Menu
▾
▴
[phpwiki-checkins] SF.net SVN: phpwiki:[8966] trunk/lib/WikiDB
|
From: <var...@us...> - 2014-07-16 16:06:39
|
Revision: 8966
http://sourceforge.net/p/phpwiki/code/8966
Author: vargenau
Date: 2014-07-16 16:06:31 +0000 (Wed, 16 Jul 2014)
Log Message:
-----------
Escape string to search
Modified Paths:
--------------
trunk/lib/WikiDB/backend/PearDB_mysql.php
trunk/lib/WikiDB/backend.php
Modified: trunk/lib/WikiDB/backend/PearDB_mysql.php
===================================================================
--- trunk/lib/WikiDB/backend/PearDB_mysql.php 2014-07-16 14:00:21 UTC (rev 8965)
+++ trunk/lib/WikiDB/backend/PearDB_mysql.php 2014-07-16 16:06:31 UTC (rev 8966)
@@ -215,6 +215,8 @@
function _pagename_match_clause($node)
{
$word = $node->sql();
+ $dbh = &$this->_dbh;
+ $word = $dbh->escapeSimple($word);
if ($node->op == 'REGEX') { // posix regex extensions
return "pagename REGEXP '$word'";
} else {
Modified: trunk/lib/WikiDB/backend.php
===================================================================
--- trunk/lib/WikiDB/backend.php 2014-07-16 14:00:21 UTC (rev 8965)
+++ trunk/lib/WikiDB/backend.php 2014-07-16 16:06:31 UTC (rev 8966)
@@ -864,15 +864,17 @@
function _fulltext_match_clause($node)
{
// force word-style %word% for fulltext search
- $word = '%' . $node->sql_quote($node->word) . '%';
+ $dbh = &$this->_dbh;
+ $word = '%' . $dbh->escapeSimple($word) . '%';
// eliminate stoplist words
- if ($this->isStoplisted($node))
+ if ($this->isStoplisted($node)) {
return "1=1"; // and (pagename or 1) => and 1
- else
+ } else {
return $this->_pagename_match_clause($node)
// probably convert this MATCH AGAINST or SUBSTR/POSITION without wildcards
. ($this->_case_exact ? " OR content LIKE '$word'"
: " OR LOWER(content) LIKE '$word'");
+ }
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
