harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #690 from habeascodice/master

Browse Source 
Initial postgres support
This commit is contained in:
RedMatrix 2014-11-14 08:52:38 +11:00
commit 9132a1c195
110 changed files with 2258 additions and 645 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
boot.php
View File

@ -54,7 +54,7 @@ define ( 'DB_UPDATE_VERSION', 1131 );
define ( 'EOL', '<br>' . "\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
define ( 'NULL_DATE', '0000-00-00 00:00:00' );
//define ( 'NULL_DATE', '0000-00-00 00:00:00' );
define ( 'TEMPLATE_BUILD_PATH', 'store/[data]/smarty3' );
define ( 'DIRECTORY_MODE_NORMAL', 0x0000); // This is technically DIRECTORY_MODE_TERTIARY, but it's the default, hence 0x0000
@ -567,6 +567,8 @@ define ( 'ITEM_VERIFIED', 0x2000); // Signature verification was success
define ( 'ITEM_RETAINED', 0x4000); // We looked at this item once to decide whether or not to expire it, and decided not to.
define ( 'ITEM_RSS', 0x8000); // Item comes from a feed. Use this to decide whether to link the title
// Don't make us evaluate this same item again.
define ( 'DBTYPE_MYSQL', 0 );
define ( 'DBTYPE_POSTGRES', 1 );
/**
*
@ -1416,7 +1418,7 @@ function fix_system_urls($oldurl,$newurl) {
$replace_xchan_url = ((strpos($rr['xchan_url'],$oldurl) !== false) ? true : false);
$x = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_connurl = '%s', xchan_follow = '%s', xchan_connpage = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_date = '%s' where xchan_hash = '%s' limit 1",
$x = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_connurl = '%s', xchan_follow = '%s', xchan_connpage = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'",
dbesc($channel_address . '@' . $rhs),
dbesc(($replace_xchan_url) ? str_replace($oldurl,$newurl,$rr['xchan_url']) : $rr['xchan_url']),
dbesc(str_replace($oldurl,$newurl,$rr['xchan_connurl'])),
@ -1429,7 +1431,7 @@ function fix_system_urls($oldurl,$newurl) {
dbesc($rr['xchan_hash'])
);
$y = q("update hubloc set hubloc_addr = '%s', hubloc_url = '%s', hubloc_url_sig = '%s', hubloc_host = '%s', hubloc_callback = '%s' where hubloc_hash = '%s' and hubloc_url = '%s' limit 1",
$y = q("update hubloc set hubloc_addr = '%s', hubloc_url = '%s', hubloc_url_sig = '%s', hubloc_host = '%s', hubloc_callback = '%s' where hubloc_hash = '%s' and hubloc_url = '%s'",
dbesc($channel_address . '@' . $rhs),
dbesc($newurl),
dbesc(base64url_encode(rsa_sign($newurl,$c[0]['channel_prvkey']))),

3
doc/developers.bb
View File

@ -64,4 +64,7 @@ In the interests of consistency we adopt the following code styling. We may acce
[li] Generally speaking, opening braces go on the same line as the thing which opens the brace. They are the last character on the line. Closing braces are on a line by themselves. [/li]
[b]See Also[/b]
[zrl=[baseurl]/help/sql_conventions]SQL Conventions[/zrl]
#include doc/macros/main_footer.bb;

87
doc/sql_conventions.bb Normal file
View File

@ -0,0 +1,87 @@
[h1]SQL Conventions[/h1]
[b]Intro[/b]
The following common SQL conventions appear throughout the code in many places. We use a simple DBA (DataBase Abstraction layer) to handle differences between databases. Please be sure to use only standards-compliant SQL.
[b]Rule One[/b]
Worth Repeating: Don't use non-standard SQL. This goes for addons as well. If you do use non-standard SQL, and the dba funcs are insufficient, do a if()/switch() or similar for all currently supported databases. Currently nothing red# does requires non-standard SQL.
[b]Using a format string[/b]
[li]Uses sprintf()
To be written
[code]// Example
$r = q("SELECT * FROM profile WHERE uid = %d",
local_user()
);
[/code][/li]
[b]Checking bit flags in a where clause[/b]
[li]You must explicitly convert integers to booleans. The easiest way to do this is to compare to 0.
[code]// Example
$r = q("SELECT abook_id, abook_flags, abook_my_perms, abook_their_perms, xchan_hash, xchan_photo_m, xchan_name, xchan_url from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d)>0 ",
intval($uid),
intval(ABOOK_FLAG_SELF)
);
[/code]
[/li]
[li]Turning off a flag
[code]$y = q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_ORPHAN),
dbesc($rr['hubloc_hash'])
);[/code]
[/li]
[li]Turning on a flag
[code]$y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN),
dbesc($rr['hubloc_hash'])
);[/code]
[/li]
[b]Using relative times (INTERVALs)[/b]
[li]Sometimes you want to compare something, like less than x days old.
[code]// Example
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_dob > %s + interval %s and abook_dob < %s + interval %s",
db_utcnow(), db_quoteinterval('7 day'),
db_utcnow(), db_quoteinterval('14 day')
);[/code]
[/li]
[b]Paged results[/b]
[li]To be written
[code]// Example
$r = q("SELECT * FROM mail WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d OFFSET %d",
intval(api_user()),
intval($count), intval($start)
);[/code][/li]
[b]NULL dates[/b]
[li]To be written
[code]Example[/code][/li]
[b]Storing binary data[/b]
[li]To be written
[code]// Example
$x = q("update photo set data = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and scale = 0",
dbescbin($ph->imageString()),
intval($height),
intval($width),
dbesc($resource_id),
intval($page_owner_uid)
);[/code][/li]
[b]Current timestamp[/b]
[li][code]// Example
$randfunc = db_getfunc('rand');
$r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > %s - interval %s order by $randfunc limit 1",
db_utcnow(), db_quoteinterval('30 day')
);[/code][/li]
[b]SQL Function and Operator Abstraction[/b]
[li]Sometimes the same function or operator has a different name/symbol in each database. You use db_getfunc('funcname') to look them up. The string is [i]not[/i] case-sensitive; do [i]not[/i] include parens.
[code]// Example
$randfunc = db_getfunc('rand');
$r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > %s - interval %s order by $randfunc limit 1",
db_utcnow(), db_quoteinterval('30 day')
);[/code][/li]
#include doc/macros/main_footer.bb;

56
include/Contact.php
View File

@ -22,7 +22,7 @@ function rconnect_url($channel_id,$xchan) {
if(($r) && ($r[0]['xchan_follow']))
return $r[0]['xchan_follow'];
$r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d ) limit 1",
$r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d )>0 limit 1",
dbesc($xchan),
intval(HUBLOC_FLAGS_PRIMARY)
);
@ -35,7 +35,7 @@ function rconnect_url($channel_id,$xchan) {
function abook_connections($channel_id, $sql_conditions = '') {
$r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d
and not ( abook_flags & %d ) $sql_conditions",
and not ( abook_flags & %d )>0 $sql_conditions",
intval($channel_id),
intval(ABOOK_FLAG_SELF)
);
@ -44,7 +44,7 @@ function abook_connections($channel_id, $sql_conditions = '') {
function abook_self($channel_id) {
$r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d
and ( abook_flags & %d ) limit 1",
and ( abook_flags & %d )>0 limit 1",
intval($channel_id),
intval(ABOOK_FLAG_SELF)
);
@ -52,7 +52,7 @@ function abook_self($channel_id) {
}
function channelx_by_nick($nick) {
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and not ( channel_pageflags & %d ) LIMIT 1",
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and not ( channel_pageflags & %d )>0 LIMIT 1",
dbesc($nick),
intval(PAGE_REMOVED)
);
@ -60,7 +60,7 @@ function channelx_by_nick($nick) {
}
function channelx_by_hash($hash) {
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and not ( channel_pageflags & %d ) LIMIT 1",
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and not ( channel_pageflags & %d )>0 LIMIT 1",
dbesc($hash),
intval(PAGE_REMOVED)
);
@ -68,7 +68,7 @@ function channelx_by_hash($hash) {
}
function channelx_by_n($id) {
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and not ( channel_pageflags & %d ) LIMIT 1",
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and not ( channel_pageflags & %d )>0 LIMIT 1",
dbesc($id),
intval(PAGE_REMOVED)
);
@ -128,7 +128,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
function abook_toggle_flag($abook,$flag) {
$r = q("UPDATE abook set abook_flags = (abook_flags ^ %d) where abook_id = %d and abook_channel = %d limit 1",
$r = q("UPDATE abook set abook_flags = (abook_flags & ~%d) where abook_id = %d and abook_channel = %d",
intval($flag),
intval($abook['abook_id']),
intval($abook['abook_channel'])
@ -138,7 +138,7 @@ function abook_toggle_flag($abook,$flag) {
if(($flag === ABOOK_FLAG_ARCHIVED) && ($abook['abook_flags'] & ABOOK_FLAG_ARCHIVED)) {
$r = q("update abook set abook_connected = '%s', abook_updated = '%s'
where abook_id = %d and abook_channel = %d limit 1",
where abook_id = %d and abook_channel = %d",
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($abook['abook_id']),
@ -173,7 +173,7 @@ function account_remove($account_id,$local = true,$unset_session=true) {
// Don't let anybody nuke the only admin account.
$r = q("select account_id from account where (account_roles & %d)",
$r = q("select account_id from account where (account_roles & %d)>0",
intval(ACCOUNT_ROLE_ADMIN)
);
@ -201,7 +201,7 @@ function account_remove($account_id,$local = true,$unset_session=true) {
}
}
$r = q("delete from account where account_id = %d limit 1",
$r = q("delete from account where account_id = %d",
intval($account_id)
);
@ -239,7 +239,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
channel_r_photos = 0, channel_r_abook = 0, channel_w_stream = 0, channel_w_wall = 0, channel_w_tagwall = 0,
channel_w_comment = 0, channel_w_mail = 0, channel_w_photos = 0, channel_w_chat = 0, channel_a_delegate = 0,
channel_r_storage = 0, channel_w_storage = 0, channel_r_pages = 0, channel_w_pages = 0, channel_a_republish = 0
where channel_id = %d limit 1",
where channel_id = %d",
dbesc(datetime_convert()),
intval(PAGE_REMOVED),
intval($channel_id)
@ -275,12 +275,12 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
q("DELETE FROM `spam` WHERE `uid` = %d", intval($channel_id));
q("delete from abook where abook_xchan = '%s' and (abook_flags & %d) limit 1",
q("delete from abook where abook_xchan = '%s' and (abook_flags & %d)>0",
dbesc($channel['channel_hash']),
dbesc(ABOOK_FLAG_SELF)
);
$r = q("update channel set channel_deleted = '%s', channel_pageflags = (channel_pageflags | %d) where channel_id = %d limit 1",
$r = q("update channel set channel_deleted = '%s', channel_pageflags = (channel_pageflags | %d) where channel_id = %d",
dbesc(datetime_convert()),
intval(PAGE_REMOVED),
intval($channel_id)
@ -296,7 +296,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
$hublocs = 0;
$r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)",
$r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)>0",
dbesc($channel['channel_hash']),
intval(HUBLOC_FLAGS_DELETED)
);
@ -335,10 +335,11 @@ function mark_orphan_hubsxchans() {
if($dirmode == DIRECTORY_MODE_NORMAL)
return;
$r = q("update hubloc set hubloc_status = (hubloc_status | %d) where not (hubloc_status & %d)
and hubloc_network = 'zot' and hubloc_connected < utc_timestamp() - interval 36 day",
$r = q("update hubloc set hubloc_status = (hubloc_status | %d) where not (hubloc_status & %d)>0
and hubloc_network = 'zot' and hubloc_connected < %s - interval %s",
intval(HUBLOC_OFFLINE),
intval(HUBLOC_OFFLINE)
intval(HUBLOC_OFFLINE),
db_utcnow(), db_quoteinterval('36 day')
);
// $realm = get_directory_realm();
@ -354,7 +355,7 @@ function mark_orphan_hubsxchans() {
// }
$r = q("select hubloc_id, hubloc_hash from hubloc where (hubloc_status & %d) and not (hubloc_flags & %d)",
$r = q("select hubloc_id, hubloc_hash from hubloc where (hubloc_status & %d)>0 and not (hubloc_flags & %d)>0",
intval(HUBLOC_OFFLINE),
intval(HUBLOC_FLAGS_ORPHANCHECK)
);
@ -364,7 +365,7 @@ function mark_orphan_hubsxchans() {
// see if any other hublocs are still alive for this channel
$x = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_status & %d)",
$x = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_status & %d)>0",
dbesc($rr['hubloc_hash']),
intval(HUBLOC_OFFLINE)
);
@ -372,7 +373,7 @@ function mark_orphan_hubsxchans() {
// yes - if the xchan was marked as an orphan, undo it
$y = q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1",
$y = q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_ORPHAN),
dbesc($rr['hubloc_hash'])
@ -383,7 +384,7 @@ function mark_orphan_hubsxchans() {
// nope - mark the xchan as an orphan
$y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s' limit 1",
$y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN),
dbesc($rr['hubloc_hash'])
);
@ -391,7 +392,7 @@ function mark_orphan_hubsxchans() {
// mark that we've checked this entry so we don't need to do it again
$y = q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d limit 1",
$y = q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d",
intval(HUBLOC_FLAGS_ORPHANCHECK),
dbesc($rr['hubloc_id'])
);
@ -449,7 +450,7 @@ function remove_all_xchan_resources($xchan, $channel_id = 0) {
if($dirmode === false || $dirmode == DIRECTORY_MODE_NORMAL) {
$r = q("delete from xchan where xchan_hash = '%s' limit 1",
$r = q("delete from xchan where xchan_hash = '%s'",
dbesc($xchan)
);
$r = q("delete from hubloc where hubloc_hash = '%s'",
@ -482,7 +483,7 @@ function contact_remove($channel_id, $abook_id) {
$archive = get_pconfig($channel_id, 'system','archive_removed_contacts');
if($archive) {
q("update abook set abook_flags = ( abook_flags | %d ) where abook_id = %d and abook_channel = %d limit 1",
q("update abook set abook_flags = ( abook_flags | %d ) where abook_id = %d and abook_channel = %d",
intval(ABOOK_FLAG_ARCHIVED),
intval($abook_id),
intval($channel_id)
@ -514,7 +515,7 @@ function contact_remove($channel_id, $abook_id) {
}
}
q("delete from abook where abook_id = %d and abook_channel = %d limit 1",
q("delete from abook where abook_id = %d and abook_channel = %d",
intval($abook['abook_id']),
intval($channel_id)
);
@ -541,7 +542,10 @@ function contact_remove($channel_id, $abook_id) {
function random_profile() {
$r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > UTC_TIMESTAMP() - interval 30 day order by rand() limit 1");
$randfunc = db_getfunc('rand');
$r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > %s - interval %s order by $randfunc limit 1",
db_utcnow(), db_quoteinterval('30 day')
);
if($r)
return $r[0]['xchan_url'];
return '';

16
include/RedDAV/RedDirectory.php
View File

@ -159,7 +159,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
list($parent_path, ) = DAV\URLUtil::splitPath($this->red_path);
$new_path = $parent_path . '/' . $name;
$r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1",
$r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($name),
dbesc($this->folder_hash),
intval($this->auth->owner_id)
@ -197,7 +197,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
$mimetype = z_mime_content_type($name);
$c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1",
$c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1",
intval($this->auth->owner_id),
intval(PAGE_REMOVED)
);
@ -246,7 +246,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
$edited = datetime_convert();
// updates entry with filesize and timestamp
$d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1",
$d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($size),
dbesc($edited),
dbesc($hash),
@ -254,7 +254,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
);
// update the folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1",
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($edited),
dbesc($this->folder_hash),
intval($c[0]['channel_id'])
@ -293,7 +293,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
throw new DAV\Exception\Forbidden('Permission denied.');
}
$r = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1",
$r = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1",
intval($this->auth->owner_id),
intval(PAGE_REMOVED)
);
@ -362,7 +362,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
$channel_name = $path_arr[0];
$r = q("SELECT channel_id FROM channel WHERE channel_address = '%s' AND NOT ( channel_pageflags & %d ) LIMIT 1",
$r = q("SELECT channel_id FROM channel WHERE channel_address = '%s' AND NOT ( channel_pageflags & %d )>0 LIMIT 1",
dbesc($channel_name),
intval(PAGE_REMOVED)
);
@ -380,7 +380,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
$os_path = '';
for ($x = 1; $x < count($path_arr); $x++) {
$r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)",
$r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0",
dbesc($folder),
dbesc($path_arr[$x]),
intval($channel_id),
@ -440,7 +440,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
$free = disk_free_space('store');
if ($this->auth->owner_id) {
$c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1",
$c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d)>0 limit 1",
intval($this->auth->owner_id),
intval(PAGE_REMOVED)
);

10
include/RedDAV/RedFile.php
View File

@ -79,7 +79,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
$newName = str_replace('/', '%2F', $newName);
$r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND id = %d LIMIT 1",
$r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND id = %d",
dbesc($this->data['filename']),
intval($this->data['id'])
);
@ -96,7 +96,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
$size = 0;
// @todo only 3 values are needed
$c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1",
$c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1",
intval($this->auth->owner_id),
intval(PAGE_REMOVED)
);
@ -113,7 +113,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
$size = @filesize($f);
logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG);
} else {
$r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1",
$r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d",
dbesc(stream_get_contents($data)),
dbesc($this->data['hash']),
intval($this->data['uid'])
@ -131,7 +131,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
// returns now()
$edited = datetime_convert();
$d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1",
$d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($size),
dbesc($edited),
dbesc($this->data['hash']),
@ -139,7 +139,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
);
// update the folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1",
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($edited),
dbesc($r[0]['folder']),
intval($c[0]['channel_id'])

31
include/account.php
View File

@ -202,7 +202,7 @@ function create_account($arr) {
// Set the parent record to the current record_id if no parent was provided
if(! $parent) {
$r = q("update account set account_parent = %d where account_id = %d limit 1",
$r = q("update account set account_parent = %d where account_id = %d",
intval($result['account']['account_id']),
intval($result['account']['account_id'])
);
@ -367,16 +367,16 @@ function user_allow($hash) {
if(! $account)
return $ret;
$r = q("DELETE FROM register WHERE hash = '%s' LIMIT 1",
$r = q("DELETE FROM register WHERE hash = '%s'",
dbesc($register[0]['hash'])
);
$r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1",
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_BLOCKED),
intval(ACCOUNT_BLOCKED),
intval($register[0]['uid'])
);
$r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1",
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_PENDING),
intval(ACCOUNT_PENDING),
intval($register[0]['uid'])
@ -430,11 +430,11 @@ function user_deny($hash) {
if(! $account)
return false;
$r = q("DELETE FROM account WHERE account_id = %d LIMIT 1",
$r = q("DELETE FROM account WHERE account_id = %d",
intval($register[0]['uid'])
);
$r = q("DELETE FROM `register` WHERE id = %d LIMIT 1",
$r = q("DELETE FROM `register` WHERE id = %d",
dbesc($register[0]['id'])
);
notice( sprintf(t('Registration revoked for %s'), $account[0]['account_email']) . EOL);
@ -463,21 +463,21 @@ function user_approve($hash) {
if(! $account)
return $ret;
$r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify' LIMIT 1",
$r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify'",
dbesc($register[0]['hash'])
);
$r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1",
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_BLOCKED),
intval(ACCOUNT_BLOCKED),
intval($register[0]['uid'])
);
$r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1",
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_PENDING),
intval(ACCOUNT_PENDING),
intval($register[0]['uid'])
);
$r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1",
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d",
intval(ACCOUNT_UNVERIFIED),
intval(ACCOUNT_UNVERIFIED),
intval($register[0]['uid'])
@ -510,11 +510,12 @@ function user_approve($hash) {
function downgrade_accounts() {
$r = q("select * from account where not ( account_flags & %d )
$r = q("select * from account where not ( account_flags & %d )>0
and account_expires != '%s'
and account_expires < UTC_TIMESTAMP() ",
and account_expires < %s ",
intval(ACCOUNT_EXPIRED),
dbesc(NULL_DATE)
dbesc(NULL_DATE),
db_getfunc('UTC_TIMESTAMP')
);
if(! $r)
@ -527,7 +528,7 @@ function downgrade_accounts() {
if(($basic) && ($rr['account_service_class']) && ($rr['account_service_class'] != $basic)) {
$x = q("UPDATE account set account_service_class = '%s', account_expires = '%s'
where account_id = %d limit 1",
where account_id = %d",
dbesc($basic),
dbesc(NULL_DATE),
intval($rr['account_id'])
@ -537,7 +538,7 @@ function downgrade_accounts() {
logger('downgrade_accounts: Account id ' . $rr['account_id'] . ' downgraded.');
}
else {
$x = q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d limit 1",
$x = q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d",
intval(ACCOUNT_EXPIRED),
intval($rr['account_id'])
);

2
include/acl_selectors.php
View File

@ -171,7 +171,7 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p
$o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" $tabindex >\r\n";
$r = q("SELECT abook_id, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash
where abook_flags = 0 or not ( abook_flags & %d ) and abook_channel = %d
where abook_flags = 0 or not ( abook_flags & %d )>0 and abook_channel = %d
$sql_extra
ORDER BY xchan_name ASC ",
intval(ABOOK_FLAG_SELF),

28
include/api.php
View File

@ -309,7 +309,7 @@ require_once('include/items.php');
return False;
} else {
$user = local_user();
$extra_query = " AND abook_channel = %d AND (abook_flags & " . ABOOK_FLAG_SELF . " ) ";
$extra_query = " AND abook_channel = %d AND (abook_flags & " . ABOOK_FLAG_SELF . " )>0 ";
}
}
@ -336,7 +336,7 @@ require_once('include/items.php');
// count public wall messages
$r = q("SELECT COUNT(`id`) as `count` FROM `item`
WHERE `uid` = %d
AND ( item_flags & %d ) and item_restrict = 0
AND ( item_flags & %d )>0 and item_restrict = 0
AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
intval($usr[0]['channel_id']),
intval(ITEM_WALL)
@ -363,7 +363,7 @@ require_once('include/items.php');
$countfollowers = $r[0]['count'];
}
$r = q("SELECT count(`id`) as `count` FROM item where ( item_flags & %d ) and uid = %d and item_restrict = 0",
$r = q("SELECT count(`id`) as `count` FROM item where ( item_flags & %d )>0 and uid = %d and item_restrict = 0",
intval($uinfo[0]['channel_id']),
intval(ITEM_STARRED)
);
@ -1004,8 +1004,8 @@ require_once('include/items.php');
// at the network timeline just mark everything seen.
if (api_user() == $user_info['uid']) {
$r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d )
WHERE item_flags & %d and uid = %d",
$r = q("UPDATE `item` SET item_flags = ( item_flags & ~%d )
WHERE (item_flags & %d)>0 and uid = %d",
intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN),
intval($user_info['uid'])
@ -1062,10 +1062,10 @@ require_once('include/items.php');
and uid in ( " . stream_perms_api_uids() . " )
$sql_extra
AND id > %d group by mid
order by received desc LIMIT %d, %d ",
order by received desc LIMIT %d OFFSET %d ",
intval($since_id),
intval($start),
intval($count)
intval($count),
intval($start)
);
xchan_query($r,true);
@ -1706,9 +1706,9 @@ require_once('include/items.php');
// For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams.
// This won't work if either of you send your stream to everybody on the network
if($qtype == 'friends')
$sql_extra = sprintf(" AND ( abook_their_perms & %d ) and ( abook_my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
$sql_extra = sprintf(" AND ( abook_their_perms & %d )>0 and ( abook_my_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
if($qtype == 'followers')
$sql_extra = sprintf(" AND ( abook_my_perms & %d ) and not ( abook_their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
$sql_extra = sprintf(" AND ( abook_my_perms & %d )>0 and not ( abook_their_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
$r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
intval(api_user())
@ -1822,9 +1822,9 @@ require_once('include/items.php');
// This won't work if either of you send your stream to everybody on the network
if($qtype == 'friends')
$sql_extra = sprintf(" AND ( abook_their_perms & %d ) and ( abook_my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
$sql_extra = sprintf(" AND ( abook_their_perms & %d )>0 and ( abook_my_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
if($qtype == 'followers')
$sql_extra = sprintf(" AND ( abook_my_perms & %d ) and not ( abook_their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
$sql_extra = sprintf(" AND ( abook_my_perms & %d )>0 and not ( abook_their_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
$r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
intval(api_user())
@ -1940,9 +1940,9 @@ require_once('include/items.php');
$sql_extra = "`from-url`!='".dbesc( $profile_url )."'";
}
$r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d",
$r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d OFFSET %d",
intval(api_user()),
intval($start), intval($count)
intval($count), intval($start)
);
$ret = Array();

