r24973 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r24972‎ \| r24973 \| r24974 >
Date:	11:36, 21 August 2007
Author:	mkroetzsch
Status:	old
Tags:
Comment:	Fixed missing db escape
Modified paths:	/trunk/extensions/SemanticMediaWiki/includes/storage/SMW_SQLStore.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticMediaWiki/includes/storage/SMW_SQLStore.php
—	—	@@ -1247,8 +1247,8 @@
1248	1248
1249	1249	$pagetable = $db->tableName('page');
1250	1250	$cltable = $db->tableName('categorylinks');
1251		~~- $db->query("INSERT INTO $tablename (title) VALUES ('$catname')", 'SMW::getCategoryTable');~~
1252		~~- $db->query("INSERT INTO $tmpnew (title) VALUES ('$catname')", 'SMW::getCategoryTable');~~
	1251	+ $db->query("INSERT INTO $tablename (title) VALUES (" . $db->addQuotes($catname) . ')', 'SMW::getCategoryTable');
	1252	+ $db->query("INSERT INTO $tmpnew (title) VALUES (" . $db->addQuotes($catname) . ')', 'SMW::getCategoryTable');
1253	1253
1254	1254	/// TODO: avoid duplicate results?
1255	1255	for ($i=0; $i<$smwgQSubcategoryDepth; $i++) {
—	—	@@ -1308,8 +1308,8 @@
1309	1309	$tmpres = 'smw_res';
1310	1310
1311	1311	$sptable = $db->tableName('smw_subprops');
1312		~~- $db->query("INSERT INTO $tablename (title) VALUES ('$propname')", 'SMW::getPropertyTable');~~
1313		~~- $db->query("INSERT INTO $tmpnew (title) VALUES ('$propname')", 'SMW::getPropertyTable');~~
	1312	+ $db->query("INSERT INTO $tablename (title) VALUES (" . $db->addQuotes($propname) . ')', 'SMW::getPropertyTable');
	1313	+ $db->query("INSERT INTO $tmpnew (title) VALUES (" . $db->addQuotes($propname) . ')', 'SMW::getPropertyTable');
1314	1314
1315	1315	/// TODO: avoid duplicate results?
1316	1316	for ($i=0; $i<$smwgQSubpropertyDepth; $i++) {

15:20, 12 September 2011 Meno25 (talk | contribs) changed the status of r24973 [removed: ok added: old]