r44898 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r44897‎ | r44898 | r44899 >
Date:12:31, 22 December 2008
Author:tstarling
Status:ok
Tags:
Comment:
Make the SQL search subclasses less nerve-wracking to read, by using makeList() instead of implode(), addQuotes() instead of strencode(), and by documenting the fact that parseQuery() is intentionally returning an SQL fragment to be included into a query without further escaping. No actual vulnerabilities fixed, due to effective UI-side validation, so this is just to minimise reviewer anxiety.
Modified paths:
  • /trunk/phase3/includes/SearchMySQL.php (modified) (history)
  • /trunk/phase3/includes/SearchOracle.php (modified) (history)
  • /trunk/phase3/includes/SearchPostgres.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/SearchPostgres.php
@@ -66,6 +66,7 @@
6767
6868 /*
6969 * Transform the user's search string into a better form for tsearch2
 70+ * Returns an SQL fragment consisting of quoted text to search for.
7071 */
7172 function parseQuery( $term ) {
7273
@@ -142,6 +143,7 @@
143144 }
144145 $prefix = $wgDBversion < 8.3 ? "'default'," : '';
145146
 147+ # Get the SQL fragment for the given term
146148 $searchstring = $this->parseQuery( $term );
147149
148150 ## We need a separate query here so gin does not complain about empty searches
@@ -183,7 +185,7 @@
184186 if ( count($this->namespaces) < 1)
185187 $query .= ' AND page_namespace = 0';
186188 else {
187 - $namespaces = implode( ',', $this->namespaces );
 189+ $namespaces = $this->db->makeList( $this->namespaces );
188190 $query .= " AND page_namespace IN ($namespaces)";
189191 }
190192 }
@@ -202,8 +204,8 @@
203205 function update( $pageid, $title, $text ) {
204206 ## We don't want to index older revisions
205207 $SQL = "UPDATE pagecontent SET textvector = NULL WHERE old_id IN ".
206 - "(SELECT rev_text_id FROM revision WHERE rev_page = $pageid ".
207 - "ORDER BY rev_text_id DESC OFFSET 1)";
 208+ "(SELECT rev_text_id FROM revision WHERE rev_page = " . intval( $pageid ) .
 209+ " ORDER BY rev_text_id DESC OFFSET 1)";
208210 $this->db->doQuery($SQL);
209211 return true;
210212 }
Index: trunk/phase3/includes/SearchOracle.php
@@ -77,9 +77,10 @@
7878 function queryNamespaces() {
7979 if( is_null($this->namespaces) )
8080 return '';
81 - $namespaces = implode(',', $this->namespaces);
82 - if ($namespaces == '') {
 81+ if ( !count( $this->namespaces ) ) {
8382 $namespaces = '0';
 83+ } else {
 84+ $namespaces = $this->db->makeList( $this->namespaces );
8485 }
8586 return 'AND page_namespace IN (' . $namespaces . ')';
8687 }
@@ -144,7 +145,10 @@
145146 'WHERE page_id=si_page AND ' . $match;
146147 }
147148
148 - /** @todo document */
 149+ /**
 150+ * Parse a user input search string, and return an SQL fragment to be used
 151+ * as part of a WHERE clause
 152+ */
149153 function parseQuery($filteredText, $fulltext) {
150154 global $wgContLang;
151155 $lc = SearchEngine::legalSearchChars();
@@ -170,9 +174,9 @@
171175 }
172176 }
173177
174 - $searchon = $this->db->strencode(join(',', $q));
 178+ $searchon = $this->db->addQuotes(join(',', $q));
175179 $field = $this->getIndexField($fulltext);
176 - return " CONTAINS($field, '$searchon', 1) > 0 ";
 180+ return " CONTAINS($field, $searchon, 1) > 0 ";
177181 }
178182
179183 /**
Index: trunk/phase3/includes/SearchMySQL.php
@@ -34,7 +34,10 @@
3535 $this->db = $db;
3636 }
3737
38 - /** @todo document */
 38+ /**
 39+ * Parse the user's query and transform it into an SQL fragment which will
 40+ * become part of a WHERE clause
 41+ */
3942 function parseQuery( $filteredText, $fulltext ) {
4043 global $wgContLang;
4144 $lc = SearchEngine::legalSearchChars(); // Minus format chars
@@ -126,9 +129,10 @@
127130 function queryNamespaces() {
128131 if( is_null($this->namespaces) )
129132 return ''; # search all
130 - $namespaces = implode( ',', $this->namespaces );
131 - if ($namespaces == '') {
 133+ if ( !count( $this->namespaces ) ) {
132134 $namespaces = '0';
 135+ } else {
 136+ $namespaces = $this->db->makeList( $this->namespaces );
133137 }
134138 return 'AND page_namespace IN (' . $namespaces . ')';
135139 }

Status & tagging log