diff options
author | Andrew Manning <tamanning@zoho.com> | 2018-03-27 21:11:34 -0400 |
---|---|---|
committer | Andrew Manning <tamanning@zoho.com> | 2018-03-27 21:11:34 -0400 |
commit | 1dc795722a8e748ebb98e8fab778cd4686a0654f (patch) | |
tree | 4f4a4e8dea10090106c4d54a02c6860332cd9df4 /Zotlabs/Module/Acl.php | |
parent | dcd658f12ea60945678717e3c310e94ece7b1f96 (diff) | |
parent | c98776923a3aed4a0a17ca1412787de3b718eba9 (diff) | |
download | volse-hubzilla-1dc795722a8e748ebb98e8fab778cd4686a0654f.tar.gz volse-hubzilla-1dc795722a8e748ebb98e8fab778cd4686a0654f.tar.bz2 volse-hubzilla-1dc795722a8e748ebb98e8fab778cd4686a0654f.zip |
Merge branch 'dev' into oauth2
Diffstat (limited to 'Zotlabs/Module/Acl.php')
-rw-r--r-- | Zotlabs/Module/Acl.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index fae7e2e44..245b0a9b7 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -82,7 +82,7 @@ class Acl extends \Zotlabs\Web\Controller { if($search) { $sql_extra = " AND groups.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; - $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; + $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; // This horrible mess is needed because position also returns 0 if nothing is found. // Would be MUCH easier if it instead returned a very large value @@ -92,7 +92,7 @@ class Acl extends \Zotlabs\Web\Controller { $order_extra2 = "CASE WHEN xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " then POSITION('" . protect_sprintf(dbesc($search)) - . "' IN xchan_name) else position('" . protect_sprintf(dbesc($search)) . "' IN xchan_addr) end, "; + . "' IN xchan_name) else position('" . protect_sprintf(dbesc(punify($search))) . "' IN xchan_addr) end, "; $col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' ); $sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; @@ -435,7 +435,7 @@ class Acl extends \Zotlabs\Web\Controller { $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 100); if($url) { $query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : ''); - $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : ''); + $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode(punify($search)) : ''); $x = z_fetch_url($query); if($x['success']) { |