more bugs
This commit is contained in:
parent
bbe53699f2
commit
6695b4a203
6
boot.php
6
boot.php
|
@ -205,12 +205,10 @@ function notags($string) {
|
||||||
return(str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string));
|
return(str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string));
|
||||||
}}
|
}}
|
||||||
|
|
||||||
// The PHP built-in tag escape function has traditionally been buggy
|
|
||||||
if(! function_exists('escape_tags')) {
|
if(! function_exists('escape_tags')) {
|
||||||
function escape_tags($string) {
|
function escape_tags($string) {
|
||||||
return(str_replace(
|
|
||||||
array('&', '"', "'", '<', '>'),
|
return(htmlspecialchars($string));
|
||||||
array('&', '"', ''', '<', '>'), $string));
|
|
||||||
}}
|
}}
|
||||||
|
|
||||||
if(! function_exists('login')) {
|
if(! function_exists('login')) {
|
||||||
|
|
|
@ -63,7 +63,7 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
|
||||||
`contact`.`id` AS `contact-id`, `contact`.`uid` AS `contact-uid`
|
`contact`.`id` AS `contact-id`, `contact`.`uid` AS `contact-uid`
|
||||||
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
||||||
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
|
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
|
||||||
AND `item`.`type` != 'remote' AND `contact`.`blocked` = 0
|
AND `item`.`type` != 'remote' AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
||||||
AND `item`.`edited` > '%s'
|
AND `item`.`edited` > '%s'
|
||||||
$sql_extra
|
$sql_extra
|
||||||
ORDER BY `parent` ASC, `created` ASC LIMIT 0, 300",
|
ORDER BY `parent` ASC, `created` ASC LIMIT 0, 300",
|
||||||
|
@ -114,7 +114,7 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
|
||||||
'$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
|
'$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
|
||||||
'$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
|
'$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
|
||||||
'$content' =>xmlify($item['body']),
|
'$content' =>xmlify($item['body']),
|
||||||
'$comment_allow' => (($item['last-child'] && strlen($contact['dfrn-id'] && (! $contact['blocked']))) ? 1 : 0)
|
'$comment_allow' => (($item['last-child'] && strlen($contact['dfrn-id'])) ? 1 : 0)
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
|
@ -96,7 +96,7 @@ dbg(3);
|
||||||
$conversant_str = dbesc(implode(', ',$conversants));
|
$conversant_str = dbesc(implode(', ',$conversants));
|
||||||
}
|
}
|
||||||
|
|
||||||
$r = q("SELECT * FROM `contact` WHERE `id` IN ( $conversant_str ) AND `blocked` = 0 ");
|
$r = q("SELECT * FROM `contact` WHERE `id` IN ( $conversant_str ) AND `blocked` = 0 AND `pending` = 0");
|
||||||
|
|
||||||
if( ! count($r))
|
if( ! count($r))
|
||||||
killme();
|
killme();
|
||||||
|
|
|
@ -6,7 +6,7 @@ function can_write_wall(&$a,$owner) {
|
||||||
if((local_user()) && ($_SESSION['uid'] == $owner))
|
if((local_user()) && ($_SESSION['uid'] == $owner))
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `id` = %d AND `blocked` = 0",
|
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `id` = %d AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
|
||||||
intval($owner),
|
intval($owner),
|
||||||
intval($_SESSION['visitor_id'])
|
intval($_SESSION['visitor_id'])
|
||||||
);
|
);
|
||||||
|
|
|
@ -119,7 +119,7 @@ function contacts_content(&$a) {
|
||||||
$p['id']);
|
$p['id']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if($intval($contact_id))
|
if(intval($contact_id))
|
||||||
q("DELETE FROM `item` WHERE `contact-id` = %d LIMIT 1",
|
q("DELETE FROM `item` WHERE `contact-id` = %d LIMIT 1",
|
||||||
intval($contact_id)
|
intval($contact_id)
|
||||||
);
|
);
|
||||||
|
@ -184,7 +184,7 @@ function contacts_content(&$a) {
|
||||||
return $o;
|
return $o;
|
||||||
|
|
||||||
}
|
}
|
||||||
dbg(2);
|
|
||||||
if(($a->argc == 2) && ($a->argv[1] == 'all'))
