= '%s' ", DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
                 }
  
                 // Belongs the profile page to a forum?
diff --git a/mod/profile_photo.php b/mod/profile_photo.php

index 65c4b6dc72db5ca30c5e3a5487f266f50b2e4d29..567a7f3a2512b3e05c79edb68a57546637a47f76 100644 (file)
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -69,8 +69,8 @@ function profile_photo_post(App $a)
                 $srcW = $_POST['xfinal'] - $srcX;
                 $srcH = $_POST['yfinal'] - $srcY;
  
-               $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", dbesc($image_id),
-                       dbesc(local_user()), intval($scale));
+               $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", DBA::escape($image_id),
+                       DBA::escape(local_user()), intval($scale));
  
                 $url = System::baseUrl() . '/profile/' . $a->user['nickname'];
                 if (DBA::isResult($r)) {
@@ -109,12 +109,12 @@ function profile_photo_post(App $a)
  
                                 if ($is_default_profile) {
                                         $r = q("UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d",
-                                               dbesc($base_image['resource-id']), intval(local_user())
+                                               DBA::escape($base_image['resource-id']), intval(local_user())
                                         );
                                 } else {
                                         $r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d",
-                                               dbesc(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-4.' . $Image->getExt()),
-                                               dbesc(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-5.' . $Image->getExt()),
+                                               DBA::escape(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-4.' . $Image->getExt()),
+                                               DBA::escape(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-5.' . $Image->getExt()),
                                                 intval($_REQUEST['profile']), intval(local_user())
                                         );
                                 }
@@ -191,7 +191,7 @@ function profile_photo_content(App $a)
                 $resource_id = $a->argv[2];
                 //die(":".local_user());
                 $r = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC", intval(local_user()),
-                       dbesc($resource_id)
+                       DBA::escape($resource_id)
                 );
  
                 if (!DBA::isResult($r)) {
@@ -212,7 +212,7 @@ function profile_photo_content(App $a)
                         $r = q("UPDATE `photo` SET `profile`=0 WHERE `profile`=1 AND `uid`=%d", intval(local_user()));
  
                         $r = q("UPDATE `photo` SET `profile`=1 WHERE `uid` = %d AND `resource-id` = '%s'", intval(local_user()),
-                               dbesc($resource_id)
+                               DBA::escape($resource_id)
                         );
  
                         Contact::updateSelfFromUserID(local_user(), true);
diff --git a/mod/profiles.php b/mod/profiles.php

index 674f528447ebcc3054bfba27ffdd4529e8f8996d..e65b51aff4bd51a278ff463b3a93d6bd636ccb14 100644 (file)
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -78,15 +78,15 @@ function profiles_init(App $a) {
                 $r2 = q("INSERT INTO `profile` (`uid` , `profile-name` , `name`, `photo`, `thumb`)
                         VALUES ( %d, '%s', '%s', '%s', '%s' )",
                         intval(local_user()),
-                       dbesc($name),
-                       dbesc($r1[0]['name']),
-                       dbesc($r1[0]['photo']),
-                       dbesc($r1[0]['thumb'])
+                       DBA::escape($name),
+                       DBA::escape($r1[0]['name']),
+                       DBA::escape($r1[0]['photo']),
+                       DBA::escape($r1[0]['thumb'])
                 );
  
                 $r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1",
                         intval(local_user()),
-                       dbesc($name)
+                       DBA::escape($name)
                 );
  
                 info(L10n::t('New profile created.') . EOL);
@@ -120,13 +120,13 @@ function profiles_init(App $a) {
                 $r1[0]['is-default'] = 0;
                 $r1[0]['publish'] = 0;
                 $r1[0]['net-publish'] = 0;
-               $r1[0]['profile-name'] = dbesc($name);
+               $r1[0]['profile-name'] = DBA::escape($name);
  
                 DBA::insert('profile', $r1[0]);
  
                 $r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1",
                         intval(local_user()),
-                       dbesc($name)
+                       DBA::escape($name)
                 );
                 info(L10n::t('New profile created.') . EOL);
                 if ((DBA::isResult($r3)) && (count($r3) == 1)) {
@@ -283,12 +283,12 @@ function profiles_post(App $a) {
                                         $newname = $lookup;
  
                                         $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
-                                               dbesc($newname),
+                                               DBA::escape($newname),
                                                 intval(local_user())
                                         );
                                         if (! DBA::isResult($r)) {
                                                 $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1",
-                                                       dbesc($lookup),
+                                                       DBA::escape($lookup),
                                                         intval(local_user())
                                                 );
                                         }
@@ -440,39 +440,39 @@ function profiles_post(App $a) {
                         `education` = '%s',
                         `hide-friends` = %d
                         WHERE `id` = %d AND `uid` = %d",
-                       dbesc($profile_name),
-                       dbesc($name),
-                       dbesc($pdesc),
-                       dbesc($gender),
-                       dbesc($dob),
-                       dbesc($address),
-                       dbesc($locality),
-                       dbesc($region),
-                       dbesc($postal_code),
-                       dbesc($country_name),
-                       dbesc($marital),
-                       dbesc($with),
-                       dbesc($howlong),
-                       dbesc($sexual),
-                       dbesc($xmpp),
-                       dbesc($homepage),
-                       dbesc($hometown),
-                       dbesc($politic),
-                       dbesc($religion),
-                       dbesc($pub_keywords),
-                       dbesc($prv_keywords),
-                       dbesc($likes),
-                       dbesc($dislikes),
-                       dbesc($about),
-                       dbesc($interest),
-                       dbesc($contact),
-                       dbesc($music),
-                       dbesc($book),
-                       dbesc($tv),
-                       dbesc($film),
-                       dbesc($romance),
-                       dbesc($work),
-                       dbesc($education),
+                       DBA::escape($profile_name),
+                       DBA::escape($name),
+                       DBA::escape($pdesc),
+                       DBA::escape($gender),
+                       DBA::escape($dob),
+                       DBA::escape($address),
+                       DBA::escape($locality),
+                       DBA::escape($region),
+                       DBA::escape($postal_code),
+                       DBA::escape($country_name),
+                       DBA::escape($marital),
+                       DBA::escape($with),
+                       DBA::escape($howlong),
+                       DBA::escape($sexual),
+                       DBA::escape($xmpp),
+                       DBA::escape($homepage),
+                       DBA::escape($hometown),
+                       DBA::escape($politic),
+                       DBA::escape($religion),
+                       DBA::escape($pub_keywords),
+                       DBA::escape($prv_keywords),
+                       DBA::escape($likes),
+                       DBA::escape($dislikes),
+                       DBA::escape($about),
+                       DBA::escape($interest),
+                       DBA::escape($contact),
+                       DBA::escape($music),
+                       DBA::escape($book),
+                       DBA::escape($tv),
+                       DBA::escape($film),
+                       DBA::escape($romance),
+                       DBA::escape($work),
+                       DBA::escape($education),
                         intval($hide_friends),
                         intval($a->argv[1]),
                         intval(local_user())
@@ -486,7 +486,7 @@ function profiles_post(App $a) {
                 if ($is_default) {
                         if ($namechanged) {
                                 $r = q("UPDATE `user` set `username` = '%s' where `uid` = %d",
-                                       dbesc($name),
+                                       DBA::escape($name),
                                         intval(local_user())
                                 );
                         }
diff --git a/mod/profperm.php b/mod/profperm.php

index 37047e6de71285bc9238ad913190cb86473cf32c..6ad922b594266a4847d94ac2d5a5898feef18633 100644 (file)
--- a/mod/profperm.php
+++ b/mod/profperm.php
@@ -47,7 +47,7 @@ function profperm_content(App $a) {
         if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) {
                 $r = q("SELECT `id` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `self` = 0
                         AND `network` = '%s' AND `id` = %d AND `uid` = %d LIMIT 1",
-                       dbesc(NETWORK_DFRN),
+                       DBA::escape(NETWORK_DFRN),
                         intval($a->argv[2]),
                         intval(local_user())
                 );
@@ -144,7 +144,7 @@ function profperm_content(App $a) {
                 $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `blocked` = 0 and `pending` = 0 and `self` = 0
                         AND `network` = '%s' ORDER BY `name` ASC",
                         intval(local_user()),
-                       dbesc(NETWORK_DFRN)
+                       DBA::escape(NETWORK_DFRN)
                 );
  
                 if (DBA::isResult($r)) {
diff --git a/mod/register.php b/mod/register.php

index aa0f2f59bc1ece7c3f48562455ab9f7e0046f734..44fdac5f0da07404100b506076778108e14c16cb 100644 (file)
--- a/mod/register.php
+++ b/mod/register.php
@@ -85,7 +85,7 @@ function register_post(App $a)
  
         if (intval(Config::get('config', 'register_policy')) === REGISTER_OPEN) {
                 if ($using_invites && $invite_id) {
-                       q("delete * from register where hash = '%s' limit 1", dbesc($invite_id));
+                       q("delete * from register where hash = '%s' limit 1", DBA::escape($invite_id));
                         PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
                 }
  
@@ -117,22 +117,22 @@ function register_post(App $a)
  
                 $hash = random_string();
                 $r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language`, `note` ) VALUES ( '%s', '%s', %d, '%s', '%s', '%s' ) ",
-                       dbesc($hash),
-                       dbesc(DateTimeFormat::utcNow()),
+                       DBA::escape($hash),
+                       DBA::escape(DateTimeFormat::utcNow()),
                         intval($user['uid']),
-                       dbesc($result['password']),
-                       dbesc(Config::get('system', 'language')),
-                       dbesc($_POST['permonlybox'])
+                       DBA::escape($result['password']),
+                       DBA::escape(Config::get('system', 'language')),
+                       DBA::escape($_POST['permonlybox'])
                 );
  
                 // invite system
                 if ($using_invites && $invite_id) {
-                       q("DELETE * FROM `register` WHERE `hash` = '%s' LIMIT 1", dbesc($invite_id));
+                       q("DELETE * FROM `register` WHERE `hash` = '%s' LIMIT 1", DBA::escape($invite_id));
                         PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
                 }
  
                 // send email to admins
-               $admin_mail_list = "'" . implode("','", array_map("dbesc", explode(",", str_replace(" ", "", Config::get('config', 'admin_email'))))) . "'";
+               $admin_mail_list = "'" . implode("','", array_map(['Friendica\Database\DBA', 'escape'], explode(",", str_replace(" ", "", Config::get('config', 'admin_email'))))) . "'";
                 $adminlist = q("SELECT uid, language, email FROM user WHERE email IN (%s)",
                         $admin_mail_list
                 );
diff --git a/mod/regmod.php b/mod/regmod.php

index 7380056536db24b5eb98558dba52fccc1d873847..c1493528d57258ada64305ab5609fccd2aba3722 100644 (file)
--- a/mod/regmod.php
+++ b/mod/regmod.php
@@ -19,7 +19,7 @@ function user_allow($hash)
         $a = get_app();
  
         $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
-               dbesc($hash)
+               DBA::escape($hash)
         );
  
  
@@ -36,7 +36,7 @@ function user_allow($hash)
         }
  
         $r = q("DELETE FROM `register` WHERE `hash` = '%s'",
-               dbesc($register[0]['hash'])
+               DBA::escape($register[0]['hash'])
         );
  
  
@@ -77,7 +77,7 @@ function user_allow($hash)
  function user_deny($hash)
  {
         $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
-               dbesc($hash)
+               DBA::escape($hash)
         );
  
         if (!DBA::isResult($register)) {
diff --git a/mod/repair_ostatus.php b/mod/repair_ostatus.php

index b8f6fc52324dd67d7996fa5ec6c79963c361b9d6..1d2e202ecf36f149fa04c36801283f0b932abdc8 100644 (file)
--- a/mod/repair_ostatus.php
+++ b/mod/repair_ostatus.php
@@ -26,7 +26,7 @@ function repair_ostatus_content(App $a) {
          $r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE
                  `uid` = %d AND `network` = '%s' AND `rel` IN (%d, %d)",
                  intval($uid),
-                dbesc(NETWORK_OSTATUS),
+                DBA::escape(NETWORK_OSTATUS),
                  intval(CONTACT_IS_FRIEND),
                  intval(CONTACT_IS_SHARING));
  
@@ -40,7 +40,7 @@ function repair_ostatus_content(App $a) {
                 ORDER BY `url`
                 LIMIT %d, 1",
                  intval($uid),
-                dbesc(NETWORK_OSTATUS),
+                DBA::escape(NETWORK_OSTATUS),
                  intval(CONTACT_IS_FRIEND),
                  intval(CONTACT_IS_SHARING), $counter++);
  
diff --git a/mod/salmon.php b/mod/salmon.php

index 3cdd607ad178d44494ef81907cad8a6990528d34..becdd7475308687968dbfed3019d6af08044f9bd 100644 (file)
--- a/mod/salmon.php
+++ b/mod/salmon.php
@@ -25,7 +25,7 @@ function salmon_post(App $a, $xml = '') {
         $mentions   = (($a->argc > 2 && $a->argv[2] === 'mention') ? true : false);
  
