diff options
| author | Habeas Codice <habeascodice@federated.social> | 2014-11-13 12:21:58 -0800 |
|---|---|---|
| committer | Habeas Codice <habeascodice@federated.social> | 2014-11-13 12:21:58 -0800 |
| commit | 1a5a5c7edb8697c93f8bababbafa80245378dd7e (patch) | |
| tree | b3d3b5ff30ecce1316ad0386d0e89fe18a867b4f /include | |
| parent | 31376de0665091f2dba04755562ccd238d57a13c (diff) | |
| download | volse-hubzilla-1a5a5c7edb8697c93f8bababbafa80245378dd7e.tar.gz volse-hubzilla-1a5a5c7edb8697c93f8bababbafa80245378dd7e.tar.bz2 volse-hubzilla-1a5a5c7edb8697c93f8bababbafa80245378dd7e.zip | |
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
Diffstat (limited to 'include')
51 files changed, 696 insertions, 403 deletions
diff --git a/include/Contact.php b/include/Contact.php index 20e5e1a1e..f0c7cd737 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -22,7 +22,7 @@ function rconnect_url($channel_id,$xchan) { if(($r) && ($r[0]['xchan_follow'])) return $r[0]['xchan_follow']; - $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d ) limit 1", + $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d )>0 limit 1", dbesc($xchan), intval(HUBLOC_FLAGS_PRIMARY) ); @@ -35,7 +35,7 @@ function rconnect_url($channel_id,$xchan) { function abook_connections($channel_id, $sql_conditions = '') { $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d - and not ( abook_flags & %d ) $sql_conditions", + and not ( abook_flags & %d )>0 $sql_conditions", intval($channel_id), intval(ABOOK_FLAG_SELF) ); @@ -44,7 +44,7 @@ function abook_connections($channel_id, $sql_conditions = '') { function abook_self($channel_id) { $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d - and ( abook_flags & %d ) limit 1", + and ( abook_flags & %d )>0 limit 1", intval($channel_id), intval(ABOOK_FLAG_SELF) ); @@ -52,7 +52,7 @@ function abook_self($channel_id) { } function channelx_by_nick($nick) { - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and not ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and not ( channel_pageflags & %d )>0 LIMIT 1", dbesc($nick), intval(PAGE_REMOVED) ); @@ -60,7 +60,7 @@ function channelx_by_nick($nick) { } function channelx_by_hash($hash) { - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and not ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and not ( channel_pageflags & %d )>0 LIMIT 1", dbesc($hash), intval(PAGE_REMOVED) ); @@ -68,7 +68,7 @@ function channelx_by_hash($hash) { } function channelx_by_n($id) { - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and not ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and not ( channel_pageflags & %d )>0 LIMIT 1", dbesc($id), intval(PAGE_REMOVED) ); @@ -128,7 +128,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { function abook_toggle_flag($abook,$flag) { - $r = q("UPDATE abook set abook_flags = (abook_flags ^ %d) where abook_id = %d and abook_channel = %d limit 1", + $r = q("UPDATE abook set abook_flags = (abook_flags & ~%d) where abook_id = %d and abook_channel = %d", intval($flag), intval($abook['abook_id']), intval($abook['abook_channel']) @@ -138,7 +138,7 @@ function abook_toggle_flag($abook,$flag) { if(($flag === ABOOK_FLAG_ARCHIVED) && ($abook['abook_flags'] & ABOOK_FLAG_ARCHIVED)) { $r = q("update abook set abook_connected = '%s', abook_updated = '%s' - where abook_id = %d and abook_channel = %d limit 1", + where abook_id = %d and abook_channel = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), intval($abook['abook_id']), @@ -173,7 +173,7 @@ function account_remove($account_id,$local = true,$unset_session=true) { // Don't let anybody nuke the only admin account. - $r = q("select account_id from account where (account_roles & %d)", + $r = q("select account_id from account where (account_roles & %d)>0", intval(ACCOUNT_ROLE_ADMIN) ); @@ -201,7 +201,7 @@ function account_remove($account_id,$local = true,$unset_session=true) { } } - $r = q("delete from account where account_id = %d limit 1", + $r = q("delete from account where account_id = %d", intval($account_id) ); @@ -239,7 +239,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { channel_r_photos = 0, channel_r_abook = 0, channel_w_stream = 0, channel_w_wall = 0, channel_w_tagwall = 0, channel_w_comment = 0, channel_w_mail = 0, channel_w_photos = 0, channel_w_chat = 0, channel_a_delegate = 0, channel_r_storage = 0, channel_w_storage = 0, channel_r_pages = 0, channel_w_pages = 0, channel_a_republish = 0 - where channel_id = %d limit 1", + where channel_id = %d", dbesc(datetime_convert()), intval(PAGE_REMOVED), intval($channel_id) @@ -275,12 +275,12 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { q("DELETE FROM `spam` WHERE `uid` = %d", intval($channel_id)); - q("delete from abook where abook_xchan = '%s' and (abook_flags & %d) limit 1", + q("delete from abook where abook_xchan = '%s' and (abook_flags & %d)>0", dbesc($channel['channel_hash']), dbesc(ABOOK_FLAG_SELF) ); - $r = q("update channel set channel_deleted = '%s', channel_pageflags = (channel_pageflags | %d) where channel_id = %d limit 1", + $r = q("update channel set channel_deleted = '%s', channel_pageflags = (channel_pageflags | %d) where channel_id = %d", dbesc(datetime_convert()), intval(PAGE_REMOVED), intval($channel_id) @@ -296,7 +296,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { $hublocs = 0; - $r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)", + $r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)>0", dbesc($channel['channel_hash']), intval(HUBLOC_FLAGS_DELETED) ); @@ -335,10 +335,11 @@ function mark_orphan_hubsxchans() { if($dirmode == DIRECTORY_MODE_NORMAL) return; - $r = q("update hubloc set hubloc_status = (hubloc_status | %d) where not (hubloc_status & %d) - and hubloc_network = 'zot' and hubloc_connected < utc_timestamp() - interval 36 day", + $r = q("update hubloc set hubloc_status = (hubloc_status | %d) where not (hubloc_status & %d)>0 + and hubloc_network = 'zot' and hubloc_connected < %s - interval %s", intval(HUBLOC_OFFLINE), - intval(HUBLOC_OFFLINE) + intval(HUBLOC_OFFLINE), + db_utcnow(), db_quoteinterval('36 day') ); // $realm = get_directory_realm(); @@ -354,7 +355,7 @@ function mark_orphan_hubsxchans() { // } - $r = q("select hubloc_id, hubloc_hash from hubloc where (hubloc_status & %d) and not (hubloc_flags & %d)", + $r = q("select hubloc_id, hubloc_hash from hubloc where (hubloc_status & %d)>0 and not (hubloc_flags & %d)>0", intval(HUBLOC_OFFLINE), intval(HUBLOC_FLAGS_ORPHANCHECK) ); @@ -364,7 +365,7 @@ function mark_orphan_hubsxchans() { // see if any other hublocs are still alive for this channel - $x = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_status & %d)", + $x = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_status & %d)>0", dbesc($rr['hubloc_hash']), intval(HUBLOC_OFFLINE) ); @@ -372,7 +373,7 @@ function mark_orphan_hubsxchans() { // yes - if the xchan was marked as an orphan, undo it - $y = q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1", + $y = q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'", intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN), dbesc($rr['hubloc_hash']) @@ -383,7 +384,7 @@ function mark_orphan_hubsxchans() { // nope - mark the xchan as an orphan - $y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s' limit 1", + $y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'", intval(XCHAN_FLAGS_ORPHAN), dbesc($rr['hubloc_hash']) ); @@ -391,7 +392,7 @@ function mark_orphan_hubsxchans() { // mark that we've checked this entry so we don't need to do it again - $y = q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d limit 1", + $y = q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d", intval(HUBLOC_FLAGS_ORPHANCHECK), dbesc($rr['hubloc_id']) ); @@ -449,7 +450,7 @@ function remove_all_xchan_resources($xchan, $channel_id = 0) { if($dirmode === false || $dirmode == DIRECTORY_MODE_NORMAL) { - $r = q("delete from xchan where xchan_hash = '%s' limit 1", + $r = q("delete from xchan where xchan_hash = '%s'", dbesc($xchan) ); $r = q("delete from hubloc where hubloc_hash = '%s'", @@ -482,7 +483,7 @@ function contact_remove($channel_id, $abook_id) { $archive = get_pconfig($channel_id, 'system','archive_removed_contacts'); if($archive) { - q("update abook set abook_flags = ( abook_flags | %d ) where abook_id = %d and abook_channel = %d limit 1", + q("update abook set abook_flags = ( abook_flags | %d ) where abook_id = %d and abook_channel = %d", intval(ABOOK_FLAG_ARCHIVED), intval($abook_id), intval($channel_id) @@ -514,7 +515,7 @@ function contact_remove($channel_id, $abook_id) { } } - q("delete from abook where abook_id = %d and abook_channel = %d limit 1", + q("delete from abook where abook_id = %d and abook_channel = %d", intval($abook['abook_id']), intval($channel_id) ); @@ -541,7 +542,10 @@ function contact_remove($channel_id, $abook_id) { function random_profile() { - $r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > UTC_TIMESTAMP() - interval 30 day order by rand() limit 1"); + $randfunc = db_getfunc('rand'); + $r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > %s - interval %s order by $randfunc limit 1", + db_utcnow(), db_quoteinterval('30 day') + ); if($r) return $r[0]['xchan_url']; return ''; diff --git a/include/RedDAV/RedDirectory.php b/include/RedDAV/RedDirectory.php index a46b77f5f..85af0d57f 100644 --- a/include/RedDAV/RedDirectory.php +++ b/include/RedDAV/RedDirectory.php @@ -159,7 +159,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { list($parent_path, ) = DAV\URLUtil::splitPath($this->red_path); $new_path = $parent_path . '/' . $name; - $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND uid = %d", dbesc($name), dbesc($this->folder_hash), intval($this->auth->owner_id) @@ -197,7 +197,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $mimetype = z_mime_content_type($name); - $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", + $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); @@ -246,7 +246,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $edited = datetime_convert(); // updates entry with filesize and timestamp - $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($hash), @@ -254,7 +254,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { ); // update the folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($this->folder_hash), intval($c[0]['channel_id']) @@ -293,7 +293,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { throw new DAV\Exception\Forbidden('Permission denied.'); } - $r = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", + $r = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); @@ -362,7 +362,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $channel_name = $path_arr[0]; - $r = q("SELECT channel_id FROM channel WHERE channel_address = '%s' AND NOT ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT channel_id FROM channel WHERE channel_address = '%s' AND NOT ( channel_pageflags & %d )>0 LIMIT 1", dbesc($channel_name), intval(PAGE_REMOVED) ); @@ -380,7 +380,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $os_path = ''; for ($x = 1; $x < count($path_arr); $x++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), @@ -440,7 +440,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $free = disk_free_space('store'); if ($this->auth->owner_id) { - $c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", + $c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d)>0 limit 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); diff --git a/include/RedDAV/RedFile.php b/include/RedDAV/RedFile.php index f96790631..3a5230dc1 100644 --- a/include/RedDAV/RedFile.php +++ b/include/RedDAV/RedFile.php @@ -79,7 +79,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $newName = str_replace('/', '%2F', $newName); - $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND id = %d LIMIT 1", + $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND id = %d", dbesc($this->data['filename']), intval($this->data['id']) ); @@ -96,7 +96,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $size = 0; // @todo only 3 values are needed - $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", + $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); @@ -113,7 +113,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $size = @filesize($f); logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG); } else { - $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", dbesc(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid']) @@ -131,7 +131,7 @@ class RedFile extends DAV\Node implements DAV\IFile { // returns now() $edited = datetime_convert(); - $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($this->data['hash']), @@ -139,7 +139,7 @@ class RedFile extends DAV\Node implements DAV\IFile { ); // update the folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($r[0]['folder']), intval($c[0]['channel_id']) diff --git a/include/account.php b/include/account.php index df484e608..8df44acba 100644 --- a/include/account.php +++ b/include/account.php @@ -202,7 +202,7 @@ function create_account($arr) { // Set the parent record to the current record_id if no parent was provided if(! $parent) { - $r = q("update account set account_parent = %d where account_id = %d limit 1", + $r = q("update account set account_parent = %d where account_id = %d", intval($result['account']['account_id']), intval($result['account']['account_id']) ); @@ -367,16 +367,16 @@ function user_allow($hash) { if(! $account) return $ret; - $r = q("DELETE FROM register WHERE hash = '%s' LIMIT 1", + $r = q("DELETE FROM register WHERE hash = '%s'", dbesc($register[0]['hash']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']) @@ -430,11 +430,11 @@ function user_deny($hash) { if(! $account) return false; - $r = q("DELETE FROM account WHERE account_id = %d LIMIT 1", + $r = q("DELETE FROM account WHERE account_id = %d", intval($register[0]['uid']) ); - $r = q("DELETE FROM `register` WHERE id = %d LIMIT 1", + $r = q("DELETE FROM `register` WHERE id = %d", dbesc($register[0]['id']) ); notice( sprintf(t('Registration revoked for %s'), $account[0]['account_email']) . EOL); @@ -463,21 +463,21 @@ function user_approve($hash) { if(! $account) return $ret; - $r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify' LIMIT 1", + $r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify'", dbesc($register[0]['hash']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_UNVERIFIED), intval($register[0]['uid']) @@ -510,11 +510,12 @@ function user_approve($hash) { function downgrade_accounts() { - $r = q("select * from account where not ( account_flags & %d ) + $r = q("select * from account where not ( account_flags & %d )>0 and account_expires != '%s' - and account_expires < UTC_TIMESTAMP() ", + and account_expires < %s ", intval(ACCOUNT_EXPIRED), - dbesc(NULL_DATE) + dbesc(NULL_DATE), + db_getfunc('UTC_TIMESTAMP') ); if(! $r) @@ -527,7 +528,7 @@ function downgrade_accounts() { if(($basic) && ($rr['account_service_class']) && ($rr['account_service_class'] != $basic)) { $x = q("UPDATE account set account_service_class = '%s', account_expires = '%s' - where account_id = %d limit 1", + where account_id = %d", dbesc($basic), dbesc(NULL_DATE), intval($rr['account_id']) @@ -537,7 +538,7 @@ function downgrade_accounts() { logger('downgrade_accounts: Account id ' . $rr['account_id'] . ' downgraded.'); } else { - $x = q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d limit 1", + $x = q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d", intval(ACCOUNT_EXPIRED), intval($rr['account_id']) ); diff --git a/include/acl_selectors.php b/include/acl_selectors.php index 5adafff2c..243e7a549 100644 --- a/include/acl_selectors.php +++ b/include/acl_selectors.php @@ -171,7 +171,7 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p $o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" $tabindex >\r\n"; $r = q("SELECT abook_id, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash - where abook_flags = 0 or not ( abook_flags & %d ) and abook_channel = %d + where abook_flags = 0 or not ( abook_flags & %d )>0 and abook_channel = %d $sql_extra ORDER BY xchan_name ASC ", intval(ABOOK_FLAG_SELF), diff --git a/include/api.php b/include/api.php index 