4
include/apps.php
View File

@ -267,7 +267,7 @@ function app_install($uid,$app) {
function app_destroy($uid,$app) {
if($uid && $app['guid']) {
$r = q("delete from app where app_id = '%s' and app_channel = %d limit 1",
$r = q("delete from app where app_id = '%s' and app_channel = %d",
dbesc($app['guid']),
intval($uid)
);
@ -388,7 +388,7 @@ function app_update($arr) {
$darray['app_page'] = ((x($arr,'page')) ? escape_tags($arr['page']) : '');
$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
$r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s' where app_id = '%s' and app_channel = %d limit 1",
$r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s' where app_id = '%s' and app_channel = %d",
dbesc($darray['app_sig']),
dbesc($darray['app_author']),
dbesc($darray['app_name']),

20
include/attach.php
View File

@ -400,7 +400,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
$created = datetime_convert();
if($options === 'replace') {
$r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d limit 1",
$r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d",
dbesc($filename),
dbesc($mimetype),
intval($filesize),
@ -432,7 +432,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
}
elseif($options === 'update') {
$r = q("update attach set filename = '%s', filetype = '%s', edited = '%s',
allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d limit 1",
allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d",
dbesc((array_key_exists('filename',$arr)) ? $arr['filename'] : $x[0]['filename']),
dbesc((array_key_exists('filetype',$arr)) ? $arr['filetype'] : $x[0]['filetype']),
dbesc($created),
@ -517,7 +517,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') {
if(count($paths) > 1) {
$curpath = array_shift($paths);
$r = q("select hash, id from attach where uid = %d and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id) . " limit 1",
$r = q("select hash, id from attach where uid = %d and filename = '%s' and (flags & %d )>0 " . permissions_sql($channel_id) . " limit 1",
intval($channel_id),
dbesc($curpath),
intval(ATTACH_FLAG_DIR)
@ -533,7 +533,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') {
else
$paths = array($pathname);
$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id),
$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d )>0 " . permissions_sql($channel_id),
intval($channel_id),
dbesc($parent_hash),
dbesc($paths[0]),
@ -617,7 +617,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
$sql_options = permissions_sql($channel['channel_id']);
do {
$r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )
$r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0
$sql_options limit 1",
intval($channel['channel_id']),
dbesc($lfile),
@ -669,7 +669,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
$ret['data'] = $arr;
// update the parent folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1",
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($created),
dbesc($arr['folder']),
intval($channel_id)
@ -722,7 +722,7 @@ function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gi
}
}
$x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d limit 1",
$x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d",
dbesc($allow_cid),
dbesc($allow_gid),
dbesc($deny_cid),
@ -790,13 +790,13 @@ function attach_delete($channel_id, $resource) {
}
// delete from database
$z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1",
$z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d",
dbesc($resource),
intval($channel_id)
);
// update the parent folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1",
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc(datetime_convert()),
dbesc($r[0]['folder']),
intval($channel_id)
@ -831,7 +831,7 @@ function get_cloudpath($arr) {
$lfile = $arr['folder'];
do {
$r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )
$r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0
limit 1",
intval($arr['uid']),
dbesc($lfile),

2
include/auth.php
View File

@ -123,7 +123,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
// if our authenticated guest is allowed to take control of the admin channel, make it so.
$admins = get_config('system', 'remote_admin');
if($admins && is_array($admins) && in_array($_SESSION['visitor_id'], $admins)) {
$x = q("select * from account where account_email = '%s' and account_email != '' and ( account_flags & %d ) limit 1",
$x = q("select * from account where account_email = '%s' and account_email != '' and ( account_flags & %d )>0 limit 1",
dbesc(get_config('system', 'admin_email')),
intval(ACCOUNT_ROLE_ADMIN)
);

2
include/cache.php
View File

@ -21,7 +21,7 @@
dbesc($key)
);
if($r) {
q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s' limit 1",
q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s'",
dbesc($value),
dbesc(datetime_convert()),
dbesc($key));

13
include/chat.php
View File

@ -77,7 +77,7 @@ function chatroom_destroy($channel,$arr) {
return $ret;
}
q("delete from chatroom where cr_id = %d limit 1",
q("delete from chatroom where cr_id = %d",
intval($r[0]['cr_id'])
);
if($r[0]['cr_id']) {
@ -129,8 +129,11 @@ function chatroom_enter($observer_xchan,$room_id,$status,$client) {
}
if(intval($x[0]['cr_expire'])) {
$sql = "delete from chat where created < UTC_TIMESTAMP() - INTERVAL " . intval($x[0]['cr_expire']) . " MINUTE and chat_room = " . intval($x[0]['cr_id']);
$r = q($sql);
$r = q("delete from chat where created < %s - INTERVAL %s and chat_room = %d",
db_utcnow(),
db_quoteinterval( intval($x[0]['cr_expire']) . ' MINUTE' ),
intval($x[0]['cr_id'])
);
}
$r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1",
@ -138,7 +141,7 @@ function chatroom_enter($observer_xchan,$room_id,$status,$client) {
intval($room_id)
);
if($r) {
q("update chatpresence set cp_last = '%s' where cp_id = %d and cp_client = '%s' limit 1",
q("update chatpresence set cp_last = '%s' where cp_id = %d and cp_client = '%s'",
dbesc(datetime_convert()),
intval($r[0]['cp_id']),
dbesc($client)
@ -169,7 +172,7 @@ function chatroom_leave($observer_xchan,$room_id,$client) {
dbesc($client)
);
if($r) {
q("delete from chatpresence where cp_id = %d limit 1",
q("delete from chatpresence where cp_id = %d",
intval($r[0]['cp_id'])
);
}

4
include/cli_startup.php
View File

@ -19,8 +19,8 @@ function cli_startup() {
date_default_timezone_set($a->timezone);
require_once('include/dba/dba_driver.php');
$db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data);
unset($db_host, $db_port, $db_user, $db_pass, $db_data);
$db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
};
require_once('include/session.php');

12
include/config.php
View File

@ -154,7 +154,7 @@ function set_config($family, $key, $value) {
return $ret;
}
$ret = q("UPDATE config SET v = '%s' WHERE cat = '%s' AND k = '%s' LIMIT 1",
$ret = q("UPDATE config SET v = '%s' WHERE cat = '%s' AND k = '%s'",
dbesc($dbvalue),
dbesc($family),
dbesc($key)
@ -185,7 +185,7 @@ function del_config($family, $key) {
if(array_key_exists($family, $a->config) && array_key_exists($key, $a->config[$family]))
unset($a->config[$family][$key]);
$ret = q("DELETE FROM config WHERE cat = '%s' AND k = '%s' LIMIT 1",
$ret = q("DELETE FROM config WHERE cat = '%s' AND k = '%s'",
dbesc($family),
dbesc($key)
);
@ -318,7 +318,7 @@ function set_pconfig($uid, $family, $key, $value) {
return $ret;
}
$ret = q("UPDATE pconfig SET v = '%s' WHERE uid = %d and cat = '%s' AND k = '%s' LIMIT 1",
$ret = q("UPDATE pconfig SET v = '%s' WHERE uid = %d and cat = '%s' AND k = '%s'",
dbesc($dbvalue),
intval($uid),
dbesc($family),
@ -362,7 +362,7 @@ function del_pconfig($uid, $family, $key) {
if(x($a->config[$uid][$family], $key))
unset($a->config[$uid][$family][$key]);
$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s' LIMIT 1",
$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'",
intval($uid),
dbesc($family),
dbesc($key)
@ -483,7 +483,7 @@ function set_xconfig($xchan, $family, $key, $value) {
return $ret;
}
$ret = q("UPDATE xconfig SET v = '%s' WHERE xchan = '%s' and cat = '%s' AND k = '%s' LIMIT 1",
$ret = q("UPDATE xconfig SET v = '%s' WHERE xchan = '%s' and cat = '%s' AND k = '%s'",
dbesc($dbvalue),
dbesc($xchan),
dbesc($family),
@ -517,7 +517,7 @@ function del_xconfig($xchan, $family, $key) {
if(x($a->config[$xchan][$family], $key))
unset($a->config[$xchan][$family][$key]);
$ret = q("DELETE FROM `xconfig` WHERE `xchan` = '%s' AND `cat` = '%s' AND `k` = '%s' LIMIT 1",
$ret = q("DELETE FROM `xconfig` WHERE `xchan` = '%s' AND `cat` = '%s' AND `k` = '%s'",
dbesc($xchan),
dbesc($family),
dbesc($key)

7
include/datetime.php
View File

@ -460,7 +460,10 @@ function update_birthdays() {
require_once('include/permissions.php');
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_dob > utc_timestamp() + interval 7 day and abook_dob < utc_timestamp() + interval 14 day");
WHERE abook_dob > %s + interval %s and abook_dob < %s + interval %s",
db_utcnow(), db_quoteinterval('7 day'),
db_utcnow(), db_quoteinterval('14 day')
);
if($r) {
foreach($r as $rr) {
@ -482,7 +485,7 @@ function update_birthdays() {
$z = event_store_event($ev);
if($z) {
$item_id = event_store_item($ev,$z);
q("update abook set abook_dob = '%s' where abook_id = %d limit 1",
q("update abook set abook_dob = '%s' where abook_id = %d",
dbesc(intval($rr['abook_dob']) + 1 . substr($rr['abook_dob'],4)),
intval($rr['abook_id'])
);

144
include/dba/dba_driver.php
View File

@ -17,23 +17,30 @@
* @param string $user DB username
* @param string $pass DB password
* @param string $db database name
* @param string $dbtype 0 for mysql, 1 for postgres
* @param bool $install Defaults to false
* @return null|dba_driver A database driver object (dba_mysql|dba_mysqli) or null if no driver found.
*/
function dba_factory($server, $port, $user, $pass, $db, $install = false) {
function dba_factory($server, $port,$user,$pass,$db,$dbtype,$install = false) {
$dba = null;
if (class_exists('mysqli')) {
if (is_null($port)) $port = ini_get("mysqli.default_port");
require_once('include/dba/dba_mysqli.php');
$dba = new dba_mysqli($server, $port, $user, $pass, $db, $install);
if($dbtype == 1) {
require_once('include/dba/dba_postgres.php');
if(is_null($port)) $port = 5432;
$dba = new dba_postgres($server, $port, $user, $pass, $db, $install);
} else {
if(class_exists('mysqli')) {
if (is_null($port)) $port = ini_get("mysqli.default_port");
require_once('include/dba/dba_mysqli.php');
$dba = new dba_mysqli($server, $port,$user,$pass,$db,$install);
} else {
if (is_null($port)) $port = "3306";
require_once('include/dba/dba_mysql.php');
$dba = new dba_mysql($server, $port,$user,$pass,$db,$install);
}
}
else {
if (is_null($port)) $port = "3306";
require_once('include/dba/dba_mysql.php');
$dba = new dba_mysql($server, $port, $user, $pass, $db, $install);
}
define('NULL_DATE', $dba->get_null_date());
define('ACTIVE_DBTYPE', $dbtype);
return $dba;
}
@ -44,6 +51,10 @@ function dba_factory($server, $port, $user, $pass, $db, $install = false) {
* dba_mysqli.
*/
abstract class dba_driver {
// legacy behavior
const INSTALL_SCRIPT='install/schema_mysql.sql';
const NULL_DATE = '0000-00-00 00:00:00';
const UTC_NOW = 'UTC_TIMESTAMP()';
protected $debug = 0;
protected $db;
@ -97,7 +108,19 @@ abstract class dba_driver {
$this->connect($server, $port, $user, $pass, $db);
}
function install($server, $user, $pass, $db) {
function get_null_date() {
return static::NULL_DATE;
}
function get_install_script() {
return static::INSTALL_SCRIPT;
}
function utcnow() {
return static::UTC_NOW;
}
function install($server,$user,$pass,$db) {
if (!(strlen($server) && strlen($user))){
$this->connected = false;
$this->db = null;
@ -130,6 +153,25 @@ abstract class dba_driver {
}
}
function quote_interval($txt) {
return $txt;
}
function optimize_table($table) {
q('OPTIMIZE TABLE '.$table);
}
function concat($fld, $sep) {
return 'GROUP_CONCAT(DISTINCT '.$fld.' SEPARATOR \''.$sep.'\')';
}
function escapebin($str) {
return $this->escape($str);
}
function unescapebin($str) {
return $str;
}
} // end abstract dba_driver class
@ -174,6 +216,55 @@ function dbesc($str) {
else
return(str_replace("'", "\\'", $str));
}
function dbescbin($str) {
global $db;
return $db->escapebin($str);
}
function dbunescbin($str) {
global $db;
return $db->unescapebin($str);
}
function dbescdate($date) {
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES && $date == '0000-00-00 00:00:00') {
$date = NULL_DATE;
} else if(ACTIVE_DBTYPE != DBTYPE_POSTGRES && $date == '0001-01-01 00:00:00') {
$date = NULL_DATE;
}
return $date;
}
function db_quoteinterval($txt) {
global $db;
return $db->quote_interval($txt);
}
function dbesc_identifier($str) {
global $db;
return $db->escape_identifier($txt);
}
function db_utcnow() {
global $db;
return $db->utcnow();
}
function db_optimizetable($table) {
global $db;
$db->optimize_table($table);
}
function db_concat($fld, $sep) {
global $db;
return $db->concat($fld, $sep);
}
// Function: q($sql,$args);
// Description: execute SQL query with printf style args.
// Example: $r = q("SELECT * FROM `%s` WHERE `uid` = %d",
// 'user', 1);
/**
* @brief Execute a SQL query with printf style args.
@ -243,8 +334,11 @@ function dbq($sql) {
// cast to int to avoid trouble.
function dbesc_array_cb(&$item, $key) {
if(is_string($item))
if(is_string($item)) {
if($item == '0000-00-00 00:00:00' && ACTIVE_DBTYPE == DBTYPE_POSTGRES)
$item = '0001-01-01 00:00:00';
$item = dbesc($item);
}
}
@ -253,3 +347,27 @@ function dbesc_array(&$arr) {
array_walk($arr,'dbesc_array_cb');
}
}
function db_getfunc($f) {
$lookup = array(
'rand'=>array(
DBTYPE_MYSQL=>'RAND()',
DBTYPE_POSTGRES=>'RANDOM()'
),
'utc_timestamp'=>array(
DBTYPE_MYSQL=>'UTC_TIMESTAMP()',
DBTYPE_POSTGRES=>"now() at time zone 'UTC'"
),
'regexp'=>array(
DBTYPE_MYSQL=>'REGEXP',
DBTYPE_POSTGRES=>'~'
)
);
$f = strtolower($f);
if(isset($lookup[$f]) && isset($lookup[$f][ACTIVE_DBTYPE]))
return $lookup[$f][ACTIVE_DBTYPE];
logger('Unable to abstract DB function "'. $f . '"', LOG_DEBUG);
return $f;
}

112
include/dba/dba_postgres.php Normal file
View File

@ -0,0 +1,112 @@
<?php
require_once('include/dba/dba_driver.php');
class dba_postgres extends dba_driver {
const INSTALL_SCRIPT='install/schema_postgres.sql';
const NULL_DATE = '0001-01-01 00:00:00';
const UTC_NOW = "now() at time zone 'UTC'";
function connect($server,$port,$user,$pass,$db) {
if(!$port) $port = 5432;
$connstr = 'host=' . $server . ' port='.$port . ' user=' . $user . ' password=' . $pass . ' dbname='. $db;
$this->db = pg_connect($connstr);
if($this->db !== false) {
$this->connected = true;
} else {
$this->connected = false;
}
$this->q("SET standard_conforming_strings = 'off'; SET backslash_quote = 'on';"); // emulate mysql string escaping to prevent massive code-clobber
return $this->connected;
}
function q($sql) {
if((! $this->db) || (! $this->connected))
return false;
if(!strpos($sql, ';'))
$sql .= ';';
if(strpos($sql, '`')) // this is a hack. quoted identifiers should be replaced everywhere in the code with dbesc_identifier(), remove this once it is
$sql = str_replace('`', '"', $sql);
$this->error = '';
$result = @pg_query($this->db, $sql);
if(file_exists('db-allqueries.out')) {
$bt = debug_backtrace();
$trace = array();
foreach($bt as $frame) {
if(!empty($frame['file']) && @strstr($frame['file'], $_SERVER['DOCUMENT_ROOT']))
$frame['file'] = substr($frame['file'], strlen($_SERVER['DOCUMENT_ROOT'])+1);
$trace[] = $frame['file'] . ':' . $frame['function'] . '():' . $frame['line'] ;
}
$compact = join(', ', $trace);
file_put_contents('db-allqueries.out', datetime_convert() . ": " . $sql . ' is_resource: '.var_export(is_resource($result), true).', backtrace: '.$compact."\n\n", FILE_APPEND);
}
if($result === false)
$this->error = pg_last_error($this->db);
if($result === false || $this->error) {
//logger('dba_postgres: ' . printable($sql) . ' returned false.' . "\n" . $this->error);
if(file_exists('dbfail.out'))
file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n" . $this->error . "\n", FILE_APPEND);
}
if(($result === true) || ($result === false))
return $result;
if(pg_result_status($result) == PGSQL_COMMAND_OK)
return true;
$r = array();
if(pg_num_rows($result)) {
while($x = pg_fetch_array($result, null, PGSQL_ASSOC))
$r[] = $x;
pg_free_result($result);
if($this->debug)
logger('dba_postgres: ' . printable(print_r($r,true)));
}
return $r;
}
function escape($str) {
if($this->db && $this->connected) {
$x = @pg_escape_string($this->db, $str);
return $x;
}
}
function escapebin($str) {
return pg_escape_bytea($str);
}
function unescapebin($str) {
return pg_unescape_bytea($str);
}
function close() {
if($this->db)
pg_close($this->db);
$this->connected = false;
}
function quote_interval($txt) {
return "'$txt'";
}
function escape_identifier($str) {
return pg_escape_identifier($this->db, $str);
}
function optimize_table($table) {
// perhaps do some equivalent thing here, vacuum, etc? I think this is the DBA's domain anyway. Applications should not need to muss with this.
// for now do nothing without a compelling reason. function overrides default legacy mysql.
}
function concat($fld, $sep) {
return 'string_agg(' . $fld . ',\'' . $sep . '\')';
}
}

8
include/deliver.php
View File

@ -24,13 +24,13 @@ function deliver_run($argv, $argc) {
$result = z_post_url($r[0]['outq_posturl'],$r[0]['outq_msg']);
if($result['success'] && $result['return_code'] < 300) {
logger('deliver: queue post success to ' . $r[0]['outq_posturl'], LOGGER_DEBUG);
$y = q("delete from outq where outq_hash = '%s' limit 1",
$y = q("delete from outq where outq_hash = '%s'",
dbesc($argv[$x])
);
}
else {
logger('deliver: queue post returned ' . $result['return_code'] . ' from ' . $r[0]['outq_posturl'],LOGGER_DEBUG);
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1",
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s'",
dbesc(datetime_convert()),
dbesc($argv[$x])
);
@ -65,7 +65,7 @@ function deliver_run($argv, $argc) {
$msg = array('body' => json_encode(array('pickup' => array(array('notify' => $notify,'message' => $m)))));
zot_import($msg,z_root());
}
$r = q("delete from outq where outq_hash = '%s' limit 1",
$r = q("delete from outq where outq_hash = '%s'",
dbesc($argv[$x])
);
}
@ -77,7 +77,7 @@ function deliver_run($argv, $argc) {
zot_process_response($r[0]['outq_posturl'],$result, $r[0]);
}
else {
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1",
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s'",
dbesc(datetime_convert()),
dbesc($argv[$x])
);

2
include/diaspora.php
View File

@ -657,7 +657,7 @@ function diaspora_request($importer,$xml) {
$newperms = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK|PERMS_W_STREAM|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT|PERMS_R_STORAGE|PERMS_R_PAGES;
$r = q("update abook set abook_their_perms = %d where abook_id = %d and abook_channel = %d limit 1",
$r = q("update abook set abook_their_perms = %d where abook_id = %d and abook_channel = %d",
intval($newperms),
intval($contact['abook_id']),
intval($importer['channel_id'])

16
include/dir_fns.php
View File

@ -38,7 +38,7 @@ function check_upstream_directory() {
*/
$directory = get_config('system','directory_server');
if ($directory) {
$r = q("select * from site where site_url = '%s' and (site_flags & %d) ",
$r = q("select * from site where site_url = '%s' and (site_flags & %d)>0 ",
dbesc($directory),
intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY|DIRECTORY_MODE_STANDALONE)
);
@ -86,14 +86,14 @@ function sync_directories($dirmode) {
$realm = get_directory_realm();
if($realm == DIRECTORY_REALM) {
$r = q("select * from site where (site_flags & %d) and site_url != '%s' and ( site_realm = '%s' or site_realm = '') ",
$r = q("select * from site where (site_flags & %d)>0 and site_url != '%s' and ( site_realm = '%s' or site_realm = '') ",
intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
dbesc(z_root()),
dbesc($realm)
);
}
else {
$r = q("select * from site where (site_flags & %d) and site_url != '%s' and site_realm like '%s' ",
$r = q("select * from site where (site_flags & %d)>0 and site_url != '%s' and site_realm like '%s' ",
intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
dbesc(z_root()),
dbesc(protect_sprintf('%' . $realm . '%'))
@ -120,7 +120,7 @@ function sync_directories($dirmode) {
dbesc($r[0]['site_realm'])
);
$r = q("select * from site where (site_flags & %d) and site_url != '%s'",
$r = q("select * from site where (site_flags & %d)>0 and site_url != '%s'",
intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
dbesc(z_root())
);
@ -146,7 +146,7 @@ function sync_directories($dirmode) {
if((! $j['transactions']) || (! is_array($j['transactions'])))
continue;
q("update site set site_sync = '%s' where site_url = '%s' limit 1",
q("update site set site_sync = '%s' where site_url = '%s'",
dbesc(datetime_convert()),
dbesc($rr['site_url'])
);
@ -267,7 +267,7 @@ function local_dir_update($uid,$force) {
if($new_flags != $r[0]['xchan_flags']) {
$r = q("update xchan set xchan_flags = %d where xchan_hash = '%s' limit 1",
$r = q("update xchan set xchan_flags = %d where xchan_hash = '%s'",
intval($new_flags),
dbesc($p[0]['channel_hash'])
);
@ -281,10 +281,10 @@ function local_dir_update($uid,$force) {
}
else {
// they may have made it private
$r = q("delete from xprof where xprof_hash = '%s' limit 1",
$r = q("delete from xprof where xprof_hash = '%s'",
dbesc($hash)
);
$r = q("delete from xtag where xtag_hash = '%s' limit 1",
$r = q("delete from xtag where xtag_hash = '%s'",
dbesc($hash)
);
}

4
include/directory.php
View File

@ -42,7 +42,7 @@ function directory_run($argv, $argc){
local_dir_update($argv[1],$force);
q("update channel set channel_dirdate = '%s' where channel_id = %d limit 1",
q("update channel set channel_dirdate = '%s' where channel_id = %d",
dbesc(datetime_convert()),
intval($channel['channel_id'])
);
@ -85,7 +85,7 @@ function directory_run($argv, $argc){
);
}
else {
q("update channel set channel_dirdate = '%s' where channel_id = %d limit 1",
q("update channel set channel_dirdate = '%s' where channel_id = %d",
dbesc(datetime_convert()),
intval($channel['channel_id'])
);

4
include/enotify.php
View File

@ -18,7 +18,7 @@ function notification($params) {
}
if($params['to_xchan']) {
$y = q("select channel.*, account.* from channel left join account on channel_account_id = account_id
where channel_hash = '%s' and not (channel_pageflags & %d) limit 1",
where channel_hash = '%s' and not (channel_pageflags & %d)>0 limit 1",
dbesc($params['to_xchan']),
intval(PAGE_REMOVED)
);
@ -394,7 +394,7 @@ function notification($params) {
if(($a->language === 'en' || (! $a->language)) && strpos($msg,', '))
$msg = substr($msg,strpos($msg,', ')+1);
$r = q("update notify set msg = '%s' where id = %d and uid = %d limit 1",
$r = q("update notify set msg = '%s' where id = %d and uid = %d",
dbesc($msg),
intval($notify_id),
intval($datarray['uid'])

