mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 14:00:56 +01:00
Fix dynamic string usage as safe input
Summary: I somehow missed it. Test Plan: /diffusion/PF/lint/master/ Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Differential Revision: https://secure.phabricator.com/D4801
This commit is contained in:
parent
b98a592c9b
commit
4f5e57283f
2 changed files with 12 additions and 14 deletions
|
@ -160,11 +160,11 @@ final class DiffusionLintController extends DiffusionController {
|
||||||
$where[] = qsprintf($conn, 'branchID = %d', $branch->getID());
|
$where[] = qsprintf($conn, 'branchID = %d', $branch->getID());
|
||||||
|
|
||||||
if ($drequest->getPath() != '') {
|
if ($drequest->getPath() != '') {
|
||||||
$is_dir = (substr($drequest->getPath(), -1) == '/');
|
$path = '/'.$drequest->getPath();
|
||||||
$where[] = qsprintf(
|
$is_dir = (substr($path, -1) == '/');
|
||||||
$conn,
|
$where[] = ($is_dir
|
||||||
'path '.($is_dir ? 'LIKE %>' : '= %s'),
|
? qsprintf($conn, 'path LIKE %>', $path)
|
||||||
'/'.$drequest->getPath());
|
: qsprintf($conn, 'path = %s', $path));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -107,17 +107,15 @@ final class DiffusionLintDetailsController extends DiffusionController {
|
||||||
$conn = $branch->establishConnection('r');
|
$conn = $branch->establishConnection('r');
|
||||||
|
|
||||||
$where = array(
|
$where = array(
|
||||||
qsprintf(
|
qsprintf($conn, 'branchID = %d', $branch->getID()),
|
||||||
$conn,
|
|
||||||
'branchID = %d',
|
|
||||||
$branch->getID())
|
|
||||||
);
|
);
|
||||||
|
|
||||||
if ($drequest->getPath() != '') {
|
if ($drequest->getPath() != '') {
|
||||||
$is_dir = (substr($drequest->getPath(), -1) == '/');
|
$path = '/'.$drequest->getPath();
|
||||||
$where[] = qsprintf(
|
$is_dir = (substr($path, -1) == '/');
|
||||||
$conn,
|
$where[] = ($is_dir
|
||||||
'path '.($is_dir ? 'LIKE %>' : '= %s'),
|
? qsprintf($conn, 'path LIKE %>', $path)
|
||||||
'/'.$drequest->getPath());
|
: qsprintf($conn, 'path = %s', $path));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($drequest->getLint() != '') {
|
if ($drequest->getLint() != '') {
|
||||||
|
|
Loading…
Reference in a new issue