Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

TreeBehavior: Changed $Model->alias . '.' . $field to $Model->escapeField($field) #728

Merged
merged 2 commits into from

3 participants

@boast

Changed all string concatenations like $Model->alias . '.' . $field to the more consistent $Model->escapeField($field).

No TreeBehavior-TestCases fail after changes.

@boast boast Changed all string concatenations like $Model->alias . '.' . $field t…
…o the more consistent $Model->escapeField($field).
d9b5ec1
lib/Cake/Model/Behavior/TreeBehavior.php
@@ -308,7 +308,7 @@ public function children(Model $Model, $id = null, $direct = false, $fields = nu
$recursive = $overrideRecursive;
}
if (!$order) {
- $order = $Model->alias . '.' . $left . ' asc';
+ $order = "{$Model->escapeField($left)} asc";
@ADmad Collaborator
ADmad added a note

Using functions inside strings this way is bad.

@boast
boast added a note

You're probably right, it's not the best way. But as I went through the Code I've found ~5 different ways how strings (especially those Table.Field cases) are concatenated, so I decided to use one way pretty consistently: double quotes with all PHP-(Return-)Values in curly braces.

In other programming languages you can't really tell and you don't care if a value is computed ($this->compute()) or just accessed ($this->var), you just call it 'query'. That was my intention.

In addition, I think that's exactly why we have the Model::escapeField()method.

@markstory Owner

You could always write it as $Model->escapeField($left) . ' asc';. That would be less prone to maintenance errors in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@markstory markstory was assigned
@markstory
Owner

This looks good now, I'll get it merged in.

@markstory markstory merged commit 2728c62 into cakephp:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jul 21, 2012
  1. @boast

    Changed all string concatenations like $Model->alias . '.' . $field t…

    boast authored
    …o the more consistent $Model->escapeField($field).
Commits on Jul 22, 2012
  1. @boast
This page is out of date. Refresh to see the latest.
Showing with 13 additions and 13 deletions.
  1. +13 −13 lib/Cake/Model/Behavior/TreeBehavior.php
View
26 lib/Cake/Model/Behavior/TreeBehavior.php
@@ -70,8 +70,8 @@ public function setup(Model $Model, $config = array()) {
if (in_array($settings['scope'], $Model->getAssociated('belongsTo'))) {
$data = $Model->getAssociated($settings['scope']);
- $parent = $Model->{$settings['scope']};
- $settings['scope'] = $Model->alias . '.' . $data['foreignKey'] . ' = ' . $parent->alias . '.' . $parent->primaryKey;
+ $Parent = $Model->{$settings['scope']};
+ $settings['scope'] = $Model->escapeField($data['foreignKey']) . ' = ' . $Parent->escapeField();
$settings['recursive'] = 0;
}
$this->settings[$Model->alias] = $settings;
@@ -125,8 +125,8 @@ public function beforeFind(Model $Model, $query) {
public function beforeDelete(Model $Model, $cascade = true) {
extract($this->settings[$Model->alias]);
$data = $Model->find('first', array(
- 'conditions' => array($Model->alias . '.' . $Model->primaryKey => $Model->id),
- 'fields' => array($Model->alias . '.' . $left, $Model->alias . '.' . $right),
+ 'conditions' => array($Model->escapeField($Model->primaryKey) => $Model->id),
+ 'fields' => array($Model->escapeField($left), $Model->escapeField($right)),
'recursive' => -1));
if ($data) {
$this->_deletedRow = current($data);
@@ -156,7 +156,7 @@ public function afterDelete(Model $Model) {
if (is_string($scope)) {
$scope = array($scope);
}
- $scope[]["{$Model->alias}.{$left} BETWEEN ? AND ?"] = array($data[$left] + 1, $data[$right] - 1);
+ $scope[][$Model->escapeField($left) . " BETWEEN ? AND ?"] = array($data[$left] + 1, $data[$right] - 1);
$Model->deleteAll($scope);
}
$this->_sync($Model, $diff, '-', '> ' . $data[$right]);
@@ -308,7 +308,7 @@ public function children(Model $Model, $id = null, $direct = false, $fields = nu
$recursive = $overrideRecursive;
}
if (!$order) {
- $order = $Model->alias . '.' . $left . ' asc';
+ $order = $Model->escapeField($left) . " asc";
}
if ($direct) {
$conditions = array($scope, $Model->escapeField($parent) => $id);
@@ -373,7 +373,7 @@ public function generateTreeList(Model $Model, $conditions = null, $keyPath = nu
} else {
array_unshift($valuePath, '%s' . $valuePath[0], '{n}.tree_prefix');
}
- $order = $Model->alias . '.' . $left . ' asc';
+ $order = $Model->escapeField($left) . " asc";
$results = $Model->find('all', compact('conditions', 'fields', 'order', 'recursive'));
$stack = array();
@@ -933,13 +933,13 @@ protected function _getMax(Model $Model, $scope, $right, $recursive = -1, $creat
$db = ConnectionManager::getDataSource($Model->useDbConfig);
if ($created) {
if (is_string($scope)) {
- $scope .= " AND {$Model->alias}.{$Model->primaryKey} <> ";
+ $scope .= " AND " . $Model->escapeField() . " <> ";
$scope .= $db->value($Model->id, $Model->getColumnType($Model->primaryKey));
} else {
$scope['NOT'][$Model->alias . '.' . $Model->primaryKey] = $Model->id;
}
}
- $name = $Model->alias . '.' . $right;
+ $name = $Model->escapeField($right);
list($edge) = array_values($Model->find('first', array(
'conditions' => $scope,
'fields' => $db->calculate($Model, 'max', array($name, $right)),
@@ -959,7 +959,7 @@ protected function _getMax(Model $Model, $scope, $right, $recursive = -1, $creat
*/
protected function _getMin(Model $Model, $scope, $left, $recursive = -1) {
$db = ConnectionManager::getDataSource($Model->useDbConfig);
- $name = $Model->alias . '.' . $left;
+ $name = $Model->escapeField($left);
list($edge) = array_values($Model->find('first', array(
'conditions' => $scope,
'fields' => $db->calculate($Model, 'min', array($name, $left)),
@@ -991,15 +991,15 @@ protected function _sync(Model $Model, $shift, $dir = '+', $conditions = array()
$field = $right;
}
if (is_string($conditions)) {
- $conditions = array("{$Model->alias}.{$field} {$conditions}");
+ $conditions = array($Model->escapeField($field) . " {$conditions}");
}
if (($scope != '1 = 1' && $scope !== true) && $scope) {
$conditions[] = $scope;
}
if ($created) {
- $conditions['NOT'][$Model->alias . '.' . $Model->primaryKey] = $Model->id;
+ $conditions['NOT'][$Model->escapeField()] = $Model->id;
}
- $Model->updateAll(array($Model->alias . '.' . $field => $Model->escapeField($field) . ' ' . $dir . ' ' . $shift), $conditions);
+ $Model->updateAll(array($Model->escapeField($field) => $Model->escapeField($field) . ' ' . $dir . ' ' . $shift), $conditions);
$Model->recursive = $ModelRecursive;
}
Something went wrong with that request. Please try again.