harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PostgreSQL support initial commit

Browse Source 
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.

These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.

Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
This commit is contained in:
Habeas Codice 2014-11-13 12:21:58 -08:00
parent 31376de066
commit 1a5a5c7edb
110 changed files with 2256 additions and 648 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
boot.php
View File

@ -52,7 +52,7 @@ define ( 'DB_UPDATE_VERSION', 1130 );
define ( 'EOL', '<br />' . "\r\n" ); define ( 'EOL', '<br />' . "\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
define ( 'NULL_DATE', '0000-00-00 00:00:00' ); //define ( 'NULL_DATE', '0000-00-00 00:00:00' );
define ( 'TEMPLATE_BUILD_PATH', 'store/[data]/smarty3' ); define ( 'TEMPLATE_BUILD_PATH', 'store/[data]/smarty3' );
define ( 'DIRECTORY_MODE_NORMAL', 0x0000); // This is technically DIRECTORY_MODE_TERTIARY, but it's the default, hence 0x0000 define ( 'DIRECTORY_MODE_NORMAL', 0x0000); // This is technically DIRECTORY_MODE_TERTIARY, but it's the default, hence 0x0000
@ -555,7 +555,9 @@ define ( 'ITEM_VERIFIED', 0x2000); // Signature verification was success
define ( 'ITEM_RETAINED', 0x4000); // We looked at this item once to decide whether or not to expire it, and decided not to. define ( 'ITEM_RETAINED', 0x4000); // We looked at this item once to decide whether or not to expire it, and decided not to.
define ( 'ITEM_RSS', 0x8000); // Item comes from a feed. Use this to decide whether to link the title define ( 'ITEM_RSS', 0x8000); // Item comes from a feed. Use this to decide whether to link the title
// Don't make us evaluate this same item again. // Don't make us evaluate this same item again.
define ( 'DBTYPE_MYSQL', 0 );
define ( 'DBTYPE_POSTGRES', 1 );
/** /**
* *
* Reverse the effect of magic_quotes_gpc if it is enabled. * Reverse the effect of magic_quotes_gpc if it is enabled.
@ -1417,7 +1419,7 @@ function fix_system_urls($oldurl,$newurl) {
$replace_xchan_url = ((strpos($rr['xchan_url'],$oldurl) !== false) ? true : false); $replace_xchan_url = ((strpos($rr['xchan_url'],$oldurl) !== false) ? true : false);
$x = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_connurl = '%s', xchan_follow = '%s', xchan_connpage = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_date = '%s' where xchan_hash = '%s' limit 1", $x = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_connurl = '%s', xchan_follow = '%s', xchan_connpage = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'",
dbesc($channel_address . '@' . $rhs), dbesc($channel_address . '@' . $rhs),
dbesc(($replace_xchan_url) ? str_replace($oldurl,$newurl,$rr['xchan_url']) : $rr['xchan_url']), dbesc(($replace_xchan_url) ? str_replace($oldurl,$newurl,$rr['xchan_url']) : $rr['xchan_url']),
dbesc(str_replace($oldurl,$newurl,$rr['xchan_connurl'])), dbesc(str_replace($oldurl,$newurl,$rr['xchan_connurl'])),
@ -1430,7 +1432,7 @@ function fix_system_urls($oldurl,$newurl) {
dbesc($rr['xchan_hash']) dbesc($rr['xchan_hash'])
); );
$y = q("update hubloc set hubloc_addr = '%s', hubloc_url = '%s', hubloc_url_sig = '%s', hubloc_host = '%s', hubloc_callback = '%s' where hubloc_hash = '%s' and hubloc_url = '%s' limit 1", $y = q("update hubloc set hubloc_addr = '%s', hubloc_url = '%s', hubloc_url_sig = '%s', hubloc_host = '%s', hubloc_callback = '%s' where hubloc_hash = '%s' and hubloc_url = '%s'",
dbesc($channel_address . '@' . $rhs), dbesc($channel_address . '@' . $rhs),
dbesc($newurl), dbesc($newurl),
dbesc(base64url_encode(rsa_sign($newurl,$c[0]['channel_prvkey']))), dbesc(base64url_encode(rsa_sign($newurl,$c[0]['channel_prvkey']))),
@ -1787,7 +1789,7 @@ function load_contact_links($uid) {
// logger('load_contact_links'); // logger('load_contact_links');
$r = q("SELECT abook_id, abook_flags, abook_my_perms, abook_their_perms, xchan_hash, xchan_photo_m, xchan_name, xchan_url from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d) ", $r = q("SELECT abook_id, abook_flags, abook_my_perms, abook_their_perms, xchan_hash, xchan_photo_m, xchan_name, xchan_url from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d)>0 ",
intval($uid), intval($uid),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
); );

3
doc/developers.bb
View File

@ -64,4 +64,7 @@ In the interests of consistency we adopt the following code styling. We may acce
[li] Generally speaking, opening braces go on the same line as the thing which opens the brace. They are the last character on the line. Closing braces are on a line by themselves. [/li] [li] Generally speaking, opening braces go on the same line as the thing which opens the brace. They are the last character on the line. Closing braces are on a line by themselves. [/li]
[b]See Also[/b]
[zrl=[baseurl]/help/sql_conventions]SQL Conventions[/zrl]
#include doc/macros/main_footer.bb; #include doc/macros/main_footer.bb;

87
doc/sql_conventions.bb Normal file
View File

@ -0,0 +1,87 @@
[h1]SQL Conventions[/h1]
[b]Intro[/b]
The following common SQL conventions appear throughout the code in many places. We use a simple DBA (DataBase Abstraction layer) to handle differences between databases. Please be sure to use only standards-compliant SQL.
[b]Rule One[/b]
Worth Repeating: Don't use non-standard SQL. This goes for addons as well. If you do use non-standard SQL, and the dba funcs are insufficient, do a if()/switch() or similar for all currently supported databases. Currently nothing red# does requires non-standard SQL.
[b]Using a format string[/b]
[li]Uses sprintf()
To be written
[code]// Example
$r = q("SELECT * FROM profile WHERE uid = %d",
local_user()
);
[/code][/li]
[b]Checking bit flags in a where clause[/b]
[li]You must explicitly convert integers to booleans. The easiest way to do this is to compare to 0.
[code]// Example
$r = q("SELECT abook_id, abook_flags, abook_my_perms, abook_their_perms, xchan_hash, xchan_photo_m, xchan_name, xchan_url from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d)>0 ",
intval($uid),
intval(ABOOK_FLAG_SELF)
);
[/code]
[/li]
[li]Turning off a flag
[code]$y = q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_ORPHAN),
dbesc($rr['hubloc_hash'])
);[/code]
[/li]
[li]Turning on a flag
[code]$y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN),
dbesc($rr['hubloc_hash'])
);[/code]
[/li]
[b]Using relative times (INTERVALs)[/b]
[li]Sometimes you want to compare something, like less than x days old.
[code]// Example
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_dob > %s + interval %s and abook_dob < %s + interval %s",
db_utcnow(), db_quoteinterval('7 day'),
db_utcnow(), db_quoteinterval('14 day')
);[/code]
[/li]
[b]Paged results[/b]
[li]To be written
[code]// Example
$r = q("SELECT * FROM mail WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d OFFSET %d",
intval(api_user()),
intval($count), intval($start)
);[/code][/li]
[b]NULL dates[/b]
[li]To be written
[code]Example[/code][/li]
[b]Storing binary data[/b]
[li]To be written
[code]// Example
$x = q("update photo set data = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and scale = 0",
dbescbin($ph->imageString()),
intval($height),
intval($width),
dbesc($resource_id),
intval($page_owner_uid)
);[/code][/li]
[b]Current timestamp[/b]
[li][code]// Example
$randfunc = db_getfunc('rand');
$r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > %s - interval %s order by $randfunc limit 1",
db_utcnow(), db_quoteinterval('30 day')
);[/code][/li]
[b]SQL Function and Operator Abstraction[/b]
[li]Sometimes the same function or operator has a different name/symbol in each database. You use db_getfunc('funcname') to look them up. The string is [i]not[/i] case-sensitive; do [i]not[/i] include parens.
[code]// Example
$randfunc = db_getfunc('rand');
$r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > %s - interval %s order by $randfunc limit 1",
db_utcnow(), db_quoteinterval('30 day')
);[/code][/li]
#include doc/macros/main_footer.bb;

56
include/Contact.php
View File

@ -22,7 +22,7 @@ function rconnect_url($channel_id,$xchan) {
if(($r) && ($r[0]['xchan_follow'])) if(($r) && ($r[0]['xchan_follow']))
return $r[0]['xchan_follow']; return $r[0]['xchan_follow'];
$r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d ) limit 1", $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d )>0 limit 1",
dbesc($xchan), dbesc($xchan),
intval(HUBLOC_FLAGS_PRIMARY) intval(HUBLOC_FLAGS_PRIMARY)
); );
@ -35,7 +35,7 @@ function rconnect_url($channel_id,$xchan) {
function abook_connections($channel_id, $sql_conditions = '') { function abook_connections($channel_id, $sql_conditions = '') {
$r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d
and not ( abook_flags & %d ) $sql_conditions", and not ( abook_flags & %d )>0 $sql_conditions",
intval($channel_id), intval($channel_id),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
); );
@ -44,7 +44,7 @@ function abook_connections($channel_id, $sql_conditions = '') {
function abook_self($channel_id) { function abook_self($channel_id) {
$r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d
and ( abook_flags & %d ) limit 1", and ( abook_flags & %d )>0 limit 1",
intval($channel_id), intval($channel_id),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
); );
@ -52,7 +52,7 @@ function abook_self($channel_id) {
} }
function channelx_by_nick($nick) { function channelx_by_nick($nick) {
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and not ( channel_pageflags & %d ) LIMIT 1", $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and not ( channel_pageflags & %d )>0 LIMIT 1",
dbesc($nick), dbesc($nick),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -60,7 +60,7 @@ function channelx_by_nick($nick) {
} }
function channelx_by_hash($hash) { function channelx_by_hash($hash) {
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and not ( channel_pageflags & %d ) LIMIT 1", $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and not ( channel_pageflags & %d )>0 LIMIT 1",
dbesc($hash), dbesc($hash),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -68,7 +68,7 @@ function channelx_by_hash($hash) {
} }
function channelx_by_n($id) { function channelx_by_n($id) {
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and not ( channel_pageflags & %d ) LIMIT 1", $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and not ( channel_pageflags & %d )>0 LIMIT 1",
dbesc($id), dbesc($id),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -128,7 +128,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
function abook_toggle_flag($abook,$flag) { function abook_toggle_flag($abook,$flag) {
$r = q("UPDATE abook set abook_flags = (abook_flags ^ %d) where abook_id = %d and abook_channel = %d limit 1", $r = q("UPDATE abook set abook_flags = (abook_flags & ~%d) where abook_id = %d and abook_channel = %d",
intval($flag), intval($flag),
intval($abook['abook_id']), intval($abook['abook_id']),
intval($abook['abook_channel']) intval($abook['abook_channel'])
@ -138,7 +138,7 @@ function abook_toggle_flag($abook,$flag) {
if(($flag === ABOOK_FLAG_ARCHIVED) && ($abook['abook_flags'] & ABOOK_FLAG_ARCHIVED)) { if(($flag === ABOOK_FLAG_ARCHIVED) && ($abook['abook_flags'] & ABOOK_FLAG_ARCHIVED)) {
$r = q("update abook set abook_connected = '%s', abook_updated = '%s' $r = q("update abook set abook_connected = '%s', abook_updated = '%s'
where abook_id = %d and abook_channel = %d limit 1", where abook_id = %d and abook_channel = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($abook['abook_id']), intval($abook['abook_id']),
@ -173,7 +173,7 @@ function account_remove($account_id,$local = true,$unset_session=true) {
// Don't let anybody nuke the only admin account. // Don't let anybody nuke the only admin account.
$r = q("select account_id from account where (account_roles & %d)", $r = q("select account_id from account where (account_roles & %d)>0",
intval(ACCOUNT_ROLE_ADMIN) intval(ACCOUNT_ROLE_ADMIN)
); );
@ -201,7 +201,7 @@ function account_remove($account_id,$local = true,$unset_session=true) {
} }
} }
$r = q("delete from account where account_id = %d limit 1", $r = q("delete from account where account_id = %d",
intval($account_id) intval($account_id)
); );
@ -239,7 +239,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
channel_r_photos = 0, channel_r_abook = 0, channel_w_stream = 0, channel_w_wall = 0, channel_w_tagwall = 0, channel_r_photos = 0, channel_r_abook = 0, channel_w_stream = 0, channel_w_wall = 0, channel_w_tagwall = 0,
channel_w_comment = 0, channel_w_mail = 0, channel_w_photos = 0, channel_w_chat = 0, channel_a_delegate = 0, channel_w_comment = 0, channel_w_mail = 0, channel_w_photos = 0, channel_w_chat = 0, channel_a_delegate = 0,
channel_r_storage = 0, channel_w_storage = 0, channel_r_pages = 0, channel_w_pages = 0, channel_a_republish = 0 channel_r_storage = 0, channel_w_storage = 0, channel_r_pages = 0, channel_w_pages = 0, channel_a_republish = 0
where channel_id = %d limit 1", where channel_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval(PAGE_REMOVED), intval(PAGE_REMOVED),
intval($channel_id) intval($channel_id)
@ -275,12 +275,12 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
q("DELETE FROM `spam` WHERE `uid` = %d", intval($channel_id)); q("DELETE FROM `spam` WHERE `uid` = %d", intval($channel_id));
q("delete from abook where abook_xchan = '%s' and (abook_flags & %d) limit 1", q("delete from abook where abook_xchan = '%s' and (abook_flags & %d)>0",
dbesc($channel['channel_hash']), dbesc($channel['channel_hash']),
dbesc(ABOOK_FLAG_SELF) dbesc(ABOOK_FLAG_SELF)
); );
$r = q("update channel set channel_deleted = '%s', channel_pageflags = (channel_pageflags | %d) where channel_id = %d limit 1", $r = q("update channel set channel_deleted = '%s', channel_pageflags = (channel_pageflags | %d) where channel_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval(PAGE_REMOVED), intval(PAGE_REMOVED),
intval($channel_id) intval($channel_id)
@ -296,7 +296,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
$hublocs = 0; $hublocs = 0;
$r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)", $r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)>0",
dbesc($channel['channel_hash']), dbesc($channel['channel_hash']),
intval(HUBLOC_FLAGS_DELETED) intval(HUBLOC_FLAGS_DELETED)
); );
@ -335,10 +335,11 @@ function mark_orphan_hubsxchans() {
if($dirmode == DIRECTORY_MODE_NORMAL) if($dirmode == DIRECTORY_MODE_NORMAL)
return; return;
$r = q("update hubloc set hubloc_status = (hubloc_status | %d) where not (hubloc_status & %d) $r = q("update hubloc set hubloc_status = (hubloc_status | %d) where not (hubloc_status & %d)>0
and hubloc_network = 'zot' and hubloc_connected < utc_timestamp() - interval 36 day", and hubloc_network = 'zot' and hubloc_connected < %s - interval %s",
intval(HUBLOC_OFFLINE), intval(HUBLOC_OFFLINE),
intval(HUBLOC_OFFLINE) intval(HUBLOC_OFFLINE),
db_utcnow(), db_quoteinterval('36 day')
); );
// $realm = get_directory_realm(); // $realm = get_directory_realm();
@ -354,7 +355,7 @@ function mark_orphan_hubsxchans() {
// } // }
$r = q("select hubloc_id, hubloc_hash from hubloc where (hubloc_status & %d) and not (hubloc_flags & %d)", $r = q("select hubloc_id, hubloc_hash from hubloc where (hubloc_status & %d)>0 and not (hubloc_flags & %d)>0",
intval(HUBLOC_OFFLINE), intval(HUBLOC_OFFLINE),
intval(HUBLOC_FLAGS_ORPHANCHECK) intval(HUBLOC_FLAGS_ORPHANCHECK)
); );
@ -364,7 +365,7 @@ function mark_orphan_hubsxchans() {
// see if any other hublocs are still alive for this channel // see if any other hublocs are still alive for this channel
$x = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_status & %d)", $x = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_status & %d)>0",
dbesc($rr['hubloc_hash']), dbesc($rr['hubloc_hash']),
intval(HUBLOC_OFFLINE) intval(HUBLOC_OFFLINE)
); );
@ -372,7 +373,7 @@ function mark_orphan_hubsxchans() {
// yes - if the xchan was marked as an orphan, undo it // yes - if the xchan was marked as an orphan, undo it
$y = q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1", $y = q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN),
dbesc($rr['hubloc_hash']) dbesc($rr['hubloc_hash'])
@ -383,7 +384,7 @@ function mark_orphan_hubsxchans() {
// nope - mark the xchan as an orphan // nope - mark the xchan as an orphan
$y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s' limit 1", $y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN),
dbesc($rr['hubloc_hash']) dbesc($rr['hubloc_hash'])
); );
@ -391,7 +392,7 @@ function mark_orphan_hubsxchans() {
// mark that we've checked this entry so we don't need to do it again // mark that we've checked this entry so we don't need to do it again
$y = q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d limit 1", $y = q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d",
intval(HUBLOC_FLAGS_ORPHANCHECK), intval(HUBLOC_FLAGS_ORPHANCHECK),
dbesc($rr['hubloc_id']) dbesc($rr['hubloc_id'])
); );
@ -449,7 +450,7 @@ function remove_all_xchan_resources($xchan, $channel_id = 0) {
if($dirmode === false || $dirmode == DIRECTORY_MODE_NORMAL) { if($dirmode === false || $dirmode == DIRECTORY_MODE_NORMAL) {
$r = q("delete from xchan where xchan_hash = '%s' limit 1", $r = q("delete from xchan where xchan_hash = '%s'",
dbesc($xchan) dbesc($xchan)
); );
$r = q("delete from hubloc where hubloc_hash = '%s'", $r = q("delete from hubloc where hubloc_hash = '%s'",
@ -482,7 +483,7 @@ function contact_remove($channel_id, $abook_id) {
$archive = get_pconfig($channel_id, 'system','archive_removed_contacts'); $archive = get_pconfig($channel_id, 'system','archive_removed_contacts');
if($archive) { if($archive) {
q("update abook set abook_flags = ( abook_flags | %d ) where abook_id = %d and abook_channel = %d limit 1", q("update abook set abook_flags = ( abook_flags | %d ) where abook_id = %d and abook_channel = %d",
intval(ABOOK_FLAG_ARCHIVED), intval(ABOOK_FLAG_ARCHIVED),
intval($abook_id), intval($abook_id),
intval($channel_id) intval($channel_id)
@ -514,7 +515,7 @@ function contact_remove($channel_id, $abook_id) {
} }
} }
q("delete from abook where abook_id = %d and abook_channel = %d limit 1", q("delete from abook where abook_id = %d and abook_channel = %d",
intval($abook['abook_id']), intval($abook['abook_id']),
intval($channel_id) intval($channel_id)
); );
@ -541,7 +542,10 @@ function contact_remove($channel_id, $abook_id) {
function random_profile() { function random_profile() {
$r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > UTC_TIMESTAMP() - interval 30 day order by rand() limit 1"); $randfunc = db_getfunc('rand');
$r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > %s - interval %s order by $randfunc limit 1",
db_utcnow(), db_quoteinterval('30 day')
);
if($r) if($r)
return $r[0]['xchan_url']; return $r[0]['xchan_url'];
return ''; return '';

16
include/RedDAV/RedDirectory.php
View File

@ -159,7 +159,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
list($parent_path, ) = DAV\URLUtil::splitPath($this->red_path); list($parent_path, ) = DAV\URLUtil::splitPath($this->red_path);
$new_path = $parent_path . '/' . $name; $new_path = $parent_path . '/' . $name;
$r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($name), dbesc($name),
dbesc($this->folder_hash), dbesc($this->folder_hash),
intval($this->auth->owner_id) intval($this->auth->owner_id)
@ -197,7 +197,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
$mimetype = z_mime_content_type($name); $mimetype = z_mime_content_type($name);
$c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1",
intval($this->auth->owner_id), intval($this->auth->owner_id),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -246,7 +246,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
$edited = datetime_convert(); $edited = datetime_convert();
// updates entry with filesize and timestamp // updates entry with filesize and timestamp
$d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($size), dbesc($size),
dbesc($edited), dbesc($edited),
dbesc($hash), dbesc($hash),
@ -254,7 +254,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
); );
// update the folder's lastmodified timestamp // update the folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($edited), dbesc($edited),
dbesc($this->folder_hash), dbesc($this->folder_hash),
intval($c[0]['channel_id']) intval($c[0]['channel_id'])
@ -293,7 +293,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
throw new DAV\Exception\Forbidden('Permission denied.'); throw new DAV\Exception\Forbidden('Permission denied.');
} }
$r = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", $r = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1",
intval($this->auth->owner_id), intval($this->auth->owner_id),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -362,7 +362,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
$channel_name = $path_arr[0]; $channel_name = $path_arr[0];
$r = q("SELECT channel_id FROM channel WHERE channel_address = '%s' AND NOT ( channel_pageflags & %d ) LIMIT 1", $r = q("SELECT channel_id FROM channel WHERE channel_address = '%s' AND NOT ( channel_pageflags & %d )>0 LIMIT 1",
dbesc($channel_name), dbesc($channel_name),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -380,7 +380,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
$os_path = ''; $os_path = '';
for ($x = 1; $x < count($path_arr); $x++) { for ($x = 1; $x < count($path_arr); $x++) {
$r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)", $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0",
dbesc($folder), dbesc($folder),
dbesc($path_arr[$x]), dbesc($path_arr[$x]),
intval($channel_id), intval($channel_id),
@ -440,7 +440,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
$free = disk_free_space('store'); $free = disk_free_space('store');
if ($this->auth->owner_id) { if ($this->auth->owner_id) {
$c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", $c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d)>0 limit 1",
intval($this->auth->owner_id), intval($this->auth->owner_id),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );

10
include/RedDAV/RedFile.php
View File

@ -79,7 +79,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
$newName = str_replace('/', '%2F', $newName); $newName = str_replace('/', '%2F', $newName);
$r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND id = %d LIMIT 1", $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND id = %d",
dbesc($this->data['filename']), dbesc($this->data['filename']),
intval($this->data['id']) intval($this->data['id'])
); );
@ -96,7 +96,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
$size = 0; $size = 0;
// @todo only 3 values are needed // @todo only 3 values are needed
$c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1",
intval($this->auth->owner_id), intval($this->auth->owner_id),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -113,7 +113,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
$size = @filesize($f); $size = @filesize($f);
logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG); logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG);
} else { } else {
$r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d",
dbesc(stream_get_contents($data)), dbesc(stream_get_contents($data)),
dbesc($this->data['hash']), dbesc($this->data['hash']),
intval($this->data['uid']) intval($this->data['uid'])
@ -131,7 +131,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
// returns now() // returns now()
$edited = datetime_convert(); $edited = datetime_convert();
$d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($size), dbesc($size),
dbesc($edited), dbesc($edited),
dbesc($this->data['hash']), dbesc($this->data['hash']),
@ -139,7 +139,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
); );
// update the folder's lastmodified timestamp // update the folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($edited), dbesc($edited),
dbesc($r[0]['folder']), dbesc($r[0]['folder']),
intval($c[0]['channel_id']) intval($c[0]['channel_id'])

31
include/account.php
View File

@ -202,7 +202,7 @@ function create_account($arr) {
// Set the parent record to the current record_id if no parent was provided // Set the parent record to the current record_id if no parent was provided
if(! $parent) { if(! $parent) {
$r = q("update account set account_parent = %d where account_id = %d limit 1", $r = q("update account set account_parent = %d where account_id = %d",
intval($result['account']['account_id']), intval($result['account']['account_id']),
intval($result['account']['account_id']) intval($result['account']['account_id'])
); );
@ -367,16 +367,16 @@ function user_allow($hash) {
if(! $account) if(! $account)
return $ret; return $ret;
$r = q("DELETE FROM register WHERE hash = '%s' LIMIT 1", $r = q("DELETE FROM register WHERE hash = '%s'",
dbesc($register[0]['hash']) dbesc($register[0]['hash'])
); );
$r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED),
intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED),
intval($register[0]['uid']) intval($register[0]['uid'])
); );
$r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING),
intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING),
intval($register[0]['uid']) intval($register[0]['uid'])
@ -430,11 +430,11 @@ function user_deny($hash) {
if(! $account) if(! $account)
return false; return false;
$r = q("DELETE FROM account WHERE account_id = %d LIMIT 1", $r = q("DELETE FROM account WHERE account_id = %d",
intval($register[0]['uid']) intval($register[0]['uid'])
); );
$r = q("DELETE FROM `register` WHERE id = %d LIMIT 1", $r = q("DELETE FROM `register` WHERE id = %d",
dbesc($register[0]['id']) dbesc($register[0]['id'])
); );
notice( sprintf(t('Registration revoked for %s'), $account[0]['account_email']) . EOL); notice( sprintf(t('Registration revoked for %s'), $account[0]['account_email']) . EOL);
@ -463,21 +463,21 @@ function user_approve($hash) {
if(! $account) if(! $account)
return $ret; return $ret;
$r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify' LIMIT 1", $r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify'",
dbesc($register[0]['hash']) dbesc($register[0]['hash'])
); );
$r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED),
intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED),
intval($register[0]['uid']) intval($register[0]['uid'])
); );
$r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING),
intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING),
intval($register[0]['uid']) intval($register[0]['uid'])
); );
$r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_UNVERIFIED),
intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_UNVERIFIED),
intval($register[0]['uid']) intval($register[0]['uid'])
@ -510,11 +510,12 @@ function user_approve($hash) {
function downgrade_accounts() { function downgrade_accounts() {
$r = q("select * from account where not ( account_flags & %d ) $r = q("select * from account where not ( account_flags & %d )>0
and account_expires != '%s' and account_expires != '%s'
and account_expires < UTC_TIMESTAMP() ", and account_expires < %s ",
intval(ACCOUNT_EXPIRED), intval(ACCOUNT_EXPIRED),
dbesc(NULL_DATE) dbesc(NULL_DATE),
db_getfunc('UTC_TIMESTAMP')
); );
if(! $r) if(! $r)
@ -527,7 +528,7 @@ function downgrade_accounts() {
if(($basic) && ($rr['account_service_class']) && ($rr['account_service_class'] != $basic)) { if(($basic) && ($rr['account_service_class']) && ($rr['account_service_class'] != $basic)) {
$x = q("UPDATE account set account_service_class = '%s', account_expires = '%s' $x = q("UPDATE account set account_service_class = '%s', account_expires = '%s'
where account_id = %d limit 1", where account_id = %d",
dbesc($basic), dbesc($basic),
dbesc(NULL_DATE), dbesc(NULL_DATE),
intval($rr['account_id']) intval($rr['account_id'])
@ -537,7 +538,7 @@ function downgrade_accounts() {
logger('downgrade_accounts: Account id ' . $rr['account_id'] . ' downgraded.'); logger('downgrade_accounts: Account id ' . $rr['account_id'] . ' downgraded.');
} }
else { else {
$x = q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d limit 1", $x = q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d",
intval(ACCOUNT_EXPIRED), intval(ACCOUNT_EXPIRED),
intval($rr['account_id']) intval($rr['account_id'])
); );

2
include/acl_selectors.php
View File

@ -171,7 +171,7 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p
$o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" $tabindex >\r\n"; $o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" $tabindex >\r\n";
$r = q("SELECT abook_id, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash $r = q("SELECT abook_id, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash
where abook_flags = 0 or not ( abook_flags & %d ) and abook_channel = %d where abook_flags = 0 or not ( abook_flags & %d )>0 and abook_channel = %d
$sql_extra $sql_extra
ORDER BY xchan_name ASC ", ORDER BY xchan_name ASC ",
intval(ABOOK_FLAG_SELF), intval(ABOOK_FLAG_SELF),

28
include/api.php
View File

@ -309,7 +309,7 @@ require_once('include/items.php');
return False; return False;
} else { } else {
$user = local_user(); $user = local_user();
$extra_query = " AND abook_channel = %d AND (abook_flags & " . ABOOK_FLAG_SELF . " ) "; $extra_query = " AND abook_channel = %d AND (abook_flags & " . ABOOK_FLAG_SELF . " )>0 ";
} }
} }
@ -336,7 +336,7 @@ require_once('include/items.php');
// count public wall messages // count public wall messages
$r = q("SELECT COUNT(`id`) as `count` FROM `item` $r = q("SELECT COUNT(`id`) as `count` FROM `item`
WHERE `uid` = %d WHERE `uid` = %d
AND ( item_flags & %d ) and item_restrict = 0 AND ( item_flags & %d )>0 and item_restrict = 0
AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''", AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
intval($usr[0]['channel_id']), intval($usr[0]['channel_id']),
intval(ITEM_WALL) intval(ITEM_WALL)
@ -363,7 +363,7 @@ require_once('include/items.php');
$countfollowers = $r[0]['count']; $countfollowers = $r[0]['count'];
} }
$r = q("SELECT count(`id`) as `count` FROM item where ( item_flags & %d ) and uid = %d and item_restrict = 0", $r = q("SELECT count(`id`) as `count` FROM item where ( item_flags & %d )>0 and uid = %d and item_restrict = 0",
intval($uinfo[0]['channel_id']), intval($uinfo[0]['channel_id']),
intval(ITEM_STARRED) intval(ITEM_STARRED)
); );
@ -1004,8 +1004,8 @@ require_once('include/items.php');
// at the network timeline just mark everything seen. // at the network timeline just mark everything seen.
if (api_user() == $user_info['uid']) { if (api_user() == $user_info['uid']) {
$r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d ) $r = q("UPDATE `item` SET item_flags = ( item_flags & ~%d )
WHERE item_flags & %d and uid = %d", WHERE (item_flags & %d)>0 and uid = %d",
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval($user_info['uid']) intval($user_info['uid'])
@ -1062,10 +1062,10 @@ require_once('include/items.php');
and uid in ( " . stream_perms_api_uids() . " ) and uid in ( " . stream_perms_api_uids() . " )
$sql_extra $sql_extra
AND id > %d group by mid AND id > %d group by mid
order by received desc LIMIT %d, %d ", order by received desc LIMIT %d OFFSET %d ",
intval($since_id), intval($since_id),
intval($start), intval($count),
intval($count) intval($start)
); );
xchan_query($r,true); xchan_query($r,true);
@ -1706,9 +1706,9 @@ require_once('include/items.php');
// For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams. // For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams.
// This won't work if either of you send your stream to everybody on the network // This won't work if either of you send your stream to everybody on the network
if($qtype == 'friends') if($qtype == 'friends')
$sql_extra = sprintf(" AND ( abook_their_perms & %d ) and ( abook_my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); $sql_extra = sprintf(" AND ( abook_their_perms & %d )>0 and ( abook_my_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
if($qtype == 'followers') if($qtype == 'followers')
$sql_extra = sprintf(" AND ( abook_my_perms & %d ) and not ( abook_their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); $sql_extra = sprintf(" AND ( abook_my_perms & %d )>0 and not ( abook_their_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
$r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", $r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
intval(api_user()) intval(api_user())
@ -1822,9 +1822,9 @@ require_once('include/items.php');
// This won't work if either of you send your stream to everybody on the network // This won't work if either of you send your stream to everybody on the network
if($qtype == 'friends') if($qtype == 'friends')
$sql_extra = sprintf(" AND ( abook_their_perms & %d ) and ( abook_my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); $sql_extra = sprintf(" AND ( abook_their_perms & %d )>0 and ( abook_my_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
if($qtype == 'followers') if($qtype == 'followers')
$sql_extra = sprintf(" AND ( abook_my_perms & %d ) and not ( abook_their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); $sql_extra = sprintf(" AND ( abook_my_perms & %d )>0 and not ( abook_their_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
$r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", $r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
intval(api_user()) intval(api_user())
@ -1940,9 +1940,9 @@ require_once('include/items.php');
$sql_extra = "`from-url`!='".dbesc( $profile_url )."'"; $sql_extra = "`from-url`!='".dbesc( $profile_url )."'";
} }
$r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d", $r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d OFFSET %d",
intval(api_user()), intval(api_user()),
intval($start), intval($count) intval($count), intval($start)
); );
$ret = Array(); $ret = Array();

