0d0f
diff --git a/‎ActionController.php
Lines changed: 2 additions & 2 deletions b/‎ActionController.php
Lines changed: 2 additions & 2 deletions
diff --git a/‎DataModel.php
Lines changed: 15 additions & 13 deletions b/‎DataModel.php
Lines changed: 15 additions & 13 deletions
diff --git a/‎api_controllers/v2/icsActions.php
Lines changed: 1 addition & 1 deletion b/‎api_controllers/v2/icsActions.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎api_controllers/v2/usersActions.php
Lines changed: 2 additions & 2 deletions b/‎api_controllers/v2/usersActions.php
Lines changed: 2 additions & 2 deletions
diff --git a/‎api_controllers/v3/busActions.php
Lines changed: 9 additions & 9 deletions b/‎api_controllers/v3/busActions.php
Lines changed: 9 additions & 9 deletions
diff --git a/‎common.php
Lines changed: 4 additions & 0 deletions b/‎common.php
Lines changed: 4 additions & 0 deletions
diff --git a/‎controllers/homeActions.php
Lines changed: 3 additions & 3 deletions b/‎controllers/homeActions.php
Lines changed: 3 additions & 3 deletions
diff --git a/‎controllers/muteActions.php
Lines changed: 1 addition & 1 deletion b/‎controllers/muteActions.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎index.php
Lines changed: 1 addition & 1 deletion b/‎index.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/google_api_client/io/Google_CacheParser.php
Lines changed: 1 addition & 1 deletion b/‎lib/google_api_client/io/Google_CacheParser.php
Lines changed: 1 addition & 1 deletion
@@ -110,7 +110,7 @@ public function dispatchAction($action, $params = [], $tails = []) {
                             case 'zh_hans':
                                 $pItem = 'zh_cn';
                         }
-                        $this->locale   = mysql_real_escape_string(strtolower(trim($pItem)));
+                        $this->locale   = dbescape(strtolower(trim($pItem)));
                     }
                     break;
                 case 'accept_timezone':
@@ -119,7 +119,7 @@ public function dispatchAction($action, $params = [], $tails = []) {
                      && ($pItem = $pItem[0])
                      && ($pItem = explode(';', $pItem))
                      && ($pItem = $pItem[0])) {
-                        $this->timezone = mysql_real_escape_string($pItem);
+                        $this->timezone = dbescape($pItem);
                     }
             }
         }
 
@@ -15,10 +15,8 @@ function stripslashes_deep($value) {
 function getMainDB() {
     global $maindb;
     if (!$maindb) {
-        $maindb = mysql_connect(DBHOST, DBUSER, DBPASSWD);
-        mysql_select_db(DBNAME, $maindb);
-        mysql_query("SET NAMES 'utf8mb4'");
-      # mysql_query("SET NAMES 'utf8'");
+        $maindb = mysqli_connect(DBHOST, DBUSER, DBPASSWD, DBNAME);
+        mysqli_query($maindb, "SET NAMES 'utf8mb4'");
     }
 }
 getMainDB();
@@ -35,36 +33,39 @@ public function getHelperByName($name) {
 
     public function mysql_fetch_all($result) {
         $return = [];
-        while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
+        while($row = mysqli_fetch_array($result, MYSQL_ASSOC)) {
             $return[] = stripslashes_deep($row);
         }
         return $return;
     }
 
     public function query($sql) {
-        mysql_query($sql);
-        if (($error = mysql_error())) {
+        global $maindb;
+        mysqli_query($maindb, $sql);
+        if (($error = mysqli_error())) {
             error_log("SQL error: {$error}\nSQL: {$sql}");
             return null;
         }
         $result = [];
-        $insert_id = mysql_insert_id();
+        $insert_id = mysqli_insert_id();
         if ($insert_id > 0) {
             $result['insert_id'] = strval($insert_id);
         }
-        $result['affected_rows'] = mysql_affected_rows();
+        $result['affected_rows'] = mysqli_affected_rows();
         return $result;
     }
 
     public function getAll($sql) {
-        return ($query = mysql_query($sql))
+        global $maindb;
+        return ($query = mysqli_query($maindb, $sql))
              ? $this->mysql_fetch_all($query)
              : null;
     }
 
     public function getRow($sql) {
-        if($query = mysql_query($sql)) {
-            if($return = mysql_fetch_array($query, MYSQL_ASSOC)) {
+        global $maindb;
+        if($query = mysqli_query($maindb, $sql)) {
+            if($return = mysqli_fetch_array($query, MYSQL_ASSOC)) {
                 return $return;
             }
         }
@@ -81,8 +82,9 @@ public function countNum($sql) {
     }
 
     public function getColumn($sql) {
+        global $maindb;
         $result = [];
-        if (($query = mysql_query($sql))) {
+        if (($query = mysqli_query($maindb, $sql))) {
             if($data = $this->mysql_fetch_all($query)) {
                 foreach ($data as $row) {
                     foreach ($row as $name => $value) {
 
