developer.jelix.org is not used any more and exists only for history. Post new tickets on the Github account.
developer.jelix.org n'est plus utilisée, et existe uniquement pour son historique. Postez les nouveaux tickets sur le compte github.

Opened 11 years ago

Closed 10 years ago

#1129 closed bug (fixed)

$ should not be allowed in parameters of dao methods

Reported by: laurentj Owned by: foxmask
Priority: low Milestone: Jelix 1.1.7
Component: jelix:dao Version: 1.1.6
Severity: minor Keywords:
Cc: Blocked By:
Blocking: Documentation needed: no
Hosting Provider: Php version:

Description

the title says all.

The parser should remove the $ silently or throw a beautiful exception.

at this time, it generates a parsing error.

Change History (6)

comment:1 Changed 11 years ago by laurentj

  • Milestone changed from Jelix 1.2 to Jelix 1.1.7

comment:2 Changed 10 years ago by foxmask

  • Owner set to foxmask

j'ai le patch ; il faut juste que je le mette en forme :)

comment:3 Changed 10 years ago by foxmask

  • review set to review?

pour la 1.2 : http://bitbucket.org/foxmask/jelix-trunk-patch/changeset/1e73c0c5f86c

qui donne par exemple en changeant la dao jelix_user avec un paamètre $login : 

[exception 565]  DAO, in the method jauthdb~jelixuser, the sign $ in the parameter name $login is no authorized 
/var/www/www_jelix12/lib/jelix/dao/jDaoMethod.class.php 59

pour la 1.1 : http://bitbucket.org/foxmask/jelix-1.1.x-patches/changeset/32a8445e3835

comment:4 follow-up: Changed 10 years ago by foxmask

en y repensant plutôt que chercher l'existance d'un $, vérifier que le nom ne soit que de la form [a-zA-Z]+ serait mieux ?

comment:5 in reply to: ↑ 4 Changed 10 years ago by foxmask

Replying to foxmask:

en y repensant plutôt que chercher l'existance d'un $, vérifier que le nom ne soit que de la form [a-zA-Z]+ serait mieux ?

en fait non, on peut nommer un parm id_truc et pas que id ou que truc. Par contre les - \ / invalideront le xml de facto me semble. donc le patch lui meme en l'état doit suffir

comment:6 Changed 10 years ago by laurentj

  • Resolution set to fixed
  • review changed from review? to review+
  • Status changed from new to closed

landed. thanks :)

http://bitbucket.org/jelix/jelix-1.1.x/changeset/74a5ab426ec9 http://bitbucket.org/jelix/jelix-trunk/changeset/e55c870ecc2c

Note: See TracTickets for help on using tickets.