BUG Fixed instances of loosely defined SQL predicates not qualified by table name
Fixed duplicate SQL escaping on SiteTree::get_by_link
This commit is contained in:
Damian Mooyman
parent
6d694a550a
commit
5f828149c3
|
|
@ -814,7 +814,10 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
|
|||
// Fall back to homepage record
|
||||
if(!$id) {
|
||||
$homepageSegment = RootURLController::get_homepage_link();
|
||||
$homepageRecord = DataObject::get_one('SiteTree', sprintf('"URLSegment" = \'%s\'', $homepageSegment));
|
||||
$homepageRecord = DataObject::get_one('SiteTree', sprintf(
|
||||
'"SiteTree"."URLSegment" = \'%s\'',
|
||||
Convert::raw2sql($homepageSegment)
|
||||
));
|
||||
if($homepageRecord) $id = $homepageRecord->ID;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ class CMSPageAddController extends CMSPageEditController {
|
|||
$suffix = isset($data['Suffix']) ? "-" . $data['Suffix'] : null;
|
||||
|
||||
if(!$parentID && isset($data['Parent'])) {
|
||||
$page = SiteTree:: get_by_link(Convert::raw2sql($data['Parent']));
|
||||
$page = SiteTree::get_by_link($data['Parent']);
|
||||
if($page) $parentID = $page->ID;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -163,9 +163,10 @@ class ContentController extends Controller {
|
|||
// See ModelAdController->getNestedController() for similar logic
|
||||
if(class_exists('Translatable')) Translatable::disable_locale_filter();
|
||||
// look for a page with this URLSegment
|
||||
$child = $this->model->SiteTree->where(sprintf (
|
||||
"\"ParentID\" = %s AND \"URLSegment\" = '%s'", $this->ID, Convert::raw2sql(rawurlencode($action))
|
||||
))->First();
|
||||
$child = $this->model->SiteTree->filter(array(
|
||||
'ParentID' => $this->ID,
|
||||
'URLSegment' => rawurlencode($action)
|
||||
))->first();
|
||||
if(class_exists('Translatable')) Translatable::enable_locale_filter();
|
||||
|
||||
// if we can't find a page with this URLSegment try to find one that used to have
|
||||
|
|
@ -258,7 +259,10 @@ class ContentController extends Controller {
|
|||
*/
|
||||
public function getMenu($level = 1) {
|
||||
if($level == 1) {
|
||||
$result = DataObject::get("SiteTree", "\"ShowInMenus\" = 1 AND \"ParentID\" = 0");
|
||||
$result = SiteTree::get()->filter(array(
|
||||
"ShowInMenus" => 1,
|
||||
"ParentID" => 0
|
||||
));
|
||||
|
||||
} else {
|
||||
$parent = $this->data();
|
||||
|
|
@ -399,7 +403,7 @@ HTML;
|
|||
$this->httpError(410);
|
||||
}
|
||||
// The manifest should be built by now, so it's safe to publish the 404 page
|
||||
$fourohfour = Versioned::get_one_by_stage('ErrorPage', 'Stage', '"ErrorCode" = 404');
|
||||
$fourohfour = Versioned::get_one_by_stage('ErrorPage', 'Stage', '"ErrorPage"."ErrorCode" = 404');
|
||||
if($fourohfour) {
|
||||
$fourohfour->write();
|
||||
$fourohfour->publish("Stage", "Live");
|
||||
|
|
|
|||
|
|
@ -93,9 +93,9 @@ class ModelAsController extends Controller implements NestedController {
|
|||
$sitetree = DataObject::get_one(
|
||||
'SiteTree',
|
||||
sprintf(
|
||||
'"URLSegment" = \'%s\' %s',
|
||||
'"SiteTree"."URLSegment" = \'%s\' %s',
|
||||
Convert::raw2sql(rawurlencode($URLSegment)),
|
||||
(SiteTree::config()->nested_urls ? 'AND "ParentID" = 0' : null)
|
||||
(SiteTree::config()->nested_urls ? 'AND "SiteTree"."ParentID" = 0' : null)
|
||||
)
|
||||
);
|
||||
if(class_exists('Translatable')) Translatable::enable_locale_filter();
|
||||
|
|
@ -146,16 +146,15 @@ class ModelAsController extends Controller implements NestedController {
|
|||
* @return SiteTree
|
||||
*/
|
||||
static public function find_old_page($URLSegment,$parentID = 0, $ignoreNestedURLs = false) {
|
||||
$URLSegment = Convert::raw2sql(rawurlencode($URLSegment));
|
||||
|
||||
$useParentIDFilter = SiteTree::config()->nested_urls && $parentID;
|
||||
|
||||
// First look for a non-nested page that has a unique URLSegment and can be redirected to.
