From f9e61f20cc19cb43e80228635d814158d7cd8630 Mon Sep 17 00:00:00 2001 From: fabrixxm Date: Thu, 6 Aug 2015 16:06:18 +0200 Subject: [PATCH 1/2] log call to hooks in debug --- include/plugin.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/include/plugin.php b/include/plugin.php index f4861536c..9dc3ebd40 100644 --- a/include/plugin.php +++ b/include/plugin.php @@ -162,6 +162,8 @@ function call_hooks($name, &$data = null) { $a = get_app(); + #logger($name, LOGGER_ALL); + if((is_array($a->hooks)) && (array_key_exists($name,$a->hooks))) { foreach($a->hooks[$name] as $hook) { // Don't run a theme's hook if the user isn't using the theme @@ -171,6 +173,7 @@ function call_hooks($name, &$data = null) { @include_once($hook[0]); if(function_exists($hook[1])) { $func = $hook[1]; + logger($name." => ".$hook[0].":".$func."()", LOGGER_DEBUG); $func($a,$data); } else { @@ -386,11 +389,11 @@ function install_theme($theme) { // check service_class restrictions. If there are no service_classes defined, everything is allowed. -// if $usage is supplied, we check against a maximum count and return true if the current usage is +// if $usage is supplied, we check against a maximum count and return true if the current usage is // less than the subscriber plan allows. Otherwise we return boolean true or false if the property -// is allowed (or not) in this subscriber plan. An unset property for this service plan means -// the property is allowed, so it is only necessary to provide negative properties for each plan, -// or what the subscriber is not allowed to do. +// is allowed (or not) in this subscriber plan. An unset property for this service plan means +// the property is allowed, so it is only necessary to provide negative properties for each plan, +// or what the subscriber is not allowed to do. function service_class_allows($uid,$property,$usage = false) { From e94e6d7500f73deaedc4bb7c6ce86f8c5c9b4a35 Mon Sep 17 00:00:00 2001 From: fabrixxm Date: Thu, 6 Aug 2015 16:08:14 +0200 Subject: [PATCH 2/2] escape user data to sql --- mod/display.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/mod/display.php b/mod/display.php index 95f248bfe..be5dd7cae 100644 --- a/mod/display.php +++ b/mod/display.php @@ -18,7 +18,7 @@ function display_init(&$a) { if (local_user()) { $r = q("SELECT `id`, `parent`, `author-name`, `author-link`, `author-avatar`, `network`, `body`, `uid` FROM `item` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `guid` = '%s' AND `uid` = %d", $a->argv[1], local_user()); + AND `guid` = '%s' AND `uid` = %d", dbesc($a->argv[1]), local_user()); if (count($r)) { $nick = $a->user["nickname"]; $itemuid = local_user(); @@ -34,7 +34,7 @@ function display_init(&$a) { AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND NOT `user`.`hidewall` - AND `item`.`guid` = '%s'", $a->argv[1]); + AND `item`.`guid` = '%s'", dbesc($a->argv[1])); // AND `item`.`private` = 0 AND `item`.`wall` = 1 if (count($r)) { $nick = $r[0]["nickname"]; @@ -50,7 +50,7 @@ function display_init(&$a) { AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `item`.`uid` = 0 - AND `item`.`guid` = '%s'", $a->argv[1]); + AND `item`.`guid` = '%s'", dbesc($a->argv[1])); // AND `item`.`private` = 0 AND `item`.`wall` = 1 } if (count($r)) { @@ -255,7 +255,7 @@ function display_content(&$a, $update = 0) { if (local_user()) { $r = q("SELECT `id` FROM `item` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `guid` = '%s' AND `uid` = %d", $a->argv[1], local_user()); + AND `guid` = '%s' AND `uid` = %d", dbesc($a->argv[1]), local_user()); if (count($r)) { $item_id = $r[0]["id"]; $nick = $a->user["nickname"]; @@ -268,7 +268,7 @@ function display_content(&$a, $update = 0) { AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND NOT `user`.`hidewall` - AND `item`.`guid` = '%s'", $a->argv[1]); + AND `item`.`guid` = '%s'", dbesc($a->argv[1])); // AND `item`.`private` = 0 AND `item`.`wall` = 1 if (count($r)) { $item_id = $r[0]["id"]; @@ -281,7 +281,7 @@ function display_content(&$a, $update = 0) { AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `item`.`uid` = 0 - AND `item`.`guid` = '%s'", $a->argv[1]); + AND `item`.`guid` = '%s'", dbesc($a->argv[1])); // AND `item`.`private` = 0 AND `item`.`wall` = 1 if (count($r)) { $item_id = $r[0]["id"]; @@ -412,7 +412,7 @@ function display_content(&$a, $update = 0) { $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, + `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0