@@ -54,7 +54,7 @@ public function doCrosses() {
         $crossHelper = $this->getHelperByName('Cross');
         // check authorization
         $params      = $this->params;
-        if (!($token         = mysql_real_escape_string(@$params['token']))
+        if (!($token         = dbescape(@$params['token']))
          || !($rawInvitation = $modExfee->getRawInvitationByToken($token))
          ||   $rawInvitation['state'] === 4
          || !($objCross      = $crossHelper->getCross($rawInvitation['cross_id']))) {
 
@@ -684,7 +684,7 @@ public function doSetup() {
             apiError(400, 'weak_password', 'password must be longer than four');
         }
         // set password
-        $name = mysql_real_escape_string(formatName($_POST['name']));
+        $name = dbescape(formatName($_POST['name']));
         $stResult = $modUser->setUserPasswordAndSignin($user_id, $password, $name);
         if ($stResult) {
             // set identity name
@@ -717,7 +717,7 @@ public function doResetPassword() {
         if (!validatePassword($password)) {
             apiError(400, 'weak_password', 'password must be longer than four');
         }
-        $name = mysql_real_escape_string(formatName($_POST['name']));
+        $name = dbescape(formatName($_POST['name']));
         // set password
         $stResult = $modUser->resetPasswordByToken($token, $password, $name);
         if ($stResult) {
 
@@ -8,13 +8,13 @@ class BusActions extends ActionController {
     public function doUpdateIdentity() {
         // get raw data
         $id                = isset($_POST['id'])                ? intval($_POST['id'])                                  : null;
-        $provider          = isset($_POST['provider'])          ? mysql_real_escape_string($_POST['provider'])          : null;
-        $external_id       = isset($_POST['external_id'])       ? mysql_real_escape_string($_POST['external_id'])       : null;
-        $name              = isset($_POST['name'])              ? mysql_real_escape_string($_POST['name'])              : '';
-        $nickname          = isset($_POST['nickname'])          ? mysql_real_escape_string($_POST['nickname'])          : '';
-        $bio               = isset($_POST['bio'])               ? mysql_real_escape_string($_POST['bio'])               : '';
-        $avatar_filename   = isset($_POST['avatar_filename'])   ? mysql_real_escape_string($_POST['avatar_filename'])   : ''; // @todo submit by array @leask to @googollee
-        $external_username = isset($_POST['external_username']) ? mysql_real_escape_string($_POST['external_username']) : '';
+        $provider          = isset($_POST['provider'])          ? dbescape($_POST['provider'])          : null;
+        $external_id       = isset($_POST['external_id'])       ? dbescape($_POST['external_id'])       : null;
+        $name              = isset($_POST['name'])              ? dbescape($_POST['name'])              : '';
+        $nickname          = isset($_POST['nickname'])          ? dbescape($_POST['nickname'])          : '';
+        $bio               = isset($_POST['bio'])               ? dbescape($_POST['bio'])               : '';
+        $avatar_filename   = isset($_POST['avatar_filename'])   ? dbescape($_POST['avatar_filename'])   : ''; // @todo submit by array @leask to @googollee
+        $external_username = isset($_POST['external_username']) ? dbescape($_POST['external_username']) : '';
         // check data
         if (!$id || !$provider || !$external_id) {
             $this->jsonError(500, 'identity_error');
@@ -680,8 +680,8 @@ public function doRevokeIdentity() {
         // decode json
         $identity = (array) json_decode($str_args);
         $identity['id']                = isset($identity['id'])                ? (int) $identity['id']                                    : 0;
-        $identity['provider']          = isset($identity['provider'])          ? mysql_real_escape_string($identity['provider'])          : '';
-        $identity['external_username'] = isset($identity['external_username']) ? mysql_real_escape_string($identity['external_username']) : '';
+        $identity['provider']          = isset($identity['provider'])          ? dbescape($identity['provider'])          : '';
+        $identity['external_username'] = isset($identity['external_username']) ? dbescape($identity['external_username']) : '';
         if (!$identity['id']) {
             if ($identity['provider'] && $identity['external_username']) {
                 // get identity id
 
@@ -21,6 +21,10 @@
 $exfe_res = new ResourceBundle($locale, INTL_RESOURCES);
 // }
 