9fe2ef47d..aeee95d3b 100644 --- a/include/api.php +++ b/include/api.php @@ -309,7 +309,7 @@ require_once('include/items.php'); return False; } else { $user = local_user(); - $extra_query = " AND abook_channel = %d AND (abook_flags & " . ABOOK_FLAG_SELF . " ) "; + $extra_query = " AND abook_channel = %d AND (abook_flags & " . ABOOK_FLAG_SELF . " )>0 "; } } @@ -336,7 +336,7 @@ require_once('include/items.php'); // count public wall messages $r = q("SELECT COUNT(`id`) as `count` FROM `item` WHERE `uid` = %d - AND ( item_flags & %d ) and item_restrict = 0 + AND ( item_flags & %d )>0 and item_restrict = 0 AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''", intval($usr[0]['channel_id']), intval(ITEM_WALL) @@ -363,7 +363,7 @@ require_once('include/items.php'); $countfollowers = $r[0]['count']; } - $r = q("SELECT count(`id`) as `count` FROM item where ( item_flags & %d ) and uid = %d and item_restrict = 0", + $r = q("SELECT count(`id`) as `count` FROM item where ( item_flags & %d )>0 and uid = %d and item_restrict = 0", intval($uinfo[0]['channel_id']), intval(ITEM_STARRED) ); @@ -1004,8 +1004,8 @@ require_once('include/items.php'); // at the network timeline just mark everything seen. if (api_user() == $user_info['uid']) { - $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d ) - WHERE item_flags & %d and uid = %d", + $r = q("UPDATE `item` SET item_flags = ( item_flags & ~%d ) + WHERE (item_flags & %d)>0 and uid = %d", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval($user_info['uid']) @@ -1062,10 +1062,10 @@ require_once('include/items.php'); and uid in ( " . stream_perms_api_uids() . " ) $sql_extra AND id > %d group by mid - order by received desc LIMIT %d, %d ", + order by received desc LIMIT %d OFFSET %d ", intval($since_id), - intval($start), - intval($count) + intval($count), + intval($start) ); xchan_query($r,true); @@ -1706,9 +1706,9 @@ require_once('include/items.php'); // For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams. // This won't work if either of you send your stream to everybody on the network if($qtype == 'friends') - $sql_extra = sprintf(" AND ( abook_their_perms & %d ) and ( abook_my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); + $sql_extra = sprintf(" AND ( abook_their_perms & %d )>0 and ( abook_my_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); if($qtype == 'followers') - $sql_extra = sprintf(" AND ( abook_my_perms & %d ) and not ( abook_their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); + $sql_extra = sprintf(" AND ( abook_my_perms & %d )>0 and not ( abook_their_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); $r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", intval(api_user()) @@ -1822,9 +1822,9 @@ require_once('include/items.php'); // This won't work if either of you send your stream to everybody on the network if($qtype == 'friends') - $sql_extra = sprintf(" AND ( abook_their_perms & %d ) and ( abook_my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); + $sql_extra = sprintf(" AND ( abook_their_perms & %d )>0 and ( abook_my_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); if($qtype == 'followers') - $sql_extra = sprintf(" AND ( abook_my_perms & %d ) and not ( abook_their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); + $sql_extra = sprintf(" AND ( abook_my_perms & %d )>0 and not ( abook_their_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); $r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", intval(api_user()) @@ -1940,9 +1940,9 @@ require_once('include/items.php'); $sql_extra = "`from-url`!='".dbesc( $profile_url )."'"; } - $r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d", + $r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d OFFSET %d", intval(api_user()), - intval($start), intval($count) + intval($count), intval($start) ); $ret = Array(); diff --git a/include/apps.php b/include/apps.php index cd0c2984e..9c4fe826a 100644 --- a/include/apps.php +++ b/include/apps.php @@ -267,7 +267,7 @@ function app_install($uid,$app) { function app_destroy($uid,$app) { if($uid && $app['guid']) { - $r = q("delete from app where app_id = '%s' and app_channel = %d limit 1", + $r = q("delete from app where app_id = '%s' and app_channel = %d", dbesc($app['guid']), intval($uid) ); @@ -388,7 +388,7 @@ function app_update($arr) { $darray['app_page'] = ((x($arr,'page')) ? escape_tags($arr['page']) : ''); $darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : ''); - $r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s' where app_id = '%s' and app_channel = %d limit 1", + $r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s' where app_id = '%s' and app_channel = %d", dbesc($darray['app_sig']), dbesc($darray['app_author']), dbesc($darray['app_name']), diff --git a/include/attach.php b/include/attach.php index 6bce617cd..87d618afa 100644 --- a/include/attach.php +++ b/include/attach.php @@ -400,7 +400,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $created = datetime_convert(); if($options === 'replace') { - $r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d limit 1", + $r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d", dbesc($filename), dbesc($mimetype), intval($filesize), @@ -432,7 +432,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { } elseif($options === 'update') { $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', - allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d limit 1", + allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d", dbesc((array_key_exists('filename',$arr)) ? $arr['filename'] : $x[0]['filename']), dbesc((array_key_exists('filetype',$arr)) ? $arr['filetype'] : $x[0]['filetype']), dbesc($created), @@ -517,7 +517,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') { if(count($paths) > 1) { $curpath = array_shift($paths); - $r = q("select hash, id from attach where uid = %d and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id) . " limit 1", + $r = q("select hash, id from attach where uid = %d and filename = '%s' and (flags & %d )>0 " . permissions_sql($channel_id) . " limit 1", intval($channel_id), dbesc($curpath), intval(ATTACH_FLAG_DIR) @@ -533,7 +533,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') { else $paths = array($pathname); - $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id), + $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d )>0 " . permissions_sql($channel_id), intval($channel_id), dbesc($parent_hash), dbesc($paths[0]), @@ -617,7 +617,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { $sql_options = permissions_sql($channel['channel_id']); do { - $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d ) + $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 $sql_options limit 1", intval($channel['channel_id']), dbesc($lfile), @@ -669,7 +669,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { $ret['data'] = $arr; // update the parent folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($created), dbesc($arr['folder']), intval($channel_id) @@ -722,7 +722,7 @@ function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gi } } - $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d limit 1", + $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d", dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), @@ -790,13 +790,13 @@ function attach_delete($channel_id, $resource) { } // delete from database - $z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", + $z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d", dbesc($resource), intval($channel_id) ); // update the parent folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc(datetime_convert()), dbesc($r[0]['folder']), intval($channel_id) @@ -831,7 +831,7 @@ function get_cloudpath($arr) { $lfile = $arr['folder']; do { - $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d ) + $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 limit 1", intval($arr['uid']), dbesc($lfile), diff --git a/include/auth.php b/include/auth.php index 8f68fc562..94c64e58d 100644 --- a/include/auth.php +++ b/include/auth.php @@ -123,7 +123,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && // if our authenticated guest is allowed to take control of the admin channel, make it so. $admins = get_config('system', 'remote_admin'); if($admins && is_array($admins) && in_array($_SESSION['visitor_id'], $admins)) { - $x = q("select * from account where account_email = '%s' and account_email != '' and ( account_flags & %d ) limit 1", + $x = q("select * from account where account_email = '%s' and account_email != '' and ( account_flags & %d )>0 limit 1", dbesc(get_config('system', 'admin_email')), intval(ACCOUNT_ROLE_ADMIN) ); diff --git a/include/cache.php b/include/cache.php index a70650b5e..4a3f453e1 100644 --- a/include/cache.php +++ b/include/cache.php @@ -21,7 +21,7 @@ dbesc($key) ); if($r) { - q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s' limit 1", + q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s'", dbesc($value), dbesc(datetime_convert()), dbesc($key)); diff --git a/include/chat.php b/include/chat.php index 5c3d0c9d9..533c03dde 100644 --- a/include/chat.php +++ b/include/chat.php @@ -77,7 +77,7 @@ function chatroom_destroy($channel,$arr) { return $ret; } - q("delete from chatroom where cr_id = %d limit 1", + q("delete from chatroom where cr_id = %d", intval($r[0]['cr_id']) ); if($r[0]['cr_id']) { @@ -129,8 +129,11 @@ function chatroom_enter($observer_xchan,$room_id,$status,$client) { } if(intval($x[0]['cr_expire'])) { - $sql = "delete from chat where created < UTC_TIMESTAMP() - INTERVAL " . intval($x[0]['cr_expire']) . " MINUTE and chat_room = " . intval($x[0]['cr_id']); - $r = q($sql); + $r = q("delete from chat where created < %s - INTERVAL %s and chat_room = %d", + db_utcnow(), + db_quoteinterval( intval($x[0]['cr_expire']) . ' MINUTE' ), + intval($x[0]['cr_id']) + ); } $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", @@ -138,7 +141,7 @@ function chatroom_enter($observer_xchan,$room_id,$status,$client) { intval($room_id) ); if($r) { - q("update chatpresence set cp_last = '%s' where cp_id = %d and cp_client = '%s' limit 1", + q("update chatpresence set cp_last = '%s' where cp_id = %d and cp_client = '%s'", dbesc(datetime_convert()), intval($r[0]['cp_id']), dbesc($client) @@ -169,7 +172,7 @@ function chatroom_leave($observer_xchan,$room_id,$client) { dbesc($client) ); if($r) { - q("delete from chatpresence where cp_id = %d limit 1", + q("delete from chatpresence where cp_id = %d", intval($r[0]['cp_id']) ); } diff --git a/include/cli_startup.php b/include/cli_startup.php index f90a75cd1..027d62953 100644 --- a/include/cli_startup.php +++ b/include/cli_startup.php @@ -19,8 +19,8 @@ function cli_startup() { date_default_timezone_set($a->timezone); require_once('include/dba/dba_driver.php'); - $db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data); - unset($db_host, $db_port, $db_user, $db_pass, $db_data); + $db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type); + unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type); }; require_once('include/session.php'); diff --git a/include/config.php b/include/config.php index 3292059d1..9eaa6b2e6 100644 --- a/include/config.php +++ b/include/config.php @@ -154,7 +154,7 @@ function set_config($family, $key, $value) { return $ret; } - $ret = q("UPDATE config SET v = '%s' WHERE cat = '%s' AND k = '%s' LIMIT 1", + $ret = q("UPDATE config SET v = '%s' WHERE cat = '%s' AND k = '%s'", dbesc($dbvalue), dbesc($family), dbesc($key) @@ -185,7 +185,7 @@ function del_config($family, $key) { if(array_key_exists($family, $a->config) && array_key_exists($key, $a->config[$family])) unset($a->config[$family][$key]); - $ret = q("DELETE FROM config WHERE cat = '%s' AND k = '%s' LIMIT 1", + $ret = q("DELETE FROM config WHERE cat = '%s' AND k = '%s'", dbesc($family), dbesc($key) ); @@ -318,7 +318,7 @@ function set_pconfig($uid, $family, $key, $value) { return $ret; } - $ret = q("UPDATE pconfig SET v = '%s' WHERE uid = %d and cat = '%s' AND k = '%s' LIMIT 1", + $ret = q("UPDATE pconfig SET v = '%s' WHERE uid = %d and cat = '%s' AND k = '%s'", dbesc($dbvalue), intval($uid), dbesc($family), @@ -362,7 +362,7 @@ function del_pconfig($uid, $family, $key) { if(x($a->config[$uid][$family], $key)) unset($a->config[$uid][$family][$key]); - $ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s' LIMIT 1", + $ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'", intval($uid), dbesc($family), dbesc($key) @@ -483,7 +483,7 @@ function set_xconfig($xchan, $family, $key, $value) { return $ret; } - $ret = q("UPDATE xconfig SET v = '%s' WHERE xchan = '%s' and cat = '%s' AND k = '%s' LIMIT 1", + $ret = q("UPDATE xconfig SET v = '%s' WHERE xchan = '%s' and cat = '%s' AND k = '%s'", dbesc($dbvalue), dbesc($xchan), dbesc($family), @@ -517,7 +517,7 @@ function del_xconfig($xchan, $family, $key) { if(x($a->config[$xchan][$family], $key)) unset($a->config[$xchan][$family][$key]); - $ret = q("DELETE FROM `xconfig` WHERE `xchan` = '%s' AND `cat` = '%s' AND `k` = '%s' LIMIT 1", + $ret = q("DELETE FROM `xconfig` WHERE `xchan` = '%s' AND `cat` = '%s' AND `k` = '%s'", dbesc($xchan), dbesc($family), dbesc($key) diff --git a/include/datetime.php b/include/datetime.php index 00bac8ad1..bfaa8792b 100644 --- a/include/datetime.php +++ b/include/datetime.php @@ -453,7 +453,10 @@ function update_birthdays() { require_once('include/permissions.php'); $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_dob > utc_timestamp() + interval 7 day and abook_dob < utc_timestamp() + interval 14 day"); + WHERE abook_dob > %s + interval %s and abook_dob < %s + interval %s", + db_utcnow(), db_quoteinterval('7 day'), + db_utcnow(), db_quoteinterval('14 day') + ); if($r) { foreach($r as $rr) { @@ -475,7 +478,7 @@ function update_birthdays() { $z = event_store_event($ev); if($z) { $item_id = event_store_item($ev,$z); - q("update abook set abook_dob = '%s' where abook_id = %d limit 1", + q("update abook set abook_dob = '%s' where abook_id = %d", dbesc(intval($rr['abook_dob']) + 1 . substr($rr['abook_dob'],4)), intval($rr['abook_id']) ); diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php index 3e19b7aa4..2dcdb0234 100755 --- a/include/dba/dba_driver.php +++ b/include/dba/dba_driver.php @@ -1,25 +1,35 @@ <?php /** @file */ -function dba_factory($server, $port,$user,$pass,$db,$install = false) { +function dba_factory($server, $port,$user,$pass,$db,$dbtype,$install = false) { $dba = null; - if(class_exists('mysqli')) { - if (is_null($port)) $port = ini_get("mysqli.default_port"); - require_once('include/dba/dba_mysqli.php'); - $dba = new dba_mysqli($server, $port,$user,$pass,$db,$install); - } - else { - if (is_null($port)) $port = "3306"; - require_once('include/dba/dba_mysql.php'); - $dba = new dba_mysql($server, $port,$user,$pass,$db,$install); + if($dbtype == 1) { + require_once('include/dba/dba_postgres.php'); + if(is_null($port)) $port = 5432; + $dba = new dba_postgres($server, $port, $user, $pass, $db, $install); + } else { + if(class_exists('mysqli')) { + if (is_null($port)) $port = ini_get("mysqli.default_port"); + require_once('include/dba/dba_mysqli.php'); + $dba = new dba_mysqli($server, $port,$user,$pass,$db,$install); + } else { + if (is_null($port)) $port = "3306"; + require_once('include/dba/dba_mysql.php'); + $dba = new dba_mysql($server, $port,$user,$pass,$db,$install); + } } - + define('NULL_DATE', $dba->get_null_date()); + define('ACTIVE_DBTYPE', $dbtype); return $dba; } abstract class dba_driver { - + // legacy behavior + const INSTALL_SCRIPT='install/schema_mysql.sql'; + const NULL_DATE = '0000-00-00 00:00:00'; + const UTC_NOW = 'UTC_TIMESTAMP()'; + protected $debug = 0; protected $db; public $connected = false; @@ -37,6 +47,17 @@ abstract class dba_driver { $this->connect($server, $port, $user,$pass,$db); } + function get_null_date() { + return static::NULL_DATE; + } + + function get_install_script() { + return static::INSTALL_SCRIPT; + } + + function utcnow() { + return static::UTC_NOW; + } function install($server,$user,$pass,$db) { if (!(strlen($server) && strlen($user))){ @@ -67,6 +88,26 @@ abstract class dba_driver { } } + function quote_interval($txt) { + return $txt; + } + + function optimize_table($table) { + q('OPTIMIZE TABLE '.