[DATABASE] Fix more incorrect uses of quotation in SQL

This commit is contained in:
Alexei Sorokin 2020-07-26 15:28:05 +03:00
parent 579120df70
commit 341f3d0ea5
3 changed files with 40 additions and 17 deletions

View File

@ -74,9 +74,11 @@ class Local_group extends Managed_DataObject
public function setNickname($nickname) public function setNickname($nickname)
{ {
$this->decache(); $this->decache();
$qry = 'UPDATE local_group set nickname = "'.$this->escape($nickname).'" where group_id = ' . $this->group_id; $result = $this->query(sprintf(
'UPDATE local_group SET nickname = %1$s WHERE group_id = %2$d;',
$result = $this->query($qry); $this->_quote($nickname),
$this->group_id
));
if ($result) { if ($result) {
$this->nickname = $nickname; $this->nickname = $nickname;

View File

@ -1,4 +1,19 @@
<?php <?php
// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
/** /**
* Store last poll time in db, then check if they should be renewed (if so, enqueue). * Store last poll time in db, then check if they should be renewed (if so, enqueue).
* Can be called from a queue handler on a per-feed status to poll stuff. * Can be called from a queue handler on a per-feed status to poll stuff.
@ -8,31 +23,34 @@
* @category OStatus * @category OStatus
* @package GNUsocial * @package GNUsocial
* @author Mikael Nordfeldth <mmn@hethane.se> * @author Mikael Nordfeldth <mmn@hethane.se>
* @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 * @copyright 2015 Free Software Foundation http://fsf.org
* @link http://www.gnu.org/software/social/ * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/ */
if (!defined('GNUSOCIAL')) { exit(1); } defined('GNUSOCIAL') || die();
class FeedPoll { class FeedPoll
{
const DEFAULT_INTERVAL = 5; // in minutes const DEFAULT_INTERVAL = 5; // in minutes
const QUEUE_CHECK = 'feedpoll-check'; const QUEUE_CHECK = 'feedpoll-check';
// TODO: Find some smart way to add feeds only once, so they don't get more than 1 feedpoll in the queue each // TODO: Find some smart way to add feeds only once, so they don't get more than 1 feedpoll in the queue each
// probably through sub_start sub_end trickery. // probably through sub_start sub_end trickery.
public static function enqueueNewFeeds(array $args=array()) { public static function enqueueNewFeeds(array $args = [])
{
if (!isset($args['interval']) || !is_int($args['interval']) || $args['interval']<=0) { if (!isset($args['interval']) || !is_int($args['interval']) || $args['interval']<=0) {
$args['interval'] = self::DEFAULT_INTERVAL; $args['interval'] = self::DEFAULT_INTERVAL;
} }
$args['interval'] *= 60; // minutes to seconds
$feedsub = new FeedSub(); $feedsub = new FeedSub();
$feedsub->sub_state = 'nohub'; $feedsub->sub_state = 'nohub';
// Find feeds that haven't been polled within the desired interval, // Find feeds that haven't been polled within the desired interval,
// though perhaps we're abusing the "last_update" field here? // though perhaps we're abusing the "last_update" field here?
$feedsub->whereAdd(sprintf('last_update < "%s"', common_sql_date(time()-$args['interval']))); $feedsub->whereAdd(sprintf(
"last_update < CURRENT_TIMESTAMP - INTERVAL '%d' MINUTE",
$args['interval']
));
$feedsub->find(); $feedsub->find();
$qm = QueueManager::get(); $qm = QueueManager::get();

View File

@ -361,9 +361,12 @@ function initNoticeReshare()
printfnq("Ensuring all reshares have the correct verb and object-type..."); printfnq("Ensuring all reshares have the correct verb and object-type...");
$notice = new Notice(); $notice = new Notice();
$notice->whereAdd('repeat_of is not null'); $notice->whereAdd('repeat_of IS NOT NULL');
$notice->whereAdd('(verb <> "' . ActivityVerb::SHARE $notice->whereAdd(sprintf(
. '" OR object_type <> "' . ActivityObject::ACTIVITY . '")'); '(verb <> %1$s OR object_type <> %2$s)',
$notice->_quote(ActivityVerb::SHARE),
$notice->_quote(ActivityObject::ACTIVITY)
));
if ($notice->find()) { if ($notice->find()) {
while ($notice->fetch()) { while ($notice->fetch()) {