check well formed setting ns and id
This commit is contained in:
parent
555e5d2167
commit
a01d41d535
@ -128,7 +128,7 @@ class Settings extends AbstractCleaner
|
|||||||
{
|
{
|
||||||
$sql = new DeleteStatement();
|
$sql = new DeleteStatement();
|
||||||
|
|
||||||
if ($action == 'delete_global') {
|
if ($action == 'delete_global' && self::checkNs($ns)) {
|
||||||
$sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME)
|
$sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME)
|
||||||
->where('blog_id IS NULL')
|
->where('blog_id IS NULL')
|
||||||
->and('setting_ns = ' . $sql->quote((string) $ns))
|
->and('setting_ns = ' . $sql->quote((string) $ns))
|
||||||
@ -136,7 +136,7 @@ class Settings extends AbstractCleaner
|
|||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if ($action == 'delete_local') {
|
if ($action == 'delete_local' && self::checkNs($ns)) {
|
||||||
$sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME)
|
$sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME)
|
||||||
->where('blog_id = ' . $sql->quote((string) dcCore::app()->blog?->id))
|
->where('blog_id = ' . $sql->quote((string) dcCore::app()->blog?->id))
|
||||||
->and('setting_ns = ' . $sql->quote((string) $ns))
|
->and('setting_ns = ' . $sql->quote((string) $ns))
|
||||||
@ -144,7 +144,7 @@ class Settings extends AbstractCleaner
|
|||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if ($action == 'delete_all') {
|
if ($action == 'delete_all' && self::checkNs($ns)) {
|
||||||
$sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME)
|
$sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME)
|
||||||
->where('setting_ns = ' . $sql->quote((string) $ns))
|
->where('setting_ns = ' . $sql->quote((string) $ns))
|
||||||
->and($sql->orGroup(['blog_id IS NULL', 'blog_id IS NOT NULL']))
|
->and($sql->orGroup(['blog_id IS NULL', 'blog_id IS NOT NULL']))
|
||||||
@ -153,12 +153,17 @@ class Settings extends AbstractCleaner
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if ($action == 'delete_related') {
|
if ($action == 'delete_related') {
|
||||||
|
// check ns match ns:id;
|
||||||
|
$reg_ws = substr(dcNamespace::NS_NAME_SCHEMA, 2, -2);
|
||||||
|
$reg_id = substr(dcNamespace::NS_ID_SCHEMA, 2, -2);
|
||||||
|
if (!preg_match_all('#((' . $reg_ws . '):(' . $reg_id . ');?)#', $ns, $matches)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// build ws/id requests
|
||||||
$or = [];
|
$or = [];
|
||||||
foreach (explode(';', $ns) as $pair) {
|
foreach ($matches[2] as $key => $name) {
|
||||||
$exp = explode(':', $pair);
|
$or[] = $sql->andGroup(['setting_ns = ' . $sql->quote((string) $name), 'setting_id = ' . $sql->quote((string) $matches[3][$key])]);
|
||||||
if (count($exp) == 2) {
|
|
||||||
$or[] = $sql->andGroup(['setting_ns = ' . $sql->quote((string) $exp[0]), 'setting_id = ' . $sql->quote((string) $exp[1])]);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if (empty($or)) {
|
if (empty($or)) {
|
||||||
return false;
|
return false;
|
||||||
@ -174,4 +179,16 @@ class Settings extends AbstractCleaner
|
|||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check well formed ns.
|
||||||
|
*
|
||||||
|
* @param string The ns to check
|
||||||
|
*
|
||||||
|
* @return bool True on well formed
|
||||||
|
*/
|
||||||
|
private static function checkNs(string $ns): bool
|
||||||
|
{
|
||||||
|
return preg_match(dcNamespace::NS_NAME_SCHEMA, $ns);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user