diff options
Diffstat (limited to 'include/text.php')
| -rw-r--r-- | include/text.php | 80 |
1 files changed, 71 insertions, 9 deletions
diff --git a/include/text.php b/include/text.php index 34063cdd7..a8c28d7bd 100644 --- a/include/text.php +++ b/include/text.php @@ -3186,21 +3186,33 @@ function array2XML($obj, $array) { * * @param string $table * @param array $arr + * @param array $binary_fields - fields which will be cleansed with dbescbin rather than dbesc; this is critical for postgres * @return boolean|PDOStatement */ -function create_table_from_array($table, $arr) { +function create_table_from_array($table, $arr, $binary_fields = []) { if(! ($arr && $table)) return false; - if(dbesc_array($arr)) { - $r = dbq("INSERT INTO " . TQUOT . $table . TQUOT . " (" . TQUOT - . implode(TQUOT . ', ' . TQUOT, array_keys($arr)) - . TQUOT . ") VALUES ('" - . implode("', '", array_values($arr)) - . "')" - ); + $clean = []; + foreach($arr as $k => $v) { + $matches = false; + if(preg_match('/([^a-zA-Z0-9\-\_\.])/',$k,$matches)) { + return false; + } + if(in_array($k,$binary_fields)) { + $clean[$k] = dbescbin($v); + } + else { + $clean[$k] = dbesc($v); + } } + $r = dbq("INSERT INTO " . TQUOT . $table . TQUOT . " (" . TQUOT + . implode(TQUOT . ', ' . TQUOT, array_keys($clean)) + . TQUOT . ") VALUES ('" + . implode("', '", array_values($clean)) + . "')" + ); return $r; } @@ -3333,4 +3345,54 @@ function unique_multidim_array($array, $key) { $i++; } return $temp_array; -} +} + +function get_forum_channels($uid) { + + if(! $uid) + return; + + $xf = false; + + $x1 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'send_stream' and v = '0'", + intval($uid) + ); + if($x1) { + $xc = ids_to_querystr($x1,'xchan',true); + + $x2 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'tag_deliver' and v = '1' and xchan in (" . $xc . ") ", + intval($uid) + ); + + if($x2) { + $xf = ids_to_querystr($x2,'xchan',true); + + // private forums + $x3 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'post_wall' and v = '1' and xchan in (" . $xc . ") and not xchan in (" . $xf . ") ", + intval(local_channel()) + ); + if($x3) { + $xf = ids_to_querystr(array_merge($x2,$x3),'xchan',true); + } + } + } + + $sql_extra = (($xf) ? " and ( xchan_hash in (" . $xf . ") or xchan_pubforum = 1 ) " : " and xchan_pubforum = 1 "); + + $r = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_deleted = 0 and abook_channel = %d and abook_pending = 0 and abook_ignored = 0 and abook_blocked = 0 and abook_archived = 0 $sql_extra order by xchan_name", + intval($uid) + ); + + for($x = 0; $x < count($r); $x ++) { + if($x3) { + foreach($x3 as $xx) { + if($r[$x]['xchan_hash'] == $xx['xchan']) { + $r[$x]['private_forum'] = 1; + } + } + } + } + + return $r; + +} |