Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Don't preg_quote() and later stripslashes(), move preg_quote in the r…
…ight places

see bb6ca2a
see #437

Signed-off-by: Etienne CHAMPETIER <etienne.champetier@fiducial.net>
  • Loading branch information
Etienne CHAMPETIER committed Apr 23, 2014
1 parent 4d4155e commit e0b9627
Show file tree
Hide file tree
Showing 4 changed files with 3 additions and 4 deletions.
2 changes: 1 addition & 1 deletion core/src/plugins/auth.serial/class.serialAuthDriver.php
Expand Up @@ -84,7 +84,7 @@ public function listUsersPaginated($baseGroup, $regexp, $offset = -1 , $limit =
$result = array();
$index = 0;
foreach ($users as $usr => $pass) {
if (!empty($regexp) && !preg_match("/$regexp/i", $usr)) {
if (!empty($regexp) && !preg_match("/".preg_quote($regexp)."/i", $usr)) {
continue;
}
if ($offset != -1 && $index < $offset) {
Expand Down
Expand Up @@ -90,7 +90,7 @@ public function listUsersPaginated($baseGroup, $regexp, $offset = -1 , $limit =
$result = array();
$index = 0;
foreach ($users as $usr => $pass) {
if (!empty($regexp) && !preg_match("/$regexp/i", $usr)) {
if (!empty($regexp) && !preg_match("/".preg_quote($regexp)."/i", $usr)) {
continue;
}
if ($offset != -1 && $index < $offset) {
Expand Down
1 change: 0 additions & 1 deletion core/src/plugins/auth.sql/class.sqlAuthDriver.php
Expand Up @@ -141,7 +141,6 @@ private static function regexpToLike(&$regexp)
$regexp = rtrim($regexp, "$");
$right = "";
}
$regexp = stripslashes($regexp);
if ($left == "" && $right == "") {
return "= %s";
}
Expand Down
2 changes: 1 addition & 1 deletion core/src/plugins/core.conf/class.AbstractConfDriver.php
Expand Up @@ -903,7 +903,7 @@ public function switchAction($action, $httpVars, $fileVars)
$crtValue = $httpVars["value"];
$usersOnly = isSet($httpVars["users_only"]) && $httpVars["users_only"] == "true";
$existingOnly = isSet($httpVars["existing_only"]) && $httpVars["existing_only"] == "true";
if(!empty($crtValue)) $regexp = '^'.preg_quote($crtValue);
if(!empty($crtValue)) $regexp = $crtValue;
else $regexp = null;
$limit = intval(ConfService::getCoreConf("USERS_LIST_COMPLETE_LIMIT", "conf"));
$searchAll = ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf");
Expand Down

0 comments on commit e0b9627

Please sign in to comment.