From 0d37e3470b353b86ffa002fe6b791ca27617c1a6 Mon Sep 17 00:00:00 2001 From: Benjamin Perche Date: Tue, 29 Jul 2014 09:29:22 +0200 Subject: [PATCH] =?UTF-8?q?Fix=20escape=20usage=20=09modifi=C3=A9:=20=20?= =?UTF-8?q?=20=20=20=20=20=20=20core/lib/Thelia/ImportExport/Export/Export?= =?UTF-8?q?Handler.php=20=09modifi=C3=A9:=20=20=20=20=20=20=20=20=20core/l?= =?UTF-8?q?ib/Thelia/ImportExport/Export/Type/ContentExport.php=20=09modif?= =?UTF-8?q?i=C3=A9:=20=20=20=20=20=20=20=20=20core/lib/Thelia/ImportExport?= =?UTF-8?q?/Export/Type/ProductPricesExport.php=20=09modifi=C3=A9:=20=20?= =?UTF-8?q?=20=20=20=20=20=20=20core/lib/Thelia/ImportExport/Export/Type/P?= =?UTF-8?q?roductSEOExport.php=20=09modifi=C3=A9:=20=20=20=20=20=20=20=20?= =?UTF-8?q?=20core/lib/Thelia/Tests/ImportExport/Export/ContentExportTest.?= =?UTF-8?q?php?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ImportExport/Export/ExportHandler.php | 27 ------------------- .../Export/Type/ContentExport.php | 17 +++++++----- .../Export/Type/ProductPricesExport.php | 10 +++++-- .../Export/Type/ProductSEOExport.php | 8 +++--- .../ImportExport/Export/ContentExportTest.php | 10 +++++++ 5 files changed, 34 insertions(+), 38 deletions(-) diff --git a/core/lib/Thelia/ImportExport/Export/ExportHandler.php b/core/lib/Thelia/ImportExport/Export/ExportHandler.php index e051cbf57..f7201fc36 100644 --- a/core/lib/Thelia/ImportExport/Export/ExportHandler.php +++ b/core/lib/Thelia/ImportExport/Export/ExportHandler.php @@ -150,33 +150,6 @@ abstract class ExportHandler extends AbstractHandler ; } - /** - * @param $str - * @return string - * - * Really escapes a string for SQL request. - */ - protected function real_escape($str) - { - $str = trim($str, "\"'"); - - $return = "CONCAT("; - $len = strlen($str); - - for ($i = 0; $i < $len; ++$i) { - $return .= "CHAR(".ord($str[$i])."),"; - } - - if ($i > 0) { - $return = substr($return, 0, -1); - } else { - $return = "\"\""; - } - $return .= ")"; - - return $return; - } - public function renderLoop($type, array $args = array()) { $loopsDefinition = $this->container->getParameter("thelia.parser.loops"); diff --git a/core/lib/Thelia/ImportExport/Export/Type/ContentExport.php b/core/lib/Thelia/ImportExport/Export/Type/ContentExport.php index 8c6ddcaae..1953a439d 100644 --- a/core/lib/Thelia/ImportExport/Export/Type/ContentExport.php +++ b/core/lib/Thelia/ImportExport/Export/Type/ContentExport.php @@ -107,13 +107,13 @@ class ContentExport extends ExportHandler implements ->endUse() ->_endif() ->addJoinObject($folderI18nJoin, "folder_i18n_join") - ->addJoinCondition("folder_i18n_join", FolderI18nTableMap::LOCALE . "=" . $this->real_escape($locale)) + ->addJoinCondition("folder_i18n_join", FolderI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR) ->addAsColumn("folder_TITLE", FolderI18nTableMap::TITLE) ->addAsColumn("folder_ID", FolderTableMap::ID) ->endUse() ->endUse() ->addJoinObject($contentI18nJoin, "content_i18n_join") - ->addJoinCondition("content_i18n_join", ContentI18nTableMap::LOCALE . "=" . $this->real_escape($locale)) + ->addJoinCondition("content_i18n_join", ContentI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR) ->addAsColumn("content_TITLE", ContentI18nTableMap::TITLE) ->addAsColumn("content_CHAPO", ContentI18nTableMap::CHAPO) ->addAsColumn("content_DESCRIPTION", ContentI18nTableMap::DESCRIPTION) @@ -124,12 +124,17 @@ class ContentExport extends ExportHandler implements ->addJoinObject($urlJoin, "url_rewriting_join") ->addJoinCondition( "url_rewriting_join", - RewritingUrlTableMap::VIEW . "=" . - $this->real_escape((new Content())->getRewrittenUrlViewName()) + RewritingUrlTableMap::VIEW . " = ?", + (new Content())->getRewrittenUrlViewName(), + null, + \PDO::PARAM_STR ) ->addJoinCondition( "url_rewriting_join", - RewritingUrlTableMap::VIEW_LOCALE . "=" . $this->real_escape($locale) + RewritingUrlTableMap::VIEW_LOCALE . " = ?", + $locale, + null, + \PDO::PARAM_STR ) ->addAsColumn("url_URL", RewritingUrlTableMap::URL) ->select([ @@ -184,7 +189,7 @@ class ContentExport extends ExportHandler implements * Do not repeat content values */ $line["content_TITLE"] = ""; - $line["content_VISIBLE"] = ""; + $line[ContentTableMap::VISIBLE] = ""; $line["content_CHAPO"] = ""; $line["content_DESCRIPTION"] = ""; $line["content_CONCLUSION"] = ""; diff --git a/core/lib/Thelia/ImportExport/Export/Type/ProductPricesExport.php b/core/lib/Thelia/ImportExport/Export/Type/ProductPricesExport.php index 1c4589690..e5b9ed4bb 100644 --- a/core/lib/Thelia/ImportExport/Export/Type/ProductPricesExport.php +++ b/core/lib/Thelia/ImportExport/Export/Type/ProductPricesExport.php @@ -78,7 +78,13 @@ class ProductPricesExport extends ExportHandler ->endUse() ->useProductQuery() ->addJoinObject($productJoin, "product_join") - ->addJoinCondition("product_join", ProductI18nTableMap::LOCALE . "=" . $this->real_escape($locale)) + ->addJoinCondition( + "product_join", + ProductI18nTableMap::LOCALE . " = ?", + $locale, + null, + \PDO::PARAM_STR + ) ->addAsColumn("product_TITLE", ProductI18nTableMap::TITLE) ->endUse() ->addAsColumn("product_sale_elements_REF", ProductSaleElementsTableMap::REF) @@ -89,7 +95,7 @@ class ProductPricesExport extends ExportHandler ->addJoinObject($attributeAvJoin, "attribute_av_join") ->addJoinCondition( "attribute_av_join", - AttributeAvI18nTableMap::LOCALE . "=" . $this->real_escape($locale) + AttributeAvI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR ) ->addAsColumn( "attribute_av_i18n_ATTRIBUTES", diff --git a/core/lib/Thelia/ImportExport/Export/Type/ProductSEOExport.php b/core/lib/Thelia/ImportExport/Export/Type/ProductSEOExport.php index 66e5ee305..ee04b12a0 100644 --- a/core/lib/Thelia/ImportExport/Export/Type/ProductSEOExport.php +++ b/core/lib/Thelia/ImportExport/Export/Type/ProductSEOExport.php @@ -69,7 +69,7 @@ class ProductSEOExport extends ExportHandler $query = ProductAssociatedContentQuery::create() ->useProductQuery() ->addJoinObject($productJoin, "product_join") - ->addJoinCondition("product_join", ProductI18nTableMap::LOCALE . "=" . $this->real_escape($locale)) + ->addJoinCondition("product_join", ProductI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR) ->addAsColumn("product_i18n_TITLE", ProductI18nTableMap::TITLE) ->addAsColumn("product_REF", ProductTableMap::REF) ->addAsColumn("product_VISIBLE", ProductTableMap::VISIBLE) @@ -78,10 +78,12 @@ class ProductSEOExport extends ExportHandler ->addAsColumn("product_seo_META_KEYWORDS", ProductI18nTableMap::META_KEYWORDS) ->endUse() ->addJoinObject($urlJoin, "rewriting_url_join") - ->addJoinCondition("rewriting_url_join", RewritingUrlTableMap::VIEW_LOCALE . "=" . $this->real_escape($locale)) + ->addJoinCondition("rewriting_url_join", RewritingUrlTableMap::VIEW_LOCALE . " = ?", $locale, null, \PDO::PARAM_STR) ->addJoinCondition( "rewriting_url_join", - RewritingUrlTableMap::VIEW . "=" . $this->real_escape((new Product())->getRewrittenUrlViewName()) + RewritingUrlTableMap::VIEW . " = ?",(new Product())->getRewrittenUrlViewName(), + null, + \PDO::PARAM_STR ) ->addJoinCondition("rewriting_url_join", "ISNULL(".RewritingUrlTableMap::REDIRECTED.")") ->addAsColumn("product_URL", RewritingUrlTableMap::URL) diff --git a/core/lib/Thelia/Tests/ImportExport/Export/ContentExportTest.php b/core/lib/Thelia/Tests/ImportExport/Export/ContentExportTest.php index 827b11408..8f4be406b 100644 --- a/core/lib/Thelia/Tests/ImportExport/Export/ContentExportTest.php +++ b/core/lib/Thelia/Tests/ImportExport/Export/ContentExportTest.php @@ -117,6 +117,16 @@ class ContentExportTest extends \PHPUnit_Framework_TestCase $imagesString = implode(",", $images); + if (empty($data[$i]["content_images"])) { + $j = 1; + while ($data[$i-$j]["id"] === $data[$i]["id"]) { + if (!empty($data[$i - $j++]["content_images"])) { + $data[$i]["content_images"] = $data[$i-$j-1]["content_images"]; + break; + } + } + } + $this->assertEquals($imagesString, $data[$i]["content_images"]); $folderImages = FolderImageQuery::create()