Menu
▾
▴
[xoops-svn] SF.net SVN: xoops-svn:[12306] XoopsCore/branches/2.5.x/2.5.7
|
From: <be...@us...> - 2014-02-12 14:55:14
|
Revision: 12306
http://sourceforge.net/p/xoops/svn/12306
Author: beckmi
Date: 2014-02-12 14:55:09 +0000 (Wed, 12 Feb 2014)
Log Message:
-----------
added function escape to XoopsMySQLDatabase, needed for Formulize (jegelstaff)
Modified Paths:
--------------
XoopsCore/branches/2.5.x/2.5.7/docs/changelog.250.txt
XoopsCore/branches/2.5.x/2.5.7/htdocs/class/database/mysqldatabase.php
Modified: XoopsCore/branches/2.5.x/2.5.7/docs/changelog.250.txt
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/docs/changelog.250.txt 2014-02-11 23:57:34 UTC (rev 12305)
+++ XoopsCore/branches/2.5.x/2.5.7/docs/changelog.250.txt 2014-02-12 14:55:09 UTC (rev 12306)
@@ -39,6 +39,7 @@
- fixed Undefined index: uid in file /modules/profile/userinfo.php line 24 (cesag/mamba)
- set minimum PHP version to 5.3.7 (mamba)
- added missing apostrophe corrections for Date types in CleanVars in /class/model/write.php
+- added function escape to XoopsMySQLDatabase, needed for Formulize (jegelstaff)
Security fixes
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/class/database/mysqldatabase.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/class/database/mysqldatabase.php 2014-02-11 23:57:34 UTC (rev 12305)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/class/database/mysqldatabase.php 2014-02-12 14:55:09 UTC (rev 12306)
@@ -237,6 +237,21 @@
}
/**
+ * Escapes a string for use in a query. Does not add quotes.
+ *
+ * @param string $string string to escape
+ *
+ * @return string
+ * @deprecated since version 2.6.0 - alpha 3. Switch to doctrine connector.
+ */
+ public function escape($string)
+ {
+ $this->deprecated();
+
+ return str_replace("\\\"", '"', str_replace("\\"", '"', $string));
+ }
+
+ /**
* perform a query on the database
*
* @param string $sql a valid MySQL query
|
