r56522 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r56521‎ \| r56522 \| r56523 >
Date:	15:19, 17 September 2009
Author:	thomasv
Status:	ok (Comments)
Tags:
Comment:	escaping messages passed to mysql
Modified paths:	/trunk/extensions/ProofreadPage/ProofreadPage.php (modified) (history)

Diff [purge]

Index: trunk/extensions/ProofreadPage/ProofreadPage.php
—	—	@@ -1293,7 +1293,7 @@
1294	1294	# find the proofreading status of transclusions
1295	1295	$query = "SELECT COUNT(page_id) AS count FROM $templatelinks LEFT JOIN $page ON page_title=tl_title LEFT JOIN $catlinks ON cl_from=page_id where tl_from=$id and tl_namespace=$page_ns_index AND cl_to='###'";
1296	1296
1297		~~- $q4 = str_replace( ' ' , '_' , wfMsgForContent( 'proofreadpage_quality4_category' ) );~~
	1297	+ $q4 = $dbr->strencode( str_replace( ' ' , '_' , wfMsgForContent( 'proofreadpage_quality4_category' ) ) );
1298	1298	$res = $dbr->query( str_replace( '###', $q4, $query) , __METHOD__ );
1299	1299	if( $res && $dbr->numRows( $res ) > 0 ) {
1300	1300	$row = $dbr->fetchObject( $res );
—	—	@@ -1301,7 +1301,7 @@
1302	1302	$dbr->freeResult( $res );
1303	1303	}
1304	1304
1305		~~- $q3 = str_replace( ' ' , '_' , wfMsgForContent( 'proofreadpage_quality3_category' ) );~~
	1305	+ $q3 = $dbr->strencode( str_replace( ' ' , '_' , wfMsgForContent( 'proofreadpage_quality3_category' ) ) );
1306	1306	$res = $dbr->query( str_replace( '###', $q3, $query) , __METHOD__ );
1307	1307	if( $res && $dbr->numRows( $res ) > 0 ) {
1308	1308	$row = $dbr->fetchObject( $res );
—	—	@@ -1309,7 +1309,7 @@
1310	1310	$dbr->freeResult( $res );
1311	1311	}
1312	1312
1313		~~- $q2 = str_replace( ' ' , '_' , wfMsgForContent( 'proofreadpage_quality2_category' ) );~~
	1313	+ $q2 = $dbr->strencode( str_replace( ' ' , '_' , wfMsgForContent( 'proofreadpage_quality2_category' ) ) );
1314	1314	$res = $dbr->query( str_replace( '###', $q2, $query) , __METHOD__ );
1315	1315	if( $res && $dbr->numRows( $res ) > 0 ) {
1316	1316	$row = $dbr->fetchObject( $res );
—	—	@@ -1317,7 +1317,7 @@
1318	1318	$dbr->freeResult( $res );
1319	1319	}
1320	1320
1321		~~- $q0 = str_replace( ' ' , '_' , wfMsgForContent( 'proofreadpage_quality0_category' ) );~~
	1321	+ $q0 = $dbr->strencode( str_replace( ' ' , '_' , wfMsgForContent( 'proofreadpage_quality0_category' ) ) );
1322	1322	$res = $dbr->query( str_replace( '###', $q0, $query) , __METHOD__ );
1323	1323	if( $res && $dbr->numRows( $res ) > 0 ) {
1324	1324	$row = $dbr->fetchObject( $res );

Comments

#Comment by Brion VIBBER (talk | contribs) 21:20, 17 September 2009

Good for now; needs a couple more fixes elsewhere still.

Status & tagging log

01:08, 18 January 2012 Siebrand (talk | contribs) changed the tags for r56522 [removed: wmf-deployment]
17:48, 24 September 2009 Brion VIBBER (talk | contribs) changed the tags for r56522 [added: wmf-deployment]
21:20, 17 September 2009 Brion VIBBER (talk | contribs) changed the status of r56522 [removed: new added: ok]