$table); + } + + function concat($fld, $sep) { + return 'GROUP_CONCAT(DISTINCT '.$fld.' SEPARATOR \''.$sep.'\')'; + } + + function escapebin($str) { + return $this->escape($str); + } + + function unescapebin($str) { + return $str; + } + } @@ -95,8 +136,49 @@ function dbesc($str) { else return(str_replace("'","\\'",$str)); } +function dbescbin($str) { + global $db; + return $db->escapebin($str); +} +function dbunescbin($str) { + global $db; + return $db->unescapebin($str); +} +function dbescdate($date) { + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES && $date == '0000-00-00 00:00:00') { + $date = NULL_DATE; + } else if(ACTIVE_DBTYPE != DBTYPE_POSTGRES && $date == '0001-01-01 00:00:00') { + $date = NULL_DATE; + } + return $date; +} + +function db_quoteinterval($txt) { + global $db; + return $db->quote_interval($txt); +} + +function dbesc_identifier($str) { + global $db; + return $db->escape_identifier($txt); +} + +function db_utcnow() { + global $db; + return $db->utcnow(); +} + +function db_optimizetable($table) { + global $db; + $db->optimize_table($table); +} + +function db_concat($fld, $sep) { + global $db; + return $db->concat($fld, $sep); +} // Function: q($sql,$args); // Description: execute SQL query with printf style args. @@ -158,8 +240,11 @@ function dbq($sql) { function dbesc_array_cb(&$item, $key) { - if(is_string($item)) + if(is_string($item)) { + if($item == '0000-00-00 00:00:00' && ACTIVE_DBTYPE == DBTYPE_POSTGRES) + $item = '0001-01-01 00:00:00'; $item = dbesc($item); + } } @@ -169,3 +254,27 @@ function dbesc_array(&$arr) { array_walk($arr,'dbesc_array_cb'); } } + +function db_getfunc($f) { + $lookup = array( + 'rand'=>array( + DBTYPE_MYSQL=>'RAND()', + DBTYPE_POSTGRES=>'RANDOM()' + ), + 'utc_timestamp'=>array( + DBTYPE_MYSQL=>'UTC_TIMESTAMP()', + DBTYPE_POSTGRES=>"now() at time zone 'UTC'" + ), + 'regexp'=>array( + DBTYPE_MYSQL=>'REGEXP', + DBTYPE_POSTGRES=>'~' + ) + ); + $f = strtolower($f); + if(isset($lookup[$f]) && isset($lookup[$f][ACTIVE_DBTYPE])) + return $lookup[$f][ACTIVE_DBTYPE]; + + logger('Unable to abstract DB function "'. $f . '"', LOG_DEBUG); + return $f; +} + diff --git a/include/dba/dba_postgres.php b/include/dba/dba_postgres.php new file mode 100644 index 000000000..a390292a5 --- /dev/null +++ b/include/dba/dba_postgres.php @@ -0,0 +1,112 @@ +<?php + +require_once('include/dba/dba_driver.php'); + + +class dba_postgres extends dba_driver { + const INSTALL_SCRIPT='install/schema_postgres.sql'; + const NULL_DATE = '0001-01-01 00:00:00'; + const UTC_NOW = "now() at time zone 'UTC'"; + + function connect($server,$port,$user,$pass,$db) { + if(!$port) $port = 5432; + $connstr = 'host=' . $server . ' port='.$port . ' user=' . $user . ' password=' . $pass . ' dbname='. $db; + $this->db = pg_connect($connstr); + if($this->db !== false) { + $this->connected = true; + } else { + $this->connected = false; + } + $this->q("SET standard_conforming_strings = 'off'; SET backslash_quote = 'on';"); // emulate mysql string escaping to prevent massive code-clobber + return $this->connected; + } + + function q($sql) { + if((! $this->db) || (! $this->connected)) + return false; + + if(!strpos($sql, ';')) + $sql .= ';'; + + if(strpos($sql, '`')) // this is a hack. quoted identifiers should be replaced everywhere in the code with dbesc_identifier(), remove this once it is + $sql = str_replace('`', '"', $sql); + + $this->error = ''; + $result = @pg_query($this->db, $sql); + if(file_exists('db-allqueries.out')) { + $bt = debug_backtrace(); + $trace = array(); + foreach($bt as $frame) { + if(!empty($frame['file']) && @strstr($frame['file'], $_SERVER['DOCUMENT_ROOT'])) + $frame['file'] = substr($frame['file'], strlen($_SERVER['DOCUMENT_ROOT'])+1); + + $trace[] = $frame['file'] . ':' . $frame['function'] . '():' . $frame['line'] ; + } + $compact = join(', ', $trace); + file_put_contents('db-allqueries.out', datetime_convert() . ": " . $sql . ' is_resource: '.var_export(is_resource($result), true).', backtrace: '.$compact."\n\n", FILE_APPEND); + } + + if($result === false) + $this->error = pg_last_error($this->db); + + if($result === false || $this->error) { + //logger('dba_postgres: ' . printable($sql) . ' returned false.' . "\n" . $this->error); + if(file_exists('dbfail.out')) + file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n" . $this->error . "\n", FILE_APPEND); + } + + if(($result === true) || ($result === false)) + return $result; + + if(pg_result_status($result) == PGSQL_COMMAND_OK) + return true; + + $r = array(); + if(pg_num_rows($result)) { + while($x = pg_fetch_array($result, null, PGSQL_ASSOC)) + $r[] = $x; + pg_free_result($result); + if($this->debug) + logger('dba_postgres: ' . printable(print_r($r,true))); + } + return $r; + } + + function escape($str) { + if($this->db && $this->connected) { + $x = @pg_escape_string($this->db, $str); + return $x; + } + } + + function escapebin($str) { + return pg_escape_bytea($str); + } + + function unescapebin($str) { + return pg_unescape_bytea($str); + } + + function close() { + if($this->db) + pg_close($this->db); + $this->connected = false; + } + + function quote_interval($txt) { + return "'$txt'"; + } + + function escape_identifier($str) { + return pg_escape_identifier($this->db, $str); + } + + function optimize_table($table) { + // perhaps do some equivalent thing here, vacuum, etc? I think this is the DBA's domain anyway. Applications should not need to muss with this. + // for now do nothing without a compelling reason. function overrides default legacy mysql. + } + + function concat($fld, $sep) { + return 'string_agg(' . $fld . ',\'' . $sep . '\')'; + } +}
\ No newline at end of file diff --git a/include/deliver.php b/include/deliver.php index 8f6ba543d..a9f4fc220 100644 --- a/include/deliver.php +++ b/include/deliver.php @@ -24,13 +24,13 @@ function deliver_run($argv, $argc) { $result = z_post_url($r[0]['outq_posturl'],$r[0]['outq_msg']); if($result['success'] && $result['return_code'] < 300) { logger('deliver: queue post success to ' . $r[0]['outq_posturl'], LOGGER_DEBUG); - $y = q("delete from outq where outq_hash = '%s' limit 1", + $y = q("delete from outq where outq_hash = '%s'", dbesc($argv[$x]) ); } else { logger('deliver: queue post returned ' . $result['return_code'] . ' from ' . $r[0]['outq_posturl'],LOGGER_DEBUG); - $y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", + $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'", dbesc(datetime_convert()), dbesc($argv[$x]) ); @@ -62,7 +62,7 @@ function deliver_run($argv, $argc) { $msg = array('body' => json_encode(array('pickup' => array(array('notify' => $notify,'message' => $m))))); zot_import($msg,z_root()); } - $r = q("delete from outq where outq_hash = '%s' limit 1", + $r = q("delete from outq where outq_hash = '%s'", dbesc($argv[$x]) ); } @@ -74,7 +74,7 @@ function deliver_run($argv, $argc) { zot_process_response($r[0]['outq_posturl'],$result, $r[0]); } else { - $y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", + $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'", dbesc(datetime_convert()), dbesc($argv[$x]) ); diff --git a/include/diaspora.php b/include/diaspora.php index c6d4b7423..81ed9f3ab 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -657,7 +657,7 @@ function diaspora_request($importer,$xml) { $newperms = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK|PERMS_W_STREAM|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT|PERMS_R_STORAGE|PERMS_R_PAGES; - $r = q("update abook set abook_their_perms = %d where abook_id = %d and abook_channel = %d limit 1", + $r = q("update abook set abook_their_perms = %d where abook_id = %d and abook_channel = %d", intval($newperms), intval($contact['abook_id']), intval($importer['channel_id']) @@ -675,7 +675,7 @@ function diaspora_request($importer,$xml) { $default_perms = 0; // look for default permissions to apply in return - e.g. auto-friend - $z = q("select * from abook where abook_channel = %d and (abook_flags & %d) limit 1", + $z = q("select * from abook where abook_channel = %d and (abook_flags & %d)>0 limit 1", intval($importer['channel_id']), intval(ABOOK_FLAG_SELF) ); diff --git a/include/dir_fns.php b/include/dir_fns.php index f58e7c307..8f27fb85d 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -38,7 +38,7 @@ function check_upstream_directory() { */ $directory = get_config('system','directory_server'); if ($directory) { - $r = q("select * from site where site_url = '%s' and (site_flags & %d) ", + $r = q("select * from site where site_url = '%s' and (site_flags & %d)>0 ", dbesc($directory), intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY|DIRECTORY_MODE_STANDALONE) ); @@ -86,14 +86,14 @@ function sync_directories($dirmode) { $realm = get_directory_realm(); if($realm == DIRECTORY_REALM) { - $r = q("select * from site where (site_flags & %d) and site_url != '%s' and ( site_realm = '%s' or site_realm = '') ", + $r = q("select * from site where (site_flags & %d)>0 and site_url != '%s' and ( site_realm = '%s' or site_realm = '') ", intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY), dbesc(z_root()), dbesc($realm) ); } else { - $r = q("select * from site where (site_flags & %d) and site_url != '%s' and site_realm like '%s' ", + $r = q("select * from site where (site_flags & %d)>0 and site_url != '%s' and site_realm like '%s' ", intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY), dbesc(z_root()), dbesc(protect_sprintf('%' . $realm . '%')) @@ -120,7 +120,7 @@ function sync_directories($dirmode) { dbesc($r[0]['site_realm']) ); - $r = q("select * from site where (site_flags & %d) and site_url != '%s'", + $r = q("select * from site where (site_flags & %d)>0 and site_url != '%s'", intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY), dbesc(z_root()) ); @@ -146,7 +146,7 @@ function sync_directories($dirmode) { if((! $j['transactions']) || (! is_array($j['transactions']))) continue; - q("update site set site_sync = '%s' where site_url = '%s' limit 1", + q("update site set site_sync = '%s' where site_url = '%s'", dbesc(datetime_convert()), dbesc($rr['site_url']) ); @@ -267,7 +267,7 @@ function local_dir_update($uid,$force) { if($new_flags != $r[0]['xchan_flags']) { - $r = q("update xchan set xchan_flags = %d where xchan_hash = '%s' limit 1", + $r = q("update xchan set xchan_flags = %d where xchan_hash = '%s'", intval($new_flags), dbesc($p[0]['channel_hash']) ); @@ -281,10 +281,10 @@ function local_dir_update($uid,$force) { } else { // they may have made it private - $r = q("delete from xprof where xprof_hash = '%s' limit 1", + $r = q("delete from xprof where xprof_hash = '%s'", dbesc($hash) ); - $r = q("delete from xtag where xtag_hash = '%s' limit 1", + $r = q("delete from xtag where xtag_hash = '%s'", dbesc($hash) ); } diff --git a/include/directory.php b/include/directory.php index 60070f7ec..a7324a99a 100644 --- a/include/directory.php +++ b/include/directory.php @@ -42,7 +42,7 @@ function directory_run($argv, $argc){ local_dir_update($argv[1],$force); - q("update channel set channel_dirdate = '%s' where channel_id = %d limit 1", + q("update channel set channel_dirdate = '%s' where channel_id = %d", dbesc(datetime_convert()), intval($channel['channel_id']) ); @@ -85,7 +85,7 @@ function directory_run($argv, $argc){ ); } else { - q("update channel set channel_dirdate = '%s' where channel_id = %d limit 1", + q("update channel set channel_dirdate = '%s' where channel_id = %d", dbesc(datetime_convert()), intval($channel['channel_id']) ); diff --git a/include/enotify.php b/include/enotify.php index 2503f9ab0..f3eb80117 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -18,7 +18,7 @@ function notification($params) { } if($params['to_xchan']) { $y = q("select channel.*, account.* from channel left join account on channel_account_id = account_id - where channel_hash = '%s' and not (channel_pageflags & %d) limit 1", + where channel_hash = '%s' and not (channel_pageflags & %d)>0 limit 1", dbesc($params['to_xchan']), intval(PAGE_REMOVED) ); @@ -394,7 +394,7 @@ function notification($params) { if(($a->language === 'en' || (! $a->language)) && strpos($msg,', ')) $msg = substr($msg,strpos($msg,', ')+1); - $r = q("update notify set msg = '%s' where id = %d and uid = %d limit 1", + $r = q("update notify set msg = '%s' where id = %d and uid = %d", dbesc($msg), intval($notify_id), intval($datarray['uid']) diff --git a/include/event.php b/include/event.php index 03ecaa0a7..d95e8b401 100644 --- a/include/event.php +++ b/include/event.php @@ -183,7 +183,7 @@ function event_store_event($arr) { `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' - WHERE `id` = %d AND `uid` = %d LIMIT 1", + WHERE `id` = %d AND `uid` = %d", dbesc($arr['edited']), dbesc($arr['start']), @@ -284,7 +284,7 @@ function event_addtocal($item_id, $uid) { $event = event_store_event($ev); if($event) { - $r = q("update item set resource_id = '%s', resource_type = 'event' where id = %d and uid = %d limit 1", + $r = q("update item set resource_id = '%s', resource_type = 'event' where id = %d and uid = %d", dbesc($event['event_hash']), intval($item['id']), intval($channel['channel_id']) @@ -359,7 +359,7 @@ function event_store_item($arr,$event) { $private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0); - q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d LIMIT 1", + q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d", dbesc($arr['summary']), dbesc($prefix . format_event_bbcode($arr)), dbesc($object), diff --git a/include/expire.php b/include/expire.php index 442914a39..a229bd4ac 100644 --- a/include/expire.php +++ b/include/expire.php @@ -7,9 +7,10 @@ function expire_run($argv, $argc){ cli_startup(); - $r = q("select id from item where (item_restrict & %d) and not (item_restrict & %d) and changed < UTC_TIMESTAMP() - INTERVAL 10 DAY", + $r = q("select id from item where (item_restrict & %d)>0 and not (item_restrict & %d)>0 and changed < %s - INTERVAL %s", intval(ITEM_DELETED), - intval(ITEM_PENDING_REMOVE) + intval(ITEM_PENDING_REMOVE), + db_utcnow(), db_quoteinterval('10 DAY') ); if($r) { foreach($r as $rr) { @@ -19,8 +20,9 @@ function expire_run($argv, $argc){ // physically remove anything that has been deleted for more than two months - $r = q("delete from item where ( item_restrict & %d ) and changed < UTC_TIMESTAMP() - INTERVAL 36 DAY", - intval(ITEM_PENDING_REMOVE) + $r = q("delete from item where ( item_restrict & %d )>0 and changed < %s - INTERVAL %s", + intval(ITEM_PENDING_REMOVE), + db_utcnow(), db_quoteinterval('36 DAY') ); // make this optional as it could have a performance impact on large sites diff --git a/include/externals.php b/include/externals.php index 280daf4a4..0be5d0fde 100644 --- a/include/externals.php +++ b/include/externals.php @@ -25,7 +25,8 @@ function externals_run($argv, $argc){ $url = $arr['url']; } else { - $r = q("select site_url, site_pull from site where site_url != '%s' and site_flags != %d order by rand() limit 1", + $randfunc = db_getfunc('RAND'); + $r = q("select site_url, site_pull from site where site_url != '%s' and site_flags != %d order by $randfunc limit 1", dbesc(z_root()), intval(DIRECTORY_MODE_STANDALONE) ); @@ -76,7 +77,7 @@ function externals_run($argv, $argc){ $x = z_fetch_url($feedurl); if(($x) && ($x['success'])) { - q("update site set site_pull = '%s' where site_url = '%s' limit 1", + q("update site set site_pull = '%s' where site_url = '%s'", dbesc(datetime_convert()), dbesc($url) ); @@ -99,12 +100,12 @@ $z = null; $flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK; // preserve the source - $r = q("update item set source_xchan = owner_xchan where id = %d limit 1", + $r = q("update item set source_xchan = owner_xchan where id = %d", intval($z[0]['id']) ); $r = q("update item set item_flags = ( item_flags | %d ), owner_xchan = '%s' - where id = %d limit 1", + where id = %d", intval($flag_bits), dbesc($sys['xchan_hash']), intval($z[0]['id']) diff --git a/include/follow.php b/include/follow.php index 20fd7f5fc..af75354de 100644 --- a/include/follow.php +++ b/include/follow.php @@ -37,7 +37,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) // check service class limits - $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ", + $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d)>0 ", intval($uid), intval(ABOOK_FLAG_SELF) ); @@ -209,8 +209,9 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) return $result; } - $r = q("select count(*) as total from abook where abook_account = %d and ( abook_flags & ABOOK_FLAG_FEED )", - intval($aid) + $r = q("select count(*) as total from abook where abook_account = %d and ( abook_flags & %d )>0", + intval($aid), + intval(ABOOK_FLAG_FEED) ); if($r) $total_feeds = $r[0]['total']; @@ -231,7 +232,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) intval($uid) ); if($r) { - $x = q("update abook set abook_their_perms = %d where abook_id = %d limit 1", + $x = q("update abook set abook_their_perms = %d where abook_id = %d", intval($their_perms), intval($r[0]['abook_id']) ); diff --git a/include/group.php b/include/group.php index d4f08108f..28cf5d80d 100644 --- a/include/group.php +++ b/include/group.php @@ -18,10 +18,11 @@ function group_add($uid,$name,$public = 0) { intval($r) ); if(count($z) && $z[0]['deleted']) { - $r = q("UPDATE `groups` SET `deleted` = 0 WHERE `uid` = %d AND `name` = '%s' LIMIT 1", + /*$r = q("UPDATE `groups` SET `deleted` = 0 WHERE `uid` = %d AND `name` = '%s' LIMIT 1", intval($uid), dbesc($name) - ); + );*/ + q('UPDATE groups SET deleted = 0 WHERE id = %d', intval($z[0]['id'])); notice( t('A deleted group with this name was revived. Existing item permissions <strong>may</strong> apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); } return true; @@ -107,7 +108,7 @@ function group_rmv($uid,$name) { ); // remove group - $r = q("UPDATE `groups` SET `deleted` = 1 WHERE `uid` = %d AND `name` = '%s' LIMIT 1", + $r = q("UPDATE `groups` SET `deleted` = 1 WHERE `uid` = %d AND `name` = '%s'", intval($uid), dbesc($name) ); @@ -152,7 +153,7 @@ function group_rmv_member($uid,$name,$member) { return false; if(! ( $uid && $gid && $member)) return false; - $r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND xchan = '%s' LIMIT 1 ", + $r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND xchan = '%s' ", intval($uid), intval($gid), dbesc($member) @@ -199,7 +200,7 @@ function group_get_members($gid) { if(intval($gid)) { $r = q("SELECT * FROM `group_member` LEFT JOIN abook ON abook_xchan = `group_member`.