diff options
-rw-r--r-- | Zotlabs/Module/Profile_photo.php | 2 | ||||
-rw-r--r-- | include/attach.php | 19 | ||||
-rw-r--r-- | include/message.php | 7 | ||||
-rw-r--r-- | include/photos.php | 3 |
4 files changed, 17 insertions, 14 deletions
diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index 231b80bcf..5b88f67f5 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -243,7 +243,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { } } - $imagedata = (($os_storage) ? @file_get_contents($imagedata) : $imagedata); + $imagedata = (($os_storage) ? @file_get_contents(dbunescbin($imagedata)) : dbunescbin($imagedata)); $ph = photo_factory($imagedata, $filetype); if(! $ph->is_valid()) { diff --git a/include/attach.php b/include/attach.php index e2e214ce3..9394c6366 100644 --- a/include/attach.php +++ b/include/attach.php @@ -727,7 +727,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { intval($filesize), intval(1), intval($is_photo), - dbesc($os_basepath . $os_relpath), + dbescbin($os_basepath . $os_relpath), dbesc($created), dbesc($os_path), dbesc($display_path), @@ -749,7 +749,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { intval($x[0]['revision'] + 1), intval(1), intval($is_photo), - dbesc($os_basepath . $os_relpath), + dbescbin($os_basepath . $os_relpath), dbesc($created), dbesc($created), dbesc($os_path), @@ -794,7 +794,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { intval(0), intval(1), intval($is_photo), - dbesc($os_basepath . $os_relpath), + dbescbin($os_basepath . $os_relpath), dbesc($created), dbesc($created), dbesc($os_path), @@ -1060,7 +1060,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { dbesc($arr['folder']), intval(1), intval(1), - dbesc($path), + dbescbin($path), dbesc($created), dbesc($created), dbesc($os_path), @@ -1306,6 +1306,7 @@ function attach_delete($channel_id, $resource, $is_photo = 0) { ); if($y) { + $y[0]['content'] = dbunescbin($y[0]['content']); if(strpos($y[0]['content'],'store') === false) $f = 'store/' . $channel_address . '/' . $y[0]['content']; else @@ -1912,7 +1913,7 @@ function attach_export_data($channel, $resource_id, $deleted = false) { ); if($r) { for($x = 0; $x < count($r); $x ++) { - $r[$x]['content'] = base64_encode($r[$x]['content']); + $r[$x]['content'] = base64_encode(dbunescbin($r[$x]['content'])); } $ret['photo'] = $r; } @@ -2099,7 +2100,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { if(! $r) return false; - $oldstorepath = $r[0]['content']; + $oldstorepath = dbunescbin($r[0]['content']); if($new_folder_hash) { $n = q("select * from attach where hash = '%s' and uid = %d limit 1", @@ -2110,7 +2111,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { return; $newdirname = $n[0]['filename']; - $newstorepath = $n[0]['content'] . '/' . $resource_id; + $newstorepath = dbunescbin($n[0]['content']) . '/' . $resource_id; } else { $newstorepath = 'store/' . $c['channel_address'] . '/' . $resource_id; @@ -2172,7 +2173,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { } $t = q("update attach set content = '%s', folder = '%s', filename = '%s' where id = %d", - dbesc($newstorepath), + dbescbin($newstorepath), dbesc($new_folder_hash), dbesc($filename), intval($r[0]['id']) @@ -2187,7 +2188,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { ); $t = q("update photo set content = '%s' where resource_id = '%s' and uid = %d and imgscale = 0", - dbesc($newstorepath), + dbescbin($newstorepath), dbesc($resource_id), intval($channel_id) ); diff --git a/include/message.php b/include/message.php index f5821490d..7cbea3c6b 100644 --- a/include/message.php +++ b/include/message.php @@ -187,10 +187,10 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' if($body) $body = str_rot47(base64url_encode($body)); + $sig = ''; // placeholder - - $r = q("INSERT INTO mail ( account_id, conv_guid, mail_obscured, channel_id, from_xchan, to_xchan, title, body, attach, mid, parent_mid, created, expires, mail_isreply ) - VALUES ( %d, '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )", + $r = q("INSERT INTO mail ( account_id, conv_guid, mail_obscured, channel_id, from_xchan, to_xchan, title, body, sig, attach, mid, parent_mid, created, expires, mail_isreply ) + VALUES ( %d, '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), dbesc($conv_guid), intval(1), @@ -199,6 +199,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' dbesc($recipient), dbesc($subject), dbesc($body), + dbesc($sig), dbesc($jattach), dbesc($mid), dbesc($replyto), diff --git a/include/photos.php b/include/photos.php index e8f46048c..5e4d755e3 100644 --- a/include/photos.php +++ b/include/photos.php @@ -28,7 +28,8 @@ function photo_upload($channel, $observer, $args) { return $ret; } -// call_hooks('photo_upload_begin', $args); + +//call_hooks('photo_upload_begin', $args); /* * Determine the album to use |