Commit dc04329d authored by Francois Marier's avatar Francois Marier
Browse files

Rewrite a function parameter to avoid having to pass SQL



This is not a security fix but rather a cleanup to harden this code
and make it harder to accidentally introduce a SQL injection in the
future.
Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
parent a62cb836
...@@ -51,7 +51,8 @@ class PluginBlocktypeNewViews extends SystemBlocktype { ...@@ -51,7 +51,8 @@ class PluginBlocktypeNewViews extends SystemBlocktype {
$configdata = $instance->get('configdata'); $configdata = $instance->get('configdata');
$nviews = isset($configdata['limit']) ? intval($configdata['limit']) : 5; $nviews = isset($configdata['limit']) ? intval($configdata['limit']) : 5;
$views = View::view_search(null, null, null, null, $nviews, 0, true, 'mtime DESC'); $sort = array(array('column' => 'mtime', 'desc' => true));
$views = View::view_search(null, null, null, null, $nviews, 0, true, $sort);
$smarty = smarty_core(); $smarty = smarty_core();
$smarty->assign('loggedin', $USER->is_logged_in()); $smarty->assign('loggedin', $USER->is_logged_in());
$smarty->assign('views', $views->data); $smarty->assign('views', $views->data);
......
...@@ -2214,7 +2214,7 @@ class View { ...@@ -2214,7 +2214,7 @@ class View {
* @param integer $limit * @param integer $limit
* @param integer $offset * @param integer $offset
* @param bool $extra Return full set of properties on each view including an artefact list * @param bool $extra Return full set of properties on each view including an artefact list
* @param string $sort Order by * @param array $sort Order by, each element of the array is an array containing "column" (string) and "desc" (boolean)
* *
*/ */
public static function view_search($query=null, $ownerquery=null, $ownedby=null, $copyableby=null, $limit=null, $offset=0, $extra=true, $sort=null) { public static function view_search($query=null, $ownerquery=null, $ownedby=null, $copyableby=null, $limit=null, $offset=0, $extra=true, $sort=null) {
...@@ -2333,7 +2333,26 @@ class View { ...@@ -2333,7 +2333,26 @@ class View {
} }
$count = count_records_sql('SELECT COUNT (DISTINCT v.id) ' . $from . $where, $ph); $count = count_records_sql('SELECT COUNT (DISTINCT v.id) ' . $from . $where, $ph);
$orderby = is_null($sort) ? 'title ASC' : $sort; $orderby = 'title ASC';
if (!empty($sort)) {
$orderby = '';
foreach ($sort as $item) {
if (!preg_match('/^[a-zA-Z_0-9"]+$/', $item['column'])) {
continue; // skip this item (it fails validation)
}
if (!empty($orderby)) {
$orderby .= ', ';
}
$orderby .= $item['column'];
if ($item['desc']) {
$orderby .= ' DESC';
}
else {
$orderby .= ' ASC';
}
}
}
$viewdata = get_records_sql_array(' $viewdata = get_records_sql_array('
SELECT * FROM ( SELECT * FROM (
SELECT SELECT
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment