Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

CC-4262: Smart Block: Characters do not get escaped properly

Browse source 
-fixed
This commit is contained in:
denise 2012-08-24 10:29:28 -04:00
parent 9893282e43
commit 1f7a6fdc63
1 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
airtime_mvc/application/models/Block.php
View file

@ -1181,7 +1181,17 @@ EOT;
$criteria['extra'] *= 1000; $criteria['extra'] *= 1000;
} }
} else { } else {
/* Propel does not escape special characters properly when using LIKE/ILIKE
* We have to add extra slashes in these cases
*/
$tempModifier = trim(self::$modifier2CriteriaMap[$spCriteriaModifier]);
if ($tempModifier == 'ILIKE') {
$spCriteriaValue = addslashes($criteria['value']); $spCriteriaValue = addslashes($criteria['value']);
// addslashes() does not esapce '%' so we have to do it manually
$spCriteriaValue = str_replace('%', '\%', $spCriteriaValue);
} else {
$spCriteriaValue = ($criteria['value']);
}
} }
if ($spCriteriaModifier == "starts with") { if ($spCriteriaModifier == "starts with") {
@ -1224,7 +1234,6 @@ EOT;
} }
try { try {
$out = $qry->setFormatter(ModelCriteria::FORMAT_ON_DEMAND)->find(); $out = $qry->setFormatter(ModelCriteria::FORMAT_ON_DEMAND)->find();
return array("files"=>$out, "limit"=>$limits, "count"=>$out->count()); return array("files"=>$out, "limit"=>$limits, "count"=>$out->count());
} catch (Exception $e) { } catch (Exception $e) {
Logging::info($e); Logging::info($e);