additional array checking
This commit is contained in:
zotlabs
parent
48026efddf
commit
6532972e61
@ -117,13 +117,7 @@ class Profiles extends \Zotlabs\Web\Controller {
|
||||
$r1[0]['profile_name'] = dbesc($name);
|
||||
$r1[0]['profile_guid'] = dbesc(random_string());
|
||||
|
||||
dbesc_array($r1[0]);
|
||||
|
||||
$r2 = dbq("INSERT INTO profile (" . TQUOT
|
||||
. implode(TQUOT . ", " . TQUOT, array_keys($r1[0]))
|
||||
. TQUOT . ") VALUES ('"
|
||||
. implode("', '", array_values($r1[0]))
|
||||
. "')" );
|
||||
create_table_from_array('profile', $r1[0]);
|
||||
|
||||
$r3 = q("SELECT id FROM profile WHERE uid = %d AND profile_name = '%s' LIMIT 1",
|
||||
intval(local_channel()),
|
||||
|
||||
@ -391,9 +391,22 @@ function dbesc_array_cb(&$item, $key) {
|
||||
|
||||
|
||||
function dbesc_array(&$arr) {
|
||||
$bogus_key = false;
|
||||
if(is_array($arr) && count($arr)) {
|
||||
$matches = false;
|
||||
foreach($arr as $k => $v) {
|
||||
if(preg_match('/([^a-zA-Z0-9\-\_\.])/',$k,$matches)) {
|
||||
logger('bogus key: ' . $k);
|
||||
$bogus_key = true;
|
||||
}
|
||||
}
|
||||
array_walk($arr,'dbesc_array_cb');
|
||||
if($bogus_key) {
|
||||
$arr['BOGUS.KEY'] = 1;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
function db_getfunc($f) {
|
||||
|
||||
@ -1026,7 +1026,8 @@ function sync_files($channel,$files) {
|
||||
|
||||
if($attach_exists) {
|
||||
logger('sync_files attach exists: ' . print_r($att,true), LOGGER_DEBUG);
|
||||
dbesc_array($att);
|
||||
if(! dbesc_array($att))
|
||||
continue;
|
||||
$str = '';
|
||||
foreach($att as $k => $v) {
|
||||
if($str)
|
||||
@ -1140,7 +1141,8 @@ function sync_files($channel,$files) {
|
||||
|
||||
|
||||
if($exists) {
|
||||
dbesc_array($p);
|
||||
if(! dbesc_array($p))
|
||||
continue;
|
||||
$str = '';
|
||||
foreach($p as $k => $v) {
|
||||
if($str)
|
||||
|
||||
@ -2161,7 +2161,10 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) {
|
||||
}
|
||||
|
||||
|
||||
dbesc_array($arr);
|
||||
if(! dbesc_array($arr)) {
|
||||
$ret['message'] = 'DB array malformed';
|
||||
return $ret;
|
||||
}
|
||||
|
||||
logger('item_store_update: ' . print_r($arr,true), LOGGER_DATA);
|
||||
|
||||
|
||||
@ -3035,13 +3035,14 @@ function create_table_from_array($table,$arr) {
|
||||
if(! ($arr && $table))
|
||||
return false;
|
||||
|
||||
dbesc_array($arr);
|
||||
|
||||
$r = dbq("INSERT INTO " . TQUOT . $table . TQUOT . " (" . TQUOT
|
||||
if(dbesc_array($arr)) {
|
||||
$r = dbq("INSERT INTO " . TQUOT . $table . TQUOT . " (" . TQUOT
|
||||
. implode(TQUOT . ', ' . TQUOT, array_keys($arr))
|
||||
. TQUOT . ") VALUES ('"
|
||||
. implode("', '", array_values($arr))
|
||||
. "')" );
|
||||
. "')"
|
||||
);
|
||||
}
|
||||
return $r;
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user