Peter M. Groen / knowledgetree

Commit 4bff656ae46cd306866529e10a92163eb021e187

Authored by conradverm
1 parent f596a417

KTS-3097 

"Field names with quotes was impacting on search2 query builder"
Fixed.

Committed By: Conrad Vermeulen
Reviewed By: Megan Watson

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8167 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 2 changed files with 13 additions and 13 deletions
search2/search/fieldRegistry.inc.php
  View file @4bff656
... ... @@ -259,8 +259,8 @@ class ExprFieldRegistry
259 259  
260 260 foreach($result as $record)
261 261 {
262   - $fieldset = $record['fieldset'];
263   - $field = $record['field'];
  262 + $fieldset = addslashes($record['fieldset']);
  263 + $field = addslashes($record['field']);
264 264 $fieldsetid = $record['fsid'];
265 265 $fieldid = $record['fid'];
266 266 $classname = "MetadataField$fieldid";
... ...
search2/search/search.inc.php
  View file @4bff656
... ... @@ -96,7 +96,7 @@ class SearchHelper
96 96 {
97 97 if ($dt++ > 0) $documenttypes_str .= ',';
98 98 $id=$user['id'];
99   - $name=$user['name'];
  99 + $name=(addslashes($user['name']));
100 100  
101 101 $documenttypes_str .= "\n\t{id: \"$id\", name: \"$name\"}";
102 102 }
... ... @@ -139,7 +139,7 @@ class SearchHelper
139 139 {
140 140 if ($uo++ > 0) $users_str .= ',';
141 141 $id=$user['id'];
142   - $name=$user['name'];
  142 + $name=(addslashes($user['name']));
143 143  
144 144 $users_str .= "\n\t{id: \"$id\", name: \"$name\"}";
145 145 }
... ... @@ -159,8 +159,8 @@ class SearchHelper
159 159 foreach($fields as $field)
160 160 {
161 161 if ($fo++ > 0) $fields_str .= ',';
162   - $alias = $field['alias'];
163   - $display = $field['display'];
  162 + $alias = (addslashes($field['alias']));
  163 + $display = (addslashes($field['display']));
164 164 $type = $field['type'];
165 165 $fields_str .= "\n\t{alias: \"$alias\", name: \"$display\", type:\"$type\"}";
166 166 }
... ... @@ -182,7 +182,7 @@ class SearchHelper
182 182 {
183 183 if ($wo++ > 0) $workflow_str .= ',';
184 184 $wid = $workflow['id'];
185   - $name = $workflow['name'];
  185 + $name = (addslashes($workflow['name']));
186 186  
187 187 $workflow_str .= "\n\t{id:\"$wid\", name: \"$name\", states: [ ";
188 188  
... ... @@ -194,7 +194,7 @@ class SearchHelper
194 194 {
195 195 if ($so++>0) $workflow_str .= ',';
196 196 $sid = $state['id'];
197   - $name=$state['name'];
  197 + $name=(addslashes($state['name']));
198 198 $result['workflows'][$wid]['states'][$sid] = $state;
199 199 $workflow_str .= "\n\t\t{id:\"$wid\", name: \"$name\"}";
200 200 }
... ... @@ -217,8 +217,8 @@ class SearchHelper
217 217 foreach($fieldsets as $fieldset)
218 218 {
219 219 $fsid=$fieldset['id'];
220   - $name = $fieldset['name'];
221   - $desc = $fieldset['description'];
  220 + $name = (addslashes($fieldset['name']));
  221 + $desc = (addslashes($fieldset['description']));
222 222 if ($fso++>0) $fieldset_str .= ',';
223 223 $fieldset_str .= "\n\t{id:\"$fsid\",name:\"$name\",description:\"$desc\", fields: [";
224 224  
... ... @@ -231,8 +231,8 @@ class SearchHelper
231 231 {
232 232 if ($fo++ >0) $fieldset_str .= ',';
233 233 $fid = $field['id'];
234   - $name= $field['name'];
235   - $desc = $field['description'];
  234 + $name= (addslashes($field['name']));
  235 + $desc = (addslashes($field['description']));
236 236 $datatype=$field['datatype'];
237 237 $control=$field['control'];
238 238 $fieldset_str .= "\n\t\t{id:\"$fid\", name:\"$name\", description:\"$desc\", datatype:\"$datatype\", control:\"$control\", options: [";
... ... @@ -246,7 +246,7 @@ class SearchHelper
246 246 {
247 247 if ($oo++ > 0) $fieldset_str .= ',';
248 248 $oid = $option['id'];
249   - $name= $option['name'];
  249 + $name= (addslashes($option['name']));
250 250 $fieldset_str .= "\n\t\t\t{id: \"$oid\", name: \"$name\"}";
251 251 }
252 252 $fieldset_str .= ']}';
... ...