Skip to content

Commit

Permalink
Merge branch 'hotfix/escape-queries'
Browse files Browse the repository at this point in the history
  • Loading branch information
Hannu Pölönen committed Dec 21, 2016
2 parents 5e25cda + 6f67d0b commit f2634d3
Show file tree
Hide file tree
Showing 8 changed files with 19 additions and 18 deletions.
4 changes: 2 additions & 2 deletions classes/helpers/config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,8 +165,8 @@ public function deleteAllFromContext($id_lang = null, $id_shop_group = null, $id
$context_restriction = '';
}

$config_table = _DB_PREFIX_ . 'configuration';
$config_lang_table = $config_table . '_lang';
$config_table = pSQL(_DB_PREFIX_ . 'configuration');
$config_lang_table = pSQL($config_table . '_lang');

if (!empty($id_lang)) {
Db::getInstance()->execute(
Expand Down
2 changes: 1 addition & 1 deletion classes/helpers/customer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ public static function getCustomerLinkTableName()
*/
public static function getCustomerReferenceTableName()
{
return _DB_PREFIX_.self::TABLE_NAME_CUSTOMER_REFERENCE;
return pSQL(_DB_PREFIX_.self::TABLE_NAME_CUSTOMER_REFERENCE);
}

/**
Expand Down
2 changes: 1 addition & 1 deletion classes/helpers/image.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ public function chooseOptimalImageType()
$definition = (_PS_VERSION_ >= '1.5') ? ObjectModel::getDefinition('ImageType') : array();
$table_name = isset($definition['table']) ? $definition['table'] : 'image_type';
$available_image_types = Db::getInstance()->executeS('
SELECT * FROM `'._DB_PREFIX_.pSQL($table_name).'`
SELECT * FROM `'.pSQL(_DB_PREFIX_.$table_name).'`
WHERE `products` = 1
ORDER BY `width` ASC
');
Expand Down
2 changes: 1 addition & 1 deletion classes/helpers/url.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ public function getPreviewUrlProduct($id_product = null, $id_lang = null)
// Find a product that is active and available for order.
$sql = '
SELECT `id_product`
FROM `'._DB_PREFIX_.'product`
FROM `'.pSQL(_DB_PREFIX_).'product`
WHERE `active` = 1
AND `available_for_order` = 1
';
Expand Down
13 changes: 7 additions & 6 deletions classes/models/order.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -451,6 +451,7 @@ protected function getProductAttributeCombinationsById($product, $id_product_att
return $product->getAttributeCombinationsById($id_product_attribute, $id_lang);
}

$db_prefix = pSQL(_DB_PREFIX_);
return Db::getInstance()->executeS(
'SELECT
pa.*,
Expand All @@ -461,20 +462,20 @@ protected function getProductAttributeCombinationsById($product, $id_product_att
a.`id_attribute`,
pa.`unit_price_impact`
FROM
`'._DB_PREFIX_.'product_attribute` pa
`'. $db_prefix .'product_attribute` pa
LEFT JOIN
`'._DB_PREFIX_.'product_attribute_combination` pac
`'. $db_prefix .'product_attribute_combination` pac
ON pac.`id_product_attribute` = pa.`id_product_attribute`
LEFT JOIN
`'._DB_PREFIX_.'attribute` a ON a.`id_attribute` = pac.`id_attribute`
`'. $db_prefix .'attribute` a ON a.`id_attribute` = pac.`id_attribute`
LEFT JOIN
`'._DB_PREFIX_.'attribute_group` ag
`'. $db_prefix .'attribute_group` ag
ON ag.`id_attribute_group` = a.`id_attribute_group`
LEFT JOIN
`'._DB_PREFIX_.'attribute_lang` al
`'. $db_prefix .'attribute_lang` al
ON (a.`id_attribute` = al.`id_attribute` AND al.`id_lang` = '.(int)($id_lang).')
LEFT JOIN
`'._DB_PREFIX_.'attribute_group_lang` agl
`'. $db_prefix .'attribute_group_lang` agl
ON (
ag.`id_attribute_group` = agl.`id_attribute_group`
AND agl.`id_lang` = '.(int)($id_lang).'
Expand Down
4 changes: 2 additions & 2 deletions upgrade/upgrade-1.1.0.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,13 @@
*/
function upgrade_module_1_1_0($object)
{
$create_table = 'CREATE TABLE IF NOT EXISTS `'._DB_PREFIX_.'nostotagging_customer_link` (
$create_table = 'CREATE TABLE IF NOT EXISTS `'.pSQL(_DB_PREFIX_).'nostotagging_customer_link` (
`id_customer` INT(10) UNSIGNED NOT NULL,
`id_nosto_customer` VARCHAR(255) NOT NULL,
`date_add` DATETIME NOT NULL,
`date_upd` DATETIME NULL,
PRIMARY KEY (`id_customer`, `id_nosto_customer`)
) ENGINE '._MYSQL_ENGINE_;
) ENGINE '.pSQL(_MYSQL_ENGINE_);

return Db::getInstance()->execute($create_table)
&& $object->registerHook('actionPaymentConfirmation')
Expand Down
4 changes: 2 additions & 2 deletions upgrade/upgrade-1.3.0.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,8 @@
function upgrade_module_1_3_0($object)
{
// Purge the nosto configs the plugin have created so far and reload the config.
$config_table = _DB_PREFIX_.'configuration';
$config_lang_table = $config_table.'_lang';
$config_table = pSQL(_DB_PREFIX_.'configuration');
$config_lang_table = pSQL($config_table.'_lang');
Db::getInstance()->execute('
DELETE `'.$config_lang_table.'` FROM `'.$config_lang_table.'`
LEFT JOIN `'.$config_table.'`
Expand Down
6 changes: 3 additions & 3 deletions upgrade/upgrade-2.1.0.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,14 @@
*/
function upgrade_module_2_1_0($object)
{
$drop_table = 'DROP TABLE IF EXISTS `'._DB_PREFIX_.'nostotagging_customer_link`';
$create_table = 'CREATE TABLE IF NOT EXISTS `'._DB_PREFIX_.'nostotagging_customer_link` (
$drop_table = 'DROP TABLE IF EXISTS `'.pSQL(_DB_PREFIX_).'nostotagging_customer_link`';
$create_table = 'CREATE TABLE IF NOT EXISTS `'.pSQL(_DB_PREFIX_).'nostotagging_customer_link` (
`id_cart` INT(10) UNSIGNED NOT NULL,
`id_nosto_customer` VARCHAR(255) NOT NULL,
`date_add` DATETIME NOT NULL,
`date_upd` DATETIME NULL,
PRIMARY KEY (`id_cart`, `id_nosto_customer`)
) ENGINE '._MYSQL_ENGINE_;
) ENGINE '.pSQL(_MYSQL_ENGINE_);

if (_PS_VERSION_ > '1.5') {
$hooks = $object->registerHook('actionObjectDeleteAfter')
Expand Down

0 comments on commit f2634d3

Please sign in to comment.