From 341f3d0ea5958be569721254a1713f5d103f010a Mon Sep 17 00:00:00 2001 From: Alexei Sorokin Date: Sun, 26 Jul 2020 15:28:05 +0300 Subject: [PATCH] [DATABASE] Fix more incorrect uses of quotation in SQL --- classes/Local_group.php | 8 +++--- plugins/FeedPoller/lib/feedpoll.php | 40 +++++++++++++++++++++-------- scripts/upgrade.php | 9 ++++--- 3 files changed, 40 insertions(+), 17 deletions(-) diff --git a/classes/Local_group.php b/classes/Local_group.php index 772b6fb4bf..cd95998029 100644 --- a/classes/Local_group.php +++ b/classes/Local_group.php @@ -74,9 +74,11 @@ class Local_group extends Managed_DataObject public function setNickname($nickname) { $this->decache(); - $qry = 'UPDATE local_group set nickname = "'.$this->escape($nickname).'" where group_id = ' . $this->group_id; - - $result = $this->query($qry); + $result = $this->query(sprintf( + 'UPDATE local_group SET nickname = %1$s WHERE group_id = %2$d;', + $this->_quote($nickname), + $this->group_id + )); if ($result) { $this->nickname = $nickname; diff --git a/plugins/FeedPoller/lib/feedpoll.php b/plugins/FeedPoller/lib/feedpoll.php index 2271e5c6a9..f5ac89b1eb 100644 --- a/plugins/FeedPoller/lib/feedpoll.php +++ b/plugins/FeedPoller/lib/feedpoll.php @@ -1,38 +1,56 @@ . + /** * Store last poll time in db, then check if they should be renewed (if so, enqueue). * Can be called from a queue handler on a per-feed status to poll stuff. * * Used as internal feed polling mechanism (atom/rss) * - * @category OStatus - * @package GNUsocial - * @author Mikael Nordfeldth - * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 - * @link http://www.gnu.org/software/social/ + * @category OStatus + * @package GNUsocial + * @author Mikael Nordfeldth + * @copyright 2015 Free Software Foundation http://fsf.org + * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later */ -if (!defined('GNUSOCIAL')) { exit(1); } +defined('GNUSOCIAL') || die(); -class FeedPoll { +class FeedPoll +{ const DEFAULT_INTERVAL = 5; // in minutes const QUEUE_CHECK = 'feedpoll-check'; // TODO: Find some smart way to add feeds only once, so they don't get more than 1 feedpoll in the queue each // probably through sub_start sub_end trickery. - public static function enqueueNewFeeds(array $args=array()) { + public static function enqueueNewFeeds(array $args = []) + { if (!isset($args['interval']) || !is_int($args['interval']) || $args['interval']<=0) { $args['interval'] = self::DEFAULT_INTERVAL; } - $args['interval'] *= 60; // minutes to seconds - $feedsub = new FeedSub(); $feedsub->sub_state = 'nohub'; // Find feeds that haven't been polled within the desired interval, // though perhaps we're abusing the "last_update" field here? - $feedsub->whereAdd(sprintf('last_update < "%s"', common_sql_date(time()-$args['interval']))); + $feedsub->whereAdd(sprintf( + "last_update < CURRENT_TIMESTAMP - INTERVAL '%d' MINUTE", + $args['interval'] + )); $feedsub->find(); $qm = QueueManager::get(); diff --git a/scripts/upgrade.php b/scripts/upgrade.php index 9f4db803e2..8b384c02f0 100755 --- a/scripts/upgrade.php +++ b/scripts/upgrade.php @@ -361,9 +361,12 @@ function initNoticeReshare() printfnq("Ensuring all reshares have the correct verb and object-type..."); $notice = new Notice(); - $notice->whereAdd('repeat_of is not null'); - $notice->whereAdd('(verb <> "' . ActivityVerb::SHARE - . '" OR object_type <> "' . ActivityObject::ACTIVITY . '")'); + $notice->whereAdd('repeat_of IS NOT NULL'); + $notice->whereAdd(sprintf( + '(verb <> %1$s OR object_type <> %2$s)', + $notice->_quote(ActivityVerb::SHARE), + $notice->_quote(ActivityObject::ACTIVITY) + )); if ($notice->find()) { while ($notice->fetch()) {