4
include/apps.php
View File

@ -267,7 +267,7 @@ function app_install($uid,$app) {
function app_destroy($uid,$app) { function app_destroy($uid,$app) {
if($uid && $app['guid']) { if($uid && $app['guid']) {
$r = q("delete from app where app_id = '%s' and app_channel = %d limit 1", $r = q("delete from app where app_id = '%s' and app_channel = %d",
dbesc($app['guid']), dbesc($app['guid']),
intval($uid) intval($uid)
); );
@ -388,7 +388,7 @@ function app_update($arr) {
$darray['app_page'] = ((x($arr,'page')) ? escape_tags($arr['page']) : ''); $darray['app_page'] = ((x($arr,'page')) ? escape_tags($arr['page']) : '');
$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : ''); $darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
$r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s' where app_id = '%s' and app_channel = %d limit 1", $r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s' where app_id = '%s' and app_channel = %d",
dbesc($darray['app_sig']), dbesc($darray['app_sig']),
dbesc($darray['app_author']), dbesc($darray['app_author']),
dbesc($darray['app_name']), dbesc($darray['app_name']),

20
include/attach.php
View File

@ -400,7 +400,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
$created = datetime_convert(); $created = datetime_convert();
if($options === 'replace') { if($options === 'replace') {
$r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d limit 1", $r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d",
dbesc($filename), dbesc($filename),
dbesc($mimetype), dbesc($mimetype),
intval($filesize), intval($filesize),
@ -432,7 +432,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
} }
elseif($options === 'update') { elseif($options === 'update') {
$r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s',
allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d limit 1", allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d",
dbesc((array_key_exists('filename',$arr)) ? $arr['filename'] : $x[0]['filename']), dbesc((array_key_exists('filename',$arr)) ? $arr['filename'] : $x[0]['filename']),
dbesc((array_key_exists('filetype',$arr)) ? $arr['filetype'] : $x[0]['filetype']), dbesc((array_key_exists('filetype',$arr)) ? $arr['filetype'] : $x[0]['filetype']),
dbesc($created), dbesc($created),
@ -517,7 +517,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') {
if(count($paths) > 1) { if(count($paths) > 1) {
$curpath = array_shift($paths); $curpath = array_shift($paths);
$r = q("select hash, id from attach where uid = %d and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id) . " limit 1", $r = q("select hash, id from attach where uid = %d and filename = '%s' and (flags & %d )>0 " . permissions_sql($channel_id) . " limit 1",
intval($channel_id), intval($channel_id),
dbesc($curpath), dbesc($curpath),
intval(ATTACH_FLAG_DIR) intval(ATTACH_FLAG_DIR)
@ -533,7 +533,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') {
else else
$paths = array($pathname); $paths = array($pathname);
$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id), $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d )>0 " . permissions_sql($channel_id),
intval($channel_id), intval($channel_id),
dbesc($parent_hash), dbesc($parent_hash),
dbesc($paths[0]), dbesc($paths[0]),
@ -617,7 +617,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
$sql_options = permissions_sql($channel['channel_id']); $sql_options = permissions_sql($channel['channel_id']);
do { do {
$r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d ) $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0
$sql_options limit 1", $sql_options limit 1",
intval($channel['channel_id']), intval($channel['channel_id']),
dbesc($lfile), dbesc($lfile),
@ -669,7 +669,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
$ret['data'] = $arr; $ret['data'] = $arr;
// update the parent folder's lastmodified timestamp // update the parent folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($created), dbesc($created),
dbesc($arr['folder']), dbesc($arr['folder']),
intval($channel_id) intval($channel_id)
@ -722,7 +722,7 @@ function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gi
} }
} }
$x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d limit 1", $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d",
dbesc($allow_cid), dbesc($allow_cid),
dbesc($allow_gid), dbesc($allow_gid),
dbesc($deny_cid), dbesc($deny_cid),
@ -790,13 +790,13 @@ function attach_delete($channel_id, $resource) {
} }
// delete from database // delete from database
$z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", $z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d",
dbesc($resource), dbesc($resource),
intval($channel_id) intval($channel_id)
); );
// update the parent folder's lastmodified timestamp // update the parent folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($r[0]['folder']), dbesc($r[0]['folder']),
intval($channel_id) intval($channel_id)
@ -831,7 +831,7 @@ function get_cloudpath($arr) {
$lfile = $arr['folder']; $lfile = $arr['folder'];
do { do {
$r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d ) $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0
limit 1", limit 1",
intval($arr['uid']), intval($arr['uid']),
dbesc($lfile), dbesc($lfile),

2
include/auth.php
View File

@ -123,7 +123,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
// if our authenticated guest is allowed to take control of the admin channel, make it so. // if our authenticated guest is allowed to take control of the admin channel, make it so.
$admins = get_config('system', 'remote_admin'); $admins = get_config('system', 'remote_admin');
if($admins && is_array($admins) && in_array($_SESSION['visitor_id'], $admins)) { if($admins && is_array($admins) && in_array($_SESSION['visitor_id'], $admins)) {
$x = q("select * from account where account_email = '%s' and account_email != '' and ( account_flags & %d ) limit 1", $x = q("select * from account where account_email = '%s' and account_email != '' and ( account_flags & %d )>0 limit 1",
dbesc(get_config('system', 'admin_email')), dbesc(get_config('system', 'admin_email')),
intval(ACCOUNT_ROLE_ADMIN) intval(ACCOUNT_ROLE_ADMIN)
); );

2
include/cache.php
View File

@ -21,7 +21,7 @@
dbesc($key) dbesc($key)
); );
if($r) { if($r) {
q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s' limit 1", q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s'",
dbesc($value), dbesc($value),
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($key)); dbesc($key));

13
include/chat.php
View File

@ -77,7 +77,7 @@ function chatroom_destroy($channel,$arr) {
return $ret; return $ret;
} }
q("delete from chatroom where cr_id = %d limit 1", q("delete from chatroom where cr_id = %d",
intval($r[0]['cr_id']) intval($r[0]['cr_id'])
); );
if($r[0]['cr_id']) { if($r[0]['cr_id']) {
@ -129,8 +129,11 @@ function chatroom_enter($observer_xchan,$room_id,$status,$client) {
} }
if(intval($x[0]['cr_expire'])) { if(intval($x[0]['cr_expire'])) {
$sql = "delete from chat where created < UTC_TIMESTAMP() - INTERVAL " . intval($x[0]['cr_expire']) . " MINUTE and chat_room = " . intval($x[0]['cr_id']); $r = q("delete from chat where created < %s - INTERVAL %s and chat_room = %d",
$r = q($sql); db_utcnow(),
db_quoteinterval( intval($x[0]['cr_expire']) . ' MINUTE' ),
intval($x[0]['cr_id'])
);
} }
$r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1",
@ -138,7 +141,7 @@ function chatroom_enter($observer_xchan,$room_id,$status,$client) {
intval($room_id) intval($room_id)
); );
if($r) { if($r) {
q("update chatpresence set cp_last = '%s' where cp_id = %d and cp_client = '%s' limit 1", q("update chatpresence set cp_last = '%s' where cp_id = %d and cp_client = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($r[0]['cp_id']), intval($r[0]['cp_id']),
dbesc($client) dbesc($client)
@ -169,7 +172,7 @@ function chatroom_leave($observer_xchan,$room_id,$client) {
dbesc($client) dbesc($client)
); );
if($r) { if($r) {
q("delete from chatpresence where cp_id = %d limit 1", q("delete from chatpresence where cp_id = %d",
intval($r[0]['cp_id']) intval($r[0]['cp_id'])
); );
} }

4
include/cli_startup.php
View File

@ -19,8 +19,8 @@ function cli_startup() {
date_default_timezone_set($a->timezone); date_default_timezone_set($a->timezone);
require_once('include/dba/dba_driver.php'); require_once('include/dba/dba_driver.php');
$db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data); $db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
unset($db_host, $db_port, $db_user, $db_pass, $db_data); unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
}; };
require_once('include/session.php'); require_once('include/session.php');

12
include/config.php
View File

@ -154,7 +154,7 @@ function set_config($family, $key, $value) {
return $ret; return $ret;
} }
$ret = q("UPDATE config SET v = '%s' WHERE cat = '%s' AND k = '%s' LIMIT 1", $ret = q("UPDATE config SET v = '%s' WHERE cat = '%s' AND k = '%s'",
dbesc($dbvalue), dbesc($dbvalue),
dbesc($family), dbesc($family),
dbesc($key) dbesc($key)
@ -185,7 +185,7 @@ function del_config($family, $key) {
if(array_key_exists($family, $a->config) && array_key_exists($key, $a->config[$family])) if(array_key_exists($family, $a->config) && array_key_exists($key, $a->config[$family]))
unset($a->config[$family][$key]); unset($a->config[$family][$key]);
$ret = q("DELETE FROM config WHERE cat = '%s' AND k = '%s' LIMIT 1", $ret = q("DELETE FROM config WHERE cat = '%s' AND k = '%s'",
dbesc($family), dbesc($family),
dbesc($key) dbesc($key)
); );
@ -318,7 +318,7 @@ function set_pconfig($uid, $family, $key, $value) {
return $ret; return $ret;
} }
$ret = q("UPDATE pconfig SET v = '%s' WHERE uid = %d and cat = '%s' AND k = '%s' LIMIT 1", $ret = q("UPDATE pconfig SET v = '%s' WHERE uid = %d and cat = '%s' AND k = '%s'",
dbesc($dbvalue), dbesc($dbvalue),
intval($uid), intval($uid),
dbesc($family), dbesc($family),
@ -362,7 +362,7 @@ function del_pconfig($uid, $family, $key) {
if(x($a->config[$uid][$family], $key)) if(x($a->config[$uid][$family], $key))
unset($a->config[$uid][$family][$key]); unset($a->config[$uid][$family][$key]);
$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s' LIMIT 1", $ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'",
intval($uid), intval($uid),
dbesc($family), dbesc($family),
dbesc($key) dbesc($key)
@ -483,7 +483,7 @@ function set_xconfig($xchan, $family, $key, $value) {
return $ret; return $ret;
} }
$ret = q("UPDATE xconfig SET v = '%s' WHERE xchan = '%s' and cat = '%s' AND k = '%s' LIMIT 1", $ret = q("UPDATE xconfig SET v = '%s' WHERE xchan = '%s' and cat = '%s' AND k = '%s'",
dbesc($dbvalue), dbesc($dbvalue),
dbesc($xchan), dbesc($xchan),
dbesc($family), dbesc($family),
@ -517,7 +517,7 @@ function del_xconfig($xchan, $family, $key) {
if(x($a->config[$xchan][$family], $key)) if(x($a->config[$xchan][$family], $key))
unset($a->config[$xchan][$family][$key]); unset($a->config[$xchan][$family][$key]);
$ret = q("DELETE FROM `xconfig` WHERE `xchan` = '%s' AND `cat` = '%s' AND `k` = '%s' LIMIT 1", $ret = q("DELETE FROM `xconfig` WHERE `xchan` = '%s' AND `cat` = '%s' AND `k` = '%s'",
dbesc($xchan), dbesc($xchan),
dbesc($family), dbesc($family),
dbesc($key) dbesc($key)

7
include/datetime.php
View File

@ -453,7 +453,10 @@ function update_birthdays() {
require_once('include/permissions.php'); require_once('include/permissions.php');
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_dob > utc_timestamp() + interval 7 day and abook_dob < utc_timestamp() + interval 14 day"); WHERE abook_dob > %s + interval %s and abook_dob < %s + interval %s",
db_utcnow(), db_quoteinterval('7 day'),
db_utcnow(), db_quoteinterval('14 day')
);
if($r) { if($r) {
foreach($r as $rr) { foreach($r as $rr) {
@ -475,7 +478,7 @@ function update_birthdays() {
$z = event_store_event($ev); $z = event_store_event($ev);
if($z) { if($z) {
$item_id = event_store_item($ev,$z); $item_id = event_store_item($ev,$z);
q("update abook set abook_dob = '%s' where abook_id = %d limit 1", q("update abook set abook_dob = '%s' where abook_id = %d",
dbesc(intval($rr['abook_dob']) + 1 . substr($rr['abook_dob'],4)), dbesc(intval($rr['abook_dob']) + 1 . substr($rr['abook_dob'],4)),
intval($rr['abook_id']) intval($rr['abook_id'])
); );

135
include/dba/dba_driver.php
View File

@ -1,25 +1,35 @@
<?php /** @file */ <?php /** @file */
function dba_factory($server, $port,$user,$pass,$db,$install = false) { function dba_factory($server, $port,$user,$pass,$db,$dbtype,$install = false) {
$dba = null; $dba = null;
if(class_exists('mysqli')) { if($dbtype == 1) {
if (is_null($port)) $port = ini_get("mysqli.default_port"); require_once('include/dba/dba_postgres.php');
require_once('include/dba/dba_mysqli.php'); if(is_null($port)) $port = 5432;
$dba = new dba_mysqli($server, $port,$user,$pass,$db,$install); $dba = new dba_postgres($server, $port, $user, $pass, $db, $install);
} else {
if(class_exists('mysqli')) {
if (is_null($port)) $port = ini_get("mysqli.default_port");
require_once('include/dba/dba_mysqli.php');
$dba = new dba_mysqli($server, $port,$user,$pass,$db,$install);
} else {
if (is_null($port)) $port = "3306";
require_once('include/dba/dba_mysql.php');
$dba = new dba_mysql($server, $port,$user,$pass,$db,$install);
}
} }
else { define('NULL_DATE', $dba->get_null_date());
if (is_null($port)) $port = "3306"; define('ACTIVE_DBTYPE', $dbtype);
require_once('include/dba/dba_mysql.php');
$dba = new dba_mysql($server, $port,$user,$pass,$db,$install);
}
return $dba; return $dba;
} }
abstract class dba_driver { abstract class dba_driver {
// legacy behavior
const INSTALL_SCRIPT='install/schema_mysql.sql';
const NULL_DATE = '0000-00-00 00:00:00';
const UTC_NOW = 'UTC_TIMESTAMP()';
protected $debug = 0; protected $debug = 0;
protected $db; protected $db;
public $connected = false; public $connected = false;
@ -37,6 +47,17 @@ abstract class dba_driver {
$this->connect($server, $port, $user,$pass,$db); $this->connect($server, $port, $user,$pass,$db);
} }
function get_null_date() {
return static::NULL_DATE;
}
function get_install_script() {
return static::INSTALL_SCRIPT;
}
function utcnow() {
return static::UTC_NOW;
}
function install($server,$user,$pass,$db) { function install($server,$user,$pass,$db) {
if (!(strlen($server) && strlen($user))){ if (!(strlen($server) && strlen($user))){
@ -67,6 +88,26 @@ abstract class dba_driver {
} }
} }
function quote_interval($txt) {
return $txt;
}
function optimize_table($table) {
q('OPTIMIZE TABLE '.$table);
}
function concat($fld, $sep) {
return 'GROUP_CONCAT(DISTINCT '.$fld.' SEPARATOR \''.$sep.'\')';
}
function escapebin($str) {
return $this->escape($str);
}
function unescapebin($str) {
return $str;
}
} }
@ -95,8 +136,49 @@ function dbesc($str) {
else else
return(str_replace("'","\\'",$str)); return(str_replace("'","\\'",$str));
} }
function dbescbin($str) {
global $db;
return $db->escapebin($str);
}
function dbunescbin($str) {
global $db;
return $db->unescapebin($str);
}
function dbescdate($date) {
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES && $date == '0000-00-00 00:00:00') {
$date = NULL_DATE;
} else if(ACTIVE_DBTYPE != DBTYPE_POSTGRES && $date == '0001-01-01 00:00:00') {
$date = NULL_DATE;
}
return $date;
}
function db_quoteinterval($txt) {
global $db;
return $db->quote_interval($txt);
}
function dbesc_identifier($str) {
global $db;
return $db->escape_identifier($txt);
}
function db_utcnow() {
global $db;
return $db->utcnow();
}
function db_optimizetable($table) {
global $db;
$db->optimize_table($table);
}
function db_concat($fld, $sep) {
global $db;
return $db->concat($fld, $sep);
}
// Function: q($sql,$args); // Function: q($sql,$args);
// Description: execute SQL query with printf style args. // Description: execute SQL query with printf style args.
@ -158,8 +240,11 @@ function dbq($sql) {
function dbesc_array_cb(&$item, $key) { function dbesc_array_cb(&$item, $key) {
if(is_string($item)) if(is_string($item)) {
if($item == '0000-00-00 00:00:00' && ACTIVE_DBTYPE == DBTYPE_POSTGRES)
$item = '0001-01-01 00:00:00';
$item = dbesc($item); $item = dbesc($item);
}
} }
@ -169,3 +254,27 @@ function dbesc_array(&$arr) {
array_walk($arr,'dbesc_array_cb'); array_walk($arr,'dbesc_array_cb');
} }
} }
function db_getfunc($f) {
$lookup = array(
'rand'=>array(
DBTYPE_MYSQL=>'RAND()',
DBTYPE_POSTGRES=>'RANDOM()'
),
'utc_timestamp'=>array(
DBTYPE_MYSQL=>'UTC_TIMESTAMP()',
DBTYPE_POSTGRES=>"now() at time zone 'UTC'"
),
'regexp'=>array(
DBTYPE_MYSQL=>'REGEXP',
DBTYPE_POSTGRES=>'~'
)
);
$f = strtolower($f);
if(isset($lookup[$f]) && isset($lookup[$f][ACTIVE_DBTYPE]))
return $lookup[$f][ACTIVE_DBTYPE];
logger('Unable to abstract DB function "'. $f . '"', LOG_DEBUG);
return $f;
}

112
include/dba/dba_postgres.php Normal file
View File

@ -0,0 +1,112 @@
<?php
require_once('include/dba/dba_driver.php');
class dba_postgres extends dba_driver {
const INSTALL_SCRIPT='install/schema_postgres.sql';
const NULL_DATE = '0001-01-01 00:00:00';
const UTC_NOW = "now() at time zone 'UTC'";
function connect($server,$port,$user,$pass,$db) {
if(!$port) $port = 5432;
$connstr = 'host=' . $server . ' port='.$port . ' user=' . $user . ' password=' . $pass . ' dbname='. $db;
$this->db = pg_connect($connstr);
if($this->db !== false) {
$this->connected = true;
} else {
$this->connected = false;
}
$this->q("SET standard_conforming_strings = 'off'; SET backslash_quote = 'on';"); // emulate mysql string escaping to prevent massive code-clobber
return $this->connected;
}
function q($sql) {
if((! $this->db) || (! $this->connected))
return false;
if(!strpos($sql, ';'))
$sql .= ';';
if(strpos($sql, '`')) // this is a hack. quoted identifiers should be replaced everywhere in the code with dbesc_identifier(), remove this once it is
$sql = str_replace('`', '"', $sql);
$this->error = '';
$result = @pg_query($this->db, $sql);
if(file_exists('db-allqueries.out')) {
$bt = debug_backtrace();
$trace = array();
foreach($bt as $frame) {
if(!empty($frame['file']) && @strstr($frame['file'], $_SERVER['DOCUMENT_ROOT']))
$frame['file'] = substr($frame['file'], strlen($_SERVER['DOCUMENT_ROOT'])+1);
$trace[] = $frame['file'] . ':' . $frame['function'] . '():' . $frame['line'] ;
}
$compact = join(', ', $trace);
file_put_contents('db-allqueries.out', datetime_convert() . ": " . $sql . ' is_resource: '.var_export(is_resource($result), true).', backtrace: '.$compact."\n\n", FILE_APPEND);
}
if($result === false)
$this->error = pg_last_error($this->db);
if($result === false || $this->error) {
//logger('dba_postgres: ' . printable($sql) . ' returned false.' . "\n" . $this->error);
if(file_exists('dbfail.out'))
file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n" . $this->error . "\n", FILE_APPEND);
}
if(($result === true) || ($result === false))
return $result;
if(pg_result_status($result) == PGSQL_COMMAND_OK)
return true;
$r = array();
if(pg_num_rows($result)) {
while($x = pg_fetch_array($result, null, PGSQL_ASSOC))
$r[] = $x;
pg_free_result($result);
if($this->debug)
logger('dba_postgres: ' . printable(print_r($r,true)));
}
return $r;
}
function escape($str) {
if($this->db && $this->connected) {
$x = @pg_escape_string($this->db, $str);
return $x;
}
}
function escapebin($str) {
return pg_escape_bytea($str);
}
function unescapebin($str) {
return pg_unescape_bytea($str);
}
function close() {
if($this->db)
pg_close($this->db);
$this->connected = false;
}
function quote_interval($txt) {
return "'$txt'";
}
function escape_identifier($str) {
return pg_escape_identifier($this->db, $str);
}
function optimize_table($table) {
// perhaps do some equivalent thing here, vacuum, etc? I think this is the DBA's domain anyway. Applications should not need to muss with this.
// for now do nothing without a compelling reason. function overrides default legacy mysql.
}
function concat($fld, $sep) {
return 'string_agg(' . $fld . ',\'' . $sep . '\')';
}
}

8
include/deliver.php
View File

@ -24,13 +24,13 @@ function deliver_run($argv, $argc) {
$result = z_post_url($r[0]['outq_posturl'],$r[0]['outq_msg']); $result = z_post_url($r[0]['outq_posturl'],$r[0]['outq_msg']);
if($result['success'] && $result['return_code'] < 300) { if($result['success'] && $result['return_code'] < 300) {
logger('deliver: queue post success to ' . $r[0]['outq_posturl'], LOGGER_DEBUG); logger('deliver: queue post success to ' . $r[0]['outq_posturl'], LOGGER_DEBUG);
$y = q("delete from outq where outq_hash = '%s' limit 1", $y = q("delete from outq where outq_hash = '%s'",
dbesc($argv[$x]) dbesc($argv[$x])
); );
} }
else { else {
logger('deliver: queue post returned ' . $result['return_code'] . ' from ' . $r[0]['outq_posturl'],LOGGER_DEBUG); logger('deliver: queue post returned ' . $result['return_code'] . ' from ' . $r[0]['outq_posturl'],LOGGER_DEBUG);
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($argv[$x]) dbesc($argv[$x])
); );
@ -62,7 +62,7 @@ function deliver_run($argv, $argc) {
$msg = array('body' => json_encode(array('pickup' => array(array('notify' => $notify,'message' => $m))))); $msg = array('body' => json_encode(array('pickup' => array(array('notify' => $notify,'message' => $m)))));
zot_import($msg,z_root()); zot_import($msg,z_root());
} }
$r = q("delete from outq where outq_hash = '%s' limit 1", $r = q("delete from outq where outq_hash = '%s'",
dbesc($argv[$x]) dbesc($argv[$x])
); );
} }
@ -74,7 +74,7 @@ function deliver_run($argv, $argc) {
zot_process_response($r[0]['outq_posturl'],$result, $r[0]); zot_process_response($r[0]['outq_posturl'],$result, $r[0]);
} }
else { else {
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($argv[$x]) dbesc($argv[$x])
); );

4
include/diaspora.php
View File

@ -657,7 +657,7 @@ function diaspora_request($importer,$xml) {
$newperms = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK|PERMS_W_STREAM|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT|PERMS_R_STORAGE|PERMS_R_PAGES; $newperms = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK|PERMS_W_STREAM|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT|PERMS_R_STORAGE|PERMS_R_PAGES;
$r = q("update abook set abook_their_perms = %d where abook_id = %d and abook_channel = %d limit 1", $r = q("update abook set abook_their_perms = %d where abook_id = %d and abook_channel = %d",
intval($newperms), intval($newperms),
intval($contact['abook_id']), intval($contact['abook_id']),
intval($importer['channel_id']) intval($importer['channel_id'])
@ -675,7 +675,7 @@ function diaspora_request($importer,$xml) {
$default_perms = 0; $default_perms = 0;
// look for default permissions to apply in return - e.g. auto-friend // look for default permissions to apply in return - e.g. auto-friend
$z = q("select * from abook where abook_channel = %d and (abook_flags & %d) limit 1", $z = q("select * from abook where abook_channel = %d and (abook_flags & %d)>0 limit 1",
intval($importer['channel_id']), intval($importer['channel_id']),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
); );

16
include/dir_fns.php
View File

@ -38,7 +38,7 @@ function check_upstream_directory() {
*/ */
$directory = get_config('system','directory_server'); $directory = get_config('system','directory_server');
if ($directory) { if ($directory) {
$r = q("select * from site where site_url = '%s' and (site_flags & %d) ", $r = q("select * from site where site_url = '%s' and (site_flags & %d)>0 ",
dbesc($directory), dbesc($directory),
intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY|DIRECTORY_MODE_STANDALONE) intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY|DIRECTORY_MODE_STANDALONE)
); );
@ -86,14 +86,14 @@ function sync_directories($dirmode) {
$realm = get_directory_realm(); $realm = get_directory_realm();
if($realm == DIRECTORY_REALM) { if($realm == DIRECTORY_REALM) {
$r = q("select * from site where (site_flags & %d) and site_url != '%s' and ( site_realm = '%s' or site_realm = '') ", $r = q("select * from site where (site_flags & %d)>0 and site_url != '%s' and ( site_realm = '%s' or site_realm = '') ",
intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY), intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
dbesc(z_root()), dbesc(z_root()),
dbesc($realm) dbesc($realm)
); );
} }
else { else {
$r = q("select * from site where (site_flags & %d) and site_url != '%s' and site_realm like '%s' ", $r = q("select * from site where (site_flags & %d)>0 and site_url != '%s' and site_realm like '%s' ",
intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY), intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
dbesc(z_root()), dbesc(z_root()),
dbesc(protect_sprintf('%' . $realm . '%')) dbesc(protect_sprintf('%' . $realm . '%'))
@ -120,7 +120,7 @@ function sync_directories($dirmode) {
dbesc($r[0]['site_realm']) dbesc($r[0]['site_realm'])
); );
$r = q("select * from site where (site_flags & %d) and site_url != '%s'", $r = q("select * from site where (site_flags & %d)>0 and site_url != '%s'",
intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY), intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
dbesc(z_root()) dbesc(z_root())
); );
@ -146,7 +146,7 @@ function sync_directories($dirmode) {
if((! $j['transactions']) || (! is_array($j['transactions']))) if((! $j['transactions']) || (! is_array($j['transactions'])))
continue; continue;
q("update site set site_sync = '%s' where site_url = '%s' limit 1", q("update site set site_sync = '%s' where site_url = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($rr['site_url']) dbesc($rr['site_url'])
); );
@ -267,7 +267,7 @@ function local_dir_update($uid,$force) {
if($new_flags != $r[0]['xchan_flags']) { if($new_flags != $r[0]['xchan_flags']) {
$r = q("update xchan set xchan_flags = %d where xchan_hash = '%s' limit 1", $r = q("update xchan set xchan_flags = %d where xchan_hash = '%s'",
intval($new_flags), intval($new_flags),
dbesc($p[0]['channel_hash']) dbesc($p[0]['channel_hash'])
); );
@ -281,10 +281,10 @@ function local_dir_update($uid,$force) {
} }
else { else {
// they may have made it private // they may have made it private
$r = q("delete from xprof where xprof_hash = '%s' limit 1", $r = q("delete from xprof where xprof_hash = '%s'",
dbesc($hash) dbesc($hash)
); );
$r = q("delete from xtag where xtag_hash = '%s' limit 1", $r = q("delete from xtag where xtag_hash = '%s'",
dbesc($hash) dbesc($hash)
); );
} }

4
include/directory.php
View File

@ -42,7 +42,7 @@ function directory_run($argv, $argc){
local_dir_update($argv[1],$force); local_dir_update($argv[1],$force);
q("update channel set channel_dirdate = '%s' where channel_id = %d limit 1", q("update channel set channel_dirdate = '%s' where channel_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($channel['channel_id']) intval($channel['channel_id'])
); );
@ -85,7 +85,7 @@ function directory_run($argv, $argc){
); );
} }
else { else {
q("update channel set channel_dirdate = '%s' where channel_id = %d limit 1", q("update channel set channel_dirdate = '%s' where channel_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($channel['channel_id']) intval($channel['channel_id'])
); );

4
include/enotify.php
View File

@ -18,7 +18,7 @@ function notification($params) {
} }
if($params['to_xchan']) { if($params['to_xchan']) {
$y = q("select channel.*, account.* from channel left join account on channel_account_id = account_id $y = q("select channel.*, account.* from channel left join account on channel_account_id = account_id
where channel_hash = '%s' and not (channel_pageflags & %d) limit 1", where channel_hash = '%s' and not (channel_pageflags & %d)>0 limit 1",
dbesc($params['to_xchan']), dbesc($params['to_xchan']),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -394,7 +394,7 @@ function notification($params) {
if(($a->language === 'en' || (! $a->language)) && strpos($msg,', ')) if(($a->language === 'en' || (! $a->language)) && strpos($msg,', '))
$msg = substr($msg,strpos($msg,', ')+1); $msg = substr($msg,strpos($msg,', ')+1);
$r = q("update notify set msg = '%s' where id = %d and uid = %d limit 1", $r = q("update notify set msg = '%s' where id = %d and uid = %d",
dbesc($msg), dbesc($msg),
intval($notify_id), intval($notify_id),
intval($datarray['uid']) intval($datarray['uid'])

6
include/event.php
View File

@ -183,7 +183,7 @@ function event_store_event($arr) {
`allow_gid` = '%s', `allow_gid` = '%s',
`deny_cid` = '%s', `deny_cid` = '%s',
`deny_gid` = '%s' `deny_gid` = '%s'
WHERE `id` = %d AND `uid` = %d LIMIT 1", WHERE `id` = %d AND `uid` = %d",
dbesc($arr['edited']), dbesc($arr['edited']),
dbesc($arr['start']), dbesc($arr['start']),
@ -284,7 +284,7 @@ function event_addtocal($item_id, $uid) {
$event = event_store_event($ev); $event = event_store_event($ev);
if($event) { if($event) {
$r = q("update item set resource_id = '%s', resource_type = 'event' where id = %d and uid = %d limit 1", $r = q("update item set resource_id = '%s', resource_type = 'event' where id = %d and uid = %d",
dbesc($event['event_hash']), dbesc($event['event_hash']),
intval($item['id']), intval($item['id']),
intval($channel['channel_id']) intval($channel['channel_id'])
@ -359,7 +359,7 @@ function event_store_item($arr,$event) {
$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0); $private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d LIMIT 1", q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d",
dbesc($arr['summary']), dbesc($arr['summary']),
dbesc($prefix . format_event_bbcode($arr)), dbesc($prefix . format_event_bbcode($arr)),
dbesc($object), dbesc($object),

10
include/expire.php
View File

@ -7,9 +7,10 @@ function expire_run($argv, $argc){
cli_startup(); cli_startup();
$r = q("select id from item where (item_restrict & %d) and not (item_restrict & %d) and changed < UTC_TIMESTAMP() - INTERVAL 10 DAY", $r = q("select id from item where (item_restrict & %d)>0 and not (item_restrict & %d)>0 and changed < %s - INTERVAL %s",
intval(ITEM_DELETED), intval(ITEM_DELETED),
intval(ITEM_PENDING_REMOVE) intval(ITEM_PENDING_REMOVE),
db_utcnow(), db_quoteinterval('10 DAY')
); );
if($r) { if($r) {
foreach($r as $rr) { foreach($r as $rr) {
@ -19,8 +20,9 @@ function expire_run($argv, $argc){
// physically remove anything that has been deleted for more than two months // physically remove anything that has been deleted for more than two months
$r = q("delete from item where ( item_restrict & %d ) and changed < UTC_TIMESTAMP() - INTERVAL 36 DAY", $r = q("delete from item where ( item_restrict & %d )>0 and changed < %s - INTERVAL %s",
intval(ITEM_PENDING_REMOVE) intval(ITEM_PENDING_REMOVE),
db_utcnow(), db_quoteinterval('36 DAY')
); );
// make this optional as it could have a performance impact on large sites // make this optional as it could have a performance impact on large sites

