hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-10 11:33:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

More SQL Injection prevention.

Browse Source
This commit is contained in:
Benoît Burnichon
2015-03-09 22:37:37 +01:00
parent 135b2fcaff
commit 43bc4dd9bb
5 changed files with 50 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/classes/module/console/fieldsMerge.php
View File

@@ -44,6 +44,7 @@ class module_console_fieldsMerge extends Command
$output->writeln("");
try {
/** @var databox $databox */
$databox = $this->getService('phraseanet.appbox')->get_databox((int) $input->getArgument('sbas_id'));
} catch (\Exception $e) {
$output->writeln("<error>Invalid databox id </error>");
@@ -155,11 +156,16 @@ class module_console_fieldsMerge extends Command
$start = 0;
$quantity = 100;
$builder = $databox->get_connection()->createQueryBuilder();
$builder
->select('r.record_id')
->from('record', 'r')
->orderBy('r.record_id', 'ASC')
->setFirstResult($start)
->setMaxResults($quantity)
;
do {
$sql = 'SELECT record_id FROM record
ORDER BY record_id LIMIT ' . $start . ', ' . $quantity;
$stmt = $databox->get_connection()->prepare($sql);
$stmt->execute();
$stmt = $builder->execute();
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();