diff --git a/lib/WebGUI/Wobject/EventsCalendar.pm b/lib/WebGUI/Wobject/EventsCalendar.pm index d07210365..cee05c837 100644 --- a/lib/WebGUI/Wobject/EventsCalendar.pm +++ b/lib/WebGUI/Wobject/EventsCalendar.pm @@ -35,14 +35,14 @@ sub duplicate { my ($sth, $w, @row, $newEventId, $previousRecurringEventId); $w = $_[0]->SUPER::duplicate($_[1]); $sth = WebGUI::SQL->read("select * from EventsCalendar_event where wobjectId=" - .$_[0]->get("wobjectId")." order by EventsCalendar_recurringId"); + .quote($_[0]->get("wobjectId"))." order by EventsCalendar_recurringId"); while (@row = $sth->array) { $newEventId = WebGUI::Id::generate(); if ($row[6] > 0 && $row[6] != $previousRecurringEventId) { $row[6] = WebGUI::Id::generate(); $previousRecurringEventId = $row[6]; } - WebGUI::SQL->write("insert into EventsCalendar_event values (".quote($newEventId).", ".$w.", ". + WebGUI::SQL->write("insert into EventsCalendar_event values (".quote($newEventId).", ".quote($w).", ". quote($row[2]).", ".quote($row[3]).", ".quote($row[4]).", ".quote($row[5]).", ".quote($row[6]).")"); } $sth->finish; @@ -259,13 +259,13 @@ sub www_editEvent { $f = WebGUI::HTMLForm->new(1); $f->raw(''.WebGUI::International::get(8,$_[0]->get("namespace")).''); $f->integer("interval","",1,"","","",3); - $f->select("recursEvery",\%recursEvery); + $f->selectList("recursEvery",\%recursEvery); $f->raw(' '.WebGUI::International::get(9,$_[0]->get("namespace")).' '); $f->date("until"); $f->raw(""); $special = $f->printRowsOnly; } else { - %event = WebGUI::SQL->quickHash("select * from EventsCalendar_event where EventsCalendar_eventId='$session{form}{eid}'"); + %event = WebGUI::SQL->quickHash("select * from EventsCalendar_event where EventsCalendar_eventId=".quote($session{form}{eid})); $f = WebGUI::HTMLForm->new; $f->hidden("until"); $special = $f->printRowsOnly; @@ -282,14 +282,13 @@ sub www_editEvent { -name=>"startDate", -label=>WebGUI::International::get(14,$_[0]->get("namespace")), -value=>$event{startDate}, - -dateExtras=>'onBlur="this.form.endDate_date.value=this.form.startDate_date.value;this.form.until.value=this.form.startDate_date.value;"', - -timeExtras=>'onBlur="this.form.endDate_time.value=this.form.startDate_time.value"' + -extras=>'onBlur="this.form.endDate.value=this.form.startDate.value;this.form.until.value=this.form.startDate.value;"', ); $f->dateTime( -name=>"endDate", -label=>WebGUI::International::get(15,$_[0]->get("namespace")), -value=>$event{endDate}, - -dateExtras=>'onBlur="this.form.until.value=this.form.endDate_date.value;"' + -extras=>'onBlur="this.form.until.value=this.form.endDate.value;"' ); $f->raw($special); if ($session{form}{eid} eq "new") { @@ -344,7 +343,7 @@ sub www_editEventSave { } } $i = 0; - while ($eventId[$i] > 0) { + while ($eventId[$i] ne "") { WebGUI::SQL->write("insert into EventsCalendar_event values (".quote($eventId[$i]).", ".quote($_[0]->get("wobjectId")).", ".quote($session{form}{name}).", @@ -422,7 +421,7 @@ sub www_view { my @thisMonthDate = WebGUI::DateTime::epochToArray($thisMonth); # get event information my $query = "select * from EventsCalendar_event where "; - $query .= " wobjectId=".$_[0]->get("wobjectId")." and " unless ($_[0]->get("isMaster")); + $query .= " wobjectId=".quote($_[0]->get("wobjectId"))." and " unless ($_[0]->get("isMaster")); $query .