From: Mattias Michaux Date: Tue, 24 May 2016 21:51:41 +0000 (+0200) Subject: Loosen the MysqlColumnNameOrAlias validation. X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=21858a195870452cce55a7e6a020b112d56d3d37;p=civicrm-core.git Loosen the MysqlColumnNameOrAlias validation. --- diff --git a/CRM/Utils/Rule.php b/CRM/Utils/Rule.php index b6f4f7e6dc..9306b4b36f 100644 --- a/CRM/Utils/Rule.php +++ b/CRM/Utils/Rule.php @@ -103,7 +103,7 @@ class CRM_Utils_Rule { // Ensure the string contains only valid characters: // For column names: alphanumeric and underscores // For aliases: backticks, alphanumeric hyphens and underscores. - if (!preg_match('/^((`[\w-]{1,64}`|\w{1,64})\.)?(`[\w-]{1,64}`|\w{1,64})$/i', $str)) { + if (!preg_match('/^((`[\w-]{1,64}`|[\w–]{1,64})\.)?(`[\w-]{1,64}`|[\w–]{1,64})$/i', $str)) { return FALSE; } @@ -137,7 +137,7 @@ class CRM_Utils_Rule { // at all, so we split and loop over. $parts = explode(',', $str); foreach ($parts as $part) { - if (!preg_match('/^((`[\w-]{1,64}`|\w{1,64})\.)?(`[\w-]{1,64}`|\w{1,64})( (asc|desc))?$/i', trim($part))) { + if (!preg_match('/^((`[\w-]{1,64}`|[\w–]{1,64})\.)?(`[\w-]{1,64}`|[\w–]{1,64})( (asc|desc))?$/i', trim($part))) { return FALSE; } } diff --git a/CRM/Utils/Type.php b/CRM/Utils/Type.php index f49f212701..374975d21b 100644 --- a/CRM/Utils/Type.php +++ b/CRM/Utils/Type.php @@ -288,7 +288,7 @@ class CRM_Utils_Type { if (CRM_Utils_Rule::mysqlOrderBy($data)) { $parts = explode(',', $data); foreach ($parts as &$part) { - $part = preg_replace_callback('/^(?:(?:((?:`[\w-]{1,64}`|\w{1,64}))(?:\.))?(`[\w-]{1,64}`|\w{1,64})(?: (asc|desc))?)$/i', array('CRM_Utils_Type', 'mysqlOrderByCallback'), trim($part)); + $part = preg_replace_callback('/^(?:(?:((?:`[\w-]{1,64}`|[\w–]{1,64}))(?:\.))?(`[\w-]{1,64}`|[\w–]{1,64})(?: (asc|desc))?)$/i', array('CRM_Utils_Type', 'mysqlOrderByCallback'), trim($part)); } return implode(', ', $parts); }