From 5107a9ed9cb1b2d9bf196f7ebf70bf7b49fa3846 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 24 Aug 2011 13:04:53 +0200
Subject: [PATCH] Fixing double string conversion when sending messages see
 #3827

---
 main/inc/lib/message.lib.php | 16 ++++++++--------
 main/inc/lib/social.lib.php  | 14 +++++++-------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/main/inc/lib/message.lib.php b/main/inc/lib/message.lib.php
index d3b7b119fb..bc1056c390 100755
--- a/main/inc/lib/message.lib.php
+++ b/main/inc/lib/message.lib.php
@@ -239,20 +239,20 @@ class MessageManager
 
         if (!empty($receiver_user_id) || !empty($group_id)) {
 
-        	// message for user friend
-	        $subject = Database::escape_string($subject);
-	        $content = Database::escape_string($content);
+        	// message for user friend        	
+        	
+	        $clean_subject = Database::escape_string($subject);
+	        $clean_content = Database::escape_string($content);
 
 			//message in inbox for user friend
             //@todo it's possible to edit a message? yes, only for groups 
-			if ($edit_message_id) {
-			    //title = '$subject', 
-				$query = " UPDATE $table_message SET update_date = '".api_get_utc_datetime()."', content = '$content' WHERE id = '$edit_message_id' ";                
+			if ($edit_message_id) { 
+				$query = " UPDATE $table_message SET update_date = '".api_get_utc_datetime()."', content = '$clean_content' WHERE id = '$edit_message_id' ";                
 				$result = Database::query($query);
 				$inbox_last_id = $edit_message_id;
 			} else {
 				$query = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id, update_date ) ".
-					     "VALUES ('$user_sender_id', '$receiver_user_id', '1', '".api_get_utc_datetime()."','$subject','$content','$group_id','$parent_id', '".api_get_utc_datetime()."')";
+					     "VALUES ('$user_sender_id', '$receiver_user_id', '1', '".api_get_utc_datetime()."','$clean_subject','$clean_content','$group_id','$parent_id', '".api_get_utc_datetime()."')";
 				$result = Database::query($query);
 				$inbox_last_id = Database::insert_id();
 			}        
@@ -271,7 +271,7 @@ class MessageManager
 			if (empty($group_id)) {
 				//message in outbox for user friend or group
 				$sql = "INSERT INTO $table_message (user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id, update_date ) ".
-					   " VALUES ('$user_sender_id', '$receiver_user_id', '4', '".api_get_utc_datetime()."','$subject','$content', '$group_id', '$parent_id', '".api_get_utc_datetime()."')";
+					   " VALUES ('$user_sender_id', '$receiver_user_id', '4', '".api_get_utc_datetime()."','$clean_subject','$clean_content', '$group_id', '$parent_id', '".api_get_utc_datetime()."')";
 				$rs = Database::query($sql);
 				$outbox_last_id = Database::insert_id();
 
diff --git a/main/inc/lib/social.lib.php b/main/inc/lib/social.lib.php
index f3613ba078..01956fce79 100755
--- a/main/inc/lib/social.lib.php
+++ b/main/inc/lib/social.lib.php
@@ -177,18 +177,19 @@ class SocialManager extends UserManager {
 		$tbl_message = Database::get_main_table(TABLE_MAIN_MESSAGE);
 		$user_id = intval($user_id);
 		$friend_id = intval($friend_id);
-		$message_title   = Database::escape_string($message_title);
-		$message_content = Database::escape_string($message_content);
+		$clean_message_title   = Database::escape_string($message_title);
+		$clean_message_content = Database::escape_string($message_content);
 
 		$current_date = date('Y-m-d H:i:s',time());
-		$sql_exist='SELECT COUNT(*) AS count FROM '.$tbl_message.' WHERE user_sender_id='.($user_id).' AND user_receiver_id='.($friend_id).' AND msg_status IN(5,6,7);';
+		$sql_exist='SELECT COUNT(*) AS count FROM '.$tbl_message.' WHERE user_sender_id='.$user_id.' AND user_receiver_id='.$friend_id.' AND msg_status IN(5,6,7);';
 
 		$res_exist = Database::query($sql_exist);
 		$row_exist = Database::fetch_array($res_exist,'ASSOC');
 		
 		if ($row_exist['count']==0) {
 		    		    
-			$sql='INSERT INTO '.$tbl_message.'(user_sender_id,user_receiver_id,msg_status,send_date,title,content) VALUES('.$user_id.','.$friend_id.','.MESSAGE_STATUS_INVITATION_PENDING.',"'.$current_date.'","'.$message_title.'","'.$message_content.'")';
+			$sql=' INSERT INTO '.$tbl_message.'(user_sender_id,user_receiver_id,msg_status,send_date,title,content) 
+				   VALUES('.$user_id.','.$friend_id.','.MESSAGE_STATUS_INVITATION_PENDING.',"'.$current_date.'","'.$clean_message_title.'","'.$clean_message_content.'") ';
 			Database::query($sql);	
 			
 			$sender_info = api_get_user_info($user_id);
@@ -198,12 +199,11 @@ class SocialManager extends UserManager {
 			return true;
 		} else {
 			//invitation already exist
-			$sql_if_exist ='SELECT COUNT(*) AS count, id FROM '.$tbl_message.' WHERE user_sender_id='.$user_id.' AND user_receiver_id='.$friend_id.' AND msg_status=7';
+			$sql_if_exist ='SELECT COUNT(*) AS count, id FROM '.$tbl_message.' WHERE user_sender_id='.$user_id.' AND user_receiver_id='.$friend_id.' AND msg_status = 7';
 			$res_if_exist = Database::query($sql_if_exist);
 			$row_if_exist = Database::fetch_array($res_if_exist,'ASSOC');
 			if ($row_if_exist['count']==1) {
-				$sql_if_exist_up='UPDATE '.$tbl_message.'SET msg_status=5, content = "'.$message_content.'"  WHERE user_sender_id='.$user_id.' AND user_receiver_id='.$friend_id.' AND msg_status = 7 ';
-				//$sql_if_exist_up='UPDATE '.$tbl_message.'SET msg_status=5, set content = '.$message_content.' WHERE id='.$row_if_exist['id'].'';
+				$sql_if_exist_up='UPDATE '.$tbl_message.'SET msg_status=5, content = "'.$clean_message_content.'"  WHERE user_sender_id='.$user_id.' AND user_receiver_id='.$friend_id.' AND msg_status = 7 ';
 				Database::query($sql_if_exist_up);
 				return true;
 			} else {