= " (endDate>=$monthStart and endDate<=$monthEnd) and (startDate>=$monthStart and startDate<=$monthEnd) order by startDate,endDate"; my %events; my %previous; diff --git a/lib/WebGUI/Wobject/FileManager.pm b/lib/WebGUI/Wobject/FileManager.pm index efd8c68c4..a9244f352 100644 --- a/lib/WebGUI/Wobject/FileManager.pm +++ b/lib/WebGUI/Wobject/FileManager.pm @@ -45,7 +45,7 @@ sub duplicate { my ($file, $w, %row, $sth, $newDownloadId); tie %row, 'Tie::CPHash'; $w = $_[0]->SUPER::duplicate($_[1]); - $sth = WebGUI::SQL->read("select * from FileManager_file where wobjectId=".$_[0]->get("wobjectId")); + $sth = WebGUI::SQL->read("select * from FileManager_file where wobjectId=".quote($_[0]->get("wobjectId"))); while (%row = $sth->hash) { $newDownloadId = WebGUI::Id::generate(); $file = WebGUI::Attachment->new($row{downloadFile},$_[0]->get("wobjectId"),$row{FileManager_fileId}); @@ -124,7 +124,7 @@ sub new { #------------------------------------------------------------------- sub purge { - WebGUI::SQL->write("delete from FileManager_file where wobjectId=".$_[0]->get("wobjectId")); + WebGUI::SQL->write("delete from FileManager_file where wobjectId=".quote($_[0]->get("wobjectId"))); $_[0]->SUPER::purge(); } @@ -164,7 +164,7 @@ sub www_download { $_[0]->logView() if ($session{setting}{passiveProfilingEnabled}); my (%download, $file); tie %download,'Tie::CPHash'; - %download = WebGUI::SQL->quickHash("select * from FileManager_file where FileManager_fileId=$session{form}{did}"); + %download = WebGUI::SQL->quickHash("select * from FileManager_file where FileManager_fileId=".quote($session{form}{did})); if (WebGUI::Grouping::isInGroup($download{groupToView})) { if ($session{form}{alternateVersion} == 1) { $file = WebGUI::Attachment->new($download{alternateVersion1}, @@ -350,7 +350,7 @@ sub www_view { $var{"search.label"} = WebGUI::International::get(364); $var{"addfile.url"} = WebGUI::URL::page('func=editDownload&did=new&wid='.$_[0]->get("wobjectId")); $var{"addfile.label"} = WebGUI::International::get(11,$_[0]->get("namespace")); - $sql = "select * from FileManager_file where wobjectId=".$_[0]->get("wobjectId")." "; + $sql = "select * from FileManager_file where wobjectId=".quote($_[0]->get("wobjectId"))." "; if ($session{scratch}{search}) { $numResults = $session{scratch}{numResults}; $constraints = WebGUI::Search::buildConstraints( diff --git a/lib/WebGUI/Wobject/IndexedSearch.pm b/lib/WebGUI/Wobject/IndexedSearch.pm index 9dc0e840f..b063d1296 100644 --- a/lib/WebGUI/Wobject/IndexedSearch.pm +++ b/lib/WebGUI/Wobject/IndexedSearch.pm @@ -571,7 +571,7 @@ sub _getContentTypes { sub _getSearchablePages { my $searchRoot = shift; my %pages; - my $sth = WebGUI::SQL->read("select pageId from page where parentId = $searchRoot"); + my $sth = WebGUI::SQL->read("select pageId from page where parentId = ".quote($searchRoot)); while (my %data = $sth->hash) { $pages{$data{pageId}} = defined; %pages = (%pages, _getSearchablePages($data{pageId}) ); diff --git a/lib/WebGUI/Wobject/IndexedSearch/Search.pm b/lib/WebGUI/Wobject/IndexedSearch/Search.pm index 54045aa6e..203ecc041 100644 --- a/lib/WebGUI/Wobject/IndexedSearch/Search.pm +++ b/lib/WebGUI/Wobject/IndexedSearch/Search.pm @@ -66,7 +66,7 @@ These methods are available from this package: sub _recurseCrumbTrail { my ($sth, %data, $output); tie %data, 'Tie::CPHash'; - %data = WebGUI::SQL->quickHash("select pageId,parentId,menuTitle,urlizedTitle from page where pageId=$_[0]"); + %data = WebGUI::SQL->quickHash("select pageId,parentId,menuTitle,urlizedTitle from page where pageId=".quote($_[0])); if ($data{pageId} > 1) { $output .