From 16cc695115688b04dae1b3ab97aef149b17bc7e4 Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 11 Apr 2021 15:47:42 +0000 Subject: fix regression finding bookmarks --- include/text.php | 7 ------- 1 file changed, 7 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 1eaa890e0..6e6e1fc38 100644 --- a/include/text.php +++ b/include/text.php @@ -874,11 +874,7 @@ function get_tags($s) { // ignore anything in [color= ], because it may contain color codes which are mistaken for tags $s = preg_replace('/\[color=(.*?)\]/sm','',$s); - // skip anchors in URL - $s = preg_replace('/\[url=(.*?)\]/sm','',$s); - // match any double quoted tags - if(preg_match_all('/([@#\!]\"\;.*?\"\;)/',$s,$match)) { foreach($match[1] as $mtch) { $ret[] = $mtch; @@ -891,7 +887,6 @@ function get_tags($s) { } // match bracket mentions - if(preg_match_all('/([@!]\!?\{.*?\})/',$s,$match)) { foreach($match[1] as $mtch) { $ret[] = $mtch; @@ -900,7 +895,6 @@ function get_tags($s) { // Pull out single word tags. These can be @nickname, @first_last // and #hash tags. - if(preg_match_all('/(? Date: Wed, 14 Apr 2021 11:01:34 +0000 Subject: use protect_sprintf() on query strings --- include/text.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 6e6e1fc38..749e1fd70 100644 --- a/include/text.php +++ b/include/text.php @@ -3717,7 +3717,7 @@ function get_forum_channels($uid) { $xc = ids_to_querystr($x1,'xchan',true); - $x2 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'tag_deliver' and v = '1' and xchan in (" . $xc . ") ", + $x2 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'tag_deliver' and v = '1' and xchan in (" . protect_sprintf($xc) . ") ", intval($uid) ); @@ -3725,7 +3725,7 @@ function get_forum_channels($uid) { $sql_extra = (($xf) ? ' and not xchan in (' . $xf . ')' : ''); // private forums - $x3 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'post_wall' and v = '1' and xchan in (" . $xc . ") $sql_extra ", + $x3 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'post_wall' and v = '1' and xchan in (" . protect_sprintf($xc) . ") $sql_extra ", intval(local_channel()) ); if($x3) { @@ -3733,7 +3733,7 @@ function get_forum_channels($uid) { } // public forums with no permission to post - $x4 = q("select xchan from abconfig left join xchan on xchan = xchan_hash where chan = %d and cat = 'their_perms' and k in ('post_wall', 'tag_deliver') and v = '0' and xchan in (" . $xc . ") and xchan_pubforum = 1 $sql_extra ", + $x4 = q("select xchan from abconfig left join xchan on xchan = xchan_hash where chan = %d and cat = 'their_perms' and k in ('post_wall', 'tag_deliver') and v = '0' and xchan in (" . protect_sprintf($xc) . ") and xchan_pubforum = 1 $sql_extra ", intval(local_channel()) ); if($x4) { @@ -3742,7 +3742,7 @@ function get_forum_channels($uid) { } - $sql_extra_1 = (($xf) ? " and ( xchan_hash in (" . $xf . ") or xchan_pubforum = 1 ) " : " and xchan_pubforum = 1 "); + $sql_extra_1 = (($xf) ? " and ( xchan_hash in (" . protect_sprintf($xf) . ") or xchan_pubforum = 1 ) " : " and xchan_pubforum = 1 "); $r = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_addr, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_deleted = 0 and abook_channel = %d and abook_pending = 0 and abook_ignored = 0 and abook_blocked = 0 and abook_archived = 0 $sql_extra_1 order by xchan_name", intval($uid) -- cgit v1.2.3