         $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 AND `account_removed` = 0 LIMIT 1",
-               dbesc($nick)
+               DBA::escape($nick)
         );
         if (! DBA::isResult($r)) {
                 System::httpExit(500);
@@ -145,11 +145,11 @@ function salmon_post(App $a, $xml = '') {
         $r = q("SELECT * FROM `contact` WHERE `network` IN ('%s', '%s')
                                                 AND (`nurl` = '%s' OR `alias` = '%s' OR `alias` = '%s')
                                                 AND `uid` = %d LIMIT 1",
-               dbesc(NETWORK_OSTATUS),
-               dbesc(NETWORK_DFRN),
-               dbesc(normalise_link($author_link)),
-               dbesc($author_link),
-               dbesc(normalise_link($author_link)),
+               DBA::escape(NETWORK_OSTATUS),
+               DBA::escape(NETWORK_DFRN),
+               DBA::escape(normalise_link($author_link)),
+               DBA::escape($author_link),
+               DBA::escape(normalise_link($author_link)),
                 intval($importer['uid'])
         );
         if (! DBA::isResult($r)) {
@@ -159,9 +159,9 @@ function salmon_post(App $a, $xml = '') {
                         if($result['success']) {
                                 $r = q("SELECT * FROM `contact` WHERE `network` = '%s' AND ( `url` = '%s' OR `alias` = '%s')
                                         AND `uid` = %d LIMIT 1",
-                                       dbesc(NETWORK_OSTATUS),
-                                       dbesc($author_link),
-                                       dbesc($author_link),
+                                       DBA::escape(NETWORK_OSTATUS),
+                                       DBA::escape($author_link),
+                                       DBA::escape($author_link),
                                         intval($importer['uid'])
                                 );
                         }
diff --git a/mod/search.php b/mod/search.php

index 75e73742bab39e039d6534299c680ca1dc8e10c9..64336e3487b0e78e34d304d37a86304e9b7d2630 100644 (file)
--- a/mod/search.php
+++ b/mod/search.php
@@ -65,7 +65,7 @@ function search_init(App $a) {
                 if (x($_GET,'save') && $search) {
                         $r = q("SELECT * FROM `search` WHERE `uid` = %d AND `term` = '%s' LIMIT 1",
                                 intval(local_user()),
-                               dbesc($search)
+                               DBA::escape($search)
                         );
                         if (!DBA::isResult($r)) {
                                 DBA::insert('search', ['uid' => local_user(), 'term' => $search]);
diff --git a/mod/settings.php b/mod/settings.php

index 1e1f9031d5d094515dcda1e54712caef459d5534..6c7d0fafe77d5a3d9b0c49be66d40c1b5c421f7d 100644 (file)
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -175,23 +175,23 @@ function settings_post(App $a)
                                                         icon='%s',
                                                         uid=%d
                                                 WHERE client_id='%s'",
-                                       dbesc($key),
-                                       dbesc($secret),
-                                       dbesc($name),
-                                       dbesc($redirect),
-                                       dbesc($icon),
+                                       DBA::escape($key),
+                                       DBA::escape($secret),
+                                       DBA::escape($name),
+                                       DBA::escape($redirect),
+                                       DBA::escape($icon),
                                         local_user(),
-                                       dbesc($key)
+                                       DBA::escape($key)
                                 );
                         } else {
                                 q("INSERT INTO clients
                                                         (client_id, pw, name, redirect_uri, icon, uid)
                                                 VALUES ('%s', '%s', '%s', '%s', '%s',%d)",
-                                       dbesc($key),
-                                       dbesc($secret),
-                                       dbesc($name),
-                                       dbesc($redirect),
-                                       dbesc($icon),
+                                       DBA::escape($key),
+                                       DBA::escape($secret),
+                                       DBA::escape($name),
+                                       DBA::escape($redirect),
+                                       DBA::escape($icon),
                                         local_user()
                                 );
                         }
@@ -250,13 +250,13 @@ function settings_post(App $a)
                                 $r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',
                                         `action` = %d, `movetofolder` = '%s',
                                         `mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d",
-                                       dbesc($mail_server),
+                                       DBA::escape($mail_server),
                                         intval($mail_port),
-                                       dbesc($mail_ssl),
-                                       dbesc($mail_user),
+                                       DBA::escape($mail_ssl),
+                                       DBA::escape($mail_user),
                                         intval($mail_action),
-                                       dbesc($mail_movetofolder),
-                                       dbesc($mail_replyto),
+                                       DBA::escape($mail_movetofolder),
+                                       DBA::escape($mail_replyto),
                                         intval($mail_pubmail),
                                         intval(local_user())
                                 );
@@ -356,7 +356,7 @@ function settings_post(App $a)
                 Theme::install($theme);
  
                 $r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d",
-                               dbesc($theme),
+                               DBA::escape($theme),
                                 intval(local_user())
                 );
  
@@ -579,29 +579,29 @@ function settings_post(App $a)
                                 `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d,
                                 `unkmail` = %d, `cntunkmail` = %d, `language` = '%s'
                         WHERE `uid` = %d",
-                       dbesc($username),
-                       dbesc($email),
-                       dbesc($openid),
-                       dbesc($timezone),
-                       dbesc($str_contact_allow),
-                       dbesc($str_group_allow),
-                       dbesc($str_contact_deny),
-                       dbesc($str_group_deny),
+                       DBA::escape($username),
+                       DBA::escape($email),
+                       DBA::escape($openid),
+                       DBA::escape($timezone),
+                       DBA::escape($str_contact_allow),
+                       DBA::escape($str_group_allow),
+                       DBA::escape($str_contact_deny),
+                       DBA::escape($str_group_deny),
                         intval($notify),
                         intval($page_flags),
                         intval($account_type),
-                       dbesc($defloc),
+                       DBA::escape($defloc),
                         intval($allow_location),
                         intval($maxreq),
                         intval($expire),
-                       dbesc($openidserver),
+                       DBA::escape($openidserver),
                         intval($def_gid),
                         intval($blockwall),
                         intval($hidewall),
                         intval($blocktags),
                         intval($unkmail),
                         intval($cntunkmail),
-                       dbesc($language),
+                       DBA::escape($language),
                         intval(local_user())
         );
         if (DBA::isResult($r)) {
@@ -618,7 +618,7 @@ function settings_post(App $a)
                 `hide-friends` = %d
                 WHERE `is-default` = 1 AND `uid` = %d",
                 intval($publish),
-               dbesc($username),
+               DBA::escape($username),
                 intval($net_publish),
                 intval($hide_friends),
                 intval(local_user())
@@ -678,7 +678,7 @@ function settings_content(App $a)
  
                 if (($a->argc > 3) && ($a->argv[2] === 'edit')) {
                         $r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d",
-                                       dbesc($a->argv[3]),
+                                       DBA::escape($a->argv[3]),
                                         local_user());
  
                         if (!DBA::isResult($r)) {
diff --git a/mod/tagger.php b/mod/tagger.php

index 738d56e40d8b7a5f0290de956c8b38df3cf63f82..959394c07881a1e8b0b9c7dd43623d77b000eac3 100644 (file)
--- a/mod/tagger.php
+++ b/mod/tagger.php
@@ -159,7 +159,7 @@ EOT;
  
         $t = q("SELECT count(tid) as tcount FROM term WHERE oid=%d AND term='%s'",
                 intval($item['id']),
-               dbesc($term)
+               DBA::escape($term)
         );
  
         if (!$blocktags && $t[0]['tcount'] == 0) {
@@ -167,8 +167,8 @@ EOT;
                    intval($item['id']),
                    $term_objtype,
                    TERM_HASHTAG,
-                  dbesc($term),
-                  dbesc(System::baseUrl() . '/search?tag=' . $term),
+                  DBA::escape($term),
+                  DBA::escape(System::baseUrl() . '/search?tag=' . $term),
                    intval($owner_uid)
                 );
         }
@@ -181,7 +181,7 @@ EOT;
                 );
                 $t = q("SELECT COUNT(`tid`) AS `tcount` FROM `term` WHERE `oid`=%d AND `term`='%s'",
                         intval($original_item['id']),
-                       dbesc($term)
+                       DBA::escape($term)
                 );
  
                 if (DBA::isResult($x) && !$x[0]['blocktags'] && $t[0]['tcount'] == 0){
@@ -189,8 +189,8 @@ EOT;
                                 intval($original_item['id']),
                                 $term_objtype,
                                 TERM_HASHTAG,
-                               dbesc($term),
-                               dbesc(System::baseUrl() . '/search?tag=' . $term),
+                               DBA::escape($term),
+                               DBA::escape(System::baseUrl() . '/search?tag=' . $term),
                                 intval($owner_uid)
                         );
                 }
diff --git a/mod/videos.php b/mod/videos.php

index f9ff8586c48caafc5b12177a7bef8181017e725f..42f7f2b1577b6f7ba5e6a736b4201961f74b6a4b 100644 (file)
--- a/mod/videos.php
+++ b/mod/videos.php
@@ -8,15 +8,12 @@ use Friendica\Content\Nav;
  use Friendica\Core\Config;
  use Friendica\Core\L10n;
  use Friendica\Core\System;
-use Friendica\Core\Worker;
  use Friendica\Database\DBA;
  use Friendica\Model\Contact;
  use Friendica\Model\Group;
  use Friendica\Model\Item;
  use Friendica\Model\Profile;
-use Friendica\Model\Term;
  use Friendica\Protocol\DFRN;
-use Friendica\Util\DateTimeFormat;
  
  require_once 'include/items.php';
  require_once 'include/security.php';
@@ -37,7 +34,7 @@ function videos_init(App $a) {
         if($a->argc > 1) {
                 $nick = $a->argv[1];
                 $user = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
-                       dbesc($nick)
+                       DBA::escape($nick)
                 );
  
                 if(! count($user))
@@ -155,16 +152,16 @@ function videos_post(App $a) {
  
                 $r = q("SELECT `id`  FROM `attach` WHERE `uid` = %d AND `id` = '%s' LIMIT 1",
                         intval(local_user()),
-                       dbesc($video_id)
+                       DBA::escape($video_id)
                 );
  
                 if (DBA::isResult($r)) {
                         q("DELETE FROM `attach` WHERE `uid` = %d AND `id` = '%s'",
                                 intval(local_user()),
-                               dbesc($video_id)
+                               DBA::escape($video_id)
                         );
                         $i = q("SELECT `id` FROM `item` WHERE `attach` like '%%attach/%s%%' AND `uid` = %d LIMIT 1",
-                               dbesc($video_id),
+                               DBA::escape($video_id),
                                 intval(local_user())
                         );
  
diff --git a/mod/viewcontacts.php b/mod/viewcontacts.php

index ceebc84ae6bd05f663b371189fbc502879a955eb..3869f5a80dcc59009d84a5b9c4284672ec2da6bd 100644 (file)
--- a/mod/viewcontacts.php
+++ b/mod/viewcontacts.php
@@ -22,7 +22,7 @@ function viewcontacts_init(App $a)
         if ($a->argc > 1) {
                 $nick = $a->argv[1];
                 $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
-                       dbesc($nick)
+                       DBA::escape($nick)
                 );
  
                 if (! DBA::isResult($r)) {
@@ -63,9 +63,9 @@ function viewcontacts_content(App $a)
                         AND NOT `hidden` AND NOT `archive`
                         AND `network` IN ('%s', '%s', '%s')",
                 intval($a->profile['uid']),
-               dbesc(NETWORK_DFRN),
-               dbesc(NETWORK_DIASPORA),
-               dbesc(NETWORK_OSTATUS)
+               DBA::escape(NETWORK_DFRN),
+               DBA::escape(NETWORK_DIASPORA),
+               DBA::escape(NETWORK_OSTATUS)
         );
         if (DBA::isResult($r)) {
                 $a->set_pager_total($r[0]['total']);
@@ -77,9 +77,9 @@ function viewcontacts_content(App $a)
                         AND `network` IN ('%s', '%s', '%s')
                 ORDER BY `name` ASC LIMIT %d, %d",
                 intval($a->profile['uid']),
-               dbesc(NETWORK_DFRN),
-               dbesc(NETWORK_DIASPORA),
-               dbesc(NETWORK_OSTATUS),
+               DBA::escape(NETWORK_DFRN),
+               DBA::escape(NETWORK_DIASPORA),
+               DBA::escape(NETWORK_OSTATUS),
                 intval($a->pager['start']),
                 intval($a->pager['itemspage'])
         );
diff --git a/mod/wall_attach.php b/mod/wall_attach.php

index 24e4b36e5282a5a8975434f35aad6baa98f8309d..b13d1f6e0a779c568f1f9e3a80a8d6acd014eae9 100644 (file)
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@@ -18,7 +18,7 @@ function wall_attach_post(App $a) {
         if($a->argc > 1) {
                 $nick = $a->argv[1];
                 $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1",
-                       dbesc($nick)
+                       DBA::escape($nick)
                 );
                 if (! DBA::isResult($r)) {
                         if ($r_json) {
@@ -145,8 +145,8 @@ function wall_attach_post(App $a) {
  
