r73868 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r73867‎ \| r73868 \| r73869 >
Date:	04:04, 28 September 2010
Author:	brion
Status:	ok
Tags:
Comment:	SQL escaping fix in ProofreadPage: use addQuotes() instead of hardcoded single-quotes, and name var $encCat instead of $cat per recommended norms
Modified paths:	/trunk/extensions/ProofreadPage/ProofreadPage_body.php (modified) (history)

Diff [purge]

Index: trunk/extensions/ProofreadPage/ProofreadPage_body.php
—	—	@@ -843,13 +843,13 @@
844	844	$pagelist = "'" . implode( "', '", $pp ) . "'";
845	845	$page_ns_index = MWNamespace::getCanonicalIndex( strtolower( $page_namespace ) );
846	846	$dbr = wfGetDB( DB_SLAVE );
847		~~- $cat = $dbr->strencode( str_replace( ' ' , '_' , wfMsgForContent( 'proofreadpage_quality0_category' ) ) );~~
	847	+ $encCat = $dbr->addQuotes( str_replace( ' ' , '_' , wfMsgForContent( 'proofreadpage_quality0_category' ) ) );
848	848	$res = $dbr->select(
849	849	array( 'page', 'categorylinks' ),
850	850	array( 'page_title' ),
851	851	array(
852	852	"page_title IN ( $pagelist )",
853		~~- "cl_to='$cat'",~~
	853	+ "cl_to=$encCat",
854	854	"page_namespace=$page_ns_index"
855	855	),
856	856	__METHOD__,

04:18, 31 December 2010 Reedy (talk | contribs) changed the status of r73868 [removed: new added: ok]