9
include/externals.php
View File

@ -25,7 +25,8 @@ function externals_run($argv, $argc){
$url = $arr['url']; $url = $arr['url'];
} }
else { else {
$r = q("select site_url, site_pull from site where site_url != '%s' and site_flags != %d order by rand() limit 1", $randfunc = db_getfunc('RAND');
$r = q("select site_url, site_pull from site where site_url != '%s' and site_flags != %d order by $randfunc limit 1",
dbesc(z_root()), dbesc(z_root()),
intval(DIRECTORY_MODE_STANDALONE) intval(DIRECTORY_MODE_STANDALONE)
); );
@ -76,7 +77,7 @@ function externals_run($argv, $argc){
$x = z_fetch_url($feedurl); $x = z_fetch_url($feedurl);
if(($x) && ($x['success'])) { if(($x) && ($x['success'])) {
q("update site set site_pull = '%s' where site_url = '%s' limit 1", q("update site set site_pull = '%s' where site_url = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($url) dbesc($url)
); );
@ -99,12 +100,12 @@ $z = null;
$flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK; $flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK;
// preserve the source // preserve the source
$r = q("update item set source_xchan = owner_xchan where id = %d limit 1", $r = q("update item set source_xchan = owner_xchan where id = %d",
intval($z[0]['id']) intval($z[0]['id'])
); );
$r = q("update item set item_flags = ( item_flags | %d ), owner_xchan = '%s' $r = q("update item set item_flags = ( item_flags | %d ), owner_xchan = '%s'
where id = %d limit 1", where id = %d",
intval($flag_bits), intval($flag_bits),
dbesc($sys['xchan_hash']), dbesc($sys['xchan_hash']),
intval($z[0]['id']) intval($z[0]['id'])

9
include/follow.php
View File

@ -37,7 +37,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
// check service class limits // check service class limits
$r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ", $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d)>0 ",
intval($uid), intval($uid),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
); );
@ -209,8 +209,9 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
return $result; return $result;
} }
$r = q("select count(*) as total from abook where abook_account = %d and ( abook_flags & ABOOK_FLAG_FEED )", $r = q("select count(*) as total from abook where abook_account = %d and ( abook_flags & %d )>0",
intval($aid) intval($aid),
intval(ABOOK_FLAG_FEED)
); );
if($r) if($r)
$total_feeds = $r[0]['total']; $total_feeds = $r[0]['total'];
@ -231,7 +232,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
intval($uid) intval($uid)
); );
if($r) { if($r) {
$x = q("update abook set abook_their_perms = %d where abook_id = %d limit 1", $x = q("update abook set abook_their_perms = %d where abook_id = %d",
intval($their_perms), intval($their_perms),
intval($r[0]['abook_id']) intval($r[0]['abook_id'])
); );

11
include/group.php
View File

@ -18,10 +18,11 @@ function group_add($uid,$name,$public = 0) {
intval($r) intval($r)
); );
if(count($z) && $z[0]['deleted']) { if(count($z) && $z[0]['deleted']) {
$r = q("UPDATE `groups` SET `deleted` = 0 WHERE `uid` = %d AND `name` = '%s' LIMIT 1", /*$r = q("UPDATE `groups` SET `deleted` = 0 WHERE `uid` = %d AND `name` = '%s' LIMIT 1",
intval($uid), intval($uid),
dbesc($name) dbesc($name)
); );*/
q('UPDATE groups SET deleted = 0 WHERE id = %d', intval($z[0]['id']));
notice( t('A deleted group with this name was revived. Existing item permissions <strong>may</strong> apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); notice( t('A deleted group with this name was revived. Existing item permissions <strong>may</strong> apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL);
} }
return true; return true;
@ -107,7 +108,7 @@ function group_rmv($uid,$name) {
); );
// remove group // remove group
$r = q("UPDATE `groups` SET `deleted` = 1 WHERE `uid` = %d AND `name` = '%s' LIMIT 1", $r = q("UPDATE `groups` SET `deleted` = 1 WHERE `uid` = %d AND `name` = '%s'",
intval($uid), intval($uid),
dbesc($name) dbesc($name)
); );
@ -152,7 +153,7 @@ function group_rmv_member($uid,$name,$member) {
return false; return false;
if(! ( $uid && $gid && $member)) if(! ( $uid && $gid && $member))
return false; return false;
$r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND xchan = '%s' LIMIT 1 ", $r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND xchan = '%s' ",
intval($uid), intval($uid),
intval($gid), intval($gid),
dbesc($member) dbesc($member)
@ -199,7 +200,7 @@ function group_get_members($gid) {
if(intval($gid)) { if(intval($gid)) {
$r = q("SELECT * FROM `group_member` $r = q("SELECT * FROM `group_member`
LEFT JOIN abook ON abook_xchan = `group_member`.`xchan` left join xchan on xchan_hash = abook_xchan LEFT JOIN abook ON abook_xchan = `group_member`.`xchan` left join xchan on xchan_hash = abook_xchan
WHERE `gid` = %d AND abook_channel = %d and `group_member`.`uid` = %d and not ( xchan_flags & %d ) and not ( abook_flags & %d ) and not ( abook_flags & %d ) ORDER BY xchan_name ASC ", WHERE `gid` = %d AND abook_channel = %d and `group_member`.`uid` = %d and not ( xchan_flags & %d )>0 and not ( abook_flags & %d )>0 and not ( abook_flags & %d )>0 ORDER BY xchan_name ASC ",
intval($gid), intval($gid),
intval(local_user()), intval(local_user()),
intval(local_user()), intval(local_user()),

8
include/hubloc.php
View File

@ -96,7 +96,7 @@ function remove_obsolete_hublocs() {
? intval(get_config('system','delivery_interval')) : 2 ); ? intval(get_config('system','delivery_interval')) : 2 );
foreach($r as $rr) { foreach($r as $rr) {
q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d limit 1", q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d",
intval(HUBLOC_FLAGS_DELETED), intval(HUBLOC_FLAGS_DELETED),
intval($rr['hubloc_id']) intval($rr['hubloc_id'])
); );
@ -134,7 +134,7 @@ function hubloc_change_primary($hubloc) {
dbesc($hubloc['hubloc_hash']) dbesc($hubloc['hubloc_hash'])
); );
if(($r) && (! $r[0]['channel_primary'])) { if(($r) && (! $r[0]['channel_primary'])) {
q("update channel set channel_primary = 1 where channel_id = %d limit 1", q("update channel set channel_primary = 1 where channel_id = %d",
intval($r[0]['channel_id']) intval($r[0]['channel_id'])
); );
} }
@ -156,7 +156,7 @@ function hubloc_change_primary($hubloc) {
$url = $hubloc['hubloc_url']; $url = $hubloc['hubloc_url'];
$lwebbie = substr($hubloc['hubloc_addr'],0,strpos($hubloc['hubloc_addr'],'@')); $lwebbie = substr($hubloc['hubloc_addr'],0,strpos($hubloc['hubloc_addr'],'@'));
$r = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_follow = '%s', xchan_connurl = '%s' where xchan_hash = '%s' limit 1", $r = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_follow = '%s', xchan_connurl = '%s' where xchan_hash = '%s'",
dbesc($hubloc['hubloc_addr']), dbesc($hubloc['hubloc_addr']),
dbesc($url . '/channel/' . $lwebbie), dbesc($url . '/channel/' . $lwebbie),
dbesc($url . '/follow?f=&url=%s'), dbesc($url . '/follow?f=&url=%s'),
@ -214,7 +214,7 @@ function xchan_store($arr) {
return $r; return $r;
$photos = import_profile_photo($arr['photo'],$arr['hash']); $photos = import_profile_photo($arr['photo'],$arr['hash']);
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($photos[0]), dbesc($photos[0]),
dbesc($photos[1]), dbesc($photos[1]),

20
include/identity.php
View File

@ -22,7 +22,7 @@ require_once('include/crypto.php');
function identity_check_service_class($account_id) { function identity_check_service_class($account_id) {
$ret = array('success' => false, $message => ''); $ret = array('success' => false, $message => '');
$r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d ) ", $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0 ",
intval($account_id), intval($account_id),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -104,7 +104,7 @@ function create_sys_channel() {
} }
function get_sys_channel() { function get_sys_channel() {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where (channel_pageflags & %d) limit 1", $r = q("select * from channel left join xchan on channel_hash = xchan_hash where (channel_pageflags & %d)>0 limit 1",
intval(PAGE_SYSTEM) intval(PAGE_SYSTEM)
); );
if($r) if($r)
@ -132,7 +132,7 @@ function is_sys_channel($channel_id) {
*/ */
function channel_total() { function channel_total() {
$r = q("select channel_id from channel where not ( channel_pageflags & %d )", $r = q("select channel_id from channel where not ( channel_pageflags & %d )>0",
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -390,7 +390,7 @@ function create_identity($arr) {
dbesc( t('Friends') ) dbesc( t('Friends') )
); );
if($r) { if($r) {
q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d limit 1", q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d",
dbesc($r[0]['hash']), dbesc($r[0]['hash']),
dbesc('<' . $r[0]['hash'] . '>'), dbesc('<' . $r[0]['hash'] . '>'),
intval($newuid) intval($newuid)
@ -446,7 +446,7 @@ function set_default_login_identity($account_id,$channel_id,$force = true) {
); );
if($r) { if($r) {
if((intval($r[0]['account_default_channel']) == 0) || ($force)) { if((intval($r[0]['account_default_channel']) == 0) || ($force)) {
$r = q("update account set account_default_channel = %d where account_id = %d limit 1", $r = q("update account set account_default_channel = %d where account_id = %d",
intval($channel_id), intval($channel_id),
intval($account_id) intval($account_id)
); );
@ -584,7 +584,7 @@ function identity_basic_export($channel_id, $items = false) {
// warning: this may run into memory limits on smaller systems // warning: this may run into memory limits on smaller systems
$r = q("select * from item where (item_flags & %d) and not (item_restrict & %d) and uid = %d", $r = q("select * from item where (item_flags & %d)>0 and not (item_restrict & %d)>0 and uid = %d",
intval(ITEM_WALL), intval(ITEM_WALL),
intval(ITEM_DELETED), intval(ITEM_DELETED),
intval($channel_id) intval($channel_id)
@ -673,7 +673,7 @@ function profile_load(&$a, $nickname, $profile = '') {
if(! $p) { if(! $p) {
$p = q("SELECT profile.uid AS profile_uid, profile.*, channel.* FROM profile $p = q("SELECT profile.uid AS profile_uid, profile.*, channel.* FROM profile
LEFT JOIN channel ON profile.uid = channel.channel_id LEFT JOIN channel ON profile.uid = channel.channel_id
WHERE channel.channel_address = '%s' and not ( channel_pageflags & %d ) WHERE channel.channel_address = '%s' and not ( channel_pageflags & %d )>0
AND profile.is_default = 1 LIMIT 1", AND profile.is_default = 1 LIMIT 1",
dbesc($nickname), dbesc($nickname),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
@ -1466,7 +1466,7 @@ function get_channel_by_nick($nick) {
function identity_selector() { function identity_selector() {
if(local_user()) { if(local_user()) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d )>0 order by channel_name ",
intval(get_account_id()), intval(get_account_id()),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -1546,7 +1546,7 @@ function notifications_off($channel_id) {
$r = q("select channel_notifyflags from channel where channel_id = %d limit 1", $r = q("select channel_notifyflags from channel where channel_id = %d limit 1",
intval($channel_id) intval($channel_id)
); );
$x = q("update channel set channel_notifyflags = 0 where channel_id = %d limit 1", $x = q("update channel set channel_notifyflags = 0 where channel_id = %d",
intval($channel_id) intval($channel_id)
); );
@ -1556,7 +1556,7 @@ function notifications_off($channel_id) {
function notifications_on($channel_id,$value) { function notifications_on($channel_id,$value) {
$x = q("update channel set channel_notifyflags = %d where channel_id = %d limit 1", $x = q("update channel set channel_notifyflags = %d where channel_id = %d",
intval($value), intval($value),
intval($channel_id) intval($channel_id)
); );

94
include/items.php
View File

@ -30,7 +30,7 @@ function collect_recipients($item,&$private_envelope) {
// as that would allow the denied person to see the post by logging out. // as that would allow the denied person to see the post by logging out.
if((! $item['allow_cid']) && (! $item['allow_gid'])) { if((! $item['allow_cid']) && (! $item['allow_gid'])) {
$r = q("select * from abook where abook_channel = %d and not (abook_flags & %d) ", $r = q("select * from abook where abook_channel = %d and not (abook_flags & %d)>0 ",
intval($item['uid']), intval($item['uid']),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED) intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED)
); );
@ -68,7 +68,7 @@ function collect_recipients($item,&$private_envelope) {
$private_envelope = false; $private_envelope = false;
if(array_key_exists('public_policy',$item) && $item['public_policy'] !== 'self') { if(array_key_exists('public_policy',$item) && $item['public_policy'] !== 'self') {
$r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d) ", $r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d)>0 ",
intval($item['uid']), intval($item['uid']),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED) intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED)
); );
@ -258,7 +258,7 @@ function add_source_route($iid,$hash) {
); );
if($r) { if($r) {
$new_route = (($r[0]['route']) ? $r[0]['route'] . ',' : '') . $hash; $new_route = (($r[0]['route']) ? $r[0]['route'] . ',' : '') . $hash;
q("update item set route = '%s' where id = %d limit 1", q("update item set route = '%s' where id = %d",
(dbesc($new_route)), (dbesc($new_route)),
intval($iid) intval($iid)
); );
@ -969,7 +969,7 @@ function import_author_rss($x) {
$photos = import_profile_photo($x['photo']['src'],$x['url']); $photos = import_profile_photo($x['photo']['src'],$x['url']);
if($photos) { if($photos) {
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'rss' limit 1", $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'rss'",
dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])),
dbesc($photos[0]), dbesc($photos[0]),
dbesc($photos[1]), dbesc($photos[1]),
@ -1014,7 +1014,7 @@ function import_author_unknown($x) {
$photos = import_profile_photo($x['photo']['src'],$x['url']); $photos = import_profile_photo($x['photo']['src'],$x['url']);
if($photos) { if($photos) {
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'unknown' limit 1", $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'unknown'",
dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])),
dbesc($photos[0]), dbesc($photos[0]),
dbesc($photos[1]), dbesc($photos[1]),
@ -2213,7 +2213,7 @@ function item_store($arr,$allow_exec = false) {
$r = q("UPDATE item SET parent = %d, allow_cid = '%s', allow_gid = '%s', $r = q("UPDATE item SET parent = %d, allow_cid = '%s', allow_gid = '%s',
deny_cid = '%s', deny_gid = '%s', public_policy = '%s', item_private = %d, comments_closed = '%s' deny_cid = '%s', deny_gid = '%s', public_policy = '%s', item_private = %d, comments_closed = '%s'
WHERE id = %d LIMIT 1", WHERE id = %d",
intval($parent_id), intval($parent_id),
dbesc($allow_cid), dbesc($allow_cid),
dbesc($allow_gid), dbesc($allow_gid),
@ -2258,13 +2258,13 @@ function item_store($arr,$allow_exec = false) {
// update the commented timestamp on the parent // update the commented timestamp on the parent
$z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and not ( item_restrict & %d ) ", $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and not ( item_restrict & %d )>0 ",
dbesc($arr['parent_mid']), dbesc($arr['parent_mid']),
intval($arr['uid']), intval($arr['uid']),
intval(ITEM_DELAYED_PUBLISH) intval(ITEM_DELAYED_PUBLISH)
); );
q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d LIMIT 1", q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d",
dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), dbesc(($z) ? $z[0]['commented'] : (datetime_convert())),
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($parent_id) intval($parent_id)
@ -2476,7 +2476,7 @@ function item_store_update($arr,$allow_exec = false) {
$str .= " `" . $k . "` = '" . $v . "' "; $str .= " `" . $k . "` = '" . $v . "' ";
} }
$r = dbq("update `item` set " . $str . " where id = " . $orig_post_id . " limit 1"); $r = dbq("update `item` set " . $str . " where id = " . $orig_post_id );
if($r) if($r)
logger('item_store_update: updated item ' . $orig_post_id, LOGGER_DEBUG); logger('item_store_update: updated item ' . $orig_post_id, LOGGER_DEBUG);
@ -2553,7 +2553,7 @@ function store_diaspora_comment_sig($datarray, $channel, $parent_item, $post_id,
$key = get_config('system','pubkey'); $key = get_config('system','pubkey');
$y = crypto_encapsulate(json_encode($x),$key); $y = crypto_encapsulate(json_encode($x),$key);
$r = q("update item set diaspora_meta = '%s' where id = %d limit 1", $r = q("update item set diaspora_meta = '%s' where id = %d",
dbesc(json_encode($y)), dbesc(json_encode($y)),
intval($post_id) intval($post_id)
); );
@ -2749,7 +2749,7 @@ function tag_deliver($uid,$item_id) {
$taglink = get_rel_link($j_obj['link'],'alternate'); $taglink = get_rel_link($j_obj['link'],'alternate');
store_item_tag($u[0]['channel_id'],$p[0]['id'],TERM_OBJ_POST,TERM_HASHTAG,$j_obj['title'],$j_obj['id']); store_item_tag($u[0]['channel_id'],$p[0]['id'],TERM_OBJ_POST,TERM_HASHTAG,$j_obj['title'],$j_obj['id']);
$x = q("update item set edited = '%s', received = '%s', changed = '%s' where mid = '%s' and uid = %d limit 1", $x = q("update item set edited = '%s', received = '%s', changed = '%s' where mid = '%s' and uid = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc(datetime_convert()), dbesc(datetime_convert()),
@ -2815,7 +2815,7 @@ function tag_deliver($uid,$item_id) {
if($mention) { if($mention) {
logger('tag_deliver: mention found for ' . $u[0]['channel_name']); logger('tag_deliver: mention found for ' . $u[0]['channel_name']);
$r = q("update item set item_flags = ( item_flags | %d ) where id = %d limit 1", $r = q("update item set item_flags = ( item_flags | %d ) where id = %d",
intval(ITEM_MENTIONSME), intval(ITEM_MENTIONSME),
intval($item_id) intval($item_id)
); );
@ -2930,7 +2930,7 @@ function tgroup_check($uid,$item) {
// or is a followup and we have already accepted the top level post as an uplink // or is a followup and we have already accepted the top level post as an uplink
if($item['mid'] != $item['parent_mid']) { if($item['mid'] != $item['parent_mid']) {
$r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d ) limit 1", $r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d )>0 limit 1",
dbesc($item['parent_mid']), dbesc($item['parent_mid']),
intval($uid), intval($uid),
intval(ITEM_UPLINK) intval(ITEM_UPLINK)
@ -3020,14 +3020,14 @@ function start_delivery_chain($channel,$item,$item_id,$parent) {
// when we created the delivery fork // when we created the delivery fork
if($parent) { if($parent) {
$r = q("update item set source_xchan = '%s' where id = %d limit 1", $r = q("update item set source_xchan = '%s' where id = %d",
dbesc($parent['source_xchan']), dbesc($parent['source_xchan']),
intval($item_id) intval($item_id)
); );
} }
else { else {
$flag_bits = $flag_bits | ITEM_UPLINK; $flag_bits = $flag_bits | ITEM_UPLINK;
$r = q("update item set source_xchan = owner_xchan where id = %d limit 1", $r = q("update item set source_xchan = owner_xchan where id = %d",
intval($item_id) intval($item_id)
); );
} }
@ -3057,7 +3057,7 @@ function start_delivery_chain($channel,$item,$item_id,$parent) {
} }
$r = q("update item set item_flags = %d, owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s', $r = q("update item set item_flags = %d, owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s',
deny_cid = '%s', deny_gid = '%s', item_private = %d, public_policy = '%s', comment_policy = '%s', title = '%s', body = '%s' where id = %d limit 1", deny_cid = '%s', deny_gid = '%s', item_private = %d, public_policy = '%s', comment_policy = '%s', title = '%s', body = '%s' where id = %d",
intval($flag_bits), intval($flag_bits),
dbesc($channel['channel_hash']), dbesc($channel['channel_hash']),
dbesc($channel['channel_allow_cid']), dbesc($channel['channel_allow_cid']),
@ -3097,7 +3097,7 @@ function start_delivery_chain($channel,$item,$item_id,$parent) {
function check_item_source($uid,$item) { function check_item_source($uid,$item) {
$r = q("select * from source where src_channel_id = %d and ( src_xchan = '%s' || src_xchan = '*' ) limit 1", $r = q("select * from source where src_channel_id = %d and ( src_xchan = '%s' or src_xchan = '*' ) limit 1",
intval($uid), intval($uid),
dbesc(($item['source_xchan']) ? $item['source_xchan'] : $item['owner_xchan']) dbesc(($item['source_xchan']) ? $item['source_xchan'] : $item['owner_xchan'])
); );
@ -3837,17 +3837,17 @@ function item_expire($uid,$days) {
$expire_network_only = 1; $expire_network_only = 1;
$sql_extra = ((intval($expire_network_only)) ? " AND not (item_flags & " . intval(ITEM_WALL) . ") " : ""); $sql_extra = ((intval($expire_network_only)) ? " AND not (item_flags & " . intval(ITEM_WALL) . ")>0 " : "");
$r = q("SELECT * FROM `item` $r = q("SELECT * FROM `item`
WHERE `uid` = %d WHERE `uid` = %d
AND `created` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `created` < %s - INTERVAL %s
AND `id` = `parent` AND `id` = `parent`
$sql_extra $sql_extra
AND NOT ( item_flags & %d ) AND NOT ( item_flags & %d )>0
AND (item_restrict = 0 ) ", AND (item_restrict = 0 ) ",
intval($uid), intval($uid),
intval($days), db_utcnow(), db_quoteinterval(intval($days).' DAY'),
intval(ITEM_RETAINED) intval(ITEM_RETAINED)
); );
@ -3885,7 +3885,7 @@ function item_expire($uid,$days) {
} }
function retain_item($id) { function retain_item($id) {
$r = q("update item set item_flags = (item_flags | %d ) where id = %d limit 1", $r = q("update item set item_flags = (item_flags | %d ) where id = %d",
intval(ITEM_RETAINED), intval(ITEM_RETAINED),
intval($id) intval($id)
); );
@ -3961,7 +3961,7 @@ function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL) {
// set the deleted flag immediately on this item just in case the // set the deleted flag immediately on this item just in case the
// hook calls a remote process which loops. We'll delete it properly in a second. // hook calls a remote process which loops. We'll delete it properly in a second.
$r = q("UPDATE item SET item_restrict = ( item_restrict | %d ) WHERE id = %d LIMIT 1", $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ) WHERE id = %d",
intval(ITEM_DELETED), intval(ITEM_DELETED),
intval($item['id']) intval($item['id'])
); );
@ -4018,7 +4018,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
switch($stage) { switch($stage) {
case DROPITEM_PHASE2: case DROPITEM_PHASE2:
$r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), body = '', title = '', $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), body = '', title = '',
changed = '%s', edited = '%s' WHERE id = %d LIMIT 1", changed = '%s', edited = '%s' WHERE id = %d",
intval(ITEM_PENDING_REMOVE), intval(ITEM_PENDING_REMOVE),
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc(datetime_convert()), dbesc(datetime_convert()),
@ -4028,7 +4028,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
case DROPITEM_PHASE1: case DROPITEM_PHASE1:
$r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ),
changed = '%s', edited = '%s' WHERE id = %d LIMIT 1", changed = '%s', edited = '%s' WHERE id = %d",
intval(ITEM_DELETED), intval(ITEM_DELETED),
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc(datetime_convert()), dbesc(datetime_convert()),
@ -4039,7 +4039,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
case DROPITEM_NORMAL: case DROPITEM_NORMAL:
default: default:
$r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), body = '', title = '', $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), body = '', title = '',
changed = '%s', edited = '%s' WHERE id = %d LIMIT 1", changed = '%s', edited = '%s' WHERE id = %d",
intval(ITEM_DELETED), intval(ITEM_DELETED),
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc(datetime_convert()), dbesc(datetime_convert()),
@ -4051,7 +4051,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
// immediately remove any undesired profile likes. // immediately remove any undesired profile likes.
q("delete from likes where iid = %d and channel_id = %d limit 1", q("delete from likes where iid = %d and channel_id = %d",
intval($item['id']), intval($item['id']),
intval($item['uid']) intval($item['uid'])
); );
@ -4062,7 +4062,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
if(strlen($item['resource_id'])) { if(strlen($item['resource_id'])) {
if($item['resource_type'] === 'event') { if($item['resource_type'] === 'event') {
q("delete from event where event_hash = '%s' and uid = %d limit 1", q("delete from event where event_hash = '%s' and uid = %d",
dbesc($item['resource_id']), dbesc($item['resource_id']),
intval($item['uid']) intval($item['uid'])
); );
@ -4082,12 +4082,12 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
if($stage == DROPITEM_PHASE1) if($stage == DROPITEM_PHASE1)
return true; return true;
$r = q("delete from term where otype = %d and oid = %d limit 1", $r = q("delete from term where otype = %d and oid = %d",
intval(TERM_OBJ_POST), intval(TERM_OBJ_POST),
intval($item['id']) intval($item['id'])
); );
q("delete from item_id where iid = %d and uid = %d limit 1", q("delete from item_id where iid = %d and uid = %d",
intval($item['id']), intval($item['id']),
intval($item['uid']) intval($item['uid'])
); );
@ -4106,7 +4106,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
function first_post_date($uid,$wall = false) { function first_post_date($uid,$wall = false) {
$wall_sql = (($wall) ? sprintf(" and item_flags & %d ", ITEM_WALL) : "" ); $wall_sql = (($wall) ? sprintf(" and (item_flags & %d)>0 ", ITEM_WALL) : "" );
$r = q("select id, created from item $r = q("select id, created from item
where item_restrict = %d and uid = %d and id = parent $wall_sql where item_restrict = %d and uid = %d and id = parent $wall_sql
@ -4297,19 +4297,19 @@ function zot_feed($uid,$observer_xchan,$arr) {
if(is_sys_channel($uid)) { if(is_sys_channel($uid)) {
require_once('include/security.php'); require_once('include/security.php');
$r = q("SELECT distinct parent from item $r = q("SELECT distinct parent, created from item
WHERE uid != %d WHERE uid != %d
and uid in (" . stream_perms_api_uids(PERMS_PUBLIC) . ") AND item_restrict = 0 and uid in (" . stream_perms_api_uids(PERMS_PUBLIC) . ") AND item_restrict = 0
AND (item_flags & %d) AND (item_flags & %d)>0
and item_private = 0 $sql_extra ORDER BY created ASC $limit", and item_private = 0 $sql_extra ORDER BY created ASC $limit",
intval($uid), intval($uid),
intval(ITEM_WALL) intval(ITEM_WALL)
); );
} }
else { else {
$r = q("SELECT distinct parent from item $r = q("SELECT distinct parent, created from item
WHERE uid = %d AND item_restrict = 0 WHERE uid = %d AND item_restrict = 0
AND (item_flags & %d) AND (item_flags & %d)>0
$sql_extra ORDER BY created ASC $limit", $sql_extra ORDER BY created ASC $limit",
intval($uid), intval($uid),
intval(ITEM_WALL) intval(ITEM_WALL)
@ -4372,12 +4372,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
} }
if($arr['star']) if($arr['star'])
$sql_options .= " and (item_flags & " . intval(ITEM_STARRED) . ") "; $sql_options .= " and (item_flags & " . intval(ITEM_STARRED) . ")>0 ";
if($arr['wall']) if($arr['wall'])
$sql_options .= " and (item_flags & " . intval(ITEM_WALL) . ") "; $sql_options .= " and (item_flags & " . intval(ITEM_WALL) . ")>0 ";
$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) "; $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ")>0 $sql_options ) ";
if($arr['since_id']) if($arr['since_id'])
$sql_extra .= " and item.id > " . $since_id . " "; $sql_extra .= " and item.id > " . $since_id . " ";
@ -4415,7 +4415,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
} }
elseif($arr['cid'] && $uid) { elseif($arr['cid'] && $uid) {
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ") limit 1", $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ")>0 limit 1",
intval($arr['cid']), intval($arr['cid']),
intval(local_user()) intval(local_user())
); );
@ -4455,7 +4455,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
} }
if($arr['conv'] && $channel) { if($arr['conv'] && $channel) {
$sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or ( item_flags & %d ))) ", $sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or ( item_flags & %d )>0)) ",
dbesc(protect_sprintf($uidhash)), dbesc(protect_sprintf($uidhash)),
intval(ITEM_MENTIONSME) intval(ITEM_MENTIONSME)
); );
@ -4471,11 +4471,11 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
else { else {
$itemspage = (($channel) ? get_pconfig($uid,'system','itemspage') : 20); $itemspage = (($channel) ? get_pconfig($uid,'system','itemspage') : 20);
$a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
$pager_sql = sprintf(" LIMIT %d, %d ",intval(get_app()->pager['start']), intval(get_app()->pager['itemspage'])); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(get_app()->pager['itemspage']), intval(get_app()->pager['start']));
} }
if(isset($arr['start']) && isset($arr['records'])) if(isset($arr['start']) && isset($arr['records']))
$pager_sql = sprintf(" LIMIT %d, %d ",intval($arr['start']), intval($arr['records'])); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($arr['records']), intval($arr['start']));
if(array_key_exists('cmin',$arr) || array_key_exists('cmax',$arr)) { if(array_key_exists('cmin',$arr) || array_key_exists('cmax',$arr)) {
if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) {
@ -4497,7 +4497,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
} }
} }
$simple_update = (($client_mode & CLIENT_MODE_UPDATE) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : ''); $simple_update = (($client_mode & CLIENT_MODE_UPDATE) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " )>0 " : '');
if($client_mode & CLIENT_MODE_LOAD) if($client_mode & CLIENT_MODE_LOAD)
$simple_update = ''; $simple_update = '';
@ -4541,7 +4541,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
// Fetch a page full of parent items for this page // Fetch a page full of parent items for this page
$r = q("SELECT distinct item.id AS item_id FROM item $r = q("SELECT distinct item.id AS item_id, item.$ordering FROM item
left join abook on item.author_xchan = abook.abook_xchan left join abook on item.author_xchan = abook.abook_xchan
WHERE $item_uids $item_restrict WHERE $item_uids $item_restrict
AND item.parent = item.id AND item.parent = item.id
@ -4639,7 +4639,7 @@ function update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remo
dbesc($page_type) dbesc($page_type)
); );
if($r) { if($r) {
q("update item_id set sid = '%s' where id = %d limit 1", q("update item_id set sid = '%s' where id = %d",
dbesc(($pagetitle) ? $pagetitle : substr($mid,0,16)), dbesc(($pagetitle) ? $pagetitle : substr($mid,0,16)),
intval($r[0]['id']) intval($r[0]['id'])
); );
@ -4670,7 +4670,7 @@ function item_add_cid($xchan_hash,$mid,$uid) {
dbesc('<' . $xchan_hash . '>') dbesc('<' . $xchan_hash . '>')
); );
if(! $r) { if(! $r) {
$r = q("update item set allow_cid = concat(allow_cid,'%s') where mid = '%s' and uid = %d limit 1", $r = q("update item set allow_cid = concat(allow_cid,'%s') where mid = '%s' and uid = %d",
dbesc('<' . $xchan_hash . '>'), dbesc('<' . $xchan_hash . '>'),
dbesc($mid), dbesc($mid),
intval($uid) intval($uid)
@ -4685,7 +4685,7 @@ function item_remove_cid($xchan_hash,$mid,$uid) {
dbesc('<' . $xchan_hash . '>') dbesc('<' . $xchan_hash . '>')
); );
if($r) { if($r) {
$x = q("update item set allow_cid = '%s' where mid = '%s' and uid = %d limit 1", $x = q("update item set allow_cid = '%s' where mid = '%s' and uid = %d",
dbesc(str_replace('<' . $xchan_hash . '>','',$r[0]['allow_cid'])), dbesc(str_replace('<' . $xchan_hash . '>','',$r[0]['allow_cid'])),
dbesc($mid), dbesc($mid),
intval($uid) intval($uid)