6
include/event.php
View File

@ -183,7 +183,7 @@ function event_store_event($arr) {
`allow_gid` = '%s',
`deny_cid` = '%s',
`deny_gid` = '%s'
WHERE `id` = %d AND `uid` = %d LIMIT 1",
WHERE `id` = %d AND `uid` = %d",
dbesc($arr['edited']),
dbesc($arr['start']),
@ -284,7 +284,7 @@ function event_addtocal($item_id, $uid) {
$event = event_store_event($ev);
if($event) {
$r = q("update item set resource_id = '%s', resource_type = 'event' where id = %d and uid = %d limit 1",
$r = q("update item set resource_id = '%s', resource_type = 'event' where id = %d and uid = %d",
dbesc($event['event_hash']),
intval($item['id']),
intval($channel['channel_id'])
@ -359,7 +359,7 @@ function event_store_item($arr,$event) {
$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d LIMIT 1",
q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d",
dbesc($arr['summary']),
dbesc($prefix . format_event_bbcode($arr)),
dbesc($object),

10
include/expire.php
View File

@ -7,9 +7,10 @@ function expire_run($argv, $argc){
cli_startup();
$r = q("select id from item where (item_restrict & %d) and not (item_restrict & %d) and changed < UTC_TIMESTAMP() - INTERVAL 10 DAY",
$r = q("select id from item where (item_restrict & %d)>0 and not (item_restrict & %d)>0 and changed < %s - INTERVAL %s",
intval(ITEM_DELETED),
intval(ITEM_PENDING_REMOVE)
intval(ITEM_PENDING_REMOVE),
db_utcnow(), db_quoteinterval('10 DAY')
);
if($r) {
foreach($r as $rr) {
@ -19,8 +20,9 @@ function expire_run($argv, $argc){
// physically remove anything that has been deleted for more than two months
$r = q("delete from item where ( item_restrict & %d ) and changed < UTC_TIMESTAMP() - INTERVAL 36 DAY",
intval(ITEM_PENDING_REMOVE)
$r = q("delete from item where ( item_restrict & %d )>0 and changed < %s - INTERVAL %s",
intval(ITEM_PENDING_REMOVE),
db_utcnow(), db_quoteinterval('36 DAY')
);
// make this optional as it could have a performance impact on large sites

9
include/externals.php
View File

@ -25,7 +25,8 @@ function externals_run($argv, $argc){
$url = $arr['url'];
}
else {
$r = q("select site_url, site_pull from site where site_url != '%s' and site_flags != %d order by rand() limit 1",
$randfunc = db_getfunc('RAND');
$r = q("select site_url, site_pull from site where site_url != '%s' and site_flags != %d order by $randfunc limit 1",
dbesc(z_root()),
intval(DIRECTORY_MODE_STANDALONE)
);
@ -76,7 +77,7 @@ function externals_run($argv, $argc){
$x = z_fetch_url($feedurl);
if(($x) && ($x['success'])) {
q("update site set site_pull = '%s' where site_url = '%s' limit 1",
q("update site set site_pull = '%s' where site_url = '%s'",
dbesc(datetime_convert()),
dbesc($url)
);
@ -99,12 +100,12 @@ $z = null;
$flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK;
// preserve the source
$r = q("update item set source_xchan = owner_xchan where id = %d limit 1",
$r = q("update item set source_xchan = owner_xchan where id = %d",
intval($z[0]['id'])
);
$r = q("update item set item_flags = ( item_flags | %d ), owner_xchan = '%s'
where id = %d limit 1",
where id = %d",
intval($flag_bits),
dbesc($sys['xchan_hash']),
intval($z[0]['id'])

6
include/follow.php
View File

@ -37,7 +37,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
// check service class limits
$r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ",
$r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d)>0 ",
intval($uid),
intval(ABOOK_FLAG_SELF)
);
@ -203,7 +203,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
return $result;
}
$r = q("select count(*) as total from abook where abook_account = %d and ( abook_flags & %d )",
$r = q("select count(*) as total from abook where abook_account = %d and ( abook_flags & %d )>0",
intval($aid),
intval(ABOOK_FLAG_FEED)
);
@ -226,7 +226,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
intval($uid)
);
if($r) {
$x = q("update abook set abook_their_perms = %d where abook_id = %d limit 1",
$x = q("update abook set abook_their_perms = %d where abook_id = %d",
intval($their_perms),
intval($r[0]['abook_id'])
);

11
include/group.php
View File

@ -18,10 +18,11 @@ function group_add($uid,$name,$public = 0) {
intval($r)
);
if(count($z) && $z[0]['deleted']) {
$r = q("UPDATE `groups` SET `deleted` = 0 WHERE `uid` = %d AND `name` = '%s' LIMIT 1",
/*$r = q("UPDATE `groups` SET `deleted` = 0 WHERE `uid` = %d AND `name` = '%s' LIMIT 1",
intval($uid),
dbesc($name)
);
);*/
q('UPDATE groups SET deleted = 0 WHERE id = %d', intval($z[0]['id']));
notice( t('A deleted group with this name was revived. Existing item permissions <strong>may</strong> apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL);
}
return true;
@ -107,7 +108,7 @@ function group_rmv($uid,$name) {
);
// remove group
$r = q("UPDATE `groups` SET `deleted` = 1 WHERE `uid` = %d AND `name` = '%s' LIMIT 1",
$r = q("UPDATE `groups` SET `deleted` = 1 WHERE `uid` = %d AND `name` = '%s'",
intval($uid),
dbesc($name)
);
@ -152,7 +153,7 @@ function group_rmv_member($uid,$name,$member) {
return false;
if(! ( $uid && $gid && $member))
return false;
$r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND xchan = '%s' LIMIT 1 ",
$r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND xchan = '%s' ",
intval($uid),
intval($gid),
dbesc($member)
@ -199,7 +200,7 @@ function group_get_members($gid) {
if(intval($gid)) {
$r = q("SELECT * FROM `group_member`
LEFT JOIN abook ON abook_xchan = `group_member`.`xchan` left join xchan on xchan_hash = abook_xchan
WHERE `gid` = %d AND abook_channel = %d and `group_member`.`uid` = %d and not ( xchan_flags & %d ) and not ( abook_flags & %d ) and not ( abook_flags & %d ) ORDER BY xchan_name ASC ",
WHERE `gid` = %d AND abook_channel = %d and `group_member`.`uid` = %d and not ( xchan_flags & %d )>0 and not ( abook_flags & %d )>0 and not ( abook_flags & %d )>0 ORDER BY xchan_name ASC ",
intval($gid),
intval(local_user()),
intval(local_user()),

8
include/hubloc.php
View File

@ -96,7 +96,7 @@ function remove_obsolete_hublocs() {
? intval(get_config('system','delivery_interval')) : 2 );
foreach($r as $rr) {
q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d limit 1",
q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d",
intval(HUBLOC_FLAGS_DELETED),
intval($rr['hubloc_id'])
);
@ -134,7 +134,7 @@ function hubloc_change_primary($hubloc) {
dbesc($hubloc['hubloc_hash'])
);
if(($r) && (! $r[0]['channel_primary'])) {
q("update channel set channel_primary = 1 where channel_id = %d limit 1",
q("update channel set channel_primary = 1 where channel_id = %d",
intval($r[0]['channel_id'])
);
}
@ -156,7 +156,7 @@ function hubloc_change_primary($hubloc) {
$url = $hubloc['hubloc_url'];
$lwebbie = substr($hubloc['hubloc_addr'],0,strpos($hubloc['hubloc_addr'],'@'));
$r = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_follow = '%s', xchan_connurl = '%s' where xchan_hash = '%s' limit 1",
$r = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_follow = '%s', xchan_connurl = '%s' where xchan_hash = '%s'",
dbesc($hubloc['hubloc_addr']),
dbesc($url . '/channel/' . $lwebbie),
dbesc($url . '/follow?f=&url=%s'),
@ -214,7 +214,7 @@ function xchan_store($arr) {
return $r;
$photos = import_profile_photo($arr['photo'],$arr['hash']);
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1",
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
dbesc(datetime_convert()),
dbesc($photos[0]),
dbesc($photos[1]),

20
include/identity.php
View File

@ -22,7 +22,7 @@ require_once('include/crypto.php');
function identity_check_service_class($account_id) {
$ret = array('success' => false, $message => '');
$r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d ) ",
$r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0 ",
intval($account_id),
intval(PAGE_REMOVED)
);
@ -104,7 +104,7 @@ function create_sys_channel() {
}
function get_sys_channel() {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where (channel_pageflags & %d) limit 1",
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where (channel_pageflags & %d)>0 limit 1",
intval(PAGE_SYSTEM)
);
if($r)
@ -132,7 +132,7 @@ function is_sys_channel($channel_id) {
*/
function channel_total() {
$r = q("select channel_id from channel where not ( channel_pageflags & %d )",
$r = q("select channel_id from channel where not ( channel_pageflags & %d )>0",
intval(PAGE_REMOVED)
);
@ -395,7 +395,7 @@ function create_identity($arr) {
dbesc( t('Friends') )
);
if($r) {
q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d limit 1",
q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d",
dbesc($r[0]['hash']),
dbesc('<' . $r[0]['hash'] . '>'),
intval($newuid)
@ -451,7 +451,7 @@ function set_default_login_identity($account_id,$channel_id,$force = true) {
);
if($r) {
if((intval($r[0]['account_default_channel']) == 0) || ($force)) {
$r = q("update account set account_default_channel = %d where account_id = %d limit 1",
$r = q("update account set account_default_channel = %d where account_id = %d",
intval($channel_id),
intval($account_id)
);
@ -589,7 +589,7 @@ function identity_basic_export($channel_id, $items = false) {
// warning: this may run into memory limits on smaller systems
$r = q("select * from item where (item_flags & %d) and not (item_restrict & %d) and uid = %d",
$r = q("select * from item where (item_flags & %d)>0 and not (item_restrict & %d)>0 and uid = %d",
intval(ITEM_WALL),
intval(ITEM_DELETED),
intval($channel_id)
@ -678,7 +678,7 @@ function profile_load(&$a, $nickname, $profile = '') {
if(! $p) {
$p = q("SELECT profile.uid AS profile_uid, profile.*, channel.* FROM profile
LEFT JOIN channel ON profile.uid = channel.channel_id
WHERE channel.channel_address = '%s' and not ( channel_pageflags & %d )
WHERE channel.channel_address = '%s' and not ( channel_pageflags & %d )>0
AND profile.is_default = 1 LIMIT 1",
dbesc($nickname),
intval(PAGE_REMOVED)
@ -1473,7 +1473,7 @@ function get_channel_by_nick($nick) {
function identity_selector() {
if(local_user()) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ",
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d )>0 order by channel_name ",
intval(get_account_id()),
intval(PAGE_REMOVED)
);
@ -1553,7 +1553,7 @@ function notifications_off($channel_id) {
$r = q("select channel_notifyflags from channel where channel_id = %d limit 1",
intval($channel_id)
);
$x = q("update channel set channel_notifyflags = 0 where channel_id = %d limit 1",
$x = q("update channel set channel_notifyflags = 0 where channel_id = %d",
intval($channel_id)
);
@ -1563,7 +1563,7 @@ function notifications_off($channel_id) {
function notifications_on($channel_id,$value) {
$x = q("update channel set channel_notifyflags = %d where channel_id = %d limit 1",
$x = q("update channel set channel_notifyflags = %d where channel_id = %d",
intval($value),
intval($channel_id)
);

94
include/items.php
View File

@ -30,7 +30,7 @@ function collect_recipients($item,&$private_envelope) {
// as that would allow the denied person to see the post by logging out.
if((! $item['allow_cid']) && (! $item['allow_gid'])) {
$r = q("select * from abook where abook_channel = %d and not (abook_flags & %d) ",
$r = q("select * from abook where abook_channel = %d and not (abook_flags & %d)>0 ",
intval($item['uid']),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED)
);
@ -68,7 +68,7 @@ function collect_recipients($item,&$private_envelope) {
$private_envelope = false;
if(array_key_exists('public_policy',$item) && $item['public_policy'] !== 'self') {
$r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d) ",
$r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d)>0 ",
intval($item['uid']),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED)
);
@ -258,7 +258,7 @@ function add_source_route($iid,$hash) {
);
if($r) {
$new_route = (($r[0]['route']) ? $r[0]['route'] . ',' : '') . $hash;
q("update item set route = '%s' where id = %d limit 1",
q("update item set route = '%s' where id = %d",
(dbesc($new_route)),
intval($iid)
);
@ -969,7 +969,7 @@ function import_author_rss($x) {
$photos = import_profile_photo($x['photo']['src'],$x['url']);
if($photos) {
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'rss' limit 1",
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'rss'",
dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])),
dbesc($photos[0]),
dbesc($photos[1]),
@ -1014,7 +1014,7 @@ function import_author_unknown($x) {
$photos = import_profile_photo($x['photo']['src'],$x['url']);
if($photos) {
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'unknown' limit 1",
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'unknown'",
dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])),
dbesc($photos[0]),
dbesc($photos[1]),
@ -2213,7 +2213,7 @@ function item_store($arr,$allow_exec = false) {
$r = q("UPDATE item SET parent = %d, allow_cid = '%s', allow_gid = '%s',
deny_cid = '%s', deny_gid = '%s', public_policy = '%s', item_private = %d, comments_closed = '%s'
WHERE id = %d LIMIT 1",
WHERE id = %d",
intval($parent_id),
dbesc($allow_cid),
dbesc($allow_gid),
@ -2258,13 +2258,13 @@ function item_store($arr,$allow_exec = false) {
// update the commented timestamp on the parent
$z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and not ( item_restrict & %d ) ",
$z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and not ( item_restrict & %d )>0 ",
dbesc($arr['parent_mid']),
intval($arr['uid']),
intval(ITEM_DELAYED_PUBLISH)
);
q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d LIMIT 1",
q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d",
dbesc(($z) ? $z[0]['commented'] : (datetime_convert())),
dbesc(datetime_convert()),
intval($parent_id)
@ -2476,7 +2476,7 @@ function item_store_update($arr,$allow_exec = false) {
$str .= " `" . $k . "` = '" . $v . "' ";
}
$r = dbq("update `item` set " . $str . " where id = " . $orig_post_id . " limit 1");
$r = dbq("update `item` set " . $str . " where id = " . $orig_post_id );
if($r)
logger('item_store_update: updated item ' . $orig_post_id, LOGGER_DEBUG);
@ -2553,7 +2553,7 @@ function store_diaspora_comment_sig($datarray, $channel, $parent_item, $post_id,
$key = get_config('system','pubkey');
$y = crypto_encapsulate(json_encode($x),$key);
$r = q("update item set diaspora_meta = '%s' where id = %d limit 1",
$r = q("update item set diaspora_meta = '%s' where id = %d",
dbesc(json_encode($y)),
intval($post_id)
);
@ -2749,7 +2749,7 @@ function tag_deliver($uid,$item_id) {
$taglink = get_rel_link($j_obj['link'],'alternate');
store_item_tag($u[0]['channel_id'],$p[0]['id'],TERM_OBJ_POST,TERM_HASHTAG,$j_obj['title'],$j_obj['id']);
$x = q("update item set edited = '%s', received = '%s', changed = '%s' where mid = '%s' and uid = %d limit 1",
$x = q("update item set edited = '%s', received = '%s', changed = '%s' where mid = '%s' and uid = %d",
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
@ -2815,7 +2815,7 @@ function tag_deliver($uid,$item_id) {
if($mention) {
logger('tag_deliver: mention found for ' . $u[0]['channel_name']);
$r = q("update item set item_flags = ( item_flags | %d ) where id = %d limit 1",
$r = q("update item set item_flags = ( item_flags | %d ) where id = %d",
intval(ITEM_MENTIONSME),
intval($item_id)
);
@ -2930,7 +2930,7 @@ function tgroup_check($uid,$item) {
// or is a followup and we have already accepted the top level post as an uplink
if($item['mid'] != $item['parent_mid']) {
$r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d ) limit 1",
$r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d )>0 limit 1",
dbesc($item['parent_mid']),
intval($uid),
intval(ITEM_UPLINK)
@ -3028,14 +3028,14 @@ function start_delivery_chain($channel,$item,$item_id,$parent) {
// when we created the delivery fork
if($parent) {
$r = q("update item set source_xchan = '%s' where id = %d limit 1",
$r = q("update item set source_xchan = '%s' where id = %d",
dbesc($parent['source_xchan']),
intval($item_id)
);
}
else {
$flag_bits = $flag_bits | ITEM_UPLINK;
$r = q("update item set source_xchan = owner_xchan where id = %d limit 1",
$r = q("update item set source_xchan = owner_xchan where id = %d",
intval($item_id)
);
}
@ -3065,7 +3065,7 @@ function start_delivery_chain($channel,$item,$item_id,$parent) {
}
$r = q("update item set item_flags = %d, owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s',
deny_cid = '%s', deny_gid = '%s', item_private = %d, public_policy = '%s', comment_policy = '%s', title = '%s', body = '%s' where id = %d limit 1",
deny_cid = '%s', deny_gid = '%s', item_private = %d, public_policy = '%s', comment_policy = '%s', title = '%s', body = '%s' where id = %d",
intval($flag_bits),
dbesc($channel['channel_hash']),
dbesc($channel['channel_allow_cid']),
@ -3105,7 +3105,7 @@ function start_delivery_chain($channel,$item,$item_id,$parent) {
function check_item_source($uid,$item) {
$r = q("select * from source where src_channel_id = %d and ( src_xchan = '%s' || src_xchan = '*' ) limit 1",
$r = q("select * from source where src_channel_id = %d and ( src_xchan = '%s' or src_xchan = '*' ) limit 1",
intval($uid),
dbesc(($item['source_xchan']) ? $item['source_xchan'] : $item['owner_xchan'])
);
@ -3845,17 +3845,17 @@ function item_expire($uid,$days) {
$expire_network_only = 1;
$sql_extra = ((intval($expire_network_only)) ? " AND not (item_flags & " . intval(ITEM_WALL) . ") " : "");
$sql_extra = ((intval($expire_network_only)) ? " AND not (item_flags & " . intval(ITEM_WALL) . ")>0 " : "");
$r = q("SELECT * FROM `item`
WHERE `uid` = %d
AND `created` < UTC_TIMESTAMP() - INTERVAL %d DAY
AND `created` < %s - INTERVAL %s
AND `id` = `parent`
$sql_extra
AND NOT ( item_flags & %d )
AND NOT ( item_flags & %d )>0
AND (item_restrict = 0 ) ",
intval($uid),
intval($days),
db_utcnow(), db_quoteinterval(intval($days).' DAY'),
intval(ITEM_RETAINED)
);
@ -3893,7 +3893,7 @@ function item_expire($uid,$days) {
}
function retain_item($id) {
$r = q("update item set item_flags = (item_flags | %d ) where id = %d limit 1",
$r = q("update item set item_flags = (item_flags | %d ) where id = %d",
intval(ITEM_RETAINED),
intval($id)
);
@ -3969,7 +3969,7 @@ function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL) {
// set the deleted flag immediately on this item just in case the
// hook calls a remote process which loops. We'll delete it properly in a second.
$r = q("UPDATE item SET item_restrict = ( item_restrict | %d ) WHERE id = %d LIMIT 1",
$r = q("UPDATE item SET item_restrict = ( item_restrict | %d ) WHERE id = %d",
intval(ITEM_DELETED),
intval($item['id'])
);
@ -4026,7 +4026,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
switch($stage) {
case DROPITEM_PHASE2:
$r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), body = '', title = '',
changed = '%s', edited = '%s' WHERE id = %d LIMIT 1",
changed = '%s', edited = '%s' WHERE id = %d",
intval(ITEM_PENDING_REMOVE),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
@ -4036,7 +4036,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
case DROPITEM_PHASE1:
$r = q("UPDATE item SET item_restrict = ( item_restrict | %d ),
changed = '%s', edited = '%s' WHERE id = %d LIMIT 1",
changed = '%s', edited = '%s' WHERE id = %d",
intval(ITEM_DELETED),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
@ -4047,7 +4047,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
case DROPITEM_NORMAL:
default:
$r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), body = '', title = '',
changed = '%s', edited = '%s' WHERE id = %d LIMIT 1",
changed = '%s', edited = '%s' WHERE id = %d",
intval(ITEM_DELETED),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
@ -4059,7 +4059,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
// immediately remove any undesired profile likes.
q("delete from likes where iid = %d and channel_id = %d limit 1",
q("delete from likes where iid = %d and channel_id = %d",
intval($item['id']),
intval($item['uid'])
);
@ -4070,7 +4070,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
if(strlen($item['resource_id'])) {
if($item['resource_type'] === 'event') {
q("delete from event where event_hash = '%s' and uid = %d limit 1",
q("delete from event where event_hash = '%s' and uid = %d",
dbesc($item['resource_id']),
intval($item['uid'])
);
@ -4090,12 +4090,12 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
if($stage == DROPITEM_PHASE1)
return true;
$r = q("delete from term where otype = %d and oid = %d limit 1",
$r = q("delete from term where otype = %d and oid = %d",
intval(TERM_OBJ_POST),
intval($item['id'])
);
q("delete from item_id where iid = %d and uid = %d limit 1",
q("delete from item_id where iid = %d and uid = %d",
intval($item['id']),
intval($item['uid'])
);
@ -4114,7 +4114,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) {
function first_post_date($uid,$wall = false) {
$wall_sql = (($wall) ? sprintf(" and item_flags & %d ", ITEM_WALL) : "" );
$wall_sql = (($wall) ? sprintf(" and (item_flags & %d)>0 ", ITEM_WALL) : "" );
$r = q("select id, created from item
where item_restrict = %d and uid = %d and id = parent $wall_sql
@ -4308,19 +4308,19 @@ function zot_feed($uid,$observer_xchan,$arr) {
if(is_sys_channel($uid)) {
require_once('include/security.php');
$r = q("SELECT distinct parent from item
$r = q("SELECT distinct parent, created from item
WHERE uid != %d
and uid in (" . stream_perms_api_uids(PERMS_PUBLIC) . ") AND item_restrict = 0
AND (item_flags & %d)
AND (item_flags & %d)>0
and item_private = 0 $sql_extra ORDER BY created ASC $limit",
intval($uid),
intval(ITEM_WALL)
);
}
else {
$r = q("SELECT distinct parent from item
$r = q("SELECT distinct parent, created from item
WHERE uid = %d AND item_restrict = 0
AND (item_flags & %d)
AND (item_flags & %d)>0
$sql_extra ORDER BY created ASC $limit",
intval($uid),
intval(ITEM_WALL)
@ -4383,12 +4383,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
}
if($arr['star'])
$sql_options .= " and (item_flags & " . intval(ITEM_STARRED) . ") ";
$sql_options .= " and (item_flags & " . intval(ITEM_STARRED) . ")>0 ";
if($arr['wall'])
$sql_options .= " and (item_flags & " . intval(ITEM_WALL) . ") ";
$sql_options .= " and (item_flags & " . intval(ITEM_WALL) . ")>0 ";
$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) ";
$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ")>0 $sql_options ) ";
if($arr['since_id'])
$sql_extra .= " and item.id > " . $since_id . " ";
@ -4426,7 +4426,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
}
elseif($arr['cid'] && $uid) {
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ") limit 1",
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ")>0 limit 1",
intval($arr['cid']),
intval(local_user())
);
@ -4466,7 +4466,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
}
if($arr['conv'] && $channel) {
$sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or ( item_flags & %d ))) ",
$sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or ( item_flags & %d )>0)) ",
dbesc(protect_sprintf($uidhash)),
intval(ITEM_MENTIONSME)
);
@ -4482,11 +4482,11 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
else {
$itemspage = (($channel) ? get_pconfig($uid,'system','itemspage') : 20);
$a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
$pager_sql = sprintf(" LIMIT %d, %d ",intval(get_app()->pager['start']), intval(get_app()->pager['itemspage']));
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(get_app()->pager['itemspage']), intval(get_app()->pager['start']));
}
if(isset($arr['start']) && isset($arr['records']))
$pager_sql = sprintf(" LIMIT %d, %d ",intval($arr['start']), intval($arr['records']));
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($arr['records']), intval($arr['start']));
if(array_key_exists('cmin',$arr) || array_key_exists('cmax',$arr)) {
if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) {
@ -4508,7 +4508,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
}
}
$simple_update = (($client_mode & CLIENT_MODE_UPDATE) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : '');
$simple_update = (($client_mode & CLIENT_MODE_UPDATE) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " )>0 " : '');
if($client_mode & CLIENT_MODE_LOAD)
$simple_update = '';
@ -4552,7 +4552,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
// Fetch a page full of parent items for this page
$r = q("SELECT distinct item.id AS item_id FROM item
$r = q("SELECT distinct item.id AS item_id, item.$ordering FROM item
left join abook on item.author_xchan = abook.abook_xchan
WHERE $item_uids $item_restrict
AND item.parent = item.id
@ -4650,7 +4650,7 @@ function update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remo
dbesc($page_type)
);
if($r) {
q("update item_id set sid = '%s' where id = %d limit 1",
q("update item_id set sid = '%s' where id = %d",
dbesc(($pagetitle) ? $pagetitle : substr($mid,0,16)),
intval($r[0]['id'])
);
@ -4681,7 +4681,7 @@ function item_add_cid($xchan_hash,$mid,$uid) {
dbesc('<' . $xchan_hash . '>')
);
if(! $r) {
$r = q("update item set allow_cid = concat(allow_cid,'%s') where mid = '%s' and uid = %d limit 1",
$r = q("update item set allow_cid = concat(allow_cid,'%s') where mid = '%s' and uid = %d",
dbesc('<' . $xchan_hash . '>'),
dbesc($mid),
intval($uid)
@ -4696,7 +4696,7 @@ function item_remove_cid($xchan_hash,$mid,$uid) {
dbesc('<' . $xchan_hash . '>')
);
if($r) {
$x = q("update item set allow_cid = '%s' where mid = '%s' and uid = %d limit 1",
$x = q("update item set allow_cid = '%s' where mid = '%s' and uid = %d",
dbesc(str_replace('<' . $xchan_hash . '>','',$r[0]['allow_cid'])),
dbesc($mid),
intval($uid)