= _recurseCrumbTrail($data{parentId}); } @@ -189,7 +189,7 @@ A reference to an array of CSS color identificators. sub getDetails { my ($self, $docIdList, %options) = @_; - my $docIds = join(',',@$docIdList); + my $docIds = quoteAndJoin($docIdList); my (@searchDetails, %namespace); foreach my $wobject (@{$session{config}{wobjects}}){ my $cmd = "WebGUI::Wobject::".$wobject; @@ -443,6 +443,7 @@ of this document. sub indexDocument { my ($self, $document) = @_; $self->{_fts}->index_document($document->{docId} || $self->{_docId}, $document->{text}); + my $docId = ($document->{docId} || $self->{_docId}); WebGUI::SQL->write("insert into IndexedSearch_docInfo ( docId, indexName, pageId, @@ -459,20 +460,20 @@ sub indexDocument { ownerId, dateIndexed ) values ( ". - ($document->{docId} || $self->{_docId}).", ". + quote($docId).", ". quote($self->getIndexName).", ". - ($document->{pageId} || 0).", ". - ($document->{wobjectId} || 0).", ". + quote($document->{pageId} || 0).", ". + quote($document->{wobjectId} || 0).", ". quote($document->{languageId}).", ". quote($document->{namespace} || 'WebGUI')." , ". quote($document->{location}).", ". - ($document->{page_groupIdView} || 7).", ". - ($document->{wobject_groupIdView} || 7).", ". - ($document->{wobject_special_groupIdView} || 7).", ". + quote($document->{page_groupIdView} || 7).", ". + quote($document->{wobject_groupIdView} || 7).", ". + quote($document->{wobject_special_groupIdView} || 7).", ". quote($document->{headerShortcut})." ,". quote($document->{bodyShortcut})." ,". quote($document->{contentType})." ,". - ($document->{ownerId} || 3).", + quote($document->{ownerId} || 3).", ".WebGUI::DateTime::time()." )" ); $self->{_docId}++; @@ -655,8 +656,8 @@ sub search { my $noFtsSearch = ($query =~ /^\s*\*\s*$/); # query = '*', no full text search my @fts_docIds = $self->{_fts}->search($query) unless $noFtsSearch ; if(@fts_docIds || $noFtsSearch) { - my $groups = join(',',@{$self->_getGroups}); - my $docIds = join(',',@fts_docIds); + my $groups = quoteAndJoin($self->_getGroups); + my $docIds = quoteAndJoin(\@fts_docIds); my $sql = "select docId from IndexedSearch_docInfo where indexName = ".quote($self->getIndexName); $sql .= " and docId in ($docIds)" unless $noFtsSearch; $sql .= " and page_groupIdView in ($groups)"; @@ -665,7 +666,7 @@ sub search { $sql .= " and wobject_groupIdView in ($groups)"; } foreach my $filterElement (keys %{$filter}) { - $sql .= " AND $filterElement in (".join(',', @{$filter->{$filterElement}}).")"; + $sql .= " AND $filterElement in (".quoteAndJoin($filter->{$filterElement}).")"; } # No trash or other garbage $sql .= " AND (pageId > 999 or pageId < 0 or pageId = 1) "; diff --git a/lib/WebGUI/Wobject/MessageBoard.pm b/lib/WebGUI/Wobject/MessageBoard.pm index a04ca1932..96355b54a 100644 --- a/lib/WebGUI/Wobject/MessageBoard.pm +++ b/lib/WebGUI/Wobject/MessageBoard.pm @@ -123,16 +123,16 @@ sub new { #------------------------------------------------------------------- sub purge { - my $sth = WebGUI::SQL->read("select forumId from MessageBoard_forums where wobjectId=".$_[0]->get("wobjectId")); + my $sth = WebGUI::SQL->read("select forumId from MessageBoard_forums where wobjectId=".quote($_[0]->get("wobjectId"))); while (my ($forumId) = $sth->array) { - my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from MessageBoard_forums where forumId=".