From 3912d51a9f09d7b4aae07b6ea0340032f4aa364e Mon Sep 17 00:00:00 2001 From: Olle Haerstedt Date: Sat, 3 Apr 2021 22:53:35 +0200 Subject: [PATCH] Fixed issue #17221: Check data integrity crash with SQL error when # is use in the name of field --- application/controllers/admin/checkintegrity.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/application/controllers/admin/checkintegrity.php b/application/controllers/admin/checkintegrity.php index a85e346934a..7b97297b54d 100644 --- a/application/controllers/admin/checkintegrity.php +++ b/application/controllers/admin/checkintegrity.php @@ -521,7 +521,7 @@ protected function _checkintegrity() // QID field can be more than just QID, like: 886other or 886A1 // So we clean it by finding the first alphabetical character $sDirtyQid = $aFields[2]; - preg_match('~[a-zA-Z_]~i', $sDirtyQid, $match, PREG_OFFSET_CAPTURE); + preg_match('~[a-zA-Z_#]~i', $sDirtyQid, $match, PREG_OFFSET_CAPTURE); if (isset($match[0][1])){ $sQID = substr ($sDirtyQid, 0, $match[0][1]); @@ -529,6 +529,9 @@ protected function _checkintegrity() // It was just the QID.... $sQID = $sDirtyQid; } + if ((string) intval($sQID) !== $sQID) { + throw new \Exception('sQID is not an integer: ' . $sQID); + } // Here, we get the question as defined in backend $oQuestion = Question::model()->findByAttributes([ 'qid' => $sQID , 'language' => $oSurvey->language, 'sid' => $oSurvey->sid ]);