revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 08:52:39 +01:00
Code Issues Releases Wiki Activity

Fix dynamic string usage as safe input

Browse source 
Summary: I somehow missed it.

Test Plan: /diffusion/PF/lint/master/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4801
This commit is contained in:
vrana 2013-02-03 15:04:15 -08:00
parent b98a592c9b
commit 4f5e57283f
2 changed files with 12 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/applications/diffusion/controller/DiffusionLintController.php
View file

@ -160,11 +160,11 @@ final class DiffusionLintController extends DiffusionController {
$where[] = qsprintf($conn, 'branchID = %d', $branch->getID());
if ($drequest->getPath() != '') {
$is_dir = (substr($drequest->getPath(), -1) == '/');
$where[] = qsprintf(
$conn,
'path '.($is_dir ? 'LIKE %>' : '= %s'),
'/'.$drequest->getPath());
$path = '/'.$drequest->getPath();
$is_dir = (substr($path, -1) == '/');
$where[] = ($is_dir
? qsprintf($conn, 'path LIKE %>', $path)
: qsprintf($conn, 'path = %s', $path));
}
}

16
src/applications/diffusion/controller/DiffusionLintDetailsController.php
View file

@ -107,17 +107,15 @@ final class DiffusionLintDetailsController extends DiffusionController {
$conn = $branch->establishConnection('r');
$where = array(
qsprintf(
$conn,
'branchID = %d',
$branch->getID())
qsprintf($conn, 'branchID = %d', $branch->getID()),
);
if ($drequest->getPath() != '') {
$is_dir = (substr($drequest->getPath(), -1) == '/');
$where[] = qsprintf(
$conn,
'path '.($is_dir ? 'LIKE %>' : '= %s'),
'/'.$drequest->getPath());
$path = '/'.$drequest->getPath();
$is_dir = (substr($path, -1) == '/');
$where[] = ($is_dir
? qsprintf($conn, 'path LIKE %>', $path)
: qsprintf($conn, 'path = %s', $path));
}
if ($drequest->getLint() != '') {