r67791 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r67790‎ \| r67791 \| r67792 >
Date:	09:10, 10 June 2010
Author:	daniel
Status:	deferred
Tags:
Comment:	fix sanity check on field name in query generation; add regression test
Modified paths:	/trunk/extensions/DataTransclusion/DBDataTransclusionSource.php (modified) (history) /trunk/extensions/DataTransclusion/tests/DataTransclusionTest.php (modified) (history)

Diff [purge]

Index: trunk/extensions/DataTransclusion/tests/DataTransclusionTest.php
—	—	@@ -309,6 +309,10 @@
310	310
311	311	$sql = $source->getQuery( 'id', '3' );
312	312	$this->assertTrue( preg_match( '/WHERE $ id = 3 $/', $sql ) === 1 );
	313	+
	314	+ // check blocking of evil field names
	315	+ $sql = $source->getQuery( 'name = 0; select * from x;', 'foo' );
	316	+ $this->assertEquals( $sql, false );
313	317	}
314	318
315	319	function testWebDataTransclusionSource() {
Index: trunk/extensions/DataTransclusion/DBDataTransclusionSource.php
—	—	@@ -84,7 +84,7 @@
85	85	$db = wfGetDB( DB_SLAVE );
86	86	}
87	87
88		~~- if ( !preg_match( '/\w+[\w\d]+/', $field ) ) {~~
	88	+ if ( !preg_match( '/^\w+[\w\d]+$/', $field ) ) {
89	89	return false; // redundant, but make extra sure we don't get anythign evil here //TESTME
90	90	}
91	91

19:40, 21 November 2010 Reedy (talk | contribs) changed the status of r67791 [removed: new added: deferred]