|
||||
if(SiteTree::config()->nested_urls) {
|
||||
$pages = DataObject::get(
|
||||
'SiteTree',
|
||||
"\"URLSegment\" = '$URLSegment'" . ($useParentIDFilter ? ' AND "ParentID" = ' . (int)$parentID : '')
|
||||
);
|
||||
$pages = SiteTree::get()->filter("URLSegment", rawurlencode($URLSegment));
|
||||
if($useParentIDFilter) {
|
||||
$pages = $pages->filter("ParentID", (int)$parentID);
|
||||
}
|
||||
|
||||
if($pages && $pages->Count() == 1 && ($page = $pages->First())) {
|
||||
$parent = $page->ParentID ? $page->Parent() : $page;
|
||||
|
|
@ -164,10 +163,11 @@ class ModelAsController extends Controller implements NestedController {
|
|||
}
|
||||
|
||||
// Get an old version of a page that has been renamed.
|
||||
$URLSegmentSQL = Convert::raw2sql(rawurlencode($URLSegment));
|
||||
$query = new SQLQuery (
|
||||
'"RecordID"',
|
||||
'"SiteTree_versions"',
|
||||
"\"URLSegment\" = '$URLSegment' AND \"WasPublished\" = 1" . ($useParentIDFilter ? ' AND "ParentID" = ' . (int)$parentID : ''),
|
||||
"\"URLSegment\" = '$URLSegmentSQL' AND \"WasPublished\" = 1" . ($useParentIDFilter ? ' AND "ParentID" = ' . (int)$parentID : ''),
|
||||
'"LastEdited" DESC',
|
||||
null,
|
||||
null,
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ class ErrorPage extends Page {
|
|||
*/
|
||||
public static function response_for($statusCode) {
|
||||
// first attempt to dynamically generate the error page
|
||||
if($errorPage = DataObject::get_one('ErrorPage', "\"ErrorCode\" = $statusCode")) {
|
||||
if($errorPage = DataObject::get_one('ErrorPage', "\"ErrorPage\".\"ErrorCode\" = $statusCode")) {
|
||||
Requirements::clear();
|
||||
Requirements::clear_combined_files();
|
||||
|
||||
|
|
@ -93,7 +93,7 @@ class ErrorPage extends Page {
|
|||
$code = $defaultData['ErrorCode'];
|
||||
$page = DataObject::get_one(
|
||||
'ErrorPage',
|
||||
sprintf("\"ErrorCode\" = '%s'", $code)
|
||||
sprintf("\"ErrorPage\".\"ErrorCode\" = '%s'", $code)
|
||||
);
|
||||
$pageExists = ($page && $page->exists());
|
||||
$pagePath = self::get_filepath_for_errorcode($code);
|
||||
|
|
|
|||
|
|
@ -310,11 +310,18 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||
// Grab the initial root level page to traverse down from.
|
||||
$URLSegment = array_shift($parts);
|
||||
$sitetree = DataObject::get_one (
|
||||
'SiteTree', "\"URLSegment\" = '$URLSegment'" . (self::config()->nested_urls ? ' AND "ParentID" = 0' : ''), $cache
|
||||
'SiteTree',
|
||||
"\"SiteTree\".\"URLSegment\" = '$URLSegment'" . (
|
||||
self::config()->nested_urls ? ' AND "SiteTree"."ParentID" = 0' : ''
|
||||
),
|
||||
$cache
|
||||
);
|
||||
|
||||
/// Fall back on a unique URLSegment for b/c.
