projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c95d144)
CRM-13554
authorDonald A. Lobo <lobo@civicrm.org>
Wed, 16 Oct 2013 19:45:02 +0000 (12:45 -0700)
committerDonald A. Lobo <lobo@civicrm.org>
Wed, 16 Oct 2013 19:45:02 +0000 (12:45 -0700)
----------------------------------------
* CRM-13554: Improve string validation in the query engine
  http://issues.civicrm.org/jira/browse/CRM-13554

CRM/Contact/Form/Search/Custom/ActivitySearch.php patch | blob | blame | history
CRM/Contact/Form/Search/Custom/Base.php patch | blob | blame | history
CRM/Contact/Form/Search/Custom/ContributionAggregate.php patch | blob | blame | history
CRM/Contact/Form/Search/Custom/EventAggregate.php patch | blob | blame | history
CRM/Mailing/BAO/Mailing.php patch | blob | blame | history
CRM/Mailing/BAO/Recipients.php patch | blob | blame | history
CRM/Report/Form.php patch | blob | blame | history

diff --git a/CRM/Contact/Form/Search/Custom/ActivitySearch.php b/CRM/Contact/Form/Search/Custom/ActivitySearch.php
index 088480f3b95e1d8fa40c642fbaddf8b57718dd3e..315adf2b8ba15467edfa25f3215ac044d49eb188 100644 (file)
--- a/CRM/Contact/Form/Search/Custom/ActivitySearch.php
+++ b/CRM/Contact/Form/Search/Custom/ActivitySearch.php
@@ -215,7 +215,7 @@ class CRM_Contact_Form_Search_Custom_ActivitySearch implements CRM_Contact_Form_
 
     if ($rowcount > 0 && $offset >= 0) {
       $offset = CRM_Utils_Type::escape($offset, 'Int');
-      $rowCount = CRM_Utils_Type::escape($rowCount, 'Int');
+      $rowcount = CRM_Utils_Type::escape($rowcount, 'Int');
       $sql .= " LIMIT $offset, $rowcount ";
     }
     return $sql;
diff --git a/CRM/Contact/Form/Search/Custom/Base.php b/CRM/Contact/Form/Search/Custom/Base.php
index a7f5488393157cbb05eabca3cca09a53efd9c66f..03a3c9fbc278dbda1c079a4819b25430925b4e9b 100644 (file)
--- a/CRM/Contact/Form/Search/Custom/Base.php
+++ b/CRM/Contact/Form/Search/Custom/Base.php
@@ -134,7 +134,7 @@ class CRM_Contact_Form_Search_Custom_Base {
 
     if ($rowcount > 0 && $offset >= 0) {
       $offset = CRM_Utils_Type::escape($offset, 'Int');
-      $rowCount = CRM_Utils_Type::escape($rowCount, 'Int');
+      $rowcount = CRM_Utils_Type::escape($rowcount, 'Int');
 
       $sql .= " LIMIT $offset, $rowcount ";
     }
diff --git a/CRM/Contact/Form/Search/Custom/ContributionAggregate.php b/CRM/Contact/Form/Search/Custom/ContributionAggregate.php
index 72c6700d8daa8b22b8ecb77a0aded0cad20b6695..68e0bdfcc0a2115896498f286dda7318f02e4858 100644 (file)
--- a/CRM/Contact/Form/Search/Custom/ContributionAggregate.php
+++ b/CRM/Contact/Form/Search/Custom/ContributionAggregate.php
@@ -148,7 +148,7 @@ $having
 
     if ($rowcount > 0 && $offset >= 0) {
       $offset = CRM_Utils_Type::escape($offset, 'Int');
-      $rowCount = CRM_Utils_Type::escape($rowCount, 'Int');
+      $rowcount = CRM_Utils_Type::escape($rowcount, 'Int');
       $sql .= " LIMIT $offset, $rowcount ";
     }
     return $sql;
diff --git a/CRM/Contact/Form/Search/Custom/EventAggregate.php b/CRM/Contact/Form/Search/Custom/EventAggregate.php
index d749ccdf43633a2421fa25c1ac1baa20195258bd..79a57e0971c8c23b7f67ae6e35e344978a8c1da6 100644 (file)
--- a/CRM/Contact/Form/Search/Custom/EventAggregate.php
+++ b/CRM/Contact/Form/Search/Custom/EventAggregate.php
@@ -160,7 +160,7 @@ class CRM_Contact_Form_Search_Custom_EventAggregate extends CRM_Contact_Form_Sea
 
     if ($rowcount > 0 && $offset >= 0) {
       $offset = CRM_Utils_Type::escape($offset, 'Int');
-      $rowCount = CRM_Utils_Type::escape($rowCount, 'Int');
+      $rowcount = CRM_Utils_Type::escape($rowcount, 'Int');
       $sql .= " LIMIT $offset, $rowcount ";
     }
 
diff --git a/CRM/Mailing/BAO/Mailing.php b/CRM/Mailing/BAO/Mailing.php
index 2fb1ca7be8389608f241b94c1bcddfabf2baf684..a9462ee55bde3595aea3816b161686b70733479c 100644 (file)
--- a/CRM/Mailing/BAO/Mailing.php
+++ b/CRM/Mailing/BAO/Mailing.php
@@ -468,7 +468,7 @@ AND    $mg.mailing_id = {$mailing_id}
     $limitString = NULL;
     if ($limit && $offset !== NULL) {
       $offset = CRM_Utils_Type::escape($offset, 'Int');
-      $rowCount = CRM_Utils_Type::escape($rowCount, 'Int');
+      $limit = CRM_Utils_Type::escape($limit, 'Int');
 
       $limitString = "LIMIT $offset, $limit";
     }
diff --git a/CRM/Mailing/BAO/Recipients.php b/CRM/Mailing/BAO/Recipients.php
index 36caf69ec3254902cbea2e0fd608d4e249070ee8..134e181b3597be0635d04ea31ee4f51b4997b946 100644 (file)
--- a/CRM/Mailing/BAO/Recipients.php
+++ b/CRM/Mailing/BAO/Recipients.php
@@ -57,7 +57,7 @@ WHERE  mailing_id = %1
     $limitString = NULL;
     if ($limit && $offset !== NULL) {
       $offset = CRM_Utils_Type::escape($offset, 'Int');
-      $rowCount = CRM_Utils_Type::escape($rowCount, 'Int');
+      $limit = CRM_Utils_Type::escape($limit, 'Int');
 
       $limitString = "LIMIT $offset, $limit";
     }
diff --git a/CRM/Report/Form.php b/CRM/Report/Form.php
index 8edffd8de8356692993ffb98e4b24456d291f614..6bf04a66a0a29a3a0af5f0fa406776fd5c4a0d3d 100644 (file)
--- a/CRM/Report/Form.php
+++ b/CRM/Report/Form.php
@@ -2490,7 +2490,7 @@ WHERE cg.extends IN ('" . implode("','", $this->_customGroupExtends) . "') AND
       $offset = CRM_Utils_Type::escape($offset, 'Int');
       $rowCount = CRM_Utils_Type::escape($rowCount, 'Int');
 
-      $this->_limit = " LIMIT $offset, " . $rowCount;
+      $this->_limit = " LIMIT $offset, $rowCount";
       return array($offset, $rowCount);
     }
   }