mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 05:50:55 +01:00
Fix dynamic string usage as safe input
Summary: I somehow missed it. Test Plan: /diffusion/PF/lint/master/ Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Differential Revision: https://secure.phabricator.com/D4801
This commit is contained in:
parent
b98a592c9b
commit
4f5e57283f
2 changed files with 12 additions and 14 deletions
|
@ -160,11 +160,11 @@ final class DiffusionLintController extends DiffusionController {
|
|||
$where[] = qsprintf($conn, 'branchID = %d', $branch->getID());
|
||||
|
||||
if ($drequest->getPath() != '') {
|
||||
$is_dir = (substr($drequest->getPath(), -1) == '/');
|
||||
$where[] = qsprintf(
|
||||
$conn,
|
||||
'path '.($is_dir ? 'LIKE %>' : '= %s'),
|
||||
'/'.$drequest->getPath());
|
||||
$path = '/'.$drequest->getPath();
|
||||
$is_dir = (substr($path, -1) == '/');
|
||||
$where[] = ($is_dir
|
||||
? qsprintf($conn, 'path LIKE %>', $path)
|
||||
: qsprintf($conn, 'path = %s', $path));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -107,17 +107,15 @@ final class DiffusionLintDetailsController extends DiffusionController {
|
|||
$conn = $branch->establishConnection('r');
|
||||
|
||||
$where = array(
|
||||
qsprintf(
|
||||
$conn,
|
||||
'branchID = %d',
|
||||
$branch->getID())
|
||||
qsprintf($conn, 'branchID = %d', $branch->getID()),
|
||||
);
|
||||
|
||||
if ($drequest->getPath() != '') {
|
||||
$is_dir = (substr($drequest->getPath(), -1) == '/');
|
||||
$where[] = qsprintf(
|
||||
$conn,
|
||||
'path '.($is_dir ? 'LIKE %>' : '= %s'),
|
||||
'/'.$drequest->getPath());
|
||||
$path = '/'.$drequest->getPath();
|
||||
$is_dir = (substr($path, -1) == '/');
|
||||
$where[] = ($is_dir
|
||||
? qsprintf($conn, 'path LIKE %>', $path)
|
||||
: qsprintf($conn, 'path = %s', $path));
|
||||
}
|
||||
|
||||
if ($drequest->getLint() != '') {
|
||||
|
|
Loading…
Reference in a new issue