------------------------------------------------------------
revno: 1164
committer: Jakub Jankiewicz <[email protected]>
branch nick: aikiframework
timestamp: Fri 2012-04-20 19:33:23 +0200
message:
Kill normal select on INSERT and inline sql for all not allowed queries
modified:
libs/Engine_aiki.php
--
lp:aikiframework
https://code.launchpad.net/~aikiframework-devel/aikiframework/trunk
Your team Aiki Framework Developers is subscribed to branch lp:aikiframework.
To unsubscribe from this branch go to
https://code.launchpad.net/~aikiframework-devel/aikiframework/trunk/+edit-subscription
=== modified file 'libs/Engine_aiki.php'
--- libs/Engine_aiki.php 2012-04-10 10:44:17 +0000
+++ libs/Engine_aiki.php 2012-04-20 17:33:23 +0000
@@ -967,30 +967,30 @@
if ($inline_select) {
$select = trim($inline_select);
- } else {
- // Kill the query if it is not select.
- // roger: this filter is not aplied over $inline_select
- if (preg_match("/TRUNCATE|UPDATE|DELETE(.*)from/i", $select)) {
- return "";
- } else {
- // roger: i don't know why this parse is applie only on normal_select
- // and no over inline..Perhaps must remove it.
- $select = strtr($select, array("\n"=> " ", "\r"=>"")); // delete line-feed
- $select = $aiki->input->requests($select); // replace GET[] and POST[]
- $select = $this->parsDBpars($select);
- $select = strtr(
- $select,
- array("[guest_session]" => $membership->guest_session,
- "[user_session]" => $membership->user_session));
- }
- }
-
- // more parse
- $select= strtr(trim($select), array ("\'" => "'", '\"' => '"'));
- $select = $aiki->url->apply_url_on_query($select);
- $select = $aiki->languages->L10n($select);
- $select = $aiki->processVars($select);
-
+ }
+
+ // Kill the query if it is not select.
+ // roger: this filter is not aplied over $inline_select
+ if (preg_match("/(TRUNCATE|UPDATE|DELETE(.*)from)|(INSERT *into)/i", $select)) {
+ return "";
+ }
+
+ if (!$inline_select) {
+ // roger: i don't know why this parse is applie only on normal_select
+ // and no over inline..Perhaps must remove it.
+ $select = strtr($select, array("\n"=> " ", "\r"=>"")); // delete line-feed
+ $select = $aiki->input->requests($select); // replace GET[] and POST[]
+ $select = $this->parsDBpars($select);
+ $select = strtr(
+ $select,
+ array("[guest_session]" => $membership->guest_session,
+ "[user_session]" => $membership->user_session));
+ // more parse
+ $select= strtr(trim($select), array ("\'" => "'", '\"' => '"'));
+ $select = $aiki->url->apply_url_on_query($select);
+ $select = $aiki->languages->L10n($select);
+ $select = $aiki->processVars($select);
+ }
return $select;
}
_______________________________________________
Mailing list: https://launchpad.net/~aikiframework-devel
Post to : [email protected]
Unsubscribe : https://launchpad.net/~aikiframework-devel
More help : https://help.launchpad.net/ListHelp
