Skip to content

Commit

Permalink
fix #289
Browse files Browse the repository at this point in the history 
修正由于转义引号导致的在sqlite下查询失败错误
修正由于部分主机没有安装mb插件导致无法输出markdown文本的错误

fix #288

给expression增加参数$escape来控制是否转义语句
  • Loading branch information
@joyqi
joyqi committed Oct 9, 2014
1 parent 52f7f3a commit 80de490
Show file tree
Hide file tree
Showing 6 changed files with 38 additions and 22 deletions.
3 changes: 3 additions & 0 deletions tools/transfer.php
View file
Expand Up @@ -74,6 +74,9 @@
}
}

$source = str_replace(array('mb_strtoupper', 'mb_strlen'),
array('Typecho_Common::strToUpper', 'Typecho_Common::strLen'), $source);

$tokens = token_get_all($source);
$source = '';

Expand Down
2 changes: 1 addition & 1 deletion var/CommonMark/DocParser.php
View file
Expand Up @@ -63,7 +63,7 @@ protected static function detabLine($string)

foreach ($parts as $part) {
// Calculate number of spaces; insert them followed by the non-tab contents
$amount = 4 - mb_strlen($line, 'UTF-8') % 4;
$amount = 4 - Typecho_Common::strLen($line, 'UTF-8') % 4;
$line .= str_repeat(' ', $amount) . $part;
}

Expand Down
2 changes: 1 addition & 1 deletion var/CommonMark/Reference/Reference.php
View file
Expand Up @@ -87,6 +87,6 @@ public static function normalizeReference($string)
// leading/trailing whitespace
$string = preg_replace('/\s+/', '', trim($string));

return mb_strtoupper($string, 'UTF-8');
return Typecho_Common::strToUpper($string, 'UTF-8');
}
}
2 changes: 1 addition & 1 deletion var/Markdown.php
View file
Expand Up @@ -35,7 +35,7 @@ public function renderInline(CommonMark_Element_InlineElementInterface $inline)
* @license GNU General Public License 2.0
*/
class Markdown
{
{
/**
* convert
*
Expand Down
29 changes: 29 additions & 0 deletions var/Typecho/Common.php
View file
Expand Up @@ -48,6 +48,17 @@ class Typecho_Common
*/
public static $exceptionHandle;

/**
* 将字符串变成大写的回调函数
*
* @param array $matches
* @access public
* @return string
*/
public static function __strToUpper($matches)
{
return strtoupper($matches[0]);
}

/**
* 将url中的非法xss去掉时的数组回调过滤函数
Expand Down Expand Up @@ -226,6 +237,7 @@ public static function exceptionHandle(Exception $exception)
@ob_end_clean();

if (defined('__TYPECHO_DEBUG__')) {
echo '<h1>' . $exception->getMessage() . '</h1>';
echo nl2br($exception->__toString());
} else {
if (404 == $exception->getCode() && !empty(self::$exceptionHandle)) {
Expand Down Expand Up @@ -740,6 +752,23 @@ public static function strLen($str)
}
}

/**
* 获取大写字符串
*
* @param string $str
* @access public
* @return string
*/
public static function strToUpper($str)
{
if (__TYPECHO_MB_SUPPORTED__) {
return mb_strtoupper($str, self::$charset);
} else {
return 'UTF-8' == strtoupper(self::$charset)
? preg_replace_callback("/[a-z]+/u", array('Typecho_Common', '__strToUpper'), $str) : strtoupper($str);
}
}

/**
* 检查是否为合法的编码数据
*
Expand Down
22 changes: 3 additions & 19 deletions var/Typecho/Db/Query.php
View file
Expand Up @@ -111,26 +111,9 @@ private function filterColumn($str)
$split = '';
$quotes = 0;

// fix issue #288
$inStr = false;

for ($i = 0; $i < $length; $i ++) {
$cha = $str[$i];

if (false !== strpos("'\"", $cha)) {
$inStr = !$inStr;

if (!$inStr) {
$result .= $cha;
continue;
}
}

if ($inStr) {
$result .= $cha;
continue;
}

if (ctype_alnum($cha) || false !== strpos('_*', $cha)) {
if (!$lastIsAlnum) {
if ($quotes > 0 && !ctype_digit($word) && '.' != $split
Expand Down Expand Up @@ -374,11 +357,12 @@ public function rows(array $rows)
*
* @param string $key 栏目名称
* @param mixed $value 指定的值
* @param bool $escape 是否转义
* @return Typecho_Db_Query
*/
public function expression($key, $value)
public function expression($key, $value, $escape = true)
{
$this->_sqlPreBuild['rows'][$this->filterColumn($key)] = $this->filterColumn($value);
$this->_sqlPreBuild['rows'][$this->filterColumn($key)] = $escape ? $this->filterColumn($value) : $value;
return $this;
}

Expand Down

0 comments on commit 80de490

Please sign in to comment.