Fix escape usage

modifié:         core/lib/Thelia/ImportExport/Export/ExportHandler.php
	modifié:         core/lib/Thelia/ImportExport/Export/Type/ContentExport.php
	modifié:         core/lib/Thelia/ImportExport/Export/Type/ProductPricesExport.php
	modifié:         core/lib/Thelia/ImportExport/Export/Type/ProductSEOExport.php
	modifié:         core/lib/Thelia/Tests/ImportExport/Export/ContentExportTest.php

core/lib/Thelia/ImportExport/Export/ExportHandler.php

@@ -150,33 +150,6 @@ abstract class ExportHandler extends AbstractHandler
         ;
     }
 
-    /**
-     * @param $str
-     * @return string
-     *
-     * Really escapes a string for SQL request.
-     */
-    protected function real_escape($str)
-    {
-        $str = trim($str, "\"'");
-
-        $return = "CONCAT(";
-        $len = strlen($str);
-
-        for ($i = 0; $i < $len; ++$i) {
-            $return .= "CHAR(".ord($str[$i])."),";
-        }
-
-        if ($i > 0) {
-            $return = substr($return, 0, -1);
-        } else {
-            $return = "\"\"";
-        }
-        $return .= ")";
-
-        return $return;
-    }
-
     public function renderLoop($type, array $args = array())
     {
         $loopsDefinition = $this->container->getParameter("thelia.parser.loops");

core/lib/Thelia/ImportExport/Export/Type/ContentExport.php

@@ -107,13 +107,13 @@ class ContentExport extends ExportHandler implements
                         ->endUse()
                     ->_endif()
                     ->addJoinObject($folderI18nJoin, "folder_i18n_join")
-                    ->addJoinCondition("folder_i18n_join", FolderI18nTableMap::LOCALE . "=" . $this->real_escape($locale))
+                    ->addJoinCondition("folder_i18n_join", FolderI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR)
                     ->addAsColumn("folder_TITLE", FolderI18nTableMap::TITLE)
                     ->addAsColumn("folder_ID", FolderTableMap::ID)
                 ->endUse()
             ->endUse()
             ->addJoinObject($contentI18nJoin, "content_i18n_join")
-            ->addJoinCondition("content_i18n_join", ContentI18nTableMap::LOCALE . "=" . $this->real_escape($locale))
+            ->addJoinCondition("content_i18n_join", ContentI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR)
             ->addAsColumn("content_TITLE", ContentI18nTableMap::TITLE)
             ->addAsColumn("content_CHAPO", ContentI18nTableMap::CHAPO)
             ->addAsColumn("content_DESCRIPTION", ContentI18nTableMap::DESCRIPTION)
@@ -124,12 +124,17 @@ class ContentExport extends ExportHandler implements
             ->addJoinObject($urlJoin, "url_rewriting_join")
             ->addJoinCondition(
                 "url_rewriting_join",
-                RewritingUrlTableMap::VIEW . "=" .
+                RewritingUrlTableMap::VIEW . " = ?",
-                $this->real_escape((new Content())->getRewrittenUrlViewName())
+                (new Content())->getRewrittenUrlViewName(),
+                null,
+                \PDO::PARAM_STR
             )
             ->addJoinCondition(
                 "url_rewriting_join",
-                RewritingUrlTableMap::VIEW_LOCALE . "=" . $this->real_escape($locale)
+                RewritingUrlTableMap::VIEW_LOCALE . " = ?",
+                $locale,
+                null,
+                \PDO::PARAM_STR
             )
             ->addAsColumn("url_URL", RewritingUrlTableMap::URL)
             ->select([
@@ -184,7 +189,7 @@ class ContentExport extends ExportHandler implements
                  * Do not repeat content values
                  */
                 $line["content_TITLE"] = "";
-                $line["content_VISIBLE"] = "";
+                $line[ContentTableMap::VISIBLE] = "";
                 $line["content_CHAPO"] = "";
                 $line["content_DESCRIPTION"] = "";
                 $line["content_CONCLUSION"] = "";

