diff options
author | Habeas Codice <habeascodice@federated.social> | 2015-01-18 18:40:33 -0800 |
---|---|---|
committer | Habeas Codice <habeascodice@federated.social> | 2015-01-18 18:40:33 -0800 |
commit | aeed498752c7d91517433ef9fe369ff67c3b4069 (patch) | |
tree | 76f9689945a8dfa1ad6287715005633223f1e18b /include | |
parent | 547d852ef7bb22e84ed4cf239912935150b2f784 (diff) | |
download | volse-hubzilla-aeed498752c7d91517433ef9fe369ff67c3b4069.tar.gz volse-hubzilla-aeed498752c7d91517433ef9fe369ff67c3b4069.tar.bz2 volse-hubzilla-aeed498752c7d91517433ef9fe369ff67c3b4069.zip |
fix postgres escaping
Diffstat (limited to 'include')
-rw-r--r-- | include/RedDAV/RedFile.php | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/include/RedDAV/RedFile.php b/include/RedDAV/RedFile.php index f2ee071b8..9ce6490a7 100644 --- a/include/RedDAV/RedFile.php +++ b/include/RedDAV/RedFile.php @@ -96,7 +96,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $size = 0; // @todo only 3 values are needed - $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", + $c = q("SELECT * FROM channel WHERE channel_id = %d AND (channel_pageflags & %d) = 0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); @@ -107,14 +107,15 @@ class RedFile extends DAV\Node implements DAV\IFile { ); if ($r) { if ($r[0]['flags'] & ATTACH_FLAG_OS) { - $f = 'store/' . $this->auth->owner_nick . '/' . (($r[0]['data']) ? $r[0]['data'] : ''); + $fname = dbunescbin($r[0]['data']); + $f = 'store/' . $this->auth->owner_nick . '/' . (($fname) ? $fname : ''); // @todo check return value and set $size directly @file_put_contents($f, $data); $size = @filesize($f); logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG); } else { $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", - dbesc(stream_get_contents($data)), + dbescbin(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid']) ); @@ -191,10 +192,10 @@ class RedFile extends DAV\Node implements DAV\IFile { } if ($r[0]['flags'] & ATTACH_FLAG_OS ) { - $f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $r[0]['data']; + $f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . dbunescbin($r[0]['data']); return fopen($f, 'rb'); } - return $r[0]['data']; + return dbunescbin($r[0]['data']); } } |