Skip to content

Commit

Permalink
Split off sanitize to a separate method
Browse files Browse the repository at this point in the history
  • Loading branch information
janette committed Aug 30, 2024
1 parent 150a1ad commit 658bde6
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions modules/common/src/Storage/SelectFactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -104,10 +104,8 @@ private function setQueryProperties(Query $query) {
private function addDateExpressions($db_query, $fields, $meta_data) {
foreach ($meta_data as $definition) {
// Confirm definition name is in the fields list.
$name = $this->dbQuery->escapeField($definition['name']);
$sanitizedName = $fields[$name]['field'];
if ($sanitizedName && $definition['type'] == 'date') {
$db_query->addExpression("DATE_FORMAT(" . $sanitizedName . ", '" . $definition['format'] . "')", $sanitizedName);
if ($fields[$definition['name']]['field'] && $definition['type'] == 'date') {
$db_query->addExpression("DATE_FORMAT(" . $definition['name'] . ", '" . $definition['format'] . "')", $definition['name']);
}
}
}
Expand Down Expand Up @@ -143,7 +141,7 @@ private function normalizeProperty(mixed $property): object {
if (is_string($property) && self::safeProperty($property)) {
return (object) [
"collection" => $this->alias,
"property" => $this->dbQuery->escapeField($property),
"property" => $property,
"alias" => NULL,
];
}
Expand All @@ -152,6 +150,10 @@ private function normalizeProperty(mixed $property): object {
}
// Throw exception if obviously unsafe property name.
self::safeProperty($property->property);
return $property;
}

private function sanitizeProperty(object $property) {
// Sanitize the property name.
$property->property = $this->dbQuery->escapeField($property->property);
$property->alias = isset($property->alias) ? $this->connection->escapeAlias($property->alias) : NULL;
Expand Down Expand Up @@ -254,6 +256,7 @@ private function normalizeOperand(mixed $operand) {
*/
private function propertyToString(mixed $property) {
$property = $this->normalizeProperty($property);
$property = $this->sanitizeProperty($property);
return "{$property->collection}.{$property->property}";
}

Expand Down

0 comments on commit 658bde6

Please sign in to comment.