         $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
                 intval($page_owner_uid),
-               dbesc($created),
-               dbesc($hash)
+               DBA::escape($created),
+               DBA::escape($hash)
         );
  
         if (! DBA::isResult($r)) {
diff --git a/mod/wall_upload.php b/mod/wall_upload.php

index f4632f835c15bc495c0bb9a1ea71cc366fbffdaa..2fa89952866f8b686ba5c9fa9d6aebc0bd0f9155 100644 (file)
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@@ -30,7 +30,7 @@ function wall_upload_post(App $a, $desktopmode = true)
                                 INNER JOIN `contact` on `user`.`uid` = `contact`.`uid`
                                 WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0
                                 AND `contact`.`self` = 1 LIMIT 1",
-                               dbesc($nick)
+                               DBA::escape($nick)
                         );
  
                         if (!DBA::isResult($r)) {
@@ -46,7 +46,7 @@ function wall_upload_post(App $a, $desktopmode = true)
                                 INNER JOIN `contact` on `user`.`uid` = `contact`.`uid`
                                 WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0
                                 AND `contact`.`self` = 1 LIMIT 1",
-                               dbesc($user_info['screen_name'])
+                               DBA::escape($user_info['screen_name'])
                         );
                 }
         } else {
diff --git a/mod/wallmessage.php b/mod/wallmessage.php

index 5ab01e30782e4a503d372643772c8e9fab69dcde..5606b6feede6a6ed35c26f5512ae5cf7cb403303 100644 (file)
--- a/mod/wallmessage.php
+++ b/mod/wallmessage.php
@@ -26,7 +26,7 @@ function wallmessage_post(App $a) {
         }
  
         $r = q("select * from user where nickname = '%s' limit 1",
-               dbesc($recipient)
+               DBA::escape($recipient)
         );
  
         if (! DBA::isResult($r)) {
@@ -88,7 +88,7 @@ function wallmessage_content(App $a) {
         }
  
         $r = q("select * from user where nickname = '%s' limit 1",
-               dbesc($recipient)
+               DBA::escape($recipient)
         );
  
         if (! DBA::isResult($r)) {
diff --git a/src/Core/ACL.php b/src/Core/ACL.php

index b822d1f31d74b0eb72536a5c65a07ebfb85d84ac..415978bae079340410f576eb782ddbd5647ad84c 100644 (file)
--- a/src/Core/ACL.php
+++ b/src/Core/ACL.php
@@ -85,7 +85,7 @@ class ACL extends BaseObject
                 if (!empty($x['networks'])) {
                         /// @TODO rewrite to foreach()
                         array_walk($x['networks'], function (&$value) {
-                               $value = "'" . dbesc($value) . "'";
+                               $value = "'" . DBA::escape($value) . "'";
                         });
                         $str_nets = implode(',', $x['networks']);
                         $sql_extra .= " AND `network` IN ( $str_nets ) ";
diff --git a/src/Core/NotificationsManager.php b/src/Core/NotificationsManager.php

index 36e0fd29ed8c40c2bfeb4c5b2bab2c65dc795abf..da0e55a5f6cc0cff373cebf0994ba704a3ca1d76 100644 (file)
--- a/src/Core/NotificationsManager.php
+++ b/src/Core/NotificationsManager.php
@@ -66,7 +66,7 @@ class NotificationsManager extends BaseObject
                 $filter_str = [];
                 $filter_sql = "";
                 foreach ($filter as $column => $value) {
-                       $filter_str[] = sprintf("`%s` = '%s'", $column, dbesc($value));
+                       $filter_str[] = sprintf("`%s` = '%s'", $column, DBA::escape($value));
                 }
                 if (count($filter_str) > 0) {
                         $filter_sql = "AND " . implode(" AND ", $filter_str);
@@ -134,9 +134,9 @@ class NotificationsManager extends BaseObject
                 return q(
                         "UPDATE `notify` SET `seen` = %d WHERE (`link` = '%s' OR (`parent` != 0 AND `parent` = %d AND `otype` = '%s')) AND `uid` = %d",
                         intval($seen),
-                       dbesc($note['link']),
+                       DBA::escape($note['link']),
                         intval($note['parent']),
-                       dbesc($note['otype']),
+                       DBA::escape($note['otype']),
                         intval(local_user())
                 );
         }
diff --git a/src/Core/UserImport.php b/src/Core/UserImport.php

index f0aee13405fd1c8a455be6639ccba2a52f90c8f6..efd4bd2f8fea963872d79b467118be380903d7d1 100644 (file)
--- a/src/Core/UserImport.php
+++ b/src/Core/UserImport.php
@@ -35,7 +35,7 @@ class UserImport
          */
         private static function checkCols($table, &$arr)
         {
-               $query = sprintf("SHOW COLUMNS IN `%s`", dbesc($table));
+               $query = sprintf("SHOW COLUMNS IN `%s`", DBA::escape($table));
                 logger("uimport: $query", LOGGER_DEBUG);
                 $r = q($query);
                 $tcols = [];
@@ -64,8 +64,8 @@ class UserImport
                 }
  
                 self::checkCols($table, $arr);
-               $cols = implode("`,`", array_map('dbesc', array_keys($arr)));
-               $vals = implode("','", array_map('dbesc', array_values($arr)));
+               $cols = implode("`,`", array_map(['Friendica\Database\DBA', 'escape'], array_keys($arr)));
+               $vals = implode("','", array_map(['Friendica\Database\DBA', 'escape'], array_values($arr)));
                 $query = "INSERT INTO `$table` (`$cols`) VALUES ('$vals')";
                 logger("uimport: $query", LOGGER_TRACE);
  
diff --git a/src/Database/DBA.php b/src/Database/DBA.php

index 87b2476d4fc55e656587562bad2b82c6e1167a26..902efda1fa1ab9e64b356f5a7e86d5febb2e5e47 100644 (file)
--- a/src/Database/DBA.php
+++ b/src/Database/DBA.php
@@ -1614,7 +1614,7 @@ class DBA
                         if (is_bool($value)) {
                                 $value = ($value ? '1' : '0');
                         } else {
-                               $value = dbesc($value);
+                               $value = self::escape($value);
                         }
                         return;
                 }
@@ -1624,7 +1624,7 @@ class DBA
                 } elseif (is_float($value) || is_integer($value)) {
                         $value = (string) $value;
                 } else {
-                       $value = "'" . dbesc($value) . "'";
+                       $value = "'" . self::escape($value) . "'";
                 }
         }
  
diff --git a/src/Database/DBStructure.php b/src/Database/DBStructure.php

index 46404734f399d4b6212e581eb6f66918280213a1..d03268374b0f32c8bc58b2955c4ea0f7968b3486 100644 (file)
--- a/src/Database/DBStructure.php
+++ b/src/Database/DBStructure.php
@@ -27,7 +27,7 @@ class DBStructure
          */
         public static function convertToInnoDB() {
                 $r = q("SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `engine` = 'MyISAM' AND `table_schema` = '%s'",
-                       dbesc(DBA::databaseName()));
+                       DBA::escape(DBA::databaseName()));
  
                 if (!DBA::isResult($r)) {
                         echo L10n::t('There are no tables on MyISAM.')."\n";
@@ -35,7 +35,7 @@ class DBStructure
                 }
  
                 foreach ($r AS $table) {
-                       $sql = sprintf("ALTER TABLE `%s` engine=InnoDB;", dbesc($table['TABLE_NAME']));
+                       $sql = sprintf("ALTER TABLE `%s` engine=InnoDB;", DBA::escape($table['TABLE_NAME']));
                         echo $sql."\n";
  
                         $result = DBA::e($sql);
@@ -55,7 +55,7 @@ class DBStructure
                 $a = get_app();
  
                 //send the administrators an e-mail
-               $admin_mail_list = "'".implode("','", array_map('dbesc', explode(",", str_replace(" ", "", Config::get('config', 'admin_email')))))."'";
+               $admin_mail_list = "'".implode("','", array_map(['Friendica\Database\DBA', 'escape'], explode(",", str_replace(" ", "", Config::get('config', 'admin_email')))))."'";
                 $adminlist = q("SELECT uid, language, email FROM user WHERE email IN (%s)",
                         $admin_mail_list
                 );
@@ -369,7 +369,7 @@ class DBStructure
  
                                 if (isset($database[$name]["table_status"]["Comment"])) {
                                         if ($database[$name]["table_status"]["Comment"] != $structure['comment']) {
-                                               $sql2 = "COMMENT = '".dbesc($structure['comment'])."'";
+                                               $sql2 = "COMMENT = '".DBA::escape($structure['comment'])."'";
  
                                                 if ($sql3 == "") {
                                                         $sql3 = "ALTER" . $ignore . " TABLE `".$temp_name."` ".$sql2;
@@ -381,7 +381,7 @@ class DBStructure
  
                                 if (isset($database[$name]["table_status"]["Engine"]) && isset($structure['engine'])) {
                                         if ($database[$name]["table_status"]["Engine"] != $structure['engine']) {
-                                               $sql2 = "ENGINE = '".dbesc($structure['engine'])."'";
+                                               $sql2 = "ENGINE = '".DBA::escape($structure['engine'])."'";
  
                                                 if ($sql3 == "") {
                                                         $sql3 = "ALTER" . $ignore . " TABLE `".$temp_name."` ".$sql2;
@@ -558,7 +558,7 @@ class DBStructure
                 }
  
                 if (isset($parameters["comment"])) {
-                       $fieldstruct .= " COMMENT '".dbesc($parameters["comment"])."'";
+                       $fieldstruct .= " COMMENT '".DBA::escape($parameters["comment"])."'";
                 }
  
                 /*if (($parameters["primary"] != "") && $create)
@@ -575,7 +575,7 @@ class DBStructure
                 $sql_rows = [];
                 $primary_keys = [];
                 foreach ($structure["fields"] AS $fieldname => $field) {
-                       $sql_rows[] = "`".dbesc($fieldname)."` ".self::FieldCommand($field);
+                       $sql_rows[] = "`".DBA::escape($fieldname)."` ".self::FieldCommand($field);
                         if (x($field,'primary') && $field['primary']!='') {
                                 $primary_keys[] = $fieldname;
                         }
@@ -595,12 +595,12 @@ class DBStructure
                 }
  
                 if (isset($structure["comment"])) {
-                       $comment = " COMMENT='" . dbesc($structure["comment"]) . "'";
+                       $comment = " COMMENT='" . DBA::escape($structure["comment"]) . "'";
                 }
  
                 $sql = implode(",\n\t", $sql_rows);
  
-               $sql = sprintf("CREATE TABLE IF NOT EXISTS `%s` (\n\t", dbesc($name)).$sql.
+               $sql = sprintf("CREATE TABLE IF NOT EXISTS `%s` (\n\t", DBA::escape($name)).$sql.
                                 "\n)" . $engine . " DEFAULT COLLATE utf8mb4_general_ci" . $comment;
                 if ($verbose) {
                         echo $sql.";\n";
@@ -614,17 +614,17 @@ class DBStructure
         }
  
         private static function addTableField($fieldname, $parameters) {
-               $sql = sprintf("ADD `%s` %s", dbesc($fieldname), self::FieldCommand($parameters));
+               $sql = sprintf("ADD `%s` %s", DBA::escape($fieldname), self::FieldCommand($parameters));
                 return($sql);
         }
  
         private static function modifyTableField($fieldname, $parameters) {
-               $sql = sprintf("MODIFY `%s` %s", dbesc($fieldname), self::FieldCommand($parameters, false));
+               $sql = sprintf("MODIFY `%s` %s", DBA::escape($fieldname), self::FieldCommand($parameters, false));
                 return($sql);
         }
  
         private static function dropIndex($indexname) {
-               $sql = sprintf("DROP INDEX `%s`", dbesc($indexname));
+               $sql = sprintf("DROP INDEX `%s`", DBA::escape($indexname));
                 return($sql);
         }
  
@@ -646,9 +646,9 @@ class DBStructure
                         }
  
                         if (preg_match('|(.+)\((\d+)\)|', $fieldname, $matches)) {
-                               $names .= "`".dbesc($matches[1])."`(".intval($matches[2]).")";
+                               $names .= "`".DBA::escape($matches[1])."`(".intval($matches[2]).")";
                         } else {
-                               $names .= "`".dbesc($fieldname)."`";
+                               $names .= "`".DBA::escape($fieldname)."`";
                         }
                 }
  
@@ -657,7 +657,7 @@ class DBStructure
                 }
  
  
-               $sql = sprintf("%s INDEX `%s` (%s)", $method, dbesc($indexname), $names);
+               $sql = sprintf("%s INDEX `%s` (%s)", $method, DBA::escape($indexname), $names);
                 return($sql);
         }
  
@@ -675,9 +675,9 @@ class DBStructure
                         }
  
                         if (preg_match('|(.+)\((\d+)\)|', $fieldname, $matches)) {
-                               $names .= "`".dbesc($matches[1])."`";
+                               $names .= "`".DBA::escape($matches[1])."`";
                         } else {
-                               $names .= "`".dbesc($fieldname)."`";
+                               $names .= "`".DBA::escape($fieldname)."`";
                         }
                 }
  
diff --git a/src/Database/PostUpdate.php b/src/Database/PostUpdate.php

index 83043dc27b610d8cb952c6e72576a59333f599f3..43bbcce022f19843f00a4d692843701229a548c2 100644 (file)
--- a/src/Database/PostUpdate.php
+++ b/src/Database/PostUpdate.php
@@ -76,7 +76,7 @@ class PostUpdate
  
