[Directory] Fix SQL string quotation
This commit is contained in:
parent
00c492891e
commit
db593496a7
@ -1,50 +1,44 @@
|
|||||||
<?php
|
<?php
|
||||||
|
// This file is part of GNU social - https://www.gnu.org/software/social
|
||||||
|
//
|
||||||
|
// GNU social is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// GNU social is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* StatusNet, the distributed open-source microblogging tool
|
|
||||||
*
|
|
||||||
* Output a group directory
|
* Output a group directory
|
||||||
*
|
*
|
||||||
* PHP version 5
|
|
||||||
*
|
|
||||||
* LICENCE: This program is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU Affero General Public License as published by
|
|
||||||
* the Free Software Foundation, either version 3 of the License, or
|
|
||||||
* (at your option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU Affero General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU Affero General Public License
|
|
||||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*
|
|
||||||
* @category Public
|
* @category Public
|
||||||
* @package StatusNet
|
* @package GNUsocial
|
||||||
* @author Zach Copley <zach@status.net>
|
* @author Zach Copley <zach@status.net>
|
||||||
* @copyright 2011 StatusNet, Inc.
|
* @copyright 2011 StatusNet, Inc.
|
||||||
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or late
|
||||||
* @link http://status.net/
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (!defined('GNUSOCIAL')) {
|
defined('GNUSOCIAL') || die();
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Group directory
|
* Group directory
|
||||||
*
|
*
|
||||||
* @category Directory
|
* @category Directory
|
||||||
* @package StatusNet
|
* @package GNUsocial
|
||||||
* @author Zach Copley <zach@status.net>
|
* @author Zach Copley <zach@status.net>
|
||||||
* @author Mikael Nordfeldth <mmn@hethane.se>
|
* @author Mikael Nordfeldth <mmn@hethane.se>
|
||||||
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or late
|
||||||
* @link http://status.net/
|
|
||||||
*/
|
*/
|
||||||
class GroupdirectoryAction extends ManagedAction
|
class GroupdirectoryAction extends ManagedAction
|
||||||
{
|
{
|
||||||
protected $redirectAfterLogin = true;
|
protected $redirectAfterLogin = true;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The page we're on
|
* The page we're on
|
||||||
*
|
*
|
||||||
@ -175,13 +169,16 @@ class GroupdirectoryAction extends ManagedAction
|
|||||||
public function showContent()
|
public function showContent()
|
||||||
{
|
{
|
||||||
if (common_logged_in()) {
|
if (common_logged_in()) {
|
||||||
$this->elementStart('p',
|
$this->elementStart('p', ['id' => 'new_group']);
|
||||||
['id' => 'new_group']);
|
$this->element(
|
||||||
$this->element('a',
|
'a',
|
||||||
['href' => common_local_url('newgroup'),
|
[
|
||||||
'class' => 'more'],
|
'href' => common_local_url('newgroup'),
|
||||||
// TRANS: Link to create a new group on the group list page.
|
'class' => 'more',
|
||||||
_m('Create a new group'));
|
],
|
||||||
|
// TRANS: Link to create a new group on the group list page.
|
||||||
|
_m('Create a new group')
|
||||||
|
);
|
||||||
$this->elementEnd('p');
|
$this->elementEnd('p');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -232,11 +229,12 @@ class GroupdirectoryAction extends ManagedAction
|
|||||||
|
|
||||||
public function showForm($error=null)
|
public function showForm($error=null)
|
||||||
{
|
{
|
||||||
$this->elementStart('form',
|
$this->elementStart('form', [
|
||||||
['method' => 'get',
|
'method' => 'get',
|
||||||
'id' => 'form_search',
|
'id' => 'form_search',
|
||||||
'class' => 'form_settings',
|
'class' => 'form_settings',
|
||||||
'action' => common_local_url('groupdirectory')]);
|
'action' => common_local_url('groupdirectory'),
|
||||||
|
]);
|
||||||
|
|
||||||
