Fix escape usage

modifié: core/lib/Thelia/ImportExport/Export/ExportHandler.php modifié: core/lib/Thelia/ImportExport/Export/Type/ContentExport.php modifié: core/lib/Thelia/ImportExport/Export/Type/ProductPricesExport.php modifié: core/lib/Thelia/ImportExport/Export/Type/ProductSEOExport.php modifié: core/lib/Thelia/Tests/ImportExport/Export/ContentExportTest.php
2014-07-29 09:29:22 +02:00
parent ae4fe387a7
commit 0d37e3470b
5 changed files with 34 additions and 38 deletions
--- a/core/lib/Thelia/ImportExport/Export/ExportHandler.php
+++ b/core/lib/Thelia/ImportExport/Export/ExportHandler.php
@@ -150,33 +150,6 @@ abstract class ExportHandler extends AbstractHandler
        ;
    }

-    /**
-     * @param $str
-     * @return string
-     *
-     * Really escapes a string for SQL request.
-     */
-    protected function real_escape($str)
-    {
-        $str = trim($str, "\"'");
-
-        $return = "CONCAT(";
-        $len = strlen($str);
-
-        for ($i = 0; $i < $len; ++$i) {
-            $return .= "CHAR(".ord($str[$i])."),";
-        }
-
-        if ($i > 0) {
-            $return = substr($return, 0, -1);
-        } else {
-            $return = "\"\"";
-        }
-        $return .= ")";
-
-        return $return;
-    }
-
    public function renderLoop($type, array $args = array())
    {
        $loopsDefinition = $this->container->getParameter("thelia.parser.loops");
--- a/core/lib/Thelia/ImportExport/Export/Type/ContentExport.php
+++ b/core/lib/Thelia/ImportExport/Export/Type/ContentExport.php
@@ -107,13 +107,13 @@ class ContentExport extends ExportHandler implements
                        ->endUse()
                    ->_endif()
                    ->addJoinObject($folderI18nJoin, "folder_i18n_join")
-                    ->addJoinCondition("folder_i18n_join", FolderI18nTableMap::LOCALE . "=" . $this->real_escape($locale))
+                    ->addJoinCondition("folder_i18n_join", FolderI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR)
                    ->addAsColumn("folder_TITLE", FolderI18nTableMap::TITLE)
                    ->addAsColumn("folder_ID", FolderTableMap::ID)
                ->endUse()
            ->endUse()
            ->addJoinObject($contentI18nJoin, "content_i18n_join")
-            ->addJoinCondition("content_i18n_join", ContentI18nTableMap::LOCALE . "=" . $this->real_escape($locale))
+            ->addJoinCondition("content_i18n_join", ContentI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR)
            ->addAsColumn("content_TITLE", ContentI18nTableMap::TITLE)
            ->addAsColumn("content_CHAPO", ContentI18nTableMap::CHAPO)
            ->addAsColumn("content_DESCRIPTION", ContentI18nTableMap::DESCRIPTION)
@@ -124,12 +124,17 @@ class ContentExport extends ExportHandler implements
            ->addJoinObject($urlJoin, "url_rewriting_join")
            ->addJoinCondition(
                "url_rewriting_join",
-                RewritingUrlTableMap::VIEW . "=" .
-                $this->real_escape((new Content())->getRewrittenUrlViewName())
+                RewritingUrlTableMap::VIEW . " = ?",
+                (new Content())->getRewrittenUrlViewName(),
+                null,
+                \PDO::PARAM_STR
            )
            ->addJoinCondition(
                "url_rewriting_join",
-                RewritingUrlTableMap::VIEW_LOCALE . "=" . $this->real_escape($locale)
+                RewritingUrlTableMap::VIEW_LOCALE . " = ?",
+                $locale,
+                null,
+                \PDO::PARAM_STR
            )
            ->addAsColumn("url_URL", RewritingUrlTableMap::URL)
            ->select([
@@ -184,7 +189,7 @@ class ContentExport extends ExportHandler implements
                 * Do not repeat content values
                 */
                $line["content_TITLE"] = "";
-                $line["content_VISIBLE"] = "";
+                $line[ContentTableMap::VISIBLE] = "";
                $line["content_CHAPO"] = "";
                $line["content_DESCRIPTION"] = "";
                $line["content_CONCLUSION"] = "";