6
include/menu.php
View File

@ -176,7 +176,7 @@ function menu_edit($arr) {
}
return q("update menu set menu_name = '%s', menu_desc = '%s', menu_flags = %d
where menu_id = %d and menu_channel_id = %d limit 1",
where menu_id = %d and menu_channel_id = %d",
dbesc($menu_name),
dbesc($menu_desc),
intval($menu_flags),
@ -303,7 +303,7 @@ function menu_edit_item($menu_id, $uid, $arr) {
}
$r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d limit 1",
$r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d",
dbesc($mitem_link),
dbesc($mitem_desc),
intval($mitem_flags),
@ -323,7 +323,7 @@ function menu_edit_item($menu_id, $uid, $arr) {
function menu_del_item($menu_id,$uid,$item_id) {
$r = q("delete from menu_item where mitem_menu_id = %d and mitem_channel_id = %d and mitem_id = %d limit 1",
$r = q("delete from menu_item where mitem_menu_id = %d and mitem_channel_id = %d and mitem_id = %d",
intval($menu_id),
intval($uid),
intval($item_id)

8
include/message.php
View File

@ -243,7 +243,7 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
$limit = '';
if($numitems)
$limit = " LIMIT " . intval($start) . ", " . intval($numitems);
$limit = " LIMIT " . intval($numitems) . " OFFSET " . intval($start);
if($mailbox !== '') {
$x = q("select channel_hash from channel where channel_id = %d limit 1",
@ -332,7 +332,7 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
}
if($updateseen) {
$r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and id = %d AND channel_id = %d",
$r = q("UPDATE `mail` SET mail_flags = (mail_flags | %d) where not (mail_flags & %d)>0 and id = %d AND channel_id = %d",
intval(MAIL_SEEN),
intval(MAIL_SEEN),
dbesc($messageitem_id),
@ -363,7 +363,7 @@ function private_messages_drop($channel_id, $messageitem_id, $drop_conversation
}
}
else {
$r = q("DELETE FROM mail WHERE id = %d AND channel_id = %d LIMIT 1",
$r = q("DELETE FROM mail WHERE id = %d AND channel_id = %d",
intval($messageitem_id),
intval($channel_id)
);
@ -421,7 +421,7 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
if($updateseen) {
$r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and parent_mid = '%s' AND channel_id = %d",
$r = q("UPDATE `mail` SET mail_flags = (mail_flags | %d) where not (mail_flags & %d)>0 and parent_mid = '%s' AND channel_id = %d",
intval(MAIL_SEEN),
intval(MAIL_SEEN),
dbesc($r[0]['parent_mid']),

2
include/nav.php
View File

@ -38,7 +38,7 @@ EOT;
intval($channel['channel_id'])
);
$chans = q("select channel_name, channel_id from channel where channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ",
$chans = q("select channel_name, channel_id from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0 order by channel_name ",
intval(get_account_id()),
intval(PAGE_REMOVED)
);

10
include/network.php
View File

@ -991,7 +991,7 @@ function discover_by_url($url,$arr = null) {
);
$photos = import_profile_photo($photo,$guid);
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1",
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
dbesc(datetime_convert()),
dbesc($photos[0]),
dbesc($photos[1]),
@ -1104,7 +1104,7 @@ function discover_by_webbie($webbie) {
dbesc($vcard['fn']),
dbesc($network),
dbesc(z_root()),
dbesc(datetime_convert())
dbescdate(datetime_convert())
);
$r = q("select * from hubloc where hubloc_hash = '%s' limit 1",
@ -1119,13 +1119,13 @@ function discover_by_webbie($webbie) {
dbesc(trim($diaspora_base,'/')),
dbesc($hostname),
dbesc($notify),
dbesc(datetime_convert()),
dbescdate(datetime_convert()),
intval(HUBLOC_FLAGS_PRIMARY)
);
}
$photos = import_profile_photo($vcard['photo'],$addr);
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1",
dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])),
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])),
dbesc($photos[0]),
dbesc($photos[1]),
dbesc($photos[2]),

21
include/notifier.php
View File

@ -99,7 +99,7 @@ function notifier_run($argv, $argc){
// Get the recipient
$r = q("select abook.*, hubloc.* from abook
left join hubloc on hubloc_hash = abook_xchan
where abook_id = %d and not ( abook_flags & %d ) limit 1",
where abook_id = %d and not ( abook_flags & %d )>0 limit 1",
intval($item_id),
intval(ABOOK_FLAG_SELF)
);
@ -205,11 +205,12 @@ function notifier_run($argv, $argc){
$normal_mode = false;
$expire = true;
$items = q("SELECT * FROM item WHERE uid = %d AND ( item_flags & %d )
AND ( item_restrict & %d ) AND `changed` > UTC_TIMESTAMP() - INTERVAL 10 MINUTE",
$items = q("SELECT * FROM item WHERE uid = %d AND ( item_flags & %d )>0
AND ( item_restrict & %d )>0 AND `changed` > %s - INTERVAL %s",
intval($item_id),
intval(ITEM_WALL),
intval(ITEM_DELETED)
intval(ITEM_DELETED),
db_utcnow(), db_quoteinterval('10 MINUTE')
);
$uid = $item_id;
$item_id = 0;
@ -495,13 +496,19 @@ function notifier_run($argv, $argc){
where hubloc_hash in (" . implode(',',$recipients) . ") group by hubloc_sitekey order by hubloc_connected desc limit 1");
}
else {
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$r = q("select distinct on (hubloc_sitekey) hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host from hubloc
where hubloc_hash in (" . implode(',',$recipients) . ") and not (hubloc_flags & %d)>0 and not (hubloc_status & %d)>0",
intval(HUBLOC_FLAGS_DELETED),
intval(HUBLOC_OFFLINE)
);
} else {
$r = q("select hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host from hubloc
where hubloc_hash in (" . implode(',',$recipients) . ") and not (hubloc_flags & %d) and not (hubloc_status & %d) group by hubloc_sitekey",
where hubloc_hash in (" . implode(',',$recipients) . ") and not (hubloc_flags & %d)>0 and not (hubloc_status & %d)>0 group by hubloc_sitekey",
intval(HUBLOC_FLAGS_DELETED),
intval(HUBLOC_OFFLINE)
);
}
}
if(! $r) {

4
include/onedirsync.php
View File

@ -35,13 +35,13 @@ function onedirsync_run($argv, $argc){
// (where we received this update from) ?
// If we have, we don't need to do anything except mark any older entries updated
$x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d ) order by ud_date desc limit 1",
$x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d )>0 order by ud_date desc limit 1",
dbesc($r[0]['ud_addr']),
dbesc($r[0]['ud_date']),
intval(UPDATE_FLAGS_UPDATED)
);
if($x) {
$y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not ( ud_flags & %d ) and ud_date < '%s' ",
$y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not ( ud_flags & %d )>0 and ud_date < '%s' ",
intval(UPDATE_FLAGS_UPDATED),
dbesc($r[0]['ud_addr']),
intval(UPDATE_FLAGS_UPDATED),

15
include/onepoll.php
View File

@ -28,8 +28,8 @@ function onepoll_run($argv, $argc){
$contacts = q("SELECT abook.*, xchan.*, account.*
FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan
where abook_id = %d
AND (( abook_flags & %d ) OR ( abook_flags = %d ))
AND NOT ( abook_flags & %d )
AND (( abook_flags & %d )>0 OR ( abook_flags = %d ))
AND NOT ( abook_flags & %d )>0
AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1",
intval($contact_id),
intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_UNCONNECTED|ABOOK_FLAG_FEED),
@ -69,7 +69,7 @@ function onepoll_run($argv, $argc){
if($contact['xchan_network'] === 'rss') {
logger('onepoll: processing feed ' . $contact['xchan_name'], LOGGER_DEBUG);
handle_feed($importer['channel_id'],$contact_id,$contact['xchan_hash']);
q("update abook set abook_connected = '%s' where abook_id = %d limit 1",
q("update abook set abook_connected = '%s' where abook_id = %d",
dbesc(datetime_convert()),
intval($contact['abook_id'])
);
@ -88,13 +88,13 @@ function onepoll_run($argv, $argc){
$connected = datetime_convert();
if(! $x) {
// mark for death by not updating abook_connected, this is caught in include/poller.php
q("update abook set abook_updated = '%s' where abook_id = %d limit 1",
q("update abook set abook_updated = '%s' where abook_id = %d",
dbesc($updated),
intval($contact['abook_id'])
);
}
else {
q("update abook set abook_updated = '%s', abook_connected = '%s' where abook_id = %d limit 1",
q("update abook set abook_updated = '%s', abook_connected = '%s' where abook_id = %d",
dbesc($updated),
dbesc($connected),
intval($contact['abook_id'])
@ -145,8 +145,9 @@ function onepoll_run($argv, $argc){
if($contact['xchan_connurl']) {
$r = q("SELECT xlink_id from xlink
where xlink_xchan = '%s' and xlink_updated > UTC_TIMESTAMP() - INTERVAL 1 DAY limit 1",
intval($contact['xchan_hash'])
where xlink_xchan = '%s' and xlink_updated > %s - INTERVAL %s limit 1",
intval($contact['xchan_hash']),
db_utcnow(), db_quoteinterval('1 DAY')
);
if(! $r) {
poco_load($contact['xchan_hash'],$contact['xchan_connurl']);

4
include/permissions.php
View File

@ -97,7 +97,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
if(! $abook_checked) {
$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d )>0 limit 1",
intval($uid),
dbesc($observer_xchan),
intval(ABOOK_FLAG_SELF)
@ -269,7 +269,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
return true;
$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d )>0 limit 1",
intval($uid),
dbesc($observer_xchan),
intval(ABOOK_FLAG_SELF)

14
include/photo/photo_driver.php
View File

@ -341,7 +341,7 @@ abstract class photo_driver {
`allow_gid` = '%s',
`deny_cid` = '%s',
`deny_gid` = '%s'
where id = %d limit 1",
where id = %d",
intval($p['aid']),
intval($p['uid']),
@ -354,7 +354,7 @@ abstract class photo_driver {
dbesc($p['album']),
intval($this->getHeight()),
intval($this->getWidth()),
dbesc($this->imageString()),
dbescbin($this->imageString()),
intval(strlen($this->imageString())),
intval($p['scale']),
intval($p['profile']),
@ -383,7 +383,7 @@ abstract class photo_driver {
dbesc($p['album']),
intval($this->getHeight()),
intval($this->getWidth()),
dbesc($this->imageString()),
dbescbin($this->imageString()),
intval(strlen($this->imageString())),
intval($p['scale']),
intval($p['profile']),
@ -428,7 +428,7 @@ abstract class photo_driver {
`allow_gid` = '%s',
`deny_cid` = '%s',
`deny_gid` = '%s'
where id = %d limit 1",
where id = %d",
intval($aid),
intval($uid),
@ -441,7 +441,7 @@ abstract class photo_driver {
dbesc($album),
intval($this->getHeight()),
intval($this->getWidth()),
dbesc($this->imageString()),
dbescbin($this->imageString()),
intval(strlen($this->imageString())),
intval($scale),
intval($profile),
@ -467,7 +467,7 @@ abstract class photo_driver {
dbesc($album),
intval($this->getHeight()),
intval($this->getWidth()),
dbesc($this->imageString()),
dbescbin($this->imageString()),
intval(strlen($this->imageString())),
intval($scale),
intval($profile),
@ -562,7 +562,7 @@ function import_profile_photo($photo,$xchan,$thing = false) {
if($thing)
$hash = photo_new_resource();
else {
$r = q("select resource_id from photo where xchan = '%s' and (photo_flags & %d ) and scale = 4 limit 1",
$r = q("select resource_id from photo where xchan = '%s' and (photo_flags & %d )>0 and scale = 4 limit 1",
dbesc($xchan),
intval(PHOTO_XCHAN)
);

7
include/photos.php
View File

@ -44,9 +44,10 @@ function photo_upload($channel, $observer, $args) {
*
*/
$r = q("SELECT * FROM photo WHERE album = '%s' AND uid = %d AND created > UTC_TIMESTAMP() - INTERVAL 3 HOUR ",
$r = q("SELECT * FROM photo WHERE album = '%s' AND uid = %d AND created > %s - INTERVAL %s ",
dbesc($album),
intval($channel_id)
intval($channel_id),
db_utcnow(), db_quoteinterval('3 HOUR')
);
if((! $r) || ($album == t('Profile Photos')))
$visible = 1;
@ -291,7 +292,7 @@ function photos_albums_list($channel,$observer) {
$sql_extra = permissions_sql($channel_id);
$albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and ( photo_flags = %d or photo_flags = %d ) $sql_extra group by album order by created desc",
$albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and ( photo_flags = %d or photo_flags = %d ) $sql_extra group by album order by max(created) desc",
intval($channel_id),
intval(PHOTO_NORMAL),
intval(PHOTO_PROFILE)

6
include/plugin.php
View File

@ -102,7 +102,7 @@ function load_plugin($plugin) {
// This way the system won't fall over dead during the update.
if(file_exists('addon/' . $plugin . '/.hidden')) {
q("update addon set hidden = 1 where name = '%s' limit 1",
q("update addon set hidden = 1 where name = '%s'",
dbesc($plugin)
);
}
@ -158,7 +158,7 @@ function reload_plugins() {
$func = $pl . '_load';
$func();
}
q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d LIMIT 1",
q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d",
intval($t),
intval($i['id'])
);
@ -208,7 +208,7 @@ function register_hook($hook, $file, $function, $priority = 0) {
* @return mixed
*/
function unregister_hook($hook, $file, $function) {
$r = q("DELETE FROM hook WHERE hook = '%s' AND `file` = '%s' AND `function` = '%s' LIMIT 1",
$r = q("DELETE FROM hook WHERE hook = '%s' AND `file` = '%s' AND `function` = '%s'",
dbesc($hook),
dbesc($file),
dbesc($function)

49
include/poller.php
View File

@ -44,15 +44,17 @@ function poller_run($argv, $argc){
// expire any expired mail
q("delete from mail where expires != '%s' and expires < UTC_TIMESTAMP() ",
dbesc(NULL_DATE)
q("delete from mail where expires != '%s' and expires < %s ",
dbesc(NULL_DATE),
db_utcnow()
);
// expire any expired items
$r = q("select id from item where expires != '%s' and expires < UTC_TIMESTAMP()
and not ( item_restrict & %d ) ",
$r = q("select id from item where expires != '%s' and expires < %s
and not ( item_restrict & %d )>0 ",
dbesc(NULL_DATE),
db_utcnow(),
intval(ITEM_DELETED)
);
if($r) {
@ -66,7 +68,9 @@ function poller_run($argv, $argc){
// channels and sites that quietly vanished and prevent the directory from accumulating stale
// or dead entries.
$r = q("select channel_id from channel where channel_dirdate < UTC_TIMESTAMP() - INTERVAL 30 DAY");
$r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('30 DAY')
);
if($r) {
foreach($r as $rr) {
proc_run('php','include/directory.php',$rr['channel_id'],'force');
@ -78,12 +82,13 @@ function poller_run($argv, $argc){
// publish any applicable items that were set to be published in the future
// (time travel posts)
$r = q("select id from item where ( item_restrict & %d ) and created <= UTC_TIMESTAMP() ",
intval(ITEM_DELAYED_PUBLISH)
$r = q("select id from item where ( item_restrict & %d )>0 and created <= %s ",
intval(ITEM_DELAYED_PUBLISH),
db_utcnow()
);
if($r) {
foreach($r as $rr) {
$x = q("update item set item_restrict = ( item_restrict ^ %d ) where id = %d limit 1",
$x = q("update item set item_restrict = ( item_restrict & ~%d ) where id = %d",
intval(ITEM_DELAYED_PUBLISH),
intval($rr['id'])
);
@ -167,7 +172,9 @@ function poller_run($argv, $argc){
// expire any read notifications over a month old
q("delete from notify where seen = 1 and date < UTC_TIMESTAMP() - INTERVAL 30 DAY");
q("delete from notify where seen = 1 and date < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('30 DAY')
);
// expire any expired accounts
downgrade_accounts();
@ -199,13 +206,15 @@ function poller_run($argv, $argc){
// This should be rare
$r = q("select xchan_photo_l, xchan_hash from xchan where xchan_photo_l != '' and xchan_photo_m = ''
and xchan_photo_date < UTC_TIMESTAMP() - INTERVAL 1 DAY");
and xchan_photo_date < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('1 DAY')
);
if($r) {
require_once('include/photo/photo_driver.php');
foreach($r as $rr) {
$photos = import_profile_photo($rr['xchan_photo_l'],$rr['xchan_hash']);
$x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
where xchan_hash = '%s' limit 1",
where xchan_hash = '%s'",
dbesc($photos[0]),
dbesc($photos[1]),
dbesc($photos[2]),
@ -258,16 +267,17 @@ function poller_run($argv, $argc){
// Only poll from those with suitable relationships
$abandon_sql = (($abandon_days)
? sprintf(" AND account_lastlog > UTC_TIMESTAMP() - INTERVAL %d DAY ", intval($abandon_days))
? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days).' DAY'))
: ''
);
$randfunc = (ACTIVE_DBTYPE == DBTYPE_POSTGRES) ? 'RANDOM()' : 'RAND()';
$contacts = q("SELECT abook_id, abook_flags, abook_updated, abook_connected, abook_closeness, abook_xchan, abook_channel
FROM abook LEFT JOIN account on abook_account = account_id where 1
FROM abook LEFT JOIN account on abook_account = account_id
$sql_extra
AND (( abook_flags & %d ) OR ( abook_flags = %d ))
AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY RAND()",
AND (( abook_flags & %d )>0 OR ( abook_flags = %d ))
AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY $randfunc",
intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_UNCONNECTED|ABOOK_FLAG_FEED),
intval(0),
intval(ACCOUNT_OK),
@ -309,7 +319,7 @@ function poller_run($argv, $argc){
// if we've never connected with them, start the mark for death countdown from now
if($c == NULL_DATE) {
$r = q("update abook set abook_connected = '%s' where abook_id = %d limit 1",
$r = q("update abook set abook_connected = '%s' where abook_id = %d",
dbesc(datetime_convert()),
intval($contact['abook_id'])
);
@ -324,7 +334,7 @@ function poller_run($argv, $argc){
dbesc($contact['abook_xchan'])
);
if($n && $n[0]['xchan_network'] == 'zot') {
$r = q("update abook set abook_flags = (abook_flags | %d) where abook_id = %d limit 1",
$r = q("update abook set abook_flags = (abook_flags | %d) where abook_id = %d",
intval(ABOOK_FLAG_ARCHIVED),
intval($contact['abook_id'])
);
@ -365,9 +375,10 @@ function poller_run($argv, $argc){
}
if($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
$r = q("select distinct ud_addr, updates.* from updates where not ( ud_flags & %d ) and ud_addr != '' and ( ud_last = '%s' OR ud_last > UTC_TIMESTAMP() - INTERVAL 7 DAY ) group by ud_addr ",
$r = q("select distinct ud_addr, updates.* from updates where not ( ud_flags & %d )>0 and ud_addr != '' and ( ud_last = '%s' OR ud_last > %s - INTERVAL %s ) group by ud_addr ",
intval(UPDATE_FLAGS_UPDATED),
dbesc(NULL_DATE)
dbesc(NULL_DATE),
db_utcnow(), db_quoteinterval('7 DAY')
);
if($r) {
foreach($r as $rr) {

24
include/queue.php
View File

@ -22,7 +22,9 @@ function queue_run($argv, $argc){
logger('queue: start');
$r = q("DELETE FROM outq WHERE outq_created < UTC_TIMESTAMP() - INTERVAL 3 DAY");
$r = q("DELETE FROM outq WHERE outq_created < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('3 DAY')
);
if($queue_id) {
$r = q("SELECT * FROM outq WHERE outq_hash = '%s' LIMIT 1",
@ -37,8 +39,18 @@ function queue_run($argv, $argc){
// so that we don't start off a thousand deliveries for a couple of dead hubs.
// The zot driver will deliver everything destined for a single hub once contact is made (*if* contact is made).
// Other drivers will have to do something different here and may need their own query.
$r = q("SELECT * FROM outq WHERE outq_delivered = 0 and (( outq_created > UTC_TIMESTAMP() - INTERVAL 12 HOUR and outq_updated < UTC_TIMESTAMP() - INTERVAL 15 MINUTE ) OR ( outq_updated < UTC_TIMESTAMP() - INTERVAL 1 HOUR )) group by outq_posturl");
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$prefix = 'DISTINCT ON (outq_posturl)';
$suffix = 'ORDER BY outq_posturl';
} else {
$prefix = '';
$suffix = 'GROUP BY outq_posturl';
}
$r = q("SELECT $prefix * FROM outq WHERE outq_delivered = 0 and (( outq_created > %s - INTERVAL %s and outq_updated < %s - INTERVAL %s ) OR ( outq_updated < %s - INTERVAL %s )) $suffix",
db_utcnow(), db_quoteinterval('12 HOUR'),
db_utcnow(), db_quoteinterval('15 MINUTE'),
db_utcnow(), db_quoteinterval('1 HOUR')
);
}
if(! $r)
return;
@ -51,13 +63,13 @@ function queue_run($argv, $argc){
$result = z_post_url($rr['outq_posturl'],$rr['outq_msg']);
if($result['success'] && $result['return_code'] < 300) {
logger('queue: queue post success to ' . $rr['outq_posturl'], LOGGER_DEBUG);
$y = q("delete from outq where outq_hash = '%s' limit 1",
$y = q("delete from outq where outq_hash = '%s'",
dbesc($rr['ouq_hash'])
);
}
else {
logger('queue: queue post returned ' . $result['return_code'] . ' from ' . $rr['outq_posturl'],LOGGER_DEBUG);
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1",
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s'",
dbesc(datetime_convert()),
dbesc($rr['outq_hash'])
);
@ -70,7 +82,7 @@ function queue_run($argv, $argc){
}
else {
$deadguys[] = $rr['outq_posturl'];
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1",
$y = q("update outq set outq_updated = '%s' where outq_hash = '%s'",
dbesc(datetime_convert()),
dbesc($rr['outq_hash'])
);

4
include/queue_fn.php
View File

@ -2,7 +2,7 @@
function update_queue_time($id) {
logger('queue: requeue item ' . $id);
q("UPDATE outq SET outq_updated = '%s' WHERE outq_hash = '%s' LIMIT 1",
q("UPDATE outq SET outq_updated = '%s' WHERE outq_hash = '%s'",
dbesc(datetime_convert()),
dbesc($id)
);
@ -10,7 +10,7 @@ function update_queue_time($id) {
function remove_queue_item($id) {
logger('queue: remove queue item ' . $id);
q("DELETE FROM outq WHERE hash = '%s' LIMIT 1",
q("DELETE FROM outq WHERE hash = '%s'",
dbesc($id)
);
}

