Permalink
Browse files

BUG Fixed instances of loosely defined SQL predicates not qualified b…

…y table name

Fixed duplicate SQL escaping on SiteTree::get_by_link
  • Loading branch information...
1 parent 6d694a5 commit 5f828149c37ee78bc6c84e98909b8cbc85fa404f @tractorcow tractorcow committed Aug 29, 2013
@@ -814,7 +814,10 @@ public function currentPageID() {
// Fall back to homepage record
if(!$id) {
$homepageSegment = RootURLController::get_homepage_link();
- $homepageRecord = DataObject::get_one('SiteTree', sprintf('"URLSegment" = \'%s\'', $homepageSegment));
+ $homepageRecord = DataObject::get_one('SiteTree', sprintf(
+ '"SiteTree"."URLSegment" = \'%s\'',
+ Convert::raw2sql($homepageSegment)
+ ));
if($homepageRecord) $id = $homepageRecord->ID;
}
@@ -123,7 +123,7 @@ public function doAdd($data, $form) {
$suffix = isset($data['Suffix']) ? "-" . $data['Suffix'] : null;
if(!$parentID && isset($data['Parent'])) {
- $page = SiteTree:: get_by_link(Convert::raw2sql($data['Parent']));
+ $page = SiteTree::get_by_link($data['Parent']);
if($page) $parentID = $page->ID;
}
@@ -163,9 +163,10 @@ public function handleRequest(SS_HTTPRequest $request, DataModel $model = null)
// See ModelAdController->getNestedController() for similar logic
if(class_exists('Translatable')) Translatable::disable_locale_filter();
// look for a page with this URLSegment
- $child = $this->model->SiteTree->where(sprintf (
- "\"ParentID\" = %s AND \"URLSegment\" = '%s'", $this->ID, Convert::raw2sql(rawurlencode($action))
- ))->First();
+ $child = $this->model->SiteTree->filter(array(
+ 'ParentID' => $this->ID,
+ 'URLSegment' => rawurlencode($action)
+ ))->first();
if(class_exists('Translatable')) Translatable::enable_locale_filter();
// if we can't find a page with this URLSegment try to find one that used to have
@@ -258,7 +259,10 @@ public function data() {
*/
public function getMenu($level = 1) {
if($level == 1) {
- $result = DataObject::get("SiteTree", "\"ShowInMenus\" = 1 AND \"ParentID\" = 0");
+ $result = SiteTree::get()->filter(array(
+ "ShowInMenus" => 1,
+ "ParentID" => 0
+ ));
} else {
$parent = $this->data();
@@ -399,7 +403,7 @@ public function successfullyinstalled() {
$this->httpError(410);
}
// The manifest should be built by now, so it's safe to publish the 404 page
- $fourohfour = Versioned::get_one_by_stage('ErrorPage', 'Stage', '"ErrorCode" = 404');
+ $fourohfour = Versioned::get_one_by_stage('ErrorPage', 'Stage', '"ErrorPage"."ErrorCode" = 404');
if($fourohfour) {
$fourohfour->write();
$fourohfour->publish("Stage", "Live");
@@ -93,9 +93,9 @@ public function getNestedController() {
$sitetree = DataObject::get_one(
'SiteTree',
sprintf(
- '"URLSegment" = \'%s\' %s',
+ '"SiteTree"."URLSegment" = \'%s\' %s',
Convert::raw2sql(rawurlencode($URLSegment)),
- (SiteTree::config()->nested_urls ? 'AND "ParentID" = 0' : null)
+ (SiteTree::config()->nested_urls ? 'AND "SiteTree"."ParentID" = 0' : null)
)
);
if(class_exists('Translatable')) Translatable::enable_locale_filter();
@@ -146,16 +146,15 @@ public function getNestedController() {
* @return SiteTree
*/
static public function find_old_page($URLSegment,$parentID = 0, $ignoreNestedURLs = false) {
- $URLSegment = Convert::raw2sql(rawurlencode($URLSegment));
$useParentIDFilter = SiteTree::config()->nested_urls && $parentID;
// First look for a non-nested page that has a unique URLSegment and can be redirected to.
if(SiteTree::config()->nested_urls) {
- $pages = DataObject::get(
- 'SiteTree',
- "\"URLSegment\" = '$URLSegment'" . ($useParentIDFilter ? ' AND "ParentID" = ' . (int)$parentID : '')
- );
+ $pages = SiteTree::get()->filter("URLSegment", rawurlencode($URLSegment));
+ if($useParentIDFilter) {
+ $pages = $pages->filter("ParentID", (int)$parentID);
+ }
if($pages && $pages->Count() == 1 && ($page = $pages->First())) {
$parent = $page->ParentID ? $page->Parent() : $page;
@@ -164,10 +163,11 @@ static public function find_old_page($URLSegment,$parentID = 0, $ignoreNestedURL
}
// Get an old version of a page that has been renamed.
+ $URLSegmentSQL = Convert::raw2sql(rawurlencode($URLSegment));
$query = new SQLQuery (
'"RecordID"',
'"SiteTree_versions"',
- "\"URLSegment\" = '$URLSegment' AND \"WasPublished\" = 1" . ($useParentIDFilter ? ' AND "ParentID" = ' . (int)$parentID : ''),
