diff options
| -rw-r--r-- | boot.php | 6 | ||||
| -rw-r--r-- | include/text.php | 6 | ||||
| -rw-r--r-- | mod/network.php | 16 |
3 files changed, 20 insertions, 8 deletions
@@ -30,6 +30,12 @@ define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); define ( 'JPEG_QUALITY', 100 ); /** + * Not yet used + */ + +define ( 'DEFAULT_DB_ENGINE', 'MyISAM' ); + +/** * SSL redirection policies */ diff --git a/include/text.php b/include/text.php index 1b5b0afd4..e3c683338 100644 --- a/include/text.php +++ b/include/text.php @@ -1524,3 +1524,9 @@ function fix_mce_lf($s) { $s = str_replace("\n\n","\n",$s); return $s; } + + +function protect_sprintf($s) { + return(str_replace('%','%%',$s)); +} + diff --git a/mod/network.php b/mod/network.php index 5655f1bfa..e59839ccc 100644 --- a/mod/network.php +++ b/mod/network.php @@ -340,7 +340,7 @@ function network_content(&$a, $update = 0) { info( t('Group is empty')); } - $sql_extra = " AND `item`.`parent` IN ( SELECT DISTINCT(`parent`) FROM `item` WHERE 1 $sql_options AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` REGEXP '<" . intval($group) . ">' ) and deleted = 0 ) "; + $sql_extra = " AND `item`.`parent` IN ( SELECT DISTINCT(`parent`) FROM `item` WHERE 1 $sql_options AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` like '" . protect_sprintf('%<' . intval($group) . '>%') . "' ) and deleted = 0 ) "; $o = '<h2>' . t('Group: ') . $r[0]['name'] . '</h2>' . $o; } elseif($cid) { @@ -398,9 +398,9 @@ function network_content(&$a, $update = 0) { if(x($_GET,'search')) { $search = escape_tags($_GET['search']); - $sql_extra .= sprintf(" AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' ) ", - dbesc(preg_quote($search)), - dbesc('\\]' . preg_quote($search) . '\\[') + $sql_extra .= sprintf(" AND ( `item`.`body` like '%s' OR `item`.`tag` like '%s' ) ", + dbesc(protect_sprintf('%' . $search . '%')), + dbesc(protect_sprintf('%]' . $search . '[%')) ); } if(strlen($file)) { @@ -412,10 +412,10 @@ function network_content(&$a, $update = 0) { $myurl = substr($myurl,strpos($myurl,'://')+3); $myurl = str_replace(array('www.','.'),array('','\\.'),$myurl); $diasp_url = str_replace('/profile/','/u/',$myurl); - $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` regexp '%s' or `tag` regexp '%s' or tag regexp '%s' )) ", - dbesc($myurl . '$'), - dbesc($myurl . '\\]'), - dbesc($diasp_url . '\\]') + $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ", + dbesc(protect_sprintf('%s' . $myurl)), + dbesc(protect_sprintf('%' . $myurl . '\\]%')), + dbesc(protect_sprintf('%' . $diasp_url . '\\]%')) ); } |