Skip to content

Commit df9d76e

Browse files
kamil-tekielaMauricioFauth
kamil-tekiela
authored and
MauricioFauth
committed
Use quoteString in Events
Signed-off-by: Kamil Tekiela <tekiela246@gmail.com>
1 parent 31800be commit df9d76e

3 files changed

Lines changed: 11 additions & 29 deletions

File tree

libraries/classes/Database/Events.php

Lines changed: 9 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -301,9 +301,8 @@ public function getDataFromName($name): array|null
301301
$columns = '`EVENT_NAME`, `STATUS`, `EVENT_TYPE`, `EXECUTE_AT`, '
302302
. '`INTERVAL_VALUE`, `INTERVAL_FIELD`, `STARTS`, `ENDS`, '
303303
. '`EVENT_DEFINITION`, `ON_COMPLETION`, `DEFINER`, `EVENT_COMMENT`';
304-
$where = 'EVENT_SCHEMA ' . Util::getCollateForIS() . '='
305-
. "'" . $this->dbi->escapeString($GLOBALS['db']) . "' "
306-
. "AND EVENT_NAME='" . $this->dbi->escapeString($name) . "'";
304+
$where = 'EVENT_SCHEMA ' . Util::getCollateForIS() . '=' . $this->dbi->quoteString($GLOBALS['db'])
305+
. ' AND EVENT_NAME=' . $this->dbi->quoteString($name);
307306
$query = 'SELECT ' . $columns . ' FROM `INFORMATION_SCHEMA`.`EVENTS` WHERE ' . $where . ';';
308307
$item = $this->dbi->fetchSingleRow($query);
309308
if (! $item) {
@@ -414,21 +413,15 @@ public function getQueryFromRequest(): string
414413
}
415414

416415
if (! empty($_POST['item_starts'])) {
417-
$query .= "STARTS '"
418-
. $this->dbi->escapeString($_POST['item_starts'])
419-
. "' ";
416+
$query .= 'STARTS ' . $this->dbi->quoteString($_POST['item_starts']) . ' ';
420417
}
421418

422419
if (! empty($_POST['item_ends'])) {
423-
$query .= "ENDS '"
424-
. $this->dbi->escapeString($_POST['item_ends'])
425-
. "' ";
420+
$query .= 'ENDS ' . $this->dbi->quoteString($_POST['item_ends']) . ' ';
426421
}
427422
} else {
428423
if (! empty($_POST['item_execute_at'])) {
429-
$query .= "AT '"
430-
. $this->dbi->escapeString($_POST['item_execute_at'])
431-
. "' ";
424+
$query .= 'AT ' . $this->dbi->quoteString($_POST['item_execute_at']) . ' ';
432425
} else {
433426
$GLOBALS['errors'][] = __('You must provide a valid execution time for the event.');
434427
}
@@ -453,7 +446,7 @@ public function getQueryFromRequest(): string
453446
}
454447

455448
if (! empty($_POST['item_comment'])) {
456-
$query .= "COMMENT '" . $this->dbi->escapeString($_POST['item_comment']) . "' ";
449+
$query .= 'COMMENT ' . $this->dbi->quoteString($_POST['item_comment']) . ' ';
457450
}
458451

459452
$query .= 'DO ';
@@ -599,13 +592,13 @@ public function getDetails(string $db, string $name = ''): array
599592
{
600593
if (! $GLOBALS['cfg']['Server']['DisableIS']) {
601594
$query = QueryGenerator::getInformationSchemaEventsRequest(
602-
$this->dbi->escapeString($db),
603-
$name === '' ? null : $this->dbi->escapeString($name),
595+
$this->dbi->quoteString($db),
596+
$name === '' ? null : $this->dbi->quoteString($name),
604597
);
605598
} else {
606599
$query = 'SHOW EVENTS FROM ' . Util::backquote($db);
607600
if ($name !== '') {
608-
$query .= " WHERE `Name` = '" . $this->dbi->escapeString($name) . "'";
601+
$query .= ' WHERE `Name` = ' . $this->dbi->quoteString($name);
609602
}
610603
}
611604

libraries/classes/Query/Generator.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -201,9 +201,9 @@ public static function getInformationSchemaEventsRequest(string $escapedDb, stri
201201
. '`DATABASE_COLLATION` AS `Database Collation`'
202202
. ' FROM `information_schema`.`EVENTS`'
203203
. ' WHERE `EVENT_SCHEMA` ' . Util::getCollateForIS()
204-
. " = '" . $escapedDb . "'";
204+
. ' = ' . $escapedDb;
205205
if ($escapedEventName !== null) {
206-
$query .= ' AND `EVENT_NAME`' . " = '" . $escapedEventName . "'";
206+
$query .= ' AND `EVENT_NAME` = ' . $escapedEventName;
207207
}
208208

209209
return $query;

psalm-baseline.xml

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -5461,17 +5461,6 @@
54615461
</PossiblyUnusedMethod>
54625462
</file>
54635463
<file src="libraries/classes/Database/Events.php">
5464-
<DeprecatedMethod>
5465-
<code>escapeString</code>
5466-
<code>escapeString</code>
5467-
<code>escapeString</code>
5468-
<code>escapeString</code>
5469-
<code>escapeString</code>
5470-
<code>escapeString</code>
5471-
<code>escapeString</code>
5472-
<code>escapeString</code>
5473-
<code>escapeString</code>
5474-
</DeprecatedMethod>
54755464
<InvalidArrayOffset>
54765465
<code><![CDATA[$GLOBALS['errors']]]></code>
54775466
<code><![CDATA[$GLOBALS['errors']]]></code>

0 commit comments

Comments
 (0)