                 $r = q($query1.$query2.$query3."  ORDER BY `item`.`id` LIMIT 1",
                         intval($start_id), intval($end_id),
-                       dbesc(NETWORK_DFRN), dbesc(NETWORK_DIASPORA), dbesc(NETWORK_OSTATUS));
+                       DBA::escape(NETWORK_DFRN), DBA::escape(NETWORK_DIASPORA), DBA::escape(NETWORK_OSTATUS));
                 if (!$r) {
                         Config::set("system", "post_update_version", 1194);
                         logger("Update is done", LOGGER_DEBUG);
@@ -90,7 +90,7 @@ class PostUpdate
  
                 $r = q($query1.$query2.$query3."  ORDER BY `item`.`id` LIMIT 1000,1",
                         intval($start_id), intval($end_id),
-                       dbesc(NETWORK_DFRN), dbesc(NETWORK_DIASPORA), dbesc(NETWORK_OSTATUS));
+                       DBA::escape(NETWORK_DFRN), DBA::escape(NETWORK_DIASPORA), DBA::escape(NETWORK_OSTATUS));
                 if ($r) {
                         $pos_id = $r[0]["id"];
                 } else {
@@ -100,7 +100,7 @@ class PostUpdate
  
                 q("UPDATE `item` ".$query2." SET `item`.`global` = 1 ".$query3,
                         intval($start_id), intval($pos_id),
-                       dbesc(NETWORK_DFRN), dbesc(NETWORK_DIASPORA), dbesc(NETWORK_OSTATUS));
+                       DBA::escape(NETWORK_DFRN), DBA::escape(NETWORK_DIASPORA), DBA::escape(NETWORK_OSTATUS));
  
                 logger("Done", LOGGER_DEBUG);
         }
diff --git a/src/Model/Contact.php b/src/Model/Contact.php

index 8c915672c6a3398afdc8236f8d233feec959060b..b9164837a1fed506df58e8e93ccd07269ded798c 100644 (file)
--- a/src/Model/Contact.php
+++ b/src/Model/Contact.php
@@ -536,7 +536,7 @@ class Contact extends BaseObject
                 $r = q("SELECT `id`, `id` AS `cid`, 0 AS `gid`, 0 AS `zid`, `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, `xmpp`,
                         `keywords`, `gender`, `photo`, `thumb`, `micro`, `forum`, `prv`, (`forum` | `prv`) AS `community`, `contact-type`, `bd` AS `birthday`, `self`
                         FROM `contact` WHERE `addr` = '%s' AND `uid` = %d",
-                       dbesc($addr),
+                       DBA::escape($addr),
                         intval($uid)
                 );
                 // Fetch the data from the contact table with "uid=0" (which is filled automatically)
@@ -544,7 +544,7 @@ class Contact extends BaseObject
                         $r = q("SELECT `id`, 0 AS `cid`, `id` AS `zid`, 0 AS `gid`, `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, `xmpp`,
                                 `keywords`, `gender`, `photo`, `thumb`, `micro`, `forum`, `prv`, (`forum` | `prv`) AS `community`, `contact-type`, `bd` AS `birthday`, 0 AS `self`
                                 FROM `contact` WHERE `addr` = '%s' AND `uid` = 0",
-                               dbesc($addr)
+                               DBA::escape($addr)
                         );
                 }
  
@@ -553,7 +553,7 @@ class Contact extends BaseObject
                         $r = q("SELECT 0 AS `id`, 0 AS `cid`, `id` AS `gid`, 0 AS `zid`, 0 AS `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, '' AS `xmpp`,
                                 `keywords`, `gender`, `photo`, `photo` AS `thumb`, `photo` AS `micro`, `community` AS `forum`, 0 AS `prv`, `community`, `contact-type`, `birthday`, 0 AS `self`
                                 FROM `gcontact` WHERE `addr` = '%s'",
-                               dbesc($addr)
+                               DBA::escape($addr)
                         );
                 }
  
@@ -1014,7 +1014,7 @@ class Contact extends BaseObject
                 // This speeds up the query a lot
                 $r = q("SELECT `network`, `id` AS `author-id`, `contact-type` FROM `contact`
                         WHERE `contact`.`nurl` = '%s' AND `contact`.`uid` = 0",
-                       dbesc(normalise_link($contact_url))
+                       DBA::escape(normalise_link($contact_url))
                 );
  
                 if (!DBA::isResult($r)) {
@@ -1297,16 +1297,16 @@ class Contact extends BaseObject
  
                 $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `poll` IN ('%s', '%s') AND `network` = '%s' AND NOT `pending` LIMIT 1",
                         intval($uid),
-                       dbesc($ret['poll']),
-                       dbesc(normalise_link($ret['poll'])),
-                       dbesc($ret['network'])
+                       DBA::escape($ret['poll']),
+                       DBA::escape(normalise_link($ret['poll'])),
+                       DBA::escape($ret['network'])
                 );
  
                 if (!DBA::isResult($r)) {
                         $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND `network` = '%s' AND NOT `pending` LIMIT 1",
                                 intval($uid),
-                               dbesc(normalise_link($url)),
-                               dbesc($ret['network'])
+                               DBA::escape(normalise_link($url)),
+                               DBA::escape($ret['network'])
                         );
                 }
  
@@ -1517,13 +1517,13 @@ class Contact extends BaseObject
                                 `blocked`, `readonly`, `pending`, `writable`)
                                 VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, 0, 0, 1, 1)",
                                 intval($importer['uid']),
-                               dbesc(DateTimeFormat::utcNow()),
-                               dbesc($url),
-                               dbesc(normalise_link($url)),
-                               dbesc($name),
-                               dbesc($nick),
-                               dbesc($photo),
-                               dbesc(NETWORK_OSTATUS),
+                               DBA::escape(DateTimeFormat::utcNow()),
+                               DBA::escape($url),
+                               DBA::escape(normalise_link($url)),
+                               DBA::escape($name),
+                               DBA::escape($nick),
+                               DBA::escape($photo),
+                               DBA::escape(NETWORK_OSTATUS),
                                 intval(CONTACT_IS_FOLLOWER)
                         );
  
@@ -1574,7 +1574,7 @@ class Contact extends BaseObject
                         } elseif (DBA::isResult($user) && in_array($user['page-flags'], [PAGE_SOAPBOX, PAGE_FREELOVE, PAGE_COMMUNITY])) {
                                 q("UPDATE `contact` SET `pending` = 0 WHERE `uid` = %d AND `url` = '%s' AND `pending` LIMIT 1",
                                                 intval($importer['uid']),
-                                               dbesc($url)
+                                               DBA::escape($url)
                                 );
                         }
                 }
@@ -1625,7 +1625,7 @@ class Contact extends BaseObject
  
                                 // Check for duplicates
                                 $s = q("SELECT `id` FROM `event` WHERE `uid` = %d AND `cid` = %d AND `start` = '%s' AND `type` = '%s' LIMIT 1",
-                                       intval($rr['uid']), intval($rr['id']), dbesc(DateTimeFormat::utc($nextbd)), dbesc('birthday'));
+                                       intval($rr['uid']), intval($rr['id']), DBA::escape(DateTimeFormat::utc($nextbd)), DBA::escape('birthday'));
  
                                 if (DBA::isResult($s)) {
                                         continue;
@@ -1636,15 +1636,15 @@ class Contact extends BaseObject
  
                                 q("INSERT INTO `event` (`uid`,`cid`,`created`,`edited`,`start`,`finish`,`summary`,`desc`,`type`,`adjust`)
                                 VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%d' ) ", intval($rr['uid']), intval($rr['id']),
-                                       dbesc(DateTimeFormat::utcNow()), dbesc(DateTimeFormat::utcNow()), dbesc(DateTimeFormat::utc($nextbd)),
-                                       dbesc(DateTimeFormat::utc($nextbd . ' + 1 day ')), dbesc($bdtext), dbesc($bdtext2), dbesc('birthday'),
+                                       DBA::escape(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utc($nextbd)),
+                                       DBA::escape(DateTimeFormat::utc($nextbd . ' + 1 day ')), DBA::escape($bdtext), DBA::escape($bdtext2), DBA::escape('birthday'),
                                         intval(0)
                                 );
  
  
                                 // update bdyear
-                               q("UPDATE `contact` SET `bdyear` = '%s', `bd` = '%s' WHERE `uid` = %d AND `id` = %d", dbesc(substr($nextbd, 0, 4)),
-                                       dbesc($nextbd), intval($rr['uid']), intval($rr['id'])
+                               q("UPDATE `contact` SET `bdyear` = '%s', `bd` = '%s' WHERE `uid` = %d AND `id` = %d", DBA::escape(substr($nextbd, 0, 4)),
+                                       DBA::escape($nextbd), intval($rr['uid']), intval($rr['id'])
                                 );
                         }
                 }
@@ -1661,7 +1661,7 @@ class Contact extends BaseObject
                         return;
                 }
  
-               $str = dbesc(implode(',', $contact_ids));
+               $str = DBA::escape(implode(',', $contact_ids));
  
                 $stmt = DBA::p("SELECT `id` FROM `contact` WHERE `id` IN ( " . $str . ") AND `blocked` = 0 AND `pending` = 0 AND `archive` = 0");
  
diff --git a/src/Model/Event.php b/src/Model/Event.php

index e92369ad818adcf98cdb4142110e47945aa3df3b..2805a83f26ab852dd08674940d51ef27fad3a590 100644 (file)
--- a/src/Model/Event.php
+++ b/src/Model/Event.php
@@ -510,12 +510,12 @@ class Event extends BaseObject
                                 $sql_extra ",
                                 intval($owner_uid),
                                 intval($event_params["ignore"]),
-                               dbesc($event_params["start"]),
-                               dbesc($event_params["start"]),
-                               dbesc($event_params["finish"]),
-                               dbesc($event_params["adjust_start"]),
-                               dbesc($event_params["adjust_start"]),
-                               dbesc($event_params["adjust_finish"])
+                               DBA::escape($event_params["start"]),
+                               DBA::escape($event_params["start"]),
+                               DBA::escape($event_params["finish"]),
+                               DBA::escape($event_params["adjust_start"]),
+                               DBA::escape($event_params["adjust_start"]),
+                               DBA::escape($event_params["adjust_finish"])
                 );
  
                 if (DBA::isResult($r)) {
diff --git a/src/Model/GContact.php b/src/Model/GContact.php

index 5cf613388cbdfe32dadf5cc033bed1dce439f8dd..9941eb1ed711156ef04a94008283e467a9297236 100644 (file)
--- a/src/Model/GContact.php
+++ b/src/Model/GContact.php
@@ -112,12 +112,12 @@ class GContact
                                 intval($uid),
                                 intval($gcid),
                                 intval($zcid),
-                               dbesc(DateTimeFormat::utcNow())
+                               DBA::escape(DateTimeFormat::utcNow())
                         );
                 } else {
                         q(
                                 "UPDATE `glink` SET `updated` = '%s' WHERE `cid` = %d AND `uid` = %d AND `gcid` = %d AND `zcid` = %d",
-                               dbesc(DateTimeFormat::utcNow()),
+                               DBA::escape(DateTimeFormat::utcNow()),
                                 intval($cid),
                                 intval($uid),
                                 intval($gcid),
@@ -176,8 +176,8 @@ class GContact
                 if (!isset($gcontact['network'])) {
                         $r = q(
                                 "SELECT `network` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s' AND `network` != '' AND `network` != '%s' LIMIT 1",
-                               dbesc(normalise_link($gcontact['url'])),
-                               dbesc(NETWORK_STATUSNET)
+                               DBA::escape(normalise_link($gcontact['url'])),
+                               DBA::escape(NETWORK_STATUSNET)
                         );
                         if (DBA::isResult($r)) {
                                 $gcontact['network'] = $r[0]["network"];
@@ -186,9 +186,9 @@ class GContact
                         if (($gcontact['network'] == "") || ($gcontact['network'] == NETWORK_OSTATUS)) {
                                 $r = q(
                                         "SELECT `network`, `url` FROM `contact` WHERE `uid` = 0 AND `alias` IN ('%s', '%s') AND `network` != '' AND `network` != '%s' LIMIT 1",
-                                       dbesc($gcontact['url']),
-                                       dbesc(normalise_link($gcontact['url'])),
-                                       dbesc(NETWORK_STATUSNET)
+                                       DBA::escape($gcontact['url']),
+                                       DBA::escape(normalise_link($gcontact['url'])),
+                                       DBA::escape(NETWORK_STATUSNET)
                                 );
                                 if (DBA::isResult($r)) {
                                         $gcontact['network'] = $r[0]["network"];
@@ -201,7 +201,7 @@ class GContact
  
