Finish migration to safe queries

Fix event searchby logic

The !$searchby checks no longer did something meaningful after
switching to the Query object.

Migrate more code to safe query abstraction

Getting closer to done...

Move more queries to safe abstraction

Add a Query class to assemble queries by parts, and ?int placeholder
which is needed for LIMIT clauses.

Add safe(r) query abstraction

Add db_query_safe that accepts parameters separately. Use it in
some places.

Remove get_magic_quotes_gpc() checks

master.php.net runs PHP 5.4, where magic quotes no longer exist.
Add a sanity check that they're really disable, and drop code
handling them. The

Remove get_magic_quotes_gpc() checks

master.php.net runs PHP 5.4, where magic quotes no longer exist.
Add a sanity check that they're really disable, and drop code
handling them. There was at least one use of escape() that wouldn't
do the right thing if this code was run with magic quotes.

show more ...

More PHP 8/Phan fixes

A bit of PHP 7.4/8.0 cleanup

Refactor long array() syntax to short []

Since app is using PHP 5.4+ already, the longer `array()` syntax can be
refactored to shorter `[]`.

escape the $action parameter

escape the $search variable coming from $_REQUEST
magic_quote_gpc makes this not exploitable, but we should move away from that sooner or later

introduce a whitelist for the order param

$user was renamed to $cuser in include/login.inc in c659097ec0d0a08327b80c1b32ac0797f35ba5dd

There are actually 5 cells here

Pretend this is the users table.
Added ordering asc/desc

Move function to include/fuctions.inc

Removed odd noop function

Move searchbox from the page itself, into the header

Fix include_path

Actually, events can drop escaping on display entirely.

Don't need to escape in the forms.

Missed a few.

Fixing parts of the filtration for events, too.

Now we employ this here. Neat.

Switch to default filtering