6
include/menu.php
View File

@ -176,7 +176,7 @@ function menu_edit($arr) {
} }
return q("update menu set menu_name = '%s', menu_desc = '%s', menu_flags = %d return q("update menu set menu_name = '%s', menu_desc = '%s', menu_flags = %d
where menu_id = %d and menu_channel_id = %d limit 1", where menu_id = %d and menu_channel_id = %d",
dbesc($menu_name), dbesc($menu_name),
dbesc($menu_desc), dbesc($menu_desc),
intval($menu_flags), intval($menu_flags),
@ -303,7 +303,7 @@ function menu_edit_item($menu_id, $uid, $arr) {
} }
$r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d limit 1", $r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d",
dbesc($mitem_link), dbesc($mitem_link),
dbesc($mitem_desc), dbesc($mitem_desc),
intval($mitem_flags), intval($mitem_flags),
@ -323,7 +323,7 @@ function menu_edit_item($menu_id, $uid, $arr) {
function menu_del_item($menu_id,$uid,$item_id) { function menu_del_item($menu_id,$uid,$item_id) {
$r = q("delete from menu_item where mitem_menu_id = %d and mitem_channel_id = %d and mitem_id = %d limit 1", $r = q("delete from menu_item where mitem_menu_id = %d and mitem_channel_id = %d and mitem_id = %d",
intval($menu_id), intval($menu_id),
intval($uid), intval($uid),
intval($item_id) intval($item_id)

8
include/message.php
View File

@ -243,7 +243,7 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
$limit = ''; $limit = '';
if($numitems) if($numitems)
$limit = " LIMIT " . intval($start) . ", " . intval($numitems); $limit = " LIMIT " . intval($numitems) . " OFFSET " . intval($start);
if($mailbox !== '') { if($mailbox !== '') {
$x = q("select channel_hash from channel where channel_id = %d limit 1", $x = q("select channel_hash from channel where channel_id = %d limit 1",
@ -332,7 +332,7 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
} }
if($updateseen) { if($updateseen) {
$r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and id = %d AND channel_id = %d", $r = q("UPDATE `mail` SET mail_flags = (mail_flags | %d) where not (mail_flags & %d)>0 and id = %d AND channel_id = %d",
intval(MAIL_SEEN), intval(MAIL_SEEN),
intval(MAIL_SEEN), intval(MAIL_SEEN),
dbesc($messageitem_id), dbesc($messageitem_id),
@ -363,7 +363,7 @@ function private_messages_drop($channel_id, $messageitem_id, $drop_conversation
} }
} }
else { else {
$r = q("DELETE FROM mail WHERE id = %d AND channel_id = %d LIMIT 1", $r = q("DELETE FROM mail WHERE id = %d AND channel_id = %d",
intval($messageitem_id), intval($messageitem_id),
intval($channel_id) intval($channel_id)
); );
@ -421,7 +421,7 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
if($updateseen) { if($updateseen) {
$r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and parent_mid = '%s' AND channel_id = %d", $r = q("UPDATE `mail` SET mail_flags = (mail_flags | %d) where not (mail_flags & %d)>0 and parent_mid = '%s' AND channel_id = %d",
intval(MAIL_SEEN), intval(MAIL_SEEN),
intval(MAIL_SEEN), intval(MAIL_SEEN),
dbesc($r[0]['parent_mid']), dbesc($r[0]['parent_mid']),

2
include/nav.php
View File

@ -38,7 +38,7 @@ EOT;
intval($channel['channel_id']) intval($channel['channel_id'])
); );
$chans = q("select channel_name, channel_id from channel where channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", $chans = q("select channel_name, channel_id from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0 order by channel_name ",
intval(get_account_id()), intval(get_account_id()),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );

10
include/network.php
View File

@ -991,7 +991,7 @@ function discover_by_url($url,$arr = null) {
); );
$photos = import_profile_photo($photo,$guid); $photos = import_profile_photo($photo,$guid);
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($photos[0]), dbesc($photos[0]),
dbesc($photos[1]), dbesc($photos[1]),
@ -1104,7 +1104,7 @@ function discover_by_webbie($webbie) {
dbesc($vcard['fn']), dbesc($vcard['fn']),
dbesc($network), dbesc($network),
dbesc(z_root()), dbesc(z_root()),
dbesc(datetime_convert()) dbescdate(datetime_convert())
); );
$r = q("select * from hubloc where hubloc_hash = '%s' limit 1", $r = q("select * from hubloc where hubloc_hash = '%s' limit 1",
@ -1119,13 +1119,13 @@ function discover_by_webbie($webbie) {
dbesc(trim($diaspora_base,'/')), dbesc(trim($diaspora_base,'/')),
dbesc($hostname), dbesc($hostname),
dbesc($notify), dbesc($notify),
dbesc(datetime_convert()), dbescdate(datetime_convert()),
intval(HUBLOC_FLAGS_PRIMARY) intval(HUBLOC_FLAGS_PRIMARY)
); );
} }
$photos = import_profile_photo($vcard['photo'],$addr); $photos = import_profile_photo($vcard['photo'],$addr);
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])),
dbesc($photos[0]), dbesc($photos[0]),
dbesc($photos[1]), dbesc($photos[1]),
dbesc($photos[2]), dbesc($photos[2]),

21
include/notifier.php
View File

@ -99,7 +99,7 @@ function notifier_run($argv, $argc){
// Get the recipient // Get the recipient
$r = q("select abook.*, hubloc.* from abook $r = q("select abook.*, hubloc.* from abook
left join hubloc on hubloc_hash = abook_xchan left join hubloc on hubloc_hash = abook_xchan
where abook_id = %d and not ( abook_flags & %d ) limit 1", where abook_id = %d and not ( abook_flags & %d )>0 limit 1",
intval($item_id), intval($item_id),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
); );
@ -205,11 +205,12 @@ function notifier_run($argv, $argc){
$normal_mode = false; $normal_mode = false;
$expire = true; $expire = true;
$items = q("SELECT * FROM item WHERE uid = %d AND ( item_flags & %d ) $items = q("SELECT * FROM item WHERE uid = %d AND ( item_flags & %d )>0
AND ( item_restrict & %d ) AND `changed` > UTC_TIMESTAMP() - INTERVAL 10 MINUTE", AND ( item_restrict & %d )>0 AND `changed` > %s - INTERVAL %s",
intval($item_id), intval($item_id),
intval(ITEM_WALL), intval(ITEM_WALL),
intval(ITEM_DELETED) intval(ITEM_DELETED),
db_utcnow(), db_quoteinterval('10 MINUTE')
); );
$uid = $item_id; $uid = $item_id;
$item_id = 0; $item_id = 0;
@ -495,13 +496,19 @@ function notifier_run($argv, $argc){
where hubloc_hash in (" . implode(',',$recipients) . ") group by hubloc_sitekey order by hubloc_connected desc limit 1"); where hubloc_hash in (" . implode(',',$recipients) . ") group by hubloc_sitekey order by hubloc_connected desc limit 1");
} }
else { else {
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$r = q("select distinct on (hubloc_sitekey) hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host from hubloc
where hubloc_hash in (" . implode(',',$recipients) . ") and not (hubloc_flags & %d)>0 and not (hubloc_status & %d)>0",
intval(HUBLOC_FLAGS_DELETED),
intval(HUBLOC_OFFLINE)
);
} else {
$r = q("select hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host from hubloc $r = q("select hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host from hubloc
where hubloc_hash in (" . implode(',',$recipients) . ") and not (hubloc_flags & %d) and not (hubloc_status & %d) group by hubloc_sitekey", where hubloc_hash in (" . implode(',',$recipients) . ") and not (hubloc_flags & %d)>0 and not (hubloc_status & %d)>0 group by hubloc_sitekey",
intval(HUBLOC_FLAGS_DELETED), intval(HUBLOC_FLAGS_DELETED),
intval(HUBLOC_OFFLINE) intval(HUBLOC_OFFLINE)
); );
}
} }
if(! $r) { if(! $r) {

4
include/onedirsync.php
View File

@ -35,13 +35,13 @@ function onedirsync_run($argv, $argc){
// (where we received this update from) ? // (where we received this update from) ?
// If we have, we don't need to do anything except mark any older entries updated // If we have, we don't need to do anything except mark any older entries updated
$x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d ) order by ud_date desc limit 1", $x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d )>0 order by ud_date desc limit 1",
dbesc($r[0]['ud_addr']), dbesc($r[0]['ud_addr']),
dbesc($r[0]['ud_date']), dbesc($r[0]['ud_date']),
intval(UPDATE_FLAGS_UPDATED) intval(UPDATE_FLAGS_UPDATED)
); );
if($x) { if($x) {
$y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not ( ud_flags & %d ) and ud_date < '%s' ", $y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not ( ud_flags & %d )>0 and ud_date < '%s' ",
intval(UPDATE_FLAGS_UPDATED), intval(UPDATE_FLAGS_UPDATED),
dbesc($r[0]['ud_addr']), dbesc($r[0]['ud_addr']),
intval(UPDATE_FLAGS_UPDATED), intval(UPDATE_FLAGS_UPDATED),

15
include/onepoll.php
View File

@ -28,8 +28,8 @@ function onepoll_run($argv, $argc){
$contacts = q("SELECT abook.*, xchan.*, account.* $contacts = q("SELECT abook.*, xchan.*, account.*
FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan
where abook_id = %d where abook_id = %d
AND (( abook_flags & %d ) OR ( abook_flags = %d )) AND (( abook_flags & %d )>0 OR ( abook_flags = %d ))
AND NOT ( abook_flags & %d ) AND NOT ( abook_flags & %d )>0
AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1", AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1",
intval($contact_id), intval($contact_id),
intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_UNCONNECTED|ABOOK_FLAG_FEED), intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_UNCONNECTED|ABOOK_FLAG_FEED),
@ -69,7 +69,7 @@ function onepoll_run($argv, $argc){
if($contact['xchan_network'] === 'rss') { if($contact['xchan_network'] === 'rss') {
logger('onepoll: processing feed ' . $contact['xchan_name'], LOGGER_DEBUG); logger('onepoll: processing feed ' . $contact['xchan_name'], LOGGER_DEBUG);
handle_feed($importer['channel_id'],$contact_id,$contact['xchan_hash']); handle_feed($importer['channel_id'],$contact_id,$contact['xchan_hash']);
q("update abook set abook_connected = '%s' where abook_id = %d limit 1", q("update abook set abook_connected = '%s' where abook_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($contact['abook_id']) intval($contact['abook_id'])
); );
@ -88,13 +88,13 @@ function onepoll_run($argv, $argc){
$connected = datetime_convert(); $connected = datetime_convert();
if(! $x) { if(! $x) {
// mark for death by not updating abook_connected, this is caught in include/poller.php // mark for death by not updating abook_connected, this is caught in include/poller.php
q("update abook set abook_updated = '%s' where abook_id = %d limit 1", q("update abook set abook_updated = '%s' where abook_id = %d",
dbesc($updated), dbesc($updated),
intval($contact['abook_id']) intval($contact['abook_id'])
); );
} }
else { else {
q("update abook set abook_updated = '%s', abook_connected = '%s' where abook_id = %d limit 1", q("update abook set abook_updated = '%s', abook_connected = '%s' where abook_id = %d",
dbesc($updated), dbesc($updated),
dbesc($connected), dbesc($connected),
intval($contact['abook_id']) intval($contact['abook_id'])
@ -145,8 +145,9 @@ function onepoll_run($argv, $argc){
if($contact['xchan_connurl']) { if($contact['xchan_connurl']) {
$r = q("SELECT xlink_id from xlink $r = q("SELECT xlink_id from xlink
where xlink_xchan = '%s' and xlink_updated > UTC_TIMESTAMP() - INTERVAL 1 DAY limit 1", where xlink_xchan = '%s' and xlink_updated > %s - INTERVAL %s limit 1",
intval($contact['xchan_hash']) intval($contact['xchan_hash']),
db_utcnow(), db_quoteinterval('1 DAY')
); );
if(! $r) { if(! $r) {
poco_load($contact['xchan_hash'],$contact['xchan_connurl']); poco_load($contact['xchan_hash'],$contact['xchan_connurl']);

4
include/permissions.php
View File

@ -97,7 +97,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
if(! $abook_checked) { if(! $abook_checked) {
$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d )>0 limit 1",
intval($uid), intval($uid),
dbesc($observer_xchan), dbesc($observer_xchan),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
@ -269,7 +269,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
return true; return true;
$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d )>0 limit 1",
intval($uid), intval($uid),
dbesc($observer_xchan), dbesc($observer_xchan),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)

14
include/photo/photo_driver.php
View File

@ -341,7 +341,7 @@ abstract class photo_driver {
`allow_gid` = '%s', `allow_gid` = '%s',
`deny_cid` = '%s', `deny_cid` = '%s',
`deny_gid` = '%s' `deny_gid` = '%s'
where id = %d limit 1", where id = %d",
intval($p['aid']), intval($p['aid']),
intval($p['uid']), intval($p['uid']),
@ -354,7 +354,7 @@ abstract class photo_driver {
dbesc($p['album']), dbesc($p['album']),
intval($this->getHeight()), intval($this->getHeight()),
intval($this->getWidth()), intval($this->getWidth()),
dbesc($this->imageString()), dbescbin($this->imageString()),
intval(strlen($this->imageString())), intval(strlen($this->imageString())),
intval($p['scale']), intval($p['scale']),
intval($p['profile']), intval($p['profile']),
@ -383,7 +383,7 @@ abstract class photo_driver {
dbesc($p['album']), dbesc($p['album']),
intval($this->getHeight()), intval($this->getHeight()),
intval($this->getWidth()), intval($this->getWidth()),
dbesc($this->imageString()), dbescbin($this->imageString()),
intval(strlen($this->imageString())), intval(strlen($this->imageString())),
intval($p['scale']), intval($p['scale']),
intval($p['profile']), intval($p['profile']),
@ -428,7 +428,7 @@ abstract class photo_driver {
`allow_gid` = '%s', `allow_gid` = '%s',
`deny_cid` = '%s', `deny_cid` = '%s',
`deny_gid` = '%s' `deny_gid` = '%s'
where id = %d limit 1", where id = %d",
intval($aid), intval($aid),
intval($uid), intval($uid),
@ -441,7 +441,7 @@ abstract class photo_driver {
dbesc($album), dbesc($album),
intval($this->getHeight()), intval($this->getHeight()),
intval($this->getWidth()), intval($this->getWidth()),
dbesc($this->imageString()), dbescbin($this->imageString()),
intval(strlen($this->imageString())), intval(strlen($this->imageString())),
intval($scale), intval($scale),
intval($profile), intval($profile),
@ -467,7 +467,7 @@ abstract class photo_driver {
dbesc($album), dbesc($album),
intval($this->getHeight()), intval($this->getHeight()),
intval($this->getWidth()), intval($this->getWidth()),
dbesc($this->imageString()), dbescbin($this->imageString()),
intval(strlen($this->imageString())), intval(strlen($this->imageString())),
intval($scale), intval($scale),
intval($profile), intval($profile),
@ -562,7 +562,7 @@ function import_profile_photo($photo,$xchan,$thing = false) {
if($thing) if($thing)
$hash = photo_new_resource(); $hash = photo_new_resource();
else { else {
$r = q("select resource_id from photo where xchan = '%s' and (photo_flags & %d ) and scale = 4 limit 1", $r = q("select resource_id from photo where xchan = '%s' and (photo_flags & %d )>0 and scale = 4 limit 1",
dbesc($xchan), dbesc($xchan),
intval(PHOTO_XCHAN) intval(PHOTO_XCHAN)
); );

7
include/photos.php
View File

@ -44,9 +44,10 @@ function photo_upload($channel, $observer, $args) {
* *
*/ */
$r = q("SELECT * FROM photo WHERE album = '%s' AND uid = %d AND created > UTC_TIMESTAMP() - INTERVAL 3 HOUR ", $r = q("SELECT * FROM photo WHERE album = '%s' AND uid = %d AND created > %s - INTERVAL %s ",
dbesc($album), dbesc($album),
intval($channel_id) intval($channel_id),
db_utcnow(), db_quoteinterval('3 HOUR')
); );
if((! $r) || ($album == t('Profile Photos'))) if((! $r) || ($album == t('Profile Photos')))
$visible = 1; $visible = 1;
@ -291,7 +292,7 @@ function photos_albums_list($channel,$observer) {
$sql_extra = permissions_sql($channel_id); $sql_extra = permissions_sql($channel_id);
$albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and ( photo_flags = %d or photo_flags = %d ) $sql_extra group by album order by created desc", $albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and ( photo_flags = %d or photo_flags = %d ) $sql_extra group by album order by max(created) desc",
intval($channel_id), intval($channel_id),
intval(PHOTO_NORMAL), intval(PHOTO_NORMAL),
intval(PHOTO_PROFILE) intval(PHOTO_PROFILE)

6
include/plugin.php
View File

@ -102,7 +102,7 @@ function load_plugin($plugin) {
// This way the system won't fall over dead during the update. // This way the system won't fall over dead during the update.
if(file_exists('addon/' . $plugin . '/.hidden')) { if(file_exists('addon/' . $plugin . '/.hidden')) {
q("update addon set hidden = 1 where name = '%s' limit 1", q("update addon set hidden = 1 where name = '%s'",
dbesc($plugin) dbesc($plugin)
); );
} }
@ -158,7 +158,7 @@ function reload_plugins() {
$func = $pl . '_load'; $func = $pl . '_load';
$func(); $func();
} }
q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d LIMIT 1", q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d",
intval($t), intval($t),
intval($i['id']) intval($i['id'])
); );
@ -208,7 +208,7 @@ function register_hook($hook, $file, $function, $priority = 0) {
* @return mixed * @return mixed
*/ */
function unregister_hook($hook, $file, $function) { function unregister_hook($hook, $file, $function) {
$r = q("DELETE FROM hook WHERE hook = '%s' AND `file` = '%s' AND `function` = '%s' LIMIT 1", $r = q("DELETE FROM hook WHERE hook = '%s' AND `file` = '%s' AND `function` = '%s'",
dbesc($hook), dbesc($hook),
dbesc($file), dbesc($file),
dbesc($function) dbesc($function)

51
include/poller.php
View File

@ -44,15 +44,17 @@ function poller_run($argv, $argc){
// expire any expired mail // expire any expired mail
q("delete from mail where expires != '%s' and expires < UTC_TIMESTAMP() ", q("delete from mail where expires != '%s' and expires < %s ",
dbesc(NULL_DATE) dbesc(NULL_DATE),
db_utcnow()
); );
// expire any expired items // expire any expired items
$r = q("select id from item where expires != '%s' and expires < UTC_TIMESTAMP() $r = q("select id from item where expires != '%s' and expires < %s
and not ( item_restrict & %d ) ", and not ( item_restrict & %d )>0 ",
dbesc(NULL_DATE), dbesc(NULL_DATE),
db_utcnow(),
intval(ITEM_DELETED) intval(ITEM_DELETED)
); );
if($r) { if($r) {
@ -66,7 +68,9 @@ function poller_run($argv, $argc){
// channels and sites that quietly vanished and prevent the directory from accumulating stale // channels and sites that quietly vanished and prevent the directory from accumulating stale
// or dead entries. // or dead entries.
$r = q("select channel_id from channel where channel_dirdate < UTC_TIMESTAMP() - INTERVAL 30 DAY"); $r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('30 DAY')
);
if($r) { if($r) {
foreach($r as $rr) { foreach($r as $rr) {
proc_run('php','include/directory.php',$rr['channel_id'],'force'); proc_run('php','include/directory.php',$rr['channel_id'],'force');
@ -78,12 +82,13 @@ function poller_run($argv, $argc){
// publish any applicable items that were set to be published in the future // publish any applicable items that were set to be published in the future
// (time travel posts) // (time travel posts)
$r = q("select id from item where ( item_restrict & %d ) and created <= UTC_TIMESTAMP() ", $r = q("select id from item where ( item_restrict & %d )>0 and created <= %s ",
intval(ITEM_DELAYED_PUBLISH) intval(ITEM_DELAYED_PUBLISH),
db_utcnow()
); );
if($r) { if($r) {
foreach($r as $rr) { foreach($r as $rr) {
$x = q("update item set item_restrict = ( item_restrict ^ %d ) where id = %d limit 1", $x = q("update item set item_restrict = ( item_restrict & ~%d ) where id = %d",
intval(ITEM_DELAYED_PUBLISH), intval(ITEM_DELAYED_PUBLISH),
intval($rr['id']) intval($rr['id'])
); );
@ -167,7 +172,9 @@ function poller_run($argv, $argc){
// expire any read notifications over a month old // expire any read notifications over a month old
q("delete from notify where seen = 1 and date < UTC_TIMESTAMP() - INTERVAL 30 DAY"); q("delete from notify where seen = 1 and date < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('30 DAY')
);
// expire any expired accounts // expire any expired accounts
downgrade_accounts(); downgrade_accounts();
@ -199,13 +206,15 @@ function poller_run($argv, $argc){
// This should be rare // This should be rare
$r = q("select xchan_photo_l, xchan_hash from xchan where xchan_photo_l != '' and xchan_photo_m = '' $r = q("select xchan_photo_l, xchan_hash from xchan where xchan_photo_l != '' and xchan_photo_m = ''
and xchan_photo_date < UTC_TIMESTAMP() - INTERVAL 1 DAY"); and xchan_photo_date < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('1 DAY')
);
if($r) { if($r) {
require_once('include/photo/photo_driver.php'); require_once('include/photo/photo_driver.php');
foreach($r as $rr) { foreach($r as $rr) {
$photos = import_profile_photo($rr['xchan_photo_l'],$rr['xchan_hash']); $photos = import_profile_photo($rr['xchan_photo_l'],$rr['xchan_hash']);
$x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' $x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
where xchan_hash = '%s' limit 1", where xchan_hash = '%s'",
dbesc($photos[0]), dbesc($photos[0]),
dbesc($photos[1]), dbesc($photos[1]),
dbesc($photos[2]), dbesc($photos[2]),
@ -258,16 +267,17 @@ function poller_run($argv, $argc){
// Only poll from those with suitable relationships // Only poll from those with suitable relationships
$abandon_sql = (($abandon_days) $abandon_sql = (($abandon_days)
? sprintf(" AND account_lastlog > UTC_TIMESTAMP() - INTERVAL %d DAY ", intval($abandon_days)) ? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days).' DAY'))
: '' : ''
); );
$randfunc = (ACTIVE_DBTYPE == DBTYPE_POSTGRES) ? 'RANDOM()' : 'RAND()';
$contacts = q("SELECT abook_id, abook_flags, abook_updated, abook_connected, abook_closeness, abook_xchan, abook_channel $contacts = q("SELECT abook_id, abook_flags, abook_updated, abook_connected, abook_closeness, abook_xchan, abook_channel
FROM abook LEFT JOIN account on abook_account = account_id where 1 FROM abook LEFT JOIN account on abook_account = account_id
$sql_extra $sql_extra
AND (( abook_flags & %d ) OR ( abook_flags = %d )) AND (( abook_flags & %d )>0 OR ( abook_flags = %d ))
AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY RAND()", AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY $randfunc",
intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_UNCONNECTED|ABOOK_FLAG_FEED), intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_UNCONNECTED|ABOOK_FLAG_FEED),
intval(0), intval(0),
intval(ACCOUNT_OK), intval(ACCOUNT_OK),
@ -308,7 +318,7 @@ function poller_run($argv, $argc){
// if we've never connected with them, start the mark for death countdown from now // if we've never connected with them, start the mark for death countdown from now
if($c == NULL_DATE) { if($c == NULL_DATE) {
$r = q("update abook set abook_connected = '%s' where abook_id = %d limit 1", $r = q("update abook set abook_connected = '%s' where abook_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($contact['abook_id']) intval($contact['abook_id'])
); );
@ -323,7 +333,7 @@ function poller_run($argv, $argc){
dbesc($contact['abook_xchan']) dbesc($contact['abook_xchan'])
); );
if($n && $n[0]['xchan_network'] == 'zot') { if($n && $n[0]['xchan_network'] == 'zot') {
$r = q("update abook set abook_flags = (abook_flags | %d) where abook_id = %d limit 1", $r = q("update abook set abook_flags = (abook_flags | %d) where abook_id = %d",
intval(ABOOK_FLAG_ARCHIVED), intval(ABOOK_FLAG_ARCHIVED),
intval($contact['abook_id']) intval($contact['abook_id'])
); );
@ -365,9 +375,10 @@ function poller_run($argv, $argc){
} }
if($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) { if($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
$r = q("select distinct ud_addr, updates.* from updates where not ( ud_flags & %d ) and ud_addr != '' and ( ud_last = '%s' OR ud_last > UTC_TIMESTAMP() - INTERVAL 7 DAY ) group by ud_addr ", $r = q("select distinct ud_addr, updates.* from updates where not ( ud_flags & %d )>0 and ud_addr != '' and ( ud_last = '%s' OR ud_last > %s - INTERVAL %s ) group by ud_addr ",
intval(UPDATE_FLAGS_UPDATED), intval(UPDATE_FLAGS_UPDATED),
dbesc(NULL_DATE) dbesc(NULL_DATE),
db_utcnow(), db_quoteinterval('7 DAY')
); );
if($r) { if($r) {
foreach($r as $rr) { foreach($r as $rr) {

24
include/queue.php
View File

@ -22,7 +22,9 @@ function queue_run($argv, $argc){
logger('queue: start'); logger('queue: start');
$r = q("DELETE FROM outq WHERE outq_created < UTC_TIMESTAMP() - INTERVAL 3 DAY"); $r = q("DELETE FROM outq WHERE outq_created < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('3 DAY')
);
if($queue_id) { if($queue_id) {
$r = q("SELECT * FROM outq WHERE outq_hash = '%s' LIMIT 1", $r = q("SELECT * FROM outq WHERE outq_hash = '%s' LIMIT 1",
@ -37,8 +39,18 @@ function queue_run($argv, $argc){
// so that we don't start off a thousand deliveries for a couple of dead hubs. // so that we don't start off a thousand deliveries for a couple of dead hubs.
// The zot driver will deliver everything destined for a single hub once contact is made (*if* contact is made). // The zot driver will deliver everything destined for a single hub once contact is made (*if* contact is made).
// Other drivers will have to do something different here and may need their own query. // Other drivers will have to do something different here and may need their own query.
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$r = q("SELECT * FROM outq WHERE outq_delivered = 0 and (( outq_created > UTC_TIMESTAMP() - INTERVAL 12 HOUR and outq_updated < UTC_TIMESTAMP() - INTERVAL 15 MINUTE ) OR ( outq_updated < UTC_TIMESTAMP() - INTERVAL 1 HOUR )) group by outq_posturl"); $prefix = 'DISTINCT ON (outq_posturl)';
$suffix = 'ORDER BY outq_posturl';
} else {
$prefix = '';
$suffix = 'GROUP BY outq_posturl';
}
$r = q("SELECT $prefix * FROM outq WHERE outq_delivered = 0 and (( outq_created > %s - INTERVAL %s and outq_updated < %s - INTERVAL %s ) OR ( outq_updated < %s - INTERVAL %s )) $suffix",
db_utcnow(), db_quoteinterval('12 HOUR'),
db_utcnow(), db_quoteinterval('15 MINUTE'),
db_utcnow(), db_quoteinterval('1 HOUR')
);
} }
if(! $r) if(! $r)
return; return;
@ -51,13 +63,13 @@ function queue_run($argv, $argc){
$result = z_post_url($rr['outq_posturl'],$rr['outq_msg']); $result = z_post_url($rr['outq_posturl'],$rr['outq_msg']);
if($result['success'] && $result['return_code'] < 300) { if($result['success'] && $result['return_code'] < 300) {
logger('queue: queue post success to ' . $rr['outq_posturl'], LOGGER_DEBUG); logger('queue: queue post success to ' . $rr['outq_posturl'], LOGGER_DEBUG);
$y = q("delete from outq where outq_hash = '%s' limit 1", $y = q("delete from outq where outq_hash = '%s'",
dbesc($rr['ouq_hash']) dbesc($rr['ouq_hash'])
); );
} }
else { else {
logger('queue: queue post returned ' . $result['return_code'] . ' from ' . $rr['outq_posturl'],LOGGER_DEBUG); logger('queue: queue post returned ' . $result['return_code'] . ' from ' . $rr['outq_posturl'],LOGGER_DEBUG);
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($rr['outq_hash']) dbesc($rr['outq_hash'])
); );
@ -70,7 +82,7 @@ function queue_run($argv, $argc){
} }
else { else {
$deadguys[] = $rr['outq_posturl']; $deadguys[] = $rr['outq_posturl'];
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($rr['outq_hash']) dbesc($rr['outq_hash'])
); );

4
include/queue_fn.php
View File

@ -2,7 +2,7 @@
function update_queue_time($id) { function update_queue_time($id) {
logger('queue: requeue item ' . $id); logger('queue: requeue item ' . $id);
q("UPDATE outq SET outq_updated = '%s' WHERE outq_hash = '%s' LIMIT 1", q("UPDATE outq SET outq_updated = '%s' WHERE outq_hash = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($id) dbesc($id)
); );
@ -10,7 +10,7 @@ function update_queue_time($id) {
function remove_queue_item($id) { function remove_queue_item($id) {
logger('queue: remove queue item ' . $id); logger('queue: remove queue item ' . $id);
q("DELETE FROM outq WHERE hash = '%s' LIMIT 1", q("DELETE FROM outq WHERE hash = '%s'",
dbesc($id) dbesc($id)
); );
} }

22
include/reddav.php
View File

@ -42,7 +42,7 @@ require_once('include/RedDAV/RedBasicAuth.php');
function RedChannelList(&$auth) { function RedChannelList(&$auth) {
$ret = array(); $ret = array();
$r = q("SELECT channel_id, channel_address FROM channel WHERE NOT (channel_pageflags & %d) AND NOT (channel_pageflags & %d)", $r = q("SELECT channel_id, channel_address FROM channel WHERE NOT (channel_pageflags & %d)>0 AND NOT (channel_pageflags & %d)>0",
intval(PAGE_REMOVED), intval(PAGE_REMOVED),
intval(PAGE_HIDDEN) intval(PAGE_HIDDEN)
); );
@ -115,7 +115,7 @@ function RedCollectionData($file, &$auth) {
$permission_error = false; $permission_error = false;
for ($x = 1; $x < count($path_arr); $x++) { for ($x = 1; $x < count($path_arr); $x++) {
$r = q("SELECT id, hash, filename, flags FROM attach WHERE folder = '%s' AND filename = '%s' AND uid = %d AND (flags & %d) $perms LIMIT 1", $r = q("SELECT id, hash, filename, flags FROM attach WHERE folder = '%s' AND filename = '%s' AND uid = %d AND (flags & %d)>0 $perms LIMIT 1",
dbesc($folder), dbesc($folder),
dbesc($path_arr[$x]), dbesc($path_arr[$x]),
intval($channel_id), intval($channel_id),
@ -124,7 +124,7 @@ function RedCollectionData($file, &$auth) {
if (! $r) { if (! $r) {
// path wasn't found. Try without permissions to see if it was the result of permissions. // path wasn't found. Try without permissions to see if it was the result of permissions.
$errors = true; $errors = true;
$r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) limit 1", $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0 limit 1",
dbesc($folder), dbesc($folder),
basename($path_arr[$x]), basename($path_arr[$x]),
intval($channel_id), intval($channel_id),
@ -155,8 +155,14 @@ function RedCollectionData($file, &$auth) {
logger("Path mismatch: $path !== /$file"); logger("Path mismatch: $path !== /$file");
return NULL; return NULL;
} }
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and uid = %d $perms group by filename", $prefix = 'DISTINCT ON (filename)';
$suffix = 'ORDER BY filename';
} else {
$prefix = '';
$suffix = 'GROUP BY filename';
}
$r = q("select $prefix id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and uid = %d $perms $suffix",
dbesc($folder), dbesc($folder),
intval($channel_id) intval($channel_id)
); );
@ -231,7 +237,7 @@ function RedFileData($file, &$auth, $test = false) {
$errors = false; $errors = false;
for ($x = 1; $x < count($path_arr); $x++) { for ($x = 1; $x < count($path_arr); $x++) {
$r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) $perms", $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0 $perms",
dbesc($folder), dbesc($folder),
dbesc($path_arr[$x]), dbesc($path_arr[$x]),
intval($channel_id), intval($channel_id),
@ -244,7 +250,7 @@ function RedFileData($file, &$auth, $test = false) {
} }
if (! $r) { if (! $r) {
$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach
where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1", where folder = '%s' and filename = '%s' and uid = %d $perms order by filename limit 1",
dbesc($folder), dbesc($folder),
dbesc(basename($file)), dbesc(basename($file)),
intval($channel_id) intval($channel_id)
@ -253,7 +259,7 @@ function RedFileData($file, &$auth, $test = false) {
if (! $r) { if (! $r) {
$errors = true; $errors = true;
$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach
where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1", where folder = '%s' and filename = '%s' and uid = %d order by filename limit 1",
dbesc($folder), dbesc($folder),
dbesc(basename($file)), dbesc(basename($file)),
intval($channel_id) intval($channel_id)

