From d55e491e1f49358948a906f008294fe875f994e4 Mon Sep 17 00:00:00 2001 From: Mattias Michaux Date: Mon, 2 May 2016 10:39:13 +0200 Subject: [PATCH] Cleanup to have same behaviour as 4.7. --- CRM/Core/Page/AJAX.php | 12 ++++++------ CRM/Utils/Rule.php | 27 ++++----------------------- CRM/Utils/Type.php | 9 +++------ 3 files changed, 13 insertions(+), 35 deletions(-) diff --git a/CRM/Core/Page/AJAX.php b/CRM/Core/Page/AJAX.php index 69c98b51f1..3116e26f51 100644 --- a/CRM/Core/Page/AJAX.php +++ b/CRM/Core/Page/AJAX.php @@ -219,17 +219,17 @@ class CRM_Core_Page_AJAX { $sortMapper = array(); foreach ($_GET['columns'] as $key => $value) { - $sortMapper[$key] = CRM_Utils_Type::escape($value['data'], 'MysqlColumnName'); + $sortMapper[$key] = CRM_Utils_Type::validate($value['data'], 'MysqlColumnName'); }; - $offset = isset($_GET['start']) ? CRM_Utils_Type::escape($_GET['start'], 'Integer') : $defaultOffset; - $rowCount = isset($_GET['length']) ? CRM_Utils_Type::escape($_GET['length'], 'Integer') : $defaultRowCount; + $offset = isset($_GET['start']) ? CRM_Utils_Type::validate($_GET['start'], 'Integer') : $defaultOffset; + $rowCount = isset($_GET['length']) ? CRM_Utils_Type::validate($_GET['length'], 'Integer') : $defaultRowCount; // Why is the number of order by columns limited to 1? - $sort = isset($_GET['order'][0]['column']) ? CRM_Utils_Array::value(CRM_Utils_Type::escape($_GET['order'][0]['column'], 'Integer'), $sortMapper) : $defaultSort; - $sortOrder = isset($_GET['order'][0]['dir']) ? CRM_Utils_Type::escape($_GET['order'][0]['dir'], 'MysqlOrderByDirection') : $defaultsortOrder; + $sort = isset($_GET['order'][0]['column']) ? CRM_Utils_Array::value(CRM_Utils_Type::validate($_GET['order'][0]['column'], 'Integer'), $sortMapper) : $defaultSort; + $sortOrder = isset($_GET['order'][0]['dir']) ? CRM_Utils_Type::validate($_GET['order'][0]['dir'], 'MysqlOrderByDirection') : $defaultsortOrder; if ($sort) { - $params['sortBy'] = "`{$sort}` {$sortOrder}"; + $params['sortBy'] = "{$sort} {$sortOrder}"; } $params['page'] = ($offset / $rowCount) + 1; diff --git a/CRM/Utils/Rule.php b/CRM/Utils/Rule.php index 439a095be0..9c59136f9a 100644 --- a/CRM/Utils/Rule.php +++ b/CRM/Utils/Rule.php @@ -89,22 +89,6 @@ class CRM_Utils_Rule { return TRUE; } - /** - * @param $str - * - * @return bool - */ - public static function mysqlColumnNameLoose($str) { - // check the length. - // This check can be incorrect for the . format, which can be - // a problem. - if (empty($str) || strlen($str) > 64) { - return FALSE; - } - - return TRUE; - } - /** * Validate an acceptable column name for sorting results. * @@ -113,16 +97,13 @@ class CRM_Utils_Rule { * @return bool */ public static function mysqlColumnName($str) { - // Check the length. - if (empty($str) || strlen($str) > 64) { + // Check not empty. + if (empty($str)) { return FALSE; } - // Make sure it only contains valid characters (alphanumeric and underscores). - // - // MySQL permits column names that don't match this (eg containing spaces), - // but CiviCRM won't create those ... - if (!preg_match('/^[\w_]+(\.[\w_]+)?$/i', $str)) { + // Ensure it only contains valid characters (alphanumeric and underscores). + if (!preg_match('/^\w{1,64}(\.\w{1,64})?$/i', $str)) { return FALSE; } diff --git a/CRM/Utils/Type.php b/CRM/Utils/Type.php index 6b423818b0..e299b6eae0 100644 --- a/CRM/Utils/Type.php +++ b/CRM/Utils/Type.php @@ -258,14 +258,11 @@ class CRM_Utils_Type { } break; - case 'MysqlColumnNameLoose': - if (CRM_Utils_Rule::mysqlColumnNameLoose($data)) { - return str_replace('`', '', $data); - } - break; - case 'MysqlColumnName': if (CRM_Utils_Rule::mysqlColumnName($data)) { + $parts = explode('.', $data); + $data = '`' . implode('`.`', $parts) . '`'; + return $data; } break; -- 2.25.1