core/lib/Thelia/ImportExport/Export/Type/ProductPricesExport.php

@@ -78,7 +78,13 @@ class ProductPricesExport extends ExportHandler
                 ->endUse()
                 ->useProductQuery()
                     ->addJoinObject($productJoin, "product_join")
-                    ->addJoinCondition("product_join", ProductI18nTableMap::LOCALE . "=" . $this->real_escape($locale))
+                    ->addJoinCondition(
+                        "product_join",
+                        ProductI18nTableMap::LOCALE . " = ?",
+                        $locale,
+                        null,
+                        \PDO::PARAM_STR
+                    )
                     ->addAsColumn("product_TITLE", ProductI18nTableMap::TITLE)
                 ->endUse()
                 ->addAsColumn("product_sale_elements_REF", ProductSaleElementsTableMap::REF)
@@ -89,7 +95,7 @@ class ProductPricesExport extends ExportHandler
                 ->addJoinObject($attributeAvJoin, "attribute_av_join")
                 ->addJoinCondition(
                     "attribute_av_join",
-                    AttributeAvI18nTableMap::LOCALE . "=" . $this->real_escape($locale)
+                    AttributeAvI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR
                 )
                 ->addAsColumn(
                     "attribute_av_i18n_ATTRIBUTES",

core/lib/Thelia/ImportExport/Export/Type/ProductSEOExport.php

@@ -69,7 +69,7 @@ class ProductSEOExport extends ExportHandler
         $query = ProductAssociatedContentQuery::create()
             ->useProductQuery()
                 ->addJoinObject($productJoin, "product_join")
-                ->addJoinCondition("product_join", ProductI18nTableMap::LOCALE . "=" . $this->real_escape($locale))
+                ->addJoinCondition("product_join", ProductI18nTableMap::LOCALE . " = ?", $locale, null, \PDO::PARAM_STR)
                 ->addAsColumn("product_i18n_TITLE", ProductI18nTableMap::TITLE)
                 ->addAsColumn("product_REF", ProductTableMap::REF)
                 ->addAsColumn("product_VISIBLE", ProductTableMap::VISIBLE)
@@ -78,10 +78,12 @@ class ProductSEOExport extends ExportHandler
                 ->addAsColumn("product_seo_META_KEYWORDS", ProductI18nTableMap::META_KEYWORDS)
             ->endUse()
             ->addJoinObject($urlJoin, "rewriting_url_join")
-            ->addJoinCondition("rewriting_url_join", RewritingUrlTableMap::VIEW_LOCALE . "=" . $this->real_escape($locale))
+            ->addJoinCondition("rewriting_url_join", RewritingUrlTableMap::VIEW_LOCALE . " = ?", $locale, null, \PDO::PARAM_STR)
             ->addJoinCondition(
                 "rewriting_url_join",
-                RewritingUrlTableMap::VIEW . "=" . $this->real_escape((new Product())->getRewrittenUrlViewName())
+                RewritingUrlTableMap::VIEW . " = ?",(new Product())->getRewrittenUrlViewName(),
+                null,
+                \PDO::PARAM_STR
             )
             ->addJoinCondition("rewriting_url_join", "ISNULL(".RewritingUrlTableMap::REDIRECTED.")")
             ->addAsColumn("product_URL", RewritingUrlTableMap::URL)

core/lib/Thelia/Tests/ImportExport/Export/ContentExportTest.php

@@ -117,6 +117,16 @@ class ContentExportTest extends \PHPUnit_Framework_TestCase
 
             $imagesString = implode(",", $images);
 
+            if (empty($data[$i]["content_images"])) {
+                $j = 1;
+                while ($data[$i-$j]["id"] === $data[$i]["id"]) {
+                    if (!empty($data[$i - $j++]["content_images"])) {
+                        $data[$i]["content_images"] = $data[$i-$j-1]["content_images"];
+                        break;
+                    }
+                }
+            }
+
             $this->assertEquals($imagesString, $data[$i]["content_images"]);
 
             $folderImages = FolderImageQuery::create()