From dd3a41170309a5b5780c7605519b60b33d229e2b Mon Sep 17 00:00:00 2001 From: "Donald A. Lobo" Date: Wed, 16 Oct 2013 12:45:02 -0700 Subject: [PATCH] CRM-13554 ---------------------------------------- * CRM-13554: Improve string validation in the query engine http://issues.civicrm.org/jira/browse/CRM-13554 --- CRM/Contact/Form/Search/Custom/ActivitySearch.php | 2 +- CRM/Contact/Form/Search/Custom/Base.php | 2 +- CRM/Contact/Form/Search/Custom/ContributionAggregate.php | 2 +- CRM/Contact/Form/Search/Custom/EventAggregate.php | 2 +- CRM/Mailing/BAO/Mailing.php | 2 +- CRM/Mailing/BAO/Recipients.php | 2 +- CRM/Report/Form.php | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/CRM/Contact/Form/Search/Custom/ActivitySearch.php b/CRM/Contact/Form/Search/Custom/ActivitySearch.php index 088480f3b9..315adf2b8b 100644 --- a/CRM/Contact/Form/Search/Custom/ActivitySearch.php +++ b/CRM/Contact/Form/Search/Custom/ActivitySearch.php @@ -215,7 +215,7 @@ class CRM_Contact_Form_Search_Custom_ActivitySearch implements CRM_Contact_Form_ if ($rowcount > 0 && $offset >= 0) { $offset = CRM_Utils_Type::escape($offset, 'Int'); - $rowCount = CRM_Utils_Type::escape($rowCount, 'Int'); + $rowcount = CRM_Utils_Type::escape($rowcount, 'Int'); $sql .= " LIMIT $offset, $rowcount "; } return $sql; diff --git a/CRM/Contact/Form/Search/Custom/Base.php b/CRM/Contact/Form/Search/Custom/Base.php index a7f5488393..03a3c9fbc2 100644 --- a/CRM/Contact/Form/Search/Custom/Base.php +++ b/CRM/Contact/Form/Search/Custom/Base.php @@ -134,7 +134,7 @@ class CRM_Contact_Form_Search_Custom_Base { if ($rowcount > 0 && $offset >= 0) { $offset = CRM_Utils_Type::escape($offset, 'Int'); - $rowCount = CRM_Utils_Type::escape($rowCount, 'Int'); + $rowcount = CRM_Utils_Type::escape($rowcount, 'Int'); $sql .= " LIMIT $offset, $rowcount "; } diff --git a/CRM/Contact/Form/Search/Custom/ContributionAggregate.php b/CRM/Contact/Form/Search/Custom/ContributionAggregate.php index 72c6700d8d..68e0bdfcc0 100644 --- a/CRM/Contact/Form/Search/Custom/ContributionAggregate.php +++ b/CRM/Contact/Form/Search/Custom/ContributionAggregate.php @@ -148,7 +148,7 @@ $having if ($rowcount > 0 && $offset >= 0) { $offset = CRM_Utils_Type::escape($offset, 'Int'); - $rowCount = CRM_Utils_Type::escape($rowCount, 'Int'); + $rowcount = CRM_Utils_Type::escape($rowcount, 'Int'); $sql .= " LIMIT $offset, $rowcount "; } return $sql; diff --git a/CRM/Contact/Form/Search/Custom/EventAggregate.php b/CRM/Contact/Form/Search/Custom/EventAggregate.php index d749ccdf43..79a57e0971 100644 --- a/CRM/Contact/Form/Search/Custom/EventAggregate.php +++ b/CRM/Contact/Form/Search/Custom/EventAggregate.php @@ -160,7 +160,7 @@ class CRM_Contact_Form_Search_Custom_EventAggregate extends CRM_Contact_Form_Sea if ($rowcount > 0 && $offset >= 0) { $offset = CRM_Utils_Type::escape($offset, 'Int'); - $rowCount = CRM_Utils_Type::escape($rowCount, 'Int'); + $rowcount = CRM_Utils_Type::escape($rowcount, 'Int'); $sql .= " LIMIT $offset, $rowcount "; } diff --git a/CRM/Mailing/BAO/Mailing.php b/CRM/Mailing/BAO/Mailing.php index 2fb1ca7be8..a9462ee55b 100644 --- a/CRM/Mailing/BAO/Mailing.php +++ b/CRM/Mailing/BAO/Mailing.php @@ -468,7 +468,7 @@ AND $mg.mailing_id = {$mailing_id} $limitString = NULL; if ($limit && $offset !== NULL) { $offset = CRM_Utils_Type::escape($offset, 'Int'); - $rowCount = CRM_Utils_Type::escape($rowCount, 'Int'); + $limit = CRM_Utils_Type::escape($limit, 'Int'); $limitString = "LIMIT $offset, $limit"; } diff --git a/CRM/Mailing/BAO/Recipients.php b/CRM/Mailing/BAO/Recipients.php index 36caf69ec3..134e181b35 100644 --- a/CRM/Mailing/BAO/Recipients.php +++ b/CRM/Mailing/BAO/Recipients.php @@ -57,7 +57,7 @@ WHERE mailing_id = %1 $limitString = NULL; if ($limit && $offset !== NULL) { $offset = CRM_Utils_Type::escape($offset, 'Int'); - $rowCount = CRM_Utils_Type::escape($rowCount, 'Int'); + $limit = CRM_Utils_Type::escape($limit, 'Int'); $limitString = "LIMIT $offset, $limit"; } diff --git a/CRM/Report/Form.php b/CRM/Report/Form.php index 8edffd8de8..6bf04a66a0 100644 --- a/CRM/Report/Form.php +++ b/CRM/Report/Form.php @@ -2490,7 +2490,7 @@ WHERE cg.extends IN ('" . implode("','", $this->_customGroupExtends) . "') AND $offset = CRM_Utils_Type::escape($offset, 'Int'); $rowCount = CRM_Utils_Type::escape($rowCount, 'Int'); - $this->_limit = " LIMIT $offset, " . $rowCount; + $this->_limit = " LIMIT $offset, $rowCount"; return array($offset, $rowCount); } } -- 2.25.1