diff options
| -rw-r--r-- | .build_number | 2 | ||||
| -rw-r--r-- | installer/web.php | 4 | ||||
| -rw-r--r-- | modules/g2_import/controllers/g2.php | 2 | ||||
| -rw-r--r-- | modules/gallery/helpers/item_rest.php | 2 | ||||
| -rw-r--r-- | modules/gallery/libraries/MY_Database.php | 10 | ||||
| -rw-r--r-- | modules/gallery/libraries/drivers/Cache/Database.php | 4 | ||||
| -rw-r--r-- | modules/gallery/tests/Database_Test.php | 6 | ||||
| -rw-r--r-- | modules/tag/controllers/tags.php | 2 | ||||
| -rw-r--r-- | system/helpers/url.php | 2 |
9 files changed, 25 insertions, 9 deletions
diff --git a/.build_number b/.build_number index ad72721c..30f34977 100644 --- a/.build_number +++ b/.build_number @@ -3,4 +3,4 @@ ; process. You don't need to edit it. In fact.. ; ; DO NOT EDIT THIS FILE BY HAND! -build_number=291 +build_number=294 diff --git a/installer/web.php b/installer/web.php index a7060bd8..5fa8541e 100644 --- a/installer/web.php +++ b/installer/web.php @@ -41,9 +41,9 @@ if (installer::already_installed()) { list ($config["host"], $config["port"]) = explode(":", $config["host"] . ":"); foreach ($config as $k => $v) { if ($k == "password") { - $config[$k] = str_replace("'", "\\'", $v); + $config[$k] = str_replace(array("'", "\\"), array("\\'", "\\\\"), $v); } else { - $config[$k] = strtr($v, "'`", "__"); + $config[$k] = strtr($v, "'`\\", "___"); } } diff --git a/modules/g2_import/controllers/g2.php b/modules/g2_import/controllers/g2.php index 5a76940e..0645266b 100644 --- a/modules/g2_import/controllers/g2.php +++ b/modules/g2_import/controllers/g2.php @@ -49,7 +49,7 @@ class G2_Controller extends Controller { if ($view == "core.DownloadItem") { $where[] = array("resource_type", "IN", array("file", "resize", "thumbnail", "full")); } else if ($view) { - $where[] = array("g2_url", "like", "%g2_view=$view%"); + $where[] = array("g2_url", "LIKE", "%" . Database::escape_for_like("g2_view=$view") . "%"); } // else: Assuming that the first search hit is sufficiently good. } else if ($path) { $where = array(array("g2_url", "IN", array($path, str_replace(" ", "+", $path)))); diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index 10799567..efeba2ef 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -64,7 +64,7 @@ class item_rest_Core { } if (isset($p->name)) { - $orm->where("name", "LIKE", "%{$p->name}%"); + $orm->where("name", "LIKE", "%" . Database::escape_for_like($p->name) . "%"); } if (isset($p->type)) { diff --git a/modules/gallery/libraries/MY_Database.php b/modules/gallery/libraries/MY_Database.php index aae0bb79..33759b67 100644 --- a/modules/gallery/libraries/MY_Database.php +++ b/modules/gallery/libraries/MY_Database.php @@ -88,4 +88,14 @@ abstract class Database extends Database_Core { static function set_default_instance($db) { self::$instances["default"] = $db; } + + /** + * Escape LIKE queries, add wildcards. In MySQL queries using LIKE, _ and % characters are + * treated as wildcards similar to ? and *, respectively. Therefore, we need to escape _, %, + * and \ (the escape character itself). + */ + static function escape_for_like($value) { + // backslash must go first to avoid double-escaping + return addcslashes($value, '\_%'); + } }
\ No newline at end of file diff --git a/modules/gallery/libraries/drivers/Cache/Database.php b/modules/gallery/libraries/drivers/Cache/Database.php index a7aae92c..8790d0e1 100644 --- a/modules/gallery/libraries/drivers/Cache/Database.php +++ b/modules/gallery/libraries/drivers/Cache/Database.php @@ -69,7 +69,7 @@ class Cache_Database_Driver extends Cache_Driver { ->select() ->from("caches"); foreach ($tags as $tag) { - $db->where("tags", "LIKE", "%<$tag>%"); + $db->where("tags", "LIKE", "%" . Database::escape_for_like("<$tag>") . "%"); } $db_result = $db->execute(); @@ -139,7 +139,7 @@ class Cache_Database_Driver extends Cache_Driver { // Delete all caches } else if ($is_tag === true) { foreach ($keys as $tag) { - $db->where("tags", "LIKE", "%<$tag>%"); + $db->where("tags", "LIKE", "%" . Database::escape_for_like("<$tag>") . "%"); } } else { $db->where("key", "IN", $keys); diff --git a/modules/gallery/tests/Database_Test.php b/modules/gallery/tests/Database_Test.php index ab3290a9..106062f5 100644 --- a/modules/gallery/tests/Database_Test.php +++ b/modules/gallery/tests/Database_Test.php @@ -147,6 +147,12 @@ class Database_Test extends Gallery_Unit_Test_Case { $sql = str_replace("\n", " ", $sql); $this->assert_same("UPDATE [test_tables] SET [name] = [Test Name] WHERE [1] = [1]", $sql); } + + function escape_for_like_test() { + // Note: literal double backslash is written as \\\ + $this->assert_same('basic\_test', Database::escape_for_like("basic_test")); + $this->assert_same('\\\100\%\_test/', Database::escape_for_like('\100%_test/')); + } } class Database_Mock extends Database { diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index 77ad7f50..77d45a95 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -52,7 +52,7 @@ class Tags_Controller extends Controller { $limit = Input::instance()->get("limit"); $tag_part = ltrim(end($tag_parts)); $tag_list = ORM::factory("tag") - ->where("name", "LIKE", "{$tag_part}%") + ->where("name", "LIKE", Database::escape_for_like($tag_part) . "%") ->order_by("name", "ASC") ->limit($limit) ->find_all(); diff --git a/system/helpers/url.php b/system/helpers/url.php index 1bc81230..014f96fe 100644 --- a/system/helpers/url.php +++ b/system/helpers/url.php @@ -62,7 +62,7 @@ class url_Core { if ($site_domain === '' OR $site_domain[0] === '/') { // Guess the server name if the domain starts with slash - $base_url = $protocol.'://'.$_SERVER['HTTP_HOST'].$site_domain; + $base_url = $protocol.'://'.($_SERVER['SERVER_NAME']?$_SERVER['SERVER_NAME']:$_SERVER['HTTP_HOST']).$site_domain; } else { |