22
include/reddav.php
View File

@ -42,7 +42,7 @@ require_once('include/RedDAV/RedBasicAuth.php');
function RedChannelList(&$auth) {
$ret = array();
$r = q("SELECT channel_id, channel_address FROM channel WHERE NOT (channel_pageflags & %d) AND NOT (channel_pageflags & %d)",
$r = q("SELECT channel_id, channel_address FROM channel WHERE NOT (channel_pageflags & %d)>0 AND NOT (channel_pageflags & %d)>0",
intval(PAGE_REMOVED),
intval(PAGE_HIDDEN)
);
@ -115,7 +115,7 @@ function RedCollectionData($file, &$auth) {
$permission_error = false;
for ($x = 1; $x < count($path_arr); $x++) {
$r = q("SELECT id, hash, filename, flags FROM attach WHERE folder = '%s' AND filename = '%s' AND uid = %d AND (flags & %d) $perms LIMIT 1",
$r = q("SELECT id, hash, filename, flags FROM attach WHERE folder = '%s' AND filename = '%s' AND uid = %d AND (flags & %d)>0 $perms LIMIT 1",
dbesc($folder),
dbesc($path_arr[$x]),
intval($channel_id),
@ -124,7 +124,7 @@ function RedCollectionData($file, &$auth) {
if (! $r) {
// path wasn't found. Try without permissions to see if it was the result of permissions.
$errors = true;
$r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) limit 1",
$r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0 limit 1",
dbesc($folder),
basename($path_arr[$x]),
intval($channel_id),
@ -155,8 +155,14 @@ function RedCollectionData($file, &$auth) {
logger("Path mismatch: $path !== /$file");
return NULL;
}
$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and uid = %d $perms group by filename",
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$prefix = 'DISTINCT ON (filename)';
$suffix = 'ORDER BY filename';
} else {
$prefix = '';
$suffix = 'GROUP BY filename';
}
$r = q("select $prefix id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and uid = %d $perms $suffix",
dbesc($folder),
intval($channel_id)
);
@ -231,7 +237,7 @@ function RedFileData($file, &$auth, $test = false) {
$errors = false;
for ($x = 1; $x < count($path_arr); $x++) {
$r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) $perms",
$r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0 $perms",
dbesc($folder),
dbesc($path_arr[$x]),
intval($channel_id),
@ -244,7 +250,7 @@ function RedFileData($file, &$auth, $test = false) {
}
if (! $r) {
$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach
where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1",
where folder = '%s' and filename = '%s' and uid = %d $perms order by filename limit 1",
dbesc($folder),
dbesc(basename($file)),
intval($channel_id)
@ -253,7 +259,7 @@ function RedFileData($file, &$auth, $test = false) {
if (! $r) {
$errors = true;
$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach
where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1",
where folder = '%s' and filename = '%s' and uid = %d order by filename limit 1",
dbesc($folder),
dbesc(basename($file)),
intval($channel_id)

29
include/security.php
View File

@ -12,7 +12,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
$_SESSION['authenticated'] = 1;
if($login_initial || $update_lastlog) {
q("update account set account_lastlog = '%s' where account_id = %d limit 1",
q("update account set account_lastlog = '%s' where account_id = %d",
dbesc(datetime_convert()),
intval($_SESSION['account_id'])
);
@ -59,7 +59,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
/* This account has never created a channel. Send them to new_channel by default */
if($a->module === 'login') {
$r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d)",
$r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d)>0",
intval($a->account['account_id']),
intval(PAGE_REMOVED)
);
@ -76,7 +76,7 @@ function change_channel($change_channel) {
$ret = false;
if($change_channel) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and not ( channel_pageflags & %d) limit 1",
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and not ( channel_pageflags & %d)>0 limit 1",
intval($change_channel),
intval(get_account_id()),
intval(PAGE_REMOVED)
@ -86,7 +86,7 @@ function change_channel($change_channel) {
if (is_developer()) {
if (! $r) {
if (is_site_admin()) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d ) limit 1",
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d )>0 limit 1",
intval($change_channel),
intval(PAGE_SYSTEM),
intval(PAGE_REMOVED)
@ -174,9 +174,10 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
foreach($groups as $g)
$gs .= '|<' . $g . '>';
}
$regexop = db_getfunc('REGEXP');
$sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
" AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
)
",
dbesc(protect_sprintf( '%<' . $observer . '>%')),
@ -204,7 +205,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
* default permissions - anonymous user
*/
$sql = " AND not item_private ";
$sql = " AND item_private=0 ";
/**
@ -236,9 +237,10 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
foreach($groups as $g)
$gs .= '|<' . $g . '>';
}
$regexop = db_getfunc('REGEXP');
$sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
" AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
)
",
dbesc(protect_sprintf( '%<' . $observer . '>%')),
@ -264,9 +266,10 @@ function public_permissions_sql($observer_hash) {
}
$sql = '';
if($observer_hash) {
$regexop = db_getfunc('REGEXP');
$sql = sprintf(
" OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
" OR (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
))
",
dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),
@ -375,7 +378,7 @@ function stream_perms_api_uids($perms = NULL ) {
$ret = array();
if(local_user())
$ret[] = local_user();
$r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)",
$r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0",
intval($perms),
intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED)
);
@ -402,7 +405,7 @@ function stream_perms_xchans($perms = NULL ) {
if(local_user())
$ret[] = get_observer_hash();
$r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)",
$r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0",
intval($perms),
intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED)
);

8
include/session.php
View File

@ -60,11 +60,11 @@ function ref_session_write ($id,$data) {
if($session_exists)
$r = q("UPDATE `session`
SET `data` = '%s', `expire` = '%s'
WHERE `sid` = '%s' LIMIT 1",
WHERE `sid` = '%s'",
dbesc($data), dbesc($expire), dbesc($id));
else
$r = q("INSERT INTO `session`
SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
$r = q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
//SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
dbesc($id), dbesc($default_expire), dbesc($data));
return true;
@ -85,7 +85,7 @@ function ref_session_destroy ($id) {
function ref_session_gc($expire) {
q("DELETE FROM session WHERE expire < %d", dbesc(time()));
if (! get_config('system','innodb'))
q("OPTIMIZE TABLE session");
db_optimizetable('session');
return true;
}

57
include/socgraph.php
View File

@ -77,7 +77,7 @@ function poco_load($xchan = '',$url = null) {
dbesc($xchan)
);
if($r) {
q("update xchat set xchat_edited = '%s' where xchat_id = %d limit 1",
q("update xchat set xchat_edited = '%s' where xchat_id = %d",
dbesc(datetime_convert()),
intval($r[0]['xchat_id'])
);
@ -93,7 +93,8 @@ function poco_load($xchan = '',$url = null) {
}
}
}
q("delete from xchat where xchat_edited < UTC_TIMESTAMP() - INTERVAL 7 DAY and xchat_xchan = '%s' ",
q("delete from xchat where xchat_edited < %s - INTERVAL %s and xchat_xchan = '%s' ",
db_utcnow(), db_quoteinterval('7 DAY'),
dbesc($xchan)
);
}
@ -195,7 +196,7 @@ function poco_load($xchan = '',$url = null) {
);
}
else {
q("update xlink set xlink_updated = '%s', xlink_rating = %d where xlink_id = %d limit 1",
q("update xlink set xlink_updated = '%s', xlink_rating = %d where xlink_id = %d",
dbesc(datetime_convert()),
intval($rating),
intval($r[0]['xlink_id'])
@ -204,8 +205,9 @@ function poco_load($xchan = '',$url = null) {
}
logger("poco_load: loaded $total entries",LOGGER_DEBUG);
q("delete from xlink where xlink_xchan = '%s' and xlink_updated < UTC_TIMESTAMP() - INTERVAL 2 DAY",
dbesc($xchan)
q("delete from xlink where xlink_xchan = '%s' and xlink_updated < %s - INTERVAL %s",
dbesc($xchan),
db_utcnow(), db_quoteinterval('2 DAY')
);
}
@ -227,18 +229,19 @@ function count_common_friends($uid,$xchan) {
function common_friends($uid,$xchan,$start = 0,$limit=100000000,$shuffle = false) {
$rand = db_getfunc('rand');
if($shuffle)
$sql_extra = " order by rand() ";
$sql_extra = " order by $rand ";
else
$sql_extra = " order by xchan_name asc ";
$r = q("SELECT * from xchan left join xlink on xlink_link = xchan_hash where xlink_xchan = '%s' and xlink_link in
(select abook_xchan from abook where abook_xchan != '%s' and abook_channel = %d and abook_flags = 0 ) $sql_extra limit %d, %d",
(select abook_xchan from abook where abook_xchan != '%s' and abook_channel = %d and abook_flags = 0 ) $sql_extra limit %d offset %d",
dbesc($xchan),
dbesc($xchan),
intval($uid),
intval($start),
intval($limit)
intval($limit),
intval($start)
);
return $r;
@ -273,11 +276,11 @@ function common_friends_zcid($uid,$zcid,$start = 0, $limit = 9999,$shuffle = fal
FROM `glink` left join `gcontact` on `glink`.`gcid` = `gcontact`.`id`
where `glink`.`zcid` = %d
and `gcontact`.`nurl` in (select nurl from contact where uid = %d and self = 0 and blocked = 0 and hidden = 0 )
$sql_extra limit %d, %d",
$sql_extra limit %d offset %d",
intval($zcid),
intval($uid),
intval($start),
intval($limit)
intval($limit),
intval($start)
);
return $r;
@ -306,11 +309,11 @@ function all_friends($uid,$cid,$start = 0, $limit = 80) {
$r = q("SELECT `gcontact`.*
FROM `glink` left join `gcontact` on `glink`.`gcid` = `gcontact`.`id`
where `glink`.`cid` = %d and `glink`.`uid` = %d
order by `gcontact`.`name` asc LIMIT %d, %d ",
order by `gcontact`.`name` asc LIMIT %d OFFSET %d ",
intval($cid),
intval($uid),
intval($start),
intval($limit)
intval($limit),
intval($start)
);
return $r;
@ -329,16 +332,16 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) {
and not xlink_link in ( select abook_xchan from abook where abook_channel = %d )
and not xlink_link in ( select xchan from xign where uid = %d )
and xlink_xchan != ''
and not ( xchan_flags & %d )
and not ( xchan_flags & %d )
group by xchan_hash order by total desc limit %d, %d ",
and not ( xchan_flags & %d )>0
and not ( xchan_flags & %d )>0
group by xchan_hash order by total desc limit %d offset %d ",
intval($uid),
intval($uid),
intval($uid),
intval(XCHAN_FLAGS_HIDDEN),
intval(XCHAN_FLAGS_DELETED),
intval($start),
intval($limit)
intval($limit),
intval($start)
);
if($r && count($r) >= ($limit -1))
@ -349,15 +352,15 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) {
where xlink_xchan = ''
and not xlink_link in ( select abook_xchan from abook where abook_channel = %d )
and not xlink_link in ( select xchan from xign where uid = %d )
and not ( xchan_flags & %d )
and not ( xchan_flags & %d )
group by xchan_hash order by total desc limit %d, %d ",
and not ( xchan_flags & %d )>0
and not ( xchan_flags & %d )>0
group by xchan_hash order by total desc limit %d offset %d ",
intval($uid),
intval($uid),
intval(XCHAN_FLAGS_HIDDEN),
intval(XCHAN_FLAGS_DELETED),
intval($start),
intval($limit)
intval($limit),
intval($start)
);
if(is_array($r) && is_array($r2))
@ -394,7 +397,9 @@ function update_suggestions() {
// the targets may have changed their preferences and don't want to be suggested - and they
// may have simply gone away.
$r = q("delete from xlink where xlink_xchan = '' and xlink_updated < UTC_TIMESTAMP() - INTERVAL 7 DAY");
$r = q("delete from xlink where xlink_xchan = '' and xlink_updated < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('7 DAY')
);
$j = json_decode($ret['body'],true);

20
include/statistics_fns.php
View File

@ -13,7 +13,9 @@ function update_channels_total_stat() {
function update_channels_active_halfyear_stat() {
$r = q("select channel_id from channel left join account on account_id = channel_account_id
where account_flags = 0 and account_lastlog > UTC_TIMESTAMP - INTERVAL 6 MONTH");
where account_flags = 0 and account_lastlog > %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('6 MONTH')
);
if($r) {
$s = '';
foreach($r as $rr) {
@ -21,8 +23,9 @@ function update_channels_active_halfyear_stat() {
$s .= ',';
$s .= intval($rr['channel_id']);
}
$x = q("select uid from item where uid in ( $s ) and (item_flags & %d) and created > UTC_TIMESTAMP - INTERVAL 6 MONTH group by uid",
intval(ITEM_WALL)
$x = q("select uid from item where uid in ( $s ) and (item_flags & %d)>0 and created > %s - INTERVAL %s group by uid",
intval(ITEM_WALL),
db_utcnow(), db_quoteinterval('6 MONTH')
);
if($x) {
$channels_active_halfyear_stat = count($x);
@ -37,7 +40,9 @@ function update_channels_active_halfyear_stat() {
function update_channels_active_monthly_stat() {
$r = q("select channel_id from channel left join account on account_id = channel_account_id
where account_flags = 0 and account_lastlog > UTC_TIMESTAMP - INTERVAL 1 MONTH");
where account_flags = 0 and account_lastlog > %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('1 MONTH')
);
if($r) {
$s = '';
foreach($r as $rr) {
@ -45,8 +50,9 @@ function update_channels_active_monthly_stat() {
$s .= ',';
$s .= intval($rr['channel_id']);
}
$x = q("select uid from item where uid in ( $s ) and ( item_flags & %d ) and created > UTC_TIMESTAMP - INTERVAL 1 MONTH group by uid",
intval(ITEM_WALL)
$x = q("select uid from item where uid in ( $s ) and ( item_flags & %d )>0 and created > %s - INTERVAL %s group by uid",
intval(ITEM_WALL),
db_utcnow(), db_quoteinterval('1 MONTH')
);
if($x) {
$channels_active_monthly_stat = count($x);
@ -60,7 +66,7 @@ function update_channels_active_monthly_stat() {
}
function update_local_posts_stat() {
$posts = q("SELECT COUNT(*) AS local_posts FROM `item` WHERE (item_flags & %d) ",
$posts = q("SELECT COUNT(*) AS local_posts FROM `item` WHERE (item_flags & %d)>0 ",
intval(ITEM_WALL) );
if (is_array($posts)) {
$local_posts_stat = intval($posts[0]["local_posts"]);

18
include/text.php
View File

@ -724,7 +724,7 @@ function contact_block() {
if((! is_array($a->profile)) || ($a->profile['hide_friends']))
return $o;
$r = q("SELECT COUNT(abook_id) AS total FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and not ( abook_flags & %d ) and not (xchan_flags & %d)",
$r = q("SELECT COUNT(abook_id) AS total FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and not ( abook_flags & %d )>0 and not (xchan_flags & %d)>0",
intval($a->profile['uid']),
intval($abook_flags),
intval($xchan_flags)
@ -737,8 +737,12 @@ function contact_block() {
$micropro = Null;
} else {
$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash WHERE abook_channel = %d AND not ( abook_flags & %d) and not (xchan_flags & %d ) ORDER BY RAND() LIMIT %d",
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$randfunc = 'RANDOM()';
} else {
$randfunc = 'RAND()';
}
$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash WHERE abook_channel = %d AND not ( abook_flags & %d)>0 and not (xchan_flags & %d )>0 ORDER BY $randfunc LIMIT %d",
intval($a->profile['uid']),
intval($abook_flags|ABOOK_FLAG_ARCHIVED),
intval($xchan_flags),
@ -1534,7 +1538,7 @@ function unamp($s) {
}
function layout_select($channel_id, $current = '') {
$r = q("select mid,sid from item left join item_id on iid = item.id where service = 'PDL' and item.uid = item_id.uid and item_id.uid = %d and (item_restrict & %d)",
$r = q("select mid,sid from item left join item_id on iid = item.id where service = 'PDL' and item.uid = item_id.uid and item_id.uid = %d and (item_restrict & %d)>0",
intval($channel_id),
intval(ITEM_PDL)
);
@ -1874,13 +1878,13 @@ function xchan_query(&$items,$abook = true,$effective_uid = 0) {
if(count($arr)) {
if($abook) {
$chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash and abook_channel = %d
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )",
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0",
intval($item['uid'])
);
}
else {
$chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0");
}
$xchans = q("select * from xchan where xchan_hash in (" . implode(',',$arr) . ") and xchan_network in ('rss','unknown')");
if(! $chans)
@ -1909,7 +1913,7 @@ function xchan_mail_query(&$item) {
if(count($arr)) {
$chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0");
}
if($chans) {
$item['from'] = find_xchan_in_array($item['from_xchan'],$chans);

6
include/widgets.php
View File

@ -155,7 +155,7 @@ function widget_follow($args) {
return '';
$a = get_app();
$uid =$a->channel['channel_id'];
$r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ",
$r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d)>0 ",
intval($uid),
intval(ABOOK_FLAG_SELF)
);
@ -220,7 +220,7 @@ function widget_savedsearch($arr) {
}
if(x($_GET,'searchremove') && $search) {
q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1",
q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s'",
intval(local_user()),
intval(TERM_SAVEDSEARCH),
dbesc($search)
@ -456,7 +456,7 @@ function widget_settings_menu($arr) {
$role = get_pconfig(local_user(),'system','permissions_role');
$abk = q("select abook_id from abook where abook_channel = %d and ( abook_flags & %d ) limit 1",
$abk = q("select abook_id from abook where abook_channel = %d and ( abook_flags & %d )>0 limit 1",
intval(local_user()),
intval(ABOOK_FLAG_SELF)
);