|
if(($a->argc == 2) && ($a->argv[1] == 'all'))
|
||||||
$sql_extra = '';
|
$sql_extra = '';
|
||||||
else
|
else
|
||||||
|
@ -212,7 +212,7 @@ dbg(2);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$r = q("SELECT * FROM `contact` WHERE `uid` = %d $sql_extra $sql_extra2 ",
|
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `pending` = 0 $sql_extra $sql_extra2 ",
|
||||||
intval($_SESSION['uid']));
|
intval($_SESSION['uid']));
|
||||||
|
|
||||||
if(count($r)) {
|
if(count($r)) {
|
||||||
|
|
|
@ -136,7 +136,7 @@ function dfrn_confirm_post(&$a) {
|
||||||
$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
|
$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
|
||||||
}
|
}
|
||||||
|
|
||||||
$r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `blocked` = 0 WHERE `id` = %d LIMIT 1",
|
$r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `blocked` = 0, `pending` = 0 WHERE `id` = %d LIMIT 1",
|
||||||
dbesc($photo),
|
dbesc($photo),
|
||||||
dbesc($thumb),
|
dbesc($thumb),
|
||||||
intval($dfrn_record)
|
intval($dfrn_record)
|
||||||
|
@ -361,7 +361,7 @@ function dfrn_confirm_post(&$a) {
|
||||||
$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
|
$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
|
||||||
}
|
}
|
||||||
|
|
||||||
$r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `blocked` = 0 WHERE `id` = %d LIMIT 1",
|
$r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `blocked` = 0, `pending` = 0 WHERE `id` = %d LIMIT 1",
|
||||||
dbesc($photo),
|
dbesc($photo),
|
||||||
dbesc($thumb),
|
dbesc($thumb),
|
||||||
intval($contact_id)
|
intval($contact_id)
|
||||||
|
|
|
@ -143,7 +143,7 @@ dbg(3);
|
||||||
|
|
||||||
|
|
||||||
$datarray = get_atom_elements($item);
|
$datarray = get_atom_elements($item);
|
||||||
$datarray['parent-uri'] = $item['uri']
|
$datarray['parent-uri'] = $item_id;
|
||||||
$datarray['uid'] = $importer['uid'];
|
$datarray['uid'] = $importer['uid'];
|
||||||
$datarray['contact-id'] = $importer['id'];
|
$datarray['contact-id'] = $importer['id'];
|
||||||
$r = post_remote($a,$datarray);
|
$r = post_remote($a,$datarray);
|
||||||
|
@ -176,7 +176,7 @@ function dfrn_notify_content(&$a) {
|
||||||
intval(time() + 60 )
|
intval(time() + 60 )
|
||||||
);
|
);
|
||||||
|
|
||||||
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 LIMIT 1",
|
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
|
||||||
dbesc($_GET['dfrn_id']));
|
dbesc($_GET['dfrn_id']));
|
||||||
if((! count($r)) || (! strlen($r[0]['prvkey'])))
|
if((! count($r)) || (! strlen($r[0]['prvkey'])))
|
||||||
$status = 1;
|
$status = 1;
|
||||||
|
|
|
@ -165,7 +165,7 @@ function dfrn_poll_content(&$a) {
|
||||||
dbesc($last_update)
|
dbesc($last_update)
|
||||||
);
|
);
|
||||||
|
|
||||||
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 LIMIT 1",
|
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
|
||||||
dbesc($_GET['dfrn_id']));
|
dbesc($_GET['dfrn_id']));
|
||||||
if((! count($r)) || (! strlen($r[0]['prvkey'])))
|
if((! count($r)) || (! strlen($r[0]['prvkey'])))
|
||||||
$status = 1;
|
$status = 1;
|
||||||
|
|
|
@ -5,7 +5,7 @@ function sanitise_acl(&$item) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function item_post(&$a) {
|
function item_post(&$a) {
|
||||||
dbg(3);
|
|
||||||
if((! local_user()) && (! remote_user()))
|
if((! local_user()) && (! remote_user()))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -170,6 +170,6 @@ dbg(3);
|
||||||
array(),$foo));
|
array(),$foo));
|
||||||
|
|
||||||
}
|
}
|
||||||
// goaway($a->get_baseurl() . "/" . $_POST['return'] );
|
goaway($a->get_baseurl() . "/" . $_POST['return'] );
|
||||||
return; // NOTREACHED
|
return; // NOTREACHED
|
||||||
}
|
}
|
|
@ -40,7 +40,7 @@ function network_content(&$a) {
|
||||||
$r = q("SELECT COUNT(*) AS `total`
|
$r = q("SELECT COUNT(*) AS `total`
|
||||||
