diff options
author | Meik Sievertsen <acydburn@phpbb.com> | 2007-06-24 12:49:13 +0000 |
---|---|---|
committer | Meik Sievertsen <acydburn@phpbb.com> | 2007-06-24 12:49:13 +0000 |
commit | 5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274 (patch) | |
tree | 63f64d470a44ff71aa4ef83775e3e0727dd76e46 /phpBB/includes/acp | |
parent | 318418b0f266998895f88e9fcbcd3873a518c4b5 (diff) | |
download | forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar.gz forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar.bz2 forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar.xz forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.zip |
tweak the sql_like_expression feature a little bit to allow correct escaping
git-svn-id: file:///svn/phpbb/trunk@7789 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/acp')
-rw-r--r-- | phpBB/includes/acp/acp_permission_roles.php | 6 | ||||
-rw-r--r-- | phpBB/includes/acp/acp_permissions.php | 2 | ||||
-rw-r--r-- | phpBB/includes/acp/acp_prune.php | 4 | ||||
-rw-r--r-- | phpBB/includes/acp/acp_users.php | 4 | ||||
-rw-r--r-- | phpBB/includes/acp/auth.php | 2 |
5 files changed, 9 insertions, 9 deletions
diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php index d3df765e6e..674468a862 100644 --- a/phpBB/includes/acp/acp_permission_roles.php +++ b/phpBB/includes/acp/acp_permission_roles.php @@ -239,7 +239,7 @@ class acp_permission_roles { $sql = 'SELECT auth_option_id, auth_option FROM ' . ACL_OPTIONS_TABLE . " - WHERE auth_option " . $db->sql_like_expression($permission_type . '%') . " + WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char) . " AND auth_option <> '{$permission_type}' ORDER BY auth_option_id"; $result = $db->sql_query($sql); @@ -305,7 +305,7 @@ class acp_permission_roles // We need to fill the auth options array with ACL_NO options ;) $sql = 'SELECT auth_option_id, auth_option FROM ' . ACL_OPTIONS_TABLE . " - WHERE auth_option " . $db->sql_like_expression($permission_type . '%') . " + WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char) . " AND auth_option <> '{$permission_type}' ORDER BY auth_option_id"; $result = $db->sql_query($sql); @@ -490,7 +490,7 @@ class acp_permission_roles // Get complete auth array $sql = 'SELECT auth_option, auth_option_id FROM ' . ACL_OPTIONS_TABLE . " - WHERE auth_option " . $db->sql_like_expression($permission_type . '%'); + WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char); $result = $db->sql_query($sql); $auth_settings = array(); diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index 8189db23d3..3a7318231b 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -1069,7 +1069,7 @@ class acp_permissions global $db, $user; $sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0'); - $sql_permission_option = ' AND o.auth_option ' . $db->sql_like_expression($permission_type . '%'); + $sql_permission_option = ' AND o.auth_option ' . $db->sql_like_expression($permission_type . $db->any_char); $sql = $db->sql_build_query('SELECT_DISTINCT', array( 'SELECT' => 'u.username, u.username_clean, u.user_regdate, u.user_id', diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 95ad9eee31..14885394e6 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -393,8 +393,8 @@ class acp_prune $sort_by_types = array('username', 'user_email', 'user_posts', 'user_regdate', 'user_lastvisit'); $where_sql = ''; - $where_sql .= ($username) ? ' AND username_clean ' . $db->sql_like_expression(str_replace('*', '%', utf8_clean_string($username))) : ''; - $where_sql .= ($email) ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', '%', $email)) . ' ' : ''; + $where_sql .= ($username) ? ' AND username_clean ' . $db->sql_like_expression(str_replace('*', $db->any_char, utf8_clean_string($username))) : ''; + $where_sql .= ($email) ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : ''; $where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : ''; $where_sql .= ($count !== '') ? " AND user_posts " . $key_match[$count_select] . ' ' . (int) $count . ' ' : ''; $where_sql .= (sizeof($active)) ? " AND user_lastvisit " . $key_match[$active_select] . " " . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) : ''; diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 0f7190d952..6015471b9d 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -1831,7 +1831,7 @@ class acp_users // Select auth options $sql = 'SELECT auth_option, is_local, is_global FROM ' . ACL_OPTIONS_TABLE . ' - WHERE auth_option ' . $db->sql_like_expression('%_') . ' + WHERE auth_option ' . $db->sql_like_expression($db->any_char . '_') . ' AND is_global = 1 ORDER BY auth_option'; $result = $db->sql_query($sql); @@ -1851,7 +1851,7 @@ class acp_users { $sql = 'SELECT auth_option, is_local, is_global FROM ' . ACL_OPTIONS_TABLE . " - WHERE auth_option " . $db->sql_like_expression('%_') . " + WHERE auth_option " . $db->sql_like_expression($db->any_char . '_') . " AND is_local = 1 ORDER BY is_global DESC, auth_option"; $result = $db->sql_query($sql); diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index 0fb64b60e6..7d0b00cc25 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -968,7 +968,7 @@ class auth_admin extends auth // Get permission type $sql = 'SELECT auth_option, auth_option_id FROM ' . ACL_OPTIONS_TABLE . " - WHERE auth_option " . $db->sql_like_expression($permission_type . '%'); + WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char); $result = $db->sql_query($sql); $auth_id_ary = array(); |