diff options
| -rw-r--r-- | Zotlabs/Module/Mail.php | 4 | ||||
| -rw-r--r-- | include/message.php | 6 | ||||
| -rw-r--r-- | include/text.php | 2 |
3 files changed, 6 insertions, 6 deletions
diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php index 12f3b8152..b58b169d0 100644 --- a/Zotlabs/Module/Mail.php +++ b/Zotlabs/Module/Mail.php @@ -19,7 +19,7 @@ class Mail extends \Zotlabs\Web\Controller { $replyto = ((x($_REQUEST,'replyto')) ? notags(trim($_REQUEST['replyto'])) : ''); $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : ''); $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : ''); - $recipient = ((x($_REQUEST,'messageto')) ? notags(trim($_REQUEST['messageto'])) : ''); + $recipient = ((x($_REQUEST,'messageto')) ? notags(trim(urldecode($_REQUEST['messageto']))) : ''); $rstr = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : ''); $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0); $expires = ((x($_REQUEST,'expires')) ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : NULL_DATE); @@ -124,7 +124,7 @@ class Mail extends \Zotlabs\Web\Controller { // We have a local_channel, let send_message use the session channel and save a lookup $ret = send_message(0, $recipient, $body, $subject, $replyto, $expires, $mimetype, $raw); - + if($ret['success']) { xchan_mail_query($ret['mail']); build_sync_packet(0,array('conv' => array($ret['conv']),'mail' => array(encode_mail($ret['mail'],true)))); diff --git a/include/message.php b/include/message.php index 3f003e020..477c7172c 100644 --- a/include/message.php +++ b/include/message.php @@ -381,7 +381,7 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $chans[] = $s; } - $c = q("select * from xchan where xchan_hash in (" . implode(',',$chans) . ")"); + $c = q("select * from xchan where xchan_hash in (" . protect_sprintf(implode(',',$chans)) . ")"); foreach($r as $k => $rr) { $r[$k]['from'] = find_xchan_in_array($rr['from_xchan'],$c); @@ -420,7 +420,7 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee $chans[] = $s; } - $c = q("select * from xchan where xchan_hash in (" . implode(',',$chans) . ")"); + $c = q("select * from xchan where xchan_hash in (" . protect_sprintf(implode(',',$chans)) . ")"); foreach($messages as $k => $message) { $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); @@ -545,7 +545,7 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda } - $c = q("select * from xchan where xchan_hash in (" . implode(',',$chans) . ")"); + $c = q("select * from xchan where xchan_hash in (" . protect_sprintf(implode(',',$chans)) . ")"); foreach($messages as $k => $message) { $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); diff --git a/include/text.php b/include/text.php index d81b59d75..746c35679 100644 --- a/include/text.php +++ b/include/text.php @@ -2160,7 +2160,7 @@ function xchan_mail_query(&$item) { if(count($arr)) { $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash - where xchan_hash in (" . implode(',', $arr) . ") and hubloc_primary = 1"); + where xchan_hash in (" . protect_sprintf(implode(',', $arr)) . ") and hubloc_primary = 1"); } if($chans) { $item['from'] = find_xchan_in_array($item['from_xchan'],$chans); |