From 21858a195870452cce55a7e6a020b112d56d3d37 Mon Sep 17 00:00:00 2001 From: Mattias Michaux Date: Tue, 24 May 2016 23:51:41 +0200 Subject: [PATCH] Loosen the MysqlColumnNameOrAlias validation. --- CRM/Utils/Rule.php | 4 ++-- CRM/Utils/Type.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CRM/Utils/Rule.php b/CRM/Utils/Rule.php index b6f4f7e6dc..9306b4b36f 100644 --- a/CRM/Utils/Rule.php +++ b/CRM/Utils/Rule.php @@ -103,7 +103,7 @@ class CRM_Utils_Rule { // Ensure the string contains only valid characters: // For column names: alphanumeric and underscores // For aliases: backticks, alphanumeric hyphens and underscores. - if (!preg_match('/^((`[\w-]{1,64}`|\w{1,64})\.)?(`[\w-]{1,64}`|\w{1,64})$/i', $str)) { + if (!preg_match('/^((`[\w-]{1,64}`|[\w–]{1,64})\.)?(`[\w-]{1,64}`|[\w–]{1,64})$/i', $str)) { return FALSE; } @@ -137,7 +137,7 @@ class CRM_Utils_Rule { // at all, so we split and loop over. $parts = explode(',', $str); foreach ($parts as $part) { - if (!preg_match('/^((`[\w-]{1,64}`|\w{1,64})\.)?(`[\w-]{1,64}`|\w{1,64})( (asc|desc))?$/i', trim($part))) { + if (!preg_match('/^((`[\w-]{1,64}`|[\w–]{1,64})\.)?(`[\w-]{1,64}`|[\w–]{1,64})( (asc|desc))?$/i', trim($part))) { return FALSE; } } diff --git a/CRM/Utils/Type.php b/CRM/Utils/Type.php index f49f212701..374975d21b 100644 --- a/CRM/Utils/Type.php +++ b/CRM/Utils/Type.php @@ -288,7 +288,7 @@ class CRM_Utils_Type { if (CRM_Utils_Rule::mysqlOrderBy($data)) { $parts = explode(',', $data); foreach ($parts as &$part) { - $part = preg_replace_callback('/^(?:(?:((?:`[\w-]{1,64}`|\w{1,64}))(?:\.))?(`[\w-]{1,64}`|\w{1,64})(?: (asc|desc))?)$/i', array('CRM_Utils_Type', 'mysqlOrderByCallback'), trim($part)); + $part = preg_replace_callback('/^(?:(?:((?:`[\w-]{1,64}`|[\w–]{1,64}))(?:\.))?(`[\w-]{1,64}`|[\w–]{1,64})(?: (asc|desc))?)$/i', array('CRM_Utils_Type', 'mysqlOrderByCallback'), trim($part)); } return implode(', ', $parts); } -- 2.25.1