oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix bug #11510, allowing non-valid sort fields in the form params to CS.

Browse source
This commit is contained in:
Colin Kuskie 2010-04-05 10:47:01 -07:00
parent 2de75ea427
commit 6990f52b0d
2 changed files with 15 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog/7.x.x.txt
View file

@ -11,6 +11,7 @@
- fixed: Viewing a Gallery File with non-ASCII keywords crashes - fixed: Viewing a Gallery File with non-ASCII keywords crashes
- fixed #11509: System trash not sticky - fixed #11509: System trash not sticky
- fixed #11506: Cruft on i18n dirs in the released .tar.gz - fixed #11506: Cruft on i18n dirs in the released .tar.gz
- fixed #11510: Scratch variables for sort direction and key can break the CS
7.9.1 7.9.1
- fixed #11464: blank page after setting posts per page in Collaboration System to 0 (zero) - fixed #11464: blank page after setting posts per page in Collaboration System to 0 (zero)

21
lib/WebGUI/Asset/Wobject/Collaboration.pm
View file

@ -1159,16 +1159,28 @@ Collaboration System
=cut =cut
sub getThreadsPaginator { sub getThreadsPaginator {
my $self = shift; my $self = shift;
my $session = $self->session;
my $scratchSortBy = $self->getId."_sortBy"; my $scratchSortBy = $self->getId."_sortBy";
my $scratchSortOrder = $self->getId."_sortDir"; my $scratchSortOrder = $self->getId."_sortDir";
my $sortBy = $self->session->form->process("sortBy") my $sortBy = $self->session->form->process("sortBy")
|| $self->session->scratch->get($scratchSortBy) || $self->session->scratch->get($scratchSortBy)
|| $self->get("sortBy"); || $self->get("sortBy");
$sortBy =~ s/^\w+\.//;
# Sort by the thread rating instead of the post rating. other places don't care about threads.
$sortBy = $sortBy eq 'rating' ? 'threadRating' : $sortBy;
if (! WebGUI::Utility::isIn($sortBy, qw/userDefined1 userDefined2 userDefined3 userDefined4 userDefined5 title lineage revisionDate creationDate karmaRank threadRating/)) {
$sortBy = 'revisionDate';
}
if ($sortBy eq 'assetId' || $sortBy eq 'revisionDate') {
$sortBy = 'assetData.' . $sortBy;
}
my $sortOrder = $self->session->form->process("sortOrder") my $sortOrder = $self->session->form->process("sortOrder")
|| $self->session->scratch->get($scratchSortOrder) || $self->session->scratch->get($scratchSortOrder)
|| $self->get("sortOrder"); || $self->get("sortOrder");
#$sortOrder = lc $sortOrder;
#$sortOrder = 'desc' if ($sortOrder ne 'asc' && $sortOrder ne 'desc');
if ($sortBy ne $self->session->scratch->get($scratchSortBy) && $self->session->form->process("func") ne "editSave") { if ($sortBy ne $self->session->scratch->get($scratchSortBy) && $self->session->form->process("func") ne "editSave") {
$self->session->scratch->set($scratchSortBy,$self->session->form->process("sortBy")); $self->session->scratch->set($scratchSortBy,$self->session->form->process("sortBy"));
$self->session->scratch->set($scratchSortOrder, $sortOrder); $self->session->scratch->set($scratchSortOrder, $sortOrder);
@ -1182,13 +1194,8 @@ sub getThreadsPaginator {
} }
$self->session->scratch->set($scratchSortOrder, $sortOrder); $self->session->scratch->set($scratchSortOrder, $sortOrder);
} }
$sortBy ||= "assetData.revisionDate";
$sortOrder ||= "desc";
# Sort by the thread rating instead of the post rating. other places don't care about threads.
if ($sortBy eq 'rating') {
$sortBy = 'threadRating';
}
$sortBy = join('.', map { $self->session->db->dbh->quote_identifier($_) } split(/\./, $sortBy)); $sortBy = join('.', map { $self->session->db->dbh->quote_identifier($_) } split(/\./, $sortBy));
$sortOrder ||= 'desc';
my $sql = " my $sql = "
select select