FIX Import in upgrade when using a socialnetwork field.
This commit is contained in:
Laurent Destailleur
parent
0fe65591e8
commit
34da698537
@ -182,9 +182,18 @@ interface Database
|
||||
*
|
||||
* @param string $stringtoencode String to escape
|
||||
* @return string String escaped
|
||||
* @deprecated
|
||||
*/
|
||||
public function escapeunderscore($stringtoencode);
|
||||
|
||||
/**
|
||||
* Escape a string to insert data into a like
|
||||
*
|
||||
* @param string $stringtoencode String to escape
|
||||
* @return string String escaped
|
||||
*/
|
||||
public function escapeforlike($stringtoencode);
|
||||
|
||||
/**
|
||||
* Sanitize a string for SQL forging
|
||||
*
|
||||
|
||||
@ -479,12 +479,24 @@ class DoliDBMysqli extends DoliDB
|
||||
*
|
||||
* @param string $stringtoencode String to escape
|
||||
* @return string String escaped
|
||||
* @deprecated
|
||||
*/
|
||||
public function escapeunderscore($stringtoencode)
|
||||
{
|
||||
return str_replace('_', '\_', (string) $stringtoencode);
|
||||
}
|
||||
|
||||
/**
|
||||
* Escape a string to insert data into a like
|
||||
*
|
||||
* @param string $stringtoencode String to escape
|
||||
* @return string String escaped
|
||||
*/
|
||||
public function escapeforlike($stringtoencode)
|
||||
{
|
||||
return str_replace(array('_', '\\', '%'), array('\_', '\\\\', '\%'), (string) $stringtoencode);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return generic error code of last operation.
|
||||
*
|
||||
|
||||
@ -726,10 +726,22 @@ class DoliDBPgsql extends DoliDB
|
||||
*
|
||||
* @param string $stringtoencode String to escape
|
||||
* @return string String escaped
|
||||
* @deprecated
|
||||
*/
|
||||
public function escapeunderscore($stringtoencode)
|
||||
{
|
||||
return str_replace('_', '\_', $stringtoencode);
|
||||
return str_replace('_', '\_', (string) $stringtoencode);
|
||||
}
|
||||
|
||||
/**
|
||||
* Escape a string to insert data into a like
|
||||
*
|
||||
* @param string $stringtoencode String to escape
|
||||
* @return string String escaped
|
||||
*/
|
||||
public function escapeforlike($stringtoencode)
|
||||
{
|
||||
return str_replace(array('_', '\\', '%'), array('\_', '\\\\', '\%'), (string) $stringtoencode);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -654,10 +654,22 @@ class DoliDBSqlite3 extends DoliDB
|
||||
*
|
||||
* @param string $stringtoencode String to escape
|
||||
* @return string String escaped
|
||||
* @deprecated
|
||||
*/
|
||||
public function escapeunderscore($stringtoencode)
|
||||
{
|
||||
return str_replace('_', '\_', $stringtoencode);
|
||||
return str_replace('_', '\_', (string) $stringtoencode);
|
||||
}
|
||||
|
||||
/**
|
||||
* Escape a string to insert data into a like
|
||||
*
|
||||
* @param string $stringtoencode String to escape
|
||||
* @return string String escaped
|
||||
*/
|
||||
public function escapeforlike($stringtoencode)
|
||||
{
|
||||
return str_replace(array('_', '\\', '%'), array('\_', '\\\\', '\%'), (string) $stringtoencode);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -947,11 +947,11 @@ function getPagesFromSearchCriterias($type, $algo, $searchstring, $max = 25, $so
|
||||
$sql .= " AND (";
|
||||
$searchalgo = '';
|
||||
if (preg_match('/meta/', $algo)) {
|
||||
$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.title LIKE '%".$db->escapeunderscore($db->escape($searchstring))."%' OR wp.description LIKE '%".$db->escapeunderscore($db->escape($searchstring))."%'";
|
||||
$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.keywords LIKE '".$db->escapeunderscore($db->escape($searchstring)).",%' OR wp.keywords LIKE '% ".$db->escapeunderscore($db->escape($searchstring))."%'"; // TODO Use a better way to scan keywords
|
||||
$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.title LIKE '%".$db->escapeforlike($db->escape($searchstring))."%' OR wp.description LIKE '%".$db->escapeforlike($db->escape($searchstring))."%'";
|
||||
