Skip to content

Commit

Permalink
Another adjustment for the pre-escaped filter values
Browse files Browse the repository at this point in the history
  • Loading branch information
@splitbrain
splitbrain committed Jul 18, 2023
1 parent 8c5b72f commit c73abd3
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 5 deletions.
5 changes: 3 additions & 2 deletions syntax/cloud.php
View file
Expand Up @@ -91,12 +91,13 @@ public function _buildSQL(&$data)
$cnt = 0;

foreach ($data['filter'] as $filter) {
//Note: value is already escaped
$col = $filter['key'];
$closecompare = ($filter['compare'] == 'IN(' ? ')' : '');

if (preg_match('/^%(\w+)%$/', $col, $m) && isset($fields[$m[1]])) {
$where .= " " . $filter['logic'] . " pages." . $fields[$m[1]] .
" " . $filter['compare'] . " '" . $filter['value'] . "'" . $closecompare;
" " . $filter['compare'] . " " . $filter['value'] . $closecompare;
$pagesjoin = ' LEFT JOIN pages ON pages.pid = data.pid';
} else {
// filter by hidden column?
Expand All @@ -107,7 +108,7 @@ public function _buildSQL(&$data)
}

$where .= ' ' . $filter['logic'] . ' ' . $tables[$col] . '.value ' . $filter['compare'] .
" '" . $filter['value'] . "'" . $closecompare; //value is already escaped
" " . $filter['value'] . $closecompare;
}
}
}
Expand Down
7 changes: 4 additions & 3 deletions syntax/related.php
View file
Expand Up @@ -126,13 +126,14 @@ function _buildSQL(&$data, $id = null)
$where .= ' AND ( 1=1 ';

foreach ($data['filter'] as $filter) {
// note: value is already escaped
$col = $filter['key'];
$closecompare = ($filter['compare'] == 'IN(' ? ')' : '');

if ($col == '%pageid%') {
$where .= " " . $filter['logic'] . " pages.page " . $filter['compare'] . " '" . $filter['value'] . "'" . $closecompare;
$where .= " " . $filter['logic'] . " pages.page " . $filter['compare'] . " " . $filter['value'] . $closecompare;
} elseif ($col == '%title%') {
$where .= " " . $filter['logic'] . " pages.title " . $filter['compare'] . " '" . $filter['value'] . "'" . $closecompare;
$where .= " " . $filter['logic'] . " pages.title " . $filter['compare'] . " " . $filter['value'] . $closecompare;
} else {
// filter by hidden column?
if (!$tables[$col]) {
Expand All @@ -142,7 +143,7 @@ function _buildSQL(&$data, $id = null)
}

$where .= ' ' . $filter['logic'] . ' ' . $tables[$col] . '.value ' . $filter['compare'] .
" '" . $filter['value'] . "'" . $closecompare; //value is already escaped
" " . $filter['value'] . $closecompare;
}
}

Expand Down

0 comments on commit c73abd3

Please sign in to comment.