+function dbescape($string) {
+    global $maindb;
+    return mysqli_real_escape_string($maindb, $string);
+}
 
 // redis by @leaskh {
 
 
@@ -7,8 +7,8 @@ public function doIndex() {
         $modCross = $this->getModelByName('Cross');
         $modExfee = $this->getModelByName('Exfee');
         $modUser  = $this->getModelByName('User');
-        $token = mysql_real_escape_string($_GET['token']);
-        $rsvp  = strtolower(mysql_real_escape_string($_GET['rsvp']));
+        $token = dbescape($_GET['token']);
+        $rsvp  = strtolower(dbescape($_GET['rsvp']));
         if ($token && $rsvp) {
             if (($objToken = $modExfee->getRawInvitationByToken($token))
              && $objToken['valid']
@@ -32,7 +32,7 @@ public function doIndex() {
         // get sms token
         $this->setVar('sms_token', null);
         if (isset($_GET['t'])) {
-            $t = mysql_real_escape_string($_GET['t']);
+            $t = dbescape($_GET['t']);
             if (($objToken = $modUser->resolveToken($t))) {
                 $objToken['origin_token'] = $t;
             }
 
@@ -4,7 +4,7 @@ class MuteActions extends ActionController {
 
     public function doCross() {
         // get token
-        $token = mysql_real_escape_string(trim($_GET['token']));
+        $token = dbescape(trim($_GET['token']));
         $modExfee = $this->getModelByName('Exfee');
         $objToken = $modExfee->getRawInvitationByToken($token);
         if (!$token) {
 
@@ -15,7 +15,7 @@
     error_log("+++++++ {$_SERVER['REQUEST_URI']} +++++++");
     if (extension_loaded('xhprof')) {
         xhprof_enable(XHPROF_FLAGS_CPU + XHPROF_FLAGS_MEMORY);
-        $xhprof_lib = "/usr/local/Cellar/php54-xhprof/270b75d/xhprof_lib";
+        $xhprof_lib = "/usr/local/Cellar/php55-xhprof/254eb24/xhprof_lib";
         include_once "{$xhprof_lib}/utils/xhprof_lib.php";
         include_once "{$xhprof_lib}/utils/xhprof_runs.php";
     }
 
@@ -170,4 +170,4 @@ public static function mustRevalidate(Google_HttpRequest $response) {
     // server to see if its cached entry is still usable.
     return self::isExpired($response);
   }
-}
+}
Original file line number	Diff line number	Diff line change
`@@ -110,7 +110,7 @@ public function dispatchAction($action, $params = [], $tails = []) {`
`110`	`110`	`case 'zh_hans':`
`111`	`111`	`$pItem = 'zh_cn';`
`112`	`112`	`}`
`113`		`- $this->locale = mysql_real_escape_string(strtolower(trim($pItem)));`
	`113`	`+ $this->locale = dbescape(strtolower(trim($pItem)));`
`114`	`114`	`}`
`115`	`115`	`break;`
`116`	`116`	`case 'accept_timezone':`
`@@ -119,7 +119,7 @@ public function dispatchAction($action, $params = [], $tails = []) {`
`119`	`119`	`&& ($pItem = $pItem[0])`
`120`	`120`	`&& ($pItem = explode(';', $pItem))`
`121`	`121`	`&& ($pItem = $pItem[0])) {`
`122`		`- $this->timezone = mysql_real_escape_string($pItem);`
	`122`	`+ $this->timezone = dbescape($pItem);`
`123`	`123`	`}`
`124`	`124`	`}`
`125`	`125`	`}`
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@`
`15`	`15`	`error_log("+++++++ {$_SERVER['REQUEST_URI']} +++++++");`
`16`	`16`	`if (extension_loaded('xhprof')) {`
`17`	`17`	`xhprof_enable(XHPROF_FLAGS_CPU + XHPROF_FLAGS_MEMORY);`
`18`		`- $xhprof_lib = "/usr/local/Cellar/php54-xhprof/270b75d/xhprof_lib";`
	`18`	`+ $xhprof_lib = "/usr/local/Cellar/php55-xhprof/254eb24/xhprof_lib";`
`19`	`19`	`include_once "{$xhprof_lib}/utils/xhprof_lib.php";`
`20`	`20`	`include_once "{$xhprof_lib}/utils/xhprof_runs.php";`
`21`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -170,4 +170,4 @@ public static function mustRevalidate(Google_HttpRequest $response) {`
`170`	`170`	`// server to see if its cached entry is still usable.`
`171`	`171`	`return self::isExpired($response);`
`172`	`172`	`}`
`173`		`-}`
	`173`	`+}`