Peter M. Groen / knowledgetree

Commit 4bff656ae46cd306866529e10a92163eb021e187

Authored by conradverm
1 parent f596a417

KTS-3097 

"Field names with quotes was impacting on search2 query builder"
Fixed.

Committed By: Conrad Vermeulen
Reviewed By: Megan Watson

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8167 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 2 changed files with 13 additions and 13 deletions
search2/search/fieldRegistry.inc.php
  View file @4bff656
@@ -259,8 +259,8 @@ class ExprFieldRegistry @@ -259,8 +259,8 @@ class ExprFieldRegistry
259 259
260 foreach($result as $record) 260 foreach($result as $record)
261 { 261 {
262 - $fieldset = $record['fieldset'];  
263 - $field = $record['field']; 262 + $fieldset = addslashes($record['fieldset']);
  263 + $field = addslashes($record['field']);
264 $fieldsetid = $record['fsid']; 264 $fieldsetid = $record['fsid'];
265 $fieldid = $record['fid']; 265 $fieldid = $record['fid'];
266 $classname = "MetadataField$fieldid"; 266 $classname = "MetadataField$fieldid";
search2/search/search.inc.php
  View file @4bff656
@@ -96,7 +96,7 @@ class SearchHelper @@ -96,7 +96,7 @@ class SearchHelper
96 { 96 {
97 if ($dt++ > 0) $documenttypes_str .= ','; 97 if ($dt++ > 0) $documenttypes_str .= ',';
98 $id=$user['id']; 98 $id=$user['id'];
99 - $name=$user['name']; 99 + $name=(addslashes($user['name']));
100 100
101 $documenttypes_str .= "\n\t{id: \"$id\", name: \"$name\"}"; 101 $documenttypes_str .= "\n\t{id: \"$id\", name: \"$name\"}";
102 } 102 }
@@ -139,7 +139,7 @@ class SearchHelper @@ -139,7 +139,7 @@ class SearchHelper
139 { 139 {
140 if ($uo++ > 0) $users_str .= ','; 140 if ($uo++ > 0) $users_str .= ',';
141 $id=$user['id']; 141 $id=$user['id'];
142 - $name=$user['name']; 142 + $name=(addslashes($user['name']));
143 143
144 $users_str .= "\n\t{id: \"$id\", name: \"$name\"}"; 144 $users_str .= "\n\t{id: \"$id\", name: \"$name\"}";
145 } 145 }
@@ -159,8 +159,8 @@ class SearchHelper @@ -159,8 +159,8 @@ class SearchHelper
159 foreach($fields as $field) 159 foreach($fields as $field)
160 { 160 {
161 if ($fo++ > 0) $fields_str .= ','; 161 if ($fo++ > 0) $fields_str .= ',';
162 - $alias = $field['alias'];  
163 - $display = $field['display']; 162 + $alias = (addslashes($field['alias']));
  163 + $display = (addslashes($field['display']));
164 $type = $field['type']; 164 $type = $field['type'];
165 $fields_str .= "\n\t{alias: \"$alias\", name: \"$display\", type:\"$type\"}"; 165 $fields_str .= "\n\t{alias: \"$alias\", name: \"$display\", type:\"$type\"}";
166 } 166 }
@@ -182,7 +182,7 @@ class SearchHelper @@ -182,7 +182,7 @@ class SearchHelper
182 { 182 {
183 if ($wo++ > 0) $workflow_str .= ','; 183 if ($wo++ > 0) $workflow_str .= ',';
184 $wid = $workflow['id']; 184 $wid = $workflow['id'];
185 - $name = $workflow['name']; 185 + $name = (addslashes($workflow['name']));
186 186
187 $workflow_str .= "\n\t{id:\"$wid\", name: \"$name\", states: [ "; 187 $workflow_str .= "\n\t{id:\"$wid\", name: \"$name\", states: [ ";
188 188
@@ -194,7 +194,7 @@ class SearchHelper @@ -194,7 +194,7 @@ class SearchHelper
194 { 194 {
195 if ($so++>0) $workflow_str .= ','; 195 if ($so++>0) $workflow_str .= ',';
196 $sid = $state['id']; 196 $sid = $state['id'];
197 - $name=$state['name']; 197 + $name=(addslashes($state['name']));
198 $result['workflows'][$wid]['states'][$sid] = $state; 198 $result['workflows'][$wid]['states'][$sid] = $state;
199 $workflow_str .= "\n\t\t{id:\"$wid\", name: \"$name\"}"; 199 $workflow_str .= "\n\t\t{id:\"$wid\", name: \"$name\"}";
200 } 200 }
@@ -217,8 +217,8 @@ class SearchHelper @@ -217,8 +217,8 @@ class SearchHelper
217 foreach($fieldsets as $fieldset) 217 foreach($fieldsets as $fieldset)
218 { 218 {
219 $fsid=$fieldset['id']; 219 $fsid=$fieldset['id'];
220 - $name = $fieldset['name'];  
221 - $desc = $fieldset['description']; 220 + $name = (addslashes($fieldset['name']));
  221 + $desc = (addslashes($fieldset['description']));
222 if ($fso++>0) $fieldset_str .= ','; 222 if ($fso++>0) $fieldset_str .= ',';
223 $fieldset_str .= "\n\t{id:\"$fsid\",name:\"$name\",description:\"$desc\", fields: ["; 223 $fieldset_str .= "\n\t{id:\"$fsid\",name:\"$name\",description:\"$desc\", fields: [";
224 224
@@ -231,8 +231,8 @@ class SearchHelper @@ -231,8 +231,8 @@ class SearchHelper
231 { 231 {
232 if ($fo++ >0) $fieldset_str .= ','; 232 if ($fo++ >0) $fieldset_str .= ',';
233 $fid = $field['id']; 233 $fid = $field['id'];
234 - $name= $field['name'];  
235 - $desc = $field['description']; 234 + $name= (addslashes($field['name']));
  235 + $desc = (addslashes($field['description']));
236 $datatype=$field['datatype']; 236 $datatype=$field['datatype'];
237 $control=$field['control']; 237 $control=$field['control'];
238 $fieldset_str .= "\n\t\t{id:\"$fid\", name:\"$name\", description:\"$desc\", datatype:\"$datatype\", control:\"$control\", options: ["; 238 $fieldset_str .= "\n\t\t{id:\"$fid\", name:\"$name\", description:\"$desc\", datatype:\"$datatype\", control:\"$control\", options: [";
@@ -246,7 +246,7 @@ class SearchHelper @@ -246,7 +246,7 @@ class SearchHelper
246 { 246 {
247 if ($oo++ > 0) $fieldset_str .= ','; 247 if ($oo++ > 0) $fieldset_str .= ',';
248 $oid = $option['id']; 248 $oid = $option['id'];
249 - $name= $option['name']; 249 + $name= (addslashes($option['name']));
250 $fieldset_str .= "\n\t\t\t{id: \"$oid\", name: \"$name\"}"; 250 $fieldset_str .= "\n\t\t\t{id: \"$oid\", name: \"$name\"}";
251 } 251 }
252 $fieldset_str .= ']}'; 252 $fieldset_str .= ']}';