From 65cd866f42320e4a7817729161d7b07d7a04638d Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Fri, 16 Oct 2015 11:16:30 +1300 Subject: [PATCH 1/3] Restrict 1.4 to ~3.2 --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 6caa41a..1b031db 100644 --- a/composer.json +++ b/composer.json @@ -14,7 +14,7 @@ } ], "require": { - "silverstripe/framework": ">=3.2" + "silverstripe/framework": "^3.2.0" }, "extra": { "branch-alias": { From ea1d504617ea13babe017b313e4c9d90bdc5f8cd Mon Sep 17 00:00:00 2001 From: Daniel Hensby Date: Wed, 23 Mar 2016 11:17:42 +0000 Subject: [PATCH 2/3] Update travis test coverage --- .travis.yml | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/.travis.yml b/.travis.yml index f638b3b..296b4ab 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,20 +1,33 @@ -language: php +# See https://github.com/silverstripe-labs/silverstripe-travis-support for setup details sudo: false +language: php + php: - 5.3 + - 5.4 + - 5.5 + - 5.6 env: - matrix: - - DB=POSTGRESQL CORE_RELEASE=master + - DB=SQLITE CORE_RELEASE=3.2 + +matrix: + include: + - php: 5.6 + env: CORE_RELEASE=3 + - php: 5.6 + env: CORE_RELEASE=3 PDO=1 + - php: 5.6 + env: CORE_RELEASE=3.3 before_script: - - composer self-update || true - - phpenv rehash - - git clone git://github.com/silverstripe-labs/silverstripe-travis-support.git ~/travis-support - - php ~/travis-support/travis_setup.php --source `pwd` --target ~/builds/ss - - cd ~/builds/ss + - composer self-update || true + - git clone git://github.com/silverstripe-labs/silverstripe-travis-support.git ~/travis-support + - php ~/travis-support/travis_setup.php --source `pwd` --target ~/builds/ss + - cd ~/builds/ss + - composer install -script: - - phpunit framework/tests +script: + - vendor/bin/phpunit framework/tests From 4aad42c084ab7b424e3607dcc522fece65e08e95 Mon Sep 17 00:00:00 2001 From: Daniel Hensby Date: Tue, 21 Nov 2017 16:16:32 +0000 Subject: [PATCH 3/3] [SS-2017-008] Fix SQL injection in search engine --- code/SQLite3Database.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/code/SQLite3Database.php b/code/SQLite3Database.php index 004bb3f..6019d74 100644 --- a/code/SQLite3Database.php +++ b/code/SQLite3Database.php @@ -228,6 +228,8 @@ class SQLite3Database extends SS_Database { public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false ) { + $start = (int)$start; + $pageLength = (int)$pageLength; $keywords = $this->escapeString(str_replace(array('*','+','-','"','\''), '', $keywords)); $htmlEntityKeywords = htmlentities(utf8_decode($keywords)); @@ -249,7 +251,7 @@ class SQLite3Database extends SS_Database { $extraFilters['File'] .= " AND ShowInSearch <> 0"; } - $limit = $start . ", " . (int) $pageLength; + $limit = $start . ", " . $pageLength; $notMatch = $invertedMatch ? "NOT " : ""; if($keywords) {