| Index: trunk/extensions/GPoC/models/Rating.php |
| — | — | @@ -52,7 +52,6 @@ |
| 53 | 53 | $this->saveAll(); |
| 54 | 54 | } |
| 55 | 55 | |
| 56 | | - // Note: Huge sql injection vector ahead. FIXME |
| 57 | 56 | private function updateAggregateStats( $is_new_rating ) { |
| 58 | 57 | if(! $is_new_rating && empty($this->old_importance) && empty($this->old_quality) ) { |
| 59 | 58 | return; |
| — | — | @@ -61,8 +60,10 @@ |
| 62 | 61 | // Rating has just been detected. |
| 63 | 62 | // So we can ignore $old_importance and $old_quality |
| 64 | 63 | $importance_column = Rating::getImportanceColumn( $this->importance ); |
| | 64 | + $project = $dbw->addQuotes($this->project); |
| | 65 | + $quality = $dbw->addQuotes($this->quality); |
| 65 | 66 | $query = "INSERT INTO project_stats (ps_project, ps_quality, $importance_column) "; |
| 66 | | - $query .= "VALUES ('$this->project', '$this->quality', 1) "; |
| | 67 | + $query .= "VALUES ($project, $quality, 1) "; |
| 67 | 68 | $query .= "ON DUPLICATE KEY "; |
| 68 | 69 | $query .= "UPDATE $importance_column = $importance_column + 1 "; |
| 69 | 70 | if(! $is_new_rating && ! empty( $this->old_importance ) ) { |
| — | — | @@ -75,6 +76,7 @@ |
| 76 | 77 | if(! isset($old_importance_column) ) { |
| 77 | 78 | $old_importance_column = $importance_column; |
| 78 | 79 | } |
| | 80 | + |
| 79 | 81 | $query = "UPDATE project_stats SET $old_importance_column = $old_importance_column - 1 "; |
| 80 | 82 | $query .= "WHERE ps_project = '$this->project' and ps_quality = '$this->old_quality';"; |
| 81 | 83 | $dbw->query($query); |