clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

protect_sprintf calls

Browse Source 
implement protectSprintf function
This commit is contained in:
Adam Magness
2018-11-08 10:30:45 -05:00
parent 46d7767fd0
commit 0efcbe5d15
5 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
mod/network.php
View File

@@ -650,7 +650,7 @@ function networkThreadedView(App $a, $update, $parent)
$sql_post_table .= " INNER JOIN `item` AS `temp1` ON `temp1`.`id` = " . $sql_table . "." . $sql_parent;
$sql_extra3 .= " AND (`thread`.`contact-id` IN ($contact_str) ";
$sql_extra3 .= " OR (`thread`.`contact-id` = '$contact_str_self' AND `temp1`.`allow_gid` LIKE '" . protect_sprintf('%<' . intval($gid) . '>%') . "' AND `temp1`.`private`))";
$sql_extra3 .= " OR (`thread`.`contact-id` = '$contact_str_self' AND `temp1`.`allow_gid` LIKE '" . Strings::protectSprintf('%<' . intval($gid) . '>%') . "' AND `temp1`.`private`))";
} else {
$sql_extra3 .= " AND false ";
info(L10n::t('Group is empty'));
@@ -698,11 +698,11 @@ function networkThreadedView(App $a, $update, $parent)
}
if ($datequery) {
$sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created <= '%s' ",
$sql_extra3 .= Strings::protectSprintf(sprintf(" AND $sql_table.created <= '%s' ",
DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
}
if ($datequery2) {
$sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created >= '%s' ",
$sql_extra3 .= Strings::protectSprintf(sprintf(" AND $sql_table.created >= '%s' ",
DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
}