Merge pull request #3125 from annando/alternate-pr-3124
Alternate solution for pull request 3124
This commit is contained in:
commit
069dd5b75d
5 changed files with 49 additions and 14 deletions
|
@ -49,5 +49,42 @@ class dbm {
|
||||||
}
|
}
|
||||||
return (is_array($array) && count($array) > 0);
|
return (is_array($array) && count($array) > 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Callback function for "esc_array"
|
||||||
|
*
|
||||||
|
* @param mixed $value Array value
|
||||||
|
* @param string $key Array key
|
||||||
|
* @param boolean $add_quotation add quotation marks for string values
|
||||||
|
*/
|
||||||
|
private static function esc_array_callback(&$value, $key, $add_quotation) {
|
||||||
|
|
||||||
|
if (!$add_quotation) {
|
||||||
|
if (is_bool($value)) {
|
||||||
|
$value = ($value ? '1' : '0');
|
||||||
|
} else {
|
||||||
|
$value = dbesc($value);
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (is_bool($value)) {
|
||||||
|
$value = ($value ? 'true' : 'false');
|
||||||
|
} elseif (is_numeric($value)) {
|
||||||
|
$value = (string)$value;
|
||||||
|
} else {
|
||||||
|
$value = "'".dbesc($value)."'";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Escapes a whole array
|
||||||
|
*
|
||||||
|
* @param mixed $arr Array with values to be escaped
|
||||||
|
* @param boolean $add_quotation add quotation marks for string values
|
||||||
|
*/
|
||||||
|
public static function esc_array(&$arr, $add_quotation = false) {
|
||||||
|
array_walk($arr, 'self::esc_array_callback', $add_quotation);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -1421,9 +1421,9 @@ class dfrn {
|
||||||
$msg["seen"] = 0;
|
$msg["seen"] = 0;
|
||||||
$msg["replied"] = 0;
|
$msg["replied"] = 0;
|
||||||
|
|
||||||
dbesc_array($msg);
|
dbm::esc_array($msg, true);
|
||||||
|
|
||||||
$r = dbq("INSERT INTO `mail` (`".implode("`, `", array_keys($msg))."`) VALUES ('".implode("', '", array_values($msg))."')");
|
$r = dbq("INSERT INTO `mail` (`".implode("`, `", array_keys($msg))."`) VALUES (".implode(", ", array_values($msg)).")");
|
||||||
|
|
||||||
// send notifications.
|
// send notifications.
|
||||||
|
|
||||||
|
|
|
@ -820,7 +820,7 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa
|
||||||
// Store the unescaped version
|
// Store the unescaped version
|
||||||
$unescaped = $arr;
|
$unescaped = $arr;
|
||||||
|
|
||||||
dbesc_array($arr);
|
dbm::esc_array($arr, true);
|
||||||
|
|
||||||
logger('item_store: ' . print_r($arr,true), LOGGER_DATA);
|
logger('item_store: ' . print_r($arr,true), LOGGER_DATA);
|
||||||
|
|
||||||
|
@ -829,9 +829,9 @@ function item_store($arr,$force_parent = false, $notify = false, $dontcache = fa
|
||||||
|
|
||||||
$r = dbq("INSERT INTO `item` (`"
|
$r = dbq("INSERT INTO `item` (`"
|
||||||
. implode("`, `", array_keys($arr))
|
. implode("`, `", array_keys($arr))
|
||||||
. "`) VALUES ('"
|
. "`) VALUES ("
|
||||||
. implode("', '", array_values($arr))
|
. implode(", ", array_values($arr))
|
||||||
. "')");
|
. ")");
|
||||||
|
|
||||||
// And restore it
|
// And restore it
|
||||||
$arr = $unescaped;
|
$arr = $unescaped;
|
||||||
|
|
|
@ -145,9 +145,7 @@ function dfrn_request_post(App $a) {
|
||||||
$photo = $parms["photo"];
|
$photo = $parms["photo"];
|
||||||
|
|
||||||
// Escape the entire array
|
// Escape the entire array
|
||||||
|
dbm::esc_array($parms);
|
||||||
dbesc_array($parms);
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Create a contact record on our site for the other person
|
* Create a contact record on our site for the other person
|
||||||
|
@ -547,7 +545,7 @@ function dfrn_request_post(App $a) {
|
||||||
$parms['issued-id'] = $issued_id;
|
$parms['issued-id'] = $issued_id;
|
||||||
$photo = $parms["photo"];
|
$photo = $parms["photo"];
|
||||||
|
|
||||||
dbesc_array($parms);
|
dbm::esc_array($parms);
|
||||||
$r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `nurl`, `addr`, `name`, `nick`, `issued-id`, `photo`, `site-pubkey`,
|
$r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `nurl`, `addr`, `name`, `nick`, `issued-id`, `photo`, `site-pubkey`,
|
||||||
`request`, `confirm`, `notify`, `poll`, `poco`, `network`, `blocked`, `pending` )
|
`request`, `confirm`, `notify`, `poll`, `poco`, `network`, `blocked`, `pending` )
|
||||||
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
|
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
|
||||||
|
|
|
@ -103,13 +103,13 @@ function profiles_init(App $a) {
|
||||||
$r1[0]['net-publish'] = 0;
|
$r1[0]['net-publish'] = 0;
|
||||||
$r1[0]['profile-name'] = dbesc($name);
|
$r1[0]['profile-name'] = dbesc($name);
|
||||||
|
|
||||||
dbesc_array($r1[0]);
|
dbm::esc_array($r1[0], true);
|
||||||
|
|
||||||
$r2 = dbq("INSERT INTO `profile` (`"
|
$r2 = dbq("INSERT INTO `profile` (`"
|
||||||
. implode("`, `", array_keys($r1[0]))
|
. implode("`, `", array_keys($r1[0]))
|
||||||
. "`) VALUES ('"
|
. "`) VALUES ("
|
||||||
. implode("', '", array_values($r1[0]))
|
. implode(", ", array_values($r1[0]))
|
||||||
. "')" );
|
. ")" );
|
||||||
|
|
||||||
$r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1",
|
$r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1",
|
||||||
intval(local_user()),
|
intval(local_user()),
|
||||||
|
|
Loading…
Reference in a new issue