Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

#1709 special character escaping improved

Browse source
This commit is contained in:
tomash 2006-06-29 11:30:50 +00:00
parent 9f9bd0dfbf
commit 6355b97458
2 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
livesupport/src/modules/storageServer/var/BasicStor.php
View file

@ -354,6 +354,10 @@ class BasicStor extends Alib{
function bsAccess($realFname, $ext, $gunid, $type='access', function bsAccess($realFname, $ext, $gunid, $type='access',
$parent='0', $owner=NULL) $parent='0', $owner=NULL)
{ {
if(!is_null($gunid)){
$gunid = StoredFile::_normalizeGunid($acc['gunid']);
}
foreach(array('ext', 'type') as $v) $$v = addslashes($$v);
$token = StoredFile::_createGunid(); $token = StoredFile::_createGunid();
if(!is_null($realFname)){ if(!is_null($realFname)){
$linkFname = "{$this->accessDir}/$token.$ext"; $linkFname = "{$this->accessDir}/$token.$ext";
@ -526,6 +530,10 @@ class BasicStor extends Alib{
*/ */
function bsOpenPut($chsum, $gunid, $owner=NULL) function bsOpenPut($chsum, $gunid, $owner=NULL)
{ {
if(!is_null($gunid)){
$gunid = StoredFile::_normalizeGunid($acc['gunid']);
}
foreach(array('chsum') as $v) $$v = addslashes($$v);
$ext = ''; $ext = '';
$token = StoredFile::_createGunid(); $token = StoredFile::_createGunid();
$res = $this->dbc->query(" $res = $this->dbc->query("

5
livesupport/src/modules/storageServer/var/StoredFile.php
View file

@ -88,7 +88,9 @@ class StoredFile{
$mediaFileLP='', $metadata='', $mdataLoc='file', $mediaFileLP='', $metadata='', $mdataLoc='file',
$gunid=NULL, $ftype=NULL, $className='StoredFile') $gunid=NULL, $ftype=NULL, $className='StoredFile')
{ {
foreach(array('name', 'ftype') as $v) $$v = addslashes($$v);
$ac =& new $className($gb, ($gunid ? $gunid : NULL)); $ac =& new $className($gb, ($gunid ? $gunid : NULL));
if(PEAR::isError($ac)) return $ac;
$ac->name = $name; $ac->name = $name;
$ac->id = $oid; $ac->id = $oid;
$ac->mime = "unKnown"; $ac->mime = "unKnown";
@ -383,6 +385,7 @@ class StoredFile{
*/ */
function rename($newname) function rename($newname)
{ {
foreach(array('newname') as $v) $$v = addslashes($$v);
$res = $this->dbc->query(" $res = $this->dbc->query("
UPDATE {$this->filesTable} SET name='$newname', mtime=now() UPDATE {$this->filesTable} SET name='$newname', mtime=now()
WHERE gunid=x'{$this->gunid}'::bigint WHERE gunid=x'{$this->gunid}'::bigint
@ -401,6 +404,7 @@ class StoredFile{
*/ */
function setState($state, $editedby=NULL) function setState($state, $editedby=NULL)
{ {
foreach(array('state') as $v) $$v = addslashes($$v);
$eb = (!is_null($editedby) ? ", editedBy=$editedby" : ''); $eb = (!is_null($editedby) ? ", editedBy=$editedby" : '');
$res = $this->dbc->query(" $res = $this->dbc->query("
UPDATE {$this->filesTable} UPDATE {$this->filesTable}
@ -419,6 +423,7 @@ class StoredFile{
*/ */
function setMime($mime) function setMime($mime)
{ {
foreach(array('mime') as $v) $$v = addslashes($$v);
$res = $this->dbc->query(" $res = $this->dbc->query("
UPDATE {$this->filesTable} SET mime='$mime', mtime=now() UPDATE {$this->filesTable} SET mime='$mime', mtime=now()
WHERE gunid=x'{$this->gunid}'::bigint WHERE gunid=x'{$this->gunid}'::bigint