tonyair/silverstripe-cms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-cms synced 2024-06-29 07:59:37 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX Using auto-escaped get_by_id() in CommentAdmin and SecurityAdmin

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@73247 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2009-03-17 22:20:03 +00:00
parent 9260326ee6
commit e73b66036a
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
code/CommentAdmin.php
View File

@ -125,7 +125,7 @@ class CommentAdmin extends LeftAndMain {
if($_REQUEST['Comments']) {
foreach($_REQUEST['Comments'] as $commentid) {
$comment = DataObject::get_one('PageComment', "\"PageComment\".\"ID\" = $commentid");
$comment = DataObject::get_by_id('PageComment', $commentid);
if($comment) {
$comment->delete();
$numComments++;
@ -169,7 +169,7 @@ JS;
if($_REQUEST['Comments']) {
foreach($_REQUEST['Comments'] as $commentid) {
$comment = DataObject::get_one('PageComment', "\"PageComment\".\"ID\" = $commentid");
$comment = DataObject::get_by_id('PageComment', $commentid);
if($comment) {
$comment->IsSpam = true;
$comment->NeedsModeration = false;
@ -208,7 +208,7 @@ JS;
if($_REQUEST['Comments']) {
foreach($_REQUEST['Comments'] as $commentid) {
$comment = DataObject::get_one('PageComment', "\"PageComment\".\"ID\" = $commentid");
$comment = DataObject::get_by_id('PageComment', $commentid);
if($comment) {
$comment->IsSpam = false;
$comment->NeedsModeration = false;
@ -248,7 +248,7 @@ JS;
if($_REQUEST['Comments']) {
foreach($_REQUEST['Comments'] as $commentid) {
$comment = DataObject::get_one('PageComment', "\"PageComment\".\"ID\" = $commentid");
$comment = DataObject::get_by_id('PageComment', $commentid);
if($comment) {
$comment->IsSpam = false;
$comment->NeedsModeration = false;

6
code/SecurityAdmin.php
View File

@ -155,7 +155,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
if($id == 'new') $id = null;
if($id) {
$record = DataObject::get_one($className, "\"$className\".\"ID\" = $id");
$record = DataObject::get_by_id($className, $id);
if($record && !$record->canEdit()) return Security::permissionFailure($this);
} else {
if(!singleton($this->stat('subitem_class'))->canCreate()) return Security::permissionFailure($this);
@ -185,7 +185,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
$record->update($data);
$record->write();
if($data['GroupID']) $record->Groups()->add($data['GroupID']);
if($data['GroupID']) $record->Groups()->add((int)$data['GroupID']);
FormResponse::add("reloadMemberTableField();");
@ -199,7 +199,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
$member = DataObject::get_by_id('Member', (int) $memberID);
if(!$member->canDelete()) return Security::permissionFailure($this);
$member->Groups()->remove($groupID);
$member->Groups()->remove((int)$groupID);
FormResponse::add("reloadMemberTableField();");
} else {
user_error("SecurityAdmin::removememberfromgroup: Bad parameters: Group=$groupID, Member=$memberID", E_USER_ERROR);