100
include/zot.php
View File

@ -79,7 +79,7 @@ function zot_get_hublocs($hash) {
/** Only search for active hublocs - e.g. those that haven't been marked deleted */
$ret = q("select * from hubloc where hubloc_hash = '%s' and not ( hubloc_flags & %d ) group by hubloc_url ",
$ret = q("select * from hubloc where hubloc_hash = '%s' and not ( hubloc_flags & %d )>0 order by hubloc_url ",
dbesc($hash),
intval(HUBLOC_FLAGS_DELETED)
);
@ -194,6 +194,7 @@ function zot_finger($webbie,$channel,$autofallback = true) {
logger('zot_finger: no address :' . $webbie);
return array('success' => false);
}
logger('using xchan_addr: ' . $xchan_addr, LOGGER_DATA);
// potential issue here; the xchan_addr points to the primary hub.
// The webbie we were called with may not, so it might not be found
@ -201,7 +202,7 @@ function zot_finger($webbie,$channel,$autofallback = true) {
$r = q("select xchan.*, hubloc.* from xchan
left join hubloc on xchan_hash = hubloc_hash
where xchan_addr = '%s' and (hubloc_flags & %d) limit 1",
where xchan_addr = '%s' and (hubloc_flags & %d)>0 limit 1",
dbesc($xchan_addr),
intval(HUBLOC_FLAGS_PRIMARY)
);
@ -211,6 +212,7 @@ function zot_finger($webbie,$channel,$autofallback = true) {
if($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') {
logger('zot_finger: alternate network: ' . $webbie);
logger('url: '.$url.', net: '.var_export($r[0]['hubloc_network'],true), LOGGER_DATA);
return array('success' => false);
}
}
@ -299,7 +301,7 @@ function zot_refresh($them,$channel = null, $force = false) {
if($them['hubloc_url'])
$url = $them['hubloc_url'];
else {
$r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d ) limit 1",
$r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d )>0 limit 1",
dbesc($them['xchan_hash']),
intval(HUBLOC_FLAGS_PRIMARY)
);
@ -381,7 +383,7 @@ function zot_refresh($them,$channel = null, $force = false) {
}
}
$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1",
$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d)>0 limit 1",
dbesc($x['hash']),
intval($channel['channel_id']),
intval(ABOOK_FLAG_SELF)
@ -407,7 +409,7 @@ function zot_refresh($them,$channel = null, $force = false) {
$y = q("update abook set abook_their_perms = %d, abook_dob = '%s'
where abook_xchan = '%s' and abook_channel = %d
and not (abook_flags & %d) limit 1",
and not (abook_flags & %d)>0 ",
intval($their_perms),
dbesc($next_birthday),
dbesc($x['hash']),
@ -469,7 +471,7 @@ function zot_refresh($them,$channel = null, $force = false) {
$new_perms = get_all_perms($channel['channel_id'],$x['hash']);
if($new_perms != $previous_perms) {
// Send back a permissions update if permissions have changed
$z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1",
$z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d)>0 limit 1",
dbesc($x['hash']),
intval($channel['channel_id']),
intval(ABOOK_FLAG_SELF)
@ -735,7 +737,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
|| ($r[0]['xchan_url'] != $arr['url'])) {
$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_follow = '%s',
xchan_connpage = '%s', xchan_flags = %d,
xchan_addr = '%s', xchan_url = '%s' where xchan_hash = '%s' limit 1",
xchan_addr = '%s', xchan_url = '%s' where xchan_hash = '%s'",
dbesc(($arr['name']) ? $arr['name'] : '-'),
dbesc($arr['name_updated']),
dbesc($arr['connections_url']),
@ -788,8 +790,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
dbesc($arr['connect_url']),
dbesc(($arr['name']) ? $arr['name'] : '-'),
dbesc('zot'),
dbesc($arr['photo_updated']),
dbesc($arr['name_updated']),
dbescdate($arr['photo_updated']),
dbescdate($arr['name_updated']),
intval($new_flags)
);
@ -830,7 +832,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
// importing the photo failed somehow. Leave the photo_date alone so we can try again at a later date.
// This often happens when somebody joins the matrix with a bad cert.
$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
where xchan_hash = '%s' limit 1",
where xchan_hash = '%s'",
dbesc($photos[0]),
dbesc($photos[1]),
dbesc($photos[2]),
@ -840,8 +842,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
}
else {
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
where xchan_hash = '%s' limit 1",
dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])),
where xchan_hash = '%s'",
dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])),
dbesc($photos[0]),
dbesc($photos[1]),
dbesc($photos[2]),
@ -901,10 +903,10 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
else {
logger('import_xchan: profile not available - hiding');
// they may have made it private
$r = q("delete from xprof where xprof_hash = '%s' limit 1",
$r = q("delete from xprof where xprof_hash = '%s'",
dbesc($xchan_hash)
);
$r = q("delete from xtag where xtag_hash = '%s' limit 1",
$r = q("delete from xtag where xtag_hash = '%s'",
dbesc($xchan_hash)
);
}
@ -926,7 +928,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
}
elseif(! $ud_flags) {
// nothing changed but we still need to update the updates record
q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) ",
q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ",
intval(UPDATE_FLAGS_UPDATED),
dbesc($address),
intval(UPDATE_FLAGS_UPDATED)
@ -976,14 +978,14 @@ function zot_process_response($hub,$arr,$outq) {
// async messages remain in the queue until processed.
if(intval($outq['outq_async'])) {
$r = q("update outq set outq_delivered = 1, outq_updated = '%s' where outq_hash = '%s' and outq_channel = %d limit 1",
$r = q("update outq set outq_delivered = 1, outq_updated = '%s' where outq_hash = '%s' and outq_channel = %d",
dbesc(datetime_convert()),
dbesc($outq['outq_hash']),
intval($outq['outq_channel'])
);
}
else {
$r = q("delete from outq where outq_hash = '%s' and outq_channel = %d limit 1",
$r = q("delete from outq where outq_hash = '%s' and outq_channel = %d",
dbesc($outq['outq_hash']),
intval($outq['outq_channel'])
);
@ -1101,7 +1103,7 @@ function zot_import($arr, $sender_url) {
}
stringify_array_elms($recip_arr);
$recips = implode(',',$recip_arr);
$r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d ) ",
$r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d )>0 ",
intval(PAGE_REMOVED)
);
if(! $r) {
@ -1283,9 +1285,9 @@ function public_recips($msg) {
if($msg['notify']['sender']['url'] === z_root())
$sql = " where (( " . $col . " & " . PERMS_NETWORK . " ) or ( " . $col . " & " . PERMS_SITE . " ) or ( " . $col . " & " . PERMS_PUBLIC . ")) ";
$sql = " where (( " . $col . " & " . PERMS_NETWORK . " )>0 or ( " . $col . " & " . PERMS_SITE . " )>0 or ( " . $col . " & " . PERMS_PUBLIC . ")>0) ";
else
$sql = " where (( " . $col . " & " . PERMS_NETWORK . " ) or ( " . $col . " & " . PERMS_PUBLIC . ")) ";
$sql = " where (( " . $col . " & " . PERMS_NETWORK . " )>0 or ( " . $col . " & " . PERMS_PUBLIC . ")>0) ";
$r = q("select channel_hash as hash from channel $sql or channel_hash = '%s' ",
@ -1295,7 +1297,7 @@ function public_recips($msg) {
if(! $r)
$r = array();
$x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_PENDING . " ) OR (( " . $col . " & " . PERMS_CONTACTS . " ) and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )) ",
$x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " )>0 and (( " . $col . " & " . PERMS_SPECIFIC . " )>0 and ( abook_my_perms & " . $field . " )>0) OR ( " . $col . " & " . PERMS_PENDING . " )>0 OR (( " . $col . " & " . PERMS_CONTACTS . " )>0 and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )>0) ",
dbesc($msg['notify']['sender']['hash'])
);
@ -1371,7 +1373,7 @@ function allowed_public_recips($msg) {
$condensed_recips[] = $rr['hash'];
$results = array();
$r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & %d ) ",
$r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & %d )>0 ",
dbesc($hash),
intval(PAGE_REMOVED)
);
@ -1615,7 +1617,7 @@ function remove_community_tag($sender,$arr,$uid) {
return;
}
$x = q("delete from term where uid = %d and oid = %d and otype = %d and type = %d and term = '%s' and url = '%s' limit 1",
$x = q("delete from term where uid = %d and oid = %d and otype = %d and type = %d and term = '%s' and url = '%s'",
intval($uid),
intval($r[0]['id']),
intval(TERM_OBJ_POST),
@ -1709,7 +1711,7 @@ function process_mail_delivery($sender,$arr,$deliveries) {
);
if($r) {
if($arr['mail_flags'] & MAIL_RECALLED) {
$x = q("delete from mail where id = %d and channel_id = %d limit 1",
$x = q("delete from mail where id = %d and channel_id = %d",
intval($r[0]['id']),
intval($channel['channel_id'])
);
@ -1835,7 +1837,7 @@ function sync_locations($sender,$arr,$absolute = false) {
// This only happens when called from import_xchan
if(array_key_exists('site',$arr) && $location['url'] == $arr['site']['url']) {
q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d limit 1",
q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d",
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($r[0]['hubloc_id'])
@ -1847,17 +1849,17 @@ function sync_locations($sender,$arr,$absolute = false) {
// the directory server if the site is alive.
if($r[0]['hubloc_status'] & HUBLOC_OFFLINE) {
q("update hubloc set hubloc_status = (hubloc_status ^ %d) where hubloc_id = %d limit 1",
q("update hubloc set hubloc_status = (hubloc_status & ~%d) where hubloc_id = %d",
intval(HUBLOC_OFFLINE),
intval($r[0]['hubloc_id'])
);
if($r[0]['hubloc_flags'] & HUBLOC_FLAGS_ORPHANCHECK) {
q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where hubloc_id = %d limit 1",
q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where hubloc_id = %d",
intval(HUBLOC_FLAGS_ORPHANCHECK),
intval($r[0]['hubloc_id'])
);
}
q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1",
q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_ORPHAN),
dbesc($sender['hash'])
@ -1867,7 +1869,7 @@ function sync_locations($sender,$arr,$absolute = false) {
// Remove pure duplicates
if(count($r) > 1) {
for($h = 1; $h < count($r); $h ++) {
q("delete from hubloc where hubloc_id = %d limit 1",
q("delete from hubloc where hubloc_id = %d",
intval($r[$h]['hubloc_id'])
);
$what .= 'duplicate_hubloc_removed ';
@ -1877,7 +1879,7 @@ function sync_locations($sender,$arr,$absolute = false) {
if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) && (! $location['primary']))
|| ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY)) && ($location['primary']))) {
$m = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1",
$m = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d",
intval(HUBLOC_FLAGS_PRIMARY),
dbesc(datetime_convert()),
intval($r[0]['hubloc_id'])
@ -1898,7 +1900,7 @@ function sync_locations($sender,$arr,$absolute = false) {
}
if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_DELETED) && (! $location['deleted']))
|| ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_DELETED)) && ($location['deleted']))) {
$n = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1",
$n = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d",
intval(HUBLOC_FLAGS_DELETED),
dbesc(datetime_convert()),
intval($r[0]['hubloc_id'])
@ -1913,7 +1915,7 @@ function sync_locations($sender,$arr,$absolute = false) {
// New hub claiming to be primary. Make it so by removing any existing primaries.
if(intval($location['primary'])) {
$r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_hash = '%s' and (hubloc_flags & %d )",
$r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_hash = '%s' and (hubloc_flags & %d )>0",
intval(HUBLOC_FLAGS_PRIMARY),
dbesc(datetime_convert()),
dbesc($sender['hash']),
@ -1956,7 +1958,7 @@ function sync_locations($sender,$arr,$absolute = false) {
foreach($xisting as $x) {
if(! array_key_exists('updated',$x)) {
logger('sync_locations: deleting unreferenced hub location ' . $x['hubloc_url']);
$r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1",
$r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d",
intval(HUBLOC_FLAGS_DELETED),
dbesc(datetime_convert()),
intval($x['hubloc_id'])
@ -2050,7 +2052,7 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_
if(in_arrayi('nsfw',$clean) || in_arrayi('adult',$clean)) {
q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s' limit 1",
q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'",
intval(XCHAN_FLAGS_SELFCENSORED),
dbesc($hash)
);
@ -2085,7 +2087,7 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_
xprof_homepage = '%s',
xprof_hometown = '%s',
xprof_keywords = '%s'
where xprof_hash = '%s' limit 1",
where xprof_hash = '%s'",
dbesc($arr['xprof_desc']),
dbesc($arr['xprof_dob']),
intval($arr['xprof_age']),
@ -2155,7 +2157,7 @@ function import_directory_keywords($hash,$keywords) {
foreach($existing as $x) {
if(! in_array($x,$clean))
$r = q("delete from xtag where xtag_hash = '%s' and xtag_term = '%s' limit 1",
$r = q("delete from xtag where xtag_hash = '%s' and xtag_term = '%s'",
dbesc($hash),
dbesc($x)
);
@ -2187,7 +2189,7 @@ function update_modtime($hash,$guid,$addr,$flags = 0) {
);
}
else {
q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) ",
q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ",
intval(UPDATE_FLAGS_UPDATED),
dbesc($addr),
intval(UPDATE_FLAGS_UPDATED)
@ -2278,7 +2280,7 @@ function import_site($arr,$pubkey) {
// logger('import_site: stored: ' . print_r($siterecord,true));
$r = q("update site set site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s'
where site_url = '%s' limit 1",
where site_url = '%s'",
dbesc($site_location),
intval($site_directory),
intval($access_policy),
@ -2494,7 +2496,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
if(count($clean)) {
foreach($clean as $k => $v) {
$r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v)
. "' where channel_id = " . intval($channel['channel_id']) . " limit 1");
. "' where channel_id = " . intval($channel['channel_id']) );
}
}
}
@ -2525,7 +2527,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']);
require_once('include/Contact.php');
$r = q("select abook_id, abook_flags from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1",
$r = q("select abook_id, abook_flags from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d )>0 limit 1",
dbesc($abook['abook_xchan']),
intval($channel['channel_id']),
intval(ABOOK_FLAG_SELF)
@ -2603,8 +2605,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
if(count($clean)) {
foreach($clean as $k => $v) {
$r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v)
. "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id'])
. " limit 1");
. "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id']));
}
}
}
@ -2629,7 +2630,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
if(($y['name'] != $cl['name'])
|| ($y['visible'] != $cl['visible'])
|| ($y['deleted'] != $cl['deleted'])) {
q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d limit 1",
q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d",
dbesc($cl['name']),
intval($cl['visible']),
intval($cl['deleted']),
@ -2672,7 +2673,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
q("delete from group_member where gid = %d",
intval($y['id'])
);
q("update groups set deleted = 1 where id = %d and uid = %d limit 1",
q("update groups set deleted = 1 where id = %d and uid = %d",
intval($y['id']),
intval($channel['channel_id'])
);
@ -2735,7 +2736,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
foreach($m as $mm) {
// if the local existing member isn't in the list we just received - remove them
if(! in_array($mm['xchan'],$members[$y['hash']])) {
q("delete from group_member where xchan = '%s' and gid = %d and uid = %d limit 1",
q("delete from group_member where xchan = '%s' and gid = %d and uid = %d",
dbesc($mm['xchan']),
intval($y['id']),
intval($channel['channel_id'])
@ -2781,8 +2782,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
if(count($clean)) {
foreach($clean as $k => $v) {
$r = dbq("UPDATE profile set " . dbesc($k) . " = '" . dbesc($v)
. "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id'])
. " limit 1");
. "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id']));
}
}
}
@ -2807,7 +2807,7 @@ function get_rpost_path($observer) {
function import_author_zot($x) {
$hash = make_xchan_hash($x['guid'],$x['guid_sig']);
$r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d) limit 1",
$r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d)>0 limit 1",
dbesc($x['guid']),
dbesc($x['guid_sig']),
intval(HUBLOC_FLAGS_PRIMARY)
@ -2879,8 +2879,8 @@ function zot_process_message_request($data) {
$env_recips = null;
$r = q("select hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host
from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)
and not (hubloc_status & %d) group by hubloc_sitekey",
from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)>0
and not (hubloc_status & %d)>0 group by hubloc_sitekey",
dbesc($sender_hash),
intval(HUBLOC_FLAGS_DELETED),
intval(HUBLOC_OFFLINE)

4
index.php
View File

@ -40,8 +40,8 @@ date_default_timezone_set($a->timezone);
require_once("include/dba/dba_driver.php");
if(! $a->install) {
$db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $a->install);
unset($db_host, $db_port, $db_user, $db_pass, $db_data);
$db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, $a->install);
unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
/**
* Load configs from db. Overwrite configs from .htconfig.php

0
install/database.sql → install/schema_mysql.sql
View File

1190
install/schema_postgres.sql Normal file
View File

File diff suppressed because it is too large Load Diff

29
mod/acl.php
View File

@ -49,7 +49,7 @@ function acl_init(&$a){
if ($type=='' || $type=='c'){
$r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) $sql_extra2" ,
WHERE abook_channel = %d AND not ( abook_flags & %d )>0 and not (xchan_flags & %d )>0 $sql_extra2" ,
intval(local_user()),
intval(ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED),
intval(XCHAN_FLAGS_DELETED)
@ -59,7 +59,7 @@ function acl_init(&$a){
if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_user(),'system','taganyone'))) {
if(((! $r) || (! $r[0]['total'])) && $type == 'c') {
$r = q("SELECT COUNT(xchan_hash) AS c FROM xchan
WHERE not (xchan_flags & %d ) $sql_extra2" ,
WHERE not (xchan_flags & %d )>0 $sql_extra2" ,
intval(XCHAN_FLAGS_DELETED)
);
$contact_count = (int)$r[0]['c'];
@ -75,8 +75,8 @@ function acl_init(&$a){
$r = q("SELECT count(xchan_hash) as c
FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d ))
and not ( xchan_flags & %d )
WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0)
and not ( xchan_flags & %d )>0
$sql_extra2 ",
intval(local_user()),
intval(PERMS_W_MAIL),
@ -92,7 +92,7 @@ function acl_init(&$a){
// autocomplete for Contacts
$r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d and not ( xchan_flags & %d ) $sql_extra2" ,
WHERE abook_channel = %d and not ( xchan_flags & %d )>0 $sql_extra2" ,
intval(local_user()),
intval(XCHAN_FLAGS_DELETED)
);
@ -110,17 +110,18 @@ function acl_init(&$a){
if ($type=='' || $type=='g'){
$r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`name`,
GROUP_CONCAT(DISTINCT `group_member`.`xchan` SEPARATOR ',') as uids
%s as uids
FROM `groups`,`group_member`
WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d
AND `group_member`.`gid`=`groups`.`id`
$sql_extra
GROUP BY `groups`.`id`
ORDER BY `groups`.`name`
LIMIT %d,%d",
LIMIT %d OFFSET %d",
db_concat('group_member.xchan', ','),
intval(local_user()),
intval($start),
intval($count)
intval($count),
intval($start)
);
foreach($r as $g){
@ -140,7 +141,7 @@ function acl_init(&$a){
if ($type=='' || $type=='c') {
$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags
FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) $sql_extra2 order by xchan_name asc" ,
WHERE abook_channel = %d AND not ( abook_flags & %d )>0 and not (xchan_flags & %d )>0 $sql_extra2 order by xchan_name asc" ,
intval(local_user()),
intval(ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED),
intval(XCHAN_FLAGS_DELETED)
@ -149,7 +150,7 @@ function acl_init(&$a){
if((! $r) && $type == 'c') {
$r = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags
FROM xchan
WHERE not (xchan_flags & %d ) $sql_extra2 order by xchan_name asc" ,
WHERE not (xchan_flags & %d )>0 $sql_extra2 order by xchan_name asc" ,
intval(XCHAN_FLAGS_DELETED)
);
}
@ -159,8 +160,8 @@ function acl_init(&$a){
$r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d ))
and not (xchan_flags & %d)
WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0)
and not (xchan_flags & %d)>0
$sql_extra3
ORDER BY `xchan_name` ASC ",
intval(local_user()),
@ -171,7 +172,7 @@ function acl_init(&$a){
elseif(($type == 'a') || ($type == 'p')) {
$r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_channel = %d
and not (xchan_flags & %d)
and not (xchan_flags & %d)>0
$sql_extra3
ORDER BY xchan_name ASC ",
intval(local_user()),

37
mod/admin.php
View File

@ -591,7 +591,7 @@ function admin_page_users_post(&$a){
if (x($_POST,'page_users_block')){
foreach($users as $uid){
q("UPDATE account SET account_flags = (account_flags & %d) where account_id = %d limit 1",
q("UPDATE account SET account_flags = (account_flags & %d) where account_id = %d",
intval(ACCOUNT_BLOCKED),
intval( $uid )
);
@ -647,7 +647,7 @@ function admin_page_users(&$a){
}; break;
case "block":{
check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
q("UPDATE account SET account_flags = ( account_flags ^ %d ) where account_id = %d",
q("UPDATE account SET account_flags = ( account_flags & ~%d ) where account_id = %d",
intval(ACCOUNT_BLOCKED),
intval( $uid )
);
@ -661,13 +661,13 @@ function admin_page_users(&$a){
}
/* get pending */
$pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d ) ",
$pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d )>0 ",
intval(ACCOUNT_PENDING)
);
/* get users */
$total = q("SELECT count(*) as total FROM account where 1");
$total = q("SELECT count(*) as total FROM account");
if(count($total)) {
$a->set_pager_total($total[0]['total']);
$a->set_pager_itemspage(100);
@ -687,14 +687,15 @@ function admin_page_users(&$a){
if($_REQUEST['order'] === 'created')
$order = " order by account_created desc ";
$users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d ) > 0 as `blocked`, " .
"(SELECT GROUP_CONCAT( ch.channel_address SEPARATOR ' ') FROM channel as ch " .
"WHERE ch.channel_account_id = ac.account_id and not (ch.channel_pageflags & %d )) as `channels` " .
"FROM account as ac where true $serviceclass $order limit %d , %d ",
$users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d )>0 as `blocked`, " .
"(SELECT %s FROM channel as ch " .
"WHERE ch.channel_account_id = ac.account_id and not (ch.channel_pageflags & %d )>0) as `channels` " .
"FROM account as ac where true $serviceclass $order limit %d offset %d ",
intval(ACCOUNT_BLOCKED),
db_concat('ch.channel_address', ' '),
intval(PAGE_REMOVED),
intval($a->pager['start']),
intval($a->pager['itemspage'])
intval($a->pager['itemspage']),
intval($a->pager['start'])
);
// function _setup_users($e){
@ -761,7 +762,7 @@ function admin_page_channels_post(&$a){
if (x($_POST,'page_channels_block')){
foreach($channels as $uid){
q("UPDATE channel SET channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d",
q("UPDATE channel SET channel_pageflags = ( channel_pageflags & ~%d ) where channel_id = %d",
intval(PAGE_CENSORED),
intval( $uid )
);
@ -809,7 +810,7 @@ function admin_page_channels(&$a){
case "block":{
check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't');
q("UPDATE channel SET channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d",
q("UPDATE channel SET channel_pageflags = ( channel_pageflags & ~%d ) where channel_id = %d",
intval(PAGE_CENSORED),
intval( $uid )
);
@ -825,7 +826,7 @@ function admin_page_channels(&$a){
/* get channels */
$total = q("SELECT count(*) as total FROM channel where not (channel_pageflags & %d)",
$total = q("SELECT count(*) as total FROM channel where not (channel_pageflags & %d)>0",
intval(PAGE_REMOVED)
);
if($total) {
@ -835,10 +836,10 @@ function admin_page_channels(&$a){
$order = " order by channel_name asc ";
$channels = q("SELECT * from channel where not ( channel_pageflags & %d ) $order limit %d , %d ",
$channels = q("SELECT * from channel where not ( channel_pageflags & %d )>0 $order limit %d offset %d ",
intval(PAGE_REMOVED),
intval($a->pager['start']),
intval($a->pager['itemspage'])
intval($a->pager['itemspage']),
intval($a->pager['start'])
);
if($channels) {
@ -1292,7 +1293,7 @@ readable.");
function admin_page_profs_post(&$a) {
if($_REQUEST['id']) {
$r = q("update profdef set field_name = '%s', field_type = '%s', field_desc = '%s' field_help = '%s', field_inputs = '%s' where id = %d limit 1",
$r = q("update profdef set field_name = '%s', field_type = '%s', field_desc = '%s' field_help = '%s', field_inputs = '%s' where id = %d",
dbesc($_REQUEST['field_name']),
dbesc($_REQUEST['field_type']),
dbesc($_REQUEST['field_desc']),
@ -1320,7 +1321,7 @@ function admin_page_profs_post(&$a) {
function admin_page_profs(&$a) {
if((argc() > 3) && argv(2) == 'drop' && intval(argv(3))) {
$r = q("delete from profdef where id = %d limit 1",
$r = q("delete from profdef where id = %d",
intval(argv(3))
);
// remove from allowed fields

18
mod/channel.php
View File

@ -141,17 +141,17 @@ function channel_content(&$a, $update = 0, $load = false) {
if(($update) && (! $load)) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0
AND (item_flags & %d) AND (item_flags & %d) $sql_extra limit 1",
AND (item_flags & %d)>0 AND (item_flags & %d)>0 $sql_extra limit 1",
dbesc($mid),
intval($a->profile['profile_uid']),
intval(ITEM_WALL),
intval(ITEM_UNSEEN)
);
} else {
$r = q("SELECT distinct parent AS `item_id` from item
$r = q("SELECT distinct parent AS `item_id`, created from item
left join abook on item.author_xchan = abook.abook_xchan
WHERE uid = %d AND item_restrict = 0
AND (item_flags & %d) AND ( item_flags & %d )
AND (item_flags & %d)>0 AND ( item_flags & %d )>0
AND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)
$sql_extra
ORDER BY created DESC",
@ -179,12 +179,12 @@ function channel_content(&$a, $update = 0, $load = false) {
$itemspage = get_pconfig(local_user(),'system','itemspage');
$a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage']));
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start']));
if($load || ($_COOKIE['jsAvailable'] != 1)) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0
AND (item_flags & %d) $sql_extra limit 1",
AND (item_flags & %d)>0 $sql_extra limit 1",
dbesc($mid),
intval($a->profile['profile_uid']),
intval(ITEM_WALL)
@ -194,10 +194,10 @@ function channel_content(&$a, $update = 0, $load = false) {
}
} else {
$r = q("SELECT distinct id AS item_id FROM item
$r = q("SELECT distinct id AS item_id, created FROM item
left join abook on item.author_xchan = abook.abook_xchan
WHERE uid = %d AND item_restrict = 0
AND (item_flags & %d) and (item_flags & %d)
AND (item_flags & %d)>0 and (item_flags & %d)>0
AND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)
$sql_extra $sql_extra2
ORDER BY created DESC $pager_sql ",
@ -283,8 +283,8 @@ function channel_content(&$a, $update = 0, $load = false) {
if($is_owner) {
$r = q("UPDATE item SET item_flags = (item_flags ^ %d)
WHERE (item_flags & %d) AND (item_flags & %d) AND uid = %d ",
$r = q("UPDATE item SET item_flags = (item_flags & ~%d)
WHERE (item_flags & %d)>0 AND (item_flags & %d)>0 AND uid = %d ",
intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN),
intval(ITEM_WALL),

4
mod/chatsvc.php
View File

@ -73,7 +73,7 @@ function chatsvc_content(&$a) {
intval($a->data['chat']['uid'])
);
$r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s' limit 1",
$r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'",
dbesc($status),
dbesc(datetime_convert()),
intval($room_id),
@ -141,7 +141,7 @@ function chatsvc_content(&$a) {
}
}
$r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s' limit 1",
$r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'",
dbesc(datetime_convert()),
intval($a->data['chat']['room_id']),
dbesc(get_observer_hash()),

2
mod/connect.php
View File

@ -38,7 +38,7 @@ function connect_post(&$a) {
$text = escape_tags($_POST['text']);
if($has_premium != $premium) {
$r = q("update channel set channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d limit 1",
$r = q("update channel set channel_pageflags = ( channel_pageflags & ~%d ) where channel_id = %d",
intval(PAGE_PREMIUM),
intval(local_user())
);

18
mod/connections.php
View File

@ -81,7 +81,7 @@ function connections_post(&$a) {
}
$r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d
where abook_id = %d AND abook_channel = %d LIMIT 1",
where abook_id = %d AND abook_channel = %d",
dbesc($profile_id),
intval($abook_my_perms),
intval($closeness),
@ -213,7 +213,7 @@ function connections_content(&$a) {
nav_set_selected('intros');
break;
case 'ifpending':
$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))",
$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)",
intval(local_user()),
intval(ABOOK_FLAG_PENDING),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED),
@ -250,13 +250,13 @@ function connections_content(&$a) {
}
$sql_extra = (($search_flags) ? " and ( abook_flags & " . $search_flags . " ) " : "");
$sql_extra = (($search_flags) ? " and ( abook_flags & " . $search_flags . " )>0 " : "");
if(argv(1) === 'pending')
$sql_extra .= " and not ( abook_flags & " . ABOOK_FLAG_IGNORED . " ) ";
$sql_extra .= " and not ( abook_flags & " . ABOOK_FLAG_IGNORED . " )>0 ";
}
else {
$sql_extra = " and not ( abook_flags & " . ABOOK_FLAG_BLOCKED . " ) ";
$sql_extra = " and not ( abook_flags & " . ABOOK_FLAG_BLOCKED . " )>0 ";
$unblocked = true;
}
@ -342,7 +342,7 @@ function connections_content(&$a) {
}
$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash
where abook_channel = %d and not (abook_flags & %d) and not (xchan_flags & %d ) $sql_extra $sql_extra2 ",
where abook_channel = %d and not (abook_flags & %d)>0 and not (xchan_flags & %d )>0 $sql_extra $sql_extra2 ",
intval(local_user()),
intval(ABOOK_FLAG_SELF),
intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN)
@ -353,12 +353,12 @@ function connections_content(&$a) {
}
$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash
WHERE abook_channel = %d and not (abook_flags & %d) and not ( xchan_flags & %d) $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d , %d ",
WHERE abook_channel = %d and not (abook_flags & %d)>0 and not ( xchan_flags & %d)>0 $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d OFFSET %d ",
intval(local_user()),
intval(ABOOK_FLAG_SELF),
intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN),
intval($a->pager['start']),
intval($a->pager['itemspage'])
intval($a->pager['itemspage']),
intval($a->pager['start'])
);
$contacts = array();

4
mod/connedit.php
View File

@ -117,7 +117,7 @@ function connedit_post(&$a) {
}
$r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d
where abook_id = %d AND abook_channel = %d LIMIT 1",
where abook_id = %d AND abook_channel = %d",
dbesc($profile_id),
intval($abook_my_perms),
intval($closeness),
@ -300,7 +300,7 @@ function connedit_content(&$a) {
$cmd = argv(2);
$orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d ) LIMIT 1",
WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d )>0 LIMIT 1",
intval($contact_id),
intval(local_user()),
intval(ABOOK_FLAG_SELF)

2
mod/contactgroup.php
View File

@ -9,7 +9,7 @@ function contactgroup_content(&$a) {
}
if((argc() > 2) && (intval(argv(1))) && (argv(2))) {
$r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1",
$r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d )>0 limit 1",
dbesc(base64url_decode(argv(2))),
intval(local_user()),
intval(ABOOK_FLAG_SELF)

2
mod/delegate.php
View File

@ -42,7 +42,7 @@ function delegate_content(&$a) {
if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
goaway($a->get_baseurl() . '/delegate');
q("delete from manage where uid = %d and mid = %d limit 1",
q("delete from manage where uid = %d and mid = %d",
intval($a->argv[2]),
intval(local_user())
);

8
mod/dirsearch.php
View File

@ -151,16 +151,16 @@ function dirsearch_content(&$a) {
}
$safesql = (($safe > 0) ? " and not ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " ) " : '');
$safesql = (($safe > 0) ? " and not ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " )>0 " : '');
if($safe < 0)
$safesql = " and ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " ) ";
$safesql = " and ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " )>0 ";
if($limit)
$qlimit = " LIMIT $limit ";
else {
$qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage);
if($return_total) {
$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and not ( xchan_flags & %d) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql ",
$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and not ( xchan_flags & %d)>0 and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 $safesql ",
intval(XCHAN_FLAGS_HIDDEN),
intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_DELETED)
@ -205,7 +205,7 @@ function dirsearch_content(&$a) {
json_return_and_die($spkt);
}
else {
$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and xchan_network = 'zot' and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql $order $qlimit ",
$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and xchan_network = 'zot' and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 $safesql $order $qlimit ",
intval(XCHAN_FLAGS_HIDDEN),
intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_DELETED)