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
||||||
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
|
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
|
||||||
AND `contact`.`blocked` = 0
|
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
||||||
$sql_extra ",
|
$sql_extra ",
|
||||||
intval($_SESSION['uid'])
|
intval($_SESSION['uid'])
|
||||||
);
|
);
|
||||||
|
@ -54,7 +54,7 @@ function network_content(&$a) {
|
||||||
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
|
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
|
||||||
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
||||||
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
|
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
|
||||||
AND `contact`.`blocked` = 0
|
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
||||||
$sql_extra
|
$sql_extra
|
||||||
ORDER BY `parent` DESC, `created` ASC LIMIT %d ,%d ",
|
ORDER BY `parent` DESC, `created` ASC LIMIT %d ,%d ",
|
||||||
intval($_SESSION['uid']),
|
intval($_SESSION['uid']),
|
||||||
|
|
|
@ -155,7 +155,7 @@ function profile_content(&$a) {
|
||||||
$r = q("SELECT COUNT(*) AS `total`
|
$r = q("SELECT COUNT(*) AS `total`
|
||||||
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
||||||
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
|
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
|
||||||
AND `item`.`type` != 'remote' AND `contact`.`blocked` = 0
|
AND `item`.`type` != 'remote' AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
||||||
$sql_extra ",
|
$sql_extra ",
|
||||||
intval($a->profile['uid'])
|
intval($a->profile['uid'])
|
||||||
|
|
||||||
|
@ -171,7 +171,7 @@ function profile_content(&$a) {
|
||||||
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
|
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
|
||||||
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
||||||
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
|
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
|
||||||
AND `item`.`type` != 'remote' AND `contact`.`blocked` = 0
|
AND `item`.`type` != 'remote' AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
||||||
$sql_extra
|
$sql_extra
|
||||||
ORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ",
|
ORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ",
|
||||||
intval($a->profile['uid']),
|
intval($a->profile['uid']),
|
||||||
|
|
|
@ -123,9 +123,9 @@ function register_post(&$a) {
|
||||||
intval($newuid));
|
intval($newuid));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
$r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `photo`, `thumb`, `blocked`, `url`,
|
$r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `photo`, `thumb`, `blocked`, `pending`, `url`,
|
||||||
`request`, `notify`, `poll`, `confirm` )
|
`request`, `notify`, `poll`, `confirm` )
|
||||||
VALUES ( %d, '%s', 1, '%s', '%s', '%s', 0, '%s', '%s', '%s', '%s', '%s' ) ",
|
VALUES ( %d, '%s', 1, '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s' ) ",
|
||||||
intval($newuid),
|
intval($newuid),
|
||||||
datetime_convert(),
|
datetime_convert(),
|
||||||
dbesc($username),
|
dbesc($username),
|
||||||
|
|
|
@ -36,7 +36,9 @@ function contact_select($selname,$selclass,$preselected = false,$size = 4) {
|
||||||
|
|
||||||
$o .= "<select name=\"{$selname}[]\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" />\r\n";
|
$o .= "<select name=\"{$selname}[]\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" />\r\n";
|
||||||
|
|
||||||
$r = q("SELECT `id`, `name` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 ORDER BY `name` ASC ",
|
$r = q("SELECT `id`, `name` FROM `contact`
|
||||||
|
WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0
|
||||||
|
ORDER BY `name` ASC ",
|
||||||
$_SESSION['uid']
|
$_SESSION['uid']
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user