$forumId); + my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from MessageBoard_forums where forumId=".quote($forumId)); unless ($inUseElsewhere > 1) { my $forum = WebGUI::Forum->new($forumId); $forum->purge; } } $sth->finish; - WebGUI::SQL->write("delete from MessageBoard_forums where wobjectId=".$_[0]->get("wobjectId")); + WebGUI::SQL->write("delete from MessageBoard_forums where wobjectId=".quote($_[0]->get("wobjectId"))); $_[0]->SUPER::purge(); } @@ -146,12 +146,12 @@ sub www_deleteForum { #------------------------------------------------------------------- sub www_deleteForumConfirm { return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit); - my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from MessageBoard_forums where forumId=".$session{form}{forumId}); + my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from MessageBoard_forums where forumId=".quote($session{form}{forumId})); unless ($inUseElsewhere > 1) { my $forum = WebGUI::Forum->new($session{form}{forumId}); $forum->purge; } - WebGUI::SQL->write("delete from MessageBoard_forums where forumId=".quote($session{form}{forumId})." and wobjectId=".$_[0]->get("wobjectId")); + WebGUI::SQL->write("delete from MessageBoard_forums where forumId=".quote($session{form}{forumId})." and wobjectId=".quote($_[0]->get("wobjectId"))); return ""; } diff --git a/lib/WebGUI/Wobject/Poll.pm b/lib/WebGUI/Wobject/Poll.pm index 9424d290a..cc8425485 100644 --- a/lib/WebGUI/Wobject/Poll.pm +++ b/lib/WebGUI/Wobject/Poll.pm @@ -31,7 +31,7 @@ our @ISA = qw(WebGUI::Wobject); #------------------------------------------------------------------- sub _hasVoted { my ($hasVoted) = WebGUI::SQL->quickArray("select count(*) from Poll_answer - where wobjectId=".$_[0]->get("wobjectId")." and ((userId=$session{user}{userId} + where wobjectId=".quote($_[0]->get("wobjectId"))." and ((userId=".quote($session{user}{userId})." and userId<>1) or (userId=1 and ipAddress='$session{env}{REMOTE_ADDR}'))"); return $hasVoted; } @@ -40,7 +40,7 @@ sub _hasVoted { sub duplicate { my ($w, $f, $sth, @row); $w = $_[0]->SUPER::duplicate($_[1]); - $sth = WebGUI::SQL->read("select * from Poll_answer where wobjectId=".$_[0]->get("wobjectId")); + $sth = WebGUI::SQL->read("select * from Poll_answer where wobjectId=".quote($_[0]->get("wobjectId"))); while (@row = $sth->array) { WebGUI::SQL->write("insert into Poll_answer values (".quote($w).", ".quote($row[1]).", ".quote($row[2]).", ".quote($row[3]).")"); } @@ -143,7 +143,7 @@ sub new { #------------------------------------------------------------------- sub purge { - WebGUI::SQL->write("delete from Poll_answer where wobjectId=".$_[0]->get("wobjectId")); + WebGUI::SQL->write("delete from Poll_answer where wobjectId=".quote($_[0]->get("wobjectId"))); $_[0]->SUPER::purge(); } @@ -248,7 +248,7 @@ sub www_view { } $var{canVote} = $showPoll; my ($totalResponses) = WebGUI::SQL->quickArray("select count(*) from Poll_answer where wobjectId=" - .$_[0]->get("wobjectId")); + .quote($_[0]->get("wobjectId"))); $var{"responses.label"} = WebGUI::International::get(12,$_[0]->get("namespace")); $var{"responses.total"} = $totalResponses; $var{"form.start"} = WebGUI::Form::formHeader(); @@ -260,7 +260,7 @@ sub www_view { for (my $i=1; $i<=20; $i++) { if ($_[0]->get('a'.$i) =~ /\C/) { my ($tally) = WebGUI::SQL->quickArray("select count(*) from Poll_answer where answer='a" - .$i."' and wobjectId=".