8
mod/display.php
View File

@ -149,7 +149,7 @@ function display_content(&$a, $update = 0, $load = false) {
$updateable = false;
$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage']));
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']),intval($a->pager['start']));
if($load || ($_COOKIE['jsAvailable'] != 1)) {
$r = null;
@ -189,7 +189,7 @@ function display_content(&$a, $update = 0, $load = false) {
and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
OR owner_xchan = '%s')
$sql_extra )
group by mid limit 1",
limit 1",
dbesc($target_item['parent_mid']),
dbesc($sys['xchan_hash'])
);
@ -228,8 +228,8 @@ function display_content(&$a, $update = 0, $load = false) {
}
if($updateable) {
$x = q("UPDATE item SET item_flags = ( item_flags ^ %d )
WHERE (item_flags & %d) AND uid = %d and parent = %d ",
$x = q("UPDATE item SET item_flags = ( item_flags & ~%d )
WHERE (item_flags & %d)>0 AND uid = %d and parent = %d ",
intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN),
intval(local_user()),

8
mod/events.php
View File

@ -199,14 +199,14 @@ function events_content(&$a) {
nav_set_selected('all_events');
if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) {
$r = q("update event set ignore = 1 where id = %d and uid = %d limit 1",
$r = q("update event set ignore = 1 where id = %d and uid = %d",
intval(argv(2)),
intval(local_user())
);
}
if((argc() > 2) && (argv(1) === 'unignore') && intval(argv(2))) {
$r = q("update event set ignore = 0 where id = %d and uid = %d limit 1",
$r = q("update event set ignore = 0 where id = %d and uid = %d",
intval(argv(2)),
intval(local_user())
);
@ -330,8 +330,8 @@ function events_content(&$a) {
$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
from event left join item on event_hash = resource_id
where resource_type = 'event' and event.uid = %d and event.ignore = %d
AND (( `adjust` = 0 AND ( `finish` >= '%s' or nofinish ) AND `start` <= '%s' )
OR ( `adjust` = 1 AND ( `finish` >= '%s' or nofinish ) AND `start` <= '%s' )) ",
AND (( `adjust` = 0 AND ( `finish` >= '%s' or nofinish = 1 ) AND `start` <= '%s' )
OR ( `adjust` = 1 AND ( `finish` >= '%s' or nofinish = 1 ) AND `start` <= '%s' )) ",
intval(local_user()),
intval($ignored),
dbesc($start),

2
mod/filer.php
View File

@ -27,7 +27,7 @@ function filer_content(&$a) {
intval(local_user())
);
if($r) {
$x = q("update item set item_flags = ( item_flags | %d ) where id = %d and uid = %d limit 1",
$x = q("update item set item_flags = ( item_flags | %d ) where id = %d and uid = %d",
intval(ITEM_RETAINED),
intval($r[0]['parent']),
intval(local_user())

2
mod/filerm.php
View File

@ -18,7 +18,7 @@ function filerm_content(&$a) {
logger('filerm: tag ' . $term . ' item ' . $item_id);
if($item_id && strlen($term)) {
$r = q("delete from term where uid = %d and type = %d and oid = %d and term = '%s' limit 1",
$r = q("delete from term where uid = %d and type = %d and oid = %d and term = '%s'",
intval(local_user()),
intval(($category) ? TERM_CATEGORY : TERM_FILE),
intval($item_id),

2
mod/fsuggest.php
View File

@ -52,7 +52,7 @@ function fsuggest_post(&$a) {
);
if(count($r)) {
$fsuggest_id = $r[0]['id'];
q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d",
dbesc($note),
intval($fsuggest_id),
intval(local_user())

6
mod/group.php
View File

@ -44,7 +44,7 @@ function group_post(&$a) {
$public = intval($_POST['public']);
if((strlen($groupname)) && (($groupname != $group['name']) || ($public != $group['visible']))) {
$r = q("UPDATE `groups` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d LIMIT 1",
$r = q("UPDATE `groups` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d",
dbesc($groupname),
intval($public),
intval(local_user()),
@ -117,7 +117,7 @@ function group_content(&$a) {
check_form_security_token_ForbiddenOnErr('group_member_change', 't');
$r = q("SELECT abook_xchan from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (xchan_flags & %d) and not (abook_flags & %d) and not (abook_flags & %d) limit 1",
$r = q("SELECT abook_xchan from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (xchan_flags & %d)>0 and not (abook_flags & %d)>0 and not (abook_flags & %d)>0 limit 1",
dbesc(base64url_decode(argv(2))),
intval(local_user()),
intval(XCHAN_FLAGS_DELETED),
@ -211,7 +211,7 @@ function group_content(&$a) {
group_rmv_member(local_user(),$group['name'],$member['xchan_hash']);
}
$r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND not (abook_flags & %d) and not (xchan_flags & %d) and not (abook_flags & %d) order by xchan_name asc",
$r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND not (abook_flags & %d)>0 and not (xchan_flags & %d)>0 and not (abook_flags & %d)>0 order by xchan_name asc",
intval(local_user()),
intval(ABOOK_FLAG_BLOCKED),
intval(XCHAN_FLAGS_DELETED),

6
mod/import.php
View File

@ -215,7 +215,7 @@ function import_post(&$a) {
// reset the original primary hubloc if it is being seized
if($seize)
$r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where (hubloc_flags & %d) and hubloc_hash = '%s' and hubloc_url != '%s' ",
$r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where (hubloc_flags & %d)>0 and hubloc_hash = '%s' and hubloc_url != '%s' ",
intval(HUBLOC_FLAGS_PRIMARY),
intval(HUBLOC_FLAGS_PRIMARY),
dbesc($channel['channel_hash']),
@ -228,7 +228,7 @@ function import_post(&$a) {
// replace our existing xchan if we're seizing control
$r = q("delete from xchan where xchan_hash = '%s' limit 1",
$r = q("delete from xchan where xchan_hash = '%s'",
dbesc($channel['channel_hash'])
);
@ -278,7 +278,7 @@ function import_post(&$a) {
$photodate = $xchan['xchan_photo_date'];
$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s'
where xchan_hash = '%s' limit 1",
where xchan_hash = '%s'",
dbesc($photos[0]),
dbesc($photos[1]),
dbesc($photos[2]),

6
mod/item.php
View File

@ -887,7 +887,7 @@ function item_post(&$a) {
// They will show up as people comment on them.
if($parent_item['item_restrict'] & ITEM_HIDDEN) {
$r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d LIMIT 1",
$r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d",
intval($parent_item['item_restrict'] - ITEM_HIDDEN),
intval($parent_item['id'])
);
@ -1301,7 +1301,7 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body,
$private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false);
$r = q("UPDATE item SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d
WHERE id = %d AND uid = %d limit 1",
WHERE id = %d AND uid = %d",
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
@ -1351,7 +1351,7 @@ function item_check_service_class($channel_id,$iswebpage) {
if ($iswebpage) {
$r = q("select count(i.id) as total from item i
right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id )
and i.parent=i.id and (i.item_restrict & %d) and not (i.item_restrict & %d) and i.uid= %d ",
and i.parent=i.id and (i.item_restrict & %d)>0 and not (i.item_restrict & %d)>0 and i.uid= %d ",
intval(ITEM_WEBPAGE),
intval(ITEM_DELETED),
intval($channel_id)

4
mod/like.php
View File

@ -276,7 +276,7 @@ function like_content(&$a) {
// Already liked/disliked it, delete it
$r = q("UPDATE item SET item_restrict = ( item_restrict ^ %d ), changed = '%s' WHERE id = %d LIMIT 1",
$r = q("UPDATE item SET item_restrict = ( item_restrict & ~%d ), changed = '%s' WHERE id = %d",
intval(ITEM_DELETED),
dbesc(datetime_convert()),
intval($like_item['id'])
@ -332,7 +332,7 @@ function like_content(&$a) {
// if this was a linked photo and was hidden, unhide it.
if($item['item_restrict'] & ITEM_HIDDEN) {
$r = q("update item set item_restrict = (item_restrict ^ %d) where id = %d limit 1",
$r = q("update item set item_restrict = (item_restrict ^ %d) where id = %d",
intval(ITEM_HIDDEN),
intval($item['id'])
);

6
mod/locs.php
View File

@ -19,12 +19,12 @@ function locs_post(&$a) {
notice( t('Location not found.') . EOL);
return;
}
$r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where (hubloc_flags & %d) and hubloc_hash = '%s' ",
$r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where (hubloc_flags & %d)>0 and hubloc_hash = '%s' ",
intval(HUBLOC_FLAGS_PRIMARY),
intval(HUBLOC_FLAGS_PRIMARY),
dbesc($channel['channel_hash'])
);
$r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s' limit 1",
$r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s'",
intval(HUBLOC_FLAGS_PRIMARY),
intval($hubloc_id),
dbesc($channel['channel_hash'])
@ -50,7 +50,7 @@ function locs_post(&$a) {
notice( t('Primary location cannot be removed.') . EOL);
return;
}
$r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s' limit 1",
$r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s'",
intval(HUBLOC_FLAGS_DELETED),
intval($hubloc_id),
dbesc($channel['channel_hash'])

4
mod/lostpass.php
View File

@ -21,7 +21,7 @@ function lostpass_post(&$a) {
$hash = random_string();
$r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d LIMIT 1",
$r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d",
dbesc($hash),
intval($aid)
);
@ -73,7 +73,7 @@ function lostpass_content(&$a) {
$salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $new_password);
$r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '' where account_id = %d limit 1",
$r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '' where account_id = %d",
dbesc($salt),
dbesc($password_encoded),
intval($aid)

2
mod/mail.php
View File

@ -141,7 +141,7 @@ function mail_content(&$a) {
if(! intval(argv(2)))
return;
$cmd = argv(1);
$r = q("update mail set mail_flags = mail_flags | %d where id = %d and channel_id = %d limit 1",
$r = q("update mail set mail_flags = mail_flags | %d where id = %d and channel_id = %d",
intval(MAIL_RECALLED),
intval(argv(2)),
intval(local_user())

12
mod/manage.php
View File

@ -17,7 +17,7 @@ function manage_content(&$a) {
intval(get_account_id())
);
if($r) {
q("update account set account_default_channel = %d where account_id = %d limit 1",
q("update account set account_default_channel = %d where account_id = %d",
intval($change_channel),
intval(get_account_id())
);
@ -36,7 +36,7 @@ function manage_content(&$a) {
$channels = null;
if(local_user()) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ",
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d )>0 order by channel_name ",
intval(get_account_id()),
intval(PAGE_REMOVED)
);
@ -55,7 +55,7 @@ function manage_content(&$a) {
$c = q("SELECT id, item_restrict, item_flags FROM item
WHERE (item_restrict = %d) and ( item_flags & %d ) and uid = %d",
WHERE (item_restrict = %d) and ( item_flags & %d )>0 and uid = %d",
intval(ITEM_VISIBLE),
intval(ITEM_UNSEEN),
intval($channels[$x]['channel_id'])
@ -71,7 +71,7 @@ function manage_content(&$a) {
}
$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))",
$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)",
intval($channels[$x]['channel_id']),
intval(ABOOK_FLAG_PENDING),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED),
@ -82,7 +82,7 @@ function manage_content(&$a) {
$channels[$x]['intros'] = intval($intr[0]['total']);
$mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND not (mail_flags & %d) and from_xchan != '%s' ",
$mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND not (mail_flags & %d)>0 and from_xchan != '%s' ",
intval($channels[$x]['channel_id']),
intval(MAIL_SEEN),
dbesc($channels[$x]['channel_hash'])
@ -127,7 +127,7 @@ function manage_content(&$a) {
}
}
$r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )",
$r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0",
intval(get_account_id()),
intval(PAGE_REMOVED)
);

22
mod/network.php
View File

@ -150,12 +150,12 @@ function network_content(&$a, $update = 0, $load = false) {
$sql_options = (($star)
? " and (item_flags & " . intval(ITEM_STARRED) . ")"
? " and (item_flags & " . intval(ITEM_STARRED) . ")>0"
: '');
$sql_nets = '';
$sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) ";
$sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ")>0 $sql_options ) ";
if($group) {
$contact_str = '';
@ -184,7 +184,7 @@ function network_content(&$a, $update = 0, $load = false) {
elseif($cid) {
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ") limit 1",
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ")>0 limit 1",
intval($cid),
intval(local_user())
);
@ -264,7 +264,7 @@ function network_content(&$a, $update = 0, $load = false) {
}
if($conv) {
$sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or ( item_flags & %d ))) ",
$sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or ( item_flags & %d )>0)) ",
dbesc(protect_sprintf($channel['channel_hash'])),
intval(ITEM_MENTIONSME)
);
@ -279,7 +279,7 @@ function network_content(&$a, $update = 0, $load = false) {
else {
$itemspage = get_pconfig(local_user(),'system','itemspage');
$a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage']));
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start']));
}
@ -314,7 +314,7 @@ function network_content(&$a, $update = 0, $load = false) {
$uids = " and item.uid = " . local_user() . " ";
}
$simple_update = (($update) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : '');
$simple_update = (($update) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " )>0 " : '');
// This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day
// or three and look at your matrix page - after opening up your browser. The first page loads just as it
@ -336,7 +336,7 @@ function network_content(&$a, $update = 0, $load = false) {
if($nouveau && $load) {
// "New Item View" - show all items unthreaded in reverse created date order
$items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item`
$items = q("SELECT `item`.*, `item`.`id` AS `item_id`, received FROM `item`
WHERE true $uids AND item_restrict = 0
$simple_update
$sql_extra $sql_nets
@ -364,13 +364,13 @@ function network_content(&$a, $update = 0, $load = false) {
// Fetch a page full of parent items for this page
$r = q("SELECT distinct item.id AS item_id FROM item
$r = q("SELECT distinct item.id AS item_id, $ordering FROM item
left join abook on item.author_xchan = abook.abook_xchan
WHERE true $uids AND item.item_restrict = 0
AND item.parent = item.id
and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)
$sql_extra3 $sql_extra $sql_nets
ORDER BY item.$ordering DESC $pager_sql ",
ORDER BY $ordering DESC $pager_sql ",
intval(ABOOK_FLAG_BLOCKED)
);
@ -417,8 +417,8 @@ function network_content(&$a, $update = 0, $load = false) {
}
if(($update_unseen) && (! $firehose))
$r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d)
WHERE (item_flags & %d) AND `uid` = %d $update_unseen ",
$r = q("UPDATE `item` SET item_flags = ( item_flags & ~%d)
WHERE (item_flags & %d)>0 AND `uid` = %d $update_unseen ",
intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN),
intval(local_user())

6
mod/notifications.php
View File

@ -33,7 +33,7 @@ function notifications_post(&$a) {
$fid = $r[0]['fid'];
if($_POST['submit'] == t('Discard')) {
$r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1",
$r = q("DELETE FROM `intro` WHERE `id` = %d",
intval($intro_id)
);
if(! $fid) {
@ -41,7 +41,7 @@ function notifications_post(&$a) {
// The check for blocked and pending is in case the friendship was already approved
// and we just want to get rid of the now pointless notification
$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1 LIMIT 1",
$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1",
intval($contact_id),
intval(local_user())
);
@ -49,7 +49,7 @@ function notifications_post(&$a) {
goaway($a->get_baseurl(true) . '/notifications/intros');
}
if($_POST['submit'] == t('Ignore')) {
$r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1",
$r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d",
intval($intro_id));
goaway($a->get_baseurl(true) . '/notifications/intros');
}

2
mod/openid.php
View File

@ -159,7 +159,7 @@ function openid_content(&$a) {
$photos = import_profile_photo($pphoto,$url);
if($photos) {
$z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s',
xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1",
xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
dbesc(datetime_convert()),
dbesc($photos[0]),
dbesc($photos[1]),

2
mod/p.php
View File

@ -11,7 +11,7 @@ function p_init(&$a) {
$mid = str_replace('.xml','',argv(1));
$r = q("select * from item where mid = '%s' and (item_flags & %d) and item_private = 0 limit 1",
$r = q("select * from item where mid = '%s' and (item_flags & %d)>0 and item_private = 0 limit 1",
dbesc($mid),
intval(ITEM_WALL)
);

4
mod/photo.php
View File

@ -66,7 +66,7 @@ function photo_init(&$a) {
intval($uid)
);
if(count($r)) {
$data = $r[0]['data'];
$data = dbunescbin($r[0]['data']);
$mimetype = $r[0]['type'];
}
if(! isset($data)) {
@ -140,7 +140,7 @@ function photo_init(&$a) {
);
if($r && $allowed) {
$data = $r[0]['data'];
$data = dbunescbin($r[0]['data']);
$mimetype = $r[0]['type'];
}
else {

42
mod/photos.php
View File

@ -227,7 +227,7 @@ function photos_post(&$a) {
intval($page_owner_uid)
);
if(count($r)) {
$ph = photo_factory($r[0]['data'], $r[0]['type']);
$ph = photo_factory(dbunescbin($r[0]['data']), $r[0]['type']);
if($ph->is_valid()) {
$rotate_deg = ( (intval($_POST['rotate']) == 1) ? 270 : 90 );
$ph->rotate($rotate_deg);
@ -235,8 +235,8 @@ function photos_post(&$a) {
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0 limit 1",
dbesc($ph->imageString()),
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0",
dbescbin($ph->imageString()),
intval($height),
intval($width),
dbesc($resource_id),
@ -248,8 +248,8 @@ function photos_post(&$a) {
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1 limit 1",
dbesc($ph->imageString()),
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1",
dbescbin($ph->imageString()),
intval($height),
intval($width),
dbesc($resource_id),
@ -262,8 +262,8 @@ function photos_post(&$a) {
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2 limit 1",
dbesc($ph->imageString()),
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2",
dbescbin($ph->imageString()),
intval($height),
intval($width),
dbesc($resource_id),
@ -330,7 +330,7 @@ function photos_post(&$a) {
// make sure the linked item has the same permissions as the photo regardless of any other changes
$x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d
where id = %d limit 1",
where id = %d",
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
@ -636,14 +636,17 @@ function photos_content(&$a) {
else
$order = 'DESC';
$r = q("SELECT `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `description` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
AND `scale` <= 4 and ((photo_flags = %d) or (photo_flags & %d )) $sql_extra GROUP BY `resource_id` ORDER BY `created` $order LIMIT %d , %d",
$r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.scale, p.description, p.created FROM photo p INNER JOIN
(SELECT resource_id, max(scale) scale FROM photo WHERE uid = %d AND album = '%s' AND scale <= 4 AND (photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY resource_id) ph
ON (p.resource_id = ph.resource_id AND p.scale = ph.scale)
ORDER BY created $order LIMIT %d OFFSET %d",
intval($owner_uid),
dbesc($album),
intvaL(PHOTO_NORMAL),
intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE),
intval($a->pager['start']),
intval($a->pager['itemspage'])
intval($a->pager['itemspage']),
intval($a->pager['start'])
);
//edit album name
@ -906,7 +909,7 @@ function photos_content(&$a) {
}
if((local_user()) && (local_user() == $link_item['uid'])) {
q("UPDATE `item` SET item_flags = (item_flags ^ %d) WHERE parent = %d and uid = %d and (item_flags & %d)",
q("UPDATE `item` SET item_flags = (item_flags & ~%d) WHERE parent = %d and uid = %d and (item_flags & %d)>0",
intval(ITEM_UNSEEN),
intval($link_item['parent']),
intval(local_user()),
@ -1169,17 +1172,18 @@ function photos_content(&$a) {
$a->set_pager_itemspage(60);
}
$r = q("SELECT `resource_id`, `id`, `filename`, type, `album`, max(`scale`) AS `scale` FROM `photo`
WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
and ( (photo_flags = %d) or (photo_flags & %d ))
$sql_extra GROUP BY `resource_id` ORDER BY `created` DESC LIMIT %d , %d",
$r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.album, p.scale, p.created FROM photo p INNER JOIN
(SELECT resource_id, max(scale) scale FROM photo
WHERE uid=%d AND album != '%s' AND album != '%s'
AND (photo_flags = %d or photo_flags = %d ) group by resource_id) ph
ON (p.resource_id = ph.resource_id and p.scale = ph.scale) ORDER by p.created DESC LIMIT %d OFFSET %d",
intval($a->data['channel']['channel_id']),
dbesc('Contact Photos'),
dbesc( t('Contact Photos')),
intval(PHOTO_NORMAL),
intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE),
intval($a->pager['start']),
intval($a->pager['itemspage'])
intval($a->pager['itemspage']),
intval($a->pager['start'])
);

34
mod/ping.php
View File

@ -107,7 +107,7 @@ function ping_init(&$a) {
$basic_presence = false;
if($r) {
$basic_presence = true;
q("update chatpresence set cp_last = '%s' where cp_id = %d limit 1",
q("update chatpresence set cp_last = '%s' where cp_id = %d",
dbesc(datetime_convert()),
intval($r[0]['cp_id'])
);
@ -128,7 +128,9 @@ function ping_init(&$a) {
* and shouldn't count as online anymore. We allow an expection for bots.
*/
q("delete from chatpresence where cp_last < UTC_TIMESTAMP() - INTERVAL 3 MINUTE and cp_client != 'auto' ");
q("delete from chatpresence where cp_last < %s - INTERVAL %s and cp_client != 'auto' ",
db_utcnow(), db_quoteinterval('3 MINUTE')
);
if((! local_user()) || ($result['invalid'])) {
echo json_encode($result);
@ -148,14 +150,14 @@ function ping_init(&$a) {
if(x($_REQUEST, 'markRead') && local_user()) {
switch($_REQUEST['markRead']) {
case 'network':
$r = q("update item set item_flags = ( item_flags ^ %d ) where (item_flags & %d) and uid = %d",
$r = q("update item set item_flags = ( item_flags & ~%d ) where (item_flags & %d)>0 and uid = %d",
intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN),
intval(local_user())
);
break;
case 'home':
$r = q("update item set item_flags = ( item_flags ^ %d ) where (item_flags & %d) and (item_flags & %d) and uid = %d",
$r = q("update item set item_flags = ( item_flags & ~%d ) where (item_flags & %d)>0 and (item_flags & %d) and uid = %d",
intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN),
intval(ITEM_WALL),
@ -163,7 +165,7 @@ function ping_init(&$a) {
);
break;
case 'messages':
$r = q("update mail set mail_flags = ( mail_flags ^ %d ) where channel_id = %d and not (mail_flags & %d)",
$r = q("update mail set mail_flags = ( mail_flags | %d ) where channel_id = %d and not (mail_flags & %d)>0",
intval(MAIL_SEEN),
intval(local_user()),
intval(MAIL_SEEN)
@ -197,17 +199,17 @@ function ping_init(&$a) {
);
if($t && intval($t[0]['total']) > 49) {
$z = q("select * from notify where uid = %d
and seen = 0 order by date desc limit 0, 50",
and seen = 0 order by date desc limit 50",
intval(local_user())
);
}
else {
$z1 = q("select * from notify where uid = %d
and seen = 0 order by date desc limit 0, 50",
and seen = 0 order by date desc limit 50",
intval(local_user())
);
$z2 = q("select * from notify where uid = %d
and seen = 1 order by date desc limit 0, %d",
and seen = 1 order by date desc limit %d",
intval(local_user()),
intval(50 - intval($t[0]['total']))
);
@ -235,8 +237,8 @@ function ping_init(&$a) {
if(argc() > 1 && argv(1) === 'messages') {
$channel = $a->get_channel();
$t = q("select mail.*, xchan.* from mail left join xchan on xchan_hash = from_xchan
where channel_id = %d and not ( mail_flags & %d ) and not (mail_flags & %d )
and from_xchan != '%s' order by created desc limit 0,50",
where channel_id = %d and not ( mail_flags & %d )>0 and not (mail_flags & %d )>0
and from_xchan != '%s' order by created desc limit 50",
intval(local_user()),
intval(MAIL_SEEN),
intval(MAIL_DELETED),
@ -265,7 +267,7 @@ function ping_init(&$a) {
$result = array();
$r = q("SELECT * FROM item
WHERE item_restrict = %d and ( item_flags & %d ) and uid = %d",
WHERE item_restrict = %d and ( item_flags & %d )>0 and uid = %d",
intval(ITEM_VISIBLE),
intval(ITEM_UNSEEN),
intval(local_user())
@ -287,7 +289,7 @@ function ping_init(&$a) {
if(argc() > 1 && (argv(1) === 'intros')) {
$result = array();
$r = q("SELECT * FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))",
$r = q("SELECT * FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)",
intval(local_user()),
intval(ABOOK_FLAG_PENDING),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED),
@ -371,7 +373,7 @@ function ping_init(&$a) {
if($vnotify & (VNOTIFY_NETWORK|VNOTIFY_CHANNEL)) {
$r = q("SELECT id, item_restrict, item_flags FROM item
WHERE (item_restrict = %d) and ( item_flags & %d ) and uid = %d",
WHERE (item_restrict = %d) and ( item_flags & %d )>0 and uid = %d",
intval(ITEM_VISIBLE),
intval(ITEM_UNSEEN),
intval(local_user())
@ -398,7 +400,7 @@ function ping_init(&$a) {
$t2 = dba_timer();
if($vnotify & VNOTIFY_INTRO) {
$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))",
$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)",
intval(local_user()),
intval(ABOOK_FLAG_PENDING),
intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED),
@ -416,7 +418,7 @@ function ping_init(&$a) {
if($vnotify & VNOTIFY_MAIL) {
$mails = q("SELECT count(id) as total from mail
WHERE channel_id = %d AND not (mail_flags & %d) and from_xchan != '%s' ",
WHERE channel_id = %d AND not (mail_flags & %d)>0 and from_xchan != '%s' ",
intval(local_user()),
intval(MAIL_SEEN),
dbesc($channel['channel_hash'])
@ -427,7 +429,7 @@ function ping_init(&$a) {
if($vnotify & VNOTIFY_REGISTER) {
if ($a->config['system']['register_policy'] == REGISTER_APPROVE && is_site_admin()) {
$regs = q("SELECT count(account_id) as total from account where (account_flags & %d)",
$regs = q("SELECT count(account_id) as total from account where (account_flags & %d)>0",
intval(ACCOUNT_PENDING)
);
if($regs)

