diff options
| author | Mario <mario@mariovavti.com> | 2021-04-14 11:01:34 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2021-04-14 11:01:34 +0000 |
| commit | f9793e870f5c3c531fe48a2294782de0643a6c9b (patch) | |
| tree | 8a7d93a005f8d3e3c8a903b9bc2cef2983027ee2 /include/text.php | |
| parent | e48fedd5264f0bd66005dba71621eced0bf0e6e8 (diff) | |
| download | volse-hubzilla-f9793e870f5c3c531fe48a2294782de0643a6c9b.tar.gz volse-hubzilla-f9793e870f5c3c531fe48a2294782de0643a6c9b.tar.bz2 volse-hubzilla-f9793e870f5c3c531fe48a2294782de0643a6c9b.zip | |
use protect_sprintf() on query strings
Diffstat (limited to 'include/text.php')
| -rw-r--r-- | include/text.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/include/text.php b/include/text.php index 6e6e1fc38..749e1fd70 100644 --- a/include/text.php +++ b/include/text.php @@ -3717,7 +3717,7 @@ function get_forum_channels($uid) { $xc = ids_to_querystr($x1,'xchan',true); - $x2 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'tag_deliver' and v = '1' and xchan in (" . $xc . ") ", + $x2 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'tag_deliver' and v = '1' and xchan in (" . protect_sprintf($xc) . ") ", intval($uid) ); @@ -3725,7 +3725,7 @@ function get_forum_channels($uid) { $sql_extra = (($xf) ? ' and not xchan in (' . $xf . ')' : ''); // private forums - $x3 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'post_wall' and v = '1' and xchan in (" . $xc . ") $sql_extra ", + $x3 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'post_wall' and v = '1' and xchan in (" . protect_sprintf($xc) . ") $sql_extra ", intval(local_channel()) ); if($x3) { @@ -3733,7 +3733,7 @@ function get_forum_channels($uid) { } // public forums with no permission to post - $x4 = q("select xchan from abconfig left join xchan on xchan = xchan_hash where chan = %d and cat = 'their_perms' and k in ('post_wall', 'tag_deliver') and v = '0' and xchan in (" . $xc . ") and xchan_pubforum = 1 $sql_extra ", + $x4 = q("select xchan from abconfig left join xchan on xchan = xchan_hash where chan = %d and cat = 'their_perms' and k in ('post_wall', 'tag_deliver') and v = '0' and xchan in (" . protect_sprintf($xc) . ") and xchan_pubforum = 1 $sql_extra ", intval(local_channel()) ); if($x4) { @@ -3742,7 +3742,7 @@ function get_forum_channels($uid) { } - $sql_extra_1 = (($xf) ? " and ( xchan_hash in (" . $xf . ") or xchan_pubforum = 1 ) " : " and xchan_pubforum = 1 "); + $sql_extra_1 = (($xf) ? " and ( xchan_hash in (" . protect_sprintf($xf) . ") or xchan_pubforum = 1 ) " : " and xchan_pubforum = 1 "); $r = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_addr, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_deleted = 0 and abook_channel = %d and abook_pending = 0 and abook_ignored = 0 and abook_blocked = 0 and abook_archived = 0 $sql_extra_1 order by xchan_name", intval($uid) |