Changeset 18792


Ignore:
Timestamp:
2010/08/26 10:42:00 (11 years ago)
Author:
nanasess
bzr:base-revision:
ohkouchi@loop-az.jp-20100825073846-mzg8ka4y21o1nk6o
bzr:committer:
Kentaro Ohkouchi <ohkouchi@loop-az.jp>
bzr:file-ids:

data/class/SC_CustomerList.php 15078@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2FSC_CustomerList.php
data/class/SC_SelectSql.php 15078@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2FSC_SelectSql.php
data/class/pages/admin/mail/LC_Page_Admin_Mail.php 15640@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fadmin%2Fmail%2FLC_Page_Admin_Mail.php
data/class/pages/admin/order/LC_Page_Admin_Order.php 15584@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fadmin%2Forder%2FLC_Page_Admin_Order.php
data/class/pages/admin/products/LC_Page_Admin_Products.php 15342@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fadmin%2Fproducts%2FLC_Page_Admin_Products.php
data/class/pages/admin/products/LC_Page_Admin_Products_Review.php 15537@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fadmin%2Fproducts%2FLC_Page_Admin_Products_Review.php
data/class/pages/admin/products/LC_Page_Admin_Products_Trackback.php 15546@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fadmin%2Fproducts%2FLC_Page_Admin_Products_Trackback.php
data/class/pages/products/LC_Page_Products_List.php 15154@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fproducts%2FLC_Page_Products_List.php
data/class/util/SC_Utils.php 15078@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Futil%2FSC_Utils.php
bzr:mapping-version:
v4
bzr:repository-uuid:
1e3b908f-19a9-db11-a64c-001125224ba8
bzr:revision-id:
ohkouchi@loop-az.jp-20100826014156-g12l1o38gsj73acs
bzr:revno:
2275
bzr:revprop:branch-nick:
branches/version-2_5-dev
bzr:root:
branches/version-2_5-dev
bzr:text-parents:

data/class/SC_CustomerList.php ohkouchi@loop-az.jp-20100820090626-dkyj2ngdh7vklaow
data/class/SC_SelectSql.php ohkouchi@loop-az.jp-20100614082857-g3n9wn9zakpc7a0m
data/class/pages/admin/mail/LC_Page_Admin_Mail.php ohkouchi@loop-az.jp-20100819104758-beubop5hq0pwdqhx
data/class/pages/admin/order/LC_Page_Admin_Order.php ohkouchi@loop-az.jp-20100820090626-dkyj2ngdh7vklaow
data/class/pages/admin/products/LC_Page_Admin_Products.php ohkouchi@loop-az.jp-20100820090626-dkyj2ngdh7vklaow
data/class/pages/admin/products/LC_Page_Admin_Products_Review.php ohkouchi@loop-az.jp-20100614082857-g3n9wn9zakpc7a0m
data/class/pages/admin/products/LC_Page_Admin_Products_Trackback.php ohkouchi@loop-az.jp-20100614082857-g3n9wn9zakpc7a0m
data/class/pages/products/LC_Page_Products_List.php ohkouchi@loop-az.jp-20100803111301-u8ph4za35y4il0dh
data/class/util/SC_Utils.php ohkouchi@loop-az.jp-20100820090626-dkyj2ngdh7vklaow
bzr:timestamp:
2010-08-26 10:41:56.190000057 +0900
bzr:user-agent:
bzr2.1.2+bzr-svn1.0.2
svn:original-date:
2010-08-26T01:41:56.190000Z
Message:

r18789 の変更に伴い SC_Utils::sfManualEscape() が不具合を発生していたので, 使用しないように修正(#801)

Location:
branches/version-2_5-dev/data/class
Files:
9 edited

Legend:

Unmodified
Added
Removed
  • branches/version-2_5-dev/data/class/SC_CustomerList.php

    r18789 r18792  
    317317        //カテゴリーを選択している場合のみ絞込検索を行う 
    318318        if (!isset($this->arrSql['category_id'])) $this->arrSql['category_id'] = ""; 
    319         if ( strlen($this->arrSql['category_id']) != ""){ 
     319        if ( strlen($this->arrSql['category_id']) > 0){ 
    320320            //カテゴリーで絞込検索を行うSQL文生成 
    321             list($tmp_where, $tmp_arrval) = $objDb->sfGetCatWhere(SC_Utils_Ex::sfManualEscape($this->arrSql['category_id'])); 
     321            list($tmp_where, $tmp_arrval) = $objDb->sfGetCatWhere($this->arrSql['category_id']); 
    322322 
    323323            //カテゴリーで絞込みが可能の場合 
  • branches/version-2_5-dev/data/class/SC_SelectSql.php

    r18701 r18792  
    5959        // 検索用 
    6060    function addSearchStr($val) { 
    61         $return = SC_Utils_Ex::sfManualEscape($val); 
    62         $return = "%" .$return. "%"; 
     61        $return = "%" .$val. "%"; 
    6362        return $return; 
    6463    } 
  • branches/version-2_5-dev/data/class/pages/admin/mail/LC_Page_Admin_Mail.php

    r18788 r18792  
    229229            if (empty($this->arrErr)) { 
    230230                $this->list_data['name'] = isset($this->list_data['name']) 
    231                     ? SC_Utils_Ex::sfManualEscape($this->list_data['name']) : ""; 
     231                    ? $this->list_data['name'] : ""; 
    232232                // hidden要素作成 
    233233                $this->arrHidden = $this->lfGetHidden($this->list_data); 
     
