#1240 2.6.0 a1 class/Criteria some remarks

XOOPS_2.6.x
open
nobody
None
1
2014-08-22
2012-11-18
Alain91
No

Some remarks :

1/ preg_match too large than necessary (after else whe are sure the string start and end with backquote
:::php
} else {
if (!preg_match('/^[a-zA-Z0-9_.-`]*$/', $value)) {
$value = '``';
}
}

2/ there is no check against sql injection => I don't find usage of real_escape_string or equivalent and I'm not sure such test coul'd be done after.

Discussion