extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-06-26 12:51:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Appears to fix problems with bad data sent to a couple of functions, causing bad SQL generation

Browse Source
This commit is contained in:
Miles Lott 2004-01-02 22:49:10 +00:00
parent 6a5b4e957e
commit 5dbef396f9
1 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
phpgwapi/inc/class.categories.inc.php
View File

@ -185,7 +185,7 @@
$querymethod .= ' AND last_mod > ' . $lastmod; $querymethod .= ' AND last_mod > ' . $lastmod;
} }
if ($column) if($column)
{ {
switch($column) switch($column)
{ {
@ -207,7 +207,7 @@
$table_column = ' * '; $table_column = ' * ';
} }
$sql = "SELECT $table_column from phpgw_categories WHERE (cat_appname='" . $this->app_name . "' AND" . $grant_cats . $global_cats . ')' $sql = "SELECT $table_column FROM phpgw_categories WHERE (cat_appname='" . $this->app_name . "' AND" . $grant_cats . $global_cats . ')'
. $parent_filter . $querymethod . $filter; . $parent_filter . $querymethod . $filter;
$this->db2->query($sql,__LINE__,__FILE__); $this->db2->query($sql,__LINE__,__FILE__);
@ -309,7 +309,7 @@
$querymethod = " AND (cat_name LIKE '%$query%' OR cat_description LIKE '%$query%') "; $querymethod = " AND (cat_name LIKE '%$query%' OR cat_description LIKE '%$query%') ";
} }
$sql = "SELECT * from phpgw_categories WHERE (cat_appname='" . $this->app_name . "' AND" . $grant_cats . $global_cats . ")" $sql = "SELECT * FROM phpgw_categories WHERE (cat_appname='" . $this->app_name . "' AND" . $grant_cats . $global_cats . ")"
. $querymethod; . $querymethod;
$this->db2->query($sql . $parent_select,__LINE__,__FILE__); $this->db2->query($sql . $parent_select,__LINE__,__FILE__);
@ -715,18 +715,18 @@
function id2name($cat_id = '', $item = 'name') function id2name($cat_id = '', $item = 'name')
{ {
$cat_id = (int)$cat_id; $cat_id = (int)$cat_id;
if ($cat_id == 0) if($cat_id == 0)
{ {
return '--'; return '--';
} }
switch($item) switch($item)
{ {
default: //fall through
case 'name': $value = 'cat_name'; break;
case 'owner': $value = 'cat_owner'; break; case 'owner': $value = 'cat_owner'; break;
case 'main': $value = 'cat_main'; break; case 'main': $value = 'cat_main'; break;
case 'level': $value = 'cat_level'; break; case 'level': $value = 'cat_level'; break;
case 'parent': $value = 'cat_parent'; break; case 'parent': $value = 'cat_parent'; break;
case 'name':
default: $value = 'cat_parent'; break;
} }
$this->db->query("SELECT $value FROM phpgw_categories WHERE cat_id=" . $cat_id,__LINE__,__FILE__); $this->db->query("SELECT $value FROM phpgw_categories WHERE cat_id=" . $cat_id,__LINE__,__FILE__);