31
include/security.php
View File

@ -12,7 +12,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
$_SESSION['authenticated'] = 1; $_SESSION['authenticated'] = 1;
if($login_initial || $update_lastlog) { if($login_initial || $update_lastlog) {
q("update account set account_lastlog = '%s' where account_id = %d limit 1", q("update account set account_lastlog = '%s' where account_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($_SESSION['account_id']) intval($_SESSION['account_id'])
); );
@ -59,7 +59,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
/* This account has never created a channel. Send them to new_channel by default */ /* This account has never created a channel. Send them to new_channel by default */
if($a->module === 'login') { if($a->module === 'login') {
$r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d)", $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d)>0",
intval($a->account['account_id']), intval($a->account['account_id']),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -76,7 +76,7 @@ function change_channel($change_channel) {
$ret = false; $ret = false;
if($change_channel) { if($change_channel) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and not ( channel_pageflags & %d) limit 1", $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and not ( channel_pageflags & %d)>0 limit 1",
intval($change_channel), intval($change_channel),
intval(get_account_id()), intval(get_account_id()),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
@ -86,7 +86,7 @@ function change_channel($change_channel) {
if (is_developer()) { if (is_developer()) {
if (! $r) { if (! $r) {
if (is_site_admin()) { if (is_site_admin()) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d ) limit 1", $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d )>0 limit 1",
intval($change_channel), intval($change_channel),
intval(PAGE_SYSTEM), intval(PAGE_SYSTEM),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
@ -174,9 +174,10 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
foreach($groups as $g) foreach($groups as $g)
$gs .= '|<' . $g . '>'; $gs .= '|<' . $g . '>';
} }
$regexop = db_getfunc('REGEXP');
$sql = sprintf( $sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
) )
", ",
dbesc(protect_sprintf( '%<' . $observer . '>%')), dbesc(protect_sprintf( '%<' . $observer . '>%')),
@ -204,7 +205,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
* default permissions - anonymous user * default permissions - anonymous user
*/ */
$sql = " AND not item_private "; $sql = " AND item_private=0 ";
/** /**
@ -235,10 +236,11 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
if(is_array($groups) && count($groups)) { if(is_array($groups) && count($groups)) {
foreach($groups as $g) foreach($groups as $g)
$gs .= '|<' . $g . '>'; $gs .= '|<' . $g . '>';
} }
$regexop = db_getfunc('REGEXP');
$sql = sprintf( $sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
) )
", ",
dbesc(protect_sprintf( '%<' . $observer . '>%')), dbesc(protect_sprintf( '%<' . $observer . '>%')),
@ -264,9 +266,10 @@ function public_permissions_sql($observer_hash) {
} }
$sql = ''; $sql = '';
if($observer_hash) { if($observer_hash) {
$regexop = db_getfunc('REGEXP');
$sql = sprintf( $sql = sprintf(
" OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') " OR (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
)) ))
", ",
dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),
@ -375,7 +378,7 @@ function stream_perms_api_uids($perms = NULL ) {
$ret = array(); $ret = array();
if(local_user()) if(local_user())
$ret[] = local_user(); $ret[] = local_user();
$r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0",
intval($perms), intval($perms),
intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED)
); );
@ -402,7 +405,7 @@ function stream_perms_xchans($perms = NULL ) {
if(local_user()) if(local_user())
$ret[] = get_observer_hash(); $ret[] = get_observer_hash();
$r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0",
intval($perms), intval($perms),
intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED) intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED)
); );

8
include/session.php
View File

@ -60,11 +60,11 @@ function ref_session_write ($id,$data) {
if($session_exists) if($session_exists)
$r = q("UPDATE `session` $r = q("UPDATE `session`
SET `data` = '%s', `expire` = '%s' SET `data` = '%s', `expire` = '%s'
WHERE `sid` = '%s' LIMIT 1", WHERE `sid` = '%s'",
dbesc($data), dbesc($expire), dbesc($id)); dbesc($data), dbesc($expire), dbesc($id));
else else
$r = q("INSERT INTO `session` $r = q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
SET `sid` = '%s', `expire` = '%s', `data` = '%s'", //SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
dbesc($id), dbesc($default_expire), dbesc($data)); dbesc($id), dbesc($default_expire), dbesc($data));
return true; return true;
@ -84,7 +84,7 @@ function ref_session_destroy ($id) {
function ref_session_gc($expire) { function ref_session_gc($expire) {
q("DELETE FROM session WHERE expire < %d", dbesc(time())); q("DELETE FROM session WHERE expire < %d", dbesc(time()));
q("OPTIMIZE TABLE session"); db_optimizetable('session');
return true; return true;
} }

57
include/socgraph.php
View File

@ -77,7 +77,7 @@ function poco_load($xchan = '',$url = null) {
dbesc($xchan) dbesc($xchan)
); );
if($r) { if($r) {
q("update xchat set xchat_edited = '%s' where xchat_id = %d limit 1", q("update xchat set xchat_edited = '%s' where xchat_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($r[0]['xchat_id']) intval($r[0]['xchat_id'])
); );
@ -93,7 +93,8 @@ function poco_load($xchan = '',$url = null) {
} }
} }
} }
q("delete from xchat where xchat_edited < UTC_TIMESTAMP() - INTERVAL 7 DAY and xchat_xchan = '%s' ", q("delete from xchat where xchat_edited < %s - INTERVAL %s and xchat_xchan = '%s' ",
db_utcnow(), db_quoteinterval('7 DAY'),
dbesc($xchan) dbesc($xchan)
); );
} }
@ -195,7 +196,7 @@ function poco_load($xchan = '',$url = null) {
); );
} }
else { else {
q("update xlink set xlink_updated = '%s', xlink_rating = %d where xlink_id = %d limit 1", q("update xlink set xlink_updated = '%s', xlink_rating = %d where xlink_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($rating), intval($rating),
intval($r[0]['xlink_id']) intval($r[0]['xlink_id'])
@ -204,8 +205,9 @@ function poco_load($xchan = '',$url = null) {
} }
logger("poco_load: loaded $total entries",LOGGER_DEBUG); logger("poco_load: loaded $total entries",LOGGER_DEBUG);
q("delete from xlink where xlink_xchan = '%s' and xlink_updated < UTC_TIMESTAMP() - INTERVAL 2 DAY", q("delete from xlink where xlink_xchan = '%s' and xlink_updated < %s - INTERVAL %s",
dbesc($xchan) dbesc($xchan),
db_utcnow(), db_quoteinterval('2 DAY')
); );
} }
@ -227,18 +229,19 @@ function count_common_friends($uid,$xchan) {
function common_friends($uid,$xchan,$start = 0,$limit=100000000,$shuffle = false) { function common_friends($uid,$xchan,$start = 0,$limit=100000000,$shuffle = false) {
$rand = db_getfunc('rand');
if($shuffle) if($shuffle)
$sql_extra = " order by rand() "; $sql_extra = " order by $rand ";
else else
$sql_extra = " order by xchan_name asc "; $sql_extra = " order by xchan_name asc ";
$r = q("SELECT * from xchan left join xlink on xlink_link = xchan_hash where xlink_xchan = '%s' and xlink_link in $r = q("SELECT * from xchan left join xlink on xlink_link = xchan_hash where xlink_xchan = '%s' and xlink_link in
(select abook_xchan from abook where abook_xchan != '%s' and abook_channel = %d and abook_flags = 0 ) $sql_extra limit %d, %d", (select abook_xchan from abook where abook_xchan != '%s' and abook_channel = %d and abook_flags = 0 ) $sql_extra limit %d offset %d",
dbesc($xchan), dbesc($xchan),
dbesc($xchan), dbesc($xchan),
intval($uid), intval($uid),
intval($start), intval($limit),
intval($limit) intval($start)
); );
return $r; return $r;
@ -273,11 +276,11 @@ function common_friends_zcid($uid,$zcid,$start = 0, $limit = 9999,$shuffle = fal
FROM `glink` left join `gcontact` on `glink`.`gcid` = `gcontact`.`id` FROM `glink` left join `gcontact` on `glink`.`gcid` = `gcontact`.`id`
where `glink`.`zcid` = %d where `glink`.`zcid` = %d
and `gcontact`.`nurl` in (select nurl from contact where uid = %d and self = 0 and blocked = 0 and hidden = 0 ) and `gcontact`.`nurl` in (select nurl from contact where uid = %d and self = 0 and blocked = 0 and hidden = 0 )
$sql_extra limit %d, %d", $sql_extra limit %d offset %d",
intval($zcid), intval($zcid),
intval($uid), intval($uid),
intval($start), intval($limit),
intval($limit) intval($start)
); );
return $r; return $r;
@ -306,11 +309,11 @@ function all_friends($uid,$cid,$start = 0, $limit = 80) {
$r = q("SELECT `gcontact`.* $r = q("SELECT `gcontact`.*
FROM `glink` left join `gcontact` on `glink`.`gcid` = `gcontact`.`id` FROM `glink` left join `gcontact` on `glink`.`gcid` = `gcontact`.`id`
where `glink`.`cid` = %d and `glink`.`uid` = %d where `glink`.`cid` = %d and `glink`.`uid` = %d
order by `gcontact`.`name` asc LIMIT %d, %d ", order by `gcontact`.`name` asc LIMIT %d OFFSET %d ",
intval($cid), intval($cid),
intval($uid), intval($uid),
intval($start), intval($limit),
intval($limit) intval($start)
); );
return $r; return $r;
@ -329,16 +332,16 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) {
and not xlink_link in ( select abook_xchan from abook where abook_channel = %d ) and not xlink_link in ( select abook_xchan from abook where abook_channel = %d )
and not xlink_link in ( select xchan from xign where uid = %d ) and not xlink_link in ( select xchan from xign where uid = %d )
and xlink_xchan != '' and xlink_xchan != ''
and not ( xchan_flags & %d ) and not ( xchan_flags & %d )>0
and not ( xchan_flags & %d ) and not ( xchan_flags & %d )>0
group by xchan_hash order by total desc limit %d, %d ", group by xchan_hash order by total desc limit %d offset %d ",
intval($uid), intval($uid),
intval($uid), intval($uid),
intval($uid), intval($uid),
intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_HIDDEN),
intval(XCHAN_FLAGS_DELETED), intval(XCHAN_FLAGS_DELETED),
intval($start), intval($limit),
intval($limit) intval($start)
); );
if($r && count($r) >= ($limit -1)) if($r && count($r) >= ($limit -1))
@ -349,15 +352,15 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) {
where xlink_xchan = '' where xlink_xchan = ''
and not xlink_link in ( select abook_xchan from abook where abook_channel = %d ) and not xlink_link in ( select abook_xchan from abook where abook_channel = %d )
and not xlink_link in ( select xchan from xign where uid = %d ) and not xlink_link in ( select xchan from xign where uid = %d )
and not ( xchan_flags & %d ) and not ( xchan_flags & %d )>0
and not ( xchan_flags & %d ) and not ( xchan_flags & %d )>0
group by xchan_hash order by total desc limit %d, %d ", group by xchan_hash order by total desc limit %d offset %d ",
intval($uid), intval($uid),
intval($uid), intval($uid),
intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_HIDDEN),
intval(XCHAN_FLAGS_DELETED), intval(XCHAN_FLAGS_DELETED),
intval($start), intval($limit),
intval($limit) intval($start)
); );
if(is_array($r) && is_array($r2)) if(is_array($r) && is_array($r2))
@ -394,7 +397,9 @@ function update_suggestions() {
// the targets may have changed their preferences and don't want to be suggested - and they // the targets may have changed their preferences and don't want to be suggested - and they
// may have simply gone away. // may have simply gone away.
$r = q("delete from xlink where xlink_xchan = '' and xlink_updated < UTC_TIMESTAMP() - INTERVAL 7 DAY"); $r = q("delete from xlink where xlink_xchan = '' and xlink_updated < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('7 DAY')
);
$j = json_decode($ret['body'],true); $j = json_decode($ret['body'],true);

20
include/statistics_fns.php
View File

@ -13,7 +13,9 @@ function update_channels_total_stat() {
function update_channels_active_halfyear_stat() { function update_channels_active_halfyear_stat() {
$r = q("select channel_id from channel left join account on account_id = channel_account_id $r = q("select channel_id from channel left join account on account_id = channel_account_id
where account_flags = 0 and account_lastlog > UTC_TIMESTAMP - INTERVAL 6 MONTH"); where account_flags = 0 and account_lastlog > %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('6 MONTH')
);
if($r) { if($r) {
$s = ''; $s = '';
foreach($r as $rr) { foreach($r as $rr) {
@ -21,8 +23,9 @@ function update_channels_active_halfyear_stat() {
$s .= ','; $s .= ',';
$s .= intval($rr['channel_id']); $s .= intval($rr['channel_id']);
} }
$x = q("select uid from item where uid in ( $s ) and (item_flags & %d) and created > UTC_TIMESTAMP - INTERVAL 6 MONTH group by uid", $x = q("select uid from item where uid in ( $s ) and (item_flags & %d)>0 and created > %s - INTERVAL %s group by uid",
intval(ITEM_WALL) intval(ITEM_WALL),
db_utcnow(), db_quoteinterval('6 MONTH')
); );
if($x) { if($x) {
$channels_active_halfyear_stat = count($x); $channels_active_halfyear_stat = count($x);
@ -37,7 +40,9 @@ function update_channels_active_halfyear_stat() {
function update_channels_active_monthly_stat() { function update_channels_active_monthly_stat() {
$r = q("select channel_id from channel left join account on account_id = channel_account_id $r = q("select channel_id from channel left join account on account_id = channel_account_id
where account_flags = 0 and account_lastlog > UTC_TIMESTAMP - INTERVAL 1 MONTH"); where account_flags = 0 and account_lastlog > %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('1 MONTH')
);
if($r) { if($r) {
$s = ''; $s = '';
foreach($r as $rr) { foreach($r as $rr) {
@ -45,8 +50,9 @@ function update_channels_active_monthly_stat() {
$s .= ','; $s .= ',';
$s .= intval($rr['channel_id']); $s .= intval($rr['channel_id']);
} }
$x = q("select uid from item where uid in ( $s ) and ( item_flags & %d ) and created > UTC_TIMESTAMP - INTERVAL 1 MONTH group by uid", $x = q("select uid from item where uid in ( $s ) and ( item_flags & %d )>0 and created > %s - INTERVAL %s group by uid",
intval(ITEM_WALL) intval(ITEM_WALL),
db_utcnow(), db_quoteinterval('1 MONTH')
); );
if($x) { if($x) {
$channels_active_monthly_stat = count($x); $channels_active_monthly_stat = count($x);
@ -60,7 +66,7 @@ function update_channels_active_monthly_stat() {
} }
function update_local_posts_stat() { function update_local_posts_stat() {
$posts = q("SELECT COUNT(*) AS local_posts FROM `item` WHERE (item_flags & %d) ", $posts = q("SELECT COUNT(*) AS local_posts FROM `item` WHERE (item_flags & %d)>0 ",
intval(ITEM_WALL) ); intval(ITEM_WALL) );
if (is_array($posts)) { if (is_array($posts)) {
$local_posts_stat = intval($posts[0]["local_posts"]); $local_posts_stat = intval($posts[0]["local_posts"]);

18
include/text.php
View File

@ -724,7 +724,7 @@ function contact_block() {
if((! is_array($a->profile)) || ($a->profile['hide_friends'])) if((! is_array($a->profile)) || ($a->profile['hide_friends']))
return $o; return $o;
$r = q("SELECT COUNT(abook_id) AS total FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and not ( abook_flags & %d ) and not (xchan_flags & %d)", $r = q("SELECT COUNT(abook_id) AS total FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and not ( abook_flags & %d )>0 and not (xchan_flags & %d)>0",
intval($a->profile['uid']), intval($a->profile['uid']),
intval($abook_flags), intval($abook_flags),
intval($xchan_flags) intval($xchan_flags)
@ -737,8 +737,12 @@ function contact_block() {
$micropro = Null; $micropro = Null;
} else { } else {
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash WHERE abook_channel = %d AND not ( abook_flags & %d) and not (xchan_flags & %d ) ORDER BY RAND() LIMIT %d", $randfunc = 'RANDOM()';
} else {
$randfunc = 'RAND()';
}
$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash WHERE abook_channel = %d AND not ( abook_flags & %d)>0 and not (xchan_flags & %d )>0 ORDER BY $randfunc LIMIT %d",
intval($a->profile['uid']), intval($a->profile['uid']),
intval($abook_flags|ABOOK_FLAG_ARCHIVED), intval($abook_flags|ABOOK_FLAG_ARCHIVED),
intval($xchan_flags), intval($xchan_flags),
@ -1534,7 +1538,7 @@ function unamp($s) {
} }
function layout_select($channel_id, $current = '') { function layout_select($channel_id, $current = '') {
$r = q("select mid,sid from item left join item_id on iid = item.id where service = 'PDL' and item.uid = item_id.uid and item_id.uid = %d and (item_restrict & %d)", $r = q("select mid,sid from item left join item_id on iid = item.id where service = 'PDL' and item.uid = item_id.uid and item_id.uid = %d and (item_restrict & %d)>0",
intval($channel_id), intval($channel_id),
intval(ITEM_PDL) intval(ITEM_PDL)
); );
@ -1874,13 +1878,13 @@ function xchan_query(&$items,$abook = true,$effective_uid = 0) {
if(count($arr)) { if(count($arr)) {
if($abook) { if($abook) {
$chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash and abook_channel = %d $chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash and abook_channel = %d
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )", where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0",
intval($item['uid']) intval($item['uid'])
); );
} }
else { else {
$chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0");
} }
$xchans = q("select * from xchan where xchan_hash in (" . implode(',',$arr) . ") and xchan_network in ('rss','unknown')"); $xchans = q("select * from xchan where xchan_hash in (" . implode(',',$arr) . ") and xchan_network in ('rss','unknown')");
if(! $chans) if(! $chans)
@ -1909,7 +1913,7 @@ function xchan_mail_query(&$item) {
if(count($arr)) { if(count($arr)) {
$chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0");
} }
if($chans) { if($chans) {
$item['from'] = find_xchan_in_array($item['from_xchan'],$chans); $item['from'] = find_xchan_in_array($item['from_xchan'],$chans);

6
include/widgets.php
View File

@ -155,7 +155,7 @@ function widget_follow($args) {
return ''; return '';
$a = get_app(); $a = get_app();
$uid =$a->channel['channel_id']; $uid =$a->channel['channel_id'];
$r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ", $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d)>0 ",
intval($uid), intval($uid),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
); );
@ -220,7 +220,7 @@ function widget_savedsearch($arr) {
} }
if(x($_GET,'searchremove') && $search) { if(x($_GET,'searchremove') && $search) {
q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s'",
intval(local_user()), intval(local_user()),
intval(TERM_SAVEDSEARCH), intval(TERM_SAVEDSEARCH),
dbesc($search) dbesc($search)
@ -432,7 +432,7 @@ function widget_settings_menu($arr) {
$role = get_pconfig(local_user(),'system','permissions_role'); $role = get_pconfig(local_user(),'system','permissions_role');
$abk = q("select abook_id from abook where abook_channel = %d and ( abook_flags & %d ) limit 1", $abk = q("select abook_id from abook where abook_channel = %d and ( abook_flags & %d )>0 limit 1",
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
); );

104
include/zot.php
View File

@ -79,7 +79,7 @@ function zot_get_hublocs($hash) {
/** Only search for active hublocs - e.g. those that haven't been marked deleted */ /** Only search for active hublocs - e.g. those that haven't been marked deleted */
$ret = q("select * from hubloc where hubloc_hash = '%s' and not ( hubloc_flags & %d ) group by hubloc_url ", $ret = q("select * from hubloc where hubloc_hash = '%s' and not ( hubloc_flags & %d )>0 order by hubloc_url ",
dbesc($hash), dbesc($hash),
intval(HUBLOC_FLAGS_DELETED) intval(HUBLOC_FLAGS_DELETED)
); );
@ -194,14 +194,15 @@ function zot_finger($webbie,$channel,$autofallback = true) {
logger('zot_finger: no address :' . $webbie); logger('zot_finger: no address :' . $webbie);
return array('success' => false); return array('success' => false);
} }
logger('using xchan_addr: ' . $xchan_addr, LOGGER_DATA);
// potential issue here; the xchan_addr points to the primary hub. // potential issue here; the xchan_addr points to the primary hub.
// The webbie we were called with may not, so it might not be found // The webbie we were called with may not, so it might not be found
// unless we query for hubloc_addr instead of xchan_addr // unless we query for hubloc_addr instead of xchan_addr
$r = q("select xchan.*, hubloc.* from xchan $r = q("select xchan.*, hubloc.* from xchan
left join hubloc on xchan_hash = hubloc_hash left join hubloc on xchan_hash = hubloc_hash
where xchan_addr = '%s' and (hubloc_flags & %d) limit 1", where xchan_addr = '%s' and (hubloc_flags & %d)>0 limit 1",
dbesc($xchan_addr), dbesc($xchan_addr),
intval(HUBLOC_FLAGS_PRIMARY) intval(HUBLOC_FLAGS_PRIMARY)
); );
@ -211,6 +212,7 @@ function zot_finger($webbie,$channel,$autofallback = true) {
if($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') { if($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') {
logger('zot_finger: alternate network: ' . $webbie); logger('zot_finger: alternate network: ' . $webbie);
logger('url: '.$url.', net: '.var_export($r[0]['hubloc_network'],true), LOGGER_DATA);
return array('success' => false); return array('success' => false);
} }
} }
@ -299,7 +301,7 @@ function zot_refresh($them,$channel = null, $force = false) {
if($them['hubloc_url']) if($them['hubloc_url'])
$url = $them['hubloc_url']; $url = $them['hubloc_url'];
else { else {
$r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d ) limit 1", $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d )>0 limit 1",
dbesc($them['xchan_hash']), dbesc($them['xchan_hash']),
intval(HUBLOC_FLAGS_PRIMARY) intval(HUBLOC_FLAGS_PRIMARY)
); );
@ -381,7 +383,7 @@ function zot_refresh($them,$channel = null, $force = false) {
} }
} }
$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1", $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d)>0 limit 1",
dbesc($x['hash']), dbesc($x['hash']),
intval($channel['channel_id']), intval($channel['channel_id']),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
@ -407,7 +409,7 @@ function zot_refresh($them,$channel = null, $force = false) {
$y = q("update abook set abook_their_perms = %d, abook_dob = '%s' $y = q("update abook set abook_their_perms = %d, abook_dob = '%s'
where abook_xchan = '%s' and abook_channel = %d where abook_xchan = '%s' and abook_channel = %d
and not (abook_flags & %d) limit 1", and not (abook_flags & %d)>0 ",
intval($their_perms), intval($their_perms),
dbesc($next_birthday), dbesc($next_birthday),
dbesc($x['hash']), dbesc($x['hash']),
@ -441,7 +443,7 @@ function zot_refresh($them,$channel = null, $force = false) {
else { else {
$default_perms = 0; $default_perms = 0;
// look for default permissions to apply in return - e.g. auto-friend // look for default permissions to apply in return - e.g. auto-friend
$z = q("select * from abook where abook_channel = %d and (abook_flags & %d) limit 1", $z = q("select * from abook where abook_channel = %d and (abook_flags & %d)>0 limit 1",
intval($channel['channel_id']), intval($channel['channel_id']),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
); );
@ -469,7 +471,7 @@ function zot_refresh($them,$channel = null, $force = false) {
$new_perms = get_all_perms($channel['channel_id'],$x['hash']); $new_perms = get_all_perms($channel['channel_id'],$x['hash']);
if($new_perms != $previous_perms) { if($new_perms != $previous_perms) {
// Send back a permissions update if permissions have changed // Send back a permissions update if permissions have changed
$z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1", $z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d)>0 limit 1",
dbesc($x['hash']), dbesc($x['hash']),
intval($channel['channel_id']), intval($channel['channel_id']),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
@ -730,7 +732,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
|| ($r[0]['xchan_url'] != $arr['url'])) { || ($r[0]['xchan_url'] != $arr['url'])) {
$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_follow = '%s', $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_follow = '%s',
xchan_connpage = '%s', xchan_flags = %d, xchan_connpage = '%s', xchan_flags = %d,
xchan_addr = '%s', xchan_url = '%s' where xchan_hash = '%s' limit 1", xchan_addr = '%s', xchan_url = '%s' where xchan_hash = '%s'",
dbesc(($arr['name']) ? $arr['name'] : '-'), dbesc(($arr['name']) ? $arr['name'] : '-'),
dbesc($arr['name_updated']), dbesc($arr['name_updated']),
dbesc($arr['connections_url']), dbesc($arr['connections_url']),
@ -783,8 +785,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
dbesc($arr['connect_url']), dbesc($arr['connect_url']),
dbesc(($arr['name']) ? $arr['name'] : '-'), dbesc(($arr['name']) ? $arr['name'] : '-'),
dbesc('zot'), dbesc('zot'),
dbesc($arr['photo_updated']), dbescdate($arr['photo_updated']),
dbesc($arr['name_updated']), dbescdate($arr['name_updated']),
intval($new_flags) intval($new_flags)
); );
@ -825,7 +827,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
// importing the photo failed somehow. Leave the photo_date alone so we can try again at a later date. // importing the photo failed somehow. Leave the photo_date alone so we can try again at a later date.
// This often happens when somebody joins the matrix with a bad cert. // This often happens when somebody joins the matrix with a bad cert.
$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
where xchan_hash = '%s' limit 1", where xchan_hash = '%s'",
dbesc($photos[0]), dbesc($photos[0]),
dbesc($photos[1]), dbesc($photos[1]),
dbesc($photos[2]), dbesc($photos[2]),
@ -835,8 +837,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
} }
else { else {
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
where xchan_hash = '%s' limit 1", where xchan_hash = '%s'",
dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])),
dbesc($photos[0]), dbesc($photos[0]),
dbesc($photos[1]), dbesc($photos[1]),
dbesc($photos[2]), dbesc($photos[2]),
@ -896,10 +898,10 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
else { else {
logger('import_xchan: profile not available - hiding'); logger('import_xchan: profile not available - hiding');
// they may have made it private // they may have made it private
$r = q("delete from xprof where xprof_hash = '%s' limit 1", $r = q("delete from xprof where xprof_hash = '%s'",
dbesc($xchan_hash) dbesc($xchan_hash)
); );
$r = q("delete from xtag where xtag_hash = '%s' limit 1", $r = q("delete from xtag where xtag_hash = '%s'",
dbesc($xchan_hash) dbesc($xchan_hash)
); );
} }
@ -921,7 +923,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
} }
elseif(! $ud_flags) { elseif(! $ud_flags) {
// nothing changed but we still need to update the updates record // nothing changed but we still need to update the updates record
q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) ", q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ",
intval(UPDATE_FLAGS_UPDATED), intval(UPDATE_FLAGS_UPDATED),
dbesc($address), dbesc($address),
intval(UPDATE_FLAGS_UPDATED) intval(UPDATE_FLAGS_UPDATED)
@ -971,14 +973,14 @@ function zot_process_response($hub,$arr,$outq) {
// async messages remain in the queue until processed. // async messages remain in the queue until processed.
if(intval($outq['outq_async'])) { if(intval($outq['outq_async'])) {
$r = q("update outq set outq_delivered = 1, outq_updated = '%s' where outq_hash = '%s' and outq_channel = %d limit 1", $r = q("update outq set outq_delivered = 1, outq_updated = '%s' where outq_hash = '%s' and outq_channel = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($outq['outq_hash']), dbesc($outq['outq_hash']),
intval($outq['outq_channel']) intval($outq['outq_channel'])
); );
} }
else { else {
$r = q("delete from outq where outq_hash = '%s' and outq_channel = %d limit 1", $r = q("delete from outq where outq_hash = '%s' and outq_channel = %d",
dbesc($outq['outq_hash']), dbesc($outq['outq_hash']),
intval($outq['outq_channel']) intval($outq['outq_channel'])
); );
@ -1094,7 +1096,7 @@ function zot_import($arr, $sender_url) {
} }
stringify_array_elms($recip_arr); stringify_array_elms($recip_arr);
$recips = implode(',',$recip_arr); $recips = implode(',',$recip_arr);
$r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d ) ", $r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d )>0 ",
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
if(! $r) { if(! $r) {
@ -1276,9 +1278,9 @@ function public_recips($msg) {
if($msg['notify']['sender']['url'] === z_root()) if($msg['notify']['sender']['url'] === z_root())
$sql = " where (( " . $col . " & " . PERMS_NETWORK . " ) or ( " . $col . " & " . PERMS_SITE . " ) or ( " . $col . " & " . PERMS_PUBLIC . ")) "; $sql = " where (( " . $col . " & " . PERMS_NETWORK . " )>0 or ( " . $col . " & " . PERMS_SITE . " )>0 or ( " . $col . " & " . PERMS_PUBLIC . ")>0) ";
else else
$sql = " where (( " . $col . " & " . PERMS_NETWORK . " ) or ( " . $col . " & " . PERMS_PUBLIC . ")) "; $sql = " where (( " . $col . " & " . PERMS_NETWORK . " )>0 or ( " . $col . " & " . PERMS_PUBLIC . ")>0) ";
$r = q("select channel_hash as hash from channel $sql or channel_hash = '%s' ", $r = q("select channel_hash as hash from channel $sql or channel_hash = '%s' ",
@ -1288,7 +1290,7 @@ function public_recips($msg) {
if(! $r) if(! $r)
$r = array(); $r = array();
$x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_PENDING . " ) OR (( " . $col . " & " . PERMS_CONTACTS . " ) and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )) ", $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " )>0 and (( " . $col . " & " . PERMS_SPECIFIC . " )>0 and ( abook_my_perms & " . $field . " )>0) OR ( " . $col . " & " . PERMS_PENDING . " )>0 OR (( " . $col . " & " . PERMS_CONTACTS . " )>0 and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )>0) ",
dbesc($msg['notify']['sender']['hash']) dbesc($msg['notify']['sender']['hash'])
); );
@ -1364,7 +1366,7 @@ function allowed_public_recips($msg) {
$condensed_recips[] = $rr['hash']; $condensed_recips[] = $rr['hash'];
$results = array(); $results = array();
$r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & %d ) ", $r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & %d )>0 ",
dbesc($hash), dbesc($hash),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -1599,7 +1601,7 @@ function remove_community_tag($sender,$arr,$uid) {
return; return;
} }
$x = q("delete from term where uid = %d and oid = %d and otype = %d and type = %d and term = '%s' and url = '%s' limit 1", $x = q("delete from term where uid = %d and oid = %d and otype = %d and type = %d and term = '%s' and url = '%s'",
intval($uid), intval($uid),
intval($r[0]['id']), intval($r[0]['id']),
intval(TERM_OBJ_POST), intval(TERM_OBJ_POST),
@ -1693,7 +1695,7 @@ function process_mail_delivery($sender,$arr,$deliveries) {
); );
if($r) { if($r) {
if($arr['mail_flags'] & MAIL_RECALLED) { if($arr['mail_flags'] & MAIL_RECALLED) {
$x = q("delete from mail where id = %d and channel_id = %d limit 1", $x = q("delete from mail where id = %d and channel_id = %d",
intval($r[0]['id']), intval($r[0]['id']),
intval($channel['channel_id']) intval($channel['channel_id'])
); );
@ -1819,7 +1821,7 @@ function sync_locations($sender,$arr,$absolute = false) {
// This only happens when called from import_xchan // This only happens when called from import_xchan
if(array_key_exists('site',$arr) && $location['url'] == $arr['site']['url']) { if(array_key_exists('site',$arr) && $location['url'] == $arr['site']['url']) {
q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d limit 1", q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($r[0]['hubloc_id']) intval($r[0]['hubloc_id'])
@ -1831,17 +1833,17 @@ function sync_locations($sender,$arr,$absolute = false) {
// the directory server if the site is alive. // the directory server if the site is alive.
if($r[0]['hubloc_status'] & HUBLOC_OFFLINE) { if($r[0]['hubloc_status'] & HUBLOC_OFFLINE) {
q("update hubloc set hubloc_status = (hubloc_status ^ %d) where hubloc_id = %d limit 1", q("update hubloc set hubloc_status = (hubloc_status & ~%d) where hubloc_id = %d",
intval(HUBLOC_OFFLINE), intval(HUBLOC_OFFLINE),
intval($r[0]['hubloc_id']) intval($r[0]['hubloc_id'])
); );
if($r[0]['hubloc_flags'] & HUBLOC_FLAGS_ORPHANCHECK) { if($r[0]['hubloc_flags'] & HUBLOC_FLAGS_ORPHANCHECK) {
q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where hubloc_id = %d limit 1", q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where hubloc_id = %d",
intval(HUBLOC_FLAGS_ORPHANCHECK), intval(HUBLOC_FLAGS_ORPHANCHECK),
intval($r[0]['hubloc_id']) intval($r[0]['hubloc_id'])
); );
} }
q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1", q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN),
dbesc($sender['hash']) dbesc($sender['hash'])
@ -1851,7 +1853,7 @@ function sync_locations($sender,$arr,$absolute = false) {
// Remove pure duplicates // Remove pure duplicates
if(count($r) > 1) { if(count($r) > 1) {
for($h = 1; $h < count($r); $h ++) { for($h = 1; $h < count($r); $h ++) {
q("delete from hubloc where hubloc_id = %d limit 1", q("delete from hubloc where hubloc_id = %d",
intval($r[$h]['hubloc_id']) intval($r[$h]['hubloc_id'])
); );
$what .= 'duplicate_hubloc_removed '; $what .= 'duplicate_hubloc_removed ';
@ -1861,7 +1863,7 @@ function sync_locations($sender,$arr,$absolute = false) {
if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) && (! $location['primary'])) if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) && (! $location['primary']))
|| ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY)) && ($location['primary']))) { || ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY)) && ($location['primary']))) {
$m = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1", $m = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d",
intval(HUBLOC_FLAGS_PRIMARY), intval(HUBLOC_FLAGS_PRIMARY),
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($r[0]['hubloc_id']) intval($r[0]['hubloc_id'])
@ -1882,7 +1884,7 @@ function sync_locations($sender,$arr,$absolute = false) {
} }
if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_DELETED) && (! $location['deleted'])) if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_DELETED) && (! $location['deleted']))
|| ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_DELETED)) && ($location['deleted']))) { || ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_DELETED)) && ($location['deleted']))) {
$n = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1", $n = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d",
intval(HUBLOC_FLAGS_DELETED), intval(HUBLOC_FLAGS_DELETED),
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($r[0]['hubloc_id']) intval($r[0]['hubloc_id'])
@ -1897,7 +1899,7 @@ function sync_locations($sender,$arr,$absolute = false) {
// New hub claiming to be primary. Make it so by removing any existing primaries. // New hub claiming to be primary. Make it so by removing any existing primaries.
if(intval($location['primary'])) { if(intval($location['primary'])) {
$r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_hash = '%s' and (hubloc_flags & %d )", $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_hash = '%s' and (hubloc_flags & %d )>0",
intval(HUBLOC_FLAGS_PRIMARY), intval(HUBLOC_FLAGS_PRIMARY),
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($sender['hash']), dbesc($sender['hash']),
@ -1940,7 +1942,7 @@ function sync_locations($sender,$arr,$absolute = false) {
foreach($xisting as $x) { foreach($xisting as $x) {
if(! array_key_exists('updated',$x)) { if(! array_key_exists('updated',$x)) {
logger('sync_locations: deleting unreferenced hub location ' . $x['hubloc_url']); logger('sync_locations: deleting unreferenced hub location ' . $x['hubloc_url']);
$r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1", $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d",
intval(HUBLOC_FLAGS_DELETED), intval(HUBLOC_FLAGS_DELETED),
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($x['hubloc_id']) intval($x['hubloc_id'])
@ -2034,7 +2036,7 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_
if(in_arrayi('nsfw',$clean) || in_arrayi('adult',$clean)) { if(in_arrayi('nsfw',$clean) || in_arrayi('adult',$clean)) {
q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s' limit 1", q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'",
intval(XCHAN_FLAGS_SELFCENSORED), intval(XCHAN_FLAGS_SELFCENSORED),
dbesc($hash) dbesc($hash)
); );
@ -2069,7 +2071,7 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_
xprof_homepage = '%s', xprof_homepage = '%s',
xprof_hometown = '%s', xprof_hometown = '%s',
xprof_keywords = '%s' xprof_keywords = '%s'
where xprof_hash = '%s' limit 1", where xprof_hash = '%s'",
dbesc($arr['xprof_desc']), dbesc($arr['xprof_desc']),
dbesc($arr['xprof_dob']), dbesc($arr['xprof_dob']),
intval($arr['xprof_age']), intval($arr['xprof_age']),
@ -2139,7 +2141,7 @@ function import_directory_keywords($hash,$keywords) {
foreach($existing as $x) { foreach($existing as $x) {
if(! in_array($x,$clean)) if(! in_array($x,$clean))
$r = q("delete from xtag where xtag_hash = '%s' and xtag_term = '%s' limit 1", $r = q("delete from xtag where xtag_hash = '%s' and xtag_term = '%s'",
dbesc($hash), dbesc($hash),
dbesc($x) dbesc($x)
); );
@ -2171,7 +2173,7 @@ function update_modtime($hash,$guid,$addr,$flags = 0) {
); );
} }
else { else {
q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) ", q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ",
intval(UPDATE_FLAGS_UPDATED), intval(UPDATE_FLAGS_UPDATED),
dbesc($addr), dbesc($addr),
intval(UPDATE_FLAGS_UPDATED) intval(UPDATE_FLAGS_UPDATED)
@ -2262,7 +2264,7 @@ function import_site($arr,$pubkey) {
// logger('import_site: stored: ' . print_r($siterecord,true)); // logger('import_site: stored: ' . print_r($siterecord,true));
$r = q("update site set site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s' $r = q("update site set site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s'
where site_url = '%s' limit 1", where site_url = '%s'",
dbesc($site_location), dbesc($site_location),
intval($site_directory), intval($site_directory),
intval($access_policy), intval($access_policy),
@ -2478,7 +2480,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
if(count($clean)) { if(count($clean)) {
foreach($clean as $k => $v) { foreach($clean as $k => $v) {
$r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) $r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v)
. "' where channel_id = " . intval($channel['channel_id']) . " limit 1"); . "' where channel_id = " . intval($channel['channel_id']) );
} }
} }
} }
@ -2509,7 +2511,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']); logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']);
require_once('include/Contact.php'); require_once('include/Contact.php');
$r = q("select abook_id, abook_flags from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1", $r = q("select abook_id, abook_flags from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d )>0 limit 1",
dbesc($abook['abook_xchan']), dbesc($abook['abook_xchan']),
intval($channel['channel_id']), intval($channel['channel_id']),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
@ -2587,8 +2589,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
if(count($clean)) { if(count($clean)) {
foreach($clean as $k => $v) { foreach($clean as $k => $v) {
$r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v) $r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v)
. "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id']) . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id']));
. " limit 1");
} }
} }
} }
@ -2613,7 +2614,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
if(($y['name'] != $cl['name']) if(($y['name'] != $cl['name'])
|| ($y['visible'] != $cl['visible']) || ($y['visible'] != $cl['visible'])
|| ($y['deleted'] != $cl['deleted'])) { || ($y['deleted'] != $cl['deleted'])) {
q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d limit 1", q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d",
dbesc($cl['name']), dbesc($cl['name']),
intval($cl['visible']), intval($cl['visible']),
intval($cl['deleted']), intval($cl['deleted']),
@ -2656,7 +2657,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
q("delete from group_member where gid = %d", q("delete from group_member where gid = %d",
intval($y['id']) intval($y['id'])
); );
q("update groups set deleted = 1 where id = %d and uid = %d limit 1", q("update groups set deleted = 1 where id = %d and uid = %d",
intval($y['id']), intval($y['id']),
intval($channel['channel_id']) intval($channel['channel_id'])
); );
@ -2719,7 +2720,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
foreach($m as $mm) { foreach($m as $mm) {
// if the local existing member isn't in the list we just received - remove them // if the local existing member isn't in the list we just received - remove them
if(! in_array($mm['xchan'],$members[$y['hash']])) { if(! in_array($mm['xchan'],$members[$y['hash']])) {
q("delete from group_member where xchan = '%s' and gid = %d and uid = %d limit 1", q("delete from group_member where xchan = '%s' and gid = %d and uid = %d",
dbesc($mm['xchan']), dbesc($mm['xchan']),
intval($y['id']), intval($y['id']),
intval($channel['channel_id']) intval($channel['channel_id'])
@ -2765,8 +2766,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
if(count($clean)) { if(count($clean)) {
foreach($clean as $k => $v) { foreach($clean as $k => $v) {
$r = dbq("UPDATE profile set " . dbesc($k) . " = '" . dbesc($v) $r = dbq("UPDATE profile set " . dbesc($k) . " = '" . dbesc($v)
. "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id']) . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id']));
. " limit 1");
} }
} }
} }
@ -2791,7 +2791,7 @@ function get_rpost_path($observer) {
function import_author_zot($x) { function import_author_zot($x) {
$hash = make_xchan_hash($x['guid'],$x['guid_sig']); $hash = make_xchan_hash($x['guid'],$x['guid_sig']);
$r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d) limit 1", $r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d)>0 limit 1",
dbesc($x['guid']), dbesc($x['guid']),
dbesc($x['guid_sig']), dbesc($x['guid_sig']),
intval(HUBLOC_FLAGS_PRIMARY) intval(HUBLOC_FLAGS_PRIMARY)
@ -2840,8 +2840,8 @@ function zot_process_message_request($data) {
$env_recips = null; $env_recips = null;
$r = q("select hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host $r = q("select hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host
from hubloc where hubloc_hash = '" . dbesc($sender_hash) . "' and not (hubloc_flags & %d) from hubloc where hubloc_hash = '" . dbesc($sender_hash) . "' and not (hubloc_flags & %d)>0
and not (hubloc_status & %d) group by hubloc_sitekey", and not (hubloc_status & %d)>0 group by hubloc_sitekey",
intval(HUBLOC_FLAGS_DELETED), intval(HUBLOC_FLAGS_DELETED),
intval(HUBLOC_OFFLINE) intval(HUBLOC_OFFLINE)
); );

