From 6a829601ce2e58160f47c965af8993c20c31598c Mon Sep 17 00:00:00 2001 From: Olle Haerstedt Date: Sat, 3 Apr 2021 22:53:35 +0200 Subject: [PATCH] Fixed issue #17221: Check data integrity crash with SQL error when # is use in the name of field --- application/controllers/admin/checkintegrity.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/application/controllers/admin/checkintegrity.php b/application/controllers/admin/checkintegrity.php index 5d6960922ff..5206ab38e89 100644 --- a/application/controllers/admin/checkintegrity.php +++ b/application/controllers/admin/checkintegrity.php @@ -597,7 +597,7 @@ protected function _checkintegrity() // QID field can be more than just QID, like: 886other or 886A1 // So we clean it by finding the first alphabetical character $sDirtyQid = $aFields[2]; - preg_match('~[a-zA-Z_]~i', $sDirtyQid, $match, PREG_OFFSET_CAPTURE); + preg_match('~[a-zA-Z_#]~i', $sDirtyQid, $match, PREG_OFFSET_CAPTURE); if (isset($match[0][1])) { $sQID = substr($sDirtyQid, 0, $match[0][1]); @@ -605,6 +605,9 @@ protected function _checkintegrity() // It was just the QID.... $sQID = $sDirtyQid; } + if ((string) intval($sQID) !== $sQID) { + throw new \Exception('sQID is not an integer: ' . $sQID); + } // Here, we get the question as defined in backend $oQuestion = Question::model()->findByAttributes([ 'qid' => $sQID , 'sid' => $oSurvey->sid ]);