1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 14:00:56 +01:00

Fix dynamic string usage as safe input

Summary: I somehow missed it.

Test Plan: /diffusion/PF/lint/master/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4801
This commit is contained in:
vrana 2013-02-03 15:04:15 -08:00
parent b98a592c9b
commit 4f5e57283f
2 changed files with 12 additions and 14 deletions

View file

@ -160,11 +160,11 @@ final class DiffusionLintController extends DiffusionController {
$where[] = qsprintf($conn, 'branchID = %d', $branch->getID()); $where[] = qsprintf($conn, 'branchID = %d', $branch->getID());
if ($drequest->getPath() != '') { if ($drequest->getPath() != '') {
$is_dir = (substr($drequest->getPath(), -1) == '/'); $path = '/'.$drequest->getPath();
$where[] = qsprintf( $is_dir = (substr($path, -1) == '/');
$conn, $where[] = ($is_dir
'path '.($is_dir ? 'LIKE %>' : '= %s'), ? qsprintf($conn, 'path LIKE %>', $path)
'/'.$drequest->getPath()); : qsprintf($conn, 'path = %s', $path));
} }
} }

View file

@ -107,17 +107,15 @@ final class DiffusionLintDetailsController extends DiffusionController {
$conn = $branch->establishConnection('r'); $conn = $branch->establishConnection('r');
$where = array( $where = array(
qsprintf( qsprintf($conn, 'branchID = %d', $branch->getID()),
$conn,
'branchID = %d',
$branch->getID())
); );
if ($drequest->getPath() != '') { if ($drequest->getPath() != '') {
$is_dir = (substr($drequest->getPath(), -1) == '/'); $path = '/'.$drequest->getPath();
$where[] = qsprintf( $is_dir = (substr($path, -1) == '/');
$conn, $where[] = ($is_dir
'path '.($is_dir ? 'LIKE %>' : '= %s'), ? qsprintf($conn, 'path LIKE %>', $path)
'/'.$drequest->getPath()); : qsprintf($conn, 'path = %s', $path));
} }
if ($drequest->getLint() != '') { if ($drequest->getLint() != '') {