$this->elementStart('fieldset');
|
$this->elementStart('fieldset');
|
||||||
|
|
||||||
@ -273,17 +271,20 @@ class GroupdirectoryAction extends ManagedAction
|
|||||||
$wheres = ['nickname', 'fullname', 'homepage', 'description', 'location'];
|
$wheres = ['nickname', 'fullname', 'homepage', 'description', 'location'];
|
||||||
foreach ($wheres as $where) {
|
foreach ($wheres as $where) {
|
||||||
// Double % because of sprintf
|
// Double % because of sprintf
|
||||||
$group->whereAdd(sprintf('LOWER(%1$s.%2$s) LIKE LOWER("%%%3$s%%")',
|
$group->whereAdd(sprintf(
|
||||||
$group->escapedTableName(),
|
'LOWER(%1$s.%2$s) LIKE LOWER(\'%%%3$s%%\')',
|
||||||
$where,
|
$group->escapedTableName(),
|
||||||
$group->escape($this->q)),
|
$where,
|
||||||
'OR');
|
$group->escape($this->q)
|
||||||
|
), 'OR');
|
||||||
}
|
}
|
||||||
|
|
||||||
$order = sprintf('%1$s.%2$s %3$s',
|
$order = sprintf(
|
||||||
$group->escapedTableName(),
|
'%1$s.%2$s %3$s',
|
||||||
$this->getSortKey('created'),
|
$group->escapedTableName(),
|
||||||
$this->reverse ? 'DESC' : 'ASC');
|
$this->getSortKey('created'),
|
||||||
|
$this->reverse ? 'DESC' : 'ASC'
|
||||||
|
);
|
||||||
} else {
|
} else {
|
||||||
// User is browsing via AlphaNav
|
// User is browsing via AlphaNav
|
||||||
|
|
||||||
@ -292,24 +293,30 @@ class GroupdirectoryAction extends ManagedAction
|
|||||||
// NOOP
|
// NOOP
|
||||||
break;
|
break;
|
||||||
case '0-9':
|
case '0-9':
|
||||||
$group->whereAdd(sprintf('LEFT(%1$s.%2$s, 1) BETWEEN %3$s AND %4$s',
|
$group->whereAdd(sprintf(
|
||||||
$group->escapedTableName(),
|
'LEFT(%1$s.%2$s, 1) BETWEEN %3$s AND %4$s',
|
||||||
'nickname',
|
$group->escapedTableName(),
|
||||||
$group->_quote("0"),
|
'nickname',
|
||||||
$group->_quote("9")));
|
$group->_quote('0'),
|
||||||
|
$group->_quote('9')
|
||||||
|
));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
$group->whereAdd(sprintf('LEFT(LOWER(%1$s.%2$s), 1) = %3$s',
|
$group->whereAdd(sprintf(
|
||||||
$group->escapedTableName(),
|
'LEFT(LOWER(%1$s.%2$s), 1) = %3$s',
|
||||||
'nickname',
|
$group->escapedTableName(),
|
||||||
$group->_quote($this->filter)));
|
'nickname',
|
||||||
|
$group->_quote($this->filter)
|
||||||
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
$order = sprintf('%1$s.%2$s %3$s, %1$s.%4$s ASC',
|
$order = sprintf(
|
||||||
$group->escapedTableName(),
|
'%1$s.%2$s %3$s, %1$s.%4$s ASC',
|
||||||
$this->getSortKey('nickname'),
|
$group->escapedTableName(),
|
||||||
$this->reverse ? 'DESC' : 'ASC',
|
$this->getSortKey('nickname'),
|
||||||
'nickname');
|
$this->reverse ? 'DESC' : 'ASC',
|
||||||
|
'nickname'
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$offset = ($this->page-1) * PROFILES_PER_PAGE;
|
$offset = ($this->page-1) * PROFILES_PER_PAGE;
|
||||||
@ -347,13 +354,12 @@ class GroupdirectoryAction extends ManagedAction
|
|||||||
public function showEmptyListMessage()
|
public function showEmptyListMessage()
|
||||||
{
|
{
|
||||||
if (!empty($this->filter) && ($this->filter != 'all')) {
|
if (!empty($this->filter) && ($this->filter != 'all')) {
|
||||||
$this->element('p',
|
$this->element('p', 'error', sprintf(
|
||||||
'error',
|
// TRANS: Empty list message for searching group directory.
|
||||||
sprintf(
|
// TRANS: %s is the search string.
|
||||||
// TRANS: Empty list message for searching group directory.
|
_m('No groups starting with %s.'),
|
||||||
// TRANS: %s is the search string.
|
$this->filter
|
||||||
_m('No groups starting with %s.'),
|
));
|
||||||
$this->filter));
|
|
||||||
} else {
|
} else {
|
||||||
// TRANS: Empty list message for searching group directory.
|
// TRANS: Empty list message for searching group directory.
|
||||||
$this->element('p', 'error', _m('No results.'));
|
$this->element('p', 'error', _m('No results.'));
|
||||||
|
Loading…
Reference in New Issue
Block a user