Fixed QueryBuilder::safecol and silenced warnings in includes/lib/gz.php

vito · Jan 23, 2010 · 6d75acf · 6d75acf
1 parent 56d72b8
commit 6d75acf
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 11 deletions.
diff --git a/includes/class/QueryBuilder.php b/includes/class/QueryBuilder.php
@@ -289,11 +289,11 @@ public static function build_list($vals, $params = array()) {
          *     $name - Name of the column.
          */
         public static function safecol($name) {
-            $lower = strtolower($name);
-            if ($lower === "order" or $lower === "group")
-                return (SQL::current()->adapter == "mysql") ? "`".$name."`" : '"'.$name.'"' ;
-            else
-                return $name;
+            return preg_replace("/(([^a-zA-Z0-9_]|^)(order|group)([^a-zA-Z0-9_]|
+$))/i",
+                                (SQL::current()->adapter == "mysql") ? "\\2`\\3`
+\\4" : '\\2"\\3"\\4',
+                                $name);
         }
 
         /**
@@ -332,7 +332,7 @@ public static function build_conditions($conds, &$params, $tables = null, $inser
                             }
                         } elseif (substr($key, -5) == " like" and is_array($val)) { # multiple LIKE
                             $key = self::safecol(substr($key, 0, -5));
-                            
+
                             $likes = array();
                             foreach ($val as $index => $match) {
                                 $param = str_replace(array("(", ")", "."), "_", $key)."_".$index;
@@ -343,7 +343,7 @@ public static function build_conditions($conds, &$params, $tables = null, $inser
                             $cond = "(".implode(" OR ", $likes).")";
                         } elseif (substr($key, -9) == " like all" and is_array($val)) { # multiple LIKE
                             $key = self::safecol(substr($key, 0, -9));
-                            
+
                             $likes = array();
                             foreach ($val as $index => $match) {
                                 $param = str_replace(array("(", ")", "."), "_", $key)."_".$index;
@@ -354,7 +354,7 @@ public static function build_conditions($conds, &$params, $tables = null, $inser
                             $cond = "(".implode(" AND ", $likes).")";
                         } elseif (substr($key, -9) == " not like" and is_array($val)) { # multiple NOT LIKE
                             $key = self::safecol(substr($key, 0, -9));
-                            
+
                             $likes = array();
                             foreach ($val as $index => $match) {
                                 $param = str_replace(array("(", ")", "."), "_", $key)."_".$index;

diff --git a/includes/lib/gz.php b/includes/lib/gz.php
@@ -2,7 +2,7 @@
     # Constant: USE_ZLIB
     # Use zlib to provide GZIP compression
     define('USE_ZLIB', true);
-    
+
     $valid_files = "jquery.js plugins.js";
     if (!in_array($_GET['file'], explode(" ", $valid_files)) and strpos($_GET['file'], "/themes/") === false)
         exit("Access Denied.");
@@ -23,14 +23,14 @@
         # Absolute path to the Chyrp root
         define('MAIN_DIR', dirname(dirname(dirname(__FILE__))));
 
-        header("Last-Modified: ".date("r", filemtime(MAIN_DIR.$_GET['file'])));
+        header("Last-Modified: ".@date("r", filemtime(MAIN_DIR.$_GET['file'])));
 
         if (file_exists(MAIN_DIR.$_GET['file']))
             readfile(MAIN_DIR.$_GET['file']);
         else
             echo "alert('File not found: ".addslashes($_GET['file'])."')";
     } elseif (file_exists($_GET['file'])) {
-        header("Last-Modified: ".date("r", filemtime($_GET['file'])));
+        header("Last-Modified: ".@date("r", filemtime($_GET['file'])));
         readfile($_GET['file']);
     } else
         echo "alert('File not found: ".addslashes($_GET['file'])."')";