4
index.php
View File

@ -40,8 +40,8 @@ date_default_timezone_set($a->timezone);
require_once("include/dba/dba_driver.php"); require_once("include/dba/dba_driver.php");
if(! $a->install) { if(! $a->install) {
$db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $a->install); $db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, $a->install);
unset($db_host, $db_port, $db_user, $db_pass, $db_data); unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
/** /**
* Load configs from db. Overwrite configs from .htconfig.php * Load configs from db. Overwrite configs from .htconfig.php

0
install/database.sql → install/schema_mysql.sql
View File

1190
install/schema_postgres.sql Normal file
View File

File diff suppressed because it is too large Load Diff

29
mod/acl.php
View File

@ -49,7 +49,7 @@ function acl_init(&$a){
if ($type=='' || $type=='c'){ if ($type=='' || $type=='c'){
$r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash $r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) $sql_extra2" , WHERE abook_channel = %d AND not ( abook_flags & %d )>0 and not (xchan_flags & %d )>0 $sql_extra2" ,
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED), intval(ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED),
intval(XCHAN_FLAGS_DELETED) intval(XCHAN_FLAGS_DELETED)
@ -59,7 +59,7 @@ function acl_init(&$a){
if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_user(),'system','taganyone'))) { if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_user(),'system','taganyone'))) {
if(((! $r) || (! $r[0]['total'])) && $type == 'c') { if(((! $r) || (! $r[0]['total'])) && $type == 'c') {
$r = q("SELECT COUNT(xchan_hash) AS c FROM xchan $r = q("SELECT COUNT(xchan_hash) AS c FROM xchan
WHERE not (xchan_flags & %d ) $sql_extra2" , WHERE not (xchan_flags & %d )>0 $sql_extra2" ,
intval(XCHAN_FLAGS_DELETED) intval(XCHAN_FLAGS_DELETED)
); );
$contact_count = (int)$r[0]['c']; $contact_count = (int)$r[0]['c'];
@ -75,8 +75,8 @@ function acl_init(&$a){
$r = q("SELECT count(xchan_hash) as c $r = q("SELECT count(xchan_hash) as c
FROM abook left join xchan on abook_xchan = xchan_hash FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )) WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0)
and not ( xchan_flags & %d ) and not ( xchan_flags & %d )>0
$sql_extra2 ", $sql_extra2 ",
intval(local_user()), intval(local_user()),
intval(PERMS_W_MAIL), intval(PERMS_W_MAIL),
@ -92,7 +92,7 @@ function acl_init(&$a){
// autocomplete for Contacts // autocomplete for Contacts
$r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash $r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d and not ( xchan_flags & %d ) $sql_extra2" , WHERE abook_channel = %d and not ( xchan_flags & %d )>0 $sql_extra2" ,
intval(local_user()), intval(local_user()),
intval(XCHAN_FLAGS_DELETED) intval(XCHAN_FLAGS_DELETED)
); );
@ -110,17 +110,18 @@ function acl_init(&$a){
if ($type=='' || $type=='g'){ if ($type=='' || $type=='g'){
$r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`name`, $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`name`,
GROUP_CONCAT(DISTINCT `group_member`.`xchan` SEPARATOR ',') as uids %s as uids
FROM `groups`,`group_member` FROM `groups`,`group_member`
WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d
AND `group_member`.`gid`=`groups`.`id` AND `group_member`.`gid`=`groups`.`id`
$sql_extra $sql_extra
GROUP BY `groups`.`id` GROUP BY `groups`.`id`
ORDER BY `groups`.`name` ORDER BY `groups`.`name`
LIMIT %d,%d", LIMIT %d OFFSET %d",
db_concat('group_member.xchan', ','),
intval(local_user()), intval(local_user()),
intval($start), intval($count),
intval($count) intval($start)
); );
foreach($r as $g){ foreach($r as $g){
@ -140,7 +141,7 @@ function acl_init(&$a){
if ($type=='' || $type=='c') { if ($type=='' || $type=='c') {
$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags
FROM abook left join xchan on abook_xchan = xchan_hash FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) $sql_extra2 order by xchan_name asc" , WHERE abook_channel = %d AND not ( abook_flags & %d )>0 and not (xchan_flags & %d )>0 $sql_extra2 order by xchan_name asc" ,
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED), intval(ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED),
intval(XCHAN_FLAGS_DELETED) intval(XCHAN_FLAGS_DELETED)
@ -149,7 +150,7 @@ function acl_init(&$a){
if((! $r) && $type == 'c') { if((! $r) && $type == 'c') {
$r = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags $r = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags
FROM xchan FROM xchan
WHERE not (xchan_flags & %d ) $sql_extra2 order by xchan_name asc" , WHERE not (xchan_flags & %d )>0 $sql_extra2 order by xchan_name asc" ,
intval(XCHAN_FLAGS_DELETED) intval(XCHAN_FLAGS_DELETED)
); );
} }
@ -159,8 +160,8 @@ function acl_init(&$a){
$r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
FROM abook left join xchan on abook_xchan = xchan_hash FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )) WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0)
and not (xchan_flags & %d) and not (xchan_flags & %d)>0
$sql_extra3 $sql_extra3
ORDER BY `xchan_name` ASC ", ORDER BY `xchan_name` ASC ",
intval(local_user()), intval(local_user()),
@ -171,7 +172,7 @@ function acl_init(&$a){
elseif(($type == 'a') || ($type == 'p')) { elseif(($type == 'a') || ($type == 'p')) {
$r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d WHERE abook_channel = %d
and not (xchan_flags & %d) and not (xchan_flags & %d)>0
$sql_extra3 $sql_extra3
ORDER BY xchan_name ASC ", ORDER BY xchan_name ASC ",
intval(local_user()), intval(local_user()),

37
mod/admin.php
View File

@ -594,7 +594,7 @@ function admin_page_users_post(&$a){
if (x($_POST,'page_users_block')){ if (x($_POST,'page_users_block')){
foreach($users as $uid){ foreach($users as $uid){
q("UPDATE account SET account_flags = (account_flags & %d) where account_id = %d limit 1", q("UPDATE account SET account_flags = (account_flags & %d) where account_id = %d",
intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED),
intval( $uid ) intval( $uid )
); );
@ -650,7 +650,7 @@ function admin_page_users(&$a){
}; break; }; break;
case "block":{ case "block":{
check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
q("UPDATE account SET account_flags = ( account_flags ^ %d ) where account_id = %d", q("UPDATE account SET account_flags = ( account_flags & ~%d ) where account_id = %d",
intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED),
intval( $uid ) intval( $uid )
); );
@ -664,13 +664,13 @@ function admin_page_users(&$a){
} }
/* get pending */ /* get pending */
$pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d ) ", $pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d )>0 ",
intval(ACCOUNT_PENDING) intval(ACCOUNT_PENDING)
); );
/* get users */ /* get users */
$total = q("SELECT count(*) as total FROM account where 1"); $total = q("SELECT count(*) as total FROM account");
if(count($total)) { if(count($total)) {
$a->set_pager_total($total[0]['total']); $a->set_pager_total($total[0]['total']);
$a->set_pager_itemspage(100); $a->set_pager_itemspage(100);
@ -690,14 +690,15 @@ function admin_page_users(&$a){
if($_REQUEST['order'] === 'created') if($_REQUEST['order'] === 'created')
$order = " order by account_created desc "; $order = " order by account_created desc ";
$users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d ) > 0 as `blocked`, " . $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d )>0 as `blocked`, " .
"(SELECT GROUP_CONCAT( ch.channel_address SEPARATOR ' ') FROM channel as ch " . "(SELECT %s FROM channel as ch " .
"WHERE ch.channel_account_id = ac.account_id and not (ch.channel_pageflags & %d )) as `channels` " . "WHERE ch.channel_account_id = ac.account_id and not (ch.channel_pageflags & %d )>0) as `channels` " .
"FROM account as ac where true $serviceclass $order limit %d , %d ", "FROM account as ac where true $serviceclass $order limit %d offset %d ",
intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED),
db_concat('ch.channel_address', ' '),
intval(PAGE_REMOVED), intval(PAGE_REMOVED),
intval($a->pager['start']), intval($a->pager['itemspage']),
intval($a->pager['itemspage']) intval($a->pager['start'])
); );
// function _setup_users($e){ // function _setup_users($e){
@ -764,7 +765,7 @@ function admin_page_channels_post(&$a){
if (x($_POST,'page_channels_block')){ if (x($_POST,'page_channels_block')){
foreach($channels as $uid){ foreach($channels as $uid){
q("UPDATE channel SET channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d", q("UPDATE channel SET channel_pageflags = ( channel_pageflags & ~%d ) where channel_id = %d",
intval(PAGE_CENSORED), intval(PAGE_CENSORED),
intval( $uid ) intval( $uid )
); );
@ -812,7 +813,7 @@ function admin_page_channels(&$a){
case "block":{ case "block":{
check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't'); check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't');
q("UPDATE channel SET channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d", q("UPDATE channel SET channel_pageflags = ( channel_pageflags & ~%d ) where channel_id = %d",
intval(PAGE_CENSORED), intval(PAGE_CENSORED),
intval( $uid ) intval( $uid )
); );
@ -828,7 +829,7 @@ function admin_page_channels(&$a){
/* get channels */ /* get channels */
$total = q("SELECT count(*) as total FROM channel where not (channel_pageflags & %d)", $total = q("SELECT count(*) as total FROM channel where not (channel_pageflags & %d)>0",
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
if($total) { if($total) {
@ -838,10 +839,10 @@ function admin_page_channels(&$a){
$order = " order by channel_name asc "; $order = " order by channel_name asc ";
$channels = q("SELECT * from channel where not ( channel_pageflags & %d ) $order limit %d , %d ", $channels = q("SELECT * from channel where not ( channel_pageflags & %d )>0 $order limit %d offset %d ",
intval(PAGE_REMOVED), intval(PAGE_REMOVED),
intval($a->pager['start']), intval($a->pager['itemspage']),
intval($a->pager['itemspage']) intval($a->pager['start'])
); );
if($channels) { if($channels) {
@ -1295,7 +1296,7 @@ readable.");
function admin_page_profs_post(&$a) { function admin_page_profs_post(&$a) {
if($_REQUEST['id']) { if($_REQUEST['id']) {
$r = q("update profdef set field_name = '%s', field_type = '%s', field_desc = '%s' field_help = '%s', field_inputs = '%s' where id = %d limit 1", $r = q("update profdef set field_name = '%s', field_type = '%s', field_desc = '%s' field_help = '%s', field_inputs = '%s' where id = %d",
dbesc($_REQUEST['field_name']), dbesc($_REQUEST['field_name']),
dbesc($_REQUEST['field_type']), dbesc($_REQUEST['field_type']),
dbesc($_REQUEST['field_desc']), dbesc($_REQUEST['field_desc']),
@ -1323,7 +1324,7 @@ function admin_page_profs_post(&$a) {
function admin_page_profs(&$a) { function admin_page_profs(&$a) {
if((argc() > 3) && argv(2) == 'drop' && intval(argv(3))) { if((argc() > 3) && argv(2) == 'drop' && intval(argv(3))) {
$r = q("delete from profdef where id = %d limit 1", $r = q("delete from profdef where id = %d",
intval(argv(3)) intval(argv(3))
); );
// remove from allowed fields // remove from allowed fields

18
mod/channel.php
View File

@ -141,17 +141,17 @@ function channel_content(&$a, $update = 0, $load = false) {
if(($update) && (! $load)) { if(($update) && (! $load)) {
if ($mid) { if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0 $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0
AND (item_flags & %d) AND (item_flags & %d) $sql_extra limit 1", AND (item_flags & %d)>0 AND (item_flags & %d)>0 $sql_extra limit 1",
dbesc($mid), dbesc($mid),
intval($a->profile['profile_uid']), intval($a->profile['profile_uid']),
intval(ITEM_WALL), intval(ITEM_WALL),
intval(ITEM_UNSEEN) intval(ITEM_UNSEEN)
); );
} else { } else {
$r = q("SELECT distinct parent AS `item_id` from item $r = q("SELECT distinct parent AS `item_id`, created from item
left join abook on item.author_xchan = abook.abook_xchan left join abook on item.author_xchan = abook.abook_xchan
WHERE uid = %d AND item_restrict = 0 WHERE uid = %d AND item_restrict = 0
AND (item_flags & %d) AND ( item_flags & %d ) AND (item_flags & %d)>0 AND ( item_flags & %d )>0
AND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) AND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)
$sql_extra $sql_extra
ORDER BY created DESC", ORDER BY created DESC",
@ -179,12 +179,12 @@ function channel_content(&$a, $update = 0, $load = false) {
$itemspage = get_pconfig(local_user(),'system','itemspage'); $itemspage = get_pconfig(local_user(),'system','itemspage');
$a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start']));
if($load || ($_COOKIE['jsAvailable'] != 1)) { if($load || ($_COOKIE['jsAvailable'] != 1)) {
if ($mid) { if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0 $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0
AND (item_flags & %d) $sql_extra limit 1", AND (item_flags & %d)>0 $sql_extra limit 1",
dbesc($mid), dbesc($mid),
intval($a->profile['profile_uid']), intval($a->profile['profile_uid']),
intval(ITEM_WALL) intval(ITEM_WALL)
@ -194,10 +194,10 @@ function channel_content(&$a, $update = 0, $load = false) {
} }
} else { } else {
$r = q("SELECT distinct id AS item_id FROM item $r = q("SELECT distinct id AS item_id, created FROM item
left join abook on item.author_xchan = abook.abook_xchan left join abook on item.author_xchan = abook.abook_xchan
WHERE uid = %d AND item_restrict = 0 WHERE uid = %d AND item_restrict = 0
AND (item_flags & %d) and (item_flags & %d) AND (item_flags & %d)>0 and (item_flags & %d)>0
AND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) AND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)
$sql_extra $sql_extra2 $sql_extra $sql_extra2
ORDER BY created DESC $pager_sql ", ORDER BY created DESC $pager_sql ",
@ -283,8 +283,8 @@ function channel_content(&$a, $update = 0, $load = false) {
if($is_owner) { if($is_owner) {
$r = q("UPDATE item SET item_flags = (item_flags ^ %d) $r = q("UPDATE item SET item_flags = (item_flags & ~%d)
WHERE (item_flags & %d) AND (item_flags & %d) AND uid = %d ", WHERE (item_flags & %d)>0 AND (item_flags & %d)>0 AND uid = %d ",
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(ITEM_WALL), intval(ITEM_WALL),

4
mod/chatsvc.php
View File

@ -73,7 +73,7 @@ function chatsvc_content(&$a) {
intval($a->data['chat']['uid']) intval($a->data['chat']['uid'])
); );
$r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s' limit 1", $r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'",
dbesc($status), dbesc($status),
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($room_id), intval($room_id),
@ -141,7 +141,7 @@ function chatsvc_content(&$a) {
} }
} }
$r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s' limit 1", $r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($a->data['chat']['room_id']), intval($a->data['chat']['room_id']),
dbesc(get_observer_hash()), dbesc(get_observer_hash()),

2
mod/connect.php
View File

@ -38,7 +38,7 @@ function connect_post(&$a) {
$text = escape_tags($_POST['text']); $text = escape_tags($_POST['text']);
if($has_premium != $premium) { if($has_premium != $premium) {
$r = q("update channel set channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d limit 1", $r = q("update channel set channel_pageflags = ( channel_pageflags & ~%d ) where channel_id = %d",
intval(PAGE_PREMIUM), intval(PAGE_PREMIUM),
intval(local_user()) intval(local_user())
); );

18
mod/connections.php
View File

@ -81,7 +81,7 @@ function connections_post(&$a) {
} }
$r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d
where abook_id = %d AND abook_channel = %d LIMIT 1", where abook_id = %d AND abook_channel = %d",
dbesc($profile_id), dbesc($profile_id),
intval($abook_my_perms), intval($abook_my_perms),
intval($closeness), intval($closeness),
@ -213,7 +213,7 @@ function connections_content(&$a) {
nav_set_selected('intros'); nav_set_selected('intros');
break; break;
case 'ifpending': case 'ifpending':
$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)",
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_PENDING),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED),
@ -250,13 +250,13 @@ function connections_content(&$a) {
} }
$sql_extra = (($search_flags) ? " and ( abook_flags & " . $search_flags . " ) " : ""); $sql_extra = (($search_flags) ? " and ( abook_flags & " . $search_flags . " )>0 " : "");
if(argv(1) === 'pending') if(argv(1) === 'pending')
$sql_extra .= " and not ( abook_flags & " . ABOOK_FLAG_IGNORED . " ) "; $sql_extra .= " and not ( abook_flags & " . ABOOK_FLAG_IGNORED . " )>0 ";
} }
else { else {
$sql_extra = " and not ( abook_flags & " . ABOOK_FLAG_BLOCKED . " ) "; $sql_extra = " and not ( abook_flags & " . ABOOK_FLAG_BLOCKED . " )>0 ";
$unblocked = true; $unblocked = true;
} }
@ -342,7 +342,7 @@ function connections_content(&$a) {
} }
$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash
where abook_channel = %d and not (abook_flags & %d) and not (xchan_flags & %d ) $sql_extra $sql_extra2 ", where abook_channel = %d and not (abook_flags & %d)>0 and not (xchan_flags & %d )>0 $sql_extra $sql_extra2 ",
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_SELF), intval(ABOOK_FLAG_SELF),
intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN) intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN)
@ -353,12 +353,12 @@ function connections_content(&$a) {
} }
$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash
WHERE abook_channel = %d and not (abook_flags & %d) and not ( xchan_flags & %d) $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d , %d ", WHERE abook_channel = %d and not (abook_flags & %d)>0 and not ( xchan_flags & %d)>0 $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d OFFSET %d ",
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_SELF), intval(ABOOK_FLAG_SELF),
intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN),
intval($a->pager['start']), intval($a->pager['itemspage']),
intval($a->pager['itemspage']) intval($a->pager['start'])
); );
$contacts = array(); $contacts = array();

4
mod/connedit.php
View File

@ -109,7 +109,7 @@ function connedit_post(&$a) {
} }
$r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d
where abook_id = %d AND abook_channel = %d LIMIT 1", where abook_id = %d AND abook_channel = %d",
dbesc($profile_id), dbesc($profile_id),
intval($abook_my_perms), intval($abook_my_perms),
intval($closeness), intval($closeness),
@ -292,7 +292,7 @@ function connedit_content(&$a) {
$cmd = argv(2); $cmd = argv(2);
$orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d ) LIMIT 1", WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d )>0 LIMIT 1",
intval($contact_id), intval($contact_id),
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)

2
mod/contactgroup.php
View File

@ -9,7 +9,7 @@ function contactgroup_content(&$a) {
} }
if((argc() > 2) && (intval(argv(1))) && (argv(2))) { if((argc() > 2) && (intval(argv(1))) && (argv(2))) {
$r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1", $r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d )>0 limit 1",
dbesc(base64url_decode(argv(2))), dbesc(base64url_decode(argv(2))),
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)

2
mod/delegate.php
View File

@ -42,7 +42,7 @@ function delegate_content(&$a) {
if(x($_SESSION,'submanage') && intval($_SESSION['submanage'])) if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
goaway($a->get_baseurl() . '/delegate'); goaway($a->get_baseurl() . '/delegate');
q("delete from manage where uid = %d and mid = %d limit 1", q("delete from manage where uid = %d and mid = %d",
intval($a->argv[2]), intval($a->argv[2]),
intval(local_user()) intval(local_user())
); );

8
mod/dirsearch.php
View File

@ -151,16 +151,16 @@ function dirsearch_content(&$a) {
} }
$safesql = (($safe > 0) ? " and not ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " ) " : ''); $safesql = (($safe > 0) ? " and not ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " )>0 " : '');
if($safe < 0) if($safe < 0)
$safesql = " and ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " ) "; $safesql = " and ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " )>0 ";
if($limit) if($limit)
$qlimit = " LIMIT $limit "; $qlimit = " LIMIT $limit ";
else { else {
$qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage); $qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage);
if($return_total) { if($return_total) {
$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and not ( xchan_flags & %d) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql ", $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and not ( xchan_flags & %d)>0 and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 $safesql ",
intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_HIDDEN),
intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_DELETED) intval(XCHAN_FLAGS_DELETED)
@ -205,7 +205,7 @@ function dirsearch_content(&$a) {
json_return_and_die($spkt); json_return_and_die($spkt);
} }
else { else {
$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and xchan_network = 'zot' and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql $order $qlimit ", $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and xchan_network = 'zot' and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 $safesql $order $qlimit ",
intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_HIDDEN),
intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_DELETED) intval(XCHAN_FLAGS_DELETED)

8
mod/display.php
View File

@ -149,7 +149,7 @@ function display_content(&$a, $update = 0, $load = false) {
$updateable = false; $updateable = false;
$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']),intval($a->pager['start']));
if($load || ($_COOKIE['jsAvailable'] != 1)) { if($load || ($_COOKIE['jsAvailable'] != 1)) {
$r = null; $r = null;
@ -189,7 +189,7 @@ function display_content(&$a, $update = 0, $load = false) {
and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
OR owner_xchan = '%s') OR owner_xchan = '%s')
$sql_extra ) $sql_extra )
group by mid limit 1", limit 1",
dbesc($target_item['parent_mid']), dbesc($target_item['parent_mid']),
dbesc($sys['xchan_hash']) dbesc($sys['xchan_hash'])
); );
@ -228,8 +228,8 @@ function display_content(&$a, $update = 0, $load = false) {
} }
if($updateable) { if($updateable) {
$x = q("UPDATE item SET item_flags = ( item_flags ^ %d ) $x = q("UPDATE item SET item_flags = ( item_flags & ~%d )
WHERE (item_flags & %d) AND uid = %d and parent = %d ", WHERE (item_flags & %d)>0 AND uid = %d and parent = %d ",
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(local_user()), intval(local_user()),