                 $x = q(
                         "SELECT * FROM `gcontact` WHERE `nurl` = '%s' LIMIT 1",
-                       dbesc(normalise_link($gcontact['url']))
+                       DBA::escape(normalise_link($gcontact['url']))
                 );
  
                 if (DBA::isResult($x)) {
@@ -489,7 +489,7 @@ class GContact
                         intval($uid),
                         intval($uid),
                         intval($uid),
-                       dbesc(NULL_DATE),
+                       DBA::escape(NULL_DATE),
                         $sql_network,
                         intval($start),
                         intval($limit)
@@ -518,7 +518,7 @@ class GContact
                         intval($uid),
                         intval($uid),
                         intval($uid),
-                       dbesc(NULL_DATE),
+                       DBA::escape(NULL_DATE),
                         $sql_network,
                         intval($start),
                         intval($limit)
@@ -580,8 +580,8 @@ class GContact
                 // Query your contacts from Friendica and Redmatrix/Hubzilla for their contacts
                 $r = q(
                         "SELECT DISTINCT(`poco`) AS `poco` FROM `contact` WHERE `network` IN ('%s', '%s')",
-                       dbesc(NETWORK_DFRN),
-                       dbesc(NETWORK_DIASPORA)
+                       DBA::escape(NETWORK_DFRN),
+                       DBA::escape(NETWORK_DIASPORA)
                 );
  
                 if (DBA::isResult($r)) {
@@ -690,7 +690,7 @@ class GContact
                 DBA::lock('gcontact');
                 $r = q(
                         "SELECT `id`, `last_contact`, `last_failure`, `network` FROM `gcontact` WHERE `nurl` = '%s' LIMIT 1",
-                       dbesc(normalise_link($contact["url"]))
+                       DBA::escape(normalise_link($contact["url"]))
                 );
  
                 if (DBA::isResult($r)) {
@@ -708,24 +708,24 @@ class GContact
                         q(
                                 "INSERT INTO `gcontact` (`name`, `nick`, `addr` , `network`, `url`, `nurl`, `photo`, `created`, `updated`, `location`, `about`, `hide`, `generation`)
                                 VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d)",
-                               dbesc($contact["name"]),
-                               dbesc($contact["nick"]),
-                               dbesc($contact["addr"]),
-                               dbesc($contact["network"]),
-                               dbesc($contact["url"]),
-                               dbesc(normalise_link($contact["url"])),
-                               dbesc($contact["photo"]),
-                               dbesc(DateTimeFormat::utcNow()),
-                               dbesc(DateTimeFormat::utcNow()),
-                               dbesc($contact["location"]),
-                               dbesc($contact["about"]),
+                               DBA::escape($contact["name"]),
+                               DBA::escape($contact["nick"]),
+                               DBA::escape($contact["addr"]),
+                               DBA::escape($contact["network"]),
+                               DBA::escape($contact["url"]),
+                               DBA::escape(normalise_link($contact["url"])),
+                               DBA::escape($contact["photo"]),
+                               DBA::escape(DateTimeFormat::utcNow()),
+                               DBA::escape(DateTimeFormat::utcNow()),
+                               DBA::escape($contact["location"]),
+                               DBA::escape($contact["about"]),
                                 intval($contact["hide"]),
                                 intval($contact["generation"])
                         );
  
                         $r = q(
                                 "SELECT `id`, `network` FROM `gcontact` WHERE `nurl` = '%s' ORDER BY `id` LIMIT 2",
-                               dbesc(normalise_link($contact["url"]))
+                               DBA::escape(normalise_link($contact["url"]))
                         );
  
                         if (DBA::isResult($r)) {
@@ -1048,8 +1048,8 @@ class GContact
  
                 $r = q(
                         "SELECT `nurl`, `url` FROM `gserver` WHERE `last_contact` >= `last_failure` AND `network` = '%s' AND `last_poco_query` < '%s' ORDER BY RAND() LIMIT 5",
-                       dbesc(NETWORK_OSTATUS),
-                       dbesc($last_update)
+                       DBA::escape(NETWORK_OSTATUS),
+                       DBA::escape($last_update)
                 );
  
                 if (!DBA::isResult($r)) {
@@ -1058,7 +1058,7 @@ class GContact
  
                 foreach ($r as $server) {
                         self::fetchGsUsers($server["url"]);
-                       q("UPDATE `gserver` SET `last_poco_query` = '%s' WHERE `nurl` = '%s'", dbesc(DateTimeFormat::utcNow()), dbesc($server["nurl"]));
+                       q("UPDATE `gserver` SET `last_poco_query` = '%s' WHERE `nurl` = '%s'", DBA::escape(DateTimeFormat::utcNow()), DBA::escape($server["nurl"]));
                 }
         }
  
@@ -1072,7 +1072,7 @@ class GContact
                                         AND `last_contact` >= `last_failure`
                                         AND `updated` > UTC_TIMESTAMP - INTERVAL 1 MONTH
                                 ORDER BY rand() LIMIT 1",
-                       dbesc(NETWORK_DFRN)
+                       DBA::escape(NETWORK_DFRN)
                 );
  
                 if (DBA::isResult($r)) {
diff --git a/src/Model/Mail.php b/src/Model/Mail.php

index 8cf9fe32a7ab315e36aab99c4bdd548871449092..37ebd123aa46082abf5fc297ea95950c20870e2f 100644 (file)
--- a/src/Model/Mail.php
+++ b/src/Model/Mail.php
@@ -58,8 +58,8 @@ class Mail
                         $reply = true;
                         $r = q("SELECT `convid` FROM `mail` WHERE `uid` = %d AND (`uri` = '%s' OR `parent-uri` = '%s') LIMIT 1",
                                 intval(local_user()),
-                               dbesc($replyto),
-                               dbesc($replyto)
+                               DBA::escape($replyto),
+                               DBA::escape($replyto)
                         );
                         if (DBA::isResult($r)) {
                                 $convid = $r[0]['convid'];
diff --git a/src/Model/Photo.php b/src/Model/Photo.php

index 5400cafb40394be2d35708c8ad1cf7d4e411e68e..555df80e63df689fea8f056f22586783857f0574 100644 (file)
--- a/src/Model/Photo.php
+++ b/src/Model/Photo.php
@@ -239,8 +239,8 @@ class Photo
                                         WHERE `uid` = %d  AND `album` != '%s' AND `album` != '%s' $sql_extra
                                         GROUP BY `album` ORDER BY `created` DESC",
                                         intval($uid),
-                                       dbesc('Contact Photos'),
-                                       dbesc(L10n::t('Contact Photos'))
+                                       DBA::escape('Contact Photos'),
+                                       DBA::escape(L10n::t('Contact Photos'))
                                 );
                         } else {
                                 // This query doesn't do the count and is much faster
@@ -248,8 +248,8 @@ class Photo
                                         FROM `photo` USE INDEX (`uid_album_scale_created`)
                                         WHERE `uid` = %d  AND `album` != '%s' AND `album` != '%s' $sql_extra",
                                         intval($uid),
-                                       dbesc('Contact Photos'),
-                                       dbesc(L10n::t('Contact Photos'))
+                                       DBA::escape('Contact Photos'),
+                                       DBA::escape(L10n::t('Contact Photos'))
                                 );
                         }
                         Cache::set($key, $albums, CACHE_DAY);
diff --git a/src/Model/Profile.php b/src/Model/Profile.php

index c17be989402b37273ed9da8747c30564047cadea..1bd7a97027303a1e80f46f512883909516a0bb15 100644 (file)
--- a/src/Model/Profile.php
+++ b/src/Model/Profile.php
@@ -346,7 +346,7 @@ class Profile
                                 $r = q(
                                         "SELECT `url` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND `rel` = %d",
                                         intval($profile['uid']),
-                                       dbesc(normalise_link(self::getMyURL())),
+                                       DBA::escape(normalise_link(self::getMyURL())),
                                         intval(CONTACT_IS_FRIEND)
                                 );
                         }
@@ -463,9 +463,9 @@ class Profile
                                                 AND NOT `hidden` AND NOT `archive`
                                                 AND `network` IN ('%s', '%s', '%s', '')",
                                         intval($profile['uid']),
-                                       dbesc(NETWORK_DFRN),
-                                       dbesc(NETWORK_DIASPORA),
-                                       dbesc(NETWORK_OSTATUS)
+                                       DBA::escape(NETWORK_DFRN),
+                                       DBA::escape(NETWORK_DIASPORA),
+                                       DBA::escape(NETWORK_OSTATUS)
                                 );
                                 if (DBA::isResult($r)) {
                                         $contacts = intval($r[0]['total']);
diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php

index bc449af1590f3c4b7ff90eccd7f1a10392b10f31..29d3e7bfe835f7b14a8bd9ab6e1a0b4df66be6c4 100644 (file)
--- a/src/Protocol/DFRN.php
+++ b/src/Protocol/DFRN.php
@@ -129,7 +129,7 @@ class DFRN
                         "SELECT `contact`.*, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`, `user`.`account-type`
                         FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`
                         WHERE `contact`.`self` AND `user`.`nickname` = '%s' LIMIT 1",
-                       dbesc($owner_nick)
+                       DBA::escape($owner_nick)
                 );
  
                 if (! DBA::isResult($r)) {
@@ -147,15 +147,15 @@ class DFRN
                         $sql_extra = '';
                         switch ($direction) {
                                 case (-1):
-                                       $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
+                                       $sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
                                         $my_id = $dfrn_id;
                                         break;
                                 case 0:
-                                       $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                                       $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                         $my_id = '1:' . $dfrn_id;
                                         break;
                                 case 1:
-                                       $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
+                                       $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
                                         $my_id = '0:' . $dfrn_id;
                                         break;
                                 default:
@@ -196,8 +196,8 @@ class DFRN
                         ",
                                 intval($contact['id']),
                                 intval($contact['id']),
-                               dbesc($gs),
-                               dbesc($gs)
+                               DBA::escape($gs),
+                               DBA::escape($gs)
                         );
                 }
  
@@ -214,7 +214,7 @@ class DFRN
                 if (isset($category)) {
                         $sql_post_table = sprintf(
                                 "INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
-                               dbesc(protect_sprintf($category)),
+                               DBA::escape(protect_sprintf($category)),
                                 intval(TERM_OBJ_POST),
                                 intval(TERM_CATEGORY),
                                 intval($owner_id)
@@ -236,8 +236,8 @@ class DFRN
                         $sql_extra
                         ORDER BY `item`.`parent` ".$sort.", `item`.`created` ASC LIMIT 0, 300",
                         intval($owner_id),
-                       dbesc($check_date),
-                       dbesc($sort)
+                       DBA::escape($check_date),
+                       DBA::escape($sort)
                 );
  
                 $ids = [];
@@ -1073,7 +1073,7 @@ class DFRN
                         $r = q(
                                 "SELECT `forum`, `prv` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s'",
                                 intval($owner["uid"]),
-                               dbesc(normalise_link($mention))
+                               DBA::escape(normalise_link($mention))
                         );
  
                         if (DBA::isResult($r) && ($r[0]["forum"] || $r[0]["prv"])) {
@@ -1498,8 +1498,8 @@ class DFRN
                         "SELECT `id` FROM `event` WHERE `uid` = %d AND `cid` = %d AND `start` = '%s' AND `type` = '%s' LIMIT 1",
                         intval($contact['uid']),
                         intval($contact['id']),
-                       dbesc(DateTimeFormat::utc($birthday)),
-                       dbesc('birthday')
+                       DBA::escape(DateTimeFormat::utc($birthday)),
+                       DBA::escape('birthday')
                 );
  
                 if (DBA::isResult($r)) {
@@ -1516,13 +1516,13 @@ class DFRN
                         VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
                         intval($contact['uid']),
                         intval($contact['id']),
-                       dbesc(DateTimeFormat::utcNow()),
-                       dbesc(DateTimeFormat::utcNow()),
-                       dbesc(DateTimeFormat::utc($birthday)),
-                       dbesc(DateTimeFormat::utc($birthday . ' + 1 day ')),
-                       dbesc($bdtext),
-                       dbesc($bdtext2),
-                       dbesc('birthday')
+                       DBA::escape(DateTimeFormat::utcNow()),
+                       DBA::escape(DateTimeFormat::utcNow()),
+                       DBA::escape(DateTimeFormat::utc($birthday)),
+                       DBA::escape(DateTimeFormat::utc($birthday . ' + 1 day ')),
+                       DBA::escape($bdtext),
+                       DBA::escape($bdtext2),
+                       DBA::escape('birthday')
                 );
         }
  
@@ -1744,11 +1744,11 @@ class DFRN
                                         `addr` = '%s', `keywords` = '%s', `bdyear` = '%s', `bd` = '%s', `hidden` = %d,
                                         `xmpp` = '%s', `name-date`  = '%s', `uri-date` = '%s'
                                         WHERE `id` = %d AND `network` = '%s'",
-                                       dbesc($contact["name"]), dbesc($contact["nick"]), dbesc($contact["about"]),     dbesc($contact["location"]),
-                                       dbesc($contact["addr"]), dbesc($contact["keywords"]), dbesc($contact["bdyear"]),
-                                       dbesc($contact["bd"]), intval($contact["hidden"]), dbesc($contact["xmpp"]),
-                                       dbesc(DateTimeFormat::utc($contact["name-date"])), dbesc(DateTimeFormat::utc($contact["uri-date"])),
-                                       intval($contact["id"]), dbesc($contact["network"])
+                                       DBA::escape($contact["name"]), DBA::escape($contact["nick"]), DBA::escape($contact["about"]),   DBA::escape($contact["location"]),
+                                       DBA::escape($contact["addr"]), DBA::escape($contact["keywords"]), DBA::escape($contact["bdyear"]),
+                                       DBA::escape($contact["bd"]), intval($contact["hidden"]), DBA::escape($contact["xmpp"]),
+                                       DBA::escape(DateTimeFormat::utc($contact["name-date"])), DBA::escape(DateTimeFormat::utc($contact["uri-date"])),
+                                       intval($contact["id"]), DBA::escape($contact["network"])
                                 );
                         }
  