$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.keywords LIKE '".$db->escapeforlike($db->escape($searchstring)).",%' OR wp.keywords LIKE '% ".$db->escapeforlike($db->escape($searchstring))."%'"; // TODO Use a better way to scan keywords
|
||||
}
|
||||
if (preg_match('/content/', $algo)) {
|
||||
$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.content LIKE '%".$db->escapeunderscore($db->escape($searchstring))."%'";
|
||||
$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.content LIKE '%".$db->escapeforlike($db->escape($searchstring))."%'";
|
||||
}
|
||||
$sql .= $searchalgo;
|
||||
if (is_array($otherfilters) && !empty($otherfilters['category'])) {
|
||||
|
||||
@ -835,8 +835,8 @@ class ImportCsv extends ModeleImports
|
||||
$sqlSelect = "SELECT ".$fname." FROM ".$tablename;
|
||||
|
||||
$data = array_combine($listfields, $listvalues);
|
||||
$where = array();
|
||||
$filters = array();
|
||||
$where = array(); // filters to forge SQL request
|
||||
$filters = array(); // filters to forge output error message
|
||||
foreach ($updatekeys as $key) {
|
||||
$col = $objimport->array_import_updatekeys[0][$key];
|
||||
$key = preg_replace('/^.*\./i', '', $key);
|
||||
@ -846,8 +846,12 @@ class ImportCsv extends ModeleImports
|
||||
$socialnetwork = $tmp[1];
|
||||
$jsondata = $data[$key];
|
||||
$json = json_decode($jsondata);
|
||||
$where[] = $key." LIKE '%\"".$socialnetwork."\":\"".$this->db->escape($json->$socialnetwork)."\"%'";
|
||||
$filters[] = $col." LIKE '%\"".$socialnetwork."\":\"".$this->db->escape($json->$socialnetwork)."\"%'";
|
||||
$stringtosearch = json_encode($socialnetwork).':'.json_encode($json->$socialnetwork);
|
||||
//var_dump($stringtosearch);
|
||||
//var_dump($this->db->escape($stringtosearch)); // This provide a value for sql string (but not for a like)
|
||||
$where[] = $key." LIKE '%".$this->db->escapeforlike($this->db->escape($stringtosearch))."%'";
|
||||
$filters[] = $col." LIKE '%".$this->db->escapeforlike($this->db->escape($stringtosearch))."%'";
|
||||
//var_dump($where[1]); // This provide a value for sql string inside a like
|
||||
} else {
|
||||
$where[] = $key.' = '.$data[$key];
|
||||
$filters[] = $col.' = '.$data[$key];
|
||||
|
||||
@ -891,8 +891,12 @@ class ImportXlsx extends ModeleImports
|
||||
$socialnetwork = $tmp[1];
|
||||
$jsondata = $data[$key];
|
||||
$json = json_decode($jsondata);
|
||||
$where[] = $key." LIKE '%\"".$socialnetwork."\":\"".$this->db->escape($json->$socialnetwork)."\"%'";
|
||||
$filters[] = $col." LIKE '%\"".$socialnetwork."\":\"".$this->db->escape($json->$socialnetwork)."\"%'";
|
||||
$stringtosearch = json_encode($socialnetwork).':'.json_encode($json->$socialnetwork);
|
||||
//var_dump($stringtosearch);
|
||||
//var_dump($this->db->escape($stringtosearch)); // This provide a value for sql string (but not for a like)
|
||||
$where[] = $key." LIKE '%".$this->db->escapeforlike($this->db->escape($stringtosearch))."%'";
|
||||
$filters[] = $col." LIKE '%".$this->db->escapeforlike($this->db->escape($stringtosearch))."%'";
|
||||
//var_dump($where[1]); // This provide a value for sql string inside a like
|
||||
} else {
|
||||
$where[] = $key.' = '.$data[$key];
|
||||
$filters[] = $col.' = '.$data[$key];
|
||||
|
||||
@ -255,12 +255,24 @@ class TraceableDB extends DoliDB
|
||||
*
|
||||
* @param string $stringtoencode String to escape
|
||||
* @return string String escaped
|
||||
* @deprecated
|
||||
*/
|
||||
public function escapeunderscore($stringtoencode)
|
||||
{
|
||||
return $this->db->escapeunderscore($stringtoencode);
|
||||
}
|
||||
|
||||
/**
|
||||
* Escape a string to insert data into a like
|
||||
*
|
||||
* @param string $stringtoencode String to escape
|
||||
* @return string String escaped
|
||||
*/
|
||||
public function escapeforlike($stringtoencode)
|
||||
{
|
||||
return str_replace(array('_', '\\', '%'), array('\_', '\\\\', '\%'), (string) $stringtoencode);
|
||||
}
|
||||
|
||||
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
|
||||
/**
|
||||
* Get last ID after an insert INSERT
|
||||
|
||||
Loading…
Reference in New Issue
Block a user