`xchan` left join xchan on xchan_hash = abook_xchan - WHERE `gid` = %d AND abook_channel = %d and `group_member`.`uid` = %d and not ( xchan_flags & %d ) and not ( abook_flags & %d ) and not ( abook_flags & %d ) ORDER BY xchan_name ASC ", + WHERE `gid` = %d AND abook_channel = %d and `group_member`.`uid` = %d and not ( xchan_flags & %d )>0 and not ( abook_flags & %d )>0 and not ( abook_flags & %d )>0 ORDER BY xchan_name ASC ", intval($gid), intval(local_user()), intval(local_user()), diff --git a/include/hubloc.php b/include/hubloc.php index 0a1b51331..43187fcee 100644 --- a/include/hubloc.php +++ b/include/hubloc.php @@ -96,7 +96,7 @@ function remove_obsolete_hublocs() { ? intval(get_config('system','delivery_interval')) : 2 ); foreach($r as $rr) { - q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d limit 1", + q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d", intval(HUBLOC_FLAGS_DELETED), intval($rr['hubloc_id']) ); @@ -134,7 +134,7 @@ function hubloc_change_primary($hubloc) { dbesc($hubloc['hubloc_hash']) ); if(($r) && (! $r[0]['channel_primary'])) { - q("update channel set channel_primary = 1 where channel_id = %d limit 1", + q("update channel set channel_primary = 1 where channel_id = %d", intval($r[0]['channel_id']) ); } @@ -156,7 +156,7 @@ function hubloc_change_primary($hubloc) { $url = $hubloc['hubloc_url']; $lwebbie = substr($hubloc['hubloc_addr'],0,strpos($hubloc['hubloc_addr'],'@')); - $r = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_follow = '%s', xchan_connurl = '%s' where xchan_hash = '%s' limit 1", + $r = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_follow = '%s', xchan_connurl = '%s' where xchan_hash = '%s'", dbesc($hubloc['hubloc_addr']), dbesc($url . '/channel/' . $lwebbie), dbesc($url . '/follow?f=&url=%s'), @@ -214,7 +214,7 @@ function xchan_store($arr) { return $r; $photos = import_profile_photo($arr['photo'],$arr['hash']); - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), diff --git a/include/identity.php b/include/identity.php index 9a574ea65..11dab7744 100644 --- a/include/identity.php +++ b/include/identity.php @@ -22,7 +22,7 @@ require_once('include/crypto.php'); function identity_check_service_class($account_id) { $ret = array('success' => false, $message => ''); - $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d ) ", + $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0 ", intval($account_id), intval(PAGE_REMOVED) ); @@ -104,7 +104,7 @@ function create_sys_channel() { } function get_sys_channel() { - $r = q("select * from channel left join xchan on channel_hash = xchan_hash where (channel_pageflags & %d) limit 1", + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where (channel_pageflags & %d)>0 limit 1", intval(PAGE_SYSTEM) ); if($r) @@ -132,7 +132,7 @@ function is_sys_channel($channel_id) { */ function channel_total() { - $r = q("select channel_id from channel where not ( channel_pageflags & %d )", + $r = q("select channel_id from channel where not ( channel_pageflags & %d )>0", intval(PAGE_REMOVED) ); @@ -390,7 +390,7 @@ function create_identity($arr) { dbesc( t('Friends') ) ); if($r) { - q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d limit 1", + q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d", dbesc($r[0]['hash']), dbesc('<' . $r[0]['hash'] . '>'), intval($newuid) @@ -446,7 +446,7 @@ function set_default_login_identity($account_id,$channel_id,$force = true) { ); if($r) { if((intval($r[0]['account_default_channel']) == 0) || ($force)) { - $r = q("update account set account_default_channel = %d where account_id = %d limit 1", + $r = q("update account set account_default_channel = %d where account_id = %d", intval($channel_id), intval($account_id) ); @@ -584,7 +584,7 @@ function identity_basic_export($channel_id, $items = false) { // warning: this may run into memory limits on smaller systems - $r = q("select * from item where (item_flags & %d) and not (item_restrict & %d) and uid = %d", + $r = q("select * from item where (item_flags & %d)>0 and not (item_restrict & %d)>0 and uid = %d", intval(ITEM_WALL), intval(ITEM_DELETED), intval($channel_id) @@ -673,7 +673,7 @@ function profile_load(&$a, $nickname, $profile = '') { if(! $p) { $p = q("SELECT profile.uid AS profile_uid, profile.*, channel.* FROM profile LEFT JOIN channel ON profile.uid = channel.channel_id - WHERE channel.channel_address = '%s' and not ( channel_pageflags & %d ) + WHERE channel.channel_address = '%s' and not ( channel_pageflags & %d )>0 AND profile.is_default = 1 LIMIT 1", dbesc($nickname), intval(PAGE_REMOVED) @@ -1466,7 +1466,7 @@ function get_channel_by_nick($nick) { function identity_selector() { if(local_user()) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d )>0 order by channel_name ", intval(get_account_id()), intval(PAGE_REMOVED) ); @@ -1546,7 +1546,7 @@ function notifications_off($channel_id) { $r = q("select channel_notifyflags from channel where channel_id = %d limit 1", intval($channel_id) ); - $x = q("update channel set channel_notifyflags = 0 where channel_id = %d limit 1", + $x = q("update channel set channel_notifyflags = 0 where channel_id = %d", intval($channel_id) ); @@ -1556,7 +1556,7 @@ function notifications_off($channel_id) { function notifications_on($channel_id,$value) { - $x = q("update channel set channel_notifyflags = %d where channel_id = %d limit 1", + $x = q("update channel set channel_notifyflags = %d where channel_id = %d", intval($value), intval($channel_id) ); diff --git a/include/items.php b/include/items.php index d173e1a98..d27d6e64c 100755 --- a/include/items.php +++ b/include/items.php @@ -30,7 +30,7 @@ function collect_recipients($item,&$private_envelope) { // as that would allow the denied person to see the post by logging out. if((! $item['allow_cid']) && (! $item['allow_gid'])) { - $r = q("select * from abook where abook_channel = %d and not (abook_flags & %d) ", + $r = q("select * from abook where abook_channel = %d and not (abook_flags & %d)>0 ", intval($item['uid']), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED) ); @@ -68,7 +68,7 @@ function collect_recipients($item,&$private_envelope) { $private_envelope = false; if(array_key_exists('public_policy',$item) && $item['public_policy'] !== 'self') { - $r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d) ", + $r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d)>0 ", intval($item['uid']), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED) ); @@ -258,7 +258,7 @@ function add_source_route($iid,$hash) { ); if($r) { $new_route = (($r[0]['route']) ? $r[0]['route'] . ',' : '') . $hash; - q("update item set route = '%s' where id = %d limit 1", + q("update item set route = '%s' where id = %d", (dbesc($new_route)), intval($iid) ); @@ -969,7 +969,7 @@ function import_author_rss($x) { $photos = import_profile_photo($x['photo']['src'],$x['url']); if($photos) { - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'rss' limit 1", + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'rss'", dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc($photos[0]), dbesc($photos[1]), @@ -1014,7 +1014,7 @@ function import_author_unknown($x) { $photos = import_profile_photo($x['photo']['src'],$x['url']); if($photos) { - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'unknown' limit 1", + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'unknown'", dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc($photos[0]), dbesc($photos[1]), @@ -2213,7 +2213,7 @@ function item_store($arr,$allow_exec = false) { $r = q("UPDATE item SET parent = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', public_policy = '%s', item_private = %d, comments_closed = '%s' - WHERE id = %d LIMIT 1", + WHERE id = %d", intval($parent_id), dbesc($allow_cid), dbesc($allow_gid), @@ -2258,13 +2258,13 @@ function item_store($arr,$allow_exec = false) { // update the commented timestamp on the parent - $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and not ( item_restrict & %d ) ", + $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and not ( item_restrict & %d )>0 ", dbesc($arr['parent_mid']), intval($arr['uid']), intval(ITEM_DELAYED_PUBLISH) ); - q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d LIMIT 1", + q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d", dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), dbesc(datetime_convert()), intval($parent_id) @@ -2476,7 +2476,7 @@ function item_store_update($arr,$allow_exec = false) { $str .= " `" . $k . "` = '" . $v . "' "; } - $r = dbq("update `item` set " . $str . " where id = " . $orig_post_id . " limit 1"); + $r = dbq("update `item` set " . $str . " where id = " . $orig_post_id ); if($r) logger('item_store_update: updated item ' . $orig_post_id, LOGGER_DEBUG); @@ -2553,7 +2553,7 @@ function store_diaspora_comment_sig($datarray, $channel, $parent_item, $post_id, $key = get_config('system','pubkey'); $y = crypto_encapsulate(json_encode($x),$key); - $r = q("update item set diaspora_meta = '%s' where id = %d limit 1", + $r = q("update item set diaspora_meta = '%s' where id = %d", dbesc(json_encode($y)), intval($post_id) ); @@ -2749,7 +2749,7 @@ function tag_deliver($uid,$item_id) { $taglink = get_rel_link($j_obj['link'],'alternate'); store_item_tag($u[0]['channel_id'],$p[0]['id'],TERM_OBJ_POST,TERM_HASHTAG,$j_obj['title'],$j_obj['id']); - $x = q("update item set edited = '%s', received = '%s', changed = '%s' where mid = '%s' and uid = %d limit 1", + $x = q("update item set edited = '%s', received = '%s', changed = '%s' where mid = '%s' and uid = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -2815,7 +2815,7 @@ function tag_deliver($uid,$item_id) { if($mention) { logger('tag_deliver: mention found for ' . $u[0]['channel_name']); - $r = q("update item set item_flags = ( item_flags | %d ) where id = %d limit 1", + $r = q("update item set item_flags = ( item_flags | %d ) where id = %d", intval(ITEM_MENTIONSME), intval($item_id) ); @@ -2930,7 +2930,7 @@ function tgroup_check($uid,$item) { // or is a followup and we have already accepted the top level post as an uplink if($item['mid'] != $item['parent_mid']) { - $r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d ) limit 1", + $r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d )>0 limit 1", dbesc($item['parent_mid']), intval($uid), intval(ITEM_UPLINK) @@ -3020,14 +3020,14 @@ function start_delivery_chain($channel,$item,$item_id,$parent) { // when we created the delivery fork if($parent) { - $r = q("update item set source_xchan = '%s' where id = %d limit 1", + $r = q("update item set source_xchan = '%s' where id = %d", dbesc($parent['source_xchan']), intval($item_id) ); } else { $flag_bits = $flag_bits | ITEM_UPLINK; - $r = q("update item set source_xchan = owner_xchan where id = %d limit 1", + $r = q("update item set source_xchan = owner_xchan where id = %d", intval($item_id) ); } @@ -3057,7 +3057,7 @@ function start_delivery_chain($channel,$item,$item_id,$parent) { } $r = q("update item set item_flags = %d, owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s', - deny_cid = '%s', deny_gid = '%s', item_private = %d, public_policy = '%s', comment_policy = '%s', title = '%s', body = '%s' where id = %d limit 1", + deny_cid = '%s', deny_gid = '%s', item_private = %d, public_policy = '%s', comment_policy = '%s', title = '%s', body = '%s' where id = %d", intval($flag_bits), dbesc($channel['channel_hash']), dbesc($channel['channel_allow_cid']), @@ -3097,7 +3097,7 @@ function start_delivery_chain($channel,$item,$item_id,$parent) { function check_item_source($uid,$item) { - $r = q("select * from source where src_channel_id = %d and ( src_xchan = '%s' || src_xchan = '*' ) limit 1", + $r = q("select * from source where src_channel_id = %d and ( src_xchan = '%s' or src_xchan = '*' ) limit 1", intval($uid), dbesc(($item['source_xchan']) ? $item['source_xchan'] : $item['owner_xchan']) ); @@ -3837,17 +3837,17 @@ function item_expire($uid,$days) { $expire_network_only = 1; - $sql_extra = ((intval($expire_network_only)) ? " AND not (item_flags & " . intval(ITEM_WALL) . ") " : ""); + $sql_extra = ((intval($expire_network_only)) ? " AND not (item_flags & " . intval(ITEM_WALL) . ")>0 " : ""); $r = q("SELECT * FROM `item` WHERE `uid` = %d - AND `created` < UTC_TIMESTAMP() - INTERVAL %d DAY + AND `created` < %s - INTERVAL %s AND `id` = `parent` $sql_extra - AND NOT ( item_flags & %d ) + AND NOT ( item_flags & %d )>0 AND (item_restrict = 0 ) ", intval($uid), - intval($days), + db_utcnow(), db_quoteinterval(intval($days).' DAY'), intval(ITEM_RETAINED) ); @@ -3885,7 +3885,7 @@ function item_expire($uid,$days) { } function retain_item($id) { - $r = q("update item set item_flags = (item_flags | %d ) where id = %d limit 1", + $r = q("update item set item_flags = (item_flags | %d ) where id = %d", intval(ITEM_RETAINED), intval($id) ); @@ -3961,7 +3961,7 @@ function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL) { // set the deleted flag immediately on this item just in case the // hook calls a remote process which loops. We'll delete it properly in a second. - $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ) WHERE id = %d LIMIT 1", + $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ) WHERE id = %d", intval(ITEM_DELETED), intval($item['id']) ); @@ -4018,7 +4018,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { switch($stage) { case DROPITEM_PHASE2: $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), body = '', title = '', - changed = '%s', edited = '%s' WHERE id = %d LIMIT 1", + changed = '%s', edited = '%s' WHERE id = %d", intval(ITEM_PENDING_REMOVE), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -4028,7 +4028,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { case DROPITEM_PHASE1: $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), - changed = '%s', edited = '%s' WHERE id = %d LIMIT 1", + changed = '%s', edited = '%s' WHERE id = %d", intval(ITEM_DELETED), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -4039,7 +4039,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { case DROPITEM_NORMAL: default: $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), body = '', title = '', - changed = '%s', edited = '%s' WHERE id = %d LIMIT 1", + changed = '%s', edited = '%s' WHERE id = %d", intval(ITEM_DELETED), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -4051,7 +4051,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { // immediately remove any undesired profile likes. - q("delete from likes where iid = %d and channel_id = %d limit 1", + q("delete from likes where iid = %d and channel_id = %d", intval($item['id']), intval($item['uid']) ); @@ -4062,7 +4062,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { if(strlen($item['resource_id'])) { if($item['resource_type'] === 'event') { - q("delete from event where event_hash = '%s' and uid = %d limit 1", + q("delete from event where event_hash = '%s' and uid = %d", dbesc($item['resource_id']), intval($item['uid']) ); @@ -4082,12 +4082,12 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { if($stage == DROPITEM_PHASE1) return true; - $r = q("delete from term where otype = %d and oid = %d limit 1", + $r = q("delete from term where otype = %d and oid = %d", intval(TERM_OBJ_POST), intval($item['id']) ); - q("delete from item_id where iid = %d and uid = %d limit 1", + q("delete from item_id where iid = %d and uid = %d", intval($item['id']), intval($item['uid']) ); @@ -4106,7 +4106,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { function first_post_date($uid,$wall = false) { - $wall_sql = (($wall) ? sprintf(" and item_flags & %d ", ITEM_WALL) : "" ); + $wall_sql = (($wall) ? sprintf(" and (item_flags & %d)>0 ", ITEM_WALL) : "" ); $r = q("select id, created from item where item_restrict = %d and uid = %d and id = parent $wall_sql @@ -4297,19 +4297,19 @@ function zot_feed($uid,$observer_xchan,$arr) { if(is_sys_channel($uid)) { require_once('include/security.php'); - $r = q("SELECT distinct parent from item + $r = q("SELECT distinct parent, created from item WHERE uid != %d and uid in (" . stream_perms_api_uids(PERMS_PUBLIC) . ") AND item_restrict = 0 - AND (item_flags & %d) + AND (item_flags & %d)>0 and item_private = 0 $sql_extra ORDER BY created ASC $limit", intval($uid), intval(ITEM_WALL) ); } else { - $r = q("SELECT distinct parent from item + $r = q("SELECT distinct parent, created from item WHERE uid = %d AND item_restrict = 0 - AND (item_flags & %d) + AND (item_flags & %d)>0 $sql_extra ORDER BY created ASC $limit", intval($uid), intval(ITEM_WALL) @@ -4372,12 +4372,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } if($arr['star']) - $sql_options .= " and (item_flags & " . intval(ITEM_STARRED) . ") "; + $sql_options .= " and (item_flags & " . intval(ITEM_STARRED) . ")>0 "; if($arr['wall']) - $sql_options .= " and (item_flags & " . intval(ITEM_WALL) . ") "; + $sql_options .= " and (item_flags & " . intval(ITEM_WALL) . ")>0 "; - $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) "; + $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ")>0 $sql_options ) "; if($arr['since_id']) $sql_extra .= " and item.id > " . $since_id . " "; @@ -4415,7 +4415,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } elseif($arr['cid'] && $uid) { - $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ") limit 1", + $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ")>0 limit 1", intval($arr['cid']), intval(local_user()) ); @@ -4455,7 +4455,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } if($arr['conv'] && $channel) { - $sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or ( item_flags & %d ))) ", + $sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or ( item_flags & %d )>0)) ", dbesc(protect_sprintf($uidhash)), intval(ITEM_MENTIONSME) ); @@ -4471,11 +4471,11 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C else { $itemspage = (($channel) ? get_pconfig($uid,'system','itemspage') : 20); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); - $pager_sql = sprintf(" LIMIT %d, %d ",intval(get_app()->pager['start']), intval(get_app()->pager['itemspage'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(get_app()->pager['itemspage']), intval(get_app()->pager['start'])); } if(isset($arr['start']) && isset($arr['records'])) - $pager_sql = sprintf(" LIMIT %d, %d ",intval($arr['start']), intval($arr['records'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($arr['records']), intval($arr['start'])); if(array_key_exists('cmin',$arr) || array_key_exists('cmax',$arr)) { if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { @@ -4497,7 +4497,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } } - $simple_update = (($client_mode & CLIENT_MODE_UPDATE) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : ''); + $simple_update = (($client_mode & CLIENT_MODE_UPDATE) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " )>0 " : ''); if($client_mode & CLIENT_MODE_LOAD) $simple_update = ''; @@ -4541,7 +4541,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C // Fetch a page full of parent items for this page - $r = q("SELECT distinct item.id AS item_id FROM item + $r = q("SELECT distinct item.id AS item_id, item.$ordering FROM item left join abook on item.author_xchan = abook.abook_xchan WHERE $item_uids $item_restrict AND item.parent = item.id @@ -4639,7 +4639,7 @@ function update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remo dbesc($page_type) ); if($r) { - q("update item_id set sid = '%s' where id = %d limit 1", + q("update item_id set sid = '%s' where id = %d", dbesc(($pagetitle) ? $pagetitle : substr($mid,0,16)), intval($r[0]['id']) ); @@ -4670,7 +4670,7 @@ function item_add_cid($xchan_hash,$mid,$uid) { dbesc('<' . $xchan_hash . '>') ); if(! $r) { - $r = q("update item set allow_cid = concat(allow_cid,'%s') where mid = '%s' and uid = %d limit 1", + $r = q("update item set allow_cid = concat(allow_cid,'%s') where mid = '%s' and uid = %d", dbesc('<' . $xchan_hash . '>'), dbesc($mid), intval($uid) @@ -4685,7 +4685,7 @@ function item_remove_cid($xchan_hash,$mid,$uid) { dbesc('<' . $xchan_hash . '>') ); if($r) { - $x = q("update item set allow_cid = '%s' where mid = '%s' and uid = %d limit 1", + $x = q("update item set allow_cid = '%s' where mid = '%s' and uid = %d", dbesc(str_replace('<' . $xchan_hash . '>','',$r[0]['allow_cid'])), dbesc($mid), intval($uid) diff --git a/include/menu.php b/include/menu.php index 8997d2e39..9dc236605 100644 --- a/include/menu.php +++ b/include/menu.php @@ -176,7 +176,7 @@ function menu_edit($arr) { } return q("update menu set menu_name = '%s', menu_desc = '%s', menu_flags = %d - where menu_id = %d and menu_channel_id = %d limit 1", + where menu_id = %d and menu_channel_id = %d", dbesc($menu_name), dbesc($menu_desc), intval($menu_flags), @@ -303,7 +303,7 @@ function menu_edit_item($menu_id, $uid, $arr) { } - $r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d limit 1", + $r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d", dbesc($mitem_link), dbesc($mitem_desc), intval($mitem_flags), @@ -323,7 +323,7 @@ function menu_edit_item($menu_id, $uid, $arr) { function menu_del_item($menu_id,$uid,$item_id) { - $r = q("delete from menu_item where mitem_menu_id = %d and mitem_channel_id = %d and mitem_id = %d limit 1", + $r = q("delete from menu_item where mitem_menu_id = %d and mitem_channel_id = %d and mitem_id = %d", intval($menu_id), intval($uid), intval($item_id) diff --git a/include/message.php b/include/message.php index b063530d6..49278f273 100644 --- a/include/message.php +++ b/include/message.php @@ -243,7 +243,7 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $limit = ''; if($numitems) - $limit = " LIMIT " . intval($start) . ", " . intval($numitems); + $limit = " LIMIT " . intval($numitems) . " OFFSET " . intval($start); if($mailbox !== '') { $x = q("select channel_hash from channel where channel_id = %d limit 1", @@ -332,7 +332,7 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee } if($updateseen) { - $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and id = %d AND channel_id = %d", + $r = q("UPDATE `mail` SET mail_flags = (mail_flags | %d) where not (mail_flags & %d)>0 and id = %d AND channel_id = %d", intval(MAIL_SEEN), intval(MAIL_SEEN), dbesc($messageitem_id), @@ -363,7 +363,7 @@ function private_messages_drop($channel_id, $messageitem_id, $drop_conversation } } else { - $r = q("DELETE FROM mail WHERE id = %d AND channel_id = %d LIMIT 1", + $r = q("DELETE FROM mail WHERE id = %d AND channel_id = %d", intval($messageitem_id), intval($channel_id) ); @@ -421,7 +421,7 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda if($updateseen) { - $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and parent_mid = '%s' AND channel_id = %d", + $r = q("UPDATE `mail` SET mail_flags = (mail_flags | %d) where not (mail_flags & %d)>0 and parent_mid = '%s' AND channel_id = %d", intval(MAIL_SEEN), intval(MAIL_SEEN), dbesc($r[0]['parent_mid']), diff --git a/include/nav.php b/include/nav.php index f1f89db20..d4add7bcd 100644 --- a/include/nav.php +++ b/include/nav.php @@ -38,7 +38,7 @@ EOT; intval($channel['channel_id']) ); - $chans = q("select channel_name, channel_id from channel where channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", + $chans = q("select channel_name, channel_id from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0 order by channel_name ", intval(get_account_id()), intval(PAGE_REMOVED) ); diff --git a/include/network.php b/include/network.php index 25ed615c6..ee2a6a59b 100644 --- a/include/network.php +++ b/include/network.php @@ -991,7 +991,7 @@ function discover_by_url($url,$arr = null) { ); $photos = import_profile_photo($photo,$guid); - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), @@ -1104,7 +1104,7 @@ function discover_by_webbie($webbie) { dbesc($vcard['fn']), dbesc($network), dbesc(z_root()), - dbesc(datetime_convert()) + dbescdate(datetime_convert()) ); $r = q("select * from hubloc where hubloc_hash = '%s' limit 1", @@ -1119,13 +1119,13 @@ function discover_by_webbie($webbie) { dbesc(trim($diaspora_base,'/')), dbesc($hostname), dbesc($notify), - dbesc(datetime_convert()), + dbescdate(datetime_convert()), intval(HUBLOC_FLAGS_PRIMARY) ); } $photos = import_profile_photo($vcard['photo'],$addr); - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", - dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", + dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), diff --git a/include/notifier.php b/include/notifier.php index c193db116..cb97fcdf8 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -99,7 +99,7 @@ function notifier_run($argv, $argc){ // Get the recipient $r = q("select abook.*, hubloc.* from abook left join hubloc on hubloc_hash = abook_xchan - where abook_id = %d and not ( abook_flags & %d ) limit 1", + where abook_id = %d and not ( abook_flags & %d )>0 limit 1", intval($item_id), intval(ABOOK_FLAG_SELF) ); @@ -205,11 +205,12 @@ function notifier_run($argv, $argc){ $normal_mode = false; $expire = true; - $items = q("SELECT * FROM item WHERE uid = %d AND ( item_flags & %d ) - AND ( item_restrict & %d ) AND `changed` > UTC_TIMESTAMP() - INTERVAL 10 MINUTE", + $items = q("SELECT * FROM item WHERE uid = %d AND ( item_flags & %d )>0 + AND ( item_restrict & %d )>0 AND `changed` > %s - INTERVAL %s", intval($item_id), intval(ITEM_WALL), - intval(ITEM_DELETED) + intval(ITEM_DELETED), + db_utcnow(), db_quoteinterval('10 MINUTE') ); $uid = $item_id; $item_id = 0; @@ -495,13 +496,19 @@ function notifier_run($argv, $argc){ where hubloc_hash in (" . implode(',',$recipients) . ") group by hubloc_sitekey order by hubloc_connected desc limit 1"); } else { - + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) { + $r = q("select distinct on (hubloc_sitekey) hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host from hubloc + where hubloc_hash in (" . implode(',',$recipients) . ") and not (hubloc_flags & %d)>0 and not (hubloc_status & %d)>0", + intval(HUBLOC_FLAGS_DELETED), + intval(HUBLOC_OFFLINE) + ); + } else { $r = q("select hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host from hubloc - where hubloc_hash in (" . implode(',',$recipients) . ") and not (hubloc_flags & %d) and not (hubloc_status & %d) group by hubloc_sitekey", + where hubloc_hash in (" . implode(',',$recipients) . ") and not (hubloc_flags & %d)>0 and not (hubloc_status & %d)>0 group by hubloc_sitekey", intval(HUBLOC_FLAGS_DELETED), intval(HUBLOC_OFFLINE) ); - + } } if(! $r) { diff --git a/include/onedirsync.php b/include/onedirsync.php index 8ae1df5e5..09c4c9d9a 100644 --- a/include/onedirsync.php +++ b/include/onedirsync.php @@ -35,13 +35,13 @@ function onedirsync_run($argv, $argc){ // (where we received this update from) ? // If we have, we don't need to do anything except mark any older entries updated - $x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d ) order by ud_date desc limit 1", + $x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d )>0 order by ud_date desc limit 1", dbesc($r[0]['ud_addr']), dbesc($r[0]['ud_date']), intval(UPDATE_FLAGS_UPDATED) ); if($x) { - $y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not ( ud_flags & %d ) and ud_date < '%s' ", + $y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not ( ud_flags & %d )>0 and ud_date < '%s' ", intval(UPDATE_FLAGS_UPDATED), dbesc($r[0]['ud_addr']), intval(UPDATE_FLAGS_UPDATED), diff --git a/include/onepoll.php b/include/onepoll.php index 7a81282b3..095edd095 100644 --- a/include/onepoll.php +++ b/include/onepoll.php @@ -28,8 +28,8 @@ function onepoll_run($argv, $argc){ $contacts = q("SELECT abook.*, xchan.*, account.* FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan where abook_id = %d - AND (( abook_flags & %d ) OR ( abook_flags = %d )) - AND NOT ( abook_flags & %d ) + AND (( abook_flags & %d )>0 OR ( abook_flags = %d )) + AND NOT ( abook_flags & %d )>0 AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1", intval($contact_id), intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_UNCONNECTED|ABOOK_FLAG_FEED), @@ -69,7 +69,7 @@ function onepoll_run($argv, $argc){ if($contact['xchan_network'] === 'rss') { logger('onepoll: processing feed ' . $contact['xchan_name'], LOGGER_DEBUG); handle_feed($importer['channel_id'],$contact_id,$contact['xchan_hash']); - q("update abook set abook_connected = '%s' where abook_id = %d limit 1", + q("update abook set abook_connected = '%s' where abook_id = %d", dbesc(datetime_convert()), intval($contact['abook_id']) ); @@ -88,13 +88,13 @@ function onepoll_run($argv, $argc){ $connected = datetime_convert(); if(! $x) { // mark for death by not updating abook_connected, this is caught in include/poller.php - q("update abook set abook_updated = '%s' where abook_id = %d limit 1", + q("update abook set abook_updated = '%s' where abook_id = %d", dbesc($updated), intval($contact['abook_id']) ); } else { - q("update abook set abook_updated = '%s', abook_connected = '%s' where abook_id = %d limit 1", + q("update abook set abook_updated = '%s', abook_connected = '%s' where abook_id = %d", dbesc($updated), dbesc($connected), intval($contact['abook_id']) @@ -145,8 +145,9 @@ function onepoll_run($argv, $argc){ if($contact['xchan_connurl']) { $r = q("SELECT xlink_id from xlink - where xlink_xchan = '%s' and xlink_updated > UTC_TIMESTAMP() - INTERVAL 1 DAY limit 1", - intval($contact['xchan_hash']) + where xlink_xchan = '%s' and xlink_updated > %s - INTERVAL %s limit 1", + intval($contact['xchan_hash']), + db_utcnow(), db_quoteinterval('1 DAY') ); if(! $r) { poco_load($contact['xchan_hash'],$contact['xchan_connurl']); diff --git a/include/permissions.php b/include/permissions.php index 186ba32d8..14a531d8c 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -97,7 +97,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { if(! $abook_checked) { $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash - where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", + where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d )>0 limit 1", intval($uid), dbesc($observer_xchan), intval(ABOOK_FLAG_SELF) @@ -269,7 +269,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { return true; $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash - where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", + where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d )>0 limit 1", intval($uid), dbesc($observer_xchan), intval(ABOOK_FLAG_SELF) diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 508d82957..e63125671 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -341,7 +341,7 @@ abstract class photo_driver { `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' - where id = %d limit 1", + where id = %d", intval($p['aid']), intval($p['uid']), @@ -354,7 +354,7 @@ abstract class photo_driver { dbesc($p['album']), intval($this->getHeight()), intval($this->getWidth()), - dbesc($this->imageString()), + dbescbin($this->imageString()), intval(strlen($this->imageString())), intval($p['scale']), intval($p['profile']), @@ -383,7 +383,7 @@ abstract class photo_driver { dbesc($p['album']), intval($this->getHeight()), intval($this->getWidth()), - dbesc($this->imageString()), + dbescbin($this->imageString()), intval(strlen($this->imageString())), intval($p['scale']), intval($p['profile']), @@ -428,7 +428,7 @@ abstract class photo_driver { `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' - where id = %d limit 1", + where id = %d", intval($aid), intval($uid), @@ -441,7 +441,7 @@ abstract class photo_driver { dbesc($album), intval($this->getHeight()), intval($this->getWidth()), - dbesc($this->imageString()), + dbescbin($this->imageString()), intval(strlen($this->imageString())), intval($scale), intval($profile), @@ -467,7 +467,7 @@ abstract class photo_driver { dbesc($album), intval($this->getHeight()), intval($this->getWidth()), - dbesc($this->imageString()), + dbescbin($this->imageString()), intval(strlen($this->imageString())), intval($scale), intval($profile), @@ -562,7 +562,7 @@ function import_profile_photo($photo,$xchan,$thing = false) { if($thing) $hash = photo_new_resource(); else { - $r = q("select resource_id from photo where xchan = '%s' and (photo_flags & %d ) and scale = 4 limit 1", + $r = q("select resource_id from photo where xchan = '%s' and (photo_flags & %d )>0 and scale = 4 limit 1", dbesc($xchan), intval(PHOTO_XCHAN) ); diff --git a/include/photos.php b/include/photos.php index badbbd791..bdeb5db83 100644 --- a/include/photos.php +++ b/include/photos.php @@ -44,9 +44,10 @@ function photo_upload($channel, $observer, $args) { * */ - $r = q("SELECT * FROM photo WHERE album = '%s' AND uid = %d AND created > UTC_TIMESTAMP() - INTERVAL 3 HOUR ", + $r = q("SELECT * FROM photo WHERE album = '%s' AND uid = %d AND created > %s - INTERVAL %s ", dbesc($album), - intval($channel_id) + intval($channel_id), + db_utcnow(), db_quoteinterval('3 HOUR') ); if((! $r) || ($album == t('Profile Photos'))) $visible = 1; @@ -291,7 +292,7 @@ function photos_albums_list($channel,$observer) { $sql_extra = permissions_sql($channel_id); - $albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and ( photo_flags = %d or photo_flags = %d ) $sql_extra group by album order by created desc", + $albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and ( photo_flags = %d or photo_flags = %d ) $sql_extra group by album order by max(created) desc", intval($channel_id), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE) diff --git a/include/plugin.php b/include/plugin.php index 4f9ab71da..e500ccc56 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -102,7 +102,7 @@ function load_plugin($plugin) { // This way the system won't fall over dead during the update. if(file_exists('addon/' . $plugin . '/.hidden')) { - q("update addon set hidden = 1 where name = '%s' limit 1", + q("update addon set hidden = 1 where name = '%s'", dbesc($plugin) ); } @@ -158,7 +158,7 @@ function reload_plugins() { $func = $pl . '_load'; $func(); } - q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d LIMIT 1", + q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d", intval($t), intval($i['id']) ); @@ -208,7 +208,7 @@ function register_hook($hook, $file, $function, $priority = 0) { * @return mixed */ function unregister_hook($hook, $file, $function) { - $r = q("DELETE FROM hook WHERE hook = '%s' AND `file` = '%s' AND `function` = '%s' LIMIT 1", + $r = q("DELETE FROM hook WHERE hook = '%s' AND `file` = '%s' AND `function` = '%s'", dbesc($hook), dbesc($file), dbesc($function) diff --git a/include/poller.php b/include/poller.php index f11618d37..8e52d6e05 100644 --- a/include/poller.php +++ b/include/poller.php @@ -44,15 +44,17 @@ function poller_run($argv, $argc){ // expire any expired mail - q("delete from mail where expires != '%s' and expires < UTC_TIMESTAMP() ", - dbesc(NULL_DATE) + q("delete from mail where expires != '%s' and expires < %s ", + dbesc(NULL_DATE), + db_utcnow() ); // expire any expired items - $r = q("select id from item where expires != '%s' and expires < UTC_TIMESTAMP() - and not ( item_restrict & %d ) ", + $r = q("select id from item where expires != '%s' and expires < %s + and not ( item_restrict & %d )>0 ", dbesc(NULL_DATE), + db_utcnow(), intval(ITEM_DELETED) ); if($r) { @@ -66,7 +68,9 @@ function poller_run($argv, $argc){ // channels and sites that quietly vanished and prevent the directory from accumulating stale // or dead entries. - $r = q("select channel_id from channel where channel_dirdate < UTC_TIMESTAMP() - INTERVAL 30 DAY"); + $r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('30 DAY') + ); if($r) { foreach($r as $rr) { proc_run('php','include/directory.php',$rr['channel_id'],'force'); @@ -78,12 +82,13 @@ function poller_run($argv, $argc){ // publish any applicable items that were set to be published in the future // (time travel posts) - $r = q("select id from item where ( item_restrict & %d ) and created <= UTC_TIMESTAMP() ", - intval(ITEM_DELAYED_PUBLISH) + $r = q("select id from item where ( item_restrict & %d )>0 and created <= %s ", + intval(ITEM_DELAYED_PUBLISH), + db_utcnow() ); if($r) { foreach($r as $rr) { - $x = q("update item set item_restrict = ( item_restrict ^ %d ) where id = %d limit 1", + $x = q("update item set item_restrict = ( item_restrict & ~%d ) where id = %d", intval(ITEM_DELAYED_PUBLISH), intval($rr['id']) ); @@ -167,7 +172,9 @@ function poller_run($argv, $argc){ // expire any read notifications over a month old - q("delete from notify where seen = 1 and date < UTC_TIMESTAMP() - INTERVAL 30 DAY"); + q("delete from notify where seen = 1 and date < %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('30 DAY') + ); // expire any expired accounts downgrade_accounts(); @@ -199,13 +206,15 @@ function poller_run($argv, $argc){ // This should be rare $r = q("select xchan_photo_l, xchan_hash from xchan where xchan_photo_l != '' and xchan_photo_m = '' - and xchan_photo_date < UTC_TIMESTAMP() - INTERVAL 1 DAY"); + and xchan_photo_date < %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('1 DAY') + ); if($r) { require_once('include/photo/photo_driver.php'); foreach($r as $rr) { $photos = import_profile_photo($rr['xchan_photo_l'],$rr['xchan_hash']); $x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' - where xchan_hash = '%s' limit 1", + where xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), @@ -258,16 +267,17 @@ function poller_run($argv, $argc){ // Only poll from those with suitable relationships $abandon_sql = (($abandon_days) - ? sprintf(" AND account_lastlog > UTC_TIMESTAMP() - INTERVAL %d DAY ", intval($abandon_days)) + ? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days).' DAY')) : '' ); - + $randfunc = (ACTIVE_DBTYPE == DBTYPE_POSTGRES) ? 'RANDOM()' : 'RAND()'; + $contacts = q("SELECT abook_id, abook_flags, abook_updated, abook_connected, abook_closeness, abook_xchan, abook_channel - FROM abook LEFT JOIN account on abook_account = account_id where 1 + FROM abook LEFT JOIN account on abook_account = account_id $sql_extra - AND (( abook_flags & %d ) OR ( abook_flags = %d )) - AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY RAND()", + AND (( abook_flags & %d )>0 OR ( abook_flags = %d )) + AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY $randfunc", intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_UNCONNECTED|ABOOK_FLAG_FEED), intval(0), intval(ACCOUNT_OK), @@ -308,7 +318,7 @@ function poller_run($argv, $argc){ // if we've never connected with them, start the mark for death countdown from now if($c == NULL_DATE) { - $r = q("update abook set abook_connected = '%s' where abook_id = %d limit 1", + $r = q("update abook set abook_connected = '%s' where abook_id = %d", dbesc(datetime_convert()), intval($contact['abook_id']) ); @@ -323,7 +333,7 @@ function poller_run($argv, $argc){ dbesc($contact['abook_xchan']) ); if($n && $n[0]['xchan_network'] == 'zot') { - $r = q("update abook set abook_flags = (abook_flags | %d) where abook_id = %d limit 1", + $r = q("update abook set abook_flags = (abook_flags | %d) where abook_id = %d", intval(ABOOK_FLAG_ARCHIVED), intval($contact['abook_id']) ); @@ -365,9 +375,10 @@ function poller_run($argv, $argc){ } if($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) { - $r = q("select distinct ud_addr, updates.* from updates where not ( ud_flags & %d ) and ud_addr != '' and ( ud_last = '%s' OR ud_last > UTC_TIMESTAMP() - INTERVAL 7 DAY ) group by ud_addr ", + $r = q("select distinct ud_addr, updates.* from updates where not ( ud_flags & %d )>0 and ud_addr != '' and ( ud_last = '%s' OR ud_last > %s - INTERVAL %s ) group by ud_addr ", intval(UPDATE_FLAGS_UPDATED), - dbesc(NULL_DATE) + dbesc(NULL_DATE), + db_utcnow(), db_quoteinterval('7 DAY') ); if($r) { foreach($r as $rr) { diff --git a/include/queue.php b/include/queue.php index 222ebada4..b6a540ef9 100644 --- a/include/queue.php +++ b/include/queue.php @@ -22,7 +22,9 @@ function queue_run($argv, $argc){ logger('queue: start'); - $r = q("DELETE FROM outq WHERE outq_created < UTC_TIMESTAMP() - INTERVAL 3 DAY"); + $r = q("DELETE FROM outq WHERE outq_created < %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('3 DAY') + ); if($queue_id) { $r = q("SELECT * FROM outq WHERE outq_hash = '%s' LIMIT 1", @@ -37,8 +39,18 @@ function queue_run($argv, $argc){ // so that we don't start off a thousand deliveries for a couple of dead hubs. // The zot driver will deliver everything destined for a single hub once contact is made (*if* contact is made). // Other drivers will have to do something different here and may need their own query. - - $r = q("SELECT * FROM outq WHERE outq_delivered = 0 and (( outq_created > UTC_TIMESTAMP() - INTERVAL 12 HOUR and outq_updated < UTC_TIMESTAMP() - INTERVAL 15 MINUTE ) OR ( outq_updated < UTC_TIMESTAMP() - INTERVAL 1 HOUR )) group by outq_posturl"); + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) { + $prefix = 'DISTINCT ON (outq_posturl)'; + $suffix = 'ORDER BY outq_posturl'; + } else { + $prefix = ''; + $suffix = 'GROUP BY outq_posturl'; + } + $r = q("SELECT $prefix * FROM outq WHERE outq_delivered = 0 and (( outq_created > %s - INTERVAL %s and outq_updated < %s - INTERVAL %s ) OR ( outq_updated < %s - INTERVAL %s )) $suffix", + db_utcnow(), db_quoteinterval('12 HOUR'), + db_utcnow(), db_quoteinterval('15 MINUTE'), + db_utcnow(), db_quoteinterval('1 HOUR') + ); } if(! $r) return; @@ -51,13 +63,13 @@ function queue_run($argv, $argc){ $result = z_post_url($rr['outq_posturl'],$rr['outq_msg']); if($result['success'] && $result['return_code'] < 300) { logger('queue: queue post success to ' . $rr['outq_posturl'], LOGGER_DEBUG); - $y = q("delete from outq where outq_hash = '%s' limit 1", + $y = q("delete from outq where outq_hash = '%s'", dbesc($rr['ouq_hash']) ); } else { logger('queue: queue post returned ' . $result['return_code'] . ' from ' . $rr['outq_posturl'],LOGGER_DEBUG); - $y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", + $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'", dbesc(datetime_convert()), dbesc($rr['outq_hash']) ); @@ -70,7 +82,7 @@ function queue_run($argv, $argc){ } else { $deadguys[] = $rr['outq_posturl']; - $y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", + $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'", dbesc(datetime_convert()), dbesc($rr['outq_hash']) ); diff --git a/include/queue_fn.php b/include/queue_fn.php index 512edb531..22580bc48 100644 --- a/include/queue_fn.php +++ b/include/queue_fn.php @@ -2,7 +2,7 @@ function update_queue_time($id) { logger('queue: requeue item ' . $id); - q("UPDATE outq SET outq_updated = '%s' WHERE outq_hash = '%s' LIMIT 1", + q("UPDATE outq SET outq_updated = '%s' WHERE outq_hash = '%s'", dbesc(datetime_convert()), dbesc($id) ); @@ -10,7 +10,7 @@ function update_queue_time($id) { function remove_queue_item($id) { logger('queue: remove queue item ' . $id); - q("DELETE FROM outq WHERE hash = '%s' LIMIT 1", + q("DELETE FROM outq WHERE hash = '%s'", dbesc($id) ); } diff --git a/include/reddav.php b/include/reddav.php index c16e08e27..750ca1b24 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -42,7 +42,7 @@ require_once('include/RedDAV/RedBasicAuth.php'); function RedChannelList(&$auth) { $ret = array(); - $r = q("SELECT channel_id, channel_address FROM channel WHERE NOT (channel_pageflags & %d) AND NOT (channel_pageflags & %d)", + $r = q("SELECT channel_id, channel_address FROM channel WHERE NOT (channel_pageflags & %d)>0 AND NOT (channel_pageflags & %d)>0", intval(PAGE_REMOVED), intval(PAGE_HIDDEN) ); @@ -115,7 +115,7 @@ function RedCollectionData($file, &$auth) { $permission_error = false; for ($x = 1; $x < count($path_arr); $x++) { - $r = q("SELECT id, hash, filename, flags FROM attach WHERE folder = '%s' AND filename = '%s' AND uid = %d AND (flags & %d) $perms LIMIT 1", + $r = q("SELECT id, hash, filename, flags FROM attach WHERE folder = '%s' AND filename = '%s' AND uid = %d AND (flags & %d)>0 $perms LIMIT 1", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), @@ -124,7 +124,7 @@ function RedCollectionData($file, &$auth) { if (! $r) { // path wasn't found. Try without permissions to see if it was the result of permissions. $errors = true; - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) limit 1", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0 limit 1", dbesc($folder), basename($path_arr[$x]), intval($channel_id), @@ -155,8 +155,14 @@ function RedCollectionData($file, &$auth) { logger("Path mismatch: $path !== /$file"); return NULL; } - - $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and uid = %d $perms group by filename", + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) { + $prefix = 'DISTINCT ON (filename)'; + $suffix = 'ORDER BY filename'; + } else { + $prefix = ''; + $suffix = 'GROUP BY filename'; + } + $r = q("select $prefix id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and uid = %d $perms $suffix", dbesc($folder), intval($channel_id) ); @@ -231,7 +237,7 @@ function RedFileData($file, &$auth, $test = false) { $errors = false; for ($x = 1; $x < count($path_arr); $x++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) $perms", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0 $perms", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), @@ -244,7 +250,7 @@ function RedFileData($file, &$auth, $test = false) { } if (! $r) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach - where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1", + where folder = '%s' and filename = '%s' and uid = %d $perms order by filename limit 1", dbesc($folder), dbesc(basename($file)), intval($channel_id) @@ -253,7 +259,7 @@ function RedFileData($file, &$auth, $test = false) { if (! $r) { $errors = true; $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach - where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1", + where folder = '%s' and filename = '%s' and uid = %d order by filename limit 1", dbesc($folder), dbesc(basename($file)), intval($channel_id) diff --git a/include/security.php b/include/security.php index e83cc7061..8066a76f6 100644 --- a/include/security.php +++ b/include/security.php @@ -12,7 +12,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive $_SESSION['authenticated'] = 1; if($login_initial || $update_lastlog) { - q("update account set account_lastlog = '%s' where account_id = %d limit 1", + q("update account set account_lastlog = '%s' where account_id = %d", dbesc(datetime_convert()), intval($_SESSION['account_id']) ); @@ -59,7 +59,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive /* This account has never created a channel. Send them to new_channel by default */ if($a->module === 'login') { - $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d)", + $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d)>0", intval($a->account['account_id']), intval(PAGE_REMOVED) ); @@ -76,7 +76,7 @@ function change_channel($change_channel) { $ret = false; if($change_channel) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and not ( channel_pageflags & %d) limit 1", + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and not ( channel_pageflags & %d)>0 limit 1", intval($change_channel), intval(get_account_id()), intval(PAGE_REMOVED) @@ -86,7 +86,7 @@ function change_channel($change_channel) { if (is_developer()) { if (! $r) { if (is_site_admin()) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d ) limit 1", + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d )>0 limit 1", intval($change_channel), intval(PAGE_SYSTEM), intval(PAGE_REMOVED) @@ -174,9 +174,10 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { foreach($groups as $g) $gs .