Skip to content

Commit

Permalink
[SQLiteProfilerStorage] Escape special chars in URLs and IPs
Browse files Browse the repository at this point in the history
  • Loading branch information
@vicb @fabpot
vicb authored and fabpot committed Jan 13, 2011
1 parent e975a09 commit 9770944
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions src/Symfony/Component/HttpKernel/Profiler/SQLiteProfilerStorage.php
View file
Expand Up @@ -40,21 +40,23 @@ public function __construct($store, $lifetime = 86400)
*/
public function find($ip, $url, $limit)
{
$db = $this->initDb();

$criteria = array();
$args = array();

if ($ip = preg_replace('/[^\d\.]/', '', $ip)) {
$criteria[] = " ip LIKE '%".$ip."%'";
$criteria[] = 'ip LIKE :ip';
$args[':ip'] = '%'.$ip.'%';
}

if ($url) {
$criteria[] = " url LIKE '%".$db->escapeString($url)."%'";
$criteria[] = 'url LIKE :url ESCAPE "\"';
$args[':url'] = '%'.addcslashes($url, '%_').'%';
}

$criteria = $criteria ? 'WHERE '.implode(' AND ', $criteria) : '';

$tokens = $this->fetch($db, 'SELECT token, ip, url, time FROM data '.$criteria.' ORDER BY time DESC LIMIT '.((integer) $limit));
$db = $this->initDb();
$tokens = $this->fetch($db, 'SELECT token, ip, url, time FROM data '.$criteria.' ORDER BY time DESC LIMIT '.((integer) $limit), $args);
$this->close($db);

return $tokens;
Expand Down

0 comments on commit 9770944

Please sign in to comment.