Overview
Comment: | Sécurité sur les requêtes exécutées dans les squelettes |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
92d8611330a57f1bcda91ed3e34bb8bd |
User & Date: | bohwaz on 2014-04-21 02:20:04 |
Other Links: | manifest | tags |
References
2020-12-08
| ||
23:25 | • Wiki page "Changelog/0.9" artifact: b9c916b4d1 user: bohwaz | |
Context
2014-04-21
| ||
02:28 | Repasse pour suppression des double quotes dans les requêtes SQLite + suppression appel DB::getInstance() inutile check-in: 63cb8357be user: bohwaz tags: trunk | |
02:20 | Sécurité sur les requêtes exécutées dans les squelettes check-in: 92d8611330 user: bohwaz tags: trunk | |
00:50 | Déplacement nettoyage du cache check-in: 110b39bfde user: bohwaz tags: trunk | |
Changes
Modified src/include/class.squelette.php from [f2c5fff5c8] to [994be07690].
︙ | ︙ | |||
444 445 446 447 448 449 450 | $out->append(1, '$this->parent =& $parent_hash ? $this->_vars[$parent_hash] : null;'); if ($search) { $out->append(1, 'if (trim($this->getVariable(\'recherche\'))) { '); } | > > > | | 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 | $out->append(1, '$this->parent =& $parent_hash ? $this->_vars[$parent_hash] : null;'); if ($search) { $out->append(1, 'if (trim($this->getVariable(\'recherche\'))) { '); } $out->append(1, '$statement = $db->prepare(\''.$query.'\'); '); // Sécurité anti injection $out->append(1, 'if (!$statement->readOnly()) { throw new \\miniSkelMarkupException("Requête en écriture illégale: '.$query.'"); } '); $out->append(1, '$result_'.$hash.' = $statement->execute(); '); $out->append(1, '$nb_rows = $db->countRows($result_'.$hash.'); '); if ($search) { $out->append(1, '} else { $result_'.$hash.' = false; $nb_rows = 0; }'); } |
︙ | ︙ |