Merged revisions 48360 via svnmerge from

svn://svn.silverstripe.com/silverstripe/modules/sapphire/branches/2.2.0-mesq

........
  r48360 | ischommer | 2008-01-21 21:04:56 +1300 (Mon, 21 Jan 2008) | 1 line
  
  escaping $code, documentation
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@52404 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2008-04-09 11:16:32 +00:00
parent 32677d71ce
commit 051e1bc68b

View File

@ -116,7 +116,7 @@ class Permission extends DataObject {
* Check that the given member has the given permission * Check that the given member has the given permission
* @param int memberID The ID of the member to check. Leave blank for the * @param int memberID The ID of the member to check. Leave blank for the
* current member * current member
* @param string $code Code of the permission to check * @param string|array $code Code of the permission to check
* @param string $arg Optional argument (e.g. a permissions for a specific * @param string $arg Optional argument (e.g. a permissions for a specific
* page) * page)
* @param bool $strict Use "strict" checking (which means a permission * @param bool $strict Use "strict" checking (which means a permission
@ -160,7 +160,8 @@ class Permission extends DataObject {
if(is_array($code)) $SQL_codeList = "'" . implode("', '", Convert::raw2sql($code)) . "'"; if(is_array($code)) $SQL_codeList = "'" . implode("', '", Convert::raw2sql($code)) . "'";
else $SQL_codeList = "'" . Convert::raw2sql($code) . "'"; else $SQL_codeList = "'" . Convert::raw2sql($code) . "'";
$SQL_code = Convert::raw2sql($code);
$adminFilter = (self::$admin_implies_all) $adminFilter = (self::$admin_implies_all)
? ",'ADMIN'" ? ",'ADMIN'"
: ''; : '';
@ -187,7 +188,7 @@ class Permission extends DataObject {
SELECT COUNT(*) SELECT COUNT(*)
FROM Permission FROM Permission
WHERE ( WHERE (
(Code IN '$code')' (Code IN '$SQL_code')'
AND (Type = " . self::GRANT_PERMISSION . ") AND (Type = " . self::GRANT_PERMISSION . ")
) )
")->value(); ")->value();