aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Module/Feed.php9
-rw-r--r--Zotlabs/Module/Ofeed.php9
-rwxr-xr-xinclude/items.php7
-rw-r--r--include/zid.php4
4 files changed, 18 insertions, 11 deletions
diff --git a/Zotlabs/Module/Feed.php b/Zotlabs/Module/Feed.php
index 06637b6d2..36869abbe 100644
--- a/Zotlabs/Module/Feed.php
+++ b/Zotlabs/Module/Feed.php
@@ -16,12 +16,15 @@ class Feed extends \Zotlabs\Web\Controller {
$params['type'] = ((stristr(argv(0),'json')) ? 'json' : 'xml');
$params['pages'] = ((x($_REQUEST,'pages')) ? intval($_REQUEST['pages']) : 0);
$params['top'] = ((x($_REQUEST,'top')) ? intval($_REQUEST['top']) : 0);
- $params['start'] = ((x($params,'start')) ? intval($params['start']) : 0);
- $params['records'] = ((x($params,'records')) ? intval($params['records']) : 40);
- $params['direction'] = ((x($params,'direction')) ? dbesc($params['direction']) : 'desc');
+ $params['start'] = ((x($_REQUEST,'start')) ? intval($_REQUEST['start']) : 0);
+ $params['records'] = ((x($_REQUEST,'records')) ? intval($_REQUEST['records']) : 40);
+ $params['direction'] = ((x($_REQUEST,'direction')) ? dbesc($_REQUEST['direction']) : 'desc');
$params['cat'] = ((x($_REQUEST,'cat')) ? escape_tags($_REQUEST['cat']) : '');
$params['compat'] = ((x($_REQUEST,'compat')) ? intval($_REQUEST['compat']) : 0);
+ if(! in_array($params['direction'],['asc','desc'])) {
+ $params['direction'] = 'desc';
+ }
if(argc() > 1) {
diff --git a/Zotlabs/Module/Ofeed.php b/Zotlabs/Module/Ofeed.php
index 58488d4af..d18a43ae5 100644
--- a/Zotlabs/Module/Ofeed.php
+++ b/Zotlabs/Module/Ofeed.php
@@ -17,12 +17,15 @@ class Ofeed extends \Zotlabs\Web\Controller {
$params['type'] = ((stristr(argv(0),'json')) ? 'json' : 'xml');
$params['pages'] = ((x($_REQUEST,'pages')) ? intval($_REQUEST['pages']) : 0);
$params['top'] = ((x($_REQUEST,'top')) ? intval($_REQUEST['top']) : 0);
- $params['start'] = ((x($params,'start')) ? intval($params['start']) : 0);
- $params['records'] = ((x($params,'records')) ? intval($params['records']) : 10);
- $params['direction'] = ((x($params,'direction')) ? dbesc($params['direction']) : 'desc');
+ $params['start'] = ((x($_REQUEST,'start')) ? intval($_REQUEST['start']) : 0);
+ $params['records'] = ((x($_REQUEST,'records')) ? intval($_REQUEST['records']) : 10);
+ $params['direction'] = ((x($_REQUEST,'direction')) ? dbesc($_REQUEST['direction']) : 'desc');
$params['cat'] = ((x($_REQUEST,'cat')) ? escape_tags($_REQUEST['cat']) : '');
$params['compat'] = ((x($_REQUEST,'compat')) ? intval($_REQUEST['compat']) : 1);
+ if(! in_array($params['direction'],['asc','desc'])) {
+ $params['direction'] = 'desc';
+ }
if(argc() > 1) {
diff --git a/include/items.php b/include/items.php
index 722757f87..d0b9cffc9 100755
--- a/include/items.php
+++ b/include/items.php
@@ -4063,8 +4063,9 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
$item_uids = ' true ';
$item_normal = item_normal();
-
- if ($arr['uid']) $uid= $arr['uid'];
+ if($arr['uid']) {
+ $uid = $arr['uid'];
+ }
if($channel) {
$uid = $channel['channel_id'];
@@ -4226,7 +4227,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
$items = q("SELECT item.*, item.id AS item_id FROM item
WHERE $item_uids $item_restrict
$simple_update
- $sql_extra $sql_nets
+ $sql_extra $sql_nets $sql_extra3
ORDER BY item.received DESC $pager_sql"
);
diff --git a/include/zid.php b/include/zid.php
index d1a0fa88a..6ebc9a6ab 100644
--- a/include/zid.php
+++ b/include/zid.php
@@ -105,8 +105,8 @@ function strip_zats($s) {
-function clean_query_string() {
- $x = strip_zids(\App::$query_string);
+function clean_query_string($s = '') {
+ $x = strip_zids(($s) ? $s : \App::$query_string);
$x = strip_owt($x);
$x = strip_zats($x);