@@ -1914,8 +1914,8 @@ class DFRN
  
                 $r = q(
                         "SELECT `id` FROM `contact` WHERE `name` = '%s' AND `nurl` = '%s' AND `uid` = %d LIMIT 1",
-                       dbesc($suggest["name"]),
-                       dbesc(normalise_link($suggest["url"])),
+                       DBA::escape($suggest["name"]),
+                       DBA::escape(normalise_link($suggest["url"])),
                         intval($suggest["uid"])
                 );
  
@@ -1935,9 +1935,9 @@ class DFRN
                 $fid = 0;
                 $r = q(
                         "SELECT `id` FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1",
-                       dbesc($suggest["url"]),
-                       dbesc($suggest["name"]),
-                       dbesc($suggest["request"])
+                       DBA::escape($suggest["url"]),
+                       DBA::escape($suggest["name"]),
+                       DBA::escape($suggest["request"])
                 );
                 if (DBA::isResult($r)) {
                         $fid = $r[0]["id"];
@@ -1963,17 +1963,17 @@ class DFRN
                 if (!$fid) {
                         $r = q(
                                 "INSERT INTO `fcontact` (`name`,`url`,`photo`,`request`) VALUES ('%s', '%s', '%s', '%s')",
-                               dbesc($suggest["name"]),
-                               dbesc($suggest["url"]),
-                               dbesc($suggest["photo"]),
-                               dbesc($suggest["request"])
+                               DBA::escape($suggest["name"]),
+                               DBA::escape($suggest["url"]),
+                               DBA::escape($suggest["photo"]),
+                               DBA::escape($suggest["request"])
                         );
                 }
                 $r = q(
                         "SELECT `id` FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1",
-                       dbesc($suggest["url"]),
-                       dbesc($suggest["name"]),
-                       dbesc($suggest["request"])
+                       DBA::escape($suggest["url"]),
+                       DBA::escape($suggest["name"]),
+                       DBA::escape($suggest["request"])
                 );
  
                 /*
@@ -1995,9 +1995,9 @@ class DFRN
                         intval($suggest["uid"]),
                         intval($fid),
                         intval($suggest["cid"]),
-                       dbesc($suggest["body"]),
-                       dbesc($hash),
-                       dbesc(DateTimeFormat::utcNow()),
+                       DBA::escape($suggest["body"]),
+                       DBA::escape($hash),
+                       DBA::escape(DateTimeFormat::utcNow()),
                         intval(0)
                 );
  
@@ -2172,9 +2172,9 @@ class DFRN
                                         AND `item`.`uid` = %d
                                         $sql_extra
                                         LIMIT 1",
-                                       dbesc($parent["parent-uri"]),
-                                       dbesc($parent["parent-uri"]),
-                                       dbesc($parent["parent-uri"]),
+                                       DBA::escape($parent["parent-uri"]),
+                                       DBA::escape($parent["parent-uri"]),
+                                       DBA::escape($parent["parent-uri"]),
                                         intval($importer["importer_uid"])
                                 );
                                 if (DBA::isResult($r)) {
@@ -2645,7 +2645,7 @@ class DFRN
  
                                         $r = q(
                                                 "SELECT `id` FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
-                                               dbesc($item["uri"]),
+                                               DBA::escape($item["uri"]),
                                                 intval($importer["importer_uid"])
                                         );
                                         if (DBA::isResult($r)) {
@@ -2952,10 +2952,10 @@ class DFRN
                         /// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange.
                         $r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1)
                                         AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1",
-                               dbesc($contact_nick),
-                               dbesc($a->user['nickname']),
-                               dbesc($baseurl),
-                               dbesc($nurl)
+                               DBA::escape($contact_nick),
+                               DBA::escape($a->user['nickname']),
+                               DBA::escape($baseurl),
+                               DBA::escape($nurl)
                         );
                         if ((! DBA::isResult($r)) || $r[0]['id'] == remote_user()) {
                                 return;
@@ -2963,10 +2963,10 @@ class DFRN
  
                         $r = q("SELECT * FROM contact WHERE nick = '%s'
                                         AND network = '%s' AND uid = %d  AND url LIKE '%%%s%%' LIMIT 1",
-                               dbesc($contact_nick),
-                               dbesc(NETWORK_DFRN),
+                               DBA::escape($contact_nick),
+                               DBA::escape(NETWORK_DFRN),
                                 intval(local_user()),
-                               dbesc($baseurl)
+                               DBA::escape($baseurl)
                         );
                         if (! DBA::isResult($r)) {
                                 return;
diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php

index 09573bb580d4e2a57a5f98968ebfe406a959cfd8..c0b57dafaf4923d7f0a70c64fabc3105d1721f26 100644 (file)
--- a/src/Protocol/Diaspora.php
+++ b/src/Protocol/Diaspora.php
@@ -1016,8 +1016,8 @@ class Diaspora
  
                 $r = q(
                         "SELECT `url` FROM `fcontact` WHERE `url` != '' AND `network` = '%s' AND `guid` = '%s'",
-                       dbesc(NETWORK_DIASPORA),
-                       dbesc($fcontact_guid)
+                       DBA::escape(NETWORK_DIASPORA),
+                       DBA::escape($fcontact_guid)
                 );
  
                 if (DBA::isResult($r)) {
@@ -1787,7 +1787,7 @@ class Diaspora
  
                 $r = q(
                         "SELECT `id` FROM `mail` WHERE `guid` = '%s' AND `uid` = %d LIMIT 1",
-                       dbesc($msg_guid),
+                       DBA::escape($msg_guid),
                         intval($importer["uid"])
                 );
                 if (DBA::isResult($r)) {
@@ -1799,19 +1799,19 @@ class Diaspora
                         "INSERT INTO `mail` (`uid`, `guid`, `convid`, `from-name`,`from-photo`,`from-url`,`contact-id`,`title`,`body`,`seen`,`reply`,`uri`,`parent-uri`,`created`)
                         VALUES (%d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s','%s','%s')",
                         intval($importer["uid"]),
-                       dbesc($msg_guid),
+                       DBA::escape($msg_guid),
                         intval($conversation["id"]),
-                       dbesc($person["name"]),
-                       dbesc($person["photo"]),
-                       dbesc($person["url"]),
+                       DBA::escape($person["name"]),
+                       DBA::escape($person["photo"]),
+                       DBA::escape($person["url"]),
                         intval($contact["id"]),
-                       dbesc($subject),
-                       dbesc($body),
+                       DBA::escape($subject),
+                       DBA::escape($body),
                         0,
                         0,
-                       dbesc($message_uri),
-                       dbesc($author.":".$guid),
-                       dbesc($msg_created_at)
+                       DBA::escape($message_uri),
+                       DBA::escape($author.":".$guid),
+                       DBA::escape($msg_created_at)
                 );
  
                 DBA::unlock();
@@ -1870,7 +1870,7 @@ class Diaspora
                 $c = q(
                         "SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
                         intval($importer["uid"]),
-                       dbesc($guid)
+                       DBA::escape($guid)
                 );
                 if ($c)
                         $conversation = $c[0];
@@ -1879,18 +1879,18 @@ class Diaspora
                                 "INSERT INTO `conv` (`uid`, `guid`, `creator`, `created`, `updated`, `subject`, `recips`)
                                 VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s')",
                                 intval($importer["uid"]),
-                               dbesc($guid),
-                               dbesc($author),
-                               dbesc($created_at),
-                               dbesc(DateTimeFormat::utcNow()),
-                               dbesc($subject),
-                               dbesc($participants)
+                               DBA::escape($guid),
+                               DBA::escape($author),
+                               DBA::escape($created_at),
+                               DBA::escape(DateTimeFormat::utcNow()),
+                               DBA::escape($subject),
+                               DBA::escape($participants)
                         );
                         if ($r) {
                                 $c = q(
                                         "SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
                                         intval($importer["uid"]),
-                                       dbesc($guid)
+                                       DBA::escape($guid)
                                 );
                         }
  
@@ -2049,7 +2049,7 @@ class Diaspora
                 $c = q(
                         "SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
                         intval($importer["uid"]),
-                       dbesc($conversation_guid)
+                       DBA::escape($conversation_guid)
                 );
                 if ($c) {
                         $conversation = $c[0];
@@ -2074,7 +2074,7 @@ class Diaspora
  
                 $r = q(
                         "SELECT `id` FROM `mail` WHERE `guid` = '%s' AND `uid` = %d LIMIT 1",
-                       dbesc($guid),
+                       DBA::escape($guid),
                         intval($importer["uid"])
                 );
                 if (DBA::isResult($r)) {
@@ -2086,19 +2086,19 @@ class Diaspora
                         "INSERT INTO `mail` (`uid`, `guid`, `convid`, `from-name`,`from-photo`,`from-url`,`contact-id`,`title`,`body`,`seen`,`reply`,`uri`,`parent-uri`,`created`)
                                 VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s','%s','%s')",
                         intval($importer["uid"]),
-                       dbesc($guid),
+                       DBA::escape($guid),
                         intval($conversation["id"]),
-                       dbesc($person["name"]),
-                       dbesc($person["photo"]),
-                       dbesc($person["url"]),
+                       DBA::escape($person["name"]),
+                       DBA::escape($person["photo"]),
+                       DBA::escape($person["url"]),
                         intval($contact["id"]),
-                       dbesc($conversation["subject"]),
-                       dbesc($body),
+                       DBA::escape($conversation["subject"]),
+                       DBA::escape($body),
                         0,
                         1,
-                       dbesc($message_uri),
-                       dbesc($author.":".$conversation["guid"]),
-                       dbesc($created_at)
+                       DBA::escape($message_uri),
+                       DBA::escape($author.":".$conversation["guid"]),
+                       DBA::escape($created_at)
                 );
  
                 DBA::unlock();
@@ -2401,18 +2401,18 @@ class Diaspora
                         "INSERT INTO `contact` (`uid`, `network`,`addr`,`created`,`url`,`nurl`,`batch`,`name`,`nick`,`photo`,`pubkey`,`notify`,`poll`,`blocked`,`priority`)
                         VALUES (%d, '%s', '%s', '%s', '%s','%s','%s','%s','%s','%s','%s','%s','%s',%d,%d)",
                         intval($importer["uid"]),
-                       dbesc($ret["network"]),
-                       dbesc($ret["addr"]),
+                       DBA::escape($ret["network"]),
+                       DBA::escape($ret["addr"]),
                         DateTimeFormat::utcNow(),
-                       dbesc($ret["url"]),
-                       dbesc(normalise_link($ret["url"])),
-                       dbesc($batch),
-                       dbesc($ret["name"]),
-                       dbesc($ret["nick"]),
-                       dbesc($ret["photo"]),
-                       dbesc($ret["pubkey"]),
-                       dbesc($ret["notify"]),
-                       dbesc($ret["poll"]),
+                       DBA::escape($ret["url"]),
+                       DBA::escape(normalise_link($ret["url"])),
+                       DBA::escape($batch),
+                       DBA::escape($ret["name"]),
+                       DBA::escape($ret["nick"]),
+                       DBA::escape($ret["photo"]),
+                       DBA::escape($ret["pubkey"]),
+                       DBA::escape($ret["notify"]),
+                       DBA::escape($ret["poll"]),
                         1,
                         2
                 );
@@ -2444,9 +2444,9 @@ class Diaspora
                                 intval($contact_record["id"]),
                                 0,
                                 0,
-                               dbesc(L10n::t("Sharing notification from Diaspora network")),
-                               dbesc($hash),
-                               dbesc(DateTimeFormat::utcNow())
+                               DBA::escape(L10n::t("Sharing notification from Diaspora network")),
+                               DBA::escape($hash),
+                               DBA::escape(DateTimeFormat::utcNow())
                         );
                 } else {
                         // automatic friend approval
@@ -2477,8 +2477,8 @@ class Diaspora
                                 WHERE `id` = %d
                                 ",
                                 intval($new_relation),
-                               dbesc(DateTimeFormat::utcNow()),
-                               dbesc(DateTimeFormat::utcNow()),
+                               DBA::escape(DateTimeFormat::utcNow()),
+                               DBA::escape(DateTimeFormat::utcNow()),
                                 intval($contact_record["id"])
                         );
  
