From 523a735ab94f004459b84ffdfd3db784586bbd82 Mon Sep 17 00:00:00 2001 From: Bernhard Rusch Date: Fri, 22 Apr 2022 11:05:32 +0200 Subject: [PATCH] Fixed column quoting in GridHelperService --- bundles/AdminBundle/Helper/GridHelperService.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/bundles/AdminBundle/Helper/GridHelperService.php b/bundles/AdminBundle/Helper/GridHelperService.php index 13b6541eced..1ccfe6407fb 100644 --- a/bundles/AdminBundle/Helper/GridHelperService.php +++ b/bundles/AdminBundle/Helper/GridHelperService.php @@ -332,12 +332,13 @@ public function getFilterCondition($filterJson, ClassDefinition $class, $tablePr } elseif ($filterField == 'id') { $conditionPartsFilters[] = 'oo_id ' . $operator . ' ' . $db->quote($filter['value']); } else { + $filterField = $db->quoteIdentifier('o_' . $filterField); if ($filter['type'] == 'date' && $operator == '=') { //if the equal operator is chosen with the date type, condition has to be changed $maxTime = $filter['value'] + (86400 - 1); //specifies the top point of the range used in the condition - $conditionPartsFilters[] = '`o_' . $filterField . '` BETWEEN ' . $db->quote($filter['value']) . ' AND ' . $db->quote($maxTime); + $conditionPartsFilters[] = $filterField . ' BETWEEN ' . $db->quote($filter['value']) . ' AND ' . $db->quote($maxTime); } else { - $conditionPartsFilters[] = '`o_' . $filterField . '` ' . $operator . ' ' . $db->quote($filter['value']); + $conditionPartsFilters[] = $filterField . ' ' . $operator . ' ' . $db->quote($filter['value']); } } } @@ -780,6 +781,8 @@ public function prepareAssetListingForGrid($allParams, $adminUser) if ($filterField == 'fullpath') { $filterField = 'CONCAT(path,filename)'; + }else { + $filterField = $db->quoteIdentifier($filterField); } if (isset($filterDef[1]) && $filterDef[1] == 'system') {