clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

protect_sprintf calls

Browse Source 
implement protectSprintf function
This commit is contained in:
Adam Magness
2018-11-08 10:30:45 -05:00
parent 46d7767fd0
commit 0efcbe5d15
5 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Module/Contact.php
View File

@@ -766,7 +766,7 @@ class Contact extends BaseModule
if ($search) {
$searching = true;
$search_hdr = $search;
$search_txt = DBA::escape(protect_sprintf(preg_quote($search)));
$search_txt = DBA::escape(Strings::protectSprintf(preg_quote($search)));
$sql_extra .= " AND (name REGEXP '$search_txt' OR url REGEXP '$search_txt' OR nick REGEXP '$search_txt') ";
}

2
src/Protocol/DFRN.php
View File

@@ -241,7 +241,7 @@ class DFRN
if (isset($category)) {
$sql_post_table = sprintf(
"INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
DBA::escape(protect_sprintf($category)),
DBA::escape(Strings::protectSprintf($category)),
intval(TERM_OBJ_POST),
intval(TERM_CATEGORY),
intval($owner_id)