8
mod/events.php
View File

@ -199,14 +199,14 @@ function events_content(&$a) {
nav_set_selected('all_events'); nav_set_selected('all_events');
if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) { if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) {
$r = q("update event set ignore = 1 where id = %d and uid = %d limit 1", $r = q("update event set ignore = 1 where id = %d and uid = %d",
intval(argv(2)), intval(argv(2)),
intval(local_user()) intval(local_user())
); );
} }
if((argc() > 2) && (argv(1) === 'unignore') && intval(argv(2))) { if((argc() > 2) && (argv(1) === 'unignore') && intval(argv(2))) {
$r = q("update event set ignore = 0 where id = %d and uid = %d limit 1", $r = q("update event set ignore = 0 where id = %d and uid = %d",
intval(argv(2)), intval(argv(2)),
intval(local_user()) intval(local_user())
); );
@ -330,8 +330,8 @@ function events_content(&$a) {
$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
from event left join item on event_hash = resource_id from event left join item on event_hash = resource_id
where resource_type = 'event' and event.uid = %d and event.ignore = %d where resource_type = 'event' and event.uid = %d and event.ignore = %d
AND (( `adjust` = 0 AND ( `finish` >= '%s' or nofinish ) AND `start` <= '%s' ) AND (( `adjust` = 0 AND ( `finish` >= '%s' or nofinish = 1 ) AND `start` <= '%s' )
OR ( `adjust` = 1 AND ( `finish` >= '%s' or nofinish ) AND `start` <= '%s' )) ", OR ( `adjust` = 1 AND ( `finish` >= '%s' or nofinish = 1 ) AND `start` <= '%s' )) ",
intval(local_user()), intval(local_user()),
intval($ignored), intval($ignored),
dbesc($start), dbesc($start),

2
mod/filer.php
View File

@ -27,7 +27,7 @@ function filer_content(&$a) {
intval(local_user()) intval(local_user())
); );
if($r) { if($r) {
$x = q("update item set item_flags = ( item_flags | %d ) where id = %d and uid = %d limit 1", $x = q("update item set item_flags = ( item_flags | %d ) where id = %d and uid = %d",
intval(ITEM_RETAINED), intval(ITEM_RETAINED),
intval($r[0]['parent']), intval($r[0]['parent']),
intval(local_user()) intval(local_user())

2
mod/filerm.php
View File

@ -18,7 +18,7 @@ function filerm_content(&$a) {
logger('filerm: tag ' . $term . ' item ' . $item_id); logger('filerm: tag ' . $term . ' item ' . $item_id);
if($item_id && strlen($term)) { if($item_id && strlen($term)) {
$r = q("delete from term where uid = %d and type = %d and oid = %d and term = '%s' limit 1", $r = q("delete from term where uid = %d and type = %d and oid = %d and term = '%s'",
intval(local_user()), intval(local_user()),
intval(($category) ? TERM_CATEGORY : TERM_FILE), intval(($category) ? TERM_CATEGORY : TERM_FILE),
intval($item_id), intval($item_id),

2
mod/fsuggest.php
View File

@ -52,7 +52,7 @@ function fsuggest_post(&$a) {
); );
if(count($r)) { if(count($r)) {
$fsuggest_id = $r[0]['id']; $fsuggest_id = $r[0]['id'];
q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d",
dbesc($note), dbesc($note),
intval($fsuggest_id), intval($fsuggest_id),
intval(local_user()) intval(local_user())

6
mod/group.php
View File

@ -44,7 +44,7 @@ function group_post(&$a) {
$public = intval($_POST['public']); $public = intval($_POST['public']);
if((strlen($groupname)) && (($groupname != $group['name']) || ($public != $group['visible']))) { if((strlen($groupname)) && (($groupname != $group['name']) || ($public != $group['visible']))) {
$r = q("UPDATE `groups` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d LIMIT 1", $r = q("UPDATE `groups` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d",
dbesc($groupname), dbesc($groupname),
intval($public), intval($public),
intval(local_user()), intval(local_user()),
@ -117,7 +117,7 @@ function group_content(&$a) {
check_form_security_token_ForbiddenOnErr('group_member_change', 't'); check_form_security_token_ForbiddenOnErr('group_member_change', 't');
$r = q("SELECT abook_xchan from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (xchan_flags & %d) and not (abook_flags & %d) and not (abook_flags & %d) limit 1", $r = q("SELECT abook_xchan from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (xchan_flags & %d)>0 and not (abook_flags & %d)>0 and not (abook_flags & %d)>0 limit 1",
dbesc(base64url_decode(argv(2))), dbesc(base64url_decode(argv(2))),
intval(local_user()), intval(local_user()),
intval(XCHAN_FLAGS_DELETED), intval(XCHAN_FLAGS_DELETED),
@ -211,7 +211,7 @@ function group_content(&$a) {
group_rmv_member(local_user(),$group['name'],$member['xchan_hash']); group_rmv_member(local_user(),$group['name'],$member['xchan_hash']);
} }
$r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND not (abook_flags & %d) and not (xchan_flags & %d) and not (abook_flags & %d) order by xchan_name asc", $r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND not (abook_flags & %d)>0 and not (xchan_flags & %d)>0 and not (abook_flags & %d)>0 order by xchan_name asc",
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_BLOCKED), intval(ABOOK_FLAG_BLOCKED),
intval(XCHAN_FLAGS_DELETED), intval(XCHAN_FLAGS_DELETED),

6
mod/import.php
View File

@ -215,7 +215,7 @@ function import_post(&$a) {
// reset the original primary hubloc if it is being seized // reset the original primary hubloc if it is being seized
if($seize) if($seize)
$r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where (hubloc_flags & %d) and hubloc_hash = '%s' and hubloc_url != '%s' ", $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where (hubloc_flags & %d)>0 and hubloc_hash = '%s' and hubloc_url != '%s' ",
intval(HUBLOC_FLAGS_PRIMARY), intval(HUBLOC_FLAGS_PRIMARY),
intval(HUBLOC_FLAGS_PRIMARY), intval(HUBLOC_FLAGS_PRIMARY),
dbesc($channel['channel_hash']), dbesc($channel['channel_hash']),
@ -228,7 +228,7 @@ function import_post(&$a) {
// replace our existing xchan if we're seizing control // replace our existing xchan if we're seizing control
$r = q("delete from xchan where xchan_hash = '%s' limit 1", $r = q("delete from xchan where xchan_hash = '%s'",
dbesc($channel['channel_hash']) dbesc($channel['channel_hash'])
); );
@ -278,7 +278,7 @@ function import_post(&$a) {
$photodate = $xchan['xchan_photo_date']; $photodate = $xchan['xchan_photo_date'];
$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s'
where xchan_hash = '%s' limit 1", where xchan_hash = '%s'",
dbesc($photos[0]), dbesc($photos[0]),
dbesc($photos[1]), dbesc($photos[1]),
dbesc($photos[2]), dbesc($photos[2]),

6
mod/item.php
View File

@ -877,7 +877,7 @@ function item_post(&$a) {
// They will show up as people comment on them. // They will show up as people comment on them.
if($parent_item['item_restrict'] & ITEM_HIDDEN) { if($parent_item['item_restrict'] & ITEM_HIDDEN) {
$r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d LIMIT 1", $r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d",
intval($parent_item['item_restrict'] - ITEM_HIDDEN), intval($parent_item['item_restrict'] - ITEM_HIDDEN),
intval($parent_item['id']) intval($parent_item['id'])
); );
@ -1291,7 +1291,7 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body,
$private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false); $private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false);
$r = q("UPDATE item SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d $r = q("UPDATE item SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d
WHERE id = %d AND uid = %d limit 1", WHERE id = %d AND uid = %d",
dbesc($str_contact_allow), dbesc($str_contact_allow),
dbesc($str_group_allow), dbesc($str_group_allow),
dbesc($str_contact_deny), dbesc($str_contact_deny),
@ -1341,7 +1341,7 @@ function item_check_service_class($channel_id,$iswebpage) {
if ($iswebpage) { if ($iswebpage) {
$r = q("select count(i.id) as total from item i $r = q("select count(i.id) as total from item i
right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id ) right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id )
and i.parent=i.id and (i.item_restrict & %d) and not (i.item_restrict & %d) and i.uid= %d ", and i.parent=i.id and (i.item_restrict & %d)>0 and not (i.item_restrict & %d)>0 and i.uid= %d ",
intval(ITEM_WEBPAGE), intval(ITEM_WEBPAGE),
intval(ITEM_DELETED), intval(ITEM_DELETED),
intval($channel_id) intval($channel_id)

4
mod/like.php
View File

@ -276,7 +276,7 @@ function like_content(&$a) {
// Already liked/disliked it, delete it // Already liked/disliked it, delete it
$r = q("UPDATE item SET item_restrict = ( item_restrict ^ %d ), changed = '%s' WHERE id = %d LIMIT 1", $r = q("UPDATE item SET item_restrict = ( item_restrict & ~%d ), changed = '%s' WHERE id = %d",
intval(ITEM_DELETED), intval(ITEM_DELETED),
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($like_item['id']) intval($like_item['id'])
@ -332,7 +332,7 @@ function like_content(&$a) {
// if this was a linked photo and was hidden, unhide it. // if this was a linked photo and was hidden, unhide it.
if($item['item_restrict'] & ITEM_HIDDEN) { if($item['item_restrict'] & ITEM_HIDDEN) {
$r = q("update item set item_restrict = (item_restrict ^ %d) where id = %d limit 1", $r = q("update item set item_restrict = (item_restrict ^ %d) where id = %d",
intval(ITEM_HIDDEN), intval(ITEM_HIDDEN),
intval($item['id']) intval($item['id'])
); );

6
mod/locs.php
View File

@ -47,12 +47,12 @@ function locs_post(&$a) {
notice( t('Location not found.') . EOL); notice( t('Location not found.') . EOL);
return; return;
} }
$r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where (hubloc_flags & %d) and hubloc_hash = '%s' ", $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where (hubloc_flags & %d)>0 and hubloc_hash = '%s' ",
intval(HUBLOC_FLAGS_PRIMARY), intval(HUBLOC_FLAGS_PRIMARY),
intval(HUBLOC_FLAGS_PRIMARY), intval(HUBLOC_FLAGS_PRIMARY),
dbesc($channel['channel_hash']) dbesc($channel['channel_hash'])
); );
$r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s' limit 1", $r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s'",
intval(HUBLOC_FLAGS_PRIMARY), intval(HUBLOC_FLAGS_PRIMARY),
intval($hubloc_id), intval($hubloc_id),
dbesc($channel['channel_hash']) dbesc($channel['channel_hash'])
@ -78,7 +78,7 @@ function locs_post(&$a) {
notice( t('Primary location cannot be removed.') . EOL); notice( t('Primary location cannot be removed.') . EOL);
return; return;
} }
$r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s' limit 1", $r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s'",
intval(HUBLOC_FLAGS_DELETED), intval(HUBLOC_FLAGS_DELETED),
intval($hubloc_id), intval($hubloc_id),
dbesc($channel['channel_hash']) dbesc($channel['channel_hash'])

4
mod/lostpass.php
View File

@ -21,7 +21,7 @@ function lostpass_post(&$a) {
$hash = random_string(); $hash = random_string();
$r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d LIMIT 1", $r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d",
dbesc($hash), dbesc($hash),
intval($aid) intval($aid)
); );
@ -73,7 +73,7 @@ function lostpass_content(&$a) {
$salt = random_string(32); $salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $new_password); $password_encoded = hash('whirlpool', $salt . $new_password);
$r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '' where account_id = %d limit 1", $r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '' where account_id = %d",
dbesc($salt), dbesc($salt),
dbesc($password_encoded), dbesc($password_encoded),
intval($aid) intval($aid)

2
mod/mail.php
View File

@ -141,7 +141,7 @@ function mail_content(&$a) {
if(! intval(argv(2))) if(! intval(argv(2)))
return; return;
$cmd = argv(1); $cmd = argv(1);
$r = q("update mail set mail_flags = mail_flags | %d where id = %d and channel_id = %d limit 1", $r = q("update mail set mail_flags = mail_flags | %d where id = %d and channel_id = %d",
intval(MAIL_RECALLED), intval(MAIL_RECALLED),
intval(argv(2)), intval(argv(2)),
intval(local_user()) intval(local_user())

12
mod/manage.php
View File

@ -17,7 +17,7 @@ function manage_content(&$a) {
intval(get_account_id()) intval(get_account_id())
); );
if($r) { if($r) {
q("update account set account_default_channel = %d where account_id = %d limit 1", q("update account set account_default_channel = %d where account_id = %d",
intval($change_channel), intval($change_channel),
intval(get_account_id()) intval(get_account_id())
); );
@ -36,7 +36,7 @@ function manage_content(&$a) {
$channels = null; $channels = null;
if(local_user()) { if(local_user()) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d )>0 order by channel_name ",
intval(get_account_id()), intval(get_account_id()),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -55,7 +55,7 @@ function manage_content(&$a) {
$c = q("SELECT id, item_restrict, item_flags FROM item $c = q("SELECT id, item_restrict, item_flags FROM item
WHERE (item_restrict = %d) and ( item_flags & %d ) and uid = %d", WHERE (item_restrict = %d) and ( item_flags & %d )>0 and uid = %d",
intval(ITEM_VISIBLE), intval(ITEM_VISIBLE),
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval($channels[$x]['channel_id']) intval($channels[$x]['channel_id'])
@ -71,7 +71,7 @@ function manage_content(&$a) {
} }
$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)",
intval($channels[$x]['channel_id']), intval($channels[$x]['channel_id']),
intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_PENDING),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED),
@ -82,7 +82,7 @@ function manage_content(&$a) {
$channels[$x]['intros'] = intval($intr[0]['total']); $channels[$x]['intros'] = intval($intr[0]['total']);
$mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND not (mail_flags & %d) and from_xchan != '%s' ", $mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND not (mail_flags & %d)>0 and from_xchan != '%s' ",
intval($channels[$x]['channel_id']), intval($channels[$x]['channel_id']),
intval(MAIL_SEEN), intval(MAIL_SEEN),
dbesc($channels[$x]['channel_hash']) dbesc($channels[$x]['channel_hash'])
@ -127,7 +127,7 @@ function manage_content(&$a) {
} }
} }
$r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )", $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0",
intval(get_account_id()), intval(get_account_id()),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );

22
mod/network.php
View File

@ -150,12 +150,12 @@ function network_content(&$a, $update = 0, $load = false) {
$sql_options = (($star) $sql_options = (($star)
? " and (item_flags & " . intval(ITEM_STARRED) . ")" ? " and (item_flags & " . intval(ITEM_STARRED) . ")>0"
: ''); : '');
$sql_nets = ''; $sql_nets = '';
$sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) "; $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ")>0 $sql_options ) ";
if($group) { if($group) {
$contact_str = ''; $contact_str = '';
@ -184,7 +184,7 @@ function network_content(&$a, $update = 0, $load = false) {
elseif($cid) { elseif($cid) {
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ") limit 1", $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ")>0 limit 1",
intval($cid), intval($cid),
intval(local_user()) intval(local_user())
); );
@ -264,7 +264,7 @@ function network_content(&$a, $update = 0, $load = false) {
} }
if($conv) { if($conv) {
$sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or ( item_flags & %d ))) ", $sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or ( item_flags & %d )>0)) ",
dbesc(protect_sprintf($channel['channel_hash'])), dbesc(protect_sprintf($channel['channel_hash'])),
intval(ITEM_MENTIONSME) intval(ITEM_MENTIONSME)
); );
@ -279,7 +279,7 @@ function network_content(&$a, $update = 0, $load = false) {
else { else {
$itemspage = get_pconfig(local_user(),'system','itemspage'); $itemspage = get_pconfig(local_user(),'system','itemspage');
$a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start']));
} }
@ -314,7 +314,7 @@ function network_content(&$a, $update = 0, $load = false) {
$uids = " and item.uid = " . local_user() . " "; $uids = " and item.uid = " . local_user() . " ";
} }
$simple_update = (($update) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : ''); $simple_update = (($update) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " )>0 " : '');
// This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day // This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day
// or three and look at your matrix page - after opening up your browser. The first page loads just as it // or three and look at your matrix page - after opening up your browser. The first page loads just as it
@ -336,7 +336,7 @@ function network_content(&$a, $update = 0, $load = false) {
if($nouveau && $load) { if($nouveau && $load) {
// "New Item View" - show all items unthreaded in reverse created date order // "New Item View" - show all items unthreaded in reverse created date order
$items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item` $items = q("SELECT `item`.*, `item`.`id` AS `item_id`, received FROM `item`
WHERE true $uids AND item_restrict = 0 WHERE true $uids AND item_restrict = 0
$simple_update $simple_update
$sql_extra $sql_nets $sql_extra $sql_nets
@ -364,13 +364,13 @@ function network_content(&$a, $update = 0, $load = false) {
// Fetch a page full of parent items for this page // Fetch a page full of parent items for this page
$r = q("SELECT distinct item.id AS item_id FROM item $r = q("SELECT distinct item.id AS item_id, $ordering FROM item
left join abook on item.author_xchan = abook.abook_xchan left join abook on item.author_xchan = abook.abook_xchan
WHERE true $uids AND item.item_restrict = 0 WHERE true $uids AND item.item_restrict = 0
AND item.parent = item.id AND item.parent = item.id
and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)
$sql_extra3 $sql_extra $sql_nets $sql_extra3 $sql_extra $sql_nets
ORDER BY item.$ordering DESC $pager_sql ", ORDER BY $ordering DESC $pager_sql ",
intval(ABOOK_FLAG_BLOCKED) intval(ABOOK_FLAG_BLOCKED)
); );
@ -417,8 +417,8 @@ function network_content(&$a, $update = 0, $load = false) {
} }
if(($update_unseen) && (! $firehose)) if(($update_unseen) && (! $firehose))
$r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d) $r = q("UPDATE `item` SET item_flags = ( item_flags & ~%d)
WHERE (item_flags & %d) AND `uid` = %d $update_unseen ", WHERE (item_flags & %d)>0 AND `uid` = %d $update_unseen ",
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(local_user()) intval(local_user())

6
mod/notifications.php
View File

@ -33,7 +33,7 @@ function notifications_post(&$a) {
$fid = $r[0]['fid']; $fid = $r[0]['fid'];
if($_POST['submit'] == t('Discard')) { if($_POST['submit'] == t('Discard')) {
$r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", $r = q("DELETE FROM `intro` WHERE `id` = %d",
intval($intro_id) intval($intro_id)
); );
if(! $fid) { if(! $fid) {
@ -41,7 +41,7 @@ function notifications_post(&$a) {
// The check for blocked and pending is in case the friendship was already approved // The check for blocked and pending is in case the friendship was already approved
// and we just want to get rid of the now pointless notification // and we just want to get rid of the now pointless notification
$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1 LIMIT 1", $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1",
intval($contact_id), intval($contact_id),
intval(local_user()) intval(local_user())
); );
@ -49,7 +49,7 @@ function notifications_post(&$a) {
goaway($a->get_baseurl(true) . '/notifications/intros'); goaway($a->get_baseurl(true) . '/notifications/intros');
} }
if($_POST['submit'] == t('Ignore')) { if($_POST['submit'] == t('Ignore')) {
$r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1", $r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d",
intval($intro_id)); intval($intro_id));
goaway($a->get_baseurl(true) . '/notifications/intros'); goaway($a->get_baseurl(true) . '/notifications/intros');
} }

2
mod/openid.php
View File

@ -159,7 +159,7 @@ function openid_content(&$a) {
$photos = import_profile_photo($pphoto,$url); $photos = import_profile_photo($pphoto,$url);
if($photos) { if($photos) {
$z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s',
xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($photos[0]), dbesc($photos[0]),
dbesc($photos[1]), dbesc($photos[1]),

2
mod/p.php
View File

@ -11,7 +11,7 @@ function p_init(&$a) {
$mid = str_replace('.xml','',argv(1)); $mid = str_replace('.xml','',argv(1));
$r = q("select * from item where mid = '%s' and (item_flags & %d) and item_private = 0 limit 1", $r = q("select * from item where mid = '%s' and (item_flags & %d)>0 and item_private = 0 limit 1",
dbesc($mid), dbesc($mid),
intval(ITEM_WALL) intval(ITEM_WALL)
); );

4
mod/photo.php
View File

@ -66,7 +66,7 @@ function photo_init(&$a) {
intval($uid) intval($uid)
); );
if(count($r)) { if(count($r)) {
$data = $r[0]['data']; $data = dbunescbin($r[0]['data']);
$mimetype = $r[0]['type']; $mimetype = $r[0]['type'];
} }
if(! isset($data)) { if(! isset($data)) {
@ -140,7 +140,7 @@ function photo_init(&$a) {
); );
if($r && $allowed) { if($r && $allowed) {
$data = $r[0]['data']; $data = dbunescbin($r[0]['data']);
$mimetype = $r[0]['type']; $mimetype = $r[0]['type'];
} }
else { else {

47
mod/photos.php
View File

@ -226,7 +226,7 @@ function photos_post(&$a) {
intval($page_owner_uid) intval($page_owner_uid)
); );
if(count($r)) { if(count($r)) {
$ph = photo_factory($r[0]['data'], $r[0]['type']); $ph = photo_factory(dbunescbin($r[0]['data']), $r[0]['type']);
if($ph->is_valid()) { if($ph->is_valid()) {
$rotate_deg = ( (intval($_POST['rotate']) == 1) ? 270 : 90 ); $rotate_deg = ( (intval($_POST['rotate']) == 1) ? 270 : 90 );
$ph->rotate($rotate_deg); $ph->rotate($rotate_deg);
@ -234,8 +234,8 @@ function photos_post(&$a) {
$width = $ph->getWidth(); $width = $ph->getWidth();
$height = $ph->getHeight(); $height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0",
dbesc($ph->imageString()), dbescbin($ph->imageString()),
intval($height), intval($height),
intval($width), intval($width),
dbesc($resource_id), dbesc($resource_id),
@ -247,8 +247,8 @@ function photos_post(&$a) {
$width = $ph->getWidth(); $width = $ph->getWidth();
$height = $ph->getHeight(); $height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1 limit 1", $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1",
dbesc($ph->imageString()), dbescbin($ph->imageString()),
intval($height), intval($height),
intval($width), intval($width),
dbesc($resource_id), dbesc($resource_id),
@ -261,8 +261,8 @@ function photos_post(&$a) {
$width = $ph->getWidth(); $width = $ph->getWidth();
$height = $ph->getHeight(); $height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2 limit 1", $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2",
dbesc($ph->imageString()), dbescbin($ph->imageString()),
intval($height), intval($height),
intval($width), intval($width),
dbesc($resource_id), dbesc($resource_id),
@ -322,7 +322,7 @@ function photos_post(&$a) {
// make sure the linked item has the same permissions as the photo regardless of any other changes // make sure the linked item has the same permissions as the photo regardless of any other changes
$x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d
where id = %d limit 1", where id = %d",
dbesc($str_contact_allow), dbesc($str_contact_allow),
dbesc($str_group_allow), dbesc($str_group_allow),
dbesc($str_contact_deny), dbesc($str_contact_deny),
@ -621,14 +621,20 @@ function photos_content(&$a) {
else else
$order = 'DESC'; $order = 'DESC';
$r = q("SELECT `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `description` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
AND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY `resource_id` ORDER BY `created` $order LIMIT %d , %d", /*"SELECT $prefix `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `description` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
AND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY resource_id ORDER BY `created` $order LIMIT %d OFFSET %d"*/
$r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.scale, p.description, p.created FROM photo p INNER JOIN
(SELECT resource_id, max(scale) scale FROM photo WHERE uid = %d AND album = '%s' AND scale <= 4 AND (photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY resource_id) ph
ON (p.resource_id = ph.resource_id AND p.scale = ph.scale)
ORDER BY created $order LIMIT %d OFFSET %d",
intval($owner_uid), intval($owner_uid),
dbesc($album), dbesc($album),
intvaL(PHOTO_NORMAL), intvaL(PHOTO_NORMAL),
intval(PHOTO_PROFILE), intval(PHOTO_PROFILE),
intval($a->pager['start']), intval($a->pager['itemspage']),
intval($a->pager['itemspage']) intval($a->pager['start'])
); );
//edit album name //edit album name
@ -899,7 +905,7 @@ function photos_content(&$a) {
} }
if((local_user()) && (local_user() == $link_item['uid'])) { if((local_user()) && (local_user() == $link_item['uid'])) {
q("UPDATE `item` SET item_flags = (item_flags ^ %d) WHERE parent = %d and uid = %d and (item_flags & %d)", q("UPDATE `item` SET item_flags = (item_flags & ~%d) WHERE parent = %d and uid = %d and (item_flags & %d)>0",
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval($link_item['parent']), intval($link_item['parent']),
intval(local_user()), intval(local_user()),
@ -1156,18 +1162,19 @@ function photos_content(&$a) {
$a->set_pager_total(count($r)); $a->set_pager_total(count($r));
$a->set_pager_itemspage(60); $a->set_pager_itemspage(60);
} }
$r = q("SELECT `resource_id`, `id`, `filename`, type, `album`, max(`scale`) AS `scale` FROM `photo` $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.album, p.scale, p.created FROM photo p INNER JOIN
WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' (SELECT resource_id, max(scale) scale FROM photo
and ( photo_flags = %d or photo_flags = %d ) WHERE uid=%d AND album != '%s' AND album != '%s'
$sql_extra GROUP BY `resource_id` ORDER BY `created` DESC LIMIT %d , %d", AND (photo_flags = %d or photo_flags = %d ) group by resource_id) ph
ON (p.resource_id = ph.resource_id and p.scale = ph.scale) ORDER by p.created DESC LIMIT %d OFFSET %d",
intval($a->data['channel']['channel_id']), intval($a->data['channel']['channel_id']),
dbesc('Contact Photos'), dbesc('Contact Photos'),
dbesc( t('Contact Photos')), dbesc( t('Contact Photos')),
intval(PHOTO_NORMAL), intval(PHOTO_NORMAL),
intval(PHOTO_PROFILE), intval(PHOTO_PROFILE),
intval($a->pager['start']), intval($a->pager['itemspage']),
intval($a->pager['itemspage']) intval($a->pager['start'])
); );

34
mod/ping.php
View File

@ -89,7 +89,7 @@ function ping_init(&$a) {
$basic_presence = false; $basic_presence = false;
if($r) { if($r) {
$basic_presence = true; $basic_presence = true;
q("update chatpresence set cp_last = '%s' where cp_id = %d limit 1", q("update chatpresence set cp_last = '%s' where cp_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($r[0]['cp_id']) intval($r[0]['cp_id'])
); );
@ -110,7 +110,9 @@ function ping_init(&$a) {
* and shouldn't count as online anymore. We allow an expection for bots. * and shouldn't count as online anymore. We allow an expection for bots.
*/ */
q("delete from chatpresence where cp_last < UTC_TIMESTAMP() - INTERVAL 3 MINUTE and cp_client != 'auto' "); q("delete from chatpresence where cp_last < %s - INTERVAL %s and cp_client != 'auto' ",
db_utcnow(), db_quoteinterval('3 MINUTE')
);
if((! local_user()) || ($result['invalid'])) { if((! local_user()) || ($result['invalid'])) {
echo json_encode($result); echo json_encode($result);
@ -130,14 +132,14 @@ function ping_init(&$a) {
if(x($_REQUEST, 'markRead') && local_user()) { if(x($_REQUEST, 'markRead') && local_user()) {
switch($_REQUEST['markRead']) { switch($_REQUEST['markRead']) {
case 'network': case 'network':
$r = q("update item set item_flags = ( item_flags ^ %d ) where (item_flags & %d) and uid = %d", $r = q("update item set item_flags = ( item_flags & ~%d ) where (item_flags & %d)>0 and uid = %d",
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(local_user()) intval(local_user())
); );
break; break;
case 'home': case 'home':
$r = q("update item set item_flags = ( item_flags ^ %d ) where (item_flags & %d) and (item_flags & %d) and uid = %d", $r = q("update item set item_flags = ( item_flags & ~%d ) where (item_flags & %d)>0 and (item_flags & %d) and uid = %d",
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(ITEM_WALL), intval(ITEM_WALL),
@ -145,7 +147,7 @@ function ping_init(&$a) {
); );
break; break;
case 'messages': case 'messages':
$r = q("update mail set mail_flags = ( mail_flags ^ %d ) where channel_id = %d and not (mail_flags & %d)", $r = q("update mail set mail_flags = ( mail_flags | %d ) where channel_id = %d and not (mail_flags & %d)>0",
intval(MAIL_SEEN), intval(MAIL_SEEN),
intval(local_user()), intval(local_user()),
intval(MAIL_SEEN) intval(MAIL_SEEN)
@ -179,17 +181,17 @@ function ping_init(&$a) {
); );
if($t && intval($t[0]['total']) > 49) { if($t && intval($t[0]['total']) > 49) {
$z = q("select * from notify where uid = %d $z = q("select * from notify where uid = %d
and seen = 0 order by date desc limit 0, 50", and seen = 0 order by date desc limit 50",
intval(local_user()) intval(local_user())
); );
} }
else { else {
$z1 = q("select * from notify where uid = %d $z1 = q("select * from notify where uid = %d
and seen = 0 order by date desc limit 0, 50", and seen = 0 order by date desc limit 50",
intval(local_user()) intval(local_user())
); );
$z2 = q("select * from notify where uid = %d $z2 = q("select * from notify where uid = %d
and seen = 1 order by date desc limit 0, %d", and seen = 1 order by date desc limit %d",
intval(local_user()), intval(local_user()),
intval(50 - intval($t[0]['total'])) intval(50 - intval($t[0]['total']))
); );
@ -217,8 +219,8 @@ function ping_init(&$a) {
if(argc() > 1 && argv(1) === 'messages') { if(argc() > 1 && argv(1) === 'messages') {
$channel = $a->get_channel(); $channel = $a->get_channel();
$t = q("select mail.*, xchan.* from mail left join xchan on xchan_hash = from_xchan $t = q("select mail.*, xchan.* from mail left join xchan on xchan_hash = from_xchan
where channel_id = %d and not ( mail_flags & %d ) and not (mail_flags & %d ) where channel_id = %d and not ( mail_flags & %d )>0 and not (mail_flags & %d )>0
and from_xchan != '%s' order by created desc limit 0,50", and from_xchan != '%s' order by created desc limit 50",
intval(local_user()), intval(local_user()),
intval(MAIL_SEEN), intval(MAIL_SEEN),
intval(MAIL_DELETED), intval(MAIL_DELETED),
@ -247,7 +249,7 @@ function ping_init(&$a) {
$result = array(); $result = array();
$r = q("SELECT * FROM item $r = q("SELECT * FROM item
WHERE item_restrict = %d and ( item_flags & %d ) and uid = %d", WHERE item_restrict = %d and ( item_flags & %d )>0 and uid = %d",
intval(ITEM_VISIBLE), intval(ITEM_VISIBLE),
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(local_user()) intval(local_user())
@ -269,7 +271,7 @@ function ping_init(&$a) {
if(argc() > 1 && (argv(1) === 'intros')) { if(argc() > 1 && (argv(1) === 'intros')) {
$result = array(); $result = array();
$r = q("SELECT * FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", $r = q("SELECT * FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)",
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_PENDING),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED),
@ -350,7 +352,7 @@ function ping_init(&$a) {
$t1 = dba_timer(); $t1 = dba_timer();
$r = q("SELECT id, item_restrict, item_flags FROM item $r = q("SELECT id, item_restrict, item_flags FROM item
WHERE (item_restrict = %d) and ( item_flags & %d ) and uid = %d", WHERE (item_restrict = %d) and ( item_flags & %d )>0 and uid = %d",
intval(ITEM_VISIBLE), intval(ITEM_VISIBLE),
intval(ITEM_UNSEEN), intval(ITEM_UNSEEN),
intval(local_user()) intval(local_user())
@ -370,7 +372,7 @@ function ping_init(&$a) {
$t2 = dba_timer(); $t2 = dba_timer();
$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)",
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_PENDING),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED),
@ -386,7 +388,7 @@ function ping_init(&$a) {
$channel = get_app()->get_channel(); $channel = get_app()->get_channel();
$mails = q("SELECT count(id) as total from mail $mails = q("SELECT count(id) as total from mail
WHERE channel_id = %d AND not (mail_flags & %d) and from_xchan != '%s' ", WHERE channel_id = %d AND not (mail_flags & %d)>0 and from_xchan != '%s' ",
intval(local_user()), intval(local_user()),
intval(MAIL_SEEN), intval(MAIL_SEEN),
dbesc($channel['channel_hash']) dbesc($channel['channel_hash'])
@ -395,7 +397,7 @@ function ping_init(&$a) {
$result['mail'] = intval($mails[0]['total']); $result['mail'] = intval($mails[0]['total']);
if ($a->config['system']['register_policy'] == REGISTER_APPROVE && is_site_admin()) { if ($a->config['system']['register_policy'] == REGISTER_APPROVE && is_site_admin()) {
$regs = q("SELECT count(account_id) as total from account where (account_flags & %d)", $regs = q("SELECT count(account_id) as total from account where (account_flags & %d)>0",
intval(ACCOUNT_PENDING) intval(ACCOUNT_PENDING)
); );
if($regs) if($regs)