20
mod/poco.php
View File

@ -15,7 +15,7 @@ function poco_init(&$a) {
$user = notags(trim(argv(1)));
}
if(! x($user)) {
$c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = 1");
$c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = '1'");
if(! $c) {
logger('mod_poco: system mode. No candidates.', LOGGER_DEBUG);
http_status_exit(404);
@ -60,7 +60,7 @@ function poco_init(&$a) {
}
if($justme)
$sql_extra = " and ( abook_flags & " . ABOOK_FLAG_SELF . " ) ";
$sql_extra = " and ( abook_flags & " . ABOOK_FLAG_SELF . " )>0 ";
else
$sql_extra = " and abook_flags = 0 ";
@ -69,14 +69,14 @@ function poco_init(&$a) {
if($system_mode) {
$r = q("SELECT count(*) as `total` from abook where ( abook_flags & " . ABOOK_FLAG_SELF .
" ) and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) ");
" )>0 and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) ");
}
else {
$r = q("SELECT count(*) as `total` from abook where abook_channel = %d
$sql_extra ",
intval($channel_id)
);
$c = q("select * from menu_item where ( mitem_flags & " . intval(MENU_ITEM_CHATROOM) . " ) and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and mitem_channel_id = %d",
$c = q("select * from menu_item where ( mitem_flags & " . intval(MENU_ITEM_CHATROOM) . " )>0 and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and mitem_channel_id = %d",
intval($channel_id)
);
}
@ -93,17 +93,17 @@ function poco_init(&$a) {
if($system_mode) {
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where ( abook_flags & " . ABOOK_FLAG_SELF .
" ) and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) limit %d, %d ",
intval($startIndex),
intval($itemsPerPage)
" )>0 and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) limit %d offset %d ",
intval($itemsPerPage),
intval($startIndex)
);
}
else {
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d
$sql_extra LIMIT %d, %d",
$sql_extra LIMIT %d OFFSET %d",
intval($channel_id),
intval($startIndex),
intval($itemsPerPage)
intval($itemsPerPage),
intval($startIndex)
);
}

18
mod/post.php
View File

@ -98,7 +98,7 @@ function post_init(&$a) {
// Any channel will do, providing it's currently active. We just need to have an
// identity to attach to the packet we send back. So find one.
$c = q("select * from channel where not ( channel_pageflags & %d ) limit 1",
$c = q("select * from channel where not ( channel_pageflags & %d )>0 limit 1",
intval(PAGE_REMOVED)
);
@ -612,7 +612,7 @@ function post_post(&$a) {
else
$ret['pickup'][] = array('notify' => json_decode($rr['outq_notify'],true),'message' => $x);
$x = q("delete from outq where outq_hash = '%s' limit 1",
$x = q("delete from outq where outq_hash = '%s'",
dbesc($rr['outq_hash'])
);
}
@ -659,7 +659,7 @@ function post_post(&$a) {
// Update our DB to show when we last communicated successfully with this hub
// This will allow us to prune dead hubs from using up resources
$r = q("update hubloc set hubloc_connected = '%s' where hubloc_id = %d limit 1",
$r = q("update hubloc set hubloc_connected = '%s' where hubloc_id = %d",
dbesc(datetime_convert()),
intval($hub['hubloc_id'])
);
@ -667,17 +667,17 @@ function post_post(&$a) {
// a dead hub came back to life - reset any tombstones we might have
if($hub['hubloc_status'] & HUBLOC_OFFLINE) {
q("update hubloc set hubloc_status = (hubloc_status ^ %d) where hubloc_id = %d limit 1",
q("update hubloc set hubloc_status = (hubloc_status & ~%d) where hubloc_id = %d",
intval(HUBLOC_OFFLINE),
intval($hub['hubloc_id'])
);
if($r[0]['hubloc_flags'] & HUBLOC_FLAGS_ORPHANCHECK) {
q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where hubloc_id = %d limit 1",
q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where hubloc_id = %d",
intval(HUBLOC_FLAGS_ORPHANCHECK),
intval($hub['hubloc_id'])
);
}
q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1",
q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'",
intval(XCHAN_FLAGS_ORPHAN),
intval(XCHAN_FLAGS_ORPHAN),
dbesc($hub['hubloc_hash'])
@ -732,7 +732,9 @@ function post_post(&$a) {
$sender_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']);
// garbage collect any old unused notifications
q("delete from verify where type = 'auth' and created < UTC_TIMESTAMP() - INTERVAL 10 MINUTE");
q("delete from verify where type = 'auth' and created < %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('10 MINUTE')
);
$y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1",
dbesc($sender_hash)
@ -781,7 +783,7 @@ function post_post(&$a) {
$ret['message'] .= 'verification key not found' . EOL;
json_return_and_die($ret);
}
$r = q("delete from verify where id = %d limit 1",
$r = q("delete from verify where id = %d",
intval($z[0]['id'])
);

10
mod/profile_photo.php
View File

@ -173,7 +173,7 @@ function profile_photo_post(&$a) {
dbesc($base_image['resource_id']),
intval(local_user())
);
$r = q("UPDATE photo SET photo_flags = ( photo_flags ^ %d ) WHERE ( photo_flags & %d )
$r = q("UPDATE photo SET photo_flags = ( photo_flags & ~%d ) WHERE ( photo_flags & %d )>0
AND resource_id != '%s' AND `uid` = %d",
intval(PHOTO_PROFILE),
intval(PHOTO_PROFILE),
@ -182,7 +182,7 @@ function profile_photo_post(&$a) {
);
}
else {
$r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d limit 1",
$r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d",
dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-4'),
dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-5'),
intval($_REQUEST['profile']),
@ -196,7 +196,7 @@ function profile_photo_post(&$a) {
$channel = $a->get_channel();
$r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s'
where xchan_hash = '%s' limit 1",
where xchan_hash = '%s'",
dbesc($im->getType()),
dbesc(datetime_convert()),
dbesc($channel['xchan_hash'])
@ -302,7 +302,7 @@ function profile_photo_content(&$a) {
// unset any existing profile photos
$r = q("UPDATE photo SET profile = 0 WHERE profile = 1 AND uid = %d",
intval(local_user()));
$r = q("UPDATE photo SET photo_flags = (photo_flags ^ %d ) WHERE (photo_flags & %d ) AND uid = %d",
$r = q("UPDATE photo SET photo_flags = (photo_flags & ~%d ) WHERE (photo_flags & %d )>0 AND uid = %d",
intval(PHOTO_PROFILE),
intval(PHOTO_PROFILE),
intval(local_user()));
@ -320,7 +320,7 @@ function profile_photo_content(&$a) {
);
$r = q("UPDATE xchan set xchan_photo_date = '%s'
where xchan_hash = '%s' limit 1",
where xchan_hash = '%s'",
dbesc(datetime_convert()),
dbesc($channel['xchan_hash'])
);

8
mod/profiles.php
View File

@ -30,7 +30,7 @@ function profiles_init(&$a) {
dbesc($profile_guid),
intval(local_user())
);
$r = q("DELETE FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("DELETE FROM `profile` WHERE `id` = %d AND `uid` = %d",
intval(argv(2)),
intval(local_user())
);
@ -354,7 +354,7 @@ function profiles_post(&$a) {
dbesc($zz['field_name'])
);
if($w) {
q("update profext set v = '%s' where id = %d limit 1",
q("update profext set v = '%s' where id = %d",
dbesc(escape_tags(trim($_POST[$zz['field_name']]))),
intval($w[0]['id'])
);
@ -469,7 +469,7 @@ function profiles_post(&$a) {
`work` = '%s',
`education` = '%s',
`hide_friends` = %d
WHERE `id` = %d AND `uid` = %d LIMIT 1",
WHERE `id` = %d AND `uid` = %d",
dbesc($profile_name),
dbesc($name),
dbesc($pdesc),
@ -522,7 +522,7 @@ function profiles_post(&$a) {
$channel = $a->get_channel();
if($namechanged && $is_default) {
$r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s' limit 1",
$r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s'",
dbesc($name),
dbesc(datetime_convert()),
dbesc($channel['xchan_hash'])

4
mod/profperm.php
View File

@ -75,13 +75,13 @@ function profperm_content(&$a) {
if($change) {
if(in_array($change,$ingroup)) {
q("UPDATE abook SET abook_profile = '' WHERE abook_id = %d AND abook_channel = %d LIMIT 1",
q("UPDATE abook SET abook_profile = '' WHERE abook_id = %d AND abook_channel = %d",
intval($change),
intval(local_user())
);
}
else {
q("UPDATE abook SET abook_profile = '%s' WHERE abook_id = %d AND abook_channel = %d LIMIT 1",
q("UPDATE abook SET abook_profile = '%s' WHERE abook_id = %d AND abook_channel = %d",
dbesc($profile['profile_guid']),
intval($change),
intval(local_user())

2
mod/receive.php
View File

@ -31,7 +31,7 @@ function receive_post(&$a) {
// Diaspora sites *may* provide a truncated guid.
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_guid like '%s' AND NOT (channel_pageflags & %d ) LIMIT 1",
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_guid like '%s' AND NOT (channel_pageflags & %d )>0 LIMIT 1",
dbesc($guid . '%'),
intval(PAGE_REMOVED)
);

10
mod/register.php
View File

@ -37,7 +37,9 @@ function register_post(&$a) {
$max_dailies = intval(get_config('system','max_daily_registrations'));
if($max_dailies) {
$r = q("select count(account_id) as total from account where account_created > UTC_TIMESTAMP() - INTERVAL 1 day");
$r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('1 day')
);
if($r && $r[0]['total'] >= $max_dailies) {
notice( t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL);
return;
@ -100,7 +102,7 @@ function register_post(&$a) {
$invite_code = ((x($_POST,'invite_code')) ? notags(trim($_POST['invite_code'])) : '');
if($using_invites && $invite_code) {
q("delete * from register where hash = '%s' limit 1", dbesc($invite_code));
q("delete * from register where hash = '%s'", dbesc($invite_code));
set_pconfig($result['account']['account_id'],'system','invites_remaining',$num_invites);
}
@ -164,7 +166,9 @@ function register_content(&$a) {
$max_dailies = intval(get_config('system','max_daily_registrations'));
if($max_dailies) {
$r = q("select count(account_id) as total from account where account_created > UTC_TIMESTAMP() - INTERVAL 1 day");
$r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s",
db_utcnow(), db_quoteinterval('1 day')
);
if($r && $r[0]['total'] >= $max_dailies) {
logger('max daily registrations exceeded.');
notice( t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL);

34
mod/search.php
View File

@ -68,7 +68,8 @@ function search_content(&$a,$update = 0, $load = false) {
);
}
else {
$sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search))));
$regstr = db_getfunc('REGEXP');
$sql_extra = sprintf(" AND `item`.`body` $regstr '%s' ", dbesc(protect_sprintf(preg_quote($search))));
}
// Here is the way permissions work in the search module...
@ -123,7 +124,7 @@ function search_content(&$a,$update = 0, $load = false) {
if(($update) && ($load)) {
$itemspage = get_pconfig(local_user(),'system','itemspage');
$a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage']));
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start']));
// in case somebody turned off public access to sys channel content with permissions
@ -133,28 +134,35 @@ function search_content(&$a,$update = 0, $load = false) {
if($load) {
$r = null;
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$prefix = 'distinct on (created, mid)';
$suffix = 'ORDER BY created DESC, mid';
} else {
$prefix = 'distinct';
$suffix = 'group by mid ORDER BY created DESC';
}
if(local_user()) {
$r = q("SELECT distinct mid, item.id as item_id, item.* from item
$r = q("SELECT $prefix mid, item.id as item_id, item.* from item
WHERE item_restrict = 0
AND ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 )
OR ( `item`.`uid` = %d )) OR item.owner_xchan = '%s' )
$sql_extra
group by mid ORDER BY created DESC $pager_sql ",
$suffix $pager_sql ",
intval(local_user()),
dbesc($sys['xchan_hash'])
);
}
if($r === null) {
$r = q("SELECT distinct mid, item.id as item_id, item.* from item
WHERE item_restrict = 0
AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = ''
AND `item`.`deny_gid` = '' AND item_private = 0 )
and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
$pub_sql ) OR owner_xchan = '%s')
$sql_extra
group by mid ORDER BY created DESC $pager_sql",
$r = q("SELECT $prefix mid, item.id as item_id, item.* from item
WHERE item_restrict = 0
AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = ''
AND `item`.`deny_gid` = '' AND item_private = 0 )
and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
$pub_sql ) OR owner_xchan = '%s')
$sql_extra
$suffix $pager_sql",
dbesc($sys['xchan_hash'])
);
);
}
}
else {

22
mod/settings.php
View File

@ -168,7 +168,7 @@ function settings_post(&$a) {
}
}
$r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d LIMIT 1",
$r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d",
dbesc($theme),
intval(local_user())
);
@ -205,7 +205,7 @@ function settings_post(&$a) {
$salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $newpass);
$r = q("update account set account_salt = '%s', account_password = '%s', account_password_changed = '%s'
where account_id = %d limit 1",
where account_id = %d",
dbesc($salt),
dbesc($password_encoded),
dbesc(datetime_convert()),
@ -235,7 +235,7 @@ function settings_post(&$a) {
$email = $a->user['email'];
}
if(! $errs) {
$r = q("update account set account_email = '%s' where account_id = %d limit 1",
$r = q("update account set account_email = '%s' where account_id = %d",
dbesc($email),
intval($account['account_id'])
);
@ -267,7 +267,7 @@ function settings_post(&$a) {
$hide_presence = (((x($_POST,'hide_presence')) && (intval($_POST['hide_presence']) == 1)) ? 1: 0);
$publish = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0);
$def_group = ((x($_POST,'group-selection')) ? notags(trim($_POST['group-selection'])) : '');
$r = q("update channel set channel_default_group = '%s' where channel_id = %d limit 1",
$r = q("update channel set channel_default_group = '%s' where channel_id = %d",
dbesc($def_group),
intval(local_user())
);
@ -283,7 +283,7 @@ function settings_post(&$a) {
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
$r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s'
where channel_id = %d limit 1",
where channel_id = %d",
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
@ -313,7 +313,7 @@ function settings_post(&$a) {
);
}
if($r) {
q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d limit 1",
q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d",
dbesc($r[0]['hash']),
dbesc('<' . $r[0]['hash'] . '>'),
intval(local_user())
@ -327,12 +327,12 @@ function settings_post(&$a) {
// no default collection
else {
q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '',
channel_deny_cid = '' where channel_id = %d limit 1",
channel_deny_cid = '' where channel_id = %d",
intval(local_user())
);
}
$r = q("update abook set abook_my_perms = %d where abook_channel = %d and (abook_flags & %d) limit 1",
$r = q("update abook set abook_my_perms = %d where abook_channel = %d and (abook_flags & %d)>0",
intval(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0),
intval(local_user()),
intval(ABOOK_FLAG_SELF)
@ -464,7 +464,7 @@ function settings_post(&$a) {
set_pconfig(local_user(),'system','vnotify',$vnotify);
set_pconfig(local_user(),'system','evdays',$evdays);
$r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d $set_perms where channel_id = %d limit 1",
$r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d $set_perms where channel_id = %d",
dbesc($username),
intval($pageflags),
dbesc($timezone),
@ -479,14 +479,14 @@ function settings_post(&$a) {
info( t('Settings updated.') . EOL);
if(! is_null($publish)) {
$r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d LIMIT 1",
$r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d",
intval($publish),
intval(local_user())
);
}
if($name_change) {
$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s' limit 1",
$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'",
dbesc($username),
dbesc(datetime_convert()),
dbesc($channel['channel_hash'])

32
mod/setup.php
View File

@ -50,16 +50,18 @@ function setup_post(&$a) {
$dbuser = trim($_POST['dbuser']);
$dbpass = trim($_POST['dbpass']);
$dbdata = trim($_POST['dbdata']);
$dbtype = intval(trim($_POST['dbtype']));
$phpath = trim($_POST['phpath']);
$adminmail = trim($_POST['adminmail']);
$siteurl = trim($_POST['siteurl']);
require_once('include/dba/dba_driver.php');
unset($db);
$db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, true);
$db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true);
if(! $db->connected) {
echo "Database Connect failed: " . $db->error;
killme();
$a->data['db_conn_failed']=true;
}
/*if(get_db_errno()) {
unset($db);
@ -80,9 +82,9 @@ function setup_post(&$a) {
return;
}
}*/
if(get_db_errno()) {
$a->data['db_conn_failed']=true;
}
//if(get_db_errno()) {
//}
return;
break;
@ -93,6 +95,7 @@ function setup_post(&$a) {
$dbuser = notags(trim($_POST['dbuser']));
$dbpass = notags(trim($_POST['dbpass']));
$dbdata = notags(trim($_POST['dbdata']));
$dbtype = intval(notags(trim($_POST['dbtype'])));
$phpath = notags(trim($_POST['phpath']));
$timezone = notags(trim($_POST['timezone']));
$adminmail = notags(trim($_POST['adminmail']));
@ -109,7 +112,7 @@ function setup_post(&$a) {
}
// connect to db
$db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, true);
$db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true);
if(! $db->connected) {
echo 'CRITICAL: DB not connected.';
@ -123,6 +126,7 @@ function setup_post(&$a) {
'$dbuser' => $dbuser,
'$dbpass' => $dbpass,
'$dbdata' => $dbdata,
'$dbtype' => $dbtype,
'$timezone' => $timezone,
'$siteurl' => $siteurl,
'$site_id' => random_string(),
@ -187,7 +191,7 @@ function setup_content(&$a) {
}
if(x($a->data,'db_failed')) {
$txt = t('You may need to import the file "install/database.sql" manually using phpmyadmin or mysql.') . EOL;
$txt = t('You may need to import the file "install/schema_xxx.sql" manually using a database client.') . EOL;
$txt .= t('Please see the file "install/INSTALL.txt".') . EOL ."<hr>" ;
$txt .= "<pre>".$a->data['db_failed'] . "</pre>". EOL ;
$db_return_text .= $txt;
@ -273,6 +277,7 @@ function setup_content(&$a) {
$dbport = intval(notags(trim($_POST['dbport'])));
$dbpass = notags(trim($_POST['dbpass']));
$dbdata = notags(trim($_POST['dbdata']));
$dbtype = intval(notags(trim($_POST['dbtype'])));
$phpath = notags(trim($_POST['phpath']));
$adminmail = notags(trim($_POST['adminmail']));
$siteurl = notags(trim($_POST['siteurl']));
@ -293,6 +298,7 @@ function setup_content(&$a) {
'$dbuser' => array('dbuser', t('Database Login Name'), $dbuser, ''),
'$dbpass' => array('dbpass', t('Database Login Password'), $dbpass, ''),
'$dbdata' => array('dbdata', t('Database Name'), $dbdata, ''),
'$dbtype' => array('dbtype', t('Database Type'), $dbtype, '', array( 0=>'MySQL', 1=>'PostgreSQL' )),
'$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')),
'$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')),
@ -316,6 +322,7 @@ function setup_content(&$a) {
$dbuser = notags(trim($_POST['dbuser']));
$dbpass = notags(trim($_POST['dbpass']));
$dbdata = notags(trim($_POST['dbdata']));
$dbtype = intval(notags(trim($_POST['dbtype'])));
$phpath = notags(trim($_POST['phpath']));
$adminmail = notags(trim($_POST['adminmail']));
@ -335,6 +342,7 @@ function setup_content(&$a) {
'$dbpass' => $dbpass,
'$dbdata' => $dbdata,
'$phpath' => $phpath,
'$dbtype' => $dbtype,
'$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')),
@ -440,7 +448,7 @@ function check_funcs(&$checks) {
check_add($ck_funcs, t('libCurl PHP module'), true, true, "");
check_add($ck_funcs, t('GD graphics PHP module'), true, true, "");
check_add($ck_funcs, t('OpenSSL PHP module'), true, true, "");
check_add($ck_funcs, t('mysqli PHP module'), true, true, "");
check_add($ck_funcs, t('mysqli or postgres PHP module'), true, true, "");
check_add($ck_funcs, t('mb_string PHP module'), true, true, "");
check_add($ck_funcs, t('mcrypt PHP module'), true, true, "");
@ -471,9 +479,9 @@ function check_funcs(&$checks) {
$ck_funcs[2]['status']= false;
$ck_funcs[2]['help']= t('Error: openssl PHP module required but not installed.');
}
if(! function_exists('mysqli_connect')){
if(! function_exists('mysqli_connect') && !function_exists('pg_connect')){
$ck_funcs[3]['status']= false;
$ck_funcs[3]['help']= t('Error: mysqli PHP module required but not installed.');
$ck_funcs[3]['help']= t('Error: mysqli or postgres PHP module required but neither are installed.');
}
if(! function_exists('mb_strlen')){
$ck_funcs[4]['status']= false;
@ -579,7 +587,7 @@ function check_htaccess(&$checks) {
if ((! $test['success']) || ($test['body'] != "ok")) {
$status = false;
$help = t('Url rewrite in .htaccess is not working. Check your server configuration.');
$help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true));
}
check_add($checks, t('Url rewrite is working'), $status, true, $help);
} else {
@ -607,8 +615,8 @@ function load_database_rem($v, $i){
function load_database($db) {
$str = file_get_contents('install/database.sql');
file_put_contents('debug-foo.log', 'Loading schema: '.$db->get_install_script());
$str = file_get_contents($db->get_install_script());
$arr = explode(';',$str);
$errors = false;
foreach($arr as $a) {

2
mod/siteinfo.php
View File

@ -8,7 +8,7 @@ function siteinfo_init(&$a) {
$sql_extra = '';
$r = q("select * from channel left join account on account_id = channel_account_id where ( account_roles & 4096 ) and account_default_channel = channel_id");
$r = q("select * from channel left join account on account_id = channel_account_id where ( account_roles & 4096 )>0 and account_default_channel = channel_id");
if($r) {

4
mod/sources.php
View File

@ -47,7 +47,7 @@ function sources_post(&$a) {
goaway(z_root() . '/sources');
}
else {
$r = q("update source set src_xchan = '%s', src_patt = '%s' where src_channel_id = %d and src_id = %d limit 1",
$r = q("update source set src_xchan = '%s', src_patt = '%s' where src_channel_id = %d and src_id = %d",
dbesc($xchan),
dbesc($words),
intval(local_user()),
@ -150,7 +150,7 @@ function sources_content(&$a) {
notice( t('Source not found.') . EOL);
return '';
}
$r = q("delete from source where src_id = %d and src_channel_id = %d limit 1",
$r = q("delete from source where src_id = %d and src_channel_id = %d",
intval(argv(1)),
intval(local_user())
);

2
mod/starred.php
View File

@ -21,7 +21,7 @@ function starred_init(&$a) {
$item_flags = ( $r[0]['item_flags'] ^ ITEM_STARRED );
$r = q("UPDATE item SET item_flags = %d WHERE uid = %d and id = %d LIMIT 1",
$r = q("UPDATE item SET item_flags = %d WHERE uid = %d and id = %d",
intval($item_flags),
intval(local_user()),
intval($message_id)

Some files were not shown because too many files have changed in this diff Show More