Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

BUG Fixed instances of loosely defined SQL predicates not qualified b…

…y table name

Fixed duplicate SQL escaping on SiteTree::get_by_link
  • Loading branch information...
commit 5f828149c37ee78bc6c84e98909b8cbc85fa404f 1 parent 6d694a5
Damian Mooyman tractorcow authored
5 code/controllers/CMSMain.php
View
@@ -814,7 +814,10 @@ public function currentPageID() {
// Fall back to homepage record
if(!$id) {
$homepageSegment = RootURLController::get_homepage_link();
- $homepageRecord = DataObject::get_one('SiteTree', sprintf('"URLSegment" = \'%s\'', $homepageSegment));
+ $homepageRecord = DataObject::get_one('SiteTree', sprintf(
+ '"SiteTree"."URLSegment" = \'%s\'',
+ Convert::raw2sql($homepageSegment)
+ ));
if($homepageRecord) $id = $homepageRecord->ID;
}
2  code/controllers/CMSPageAddController.php
View
@@ -123,7 +123,7 @@ public function doAdd($data, $form) {
$suffix = isset($data['Suffix']) ? "-" . $data['Suffix'] : null;
if(!$parentID && isset($data['Parent'])) {
- $page = SiteTree:: get_by_link(Convert::raw2sql($data['Parent']));
+ $page = SiteTree::get_by_link($data['Parent']);
if($page) $parentID = $page->ID;
}
14 code/controllers/ContentController.php
View
@@ -163,9 +163,10 @@ public function handleRequest(SS_HTTPRequest $request, DataModel $model = null)
// See ModelAdController->getNestedController() for similar logic
if(class_exists('Translatable')) Translatable::disable_locale_filter();
// look for a page with this URLSegment
- $child = $this->model->SiteTree->where(sprintf (
- "\"ParentID\" = %s AND \"URLSegment\" = '%s'", $this->ID, Convert::raw2sql(rawurlencode($action))
- ))->First();
+ $child = $this->model->SiteTree->filter(array(
+ 'ParentID' => $this->ID,
+ 'URLSegment' => rawurlencode($action)
+ ))->first();
if(class_exists('Translatable')) Translatable::enable_locale_filter();
// if we can't find a page with this URLSegment try to find one that used to have
@@ -258,7 +259,10 @@ public function data() {
*/
public function getMenu($level = 1) {
if($level == 1) {
- $result = DataObject::get("SiteTree", "\"ShowInMenus\" = 1 AND \"ParentID\" = 0");
+ $result = SiteTree::get()->filter(array(
+ "ShowInMenus" => 1,
+ "ParentID" => 0
+ ));
} else {
$parent = $this->data();
@@ -399,7 +403,7 @@ public function successfullyinstalled() {
$this->httpError(410);
}
// The manifest should be built by now, so it's safe to publish the 404 page
- $fourohfour = Versioned::get_one_by_stage('ErrorPage', 'Stage', '"ErrorCode" = 404');
+ $fourohfour = Versioned::get_one_by_stage('ErrorPage', 'Stage', '"ErrorPage"."ErrorCode" = 404');
if($fourohfour) {
$fourohfour->write();
$fourohfour->publish("Stage", "Live");
16 code/controllers/ModelAsController.php
View
@@ -93,9 +93,9 @@ public function getNestedController() {
$sitetree = DataObject::get_one(
'SiteTree',
sprintf(
- '"URLSegment" = \'%s\' %s',
+ '"SiteTree"."URLSegment" = \'%s\' %s',
Convert::raw2sql(rawurlencode($URLSegment)),
- (SiteTree::config()->nested_urls ? 'AND "ParentID" = 0' : null)
+ (SiteTree::config()->nested_urls ? 'AND "SiteTree"."ParentID" = 0' : null)
)
);
if(class_exists('Translatable')) Translatable::enable_locale_filter();
@@ -146,16 +146,15 @@ public function getNestedController() {
* @return SiteTree
*/
static public function find_old_page($URLSegment,$parentID = 0, $ignoreNestedURLs = false) {
- $URLSegment = Convert::raw2sql(rawurlencode($URLSegment));
$useParentIDFilter = SiteTree::config()->nested_urls && $parentID;
// First look for a non-nested page that has a unique URLSegment and can be redirected to.
if(SiteTree::config()->nested_urls) {
- $pages = DataObject::get(
- 'SiteTree',
- "\"URLSegment\" = '$URLSegment'" . ($useParentIDFilter ? ' AND "ParentID" = ' . (int)$parentID : '')
- );
+ $pages = SiteTree::get()->filter("URLSegment", rawurlencode($URLSegment));
+ if($useParentIDFilter) {
+ $pages = $pages->filter("ParentID", (int)$parentID);
+ }
if($pages && $pages->Count() == 1 && ($page = $pages->First())) {
$parent = $page->ParentID ? $page->Parent() : $page;
@@ -164,10 +163,11 @@ static public function find_old_page($URLSegment,$parentID = 0, $ignoreNestedURL
}
// Get an old version of a page that has been renamed.
+ $URLSegmentSQL = Convert::raw2sql(rawurlencode($URLSegment));
$query = new SQLQuery (
'"RecordID"',
'"SiteTree_versions"',
- "\"URLSegment\" = '$URLSegment' AND \"WasPublished\" = 1" . ($useParentIDFilter ? ' AND "ParentID" = ' . (int)$parentID : ''),