= '|<' . $g . '>'; } + $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') - AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) + " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) ) ", dbesc(protect_sprintf( '%<' . $observer . '>%')), @@ -204,7 +205,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * default permissions - anonymous user */ - $sql = " AND not item_private "; + $sql = " AND item_private=0 "; /** @@ -235,10 +236,11 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) if(is_array($groups) && count($groups)) { foreach($groups as $g) $gs .= '|<' . $g . '>'; - } + } + $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') - AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) + " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) ) ", dbesc(protect_sprintf( '%<' . $observer . '>%')), @@ -264,9 +266,10 @@ function public_permissions_sql($observer_hash) { } $sql = ''; if($observer_hash) { + $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') - AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) + " OR (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) )) ", dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), @@ -375,7 +378,7 @@ function stream_perms_api_uids($perms = NULL ) { $ret = array(); if(local_user()) $ret[] = local_user(); - $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0", intval($perms), intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) ); @@ -402,7 +405,7 @@ function stream_perms_xchans($perms = NULL ) { if(local_user()) $ret[] = get_observer_hash(); - $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0", intval($perms), intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED) ); diff --git a/include/session.php b/include/session.php index b531688e2..282b99814 100644 --- a/include/session.php +++ b/include/session.php @@ -60,11 +60,11 @@ function ref_session_write ($id,$data) { if($session_exists) $r = q("UPDATE `session` SET `data` = '%s', `expire` = '%s' - WHERE `sid` = '%s' LIMIT 1", + WHERE `sid` = '%s'", dbesc($data), dbesc($expire), dbesc($id)); else - $r = q("INSERT INTO `session` - SET `sid` = '%s', `expire` = '%s', `data` = '%s'", + $r = q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')", + //SET `sid` = '%s', `expire` = '%s', `data` = '%s'", dbesc($id), dbesc($default_expire), dbesc($data)); return true; @@ -84,7 +84,7 @@ function ref_session_destroy ($id) { function ref_session_gc($expire) { q("DELETE FROM session WHERE expire < %d", dbesc(time())); - q("OPTIMIZE TABLE session"); + db_optimizetable('session'); return true; } diff --git a/include/socgraph.php b/include/socgraph.php index 504a6b2c0..740886b1c 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -77,7 +77,7 @@ function poco_load($xchan = '',$url = null) { dbesc($xchan) ); if($r) { - q("update xchat set xchat_edited = '%s' where xchat_id = %d limit 1", + q("update xchat set xchat_edited = '%s' where xchat_id = %d", dbesc(datetime_convert()), intval($r[0]['xchat_id']) ); @@ -93,7 +93,8 @@ function poco_load($xchan = '',$url = null) { } } } - q("delete from xchat where xchat_edited < UTC_TIMESTAMP() - INTERVAL 7 DAY and xchat_xchan = '%s' ", + q("delete from xchat where xchat_edited < %s - INTERVAL %s and xchat_xchan = '%s' ", + db_utcnow(), db_quoteinterval('7 DAY'), dbesc($xchan) ); } @@ -195,7 +196,7 @@ function poco_load($xchan = '',$url = null) { ); } else { - q("update xlink set xlink_updated = '%s', xlink_rating = %d where xlink_id = %d limit 1", + q("update xlink set xlink_updated = '%s', xlink_rating = %d where xlink_id = %d", dbesc(datetime_convert()), intval($rating), intval($r[0]['xlink_id']) @@ -204,8 +205,9 @@ function poco_load($xchan = '',$url = null) { } logger("poco_load: loaded $total entries",LOGGER_DEBUG); - q("delete from xlink where xlink_xchan = '%s' and xlink_updated < UTC_TIMESTAMP() - INTERVAL 2 DAY", - dbesc($xchan) + q("delete from xlink where xlink_xchan = '%s' and xlink_updated < %s - INTERVAL %s", + dbesc($xchan), + db_utcnow(), db_quoteinterval('2 DAY') ); } @@ -227,18 +229,19 @@ function count_common_friends($uid,$xchan) { function common_friends($uid,$xchan,$start = 0,$limit=100000000,$shuffle = false) { + $rand = db_getfunc('rand'); if($shuffle) - $sql_extra = " order by rand() "; + $sql_extra = " order by $rand "; else $sql_extra = " order by xchan_name asc "; $r = q("SELECT * from xchan left join xlink on xlink_link = xchan_hash where xlink_xchan = '%s' and xlink_link in - (select abook_xchan from abook where abook_xchan != '%s' and abook_channel = %d and abook_flags = 0 ) $sql_extra limit %d, %d", + (select abook_xchan from abook where abook_xchan != '%s' and abook_channel = %d and abook_flags = 0 ) $sql_extra limit %d offset %d", dbesc($xchan), dbesc($xchan), intval($uid), - intval($start), - intval($limit) + intval($limit), + intval($start) ); return $r; @@ -273,11 +276,11 @@ function common_friends_zcid($uid,$zcid,$start = 0, $limit = 9999,$shuffle = fal FROM `glink` left join `gcontact` on `glink`.`gcid` = `gcontact`.`id` where `glink`.`zcid` = %d and `gcontact`.`nurl` in (select nurl from contact where uid = %d and self = 0 and blocked = 0 and hidden = 0 ) - $sql_extra limit %d, %d", + $sql_extra limit %d offset %d", intval($zcid), intval($uid), - intval($start), - intval($limit) + intval($limit), + intval($start) ); return $r; @@ -306,11 +309,11 @@ function all_friends($uid,$cid,$start = 0, $limit = 80) { $r = q("SELECT `gcontact`.* FROM `glink` left join `gcontact` on `glink`.`gcid` = `gcontact`.`id` where `glink`.`cid` = %d and `glink`.`uid` = %d - order by `gcontact`.`name` asc LIMIT %d, %d ", + order by `gcontact`.`name` asc LIMIT %d OFFSET %d ", intval($cid), intval($uid), - intval($start), - intval($limit) + intval($limit), + intval($start) ); return $r; @@ -329,16 +332,16 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) { and not xlink_link in ( select abook_xchan from abook where abook_channel = %d ) and not xlink_link in ( select xchan from xign where uid = %d ) and xlink_xchan != '' - and not ( xchan_flags & %d ) - and not ( xchan_flags & %d ) - group by xchan_hash order by total desc limit %d, %d ", + and not ( xchan_flags & %d )>0 + and not ( xchan_flags & %d )>0 + group by xchan_hash order by total desc limit %d offset %d ", intval($uid), intval($uid), intval($uid), intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_DELETED), - intval($start), - intval($limit) + intval($limit), + intval($start) ); if($r && count($r) >= ($limit -1)) @@ -349,15 +352,15 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) { where xlink_xchan = '' and not xlink_link in ( select abook_xchan from abook where abook_channel = %d ) and not xlink_link in ( select xchan from xign where uid = %d ) - and not ( xchan_flags & %d ) - and not ( xchan_flags & %d ) - group by xchan_hash order by total desc limit %d, %d ", + and not ( xchan_flags & %d )>0 + and not ( xchan_flags & %d )>0 + group by xchan_hash order by total desc limit %d offset %d ", intval($uid), intval($uid), intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_DELETED), - intval($start), - intval($limit) + intval($limit), + intval($start) ); if(is_array($r) && is_array($r2)) @@ -394,7 +397,9 @@ function update_suggestions() { // the targets may have changed their preferences and don't want to be suggested - and they // may have simply gone away. - $r = q("delete from xlink where xlink_xchan = '' and xlink_updated < UTC_TIMESTAMP() - INTERVAL 7 DAY"); + $r = q("delete from xlink where xlink_xchan = '' and xlink_updated < %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('7 DAY') + ); $j = json_decode($ret['body'],true); diff --git a/include/statistics_fns.php b/include/statistics_fns.php index 4f72e6615..288925a2c 100644 --- a/include/statistics_fns.php +++ b/include/statistics_fns.php @@ -13,7 +13,9 @@ function update_channels_total_stat() { function update_channels_active_halfyear_stat() { $r = q("select channel_id from channel left join account on account_id = channel_account_id - where account_flags = 0 and account_lastlog > UTC_TIMESTAMP - INTERVAL 6 MONTH"); + where account_flags = 0 and account_lastlog > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('6 MONTH') + ); if($r) { $s = ''; foreach($r as $rr) { @@ -21,8 +23,9 @@ function update_channels_active_halfyear_stat() { $s .= ','; $s .= intval($rr['channel_id']); } - $x = q("select uid from item where uid in ( $s ) and (item_flags & %d) and created > UTC_TIMESTAMP - INTERVAL 6 MONTH group by uid", - intval(ITEM_WALL) + $x = q("select uid from item where uid in ( $s ) and (item_flags & %d)>0 and created > %s - INTERVAL %s group by uid", + intval(ITEM_WALL), + db_utcnow(), db_quoteinterval('6 MONTH') ); if($x) { $channels_active_halfyear_stat = count($x); @@ -37,7 +40,9 @@ function update_channels_active_halfyear_stat() { function update_channels_active_monthly_stat() { $r = q("select channel_id from channel left join account on account_id = channel_account_id - where account_flags = 0 and account_lastlog > UTC_TIMESTAMP - INTERVAL 1 MONTH"); + where account_flags = 0 and account_lastlog > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('1 MONTH') + ); if($r) { $s = ''; foreach($r as $rr) { @@ -45,8 +50,9 @@ function update_channels_active_monthly_stat() { $s .= ','; $s .= intval($rr['channel_id']); } - $x = q("select uid from item where uid in ( $s ) and ( item_flags & %d ) and created > UTC_TIMESTAMP - INTERVAL 1 MONTH group by uid", - intval(ITEM_WALL) + $x = q("select uid from item where uid in ( $s ) and ( item_flags & %d )>0 and created > %s - INTERVAL %s group by uid", + intval(ITEM_WALL), + db_utcnow(), db_quoteinterval('1 MONTH') ); if($x) { $channels_active_monthly_stat = count($x); @@ -60,7 +66,7 @@ function update_channels_active_monthly_stat() { } function update_local_posts_stat() { - $posts = q("SELECT COUNT(*) AS local_posts FROM `item` WHERE (item_flags & %d) ", + $posts = q("SELECT COUNT(*) AS local_posts FROM `item` WHERE (item_flags & %d)>0 ", intval(ITEM_WALL) ); if (is_array($posts)) { $local_posts_stat = intval($posts[0]["local_posts"]); diff --git a/include/text.php b/include/text.php index fca23ca22..437bb8b5f 100644 --- a/include/text.php +++ b/include/text.php @@ -724,7 +724,7 @@ function contact_block() { if((! is_array($a->profile)) || ($a->profile['hide_friends'])) return $o; - $r = q("SELECT COUNT(abook_id) AS total FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and not ( abook_flags & %d ) and not (xchan_flags & %d)", + $r = q("SELECT COUNT(abook_id) AS total FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and not ( abook_flags & %d )>0 and not (xchan_flags & %d)>0", intval($a->profile['uid']), intval($abook_flags), intval($xchan_flags) @@ -737,8 +737,12 @@ function contact_block() { $micropro = Null; } else { - - $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash WHERE abook_channel = %d AND not ( abook_flags & %d) and not (xchan_flags & %d ) ORDER BY RAND() LIMIT %d", + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) { + $randfunc = 'RANDOM()'; + } else { + $randfunc = 'RAND()'; + } + $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash WHERE abook_channel = %d AND not ( abook_flags & %d)>0 and not (xchan_flags & %d )>0 ORDER BY $randfunc LIMIT %d", intval($a->profile['uid']), intval($abook_flags|ABOOK_FLAG_ARCHIVED), intval($xchan_flags), @@ -1534,7 +1538,7 @@ function unamp($s) { } function layout_select($channel_id, $current = '') { - $r = q("select mid,sid from item left join item_id on iid = item.id where service = 'PDL' and item.uid = item_id.uid and item_id.uid = %d and (item_restrict & %d)", + $r = q("select mid,sid from item left join item_id on iid = item.id where service = 'PDL' and item.uid = item_id.uid and item_id.uid = %d and (item_restrict & %d)>0", intval($channel_id), intval(ITEM_PDL) ); @@ -1874,13 +1878,13 @@ function xchan_query(&$items,$abook = true,$effective_uid = 0) { if(count($arr)) { if($abook) { $chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash and abook_channel = %d - where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )", + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0", intval($item['uid']) ); } else { $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash - where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0"); } $xchans = q("select * from xchan where xchan_hash in (" . implode(',',$arr) . ") and xchan_network in ('rss','unknown')"); if(! $chans) @@ -1909,7 +1913,7 @@ function xchan_mail_query(&$item) { if(count($arr)) { $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash - where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0"); } if($chans) { $item['from'] = find_xchan_in_array($item['from_xchan'],$chans); diff --git a/include/widgets.php b/include/widgets.php index 2e406aa77..cd0832846 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -155,7 +155,7 @@ function widget_follow($args) { return ''; $a = get_app(); $uid =$a->channel['channel_id']; - $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ", + $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d)>0 ", intval($uid), intval(ABOOK_FLAG_SELF) ); @@ -220,7 +220,7 @@ function widget_savedsearch($arr) { } if(x($_GET,'searchremove') && $search) { - q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", + q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s'", intval(local_user()), intval(TERM_SAVEDSEARCH), dbesc($search) @@ -432,7 +432,7 @@ function widget_settings_menu($arr) { $role = get_pconfig(local_user(),'system','permissions_role'); - $abk = q("select abook_id from abook where abook_channel = %d and ( abook_flags & %d ) limit 1", + $abk = q("select abook_id from abook where abook_channel = %d and ( abook_flags & %d )>0 limit 1", intval(local_user()), intval(ABOOK_FLAG_SELF) ); diff --git a/include/zot.php b/include/zot.php index 24ace9cbb..643aada58 100644 --- a/include/zot.php +++ b/include/zot.php @@ -79,7 +79,7 @@ function zot_get_hublocs($hash) { /** Only search for active hublocs - e.g. those that haven't been marked deleted */ - $ret = q("select * from hubloc where hubloc_hash = '%s' and not ( hubloc_flags & %d ) group by hubloc_url ", + $ret = q("select * from hubloc where hubloc_hash = '%s' and not ( hubloc_flags & %d )>0 order by hubloc_url ", dbesc($hash), intval(HUBLOC_FLAGS_DELETED) ); @@ -194,14 +194,15 @@ function zot_finger($webbie,$channel,$autofallback = true) { logger('zot_finger: no address :' . $webbie); return array('success' => false); } - + logger('using xchan_addr: ' . $xchan_addr, LOGGER_DATA); + // potential issue here; the xchan_addr points to the primary hub. // The webbie we were called with may not, so it might not be found // unless we query for hubloc_addr instead of xchan_addr $r = q("select xchan.*, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where xchan_addr = '%s' and (hubloc_flags & %d) limit 1", + where xchan_addr = '%s' and (hubloc_flags & %d)>0 limit 1", dbesc($xchan_addr), intval(HUBLOC_FLAGS_PRIMARY) ); @@ -211,6 +212,7 @@ function zot_finger($webbie,$channel,$autofallback = true) { if($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') { logger('zot_finger: alternate network: ' . $webbie); + logger('url: '.$url.', net: '.var_export($r[0]['hubloc_network'],true), LOGGER_DATA); return array('success' => false); } } @@ -299,7 +301,7 @@ function zot_refresh($them,$channel = null, $force = false) { if($them['hubloc_url']) $url = $them['hubloc_url']; else { - $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d ) limit 1", + $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d )>0 limit 1", dbesc($them['xchan_hash']), intval(HUBLOC_FLAGS_PRIMARY) ); @@ -381,7 +383,7 @@ function zot_refresh($them,$channel = null, $force = false) { } } - $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1", + $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d)>0 limit 1", dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF) @@ -407,7 +409,7 @@ function zot_refresh($them,$channel = null, $force = false) { $y = q("update abook set abook_their_perms = %d, abook_dob = '%s' where abook_xchan = '%s' and abook_channel = %d - and not (abook_flags & %d) limit 1", + and not (abook_flags & %d)>0 ", intval($their_perms), dbesc($next_birthday), dbesc($x['hash']), @@ -441,7 +443,7 @@ function zot_refresh($them,$channel = null, $force = false) { else { $default_perms = 0; // look for default permissions to apply in return - e.g. auto-friend - $z = q("select * from abook where abook_channel = %d and (abook_flags & %d) limit 1", + $z = q("select * from abook where abook_channel = %d and (abook_flags & %d)>0 limit 1", intval($channel['channel_id']), intval(ABOOK_FLAG_SELF) ); @@ -469,7 +471,7 @@ function zot_refresh($them,$channel = null, $force = false) { $new_perms = get_all_perms($channel['channel_id'],$x['hash']); if($new_perms != $previous_perms) { // Send back a permissions update if permissions have changed - $z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1", + $z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d)>0 limit 1", dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF) @@ -730,7 +732,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { || ($r[0]['xchan_url'] != $arr['url'])) { $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_follow = '%s', xchan_connpage = '%s', xchan_flags = %d, - xchan_addr = '%s', xchan_url = '%s' where xchan_hash = '%s' limit 1", + xchan_addr = '%s', xchan_url = '%s' where xchan_hash = '%s'", dbesc(($arr['name']) ? $arr['name'] : '-'), dbesc($arr['name_updated']), dbesc($arr['connections_url']), @@ -783,8 +785,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { dbesc($arr['connect_url']), dbesc(($arr['name']) ? $arr['name'] : '-'), dbesc('zot'), - dbesc($arr['photo_updated']), - dbesc($arr['name_updated']), + dbescdate($arr['photo_updated']), + dbescdate($arr['name_updated']), intval($new_flags) ); @@ -825,7 +827,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { // importing the photo failed somehow. Leave the photo_date alone so we can try again at a later date. // This often happens when somebody joins the matrix with a bad cert. $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' - where xchan_hash = '%s' limit 1", + where xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), @@ -835,8 +837,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { } else { $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' - where xchan_hash = '%s' limit 1", - dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), + where xchan_hash = '%s'", + dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), @@ -896,10 +898,10 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { else { logger('import_xchan: profile not available - hiding'); // they may have made it private - $r = q("delete from xprof where xprof_hash = '%s' limit 1", + $r = q("delete from xprof where xprof_hash = '%s'", dbesc($xchan_hash) ); - $r = q("delete from xtag where xtag_hash = '%s' limit 1", + $r = q("delete from xtag where xtag_hash = '%s'", dbesc($xchan_hash) ); } @@ -921,7 +923,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { } elseif(! $ud_flags) { // nothing changed but we still need to update the updates record - q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) ", + q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ", intval(UPDATE_FLAGS_UPDATED), dbesc($address), intval(UPDATE_FLAGS_UPDATED) @@ -971,14 +973,14 @@ function zot_process_response($hub,$arr,$outq) { // async messages remain in the queue until processed. if(intval($outq['outq_async'])) { - $r = q("update outq set outq_delivered = 1, outq_updated = '%s' where outq_hash = '%s' and outq_channel = %d limit 1", + $r = q("update outq set outq_delivered = 1, outq_updated = '%s' where outq_hash = '%s' and outq_channel = %d", dbesc(datetime_convert()), dbesc($outq['outq_hash']), intval($outq['outq_channel']) ); } else { - $r = q("delete from outq where outq_hash = '%s' and outq_channel = %d limit 1", + $r = q("delete from outq where outq_hash = '%s' and outq_channel = %d", dbesc($outq['outq_hash']), intval($outq['outq_channel']) ); @@ -1094,7 +1096,7 @@ function zot_import($arr, $sender_url) { } stringify_array_elms($recip_arr); $recips = implode(',',$recip_arr); - $r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d ) ", + $r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d )>0 ", intval(PAGE_REMOVED) ); if(! $r) { @@ -1276,9 +1278,9 @@ function public_recips($msg) { if($msg['notify']['sender']['url'] === z_root()) - $sql = " where (( " . $col . " & " . PERMS_NETWORK . " ) or ( " . $col . " & " . PERMS_SITE . " ) or ( " . $col . " & " . PERMS_PUBLIC . ")) "; + $sql = " where (( " . $col . " & " . PERMS_NETWORK . " )>0 or ( " . $col . " & " . PERMS_SITE . " )>0 or ( " . $col . " & " . PERMS_PUBLIC . ")>0) "; else - $sql = " where (( " . $col . " & " . PERMS_NETWORK . " ) or ( " . $col . " & " . PERMS_PUBLIC . ")) "; + $sql = " where (( " . $col . " & " . PERMS_NETWORK . " )>0 or ( " . $col . " & " . PERMS_PUBLIC . ")>0) "; $r = q("select channel_hash as hash from channel $sql or channel_hash = '%s' ", @@ -1288,7 +1290,7 @@ function public_recips($msg) { if(! $r) $r = array(); - $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_PENDING . " ) OR (( " . $col . " & " . PERMS_CONTACTS . " ) and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )) ", + $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " )>0 and (( " . $col . " & " . PERMS_SPECIFIC . " )>0 and ( abook_my_perms & " . $field . " )>0) OR ( " . $col . " & " . PERMS_PENDING . " )>0 OR (( " . $col . " & " . PERMS_CONTACTS . " )>0 and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )>0) ", dbesc($msg['notify']['sender']['hash']) ); @@ -1364,7 +1366,7 @@ function allowed_public_recips($msg) { $condensed_recips[] = $rr['hash']; $results = array(); - $r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & %d ) ", + $r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & %d )>0 ", dbesc($hash), intval(PAGE_REMOVED) ); @@ -1599,7 +1601,7 @@ function remove_community_tag($sender,$arr,$uid) { return; } - $x = q("delete from term where uid = %d and oid = %d and otype = %d and type = %d and term = '%s' and url = '%s' limit 1", + $x = q("delete from term where uid = %d and oid = %d and otype = %d and type = %d and term = '%s' and url = '%s'", intval($uid), intval($r[0]['id']), intval(TERM_OBJ_POST), @@ -1693,7 +1695,7 @@ function process_mail_delivery($sender,$arr,$deliveries) { ); if($r) { if($arr['mail_flags'] & MAIL_RECALLED) { - $x = q("delete from mail where id = %d and channel_id = %d limit 1", + $x = q("delete from mail where id = %d and channel_id = %d", intval($r[0]['id']), intval($channel['channel_id']) ); @@ -1819,7 +1821,7 @@ function sync_locations($sender,$arr,$absolute = false) { // This only happens when called from import_xchan if(array_key_exists('site',$arr) && $location['url'] == $arr['site']['url']) { - q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d limit 1", + q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), intval($r[0]['hubloc_id']) @@ -1831,17 +1833,17 @@ function sync_locations($sender,$arr,$absolute = false) { // the directory server if the site is alive. if($r[0]['hubloc_status'] & HUBLOC_OFFLINE) { - q("update hubloc set hubloc_status = (hubloc_status ^ %d) where hubloc_id = %d limit 1", + q("update hubloc set hubloc_status = (hubloc_status & ~%d) where hubloc_id = %d", intval(HUBLOC_OFFLINE), intval($r[0]['hubloc_id']) ); if($r[0]['hubloc_flags'] & HUBLOC_FLAGS_ORPHANCHECK) { - q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where hubloc_id = %d limit 1", + q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where hubloc_id = %d", intval(HUBLOC_FLAGS_ORPHANCHECK), intval($r[0]['hubloc_id']) ); } - q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1", + q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'", intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN), dbesc($sender['hash']) @@ -1851,7 +1853,7 @@ function sync_locations($sender,$arr,$absolute = false) { // Remove pure duplicates if(count($r) > 1) { for($h = 1; $h < count($r); $h ++) { - q("delete from hubloc where hubloc_id = %d limit 1", + q("delete from hubloc where hubloc_id = %d", intval($r[$h]['hubloc_id']) ); $what .= 'duplicate_hubloc_removed '; @@ -1861,7 +1863,7 @@ function sync_locations($sender,$arr,$absolute = false) { if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) && (! $location['primary'])) || ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY)) && ($location['primary']))) { - $m = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1", + $m = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d", intval(HUBLOC_FLAGS_PRIMARY), dbesc(datetime_convert()), intval($r[0]['hubloc_id']) @@ -1882,7 +1884,7 @@ function sync_locations($sender,$arr,$absolute = false) { } if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_DELETED) && (! $location['deleted'])) || ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_DELETED)) && ($location['deleted']))) { - $n = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1", + $n = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d", intval(HUBLOC_FLAGS_DELETED), dbesc(datetime_convert()), intval($r[0]['hubloc_id']) @@ -1897,7 +1899,7 @@ function sync_locations($sender,$arr,$absolute = false) { // New hub claiming to be primary. Make it so by removing any existing primaries. if(intval($location['primary'])) { - $r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_hash = '%s' and (hubloc_flags & %d )", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_hash = '%s' and (hubloc_flags & %d )>0", intval(HUBLOC_FLAGS_PRIMARY), dbesc(datetime_convert()), dbesc($sender['hash']), @@ -1940,7 +1942,7 @@ function sync_locations($sender,$arr,$absolute = false) { foreach($xisting as $x) { if(! array_key_exists('updated',$x)) { logger('sync_locations: deleting unreferenced hub location ' . $x['hubloc_url']); - $r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d", intval(HUBLOC_FLAGS_DELETED), dbesc(datetime_convert()), intval($x['hubloc_id']) @@ -2034,7 +2036,7 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_ if(in_arrayi('nsfw',$clean) || in_arrayi('adult',$clean)) { - q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s' limit 1", + q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'", intval(XCHAN_FLAGS_SELFCENSORED), dbesc($hash) ); @@ -2069,7 +2071,7 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_ xprof_homepage = '%s', xprof_hometown = '%s', xprof_keywords = '%s' - where xprof_hash = '%s' limit 1", + where xprof_hash = '%s'", dbesc($arr['xprof_desc']), dbesc($arr['xprof_dob']), intval($arr['xprof_age']), @@ -2139,7 +2141,7 @@ function import_directory_keywords($hash,$keywords) { foreach($existing as $x) { if(! in_array($x,$clean)) - $r = q("delete from xtag where xtag_hash = '%s' and xtag_term = '%s' limit 1", + $r = q("delete from xtag where xtag_hash = '%s' and xtag_term = '%s'", dbesc($hash), dbesc($x) ); @@ -2171,7 +2173,7 @@ function update_modtime($hash,$guid,$addr,$flags = 0) { ); } else { - q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) ", + q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ", intval(UPDATE_FLAGS_UPDATED), dbesc($addr), intval(UPDATE_FLAGS_UPDATED) @@ -2262,7 +2264,7 @@ function import_site($arr,$pubkey) { // logger('import_site: stored: ' . print_r($siterecord,true)); $r = q("update site set site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s' - where site_url = '%s' limit 1", + where site_url = '%s'", dbesc($site_location), intval($site_directory), intval($access_policy), @@ -2478,7 +2480,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { if(count($clean)) { foreach($clean as $k => $v) { $r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) - . "' where channel_id = " . intval($channel['channel_id']) . " limit 1"); + . "' where channel_id = " . intval($channel['channel_id']) ); } } } @@ -2509,7 +2511,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']); require_once('include/Contact.php'); - $r = q("select abook_id, abook_flags from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1", + $r = q("select abook_id, abook_flags from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d )>0 limit 1", dbesc($abook['abook_xchan']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF) @@ -2587,8 +2589,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { if(count($clean)) { foreach($clean as $k => $v) { $r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v) - . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id']) - . " limit 1"); + . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id'])); } } } @@ -2613,7 +2614,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { if(($y['name'] != $cl['name']) || ($y['visible'] != $cl['visible']) || ($y['deleted'] != $cl['deleted'])) { - q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d limit 1", + q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d", dbesc($cl['name']), intval($cl['visible']), intval($cl['deleted']), @@ -2656,7 +2657,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { q("delete from group_member where gid = %d", intval($y['id']) ); - q("update groups set deleted = 1 where id = %d and uid = %d limit 1", + q("update groups set deleted = 1 where id = %d and uid = %d", intval($y['id']), intval($channel['channel_id']) ); @@ -2719,7 +2720,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { foreach($m as $mm) { // if the local existing member isn't in the list we just received - remove them if(! in_array($mm['xchan'],$members[$y['hash']])) { - q("delete from group_member where xchan = '%s' and gid = %d and uid = %d limit 1", + q("delete from group_member where xchan = '%s' and gid = %d and uid = %d", dbesc($mm['xchan']), intval($y['id']), intval($channel['channel_id']) @@ -2765,8 +2766,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { if(count($clean)) { foreach($clean as $k => $v) { $r = dbq("UPDATE profile set " . dbesc($k) . " = '" . dbesc($v) - . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id']) - . " limit 1"); + . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id'])); } } } @@ -2791,7 +2791,7 @@ function get_rpost_path($observer) { function import_author_zot($x) { $hash = make_xchan_hash($x['guid'],$x['guid_sig']); - $r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d) limit 1", + $r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d)>0 limit 1", dbesc($x['guid']), dbesc($x['guid_sig']), intval(HUBLOC_FLAGS_PRIMARY) @@ -2840,8 +2840,8 @@ function zot_process_message_request($data) { $env_recips = null; $r = q("select hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host - from hubloc where hubloc_hash = '" . dbesc($sender_hash) . "' and not (hubloc_flags & %d) - and not (hubloc_status & %d) group by hubloc_sitekey", + from hubloc where hubloc_hash = '" . dbesc($sender_hash) . "' and not (hubloc_flags & %d)>0 + and not (hubloc_status & %d)>0 group by hubloc_sitekey", intval(HUBLOC_FLAGS_DELETED), intval(HUBLOC_OFFLINE) ); |