--- a/core/lib/Thelia/ImportExport/Export/Type/ProductPricesExport.php
+++ b/core/lib/Thelia/ImportExport/Export/Type/ProductPricesExport.php
@@ -78,7 +78,13 @@ class ProductPricesExport extends ExportHandler
                ->endUse()
                ->useProductQuery()
                    ->addJoinObject($productJoin, "product_join")
-                    ->addJoinCondition("product_join", ProductI18nTableMap::LOCALE . "=" . $this->real_escape($locale))
+                    ->addJoinCondition(
+                        "product_join",
+                        ProductI18nTableMap::LOCALE . " = ?",
+                        $locale,
+                        null,
+                        \PDO::PARAM_STR
+                    )
                    ->addAsColumn("product_TITLE", ProductI18nTableMap::TITLE)
                ->endUse()
                ->addAsColumn("product_sale_elements_REF", ProductSaleElementsTableMap::REF)
@@ -89,7 +95,7 @@ class ProductPricesExport extends ExportHandler
                ->addJoinObject($attributeAvJoin, "attribute_av_join")
                ->addJoinCondition(
                    "attribute_av_join",
-                    AttributeAvI18nTableMap::LOCALE . "=" . $this->real_escape($locale)
+                    AttributeAvI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR
                )
                ->addAsColumn(
                    "attribute_av_i18n_ATTRIBUTES",
--- a/core/lib/Thelia/ImportExport/Export/Type/ProductSEOExport.php
+++ b/core/lib/Thelia/ImportExport/Export/Type/ProductSEOExport.php
@@ -69,7 +69,7 @@ class ProductSEOExport extends ExportHandler
        $query = ProductAssociatedContentQuery::create()
            ->useProductQuery()
                ->addJoinObject($productJoin, "product_join")
-                ->addJoinCondition("product_join", ProductI18nTableMap::LOCALE . "=" . $this->real_escape($locale))
+                ->addJoinCondition("product_join", ProductI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR)
                ->addAsColumn("product_i18n_TITLE", ProductI18nTableMap::TITLE)
                ->addAsColumn("product_REF", ProductTableMap::REF)
                ->addAsColumn("product_VISIBLE", ProductTableMap::VISIBLE)
@@ -78,10 +78,12 @@ class ProductSEOExport extends ExportHandler
                ->addAsColumn("product_seo_META_KEYWORDS", ProductI18nTableMap::META_KEYWORDS)
            ->endUse()
            ->addJoinObject($urlJoin, "rewriting_url_join")
-            ->addJoinCondition("rewriting_url_join", RewritingUrlTableMap::VIEW_LOCALE . "=" . $this->real_escape($locale))
+            ->addJoinCondition("rewriting_url_join", RewritingUrlTableMap::VIEW_LOCALE . " = ?", $locale, null, \PDO::PARAM_STR)
            ->addJoinCondition(
                "rewriting_url_join",
-                RewritingUrlTableMap::VIEW . "=" . $this->real_escape((new Product())->getRewrittenUrlViewName())
+                RewritingUrlTableMap::VIEW . " = ?",(new Product())->getRewrittenUrlViewName(),
+                null,
+                \PDO::PARAM_STR
            )
            ->addJoinCondition("rewriting_url_join", "ISNULL(".RewritingUrlTableMap::REDIRECTED.")")
            ->addAsColumn("product_URL", RewritingUrlTableMap::URL)
--- a/core/lib/Thelia/Tests/ImportExport/Export/ContentExportTest.php
+++ b/core/lib/Thelia/Tests/ImportExport/Export/ContentExportTest.php
@@ -117,6 +117,16 @@ class ContentExportTest extends \PHPUnit_Framework_TestCase

            $imagesString = implode(",", $images);

+            if (empty($data[$i]["content_images"])) {
+                $j = 1;
+                while ($data[$i-$j]["id"] === $data[$i]["id"]) {
+                    if (!empty($data[$i - $j++]["content_images"])) {
+                        $data[$i]["content_images"] = $data[$i-$j-1]["content_images"];
+                        break;
+                    }
+                }
+            }
+
            $this->assertEquals($imagesString, $data[$i]["content_images"]);

            $folderImages = FolderImageQuery::create()