aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Module/Profile_photo.php2
-rw-r--r--include/attach.php19
-rw-r--r--include/message.php7
-rw-r--r--include/photos.php3
4 files changed, 17 insertions, 14 deletions
diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php
index 231b80bcf..5b88f67f5 100644
--- a/Zotlabs/Module/Profile_photo.php
+++ b/Zotlabs/Module/Profile_photo.php
@@ -243,7 +243,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
}
}
- $imagedata = (($os_storage) ? @file_get_contents($imagedata) : $imagedata);
+ $imagedata = (($os_storage) ? @file_get_contents(dbunescbin($imagedata)) : dbunescbin($imagedata));
$ph = photo_factory($imagedata, $filetype);
if(! $ph->is_valid()) {
diff --git a/include/attach.php b/include/attach.php
index e2e214ce3..9394c6366 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -727,7 +727,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
intval($filesize),
intval(1),
intval($is_photo),
- dbesc($os_basepath . $os_relpath),
+ dbescbin($os_basepath . $os_relpath),
dbesc($created),
dbesc($os_path),
dbesc($display_path),
@@ -749,7 +749,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
intval($x[0]['revision'] + 1),
intval(1),
intval($is_photo),
- dbesc($os_basepath . $os_relpath),
+ dbescbin($os_basepath . $os_relpath),
dbesc($created),
dbesc($created),
dbesc($os_path),
@@ -794,7 +794,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
intval(0),
intval(1),
intval($is_photo),
- dbesc($os_basepath . $os_relpath),
+ dbescbin($os_basepath . $os_relpath),
dbesc($created),
dbesc($created),
dbesc($os_path),
@@ -1060,7 +1060,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
dbesc($arr['folder']),
intval(1),
intval(1),
- dbesc($path),
+ dbescbin($path),
dbesc($created),
dbesc($created),
dbesc($os_path),
@@ -1306,6 +1306,7 @@ function attach_delete($channel_id, $resource, $is_photo = 0) {
);
if($y) {
+ $y[0]['content'] = dbunescbin($y[0]['content']);
if(strpos($y[0]['content'],'store') === false)
$f = 'store/' . $channel_address . '/' . $y[0]['content'];
else
@@ -1912,7 +1913,7 @@ function attach_export_data($channel, $resource_id, $deleted = false) {
);
if($r) {
for($x = 0; $x < count($r); $x ++) {
- $r[$x]['content'] = base64_encode($r[$x]['content']);
+ $r[$x]['content'] = base64_encode(dbunescbin($r[$x]['content']));
}
$ret['photo'] = $r;
}
@@ -2099,7 +2100,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) {
if(! $r)
return false;
- $oldstorepath = $r[0]['content'];
+ $oldstorepath = dbunescbin($r[0]['content']);
if($new_folder_hash) {
$n = q("select * from attach where hash = '%s' and uid = %d limit 1",
@@ -2110,7 +2111,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) {
return;
$newdirname = $n[0]['filename'];
- $newstorepath = $n[0]['content'] . '/' . $resource_id;
+ $newstorepath = dbunescbin($n[0]['content']) . '/' . $resource_id;
}
else {
$newstorepath = 'store/' . $c['channel_address'] . '/' . $resource_id;
@@ -2172,7 +2173,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) {
}
$t = q("update attach set content = '%s', folder = '%s', filename = '%s' where id = %d",
- dbesc($newstorepath),
+ dbescbin($newstorepath),
dbesc($new_folder_hash),
dbesc($filename),
intval($r[0]['id'])
@@ -2187,7 +2188,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) {
);
$t = q("update photo set content = '%s' where resource_id = '%s' and uid = %d and imgscale = 0",
- dbesc($newstorepath),
+ dbescbin($newstorepath),
dbesc($resource_id),
intval($channel_id)
);
diff --git a/include/message.php b/include/message.php
index f5821490d..7cbea3c6b 100644
--- a/include/message.php
+++ b/include/message.php
@@ -187,10 +187,10 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
if($body)
$body = str_rot47(base64url_encode($body));
+ $sig = ''; // placeholder
-
- $r = q("INSERT INTO mail ( account_id, conv_guid, mail_obscured, channel_id, from_xchan, to_xchan, title, body, attach, mid, parent_mid, created, expires, mail_isreply )
- VALUES ( %d, '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )",
+ $r = q("INSERT INTO mail ( account_id, conv_guid, mail_obscured, channel_id, from_xchan, to_xchan, title, body, sig, attach, mid, parent_mid, created, expires, mail_isreply )
+ VALUES ( %d, '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )",
intval($channel['channel_account_id']),
dbesc($conv_guid),
intval(1),
@@ -199,6 +199,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
dbesc($recipient),
dbesc($subject),
dbesc($body),
+ dbesc($sig),
dbesc($jattach),
dbesc($mid),
dbesc($replyto),
diff --git a/include/photos.php b/include/photos.php
index e8f46048c..5e4d755e3 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -28,7 +28,8 @@ function photo_upload($channel, $observer, $args) {
return $ret;
}
-// call_hooks('photo_upload_begin', $args);
+
+//call_hooks('photo_upload_begin', $args);
/*
* Determine the album to use