r23906 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r23905‎ \| r23906 \| r23907 >
Date:	15:26, 9 July 2007
Author:	yaron
Status:	old
Tags:
Comment:	Added escaping of special characters in SQL call
Modified paths:	/trunk/extensions/SemanticForms/includes/SF_GlobalFunctions.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticForms/includes/SF_GlobalFunctions.php
—	—	@@ -182,8 +182,10 @@
183	183	function sffGetDefaultForm($db, $page_title, $page_namespace) {
184	184	$default_form_relation = str_replace(' ', '_', wfMsgForContent('sf_form_relation'));
185	185	$sql = "SELECT DISTINCT object_title FROM {$db->tableName('smw_relations')} " .
186		~~- "WHERE subject_title = '$page_title' AND subject_namespace = '" . $page_namespace .~~
187		~~- "' AND relation_title = '$default_form_relation' AND object_namespace = " . SF_NS_FORM;~~
	186	+ "WHERE subject_title = '" . $db->strencode($page_title) .
	187	+ "' AND subject_namespace = '" . $page_namespace .
	188	+ "' AND relation_title = '" . $db->strencode($default_form_relation) .
	189	+ "' AND object_namespace = " . SF_NS_FORM;
188	190	$res = $db->query( $sql );
189	191	if ($db->numRows( $res ) > 0) {
190	192	$row = $db->fetchRow($res);

15:19, 12 September 2011 Meno25 (talk | contribs) changed the status of r23906 [removed: ok added: old]