Skip to content

Commit db267cf

Browse files
MauricioFauthMauricioFauth
authored
Merge pull request #18137 from kamil-tekiela/quoteString-control-user
Add Connection::TYPE_CONTROL to quoteString
2 parents cb67fa3 + 912f179 commit db267cf

6 files changed

Lines changed: 102 additions & 97 deletions

File tree

libraries/classes/ConfigStorage/Relation.php

Lines changed: 34 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -577,7 +577,7 @@ public function getDbComment(string $db): string
577577
$com_qry = 'SELECT `comment`'
578578
. ' FROM ' . Util::backquote($columnCommentsFeature->database)
579579
. '.' . Util::backquote($columnCommentsFeature->columnInfo)
580-
. ' WHERE db_name = ' . $this->dbi->quoteString($db)
580+
. ' WHERE db_name = ' . $this->dbi->quoteString($db, Connection::TYPE_CONTROL)
581581
. ' AND table_name = \'\''
582582
. ' AND column_name = \'(db_comment)\'';
583583
$com_rs = $this->dbi->tryQueryAsControlUser($com_qry);
@@ -636,17 +636,17 @@ public function setDbComment($db, $comment = ''): bool
636636
. Util::backquote($columnCommentsFeature->columnInfo)
637637
. ' (`db_name`, `table_name`, `column_name`, `comment`)'
638638
. ' VALUES ('
639-
. $this->dbi->quoteString($db)
639+
. $this->dbi->quoteString($db, Connection::TYPE_CONTROL)
640640
. ", '', '(db_comment)', "
641-
. $this->dbi->quoteString($comment)
641+
. $this->dbi->quoteString($comment, Connection::TYPE_CONTROL)
642642
. ') '
643643
. ' ON DUPLICATE KEY UPDATE '
644-
. '`comment` = ' . $this->dbi->quoteString($comment);
644+
. '`comment` = ' . $this->dbi->quoteString($comment, Connection::TYPE_CONTROL);
645645
} else {
646646
$upd_query = 'DELETE FROM '
647647
. Util::backquote($columnCommentsFeature->database) . '.'
648648
. Util::backquote($columnCommentsFeature->columnInfo)
649-
. ' WHERE `db_name` = ' . $this->dbi->quoteString($db)
649+
. ' WHERE `db_name` = ' . $this->dbi->quoteString($db, Connection::TYPE_CONTROL)
650650
. '
651651
AND `table_name` = \'\'
652652
AND `column_name` = \'(db_comment)\'';
@@ -702,11 +702,11 @@ public function setHistory($db, $table, $username, $sqlquery): void
702702
`timevalue`,
703703
`sqlquery`)
704704
VALUES
705-
(' . $this->dbi->quoteString($username) . ',
706-
' . $this->dbi->quoteString($db) . ',
707-
' . $this->dbi->quoteString($table) . ',
705+
(' . $this->dbi->quoteString($username, Connection::TYPE_CONTROL) . ',
706+
' . $this->dbi->quoteString($db, Connection::TYPE_CONTROL) . ',
707+
' . $this->dbi->quoteString($table, Connection::TYPE_CONTROL) . ',
708708
NOW(),
709-
' . $this->dbi->quoteString($sqlquery) . ')'
709+
' . $this->dbi->quoteString($sqlquery, Connection::TYPE_CONTROL) . ')'
710710
);
711711

712712
$this->purgeHistory($username);
@@ -784,7 +784,7 @@ public function purgeHistory($username): void
784784
'DELETE FROM '
785785
. Util::backquote($sqlHistoryFeature->database) . '.'
786786
. Util::backquote($sqlHistoryFeature->history) . '
787-
WHERE `username` = ' . $this->dbi->quoteString($username)
787+
WHERE `username` = ' . $this->dbi->quoteString($username, Connection::TYPE_CONTROL)
788788
. '
789789
AND `timevalue` <= \'' . $max_time . '\''
790790
);
@@ -1130,10 +1130,10 @@ public function renameField($db, $table, $field, $new_name): void
11301130
$table_query = 'UPDATE '
11311131
. Util::backquote($relationParameters->displayFeature->database) . '.'
11321132
. Util::backquote($relationParameters->displayFeature->tableInfo)
1133-
. ' SET display_field = ' . $this->dbi->quoteString($new_name)
1134-
. ' WHERE db_name = ' . $this->dbi->quoteString($db)
1135-
. ' AND table_name = ' . $this->dbi->quoteString($table)
1136-
. ' AND display_field = ' . $this->dbi->quoteString($field);
1133+
. ' SET display_field = ' . $this->dbi->quoteString($new_name, Connection::TYPE_CONTROL)
1134+
. ' WHERE db_name = ' . $this->dbi->quoteString($db, Connection::TYPE_CONTROL)
1135+
. ' AND table_name = ' . $this->dbi->quoteString($table, Connection::TYPE_CONTROL)
1136+
. ' AND display_field = ' . $this->dbi->quoteString($field, Connection::TYPE_CONTROL);
11371137
$this->dbi->queryAsControlUser($table_query);
11381138
}
11391139

@@ -1144,19 +1144,19 @@ public function renameField($db, $table, $field, $new_name): void
11441144
$table_query = 'UPDATE '
11451145
. Util::backquote($relationParameters->relationFeature->database) . '.'
11461146
. Util::backquote($relationParameters->relationFeature->relation)
1147-
. ' SET master_field = ' . $this->dbi->quoteString($new_name)
1148-
. ' WHERE master_db = ' . $this->dbi->quoteString($db)
1149-
. ' AND master_table = ' . $this->dbi->quoteString($table)
1150-
. ' AND master_field = ' . $this->dbi->quoteString($field);
1147+
. ' SET master_field = ' . $this->dbi->quoteString($new_name, Connection::TYPE_CONTROL)
1148+
. ' WHERE master_db = ' . $this->dbi->quoteString($db, Connection::TYPE_CONTROL)
1149+
. ' AND master_table = ' . $this->dbi->quoteString($table, Connection::TYPE_CONTROL)
1150+
. ' AND master_field = ' . $this->dbi->quoteString($field, Connection::TYPE_CONTROL);
11511151
$this->dbi->queryAsControlUser($table_query);
11521152

