Skip to content
Permalink
Browse files

fixes #1060 always escape table/column names in advanced database fun…

…ctions

which are single_insert, single_update, mass_inserts and mass_updates. The new function
protect_column_name simply surrounds the name with backticks, if needed.
  • Loading branch information...
plegall committed Aug 13, 2019
1 parent 3478033 commit 63bbba8e36eaf3604a3b2a663a462a6a92bdb034
Showing with 26 additions and 41 deletions.
  1. +26 −41 include/dblayer/functions_mysqli.inc.php
@@ -286,14 +286,8 @@ function mass_updates($tablename, $dbfields, $datas, $flags=0)
{
$is_first = true;
// escape a reserved word
if ('groups' == $tablename)
{
$tablename = '`'.$tablename.'`';
}
$query = '
UPDATE '.$tablename.'
UPDATE '.protect_column_name($tablename).'
SET ';
foreach ($dbfields['update'] as $key)
@@ -302,15 +296,15 @@ function mass_updates($tablename, $dbfields, $datas, $flags=0)
if (isset($data[$key]) and $data[$key] != '')
{
$query.= $separator.$key.' = \''.$data[$key].'\'';
$query.= $separator.protect_column_name($key).' = \''.$data[$key].'\'';
}
else
{
if ($flags & MASS_UPDATES_SKIP_EMPTY)
{
continue; // next field
}
$query.= "$separator$key = NULL";
$query.= $separator.protect_column_name($key).' = NULL';
}
$is_first = false;
}
@@ -329,11 +323,11 @@ function mass_updates($tablename, $dbfields, $datas, $flags=0)
}
if (isset($data[$key]))
{
$query.= $key.' = \''.$data[$key].'\'';
$query.= protect_column_name($key).' = \''.$data[$key].'\'';
}
else
{
$query.= $key.' IS NULL';
$query.= protect_column_name($key).' IS NULL';
}
$is_first = false;
}
@@ -345,15 +339,15 @@ function mass_updates($tablename, $dbfields, $datas, $flags=0)
else
{
// creation of the temporary table
$result = pwg_query('SHOW FULL COLUMNS FROM '.$tablename);
$result = pwg_query('SHOW FULL COLUMNS FROM '.protect_column_name($tablename));
$columns = array();
$all_fields = array_merge($dbfields['primary'], $dbfields['update']);
while ($row = pwg_db_fetch_assoc($result))
{
if (in_array($row['Field'], $all_fields))
{
$column = $row['Field'];
$column = '`'.$row['Field'].'`';
$column.= ' '.$row['Type'];
$nullable = true;
@@ -397,7 +391,7 @@ function mass_updates($tablename, $dbfields, $datas, $flags=0)
// update of table by joining with temporary table
$query = '
UPDATE '.$tablename.' AS t1, '.$temporary_tablename.' AS t2
UPDATE '.protect_column_name($tablename).' AS t1, '.$temporary_tablename.' AS t2
SET '.
implode(
"\n , ",
@@ -434,14 +428,8 @@ function single_update($tablename, $datas, $where, $flags=0)
$is_first = true;
// escape a reserved word
if ('groups' == $tablename)
{
$tablename = '`'.$tablename.'`';
}
$query = '
UPDATE '.$tablename.'
UPDATE '.protect_column_name($tablename).'
SET ';
foreach ($datas as $key => $value)
@@ -450,15 +438,15 @@ function single_update($tablename, $datas, $where, $flags=0)
if (isset($value) and $value !== '')
{
$query.= $separator.$key.' = \''.$value.'\'';
$query.= $separator.protect_column_name($key).' = \''.$value.'\'';
}
else
{
if ($flags & MASS_UPDATES_SKIP_EMPTY)
{
continue; // next field
}
$query.= "$separator$key = NULL";
$query.= $separator.protect_column_name($key).' = NULL';
}
$is_first = false;
}
@@ -478,11 +466,11 @@ function single_update($tablename, $datas, $where, $flags=0)
}
if (isset($value))
{
$query.= $key.' = \''.$value.'\'';
$query.= protect_column_name($key).' = \''.$value.'\'';
}
else
{
$query.= $key.' IS NULL';
$query.= protect_column_name($key).' IS NULL';
}
$is_first = false;
}
@@ -527,15 +515,9 @@ function mass_inserts($table_name, $dbfields, $datas, $options=array())
if ($first)
{
// escape a reserved word
if ('groups' == $table_name)
{
$table_name = '`'.$table_name.'`';
}
$query = '
INSERT '.$ignore.' INTO '.$table_name.'
('.implode(',', $dbfields).')
INSERT '.$ignore.' INTO '.protect_column_name($table_name).'
('.implode(',', array_map('protect_column_name', $dbfields)).')
VALUES';
$first = false;
}
@@ -587,15 +569,9 @@ function single_insert($table_name, $data, $options=array())
if (count($data) != 0)
{
// escape a reserved word
if ('groups' == $table_name)
{
$table_name = '`'.$table_name.'`';
}
$query = '
INSERT '.$ignore.' INTO '.$table_name.'
('.implode(',', array_keys($data)).')
INSERT '.$ignore.' INTO '.protect_column_name($table_name).'
('.implode(',', array_map('protect_column_name', array_keys($data))).')
VALUES';
$query .= '(';
@@ -626,6 +602,15 @@ function single_insert($table_name, $data, $options=array())
}
}
function protect_column_name($column_name)
{
if ('`' != $column_name[0])
{
$column_name = '`'.$column_name.'`';
}
return $column_name;
}
/**
* Do maintenance on all Piwigo tables

0 comments on commit 63bbba8

Please sign in to comment.
You can’t perform that action at this time.