From e1b85a361cf53fd7bb79ef24d9d5b0dfb145fccf Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Mon, 4 Jun 2018 16:36:13 -0700
Subject: photos not syncing properly if destination is a postgres site

---
 include/import.php | 13 ++++++++-----
 include/text.php   | 28 ++++++++++++++++++++--------
 2 files changed, 28 insertions(+), 13 deletions(-)

(limited to 'include')

diff --git a/include/import.php b/include/import.php
index ae6a0ab6a..91a26b23b 100644
--- a/include/import.php
+++ b/include/import.php
@@ -1326,20 +1326,23 @@ function sync_files($channel, $files) {
 					);
 
 					if($exists) {
-						if(! dbesc_array($p))
-							continue;
 
 						$str = '';
 						foreach($p as $k => $v) {
+							$matches = false;
+							if(preg_match('/([^a-zA-Z0-9\-\_\.])/',$k,$matches)) {
+								continue;
+							}
+
 							if($str)
 								$str .= ",";
-
-							$str .= " " . TQUOT . $k . TQUOT . " = '" . $v . "' ";
+							
+							$str .= " " . TQUOT . $k . TQUOT . " = '" . (($k === 'content') ? dbescbin($v) : dbesc($v)) . "' ";
 						}
 						$r = dbq("update photo set " . $str . " where id = " . intval($exists[0]['id']) );
 					}
 					else {
-						create_table_from_array('photo',$p);
+						create_table_from_array('photo',$p, [ 'content' ] );
 					}
 				}
 			}
diff --git a/include/text.php b/include/text.php
index 4a84c09f8..a8c28d7bd 100644
--- a/include/text.php
+++ b/include/text.php
@@ -3186,21 +3186,33 @@ function array2XML($obj, $array) {
  *
  * @param string $table
  * @param array $arr
+ * @param array $binary_fields - fields which will be cleansed with dbescbin rather than dbesc; this is critical for postgres
  * @return boolean|PDOStatement
  */
-function create_table_from_array($table, $arr) {
+function create_table_from_array($table, $arr, $binary_fields = []) {
 
 	if(! ($arr && $table))
 		return false;
 
-	if(dbesc_array($arr)) {
-		$r = dbq("INSERT INTO " . TQUOT . $table . TQUOT . " (" . TQUOT
-			. implode(TQUOT . ', ' . TQUOT, array_keys($arr))
-			. TQUOT . ") VALUES ('"
-			. implode("', '", array_values($arr))
-			. "')"
-		);
+	$clean = [];
+	foreach($arr as $k => $v) {
+		$matches = false;
+		if(preg_match('/([^a-zA-Z0-9\-\_\.])/',$k,$matches)) {
+			return false;
+		}
+		if(in_array($k,$binary_fields)) {
+			$clean[$k] = dbescbin($v);
+		}
+		else {
+			$clean[$k] = dbesc($v);
+		}
 	}
+	$r = dbq("INSERT INTO " . TQUOT . $table . TQUOT . " (" . TQUOT
+		. implode(TQUOT . ', ' . TQUOT, array_keys($clean))
+		. TQUOT . ") VALUES ('"
+		. implode("', '", array_values($clean))
+		. "')"
+	);
 
 	return $r;
 }
-- 
cgit v1.2.3