From 48e98577d9e962e9f26f605c8d2206287969c938 Mon Sep 17 00:00:00 2001
From: Truc Nguyen <truc.nguyen@bonitasoft.com>
Date: Thu, 25 Sep 2014 15:53:28 +0200
Subject: [PATCH] ADO reports / use proper sql escape function according to
 database vendor - was always using mysql_real_escape_string function which
 made macros values empty with postgres - current behaviour: if dsn uri starts
 with 'postgres' then use pg_escape_string function - use
 mysql_real_escape_string function otherwise

---
 classes/report_types/AdoPivotReportType.php |  8 ++++----
 classes/report_types/AdoReportType.php      | 12 ++++++++++--
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/classes/report_types/AdoPivotReportType.php b/classes/report_types/AdoPivotReportType.php
index e6c37375..7e46deef 100644
--- a/classes/report_types/AdoPivotReportType.php
+++ b/classes/report_types/AdoPivotReportType.php
@@ -62,12 +62,12 @@ public static function getVariableOptions($params, &$report) {
         foreach($macros as $key=>$value) {
             if(is_array($value)) {
                 foreach($value as $key2=>$value2) {
-                    $value[$key2] = mysql_real_escape_string(trim($value2));
+                    $value[$key2] = AdoReportType::sql_escape_string($report,trim($value2));
                 }
                 $macros[$key] = $value;
             }
             else {
-                $macros[$key] = mysql_real_escape_string($value);
+                $macros[$key] = AdoReportType::sql_escape_string($report,$value);
             }
 
             if($value === 'ALL') $macros[$key.'_all'] = true;
@@ -109,13 +109,13 @@ public static function run(&$report) {
 			if(is_array($value)) {
 				$first = true;
 				foreach($value as $key2=>$value2) {
-					$value[$key2] = mysql_real_escape_string(trim($value2));
+					$value[$key2] = AdoReportType::sql_escape_string($report,trim($value2));
 					$first = false;
 				}
 				$macros[$key] = $value;
 			}
 			else {
-				$macros[$key] = mysql_real_escape_string($value);
+				$macros[$key] = AdoReportType::sql_escape_string($report,$value);
 			}
 			
 			if($value === 'ALL') $macros[$key.'_all'] = true;
diff --git a/classes/report_types/AdoReportType.php b/classes/report_types/AdoReportType.php
index 544a8cc4..ff4a82c5 100644
--- a/classes/report_types/AdoReportType.php
+++ b/classes/report_types/AdoReportType.php
@@ -107,13 +107,13 @@ public static function run(&$report) {
 			if(is_array($value)) {
 				$first = true;
 				foreach($value as $key2=>$value2) {
-					$value[$key2] = mysql_real_escape_string(trim($value2));
+					$value[$key2] = AdoReportType::sql_escape_string($report,trim($value2));
 					$first = false;
 				}
 				$macros[$key] = $value;
 			}
 			else {
-				$macros[$key] = mysql_real_escape_string($value);
+				$macros[$key] = AdoReportType::sql_escape_string($report,$value);
 			}
 			
 			if($value === 'ALL') $macros[$key.'_all'] = true;
@@ -153,4 +153,12 @@ public static function run(&$report) {
 		
 		return $result->GetArray();
 	}
+
+    public static function sql_escape_string(&$report,&$value) {
+        $uri = PhpReports::$config['environments'][$report->options['Environment']]['ado']['uri'];
+        if(preg_match('/^postgres:/',$uri)) {
+            return pg_escape_string($value);
+        }
+        return mysql_real_escape_string($value);
+    }
 }