+ "\"URLSegment\" = '$URLSegmentSQL' AND \"WasPublished\" = 1" . ($useParentIDFilter ? ' AND "ParentID" = ' . (int)$parentID : ''),
'"LastEdited" DESC',
null,
null,
View
@@ -50,7 +50,7 @@ public function canAddChildren($member = null) {
*/
public static function response_for($statusCode) {
// first attempt to dynamically generate the error page
- if($errorPage = DataObject::get_one('ErrorPage', "\"ErrorCode\" = $statusCode")) {
+ if($errorPage = DataObject::get_one('ErrorPage', "\"ErrorPage\".\"ErrorCode\" = $statusCode")) {
Requirements::clear();
Requirements::clear_combined_files();
@@ -93,7 +93,7 @@ public function requireDefaultRecords() {
$code = $defaultData['ErrorCode'];
$page = DataObject::get_one(
'ErrorPage',
- sprintf("\"ErrorCode\" = '%s'", $code)
+ sprintf("\"ErrorPage\".\"ErrorCode\" = '%s'", $code)
);
$pageExists = ($page && $page->exists());
$pagePath = self::get_filepath_for_errorcode($code);
View
@@ -310,11 +310,18 @@ static public function get_by_link($link, $cache = true) {
// Grab the initial root level page to traverse down from.
$URLSegment = array_shift($parts);
$sitetree = DataObject::get_one (
- 'SiteTree', "\"URLSegment\" = '$URLSegment'" . (self::config()->nested_urls ? ' AND "ParentID" = 0' : ''), $cache
+ 'SiteTree',
+ "\"SiteTree\".\"URLSegment\" = '$URLSegment'" . (
+ self::config()->nested_urls ? ' AND "SiteTree"."ParentID" = 0' : ''
+ ),
+ $cache
);
/// Fall back on a unique URLSegment for b/c.
- if(!$sitetree && self::config()->nested_urls && $page = DataObject::get('SiteTree', "\"URLSegment\" = '$URLSegment'")->First()) {
+ if(!$sitetree
+ && self::config()->nested_urls
+ && $page = DataObject::get_one('SiteTree', "\"SiteTree\".\"URLSegment\" = '$URLSegment'", $cache)
+ ) {
return $page;
}
@@ -335,7 +342,9 @@ static public function get_by_link($link, $cache = true) {
// Traverse down the remaining URL segments and grab the relevant SiteTree objects.
foreach($parts as $segment) {
$next = DataObject::get_one (
- 'SiteTree', "\"URLSegment\" = '$segment' AND \"ParentID\" = $sitetree->ID", $cache
+ 'SiteTree',
+ "\"SiteTree\".\"URLSegment\" = '$segment' AND \"SiteTree\".\"ParentID\" = $sitetree->ID",
+ $cache
);
if(!$next) {
@@ -405,7 +414,7 @@ static public function link_shortcode_handler($arguments, $content = null, $pars
if (
!($page = DataObject::get_by_id('SiteTree', $arguments['id'])) // Get the current page by ID.
&& !($page = Versioned::get_latest_version('SiteTree', $arguments['id'])) // Attempt link to old version.
- && !($page = DataObject::get_one('ErrorPage', '"ErrorCode" = \'404\'')) // Link to 404 page directly.
+ && !($page = DataObject::get_one('ErrorPage', '"ErrorPage"."ErrorCode" = \'404\'')) // Link to 404 page.
) {
return; // There were no suitable matches at all.
}
@@ -1603,7 +1612,7 @@ function($v) {return !is_null($v);}
$existingPage = DataObject::get_one(
'SiteTree',
- "\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
+ "\"SiteTree\".\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
);
return !($existingPage);
@@ -10,7 +10,7 @@ class SiteTreeMaintenanceTask extends Controller {
public function makelinksunique() {
$badURLs = "'" . implode("', '", DB::query("SELECT URLSegment, count(*) FROM SiteTree GROUP BY URLSegment HAVING count(*) > 1")->column()) . "'";
- $pages = DataObject::get("SiteTree", "\"URLSegment\" IN ($badURLs)");
+ $pages = DataObject::get("SiteTree", "\"SiteTree\".\"URLSegment\" IN ($badURLs)");
foreach($pages as $page) {
echo "<li>$page->Title: ";
@@ -136,7 +136,7 @@ public function testGetOneFromLive() {
$oldMode = Versioned::get_reading_mode();
Versioned::reading_stage('Live');
- $checkSiteTree = DataObject::get_one("SiteTree", "\"URLSegment\" = 'get-one-test-page'");
+ $checkSiteTree = DataObject::get_one("SiteTree", "\"SiteTree\".\"URLSegment\" = 'get-one-test-page'");
$this->assertEquals("V1", $checkSiteTree->Title);
Versioned::set_reading_mode($oldMode);
@@ -426,7 +426,7 @@ public function testDeleteFromLiveOperatesRecursivelyStrict() {
public function testReadArchiveDate() {
$date = '2009-07-02 14:05:07';
Versioned::reading_archived_date($date);
- DataObject::get('SiteTree', "\"ParentID\" = 0");
+ DataObject::get('SiteTree', "\"SiteTree\".\"ParentID\" = 0");
Versioned::reading_archived_date(null);
$this->assertEquals(
Versioned::get_reading_mode(),

0 comments on commit 5f82814

Please sign in to comment.