11531153
$table_query = 'UPDATE '
11541154
. Util::backquote($relationParameters->relationFeature->database) . '.'
11551155
. Util::backquote($relationParameters->relationFeature->relation)
1156-
. ' SET foreign_field = ' . $this->dbi->quoteString($new_name)
1157-
. ' WHERE foreign_db = ' . $this->dbi->quoteString($db)
1158-
. ' AND foreign_table = ' . $this->dbi->quoteString($table)
1159-
. ' AND foreign_field = ' . $this->dbi->quoteString($field);
1156+
. ' SET foreign_field = ' . $this->dbi->quoteString($new_name, Connection::TYPE_CONTROL)
1157+
. ' WHERE foreign_db = ' . $this->dbi->quoteString($db, Connection::TYPE_CONTROL)
1158+
. ' AND foreign_table = ' . $this->dbi->quoteString($table, Connection::TYPE_CONTROL)
1159+
. ' AND foreign_field = ' . $this->dbi->quoteString($field, Connection::TYPE_CONTROL);
11601160
$this->dbi->queryAsControlUser($table_query);
11611161
}
11621162

@@ -1184,13 +1184,13 @@ public function renameSingleTable(
11841184
. Util::backquote($configStorageDatabase) . '.'
11851185
. Util::backquote($configStorageTable)
11861186
. ' SET '
1187-
. $db_field . ' = ' . $this->dbi->quoteString($target_db)
1187+
. $db_field . ' = ' . $this->dbi->quoteString($target_db, Connection::TYPE_CONTROL)
11881188
. ', '
1189-
. $table_field . ' = ' . $this->dbi->quoteString($target_table)
1189+
. $table_field . ' = ' . $this->dbi->quoteString($target_table, Connection::TYPE_CONTROL)
11901190
. ' WHERE '
1191-
. $db_field . ' = ' . $this->dbi->quoteString($source_db)
1191+
. $db_field . ' = ' . $this->dbi->quoteString($source_db, Connection::TYPE_CONTROL)
11921192
. ' AND '
1193-
. $table_field . ' = ' . $this->dbi->quoteString($source_table);
1193+
. $table_field . ' = ' . $this->dbi->quoteString($source_table, Connection::TYPE_CONTROL);
11941194
$this->dbi->queryAsControlUser($query);
11951195
}
11961196

@@ -1281,8 +1281,8 @@ public function renameTable($source_db, $target_db, $source_table, $target_table
12811281
$remove_query = 'DELETE FROM '
12821282
. Util::backquote($relationParameters->pdfFeature->database) . '.'
12831283
. Util::backquote($relationParameters->pdfFeature->tableCoords)
1284-
. ' WHERE db_name = ' . $this->dbi->quoteString($source_db)
1285-
. ' AND table_name = ' . $this->dbi->quoteString($source_table);
1284+
. ' WHERE db_name = ' . $this->dbi->quoteString($source_db, Connection::TYPE_CONTROL)
1285+
. ' AND table_name = ' . $this->dbi->quoteString($source_table, Connection::TYPE_CONTROL);
12861286
$this->dbi->queryAsControlUser($remove_query);
12871287
}
12881288
}
@@ -1320,11 +1320,11 @@ public function renameTable($source_db, $target_db, $source_table, $target_table
13201320
$query = 'UPDATE '
13211321
. Util::backquote($relationParameters->navigationItemsHidingFeature->database) . '.'
13221322
. Util::backquote($relationParameters->navigationItemsHidingFeature->navigationHiding)
1323-
. ' SET db_name = ' . $this->dbi->quoteString($target_db)
1323+
. ' SET db_name = ' . $this->dbi->quoteString($target_db, Connection::TYPE_CONTROL)
13241324
. ','
1325-
. ' item_name = ' . $this->dbi->quoteString($target_table)
1326-
. ' WHERE db_name = ' . $this->dbi->quoteString($source_db)
1327-
. ' AND item_name = ' . $this->dbi->quoteString($source_table)
1325+
. ' item_name = ' . $this->dbi->quoteString($target_table, Connection::TYPE_CONTROL)
1326+
. ' WHERE db_name = ' . $this->dbi->quoteString($source_db, Connection::TYPE_CONTROL)
1327+
. ' AND item_name = ' . $this->dbi->quoteString($source_table, Connection::TYPE_CONTROL)
13281328
. " AND item_type = 'table'";
13291329
$this->dbi->queryAsControlUser($query);
13301330
}
@@ -1342,8 +1342,8 @@ public function createPage(string|null $newpage, PdfFeature $pdfFeature, $db): i
13421342
. Util::backquote($pdfFeature->pdfPages)
13431343
. ' (db_name, page_descr)'
13441344
. ' VALUES ('
1345-
. $this->dbi->quoteString($db) . ', '
1346-
. $this->dbi->quoteString($newpage ?: __('no description')) . ')';
1345+
. $this->dbi->quoteString($db, Connection::TYPE_CONTROL) . ', '
1346+
. $this->dbi->quoteString($newpage ?: __('no description'), Connection::TYPE_CONTROL) . ')';
13471347
$this->dbi->tryQueryAsControlUser($ins_query);
13481348

13491349
return $this->dbi->insertId(Connection::TYPE_CONTROL);

0 commit comments

Comments
 (0)