tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

API CHANGE: addslashes now DB-specific

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@74083 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Geoff Munn 2009-04-05 23:24:56 +00:00
parent 183d5e6336
commit 03acac8e59
5 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/model/ComponentSet.php
View File

@ -163,7 +163,7 @@ class ComponentSet extends DataObjectSet {
$extraKeys = $extraValues = ''; $extraKeys = $extraValues = '';
if($extraFields) foreach($extraFields as $k => $v) { if($extraFields) foreach($extraFields as $k => $v) {
$extraKeys .= ", \"$k\""; $extraKeys .= ", \"$k\"";
$extraValues .= ", '" . addslashes($v) . "'"; $extraValues .= ", '" . DB::getConn()->addslashes($v) . "'";
} }
DB::query("INSERT INTO \"$this->tableName\" (\"$parentField\",\"$childField\" $extraKeys) VALUES ({$this->ownerObj->ID}, {$item->ID} $extraValues)"); DB::query("INSERT INTO \"$this->tableName\" (\"$parentField\",\"$childField\" $extraKeys) VALUES ({$this->ownerObj->ID}, {$item->ID} $extraValues)");

4
core/model/SiteTree.php
View File

@ -86,8 +86,8 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
static $indexes = array( static $indexes = array(
"SearchFields" => Array('type'=>'fulltext', 'value'=>'Title, MenuTitle, Content, MetaTitle, MetaDescription, MetaKeywords'), "SearchFields" => Array('type'=>'fulltext', 'value'=>'Title, MenuTitle, Content, MetaTitle, MetaDescription, MetaKeywords'),
"TitleSearchFields" => Array('type'=>'fulltext', 'value'=>'Title'), //"TitleSearchFields" => Array('type'=>'fulltext', 'value'=>'Title'),
"ContentSearchFields" => Array('type'=>'fulltext', 'value'=>'Content'), //"ContentSearchFields" => Array('type'=>'fulltext', 'value'=>'Content'),
"URLSegment" => true, "URLSegment" => true,
); );

2
core/model/Versioned.php
View File

@ -278,7 +278,7 @@ class Versioned extends DataObjectDecorator {
// Add any extra, unchanged fields to the version record. // Add any extra, unchanged fields to the version record.
$data = DB::query("SELECT * FROM \"$table\" WHERE \"ID\" = $id")->record(); $data = DB::query("SELECT * FROM \"$table\" WHERE \"ID\" = $id")->record();
if($data) foreach($data as $k => $v) { if($data) foreach($data as $k => $v) {
if (!isset($newManipulation['fields'][$k])) $newManipulation['fields'][$k] = "'" . addslashes($v) . "'"; if (!isset($newManipulation['fields'][$k])) $newManipulation['fields'][$k] = "'" . DB::getConn()->addslashes($v) . "'";
} }
// Set up a new entry in (table)_versions // Set up a new entry in (table)_versions

6
filesystem/Folder.php
View File

@ -45,7 +45,7 @@ class Folder extends File {
// First, merge any children that are duplicates // First, merge any children that are duplicates
$duplicateChildrenNames = DB::query("SELECT \"Name\" FROM \"File\" WHERE \"ParentID\" = $parentID GROUP BY \"Name\" HAVING count(*) > 1")->column(); $duplicateChildrenNames = DB::query("SELECT \"Name\" FROM \"File\" WHERE \"ParentID\" = $parentID GROUP BY \"Name\" HAVING count(*) > 1")->column();
if($duplicateChildrenNames) foreach($duplicateChildrenNames as $childName) { if($duplicateChildrenNames) foreach($duplicateChildrenNames as $childName) {
$childName = addslashes($childName); $childName = DB::getConn()->addslashes($childName);
// Note, we do this in the database rather than object-model; otherwise we get all sorts of problems about deleting files // Note, we do this in the database rather than object-model; otherwise we get all sorts of problems about deleting files
$children = DB::query("SELECT \"ID\" FROM \"File\" WHERE \"Name\" = '$childName' AND \"ParentID\" = $parentID")->column(); $children = DB::query("SELECT \"ID\" FROM \"File\" WHERE \"Name\" = '$childName' AND \"ParentID\" = $parentID")->column();
if($children) { if($children) {
@ -149,10 +149,10 @@ class Folder extends File {
if(Member::currentUser()) $ownerID = Member::currentUser()->ID; if(Member::currentUser()) $ownerID = Member::currentUser()->ID;
else $ownerID = 0; else $ownerID = 0;
$filename = addslashes($this->Filename . $name); $filename = DB::getConn()->addslashes($this->Filename . $name);
if($className == 'Folder' ) $filename .= '/'; if($className == 'Folder' ) $filename .= '/';
$name = addslashes($name); $name = DB::getConn()->addslashes($name);
DB::query("INSERT INTO \"File\" DB::query("INSERT INTO \"File\"
(\"ClassName\", \"ParentID\", \"OwnerID\", \"Name\", \"Filename\", \"Created\", \"LastEdited\", \"Title\") (\"ClassName\", \"ParentID\", \"OwnerID\", \"Name\", \"Filename\", \"Created\", \"LastEdited\", \"Title\")

2
search/AdvancedSearchForm.php
View File

@ -82,7 +82,7 @@ class AdvancedSearchForm extends SearchForm {
foreach($_REQUEST['OnlyShow'] as $section => $checked) { foreach($_REQUEST['OnlyShow'] as $section => $checked) {
$items = explode(",", $section); $items = explode(",", $section);
foreach($items as $item) { foreach($items as $item) {
$page = DataObject::get_one('SiteTree', "\"URLSegment\" = '" . addslashes($item) . "'"); $page = DataObject::get_one('SiteTree', "\"URLSegment\" = '" . DB::getConn()->addslashes($item) . "'");
$pageList[] = $page->ID; $pageList[] = $page->ID;
if(!$page) user_error("Can't find a page called '$item'", E_USER_WARNING); if(!$page) user_error("Can't find a page called '$item'", E_USER_WARNING);
$page->loadDescendantIDListInto($pageList); $page->loadDescendantIDListInto($pageList);