Skip to content

Commit

Permalink
Replace escapeString with quoteString
Browse files Browse the repository at this point in the history 
Signed-off-by: Kamil Tekiela <tekiela246@gmail.com>
  • Loading branch information
@kamil-tekiela @MauricioFauth
kamil-tekiela authored and MauricioFauth committed Feb 10, 2023
1 parent 7e5d96b commit 3a56e51
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 29 deletions.
26 changes: 11 additions & 15 deletions libraries/classes/UserPreferences.php
View file
Expand Up @@ -100,9 +100,8 @@ public function load(): array
. Util::backquote($relationParameters->userPreferencesFeature->userConfig);
$query = 'SELECT `config_data`, UNIX_TIMESTAMP(`timevalue`) ts'
. ' FROM ' . $query_table
. ' WHERE `username` = \''
. $this->dbi->escapeString((string) $relationParameters->user)
. '\'';
. ' WHERE `username` = '
. $this->dbi->quoteString((string) $relationParameters->user);
$row = $this->dbi->fetchSingleRow(
$query,
DatabaseInterface::FETCH_ASSOC,
Expand Down Expand Up @@ -154,26 +153,23 @@ public function save(array $config_array)
$query_table = Util::backquote($relationParameters->userPreferencesFeature->database) . '.'
. Util::backquote($relationParameters->userPreferencesFeature->userConfig);
$query = 'SELECT `username` FROM ' . $query_table
. ' WHERE `username` = \''
. $this->dbi->escapeString($relationParameters->user)
. '\'';
. ' WHERE `username` = '
. $this->dbi->quoteString($relationParameters->user);

$has_config = $this->dbi->fetchValue($query, 0, Connection::TYPE_CONTROL);
$config_data = json_encode($config_array);
if ($has_config) {
$query = 'UPDATE ' . $query_table
. ' SET `timevalue` = NOW(), `config_data` = \''
. $this->dbi->escapeString($config_data)
. '\''
. ' WHERE `username` = \''
. $this->dbi->escapeString($relationParameters->user)
. '\'';
. ' SET `timevalue` = NOW(), `config_data` = '
. $this->dbi->quoteString($config_data)
. ' WHERE `username` = '
. $this->dbi->quoteString($relationParameters->user);
} else {
$query = 'INSERT INTO ' . $query_table
. ' (`username`, `timevalue`,`config_data`) '
. 'VALUES (\''
. $this->dbi->escapeString($relationParameters->user) . '\', NOW(), '
. '\'' . $this->dbi->escapeString($config_data) . '\')';
. 'VALUES ('
. $this->dbi->quoteString($relationParameters->user) . ', NOW(), '
. $this->dbi->quoteString($config_data) . ')';
}

if (isset($_SESSION['cache'][$cache_key]['userprefs'])) {
Expand Down
5 changes: 5 additions & 0 deletions phpstan-baseline.neon
View file
Expand Up @@ -8940,6 +8940,11 @@ parameters:
count: 1
path: libraries/classes/UserPreferences.php

-
message: "#^Parameter \\#1 \\$str of method PhpMyAdmin\\\\DatabaseInterface\\:\\:quoteString\\(\\) expects string, string\\|false given\\.$#"
count: 2
path: libraries/classes/UserPreferences.php

-
message: "#^Cannot use array destructuring on array\\|null\\.$#"
count: 1
Expand Down
8 changes: 0 additions & 8 deletions psalm-baseline.xml
View file
Expand Up @@ -13374,14 +13374,6 @@
</PossiblyInvalidCast>
</file>
<file src="libraries/classes/UserPreferences.php">
<DeprecatedMethod occurrences="6">
<code>escapeString</code>
<code>escapeString</code>
<code>escapeString</code>
<code>escapeString</code>
<code>escapeString</code>
<code>escapeString</code>
</DeprecatedMethod>
<MixedArgumentTypeCoercion occurrences="2">
<code>$path</code>
<code>$url_params</code>
Expand Down
18 changes: 12 additions & 6 deletions test/classes/UserPreferencesTest.php
View file
Expand Up @@ -114,8 +114,10 @@ public function testLoad(): void
)
);
$dbi->expects($this->any())
->method('escapeString')
->will($this->returnArgument(0));
->method('quoteString')
->will($this->returnCallback(static function (string $string) {
return "'" . $string . "'";
}));

$userPreferences = new UserPreferences($dbi);
$result = $userPreferences->load();
Expand Down Expand Up @@ -202,8 +204,10 @@ public function testSave(): void
->will($this->returnValue(true));

$dbi->expects($this->any())
->method('escapeString')
->will($this->returnArgument(0));
->method('quoteString')
->will($this->returnCallback(static function (string $string) {
return "'" . $string . "'";
}));

$userPreferences = new UserPreferences($dbi);
$result = $userPreferences->save([1]);
Expand Down Expand Up @@ -236,8 +240,10 @@ public function testSave(): void
->with(Connection::TYPE_CONTROL)
->will($this->returnValue('err1'));
$dbi->expects($this->any())
->method('escapeString')
->will($this->returnArgument(0));
->method('quoteString')
->will($this->returnCallback(static function (string $string) {
return "'" . $string . "'";
}));

$userPreferences = new UserPreferences($dbi);
$result = $userPreferences->save([1]);
Expand Down

0 comments on commit 3a56e51

Please sign in to comment.