@@ -4129,7 +4129,7 @@ class Diaspora
                         $recips = q(
                                 "SELECT `id`,`name`,`network`,`pubkey`,`notify` FROM `contact` WHERE `network` = '%s'
                                 AND `uid` = %d AND `rel` != %d",
-                               dbesc(NETWORK_DIASPORA),
+                               DBA::escape(NETWORK_DIASPORA),
                                 intval($uid),
                                 intval(CONTACT_IS_SHARING)
                         );
diff --git a/src/Protocol/OStatus.php b/src/Protocol/OStatus.php

index b597cdfbd74e12f3ab6301c16c4217d61d21ac1b..7c6f7f1ce41176e8b8bc3cbf76b86112cb7e4a8c 100644 (file)
--- a/src/Protocol/OStatus.php
+++ b/src/Protocol/OStatus.php
@@ -1573,7 +1573,7 @@ class OStatus
         {
                 $r = q(
                         "SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` IN (0, %d) ORDER BY `uid` DESC LIMIT 1",
-                       dbesc(normalise_link($url)),
+                       DBA::escape(normalise_link($url)),
                         intval($owner["uid"])
                 );
                 if (DBA::isResult($r)) {
@@ -1584,7 +1584,7 @@ class OStatus
                 if (!DBA::isResult($r)) {
                         $r = q(
                                 "SELECT * FROM `gcontact` WHERE `nurl` = '%s' LIMIT 1",
-                               dbesc(normalise_link($url))
+                               DBA::escape(normalise_link($url))
                         );
                         if (DBA::isResult($r)) {
                                 $contact = $r[0];
@@ -1790,7 +1790,7 @@ class OStatus
                 $r = q(
                         "SELECT `id` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s'",
                         intval($owner['uid']),
-                       dbesc(normalise_link($contact["url"]))
+                       DBA::escape(normalise_link($contact["url"]))
                 );
  
                 if (DBA::isResult($r)) {
diff --git a/src/Protocol/PortableContact.php b/src/Protocol/PortableContact.php

index fe51edfe9db3d998fcba8de19cc21573a6a39573..f1d878f5d6049b83bbca136406363d0e07e50695 100644 (file)
--- a/src/Protocol/PortableContact.php
+++ b/src/Protocol/PortableContact.php
@@ -281,7 +281,7 @@ class PortableContact
  
                 $r = q(
                         "SELECT `id` FROM `gserver` WHERE `nurl` = '%s' AND `last_contact` > `last_failure`",
-                       dbesc(normalise_link($server_url))
+                       DBA::escape(normalise_link($server_url))
                 );
  
                 if (DBA::isResult($r)) {
@@ -306,7 +306,7 @@ class PortableContact
         {
                 $gcontacts = q(
                         "SELECT * FROM `gcontact` WHERE `nurl` = '%s'",
-                       dbesc(normalise_link($profile))
+                       DBA::escape(normalise_link($profile))
                 );
  
                 if (!DBA::isResult($gcontacts)) {
@@ -353,7 +353,7 @@ class PortableContact
                 if (in_array($gcontacts[0]["network"], ["", NETWORK_FEED])) {
                         $server = q(
                                 "SELECT `network` FROM `gserver` WHERE `nurl` = '%s' AND `network` != ''",
-                               dbesc(normalise_link($server_url))
+                               DBA::escape(normalise_link($server_url))
                         );
  
                         if ($server) {
@@ -366,7 +366,7 @@ class PortableContact
                 // noscrape is really fast so we don't cache the call.
                 if (($server_url != "") && ($gcontacts[0]["nick"] != "")) {
                         //  Use noscrape if possible
-                       $server = q("SELECT `noscrape`, `network` FROM `gserver` WHERE `nurl` = '%s' AND `noscrape` != ''", dbesc(normalise_link($server_url)));
+                       $server = q("SELECT `noscrape`, `network` FROM `gserver` WHERE `nurl` = '%s' AND `noscrape` != ''", DBA::escape(normalise_link($server_url)));
  
                         if ($server) {
                                 $noscraperet = Network::curl($server[0]["noscrape"]."/".$gcontacts[0]["nick"]);
@@ -1477,9 +1477,9 @@ class PortableContact
                         WHERE `network` IN ('%s', '%s', '%s') AND `last_contact` > `last_failure`
                         ORDER BY `last_contact`
                         LIMIT 1000",
-                       dbesc(NETWORK_DFRN),
-                       dbesc(NETWORK_DIASPORA),
-                       dbesc(NETWORK_OSTATUS)
+                       DBA::escape(NETWORK_DFRN),
+                       DBA::escape(NETWORK_DIASPORA),
+                       DBA::escape(NETWORK_OSTATUS)
                 );
  
                 if (!DBA::isResult($r)) {
@@ -1509,7 +1509,7 @@ class PortableContact
                 foreach ($serverlist as $server) {
                         $server_url = str_replace("/index.php", "", $server->url);
  
-                       $r = q("SELECT `nurl` FROM `gserver` WHERE `nurl` = '%s'", dbesc(normalise_link($server_url)));
+                       $r = q("SELECT `nurl` FROM `gserver` WHERE `nurl` = '%s'", DBA::escape(normalise_link($server_url)));
                         if (!DBA::isResult($r)) {
                                 logger("Call server check for server ".$server_url, LOGGER_DEBUG);
                                 Worker::add(PRIORITY_LOW, "DiscoverPoCo", "server", $server_url);
@@ -1654,7 +1654,7 @@ class PortableContact
                 }
                 $last_update = date("c", time() - (60 * 60 * 24 * $requery_days));
  
-               $r = q("SELECT `id`, `url`, `nurl`, `network` FROM `gserver` WHERE `last_contact` >= `last_failure` AND `poco` != '' AND `last_poco_query` < '%s' ORDER BY RAND()", dbesc($last_update));
+               $r = q("SELECT `id`, `url`, `nurl`, `network` FROM `gserver` WHERE `last_contact` >= `last_failure` AND `poco` != '' AND `last_poco_query` < '%s' ORDER BY RAND()", DBA::escape($last_update));
                 if (DBA::isResult($r)) {
                         foreach ($r as $server) {
                                 if (!self::checkServer($server["url"], $server["network"])) {
diff --git a/src/Worker/CheckVersion.php b/src/Worker/CheckVersion.php

index e37e37a060341e9583d618424a61bc98a5ca92e6..6473f64c428472fef067013b5821e3b1f4830f11 100644 (file)
--- a/src/Worker/CheckVersion.php
+++ b/src/Worker/CheckVersion.php
@@ -38,7 +38,7 @@ class CheckVersion
                 logger("Checking VERSION from: ".$checked_url, LOGGER_DEBUG);
  
                 // fetch the VERSION file
-               $gitversion = dbesc(trim(Network::fetchUrl($checked_url)));
+               $gitversion = DBA::escape(trim(Network::fetchUrl($checked_url)));
                 logger("Upstream VERSION is: ".$gitversion, LOGGER_DEBUG);
  
                 Config::set('system', 'git_friendica_version', $gitversion);
diff --git a/src/Worker/Cron.php b/src/Worker/Cron.php

index 3c136331f944c2988b4a156778ae1e1549bf2e5b..b28c4216198e454c5cafe998435b2c0949481dfa 100644 (file)
--- a/src/Worker/Cron.php
+++ b/src/Worker/Cron.php
@@ -187,11 +187,11 @@ class Cron
                                         AND `contact`.`network` IN ('%s', '%s', '%s', '%s', '%s') $sql_extra
                                         AND NOT `contact`.`self` AND NOT `contact`.`blocked`
                                 WHERE NOT `user`.`account_expired` AND NOT `user`.`account_removed` $abandon_sql",
-                       dbesc(NETWORK_DFRN),
-                       dbesc(NETWORK_OSTATUS),
-                       dbesc(NETWORK_DIASPORA),
-                       dbesc(NETWORK_FEED),
-                       dbesc(NETWORK_MAIL)
+                       DBA::escape(NETWORK_DFRN),
+                       DBA::escape(NETWORK_OSTATUS),
+                       DBA::escape(NETWORK_DIASPORA),
+                       DBA::escape(NETWORK_FEED),
+                       DBA::escape(NETWORK_MAIL)
                 );
  
                 if (!DBA::isResult($contacts)) {
diff --git a/src/Worker/CronJobs.php b/src/Worker/CronJobs.php

index 926a1aff5af85bcb60eb0423f4cc27b32dc3b70a..ca898f2b6285a3fb4dfd8776d1354059c0384a8d 100644 (file)
--- a/src/Worker/CronJobs.php
+++ b/src/Worker/CronJobs.php
@@ -9,7 +9,6 @@ use Friendica\BaseObject;
  use Friendica\Core\Cache;
  use Friendica\Core\Config;
  use Friendica\Database\DBA;
-use Friendica\Database\PostUpdate;
  use Friendica\Model\Contact;
  use Friendica\Model\GContact;
  use Friendica\Model\Photo;
@@ -211,7 +210,7 @@ class CronJobs
  
                                 // So optimize it
                                 logger("Optimize Table " . $table["Name"], LOGGER_DEBUG);
-                               q("OPTIMIZE TABLE `%s`", dbesc($table["Name"]));
+                               q("OPTIMIZE TABLE `%s`", DBA::escape($table["Name"]));
                         }
                 }
  
@@ -229,7 +228,7 @@ class CronJobs
  
                 $r = q("SELECT `id`, `url` FROM `contact`
                         WHERE `network` = '%s' AND (`batch` = '' OR `notify` = '' OR `poll` = '' OR pubkey = '')
-                               ORDER BY RAND() LIMIT 50", dbesc(NETWORK_DIASPORA));
+                               ORDER BY RAND() LIMIT 50", DBA::escape(NETWORK_DIASPORA));
                 if (!DBA::isResult($r)) {
                         return;
                 }
@@ -251,7 +250,7 @@ class CronJobs
  
                         logger("Repair contact " . $contact["id"] . " " . $contact["url"], LOGGER_DEBUG);
                         q("UPDATE `contact` SET `batch` = '%s', `notify` = '%s', `poll` = '%s', pubkey = '%s' WHERE `id` = %d",
-                               dbesc($data["batch"]), dbesc($data["notify"]), dbesc($data["poll"]), dbesc($data["pubkey"]),
+                               DBA::escape($data["batch"]), DBA::escape($data["notify"]), DBA::escape($data["poll"]), DBA::escape($data["pubkey"]),
                                 intval($contact["id"]));
                 }
         }
diff --git a/src/Worker/DiscoverPoCo.php b/src/Worker/DiscoverPoCo.php

index 6cdb72a58a3663dec4fb158f7931d810e856e65d..4b3474728ca23f1c790b78cbcb71901a175b9cb7 100644 (file)
--- a/src/Worker/DiscoverPoCo.php
+++ b/src/Worker/DiscoverPoCo.php
@@ -147,8 +147,8 @@ class DiscoverPoCo
                                 WHERE `last_contact` < UTC_TIMESTAMP - INTERVAL 1 MONTH AND
                                         `last_failure` < UTC_TIMESTAMP - INTERVAL 1 MONTH AND
                                         `network` IN ('%s', '%s', '%s', '%s', '') ORDER BY rand()",
-                               dbesc(NETWORK_DFRN), dbesc(NETWORK_DIASPORA),
-                               dbesc(NETWORK_OSTATUS), dbesc(NETWORK_FEED));
+                               DBA::escape(NETWORK_DFRN), DBA::escape(NETWORK_DIASPORA),
+                               DBA::escape(NETWORK_OSTATUS), DBA::escape(NETWORK_FEED));
  
                 if (!$users) {
                         return;
diff --git a/src/Worker/GProbe.php b/src/Worker/GProbe.php

index 3471d9b992df2a2dc27b769d41acbc5fe50c5d9e..dfe309cf64c71c7e6b6a26c03542ecc46c74c75b 100644 (file)
--- a/src/Worker/GProbe.php
+++ b/src/Worker/GProbe.php
@@ -20,7 +20,7 @@ class GProbe {
  
                 $r = q(
                         "SELECT `id`, `url`, `network` FROM `gcontact` WHERE `nurl` = '%s' ORDER BY `id` LIMIT 1",
-                       dbesc(normalise_link($url))
+                       DBA::escape(normalise_link($url))
                 );
  
                 logger("gprobe start for ".normalise_link($url), LOGGER_DEBUG);
@@ -49,7 +49,7 @@ class GProbe {
  
                         $r = q(
                                 "SELECT `id`, `url`, `network` FROM `gcontact` WHERE `nurl` = '%s' ORDER BY `id` LIMIT 1",
-                               dbesc(normalise_link($url))
+                               DBA::escape(normalise_link($url))
                         );
                 }
                 if (DBA::isResult($r)) {
diff --git a/src/Worker/Notifier.php b/src/Worker/Notifier.php

index 0cf6420f153fa5e97168f0d9f290e8da0f3c8c1b..61b05a1b197bcc38d37eba82f43176f0d1932c61 100644 (file)
--- a/src/Worker/Notifier.php
+++ b/src/Worker/Notifier.php
@@ -238,7 +238,7 @@ class Notifier
                                 // local followup to remote post
                                 $followup = true;
                                 $public_message = false; // not public
-                               $conversant_str = dbesc($parent['contact-id']);
+                               $conversant_str = DBA::escape($parent['contact-id']);
                                 $recipients = [$parent['contact-id']];
                                 $recipients_followup  = [$parent['contact-id']];
  