+ "\"URLSegment\" = '$URLSegmentSQL' AND \"WasPublished\" = 1" . ($useParentIDFilter ? ' AND "ParentID" = ' . (int)$parentID : ''),
'"LastEdited" DESC',
null,
null,
4 code/model/ErrorPage.php
View
@@ -50,7 +50,7 @@ public function canAddChildren($member = null) {
*/
public static function response_for($statusCode) {
// first attempt to dynamically generate the error page
- if($errorPage = DataObject::get_one('ErrorPage', "\"ErrorCode\" = $statusCode")) {
+ if($errorPage = DataObject::get_one('ErrorPage', "\"ErrorPage\".\"ErrorCode\" = $statusCode")) {
Requirements::clear();
Requirements::clear_combined_files();
@@ -93,7 +93,7 @@ public function requireDefaultRecords() {
$code = $defaultData['ErrorCode'];
$page = DataObject::get_one(
'ErrorPage',
- sprintf("\"ErrorCode\" = '%s'", $code)
+ sprintf("\"ErrorPage\".\"ErrorCode\" = '%s'", $code)
);
$pageExists = ($page && $page->exists());
$pagePath = self::get_filepath_for_errorcode($code);
19 code/model/SiteTree.php
View
@@ -310,11 +310,18 @@ static public function get_by_link($link, $cache = true) {
// Grab the initial root level page to traverse down from.
$URLSegment = array_shift($parts);
$sitetree = DataObject::get_one (
- 'SiteTree', "\"URLSegment\" = '$URLSegment'" . (self::config()->nested_urls ? ' AND "ParentID" = 0' : ''), $cache
+ 'SiteTree',
+ "\"SiteTree\".\"URLSegment\" = '$URLSegment'" . (
+ self::config()->nested_urls ? ' AND "SiteTree"."ParentID" = 0' : ''
+ ),
+ $cache
);
/// Fall back on a unique URLSegment for b/c.
- if(!$sitetree && self::config()->nested_urls && $page = DataObject::get('SiteTree', "\"URLSegment\" = '$URLSegment'")->First()) {
+ if(!$sitetree
+ && self::config()->nested_urls
+ && $page = DataObject::get_one('SiteTree', "\"SiteTree\".\"URLSegment\" = '$URLSegment'", $cache)
+ ) {
return $page;
}
@@ -335,7 +342,9 @@ static public function get_by_link($link, $cache = true) {
// Traverse down the remaining URL segments and grab the relevant SiteTree objects.
foreach($parts as $segment) {
$next = DataObject::get_one (
- 'SiteTree', "\"URLSegment\" = '$segment' AND \"ParentID\" = $sitetree->ID", $cache
+ 'SiteTree',
+ "\"SiteTree\".\"URLSegment\" = '$segment' AND \"SiteTree\".\"ParentID\" = $sitetree->ID",
+ $cache
);
if(!$next) {
@@ -405,7 +414,7 @@ static public function link_shortcode_handler($arguments, $content = null, $pars
if (
!($page = DataObject::get_by_id('SiteTree', $arguments['id'])) // Get the current page by ID.
&& !($page = Versioned::get_latest_version('SiteTree', $arguments['id'])) // Attempt link to old version.
- && !($page = DataObject::get_one('ErrorPage', '"ErrorCode" = \'404\'')) // Link to 404 page directly.
+ && !($page = DataObject::get_one('ErrorPage', '"ErrorPage"."ErrorCode" = \'404\'')) // Link to 404 page.
) {
return; // There were no suitable matches at all.
}
@@ -1603,7 +1612,7 @@ function($v) {return !is_null($v);}
$existingPage = DataObject::get_one(
'SiteTree',
- "\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
+ "\"SiteTree\".\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
);
return !($existingPage);
2  tasks/SiteTreeMaintenanceTask.php
View
@@ -10,7 +10,7 @@ class SiteTreeMaintenanceTask extends Controller {
public function makelinksunique() {
$badURLs = "'" . implode("', '", DB::query("SELECT URLSegment, count(*) FROM SiteTree GROUP BY URLSegment HAVING count(*) > 1")->column()) . "'";
- $pages = DataObject::get("SiteTree", "\"URLSegment\" IN ($badURLs)");
+ $pages = DataObject::get("SiteTree", "\"SiteTree\".\"URLSegment\" IN ($badURLs)");
foreach($pages as $page) {
echo "<li>$page->Title: ";
4 tests/model/SiteTreeTest.php
View
@@ -136,7 +136,7 @@ public function testGetOneFromLive() {
$oldMode = Versioned::get_reading_mode();
Versioned::reading_stage('Live');
- $checkSiteTree = DataObject::get_one("SiteTree", "\"URLSegment\" = 'get-one-test-page'");
+ $checkSiteTree = DataObject::get_one("SiteTree", "\"SiteTree\".\"URLSegment\" = 'get-one-test-page'");
$this->assertEquals("V1", $checkSiteTree->Title);
Versioned::set_reading_mode($oldMode);
@@ -426,7 +426,7 @@ public function testDeleteFromLiveOperatesRecursivelyStrict() {
public function testReadArchiveDate() {
$date = '2009-07-02 14:05:07';
Versioned::reading_archived_date($date);
- DataObject::get('SiteTree', "\"ParentID\" = 0");
+ DataObject::get('SiteTree', "\"SiteTree\".\"ParentID\" = 0");
Versioned::reading_archived_date(null);
$this->assertEquals(
Versioned::get_reading_mode(),
Please sign in to comment.
Something went wrong with that request. Please try again.