    300300            // 検索開始 
    301301            if (empty($this->arrErr)) { 
    302                 $this->list_data['name'] = isset($this->list_data['name']) ? SC_Utils_Ex::sfManualEscape($this->list_data['name']) : ""; 
     302                $this->list_data['name'] = isset($this->list_data['name']) ? $this->list_data['name'] : ""; 
    303303                $this->arrHidden = $this->lfGetHidden($this->list_data); // hidden要素作成 
    304304 
     
    352352                $this->list_data['name'] = 
    353353                    isset($this->list_data['name']) 
    354                     ? SC_Utils_Ex::sfManualEscape($this->list_data['name']) : ""; 
     354                    ? $this->list_data['name'] : ""; 
    355355 
    356356                if ( $_POST['mode'] == 'regist_confirm'){ 
     
    410410            $from = "dtb_order LEFT JOIN dtb_order_detail USING(order_id)"; 
    411411            $where = "product_code LIKE ? AND del_flg = 0"; 
    412             $val = SC_Utils_Ex::sfManualEscape($keyword); 
    413             $arrVal[] = "%$val%"; 
    414412            $objQuery = new SC_Query(); 
    415413            $objQuery->setGroupBy("customer_id, order_id"); 
    416             $arrRet = $objQuery->select($col, $from, $where, $arrVal); 
     414            $arrRet = $objQuery->select($col, $from, $where, array($keyword)); 
    417415            $arrCustomerOrderId = SC_Utils_Ex::sfArrKeyValues($arrRet, "customer_id", "order_id"); 
    418416        } 
  • branches/version-2_5-dev/data/class/pages/admin/order/LC_Page_Admin_Order.php

    r18789 r18792  
    137137                            continue; 
    138138                        } 
    139                         $val = SC_Utils_Ex::sfManualEscape($val); 
    140139 
    141140                        $dbFactory = SC_DB_DBFactory::getInstance(); 
  • branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products.php

    r18789 r18792  
    159159                $arrval = array(); 
    160160                foreach ($this->arrForm as $key => $val) { 
    161                     $val = SC_Utils_Ex::sfManualEscape($val); 
    162161 
    163162                    if($val == "") { 
     
    200199                            break; 
    201200                        case 'search_startyear': // 登録更新日(FROM) 
     201                            // FIXME POST の値をチェックする 
    202202                            $date = SC_Utils_Ex::sfGetTimestamp($_POST['search_startyear'], $_POST['search_startmonth'], $_POST['search_startday']); 
    203203                            $where.= " AND update_date >= '" . $_POST['search_startyear'] . "/" . $_POST['search_startmonth']. "/" .$_POST['search_startday'] . "'"; 
  • branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products_Review.php

    r18701 r18792  
    128128            if (!$this->arrErr){ 
    129129                foreach ($_POST as $key => $val){ 
    130  
    131                     $val = SC_Utils_Ex::sfManualEscape($val); 
    132130 
    133131                    if($val == "") { 
  • branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products_Trackback.php

    r18701 r18792  
    117117                foreach ($_POST as $key => $val) { 
    118118 
    119                     $val = SC_Utils_Ex::sfManualEscape($val); 
    120  
    121119                    if ($val == "") { 
    122120                        continue; 
  • branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_List.php

    r18773 r18792  
    346346            if ( strlen($val) > 0 ) { 
    347347                $where .= " AND ( name ILIKE ? OR comment3 ILIKE ?) "; 
    348                 $ret = SC_Utils_Ex::sfManualEscape($val); 
    349                 $arrval[] = "%$ret%"; 
    350                 $arrval[] = "%$ret%"; 
     348                $arrval[] = "%$val%"; 
     349                $arrval[] = "%$val%"; 
    351350            } 
    352351        } 
  • branches/version-2_5-dev/data/class/util/SC_Utils.php

    r18789 r18792  
    994994 
    995995    /** 
    996      * 特殊制御文字の手動エスケープ 
    997      * @deprecated ブレースホルダを使用すること 
    998      */ 
    999     function sfManualEscape($data) { 
    1000         $objQuery =& SC_Query::getSingletonInstance(); 
    1001         // 配列でない場合 
    1002         if(!is_array($data)) { 
    1003             $ret = $objQuery->quote($data); 
    1004             $ret = ereg_replace("%", "\\%", $ret); 
    1005             $ret = ereg_replace("_", "\\_", $ret); 
    1006             return $ret; 
    1007         } 
    1008  
    1009         // 配列の場合 
    1010         foreach($data as $val) { 
    1011             $ret = $objQuery->quote($val); 
    1012             $ret = ereg_replace("%", "\\%", $ret); 
    1013             $ret = ereg_replace("_", "\\_", $ret); 
    1014             $arrRet[] = $ret; 
    1015         } 
    1016  
    1017         return $arrRet; 
    1018     } 
    1019  
    1020     /** 
    1021996     * ドメイン間で有効なセッションのスタート 
    1022997     * 共有SSL対応のための修正により、この関数は廃止します。 
Note: See TracChangeset for help on using the changeset viewer.