aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Acl.php
diff options
context:
space:
mode:
authorAndrew Manning <tamanning@zoho.com>2018-03-27 21:11:34 -0400
committerAndrew Manning <tamanning@zoho.com>2018-03-27 21:11:34 -0400
commit1dc795722a8e748ebb98e8fab778cd4686a0654f (patch)
tree4f4a4e8dea10090106c4d54a02c6860332cd9df4 /Zotlabs/Module/Acl.php
parentdcd658f12ea60945678717e3c310e94ece7b1f96 (diff)
parentc98776923a3aed4a0a17ca1412787de3b718eba9 (diff)
downloadvolse-hubzilla-1dc795722a8e748ebb98e8fab778cd4686a0654f.tar.gz
volse-hubzilla-1dc795722a8e748ebb98e8fab778cd4686a0654f.tar.bz2
volse-hubzilla-1dc795722a8e748ebb98e8fab778cd4686a0654f.zip
Merge branch 'dev' into oauth2
Diffstat (limited to 'Zotlabs/Module/Acl.php')
-rw-r--r--Zotlabs/Module/Acl.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index fae7e2e44..245b0a9b7 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -82,7 +82,7 @@ class Acl extends \Zotlabs\Web\Controller {
if($search) {
$sql_extra = " AND groups.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
- $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") ";
+ $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") ";
// This horrible mess is needed because position also returns 0 if nothing is found.
// Would be MUCH easier if it instead returned a very large value
@@ -92,7 +92,7 @@ class Acl extends \Zotlabs\Web\Controller {
$order_extra2 = "CASE WHEN xchan_name LIKE "
. protect_sprintf( "'%" . dbesc($search) . "%'" )
. " then POSITION('" . protect_sprintf(dbesc($search))
- . "' IN xchan_name) else position('" . protect_sprintf(dbesc($search)) . "' IN xchan_addr) end, ";
+ . "' IN xchan_name) else position('" . protect_sprintf(dbesc(punify($search))) . "' IN xchan_addr) end, ";
$col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' );
$sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
@@ -435,7 +435,7 @@ class Acl extends \Zotlabs\Web\Controller {
$count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 100);
if($url) {
$query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : '');
- $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : '');
+ $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode(punify($search)) : '');
$x = z_fetch_url($query);
if($x['success']) {