[geeklog-hg] geeklog: Fixed a bug where SQL error occurs with two methods (re...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Nov 16 10:02:00 EST 2014
changeset 9554:4f2ded05a7ad
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/4f2ded05a7ad
user: dengen <taharaxp at gmail.com>
date: Sun Nov 16 18:28:07 2014 +0900
description:
Fixed a bug where SQL error occurs with two methods (restore_param and unset_param) of config class
This error occurs when the parameter $tab_id is omitted.
However, $tab_id is not necessary. In addition, the parameter $sg is never used.
I think that we should remove these parameters.
These parameters have been added with the changeset eb23a89b1fad.
diffstat:
system/classes/config.class.php | 23 ++++++++++++++++++-----
1 files changed, 18 insertions(+), 5 deletions(-)
diffs (54 lines):
diff -r c0d204570b46 -r 4f2ded05a7ad system/classes/config.class.php
--- a/system/classes/config.class.php Tue Nov 11 20:06:23 2014 +0900
+++ b/system/classes/config.class.php Sun Nov 16 18:28:07 2014 +0900
@@ -392,6 +392,15 @@
{
global $_TABLES;
+ $escaped_name = DB_escapeString($name);
+ $escaped_grp = DB_escapeString($group);
+
+ if (empty($tab_id)) {
+ $tab_id = DB_getItem($_TABLES['conf_values'], 'tab',
+ "name = '$escaped_name' AND group_name = '$escaped_grp'");
+ if (empty($tab_id)) return false;
+ }
+
// check if current user other than Root has access to
$tab_name = $this->_get_tab_name($group, $tab_id);
$ft = $this->conf_type['tab'][$group][$tab_name];
@@ -399,9 +408,6 @@
return false;
}
- $escaped_name = DB_escapeString($name);
- $escaped_grp = DB_escapeString($group);
-
$result = DB_query("SELECT value, default_value FROM {$_TABLES['conf_values']} WHERE name = '{$escaped_name}' AND group_name = '{$escaped_grp}'");
list($value, $default_value) = DB_fetchArray($result);
@@ -431,6 +437,15 @@
{
global $_TABLES;
+ $escaped_name = DB_escapeString($name);
+ $escaped_grp = DB_escapeString($group);
+
+ if (empty($tab_id)) {
+ $tab_id = DB_getItem($_TABLES['conf_values'], 'tab',
+ "name = '$escaped_name' AND group_name = '$escaped_grp'");
+ if (empty($tab_id)) return false;
+ }
+
// check if current user other than Root has access to
$tab_name = $this->_get_tab_name($group, $tab_id);
$ft = $this->conf_type['tab'][$group][$tab_name];
@@ -438,8 +453,6 @@
return false;
}
- $escaped_name = DB_escapeString($name);
- $escaped_grp = DB_escapeString($group);
$default_value = DB_getItem($_TABLES['conf_values'], 'default_value',
"name = '{$escaped_name}' AND group_name = '{$escaped_grp}'");
$sql = "UPDATE {$_TABLES['conf_values']} SET value = 'unset'";
More information about the geeklog-cvs
mailing list