|
||||
if(!$sitetree && self::config()->nested_urls && $page = DataObject::get('SiteTree', "\"URLSegment\" = '$URLSegment'")->First()) {
|
||||
if(!$sitetree
|
||||
&& self::config()->nested_urls
|
||||
&& $page = DataObject::get_one('SiteTree', "\"SiteTree\".\"URLSegment\" = '$URLSegment'", $cache)
|
||||
) {
|
||||
return $page;
|
||||
}
|
||||
|
||||
|
|
@ -335,7 +342,9 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||
// Traverse down the remaining URL segments and grab the relevant SiteTree objects.
|
||||
foreach($parts as $segment) {
|
||||
$next = DataObject::get_one (
|
||||
'SiteTree', "\"URLSegment\" = '$segment' AND \"ParentID\" = $sitetree->ID", $cache
|
||||
'SiteTree',
|
||||
"\"SiteTree\".\"URLSegment\" = '$segment' AND \"SiteTree\".\"ParentID\" = $sitetree->ID",
|
||||
$cache
|
||||
);
|
||||
|
||||
if(!$next) {
|
||||
|
|
@ -405,7 +414,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||
if (
|
||||
!($page = DataObject::get_by_id('SiteTree', $arguments['id'])) // Get the current page by ID.
|
||||
&& !($page = Versioned::get_latest_version('SiteTree', $arguments['id'])) // Attempt link to old version.
|
||||
&& !($page = DataObject::get_one('ErrorPage', '"ErrorCode" = \'404\'')) // Link to 404 page directly.
|
||||
&& !($page = DataObject::get_one('ErrorPage', '"ErrorPage"."ErrorCode" = \'404\'')) // Link to 404 page.
|
||||
) {
|
||||
return; // There were no suitable matches at all.
|
||||
}
|
||||
|
|
@ -1603,7 +1612,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||
|
||||
$existingPage = DataObject::get_one(
|
||||
'SiteTree',
|
||||
"\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
|
||||
"\"SiteTree\".\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
|
||||
);
|
||||
|
||||
return !($existingPage);
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ class SiteTreeMaintenanceTask extends Controller {
|
|||
|
||||
public function makelinksunique() {
|
||||
$badURLs = "'" . implode("', '", DB::query("SELECT URLSegment, count(*) FROM SiteTree GROUP BY URLSegment HAVING count(*) > 1")->column()) . "'";
|
||||
$pages = DataObject::get("SiteTree", "\"URLSegment\" IN ($badURLs)");
|
||||
$pages = DataObject::get("SiteTree", "\"SiteTree\".\"URLSegment\" IN ($badURLs)");
|
||||
|
||||
foreach($pages as $page) {
|
||||
echo "<li>$page->Title: ";
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@ class SiteTreeTest extends SapphireTest {
|
|||
$oldMode = Versioned::get_reading_mode();
|
||||
Versioned::reading_stage('Live');
|
||||
|
||||
$checkSiteTree = DataObject::get_one("SiteTree", "\"URLSegment\" = 'get-one-test-page'");
|
||||
$checkSiteTree = DataObject::get_one("SiteTree", "\"SiteTree\".\"URLSegment\" = 'get-one-test-page'");
|
||||
$this->assertEquals("V1", $checkSiteTree->Title);
|
||||
|
||||
Versioned::set_reading_mode($oldMode);
|
||||
|
|
@ -426,7 +426,7 @@ class SiteTreeTest extends SapphireTest {
|
|||
public function testReadArchiveDate() {
|
||||
$date = '2009-07-02 14:05:07';
|
||||
Versioned::reading_archived_date($date);
|
||||
DataObject::get('SiteTree', "\"ParentID\" = 0");
|
||||
DataObject::get('SiteTree', "\"SiteTree\".\"ParentID\" = 0");
|
||||
Versioned::reading_archived_date(null);
|
||||
$this->assertEquals(
|
||||
Versioned::get_reading_mode(),
|
||||
|
|
|
|||
Loading…
Reference in New Issue