@@ -46,7 +46,7 @@ public function getOne($formId): ?array
4646 return $ this ->cachedForms [$ formId ];
4747 }
4848
49- $ form = $ this ->dbService ->loadSingle ('SELECT * FROM ' . $ this ->dbService ->prefixTable ('nature ' ) . 'WHERE bn_id_nature= \'' . $ formId . '\'' );
49+ $ form = $ this ->dbService ->loadSingle ('SELECT * FROM ' . $ this ->dbService ->prefixTable ('nature ' ) . 'WHERE bn_id_nature= \'' . $ this -> dbService -> escape ( $ formId) . '\'' );
5050
5151 if (!$ form ) {
5252 return null ;
@@ -105,13 +105,13 @@ public function create($data)
105105 return $ this ->dbService ->query ('INSERT INTO ' . $ this ->dbService ->prefixTable ('nature ' )
106106 . '(`bn_id_nature` ,`bn_ce_i18n` ,`bn_label_nature` ,`bn_template` ,`bn_description` ,`bn_sem_context` ,`bn_sem_type` ,`bn_sem_use_template` ,`bn_condition`) '
107107 . ' VALUES ( ' . $ data ['bn_id_nature ' ] . ', "fr-FR", " '
108- . addslashes (_convert ($ data ['bn_label_nature ' ], YW_CHARSET , true )) . '"," '
109- . addslashes (_convert ($ data ['bn_template ' ], YW_CHARSET , true )) . '", " '
110- . addslashes (_convert ($ data ['bn_description ' ], YW_CHARSET , true )) . '", " '
111- . addslashes (_convert ($ data ['bn_sem_context ' ], YW_CHARSET , true )) . '", " '
112- . addslashes (_convert ($ data ['bn_sem_type ' ], YW_CHARSET , true )) . '", '
108+ . $ this -> dbService -> escape (_convert ($ data ['bn_label_nature ' ], YW_CHARSET , true )) . '"," '
109+ . $ this -> dbService -> escape (_convert ($ data ['bn_template ' ], YW_CHARSET , true )) . '", " '
110+ . $ this -> dbService -> escape (_convert ($ data ['bn_description ' ], YW_CHARSET , true )) . '", " '
111+ . $ this -> dbService -> escape (_convert ($ data ['bn_sem_context ' ], YW_CHARSET , true )) . '", " '
112+ . $ this -> dbService -> escape (_convert ($ data ['bn_sem_type ' ], YW_CHARSET , true )) . '", '
113113 . (isset ($ data ['bn_sem_use_template ' ]) ? '1 ' : '0 ' ) . ', " '
114- . addslashes (_convert ($ data ['bn_condition ' ], YW_CHARSET , true )) . '") ' );
114+ . $ this -> dbService -> escape (_convert ($ data ['bn_condition ' ], YW_CHARSET , true )) . '") ' );
115115 }
116116
117117 public function update ($ data )
@@ -120,14 +120,14 @@ public function update($data)
120120 throw new \Exception (_t ('WIKI_IN_HIBERNATION ' ));
121121 }
122122 return $ this ->dbService ->query ('UPDATE ' . $ this ->dbService ->prefixTable ('nature ' ) . 'SET '
123- . '`bn_label_nature`=" ' . addslashes (_convert ($ data ['bn_label_nature ' ], YW_CHARSET , true )) . '" , '
124- . '`bn_template`=" ' . addslashes (_convert ($ data ['bn_template ' ], YW_CHARSET , true )) . '" , '
125- . '`bn_description`=" ' . addslashes (_convert ($ data ['bn_description ' ], YW_CHARSET , true )) . '" , '
126- . '`bn_sem_context`=" ' . addslashes (_convert ($ data ['bn_sem_context ' ], YW_CHARSET , true )) . '" , '
127- . '`bn_sem_type`=" ' . addslashes (_convert ($ data ['bn_sem_type ' ], YW_CHARSET , true )) . '" , '
123+ . '`bn_label_nature`=" ' . $ this -> dbService -> escape (_convert ($ data ['bn_label_nature ' ], YW_CHARSET , true )) . '" , '
124+ . '`bn_template`=" ' . $ this -> dbService -> escape (_convert ($ data ['bn_template ' ], YW_CHARSET , true )) . '" , '
125+ . '`bn_description`=" ' . $ this -> dbService -> escape (_convert ($ data ['bn_description ' ], YW_CHARSET , true )) . '" , '
126+ . '`bn_sem_context`=" ' . $ this -> dbService -> escape (_convert ($ data ['bn_sem_context ' ], YW_CHARSET , true )) . '" , '
127+ . '`bn_sem_type`=" ' . $ this -> dbService -> escape (_convert ($ data ['bn_sem_type ' ], YW_CHARSET , true )) . '" , '
128128 . '`bn_sem_use_template`= ' . (isset ($ data ['bn_sem_use_template ' ]) ? '1 ' : '0 ' ) . ' , '
129- . '`bn_condition`=" ' . addslashes (_convert ($ data ['bn_condition ' ], YW_CHARSET , true )) . '" '
130- . ' WHERE `bn_id_nature`= ' . $ data ['bn_id_nature ' ]);
129+ . '`bn_condition`=" ' . $ this -> dbService -> escape (_convert ($ data ['bn_condition ' ], YW_CHARSET , true )) . '" '
130+ . ' WHERE `bn_id_nature`= ' . $ this -> dbService -> escape ( $ data ['bn_id_nature ' ]) );
131131 }
132132
133133 public function clone ($ id )
@@ -155,7 +155,7 @@ public function delete($id)
155155 }
156156
157157 $ this ->clear ($ id );
158- return $ this ->dbService ->query ('DELETE FROM ' . $ this ->dbService ->prefixTable ('nature ' ) . 'WHERE bn_id_nature= ' . $ id );
158+ return $ this ->dbService ->query ('DELETE FROM ' . $ this ->dbService ->prefixTable ('nature ' ) . 'WHERE bn_id_nature= ' . $ this -> dbService -> escape ( $ id ) );
159159 }
160160
161161 public function clear ($ id )
@@ -167,14 +167,14 @@ public function clear($id)
167167 'DELETE FROM ' . $ this ->dbService ->prefixTable ('acls ' ) .
168168 'WHERE page_tag IN (SELECT tag FROM ' . $ this ->dbService ->prefixTable ('pages ' ) .
169169 'WHERE tag IN (SELECT resource FROM ' . $ this ->dbService ->prefixTable ('triples ' ) .
170- 'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":" ' . $ id . '"% \' ); '
170+ 'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":" ' . $ this -> dbService -> escape ( $ id ) . '"% \' ); '
171171 );
172172
173173 // TODO use PageManager
174174 $ this ->dbService ->query (
175175 'DELETE FROM ' . $ this ->dbService ->prefixTable ('pages ' ) .
176176 'WHERE tag IN (SELECT resource FROM ' . $ this ->dbService ->prefixTable ('triples ' ) .
177- 'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":" ' . $ id . '"% \'; '
177+ 'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":" ' . $ this -> dbService -> escape ( $ id ) . '"% \'; '
178178 );
179179
180180 // TODO use TripleStore
0 commit comments