[geeklog-hg] geeklog: Fixed a bug where SQL error occurs with two methods (re...

Sun Nov 16 10:02:00 EST 2014

changeset 9554:4f2ded05a7ad
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/4f2ded05a7ad
user: dengen <taharaxp at gmail.com>
date: Sun Nov 16 18:28:07 2014 +0900
description:
Fixed a bug where SQL error occurs with two methods (restore_param and unset_param) of config class
This error occurs when the parameter $tab_id is omitted.
However, $tab_id is not necessary. In addition, the parameter $sg is never used.
I think that we should remove these parameters.
These parameters have been added with the changeset eb23a89b1fad.

diffstat:

 system/classes/config.class.php |  23 ++++++++++++++++++-----
 1 files changed, 18 insertions(+), 5 deletions(-)

diffs (54 lines):

diff -r c0d204570b46 -r 4f2ded05a7ad system/classes/config.class.php

--- a/system/classes/config.class.php	Tue Nov 11 20:06:23 2014 +0900
+++ b/system/classes/config.class.php	Sun Nov 16 18:28:07 2014 +0900
@@ -392,6 +392,15 @@
     {
         global $_TABLES;
         
+        $escaped_name = DB_escapeString($name);
+        $escaped_grp = DB_escapeString($group);
+
+        if (empty($tab_id)) {
+            $tab_id = DB_getItem($_TABLES['conf_values'], 'tab',
+                    "name = '$escaped_name' AND group_name = '$escaped_grp'");
+            if (empty($tab_id)) return false;
+        }
+
         // check if current user other than Root has access to
         $tab_name = $this->_get_tab_name($group, $tab_id);
         $ft = $this->conf_type['tab'][$group][$tab_name];
@@ -399,9 +408,6 @@
             return false;
         }
 
-        $escaped_name = DB_escapeString($name);
-        $escaped_grp = DB_escapeString($group);
-
         $result = DB_query("SELECT value, default_value FROM {$_TABLES['conf_values']} WHERE name = '{$escaped_name}' AND group_name = '{$escaped_grp}'");
         list($value, $default_value) = DB_fetchArray($result);
 
@@ -431,6 +437,15 @@
     {
         global $_TABLES;
         
+        $escaped_name = DB_escapeString($name);
+        $escaped_grp = DB_escapeString($group);
+
+        if (empty($tab_id)) {
+            $tab_id = DB_getItem($_TABLES['conf_values'], 'tab',
+                    "name = '$escaped_name' AND group_name = '$escaped_grp'");
+            if (empty($tab_id)) return false;
+        }
+
         // check if current user other than Root has access to
         $tab_name = $this->_get_tab_name($group, $tab_id);
         $ft = $this->conf_type['tab'][$group][$tab_name];
@@ -438,8 +453,6 @@
             return false;
         }
 
-        $escaped_name = DB_escapeString($name);
-        $escaped_grp = DB_escapeString($group);
         $default_value = DB_getItem($_TABLES['conf_values'], 'default_value',
                 "name = '{$escaped_name}' AND group_name = '{$escaped_grp}'");
         $sql = "UPDATE {$_TABLES['conf_values']} SET value = 'unset'";