@@ -258,7 +258,7 @@ class Notifier
                                                 // Currently it is work at progress
                                                 $r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `network` = '%s' AND NOT `blocked` AND NOT `pending` AND NOT `archive`",
                                                         intval($uid),
-                                                       dbesc(NETWORK_DFRN)
+                                                       DBA::escape(NETWORK_DFRN)
                                                 );
                                                 if (DBA::isResult($r)) {
                                                         foreach ($r as $rr) {
@@ -331,7 +331,7 @@ class Notifier
                                 $deny = array_unique(array_merge($deny_people,$deny_groups));
                                 $recipients = array_diff($recipients,$deny);
  
-                               $conversant_str = dbesc(implode(', ',$conversants));
+                               $conversant_str = DBA::escape(implode(', ',$conversants));
                         }
  
                         // If the thread parent is OStatus then do some magic to distribute the messages.
@@ -385,7 +385,7 @@ class Notifier
                                 && intval($target_item['pubmail'])) {
                                 $r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `network` = '%s'",
                                         intval($uid),
-                                       dbesc(NETWORK_MAIL)
+                                       DBA::escape(NETWORK_MAIL)
                                 );
                                 if (DBA::isResult($r)) {
                                         foreach ($r as $rr) {
@@ -440,7 +440,7 @@ class Notifier
                                 $r1 = q("SELECT `batch`, ANY_VALUE(`id`) AS `id`, ANY_VALUE(`name`) AS `name`, ANY_VALUE(`network`) AS `network`
                                         FROM `contact` WHERE `network` = '%s' AND `batch` != ''
                                         AND `uid` = %d AND `rel` != %d AND NOT `blocked` AND NOT `pending` AND NOT `archive` GROUP BY `batch`",
-                                       dbesc(NETWORK_DIASPORA),
+                                       DBA::escape(NETWORK_DIASPORA),
                                         intval($owner['uid']),
                                         intval(CONTACT_IS_SHARING)
                                 );
diff --git a/src/Worker/UpdateGContact.php b/src/Worker/UpdateGContact.php

index 7298cf37077016d18ada58ca59ff0a7456470a90..55c91a12718a8a17fca8d748c008064a7e43615e 100644 (file)
--- a/src/Worker/UpdateGContact.php
+++ b/src/Worker/UpdateGContact.php
@@ -40,7 +40,7 @@ class UpdateGContact
                         }
  
                         q("UPDATE `gcontact` SET `last_failure` = '%s' WHERE `id` = %d",
-                               dbesc(DateTimeFormat::utcNow()), intval($contact_id));
+                               DBA::escape(DateTimeFormat::utcNow()), intval($contact_id));
                         return;
                 }
  
@@ -63,26 +63,26 @@ class UpdateGContact
  
                 q("UPDATE `gcontact` SET `name` = '%s', `nick` = '%s', `addr` = '%s', `photo` = '%s'
                                         WHERE `id` = %d",
-                                       dbesc($data["name"]),
-                                       dbesc($data["nick"]),
-                                       dbesc($data["addr"]),
-                                       dbesc($data["photo"]),
+                                       DBA::escape($data["name"]),
+                                       DBA::escape($data["nick"]),
+                                       DBA::escape($data["addr"]),
+                                       DBA::escape($data["photo"]),
                         intval($contact_id)
                 );
  
                 q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `addr` = '%s', `photo` = '%s'
                                         WHERE `uid` = 0 AND `addr` = '' AND `nurl` = '%s'",
-                                       dbesc($data["name"]),
-                                       dbesc($data["nick"]),
-                                       dbesc($data["addr"]),
-                                       dbesc($data["photo"]),
-                                       dbesc(normalise_link($data["url"]))
+                                       DBA::escape($data["name"]),
+                                       DBA::escape($data["nick"]),
+                                       DBA::escape($data["addr"]),
+                                       DBA::escape($data["photo"]),
+                                       DBA::escape(normalise_link($data["url"]))
                 );
  
                 q("UPDATE `contact` SET `addr` = '%s'
                                         WHERE `uid` != 0 AND `addr` = '' AND `nurl` = '%s'",
-                                       dbesc($data["addr"]),
-                                       dbesc(normalise_link($data["url"]))
+                                       DBA::escape($data["addr"]),
+                                       DBA::escape(normalise_link($data["url"]))
                 );
         }
  }
diff --git a/update.php b/update.php

index bb963d9397977c762e9a906c54bbc8eaa9edd561..7bd02f966500531a5306a1bce8e228094c2e8dce 100644 (file)
--- a/update.php
+++ b/update.php
@@ -49,10 +49,10 @@ function update_1178() {
                 $profile["pub_keywords"] = profile_clean_keywords($profile["pub_keywords"]);
  
                 $r = q("UPDATE `contact` SET `about` = '%s', `location` = '%s', `keywords` = '%s', `gender` = '%s' WHERE `self` AND `uid` = %d",
-                               dbesc($profile["about"]),
-                               dbesc($profile["locality"]),
-                               dbesc($profile["pub_keywords"]),
-                               dbesc($profile["gender"]),
+                               DBA::escape($profile["about"]),
+                               DBA::escape($profile["locality"]),
+                               DBA::escape($profile["pub_keywords"]),
+                               DBA::escape($profile["gender"]),
                                 intval($profile["uid"])
                         );
         }
@@ -112,7 +112,7 @@ function update_1191() {
  
         // select old formlist addon entries
         $r = q("SELECT `uid`, `cat`, `k`, `v` FROM `pconfig` WHERE `cat` = '%s' ",
-               dbesc('forumlist')
+               DBA::escape('forumlist')
         );
  
         // convert old forumlist addon entries in new config entries
@@ -149,7 +149,7 @@ function update_1191() {
  
  function update_1203() {
         $r = q("UPDATE `user` SET `account-type` = %d WHERE `page-flags` IN (%d, %d)",
-               dbesc(ACCOUNT_TYPE_COMMUNITY), dbesc(PAGE_COMMUNITY), dbesc(PAGE_PRVGROUP));
+               DBA::escape(ACCOUNT_TYPE_COMMUNITY), DBA::escape(PAGE_COMMUNITY), DBA::escape(PAGE_PRVGROUP));
  }
  
  function update_1244() {
diff --git a/view/theme/frio/theme.php b/view/theme/frio/theme.php

index d9a7bbb31dab46a6c3fd92b48972e2a1e938189e..d2737a65ac7a421276f5d983090aa9af0a77c7c8 100644 (file)
--- a/view/theme/frio/theme.php
+++ b/view/theme/frio/theme.php
@@ -239,7 +239,7 @@ function frio_remote_nav($a, &$nav)
         } elseif (Profile::getMyURL()) {
                 $r = q("SELECT `name`, `nick`, `photo` FROM `gcontact`
                                 WHERE `addr` = '%s' AND `network` = 'dfrn'",
-                       dbesc($webbie));
+                       DBA::escape($webbie));
                 $nav['remote'] = L10n::t('Visitor');
         } else {
                 $r = false;
@@ -299,12 +299,12 @@ function frio_acl_lookup(App $a, &$results)
  
         $sql_extra = '';
         if ($results['search']) {
-               $search_txt = dbesc(protect_sprintf(preg_quote($results['search'])));
-               $sql_extra .= " AND (`attag` LIKE '%%" . dbesc($search_txt) . "%%' OR `name` LIKE '%%" . dbesc($search_txt) . "%%' OR `nick` LIKE '%%" . dbesc($search_txt) . "%%') ";
+               $search_txt = DBA::escape(protect_sprintf(preg_quote($results['search'])));
+               $sql_extra .= " AND (`attag` LIKE '%%" . $search_txt . "%%' OR `name` LIKE '%%" . $search_txt . "%%' OR `nick` LIKE '%%" . $search_txt . "%%') ";
         }
  
         if ($nets) {
-               $sql_extra .= sprintf(" AND network = '%s' ", dbesc($nets));
+               $sql_extra .= sprintf(" AND network = '%s' ", DBA::escape($nets));
         }
  
         $total = 0;
diff --git a/view/theme/vier/theme.php b/view/theme/vier/theme.php

index df69e720ef9dbffb6ea0f5f8349b96f84b334342..43b786e6e89cddc64534037ea15bd06f6debb7c5 100644 (file)
--- a/view/theme/vier/theme.php
+++ b/view/theme/vier/theme.php
@@ -12,14 +12,13 @@
  use Friendica\App;
  use Friendica\Content\ForumManager;
  use Friendica\Core\Addon;
-use Friendica\Core\L10n;
  use Friendica\Core\Config;
+use Friendica\Core\L10n;
  use Friendica\Core\PConfig;
  use Friendica\Core\System;
  use Friendica\Database\DBA;
  use Friendica\Model\Contact;
  use Friendica\Model\GContact;
-use Friendica\Model\Profile;
  
  require_once "mod/proxy.php";
  
@@ -278,7 +277,7 @@ function vier_community_info()
                                         $query .= ",";
                                 }
  
-                               $query .= "'".dbesc(normalise_link(trim($helper)))."'";
+                               $query .= "'".DBA::escape(normalise_link(trim($helper)))."'";
                         }
  
                         $r = q("SELECT `url`, `name` FROM `gcontact` WHERE `nurl` IN (%s)", $query);
author	Hypolite Petovan <mrpetovan@gmail.com>
	Sat, 21 Jul 2018 13:10:13 +0000 (09:10 -0400)
committer	Hypolite Petovan <hypolite@mrpetovan.com>
	Mon, 23 Jul 2018 19:30:54 +0000 (15:30 -0400)
include/api.php		patch \| blob \| history
include/enotify.php		patch \| blob \| history
include/items.php		patch \| blob \| history
include/security.php		patch \| blob \| history
include/text.php		patch \| blob \| history
mod/acl.php		patch \| blob \| history
mod/admin.php		patch \| blob \| history
mod/api.php		patch \| blob \| history
mod/attach.php		patch \| blob \| history
mod/contacts.php		patch \| blob \| history
mod/crepair.php		patch \| blob \| history
mod/delegate.php		patch \| blob \| history
mod/dfrn_confirm.php		patch \| blob \| history
mod/dfrn_notify.php		patch \| blob \| history
mod/dfrn_poll.php		patch \| blob \| history
mod/dfrn_request.php		patch \| blob \| history
mod/directory.php		patch \| blob \| history
mod/dirfind.php		patch \| blob \| history
mod/fbrowser.php		patch \| blob \| history
mod/follow.php		patch \| blob \| history
mod/friendica.php		patch \| blob \| history
mod/fsuggest.php		patch \| blob \| history
mod/group.php		patch \| blob \| history
mod/invite.php		patch \| blob \| history
mod/lockview.php		patch \| blob \| history
mod/manage.php		patch \| blob \| history
mod/match.php		patch \| blob \| history
mod/message.php		patch \| blob \| history
mod/modexp.php		patch \| blob \| history
mod/msearch.php		patch \| blob \| history
mod/network.php		patch \| blob \| history
mod/noscrape.php		patch \| blob \| history
mod/openid.php		patch \| blob \| history
mod/photo.php		patch \| blob \| history
mod/photos.php		patch \| blob \| history
mod/ping.php		patch \| blob \| history
mod/poco.php		patch \| blob \| history
mod/profile.php		patch \| blob \| history
mod/profile_photo.php		patch \| blob \| history
mod/profiles.php		patch \| blob \| history
mod/profperm.php		patch \| blob \| history
mod/register.php		patch \| blob \| history
mod/regmod.php		patch \| blob \| history
mod/repair_ostatus.php		patch \| blob \| history
mod/salmon.php		patch \| blob \| history
mod/search.php		patch \| blob \| history
mod/settings.php		patch \| blob \| history
mod/tagger.php		patch \| blob \| history
mod/videos.php		patch \| blob \| history
mod/viewcontacts.php		patch \| blob \| history
mod/wall_attach.php		patch \| blob \| history
mod/wall_upload.php		patch \| blob \| history
mod/wallmessage.php		patch \| blob \| history
src/Core/ACL.php		patch \| blob \| history
src/Core/NotificationsManager.php		patch \| blob \| history
src/Core/UserImport.php		patch \| blob \| history
src/Database/DBA.php		patch \| blob \| history
src/Database/DBStructure.php		patch \| blob \| history
src/Database/PostUpdate.php		patch \| blob \| history
src/Model/Contact.php		patch \| blob \| history
src/Model/Event.php		patch \| blob \| history
src/Model/GContact.php		patch \| blob \| history
src/Model/Mail.php		patch \| blob \| history
src/Model/Photo.php		patch \| blob \| history
src/Model/Profile.php		patch \| blob \| history
src/Protocol/DFRN.php		patch \| blob \| history
src/Protocol/Diaspora.php		patch \| blob \| history
src/Protocol/OStatus.php		patch \| blob \| history
src/Protocol/PortableContact.php		patch \| blob \| history
src/Worker/CheckVersion.php		patch \| blob \| history
src/Worker/Cron.php		patch \| blob \| history
src/Worker/CronJobs.php		patch \| blob \| history
src/Worker/DiscoverPoCo.php		patch \| blob \| history
src/Worker/GProbe.php		patch \| blob \| history
src/Worker/Notifier.php		patch \| blob \| history
src/Worker/UpdateGContact.php		patch \| blob \| history
update.php		patch \| blob \| history
view/theme/frio/theme.php		patch \| blob \| history
view/theme/vier/theme.php		patch \| blob \| history