diff options
| author | Vasudev Kamath <kamathvasudev@gmail.com> | 2012-05-12 12:10:09 +0530 |
|---|---|---|
| committer | Vasudev Kamath <kamathvasudev@gmail.com> | 2012-05-12 12:10:09 +0530 |
| commit | 10db2f00f9f90cb7ee9fbd94a5c986427de779c2 (patch) | |
| tree | 9504ad13c592621521f7051fb06b5ca81ce1d757 /mod/network.php | |
| parent | b5e857c0e7ccf4ef3d33e5b6d0a4325b693a8e80 (diff) | |
| parent | 2454028ef61a3ea1dd8308896c8bbf1f04f97ac9 (diff) | |
| download | volse-hubzilla-10db2f00f9f90cb7ee9fbd94a5c986427de779c2.tar.gz volse-hubzilla-10db2f00f9f90cb7ee9fbd94a5c986427de779c2.tar.bz2 volse-hubzilla-10db2f00f9f90cb7ee9fbd94a5c986427de779c2.zip | |
Merge branch 'master' of git://github.com/friendica/friendica
Diffstat (limited to 'mod/network.php')
| -rw-r--r-- | mod/network.php | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/mod/network.php b/mod/network.php index 5655f1bfa..e59839ccc 100644 --- a/mod/network.php +++ b/mod/network.php @@ -340,7 +340,7 @@ function network_content(&$a, $update = 0) { info( t('Group is empty')); } - $sql_extra = " AND `item`.`parent` IN ( SELECT DISTINCT(`parent`) FROM `item` WHERE 1 $sql_options AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` REGEXP '<" . intval($group) . ">' ) and deleted = 0 ) "; + $sql_extra = " AND `item`.`parent` IN ( SELECT DISTINCT(`parent`) FROM `item` WHERE 1 $sql_options AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` like '" . protect_sprintf('%<' . intval($group) . '>%') . "' ) and deleted = 0 ) "; $o = '<h2>' . t('Group: ') . $r[0]['name'] . '</h2>' . $o; } elseif($cid) { @@ -398,9 +398,9 @@ function network_content(&$a, $update = 0) { if(x($_GET,'search')) { $search = escape_tags($_GET['search']); - $sql_extra .= sprintf(" AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' ) ", - dbesc(preg_quote($search)), - dbesc('\\]' . preg_quote($search) . '\\[') + $sql_extra .= sprintf(" AND ( `item`.`body` like '%s' OR `item`.`tag` like '%s' ) ", + dbesc(protect_sprintf('%' . $search . '%')), + dbesc(protect_sprintf('%]' . $search . '[%')) ); } if(strlen($file)) { @@ -412,10 +412,10 @@ function network_content(&$a, $update = 0) { $myurl = substr($myurl,strpos($myurl,'://')+3); $myurl = str_replace(array('www.','.'),array('','\\.'),$myurl); $diasp_url = str_replace('/profile/','/u/',$myurl); - $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` regexp '%s' or `tag` regexp '%s' or tag regexp '%s' )) ", - dbesc($myurl . '$'), - dbesc($myurl . '\\]'), - dbesc($diasp_url . '\\]') + $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ", + dbesc(protect_sprintf('%s' . $myurl)), + dbesc(protect_sprintf('%' . $myurl . '\\]%')), + dbesc(protect_sprintf('%' . $diasp_url . '\\]%')) ); } |