20
mod/poco.php
View File

@ -15,7 +15,7 @@ function poco_init(&$a) {
$user = notags(trim(argv(1))); $user = notags(trim(argv(1)));
} }
if(! x($user)) { if(! x($user)) {
$c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = 1"); $c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = '1'");
if(! $c) { if(! $c) {
logger('mod_poco: system mode. No candidates.', LOGGER_DEBUG); logger('mod_poco: system mode. No candidates.', LOGGER_DEBUG);
http_status_exit(404); http_status_exit(404);
@ -60,7 +60,7 @@ function poco_init(&$a) {
} }
if($justme) if($justme)
$sql_extra = " and ( abook_flags & " . ABOOK_FLAG_SELF . " ) "; $sql_extra = " and ( abook_flags & " . ABOOK_FLAG_SELF . " )>0 ";
else else
$sql_extra = " and abook_flags = 0 "; $sql_extra = " and abook_flags = 0 ";
@ -69,14 +69,14 @@ function poco_init(&$a) {
if($system_mode) { if($system_mode) {
$r = q("SELECT count(*) as `total` from abook where ( abook_flags & " . ABOOK_FLAG_SELF . $r = q("SELECT count(*) as `total` from abook where ( abook_flags & " . ABOOK_FLAG_SELF .
" ) and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) "); " )>0 and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) ");
} }
else { else {
$r = q("SELECT count(*) as `total` from abook where abook_channel = %d $r = q("SELECT count(*) as `total` from abook where abook_channel = %d
$sql_extra ", $sql_extra ",
intval($channel_id) intval($channel_id)
); );
$c = q("select * from menu_item where ( mitem_flags & " . intval(MENU_ITEM_CHATROOM) . " ) and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and mitem_channel_id = %d", $c = q("select * from menu_item where ( mitem_flags & " . intval(MENU_ITEM_CHATROOM) . " )>0 and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and mitem_channel_id = %d",
intval($channel_id) intval($channel_id)
); );
} }
@ -93,17 +93,17 @@ function poco_init(&$a) {
if($system_mode) { if($system_mode) {
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where ( abook_flags & " . ABOOK_FLAG_SELF . $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where ( abook_flags & " . ABOOK_FLAG_SELF .
" ) and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) limit %d, %d ", " )>0 and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) limit %d offset %d ",
intval($startIndex), intval($itemsPerPage),
intval($itemsPerPage) intval($startIndex)
); );
} }
else { else {
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d
$sql_extra LIMIT %d, %d", $sql_extra LIMIT %d OFFSET %d",
intval($channel_id), intval($channel_id),
intval($startIndex), intval($itemsPerPage),
intval($itemsPerPage) intval($startIndex)
); );
} }

18
mod/post.php
View File

@ -98,7 +98,7 @@ function post_init(&$a) {
// Any channel will do, providing it's currently active. We just need to have an // Any channel will do, providing it's currently active. We just need to have an
// identity to attach to the packet we send back. So find one. // identity to attach to the packet we send back. So find one.
$c = q("select * from channel where not ( channel_pageflags & %d ) limit 1", $c = q("select * from channel where not ( channel_pageflags & %d )>0 limit 1",
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );
@ -612,7 +612,7 @@ function post_post(&$a) {
else else
$ret['pickup'][] = array('notify' => json_decode($rr['outq_notify'],true),'message' => $x); $ret['pickup'][] = array('notify' => json_decode($rr['outq_notify'],true),'message' => $x);
$x = q("delete from outq where outq_hash = '%s' limit 1", $x = q("delete from outq where outq_hash = '%s'",
dbesc($rr['outq_hash']) dbesc($rr['outq_hash'])
); );
} }
@ -659,7 +659,7 @@ function post_post(&$a) {
// Update our DB to show when we last communicated successfully with this hub // Update our DB to show when we last communicated successfully with this hub
// This will allow us to prune dead hubs from using up resources // This will allow us to prune dead hubs from using up resources
$r = q("update hubloc set hubloc_connected = '%s' where hubloc_id = %d limit 1", $r = q("update hubloc set hubloc_connected = '%s' where hubloc_id = %d",
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($hub['hubloc_id']) intval($hub['hubloc_id'])
); );
@ -667,17 +667,17 @@ function post_post(&$a) {
// a dead hub came back to life - reset any tombstones we might have // a dead hub came back to life - reset any tombstones we might have
if($hub['hubloc_status'] & HUBLOC_OFFLINE) { if($hub['hubloc_status'] & HUBLOC_OFFLINE) {
q("update hubloc set hubloc_status = (hubloc_status ^ %d) where hubloc_id = %d limit 1", q("update hubloc set hubloc_status = (hubloc_status & ~%d) where hubloc_id = %d",
intval(HUBLOC_OFFLINE), intval(HUBLOC_OFFLINE),
intval($hub['hubloc_id']) intval($hub['hubloc_id'])
); );
if($r[0]['hubloc_flags'] & HUBLOC_FLAGS_ORPHANCHECK) { if($r[0]['hubloc_flags'] & HUBLOC_FLAGS_ORPHANCHECK) {
q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where hubloc_id = %d limit 1", q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where hubloc_id = %d",
intval(HUBLOC_FLAGS_ORPHANCHECK), intval(HUBLOC_FLAGS_ORPHANCHECK),
intval($hub['hubloc_id']) intval($hub['hubloc_id'])
); );
} }
q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1", q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN),
dbesc($hub['hubloc_hash']) dbesc($hub['hubloc_hash'])
@ -732,7 +732,9 @@ function post_post(&$a) {
$sender_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']); $sender_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']);
// garbage collect any old unused notifications // garbage collect any old unused notifications
q("delete from verify where type = 'auth' and created < UTC_TIMESTAMP() - INTERVAL 10 MINUTE"); q("delete from verify where type = 'auth' and created < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('10 MINUTE')
);
$y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1",
dbesc($sender_hash) dbesc($sender_hash)
@ -781,7 +783,7 @@ function post_post(&$a) {
$ret['message'] .= 'verification key not found' . EOL; $ret['message'] .= 'verification key not found' . EOL;
json_return_and_die($ret); json_return_and_die($ret);
} }
$r = q("delete from verify where id = %d limit 1", $r = q("delete from verify where id = %d",
intval($z[0]['id']) intval($z[0]['id'])
); );

10
mod/profile_photo.php
View File

@ -173,7 +173,7 @@ function profile_photo_post(&$a) {
dbesc($base_image['resource_id']), dbesc($base_image['resource_id']),
intval(local_user()) intval(local_user())
); );
$r = q("UPDATE photo SET photo_flags = ( photo_flags ^ %d ) WHERE ( photo_flags & %d ) $r = q("UPDATE photo SET photo_flags = ( photo_flags & ~%d ) WHERE ( photo_flags & %d )>0
AND resource_id != '%s' AND `uid` = %d", AND resource_id != '%s' AND `uid` = %d",
intval(PHOTO_PROFILE), intval(PHOTO_PROFILE),
intval(PHOTO_PROFILE), intval(PHOTO_PROFILE),
@ -182,7 +182,7 @@ function profile_photo_post(&$a) {
); );
} }
else { else {
$r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d limit 1", $r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d",
dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-4'), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-4'),
dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-5'), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-5'),
intval($_REQUEST['profile']), intval($_REQUEST['profile']),
@ -196,7 +196,7 @@ function profile_photo_post(&$a) {
$channel = $a->get_channel(); $channel = $a->get_channel();
$r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s' $r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s'
where xchan_hash = '%s' limit 1", where xchan_hash = '%s'",
dbesc($im->getType()), dbesc($im->getType()),
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($channel['xchan_hash']) dbesc($channel['xchan_hash'])
@ -302,7 +302,7 @@ function profile_photo_content(&$a) {
// unset any existing profile photos // unset any existing profile photos
$r = q("UPDATE photo SET profile = 0 WHERE profile = 1 AND uid = %d", $r = q("UPDATE photo SET profile = 0 WHERE profile = 1 AND uid = %d",
intval(local_user())); intval(local_user()));
$r = q("UPDATE photo SET photo_flags = (photo_flags ^ %d ) WHERE (photo_flags & %d ) AND uid = %d", $r = q("UPDATE photo SET photo_flags = (photo_flags & ~%d ) WHERE (photo_flags & %d )>0 AND uid = %d",
intval(PHOTO_PROFILE), intval(PHOTO_PROFILE),
intval(PHOTO_PROFILE), intval(PHOTO_PROFILE),
intval(local_user())); intval(local_user()));
@ -320,7 +320,7 @@ function profile_photo_content(&$a) {
); );
$r = q("UPDATE xchan set xchan_photo_date = '%s' $r = q("UPDATE xchan set xchan_photo_date = '%s'
where xchan_hash = '%s' limit 1", where xchan_hash = '%s'",
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($channel['xchan_hash']) dbesc($channel['xchan_hash'])
); );

8
mod/profiles.php
View File

@ -30,7 +30,7 @@ function profiles_init(&$a) {
dbesc($profile_guid), dbesc($profile_guid),
intval(local_user()) intval(local_user())
); );
$r = q("DELETE FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", $r = q("DELETE FROM `profile` WHERE `id` = %d AND `uid` = %d",
intval(argv(2)), intval(argv(2)),
intval(local_user()) intval(local_user())
); );
@ -338,7 +338,7 @@ function profiles_post(&$a) {
dbesc($zz['field_name']) dbesc($zz['field_name'])
); );
if($w) { if($w) {
q("update profext set v = '%s' where id = %d limit 1", q("update profext set v = '%s' where id = %d",
dbesc(escape_tags(trim($_POST[$zz['field_name']]))), dbesc(escape_tags(trim($_POST[$zz['field_name']]))),
intval($w[0]['id']) intval($w[0]['id'])
); );
@ -453,7 +453,7 @@ function profiles_post(&$a) {
`work` = '%s', `work` = '%s',
`education` = '%s', `education` = '%s',
`hide_friends` = %d `hide_friends` = %d
WHERE `id` = %d AND `uid` = %d LIMIT 1", WHERE `id` = %d AND `uid` = %d",
dbesc($profile_name), dbesc($profile_name),
dbesc($name), dbesc($name),
dbesc($pdesc), dbesc($pdesc),
@ -506,7 +506,7 @@ function profiles_post(&$a) {
$channel = $a->get_channel(); $channel = $a->get_channel();
if($namechanged && $is_default) { if($namechanged && $is_default) {
$r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s' limit 1", $r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s'",
dbesc($name), dbesc($name),
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($channel['xchan_hash']) dbesc($channel['xchan_hash'])

4
mod/profperm.php
View File

@ -75,13 +75,13 @@ function profperm_content(&$a) {
if($change) { if($change) {
if(in_array($change,$ingroup)) { if(in_array($change,$ingroup)) {
q("UPDATE abook SET abook_profile = '' WHERE abook_id = %d AND abook_channel = %d LIMIT 1", q("UPDATE abook SET abook_profile = '' WHERE abook_id = %d AND abook_channel = %d",
intval($change), intval($change),
intval(local_user()) intval(local_user())
); );
} }
else { else {
q("UPDATE abook SET abook_profile = '%s' WHERE abook_id = %d AND abook_channel = %d LIMIT 1", q("UPDATE abook SET abook_profile = '%s' WHERE abook_id = %d AND abook_channel = %d",
dbesc($profile['profile_guid']), dbesc($profile['profile_guid']),
intval($change), intval($change),
intval(local_user()) intval(local_user())

2
mod/receive.php
View File

@ -31,7 +31,7 @@ function receive_post(&$a) {
// Diaspora sites *may* provide a truncated guid. // Diaspora sites *may* provide a truncated guid.
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_guid like '%s' AND NOT (channel_pageflags & %d ) LIMIT 1", $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_guid like '%s' AND NOT (channel_pageflags & %d )>0 LIMIT 1",
dbesc($guid . '%'), dbesc($guid . '%'),
intval(PAGE_REMOVED) intval(PAGE_REMOVED)
); );

10
mod/register.php
View File

@ -37,7 +37,9 @@ function register_post(&$a) {
$max_dailies = intval(get_config('system','max_daily_registrations')); $max_dailies = intval(get_config('system','max_daily_registrations'));
if($max_dailies) { if($max_dailies) {
$r = q("select count(account_id) as total from account where account_created > UTC_TIMESTAMP() - INTERVAL 1 day"); $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('1 day')
);
if($r && $r[0]['total'] >= $max_dailies) { if($r && $r[0]['total'] >= $max_dailies) {
notice( t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL); notice( t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL);
return; return;
@ -100,7 +102,7 @@ function register_post(&$a) {
$invite_code = ((x($_POST,'invite_code')) ? notags(trim($_POST['invite_code'])) : ''); $invite_code = ((x($_POST,'invite_code')) ? notags(trim($_POST['invite_code'])) : '');
if($using_invites && $invite_code) { if($using_invites && $invite_code) {
q("delete * from register where hash = '%s' limit 1", dbesc($invite_code)); q("delete * from register where hash = '%s'", dbesc($invite_code));
set_pconfig($result['account']['account_id'],'system','invites_remaining',$num_invites); set_pconfig($result['account']['account_id'],'system','invites_remaining',$num_invites);
} }
@ -164,7 +166,9 @@ function register_content(&$a) {
$max_dailies = intval(get_config('system','max_daily_registrations')); $max_dailies = intval(get_config('system','max_daily_registrations'));
if($max_dailies) { if($max_dailies) {
$r = q("select count(account_id) as total from account where account_created > UTC_TIMESTAMP() - INTERVAL 1 day"); $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('1 day')
);
if($r && $r[0]['total'] >= $max_dailies) { if($r && $r[0]['total'] >= $max_dailies) {
logger('max daily registrations exceeded.'); logger('max daily registrations exceeded.');
notice( t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL); notice( t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL);

36
mod/search.php
View File

@ -68,7 +68,8 @@ function search_content(&$a,$update = 0, $load = false) {
); );
} }
else { else {
$sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search)))); $regstr = db_getfunc('REGEXP');
$sql_extra = sprintf(" AND `item`.`body` $regstr '%s' ", dbesc(protect_sprintf(preg_quote($search))));
} }
// Here is the way permissions work in the search module... // Here is the way permissions work in the search module...
@ -123,7 +124,7 @@ function search_content(&$a,$update = 0, $load = false) {
if(($update) && ($load)) { if(($update) && ($load)) {
$itemspage = get_pconfig(local_user(),'system','itemspage'); $itemspage = get_pconfig(local_user(),'system','itemspage');
$a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start']));
// in case somebody turned off public access to sys channel content with permissions // in case somebody turned off public access to sys channel content with permissions
@ -132,29 +133,36 @@ function search_content(&$a,$update = 0, $load = false) {
if($load) { if($load) {
$r = null; $r = null;
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$prefix = 'distinct on (created, mid)';
$suffix = 'ORDER BY created DESC, mid';
} else {
$prefix = 'distinct';
$suffix = 'group by mid ORDER BY created DESC';
}
if(local_user()) { if(local_user()) {
$r = q("SELECT distinct mid, item.id as item_id, item.* from item $r = q("SELECT $prefix mid, item.id as item_id, item.* from item
WHERE item_restrict = 0 WHERE item_restrict = 0
AND ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) AND ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 )
OR ( `item`.`uid` = %d )) OR item.owner_xchan = '%s' ) OR ( `item`.`uid` = %d )) OR item.owner_xchan = '%s' )
$sql_extra $sql_extra
group by mid ORDER BY created DESC $pager_sql ", $suffix $pager_sql ",
intval(local_user()), intval(local_user()),
dbesc($sys['xchan_hash']) dbesc($sys['xchan_hash'])
); );
} }
if($r === null) { if($r === null) {
$r = q("SELECT distinct mid, item.id as item_id, item.* from item $r = q("SELECT $prefix mid, item.id as item_id, item.* from item
WHERE item_restrict = 0 WHERE item_restrict = 0
AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = ''
AND `item`.`deny_gid` = '' AND item_private = 0 ) AND `item`.`deny_gid` = '' AND item_private = 0 )
and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
$pub_sql ) OR owner_xchan = '%s') $pub_sql ) OR owner_xchan = '%s')
$sql_extra $sql_extra
group by mid ORDER BY created DESC $pager_sql", $suffix $pager_sql",
dbesc($sys['xchan_hash']) dbesc($sys['xchan_hash'])
); );
} }
} }
else { else {

22
mod/settings.php
View File

@ -168,7 +168,7 @@ function settings_post(&$a) {
} }
} }
$r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d LIMIT 1", $r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d",
dbesc($theme), dbesc($theme),
intval(local_user()) intval(local_user())
); );
@ -205,7 +205,7 @@ function settings_post(&$a) {
$salt = random_string(32); $salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $newpass); $password_encoded = hash('whirlpool', $salt . $newpass);
$r = q("update account set account_salt = '%s', account_password = '%s', account_password_changed = '%s' $r = q("update account set account_salt = '%s', account_password = '%s', account_password_changed = '%s'
where account_id = %d limit 1", where account_id = %d",
dbesc($salt), dbesc($salt),
dbesc($password_encoded), dbesc($password_encoded),
dbesc(datetime_convert()), dbesc(datetime_convert()),
@ -235,7 +235,7 @@ function settings_post(&$a) {
$email = $a->user['email']; $email = $a->user['email'];
} }
if(! $errs) { if(! $errs) {
$r = q("update account set account_email = '%s' where account_id = %d limit 1", $r = q("update account set account_email = '%s' where account_id = %d",
dbesc($email), dbesc($email),
intval($account['account_id']) intval($account['account_id'])
); );
@ -267,7 +267,7 @@ function settings_post(&$a) {
$hide_presence = (((x($_POST,'hide_presence')) && (intval($_POST['hide_presence']) == 1)) ? 1: 0); $hide_presence = (((x($_POST,'hide_presence')) && (intval($_POST['hide_presence']) == 1)) ? 1: 0);
$publish = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0); $publish = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0);
$def_group = ((x($_POST,'group-selection')) ? notags(trim($_POST['group-selection'])) : ''); $def_group = ((x($_POST,'group-selection')) ? notags(trim($_POST['group-selection'])) : '');
$r = q("update channel set channel_default_group = '%s' where channel_id = %d limit 1", $r = q("update channel set channel_default_group = '%s' where channel_id = %d",
dbesc($def_group), dbesc($def_group),
intval(local_user()) intval(local_user())
); );
@ -283,7 +283,7 @@ function settings_post(&$a) {
$str_group_deny = perms2str($_POST['group_deny']); $str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']); $str_contact_deny = perms2str($_POST['contact_deny']);
$r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s' $r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s'
where channel_id = %d limit 1", where channel_id = %d",
dbesc($str_contact_allow), dbesc($str_contact_allow),
dbesc($str_group_allow), dbesc($str_group_allow),
dbesc($str_contact_deny), dbesc($str_contact_deny),
@ -313,7 +313,7 @@ function settings_post(&$a) {
); );
} }
if($r) { if($r) {
q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d limit 1", q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d",
dbesc($r[0]['hash']), dbesc($r[0]['hash']),
dbesc('<' . $r[0]['hash'] . '>'), dbesc('<' . $r[0]['hash'] . '>'),
intval(local_user()) intval(local_user())
@ -327,12 +327,12 @@ function settings_post(&$a) {
// no default collection // no default collection
else { else {
q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '', q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '',
channel_deny_cid = '' where channel_id = %d limit 1", channel_deny_cid = '' where channel_id = %d",
intval(local_user()) intval(local_user())
); );
} }
$r = q("update abook set abook_my_perms = %d where abook_channel = %d and (abook_flags & %d) limit 1", $r = q("update abook set abook_my_perms = %d where abook_channel = %d and (abook_flags & %d)>0",
intval(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0), intval(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0),
intval(local_user()), intval(local_user()),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
@ -433,7 +433,7 @@ function settings_post(&$a) {
set_pconfig(local_user(),'system','blocktags',$blocktags); set_pconfig(local_user(),'system','blocktags',$blocktags);
set_pconfig(local_user(),'system','channel_menu',$channel_menu); set_pconfig(local_user(),'system','channel_menu',$channel_menu);
$r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d $set_perms where channel_id = %d limit 1", $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d $set_perms where channel_id = %d",
dbesc($username), dbesc($username),
intval($pageflags), intval($pageflags),
dbesc($timezone), dbesc($timezone),
@ -448,14 +448,14 @@ function settings_post(&$a) {
info( t('Settings updated.') . EOL); info( t('Settings updated.') . EOL);
if(! is_null($publish)) { if(! is_null($publish)) {
$r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d LIMIT 1", $r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d",
intval($publish), intval($publish),
intval(local_user()) intval(local_user())
); );
} }
if($name_change) { if($name_change) {
$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s' limit 1", $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'",
dbesc($username), dbesc($username),
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc($channel['channel_hash']) dbesc($channel['channel_hash'])

32
mod/setup.php
View File

@ -50,16 +50,18 @@ function setup_post(&$a) {
$dbuser = trim($_POST['dbuser']); $dbuser = trim($_POST['dbuser']);
$dbpass = trim($_POST['dbpass']); $dbpass = trim($_POST['dbpass']);
$dbdata = trim($_POST['dbdata']); $dbdata = trim($_POST['dbdata']);
$dbtype = intval(trim($_POST['dbtype']));
$phpath = trim($_POST['phpath']); $phpath = trim($_POST['phpath']);
$adminmail = trim($_POST['adminmail']); $adminmail = trim($_POST['adminmail']);
$siteurl = trim($_POST['siteurl']); $siteurl = trim($_POST['siteurl']);
require_once('include/dba/dba_driver.php'); require_once('include/dba/dba_driver.php');
unset($db); unset($db);
$db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, true); $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true);
if(! $db->connected) { if(! $db->connected) {
echo "Database Connect failed: " . $db->error; echo "Database Connect failed: " . $db->error;
killme(); killme();
$a->data['db_conn_failed']=true;
} }
/*if(get_db_errno()) { /*if(get_db_errno()) {
unset($db); unset($db);
@ -80,9 +82,9 @@ function setup_post(&$a) {
return; return;
} }
}*/ }*/
if(get_db_errno()) { //if(get_db_errno()) {
$a->data['db_conn_failed']=true;
} //}
return; return;
break; break;
@ -93,6 +95,7 @@ function setup_post(&$a) {
$dbuser = notags(trim($_POST['dbuser'])); $dbuser = notags(trim($_POST['dbuser']));
$dbpass = notags(trim($_POST['dbpass'])); $dbpass = notags(trim($_POST['dbpass']));
$dbdata = notags(trim($_POST['dbdata'])); $dbdata = notags(trim($_POST['dbdata']));
$dbtype = intval(notags(trim($_POST['dbtype'])));
$phpath = notags(trim($_POST['phpath'])); $phpath = notags(trim($_POST['phpath']));
$timezone = notags(trim($_POST['timezone'])); $timezone = notags(trim($_POST['timezone']));
$adminmail = notags(trim($_POST['adminmail'])); $adminmail = notags(trim($_POST['adminmail']));
@ -109,7 +112,7 @@ function setup_post(&$a) {
} }
// connect to db // connect to db
$db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, true); $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true);
if(! $db->connected) { if(! $db->connected) {
echo 'CRITICAL: DB not connected.'; echo 'CRITICAL: DB not connected.';
@ -123,6 +126,7 @@ function setup_post(&$a) {
'$dbuser' => $dbuser, '$dbuser' => $dbuser,
'$dbpass' => $dbpass, '$dbpass' => $dbpass,
'$dbdata' => $dbdata, '$dbdata' => $dbdata,
'$dbtype' => $dbtype,
'$timezone' => $timezone, '$timezone' => $timezone,
'$siteurl' => $siteurl, '$siteurl' => $siteurl,
'$site_id' => random_string(), '$site_id' => random_string(),
@ -187,7 +191,7 @@ function setup_content(&$a) {
} }
if(x($a->data,'db_failed')) { if(x($a->data,'db_failed')) {
$txt = t('You may need to import the file "install/database.sql" manually using phpmyadmin or mysql.') . EOL; $txt = t('You may need to import the file "install/schema_xxx.sql" manually using a database client.') . EOL;
$txt .= t('Please see the file "install/INSTALL.txt".') . EOL ."<hr>" ; $txt .= t('Please see the file "install/INSTALL.txt".') . EOL ."<hr>" ;
$txt .= "<pre>".$a->data['db_failed'] . "</pre>". EOL ; $txt .= "<pre>".$a->data['db_failed'] . "</pre>". EOL ;
$db_return_text .= $txt; $db_return_text .= $txt;
@ -273,6 +277,7 @@ function setup_content(&$a) {
$dbport = intval(notags(trim($_POST['dbport']))); $dbport = intval(notags(trim($_POST['dbport'])));
$dbpass = notags(trim($_POST['dbpass'])); $dbpass = notags(trim($_POST['dbpass']));
$dbdata = notags(trim($_POST['dbdata'])); $dbdata = notags(trim($_POST['dbdata']));
$dbtype = intval(notags(trim($_POST['dbtype'])));
$phpath = notags(trim($_POST['phpath'])); $phpath = notags(trim($_POST['phpath']));
$adminmail = notags(trim($_POST['adminmail'])); $adminmail = notags(trim($_POST['adminmail']));
$siteurl = notags(trim($_POST['siteurl'])); $siteurl = notags(trim($_POST['siteurl']));
@ -293,6 +298,7 @@ function setup_content(&$a) {
'$dbuser' => array('dbuser', t('Database Login Name'), $dbuser, ''), '$dbuser' => array('dbuser', t('Database Login Name'), $dbuser, ''),
'$dbpass' => array('dbpass', t('Database Login Password'), $dbpass, ''), '$dbpass' => array('dbpass', t('Database Login Password'), $dbpass, ''),
'$dbdata' => array('dbdata', t('Database Name'), $dbdata, ''), '$dbdata' => array('dbdata', t('Database Name'), $dbdata, ''),
'$dbtype' => array('dbtype', t('Database Type'), $dbtype, '', array( 0=>'MySQL', 1=>'PostgreSQL' )),
'$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')), '$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')),
'$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')), '$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')),
@ -316,6 +322,7 @@ function setup_content(&$a) {
$dbuser = notags(trim($_POST['dbuser'])); $dbuser = notags(trim($_POST['dbuser']));
$dbpass = notags(trim($_POST['dbpass'])); $dbpass = notags(trim($_POST['dbpass']));
$dbdata = notags(trim($_POST['dbdata'])); $dbdata = notags(trim($_POST['dbdata']));
$dbtype = intval(notags(trim($_POST['dbtype'])));
$phpath = notags(trim($_POST['phpath'])); $phpath = notags(trim($_POST['phpath']));
$adminmail = notags(trim($_POST['adminmail'])); $adminmail = notags(trim($_POST['adminmail']));
@ -335,6 +342,7 @@ function setup_content(&$a) {
'$dbpass' => $dbpass, '$dbpass' => $dbpass,
'$dbdata' => $dbdata, '$dbdata' => $dbdata,
'$phpath' => $phpath, '$phpath' => $phpath,
'$dbtype' => $dbtype,
'$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')), '$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')),
@ -440,7 +448,7 @@ function check_funcs(&$checks) {
check_add($ck_funcs, t('libCurl PHP module'), true, true, ""); check_add($ck_funcs, t('libCurl PHP module'), true, true, "");
check_add($ck_funcs, t('GD graphics PHP module'), true, true, ""); check_add($ck_funcs, t('GD graphics PHP module'), true, true, "");
check_add($ck_funcs, t('OpenSSL PHP module'), true, true, ""); check_add($ck_funcs, t('OpenSSL PHP module'), true, true, "");
check_add($ck_funcs, t('mysqli PHP module'), true, true, ""); check_add($ck_funcs, t('mysqli or postgres PHP module'), true, true, "");
check_add($ck_funcs, t('mb_string PHP module'), true, true, ""); check_add($ck_funcs, t('mb_string PHP module'), true, true, "");
check_add($ck_funcs, t('mcrypt PHP module'), true, true, ""); check_add($ck_funcs, t('mcrypt PHP module'), true, true, "");
@ -471,9 +479,9 @@ function check_funcs(&$checks) {
$ck_funcs[2]['status']= false; $ck_funcs[2]['status']= false;
$ck_funcs[2]['help']= t('Error: openssl PHP module required but not installed.'); $ck_funcs[2]['help']= t('Error: openssl PHP module required but not installed.');
} }
if(! function_exists('mysqli_connect')){ if(! function_exists('mysqli_connect') && !function_exists('pg_connect')){
$ck_funcs[3]['status']= false; $ck_funcs[3]['status']= false;
$ck_funcs[3]['help']= t('Error: mysqli PHP module required but not installed.'); $ck_funcs[3]['help']= t('Error: mysqli or postgres PHP module required but neither are installed.');
} }
if(! function_exists('mb_strlen')){ if(! function_exists('mb_strlen')){
$ck_funcs[4]['status']= false; $ck_funcs[4]['status']= false;
@ -579,7 +587,7 @@ function check_htaccess(&$checks) {
if ((! $test['success']) || ($test['body'] != "ok")) { if ((! $test['success']) || ($test['body'] != "ok")) {
$status = false; $status = false;
$help = t('Url rewrite in .htaccess is not working. Check your server configuration.'); $help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true));
} }
check_add($checks, t('Url rewrite is working'), $status, true, $help); check_add($checks, t('Url rewrite is working'), $status, true, $help);
} else { } else {
@ -607,8 +615,8 @@ function load_database_rem($v, $i){
function load_database($db) { function load_database($db) {
file_put_contents('debug-foo.log', 'Loading schema: '.$db->get_install_script());
$str = file_get_contents('install/database.sql'); $str = file_get_contents($db->get_install_script());
$arr = explode(';',$str); $arr = explode(';',$str);
$errors = false; $errors = false;
foreach($arr as $a) { foreach($arr as $a) {

2
mod/siteinfo.php
View File

@ -8,7 +8,7 @@ function siteinfo_init(&$a) {
$sql_extra = ''; $sql_extra = '';
$r = q("select * from channel left join account on account_id = channel_account_id where ( account_roles & 4096 ) and account_default_channel = channel_id"); $r = q("select * from channel left join account on account_id = channel_account_id where ( account_roles & 4096 )>0 and account_default_channel = channel_id");
if($r) { if($r) {

4
mod/sources.php
View File

@ -47,7 +47,7 @@ function sources_post(&$a) {
goaway(z_root() . '/sources'); goaway(z_root() . '/sources');
} }
else { else {
$r = q("update source set src_xchan = '%s', src_patt = '%s' where src_channel_id = %d and src_id = %d limit 1", $r = q("update source set src_xchan = '%s', src_patt = '%s' where src_channel_id = %d and src_id = %d",
dbesc($xchan), dbesc($xchan),
dbesc($words), dbesc($words),
intval(local_user()), intval(local_user()),
@ -150,7 +150,7 @@ function sources_content(&$a) {
notice( t('Source not found.') . EOL); notice( t('Source not found.') . EOL);
return ''; return '';
} }
$r = q("delete from source where src_id = %d and src_channel_id = %d limit 1", $r = q("delete from source where src_id = %d and src_channel_id = %d",
intval(argv(1)), intval(argv(1)),
intval(local_user()) intval(local_user())
); );

2
mod/starred.php
View File

@ -21,7 +21,7 @@ function starred_init(&$a) {
$item_flags = ( $r[0]['item_flags'] ^ ITEM_STARRED ); $item_flags = ( $r[0]['item_flags'] ^ ITEM_STARRED );
$r = q("UPDATE item SET item_flags = %d WHERE uid = %d and id = %d LIMIT 1", $r = q("UPDATE item SET item_flags = %d WHERE uid = %d and id = %d",
intval($item_flags), intval($item_flags),
intval(local_user()), intval(local_user()),
intval($message_id) intval($message_id)

Some files were not shown because too many files have changed in this diff Show More