$_[0]->get("wobjectId")." group by answer"); + .$i."' and wobjectId=".quote($_[0]->get("wobjectId"))." group by answer"); push(@answers,{ "answer.form"=>WebGUI::Form::radio({name=>"answer",value=>"a".$i}), "answer.text"=>$_[0]->get('a'.$i), diff --git a/lib/WebGUI/Wobject/Product.pm b/lib/WebGUI/Wobject/Product.pm index 63f876a3a..0eca47916 100644 --- a/lib/WebGUI/Wobject/Product.pm +++ b/lib/WebGUI/Wobject/Product.pm @@ -42,31 +42,31 @@ sub duplicate { $file->copy($w->get("wobjectId")); $file = WebGUI::Attachment->new($_[0]->get("warranty"),$_[0]->get("wobjectId")); $file->copy($w->get("wobjectId")); - $sth = WebGUI::SQL->read("select * from Product_feature where wobjectId=".$_[0]->get("wobjectId")); + $sth = WebGUI::SQL->read("select * from Product_feature where wobjectId=".quote($_[0]->get("wobjectId"))); while ($row = $sth->hashRef) { $row->{"Product_featureId"} = "new"; $w->setCollateral("Product_feature","Product_featureId",$row); } $sth->finish; - $sth = WebGUI::SQL->read("select * from Product_benefit where wobjectId=".$_[0]->get("wobjectId")); + $sth = WebGUI::SQL->read("select * from Product_benefit where wobjectId=".quote($_[0]->get("wobjectId"))); while ($row = $sth->hashRef) { $row->{"Product_benefitId"} = "new"; $w->setCollateral("Product_benefit","Product_benefitId",$row); } $sth->finish; - $sth = WebGUI::SQL->read("select * from Product_specification where wobjectId=".$_[0]->get("wobjectId")); + $sth = WebGUI::SQL->read("select * from Product_specification where wobjectId=".quote($_[0]->get("wobjectId"))); while ($row = $sth->hashRef) { $row->{"Product_specificationId"} = "new"; $w->setCollateral("Product_specification","Product_specificationId",$row); } $sth->finish; - $sth = WebGUI::SQL->read("select * from Product_accessory where wobjectId=".$_[0]->get("wobjectId")); + $sth = WebGUI::SQL->read("select * from Product_accessory where wobjectId=".quote($_[0]->get("wobjectId"))); while (%data = $sth->hash) { WebGUI::SQL->write("insert into Product_accessory values (".quote($w->get("wobjectId")).", ".quote($data{accessoryWobjectId}).", $data{sequenceNumber})"); } $sth->finish; - $sth = WebGUI::SQL->read("select * from Product_related where wobjectId=".$_[0]->get("wobjectId")); + $sth = WebGUI::SQL->read("select * from Product_related where wobjectId=".quote($_[0]->get("wobjectId"))); while (%data = $sth->hash) { WebGUI::SQL->write("insert into Product_related values (".quote($w->get("wobjectId")).", ".quote($data{relatedWobjectId}).", $data{sequenceNumber})"); @@ -151,13 +151,13 @@ sub new { #------------------------------------------------------------------- sub purge { - WebGUI::SQL->write("delete from Product_accessory where wobjectId=".$_[0]->get("wobjectId")." - or accessoryWobjectId=".$_[0]->get("wobjectId")); - WebGUI::SQL->write("delete from Product_related where wobjectId=".$_[0]->get("wobjectId")." - or relatedWobjectId=".$_[0]->get("wobjectId")); - WebGUI::SQL->write("delete from Product_benefit where wobjectId=".$_[0]->get("wobjectId")); - WebGUI::SQL->write("delete from Product_feature where wobjectId=".$_[0]->get("wobjectId")); - WebGUI::SQL->write("delete from Product_specification where wobjectId=".$_[0]->get("wobjectId")); + WebGUI::SQL->write("delete from Product_accessory where wobjectId=".quote($_[0]->get("wobjectId"))." + or accessoryWobjectId=".quote($_[0]->get("wobjectId"))); + WebGUI::SQL->write("delete from Product_related where wobjectId=".quote($_[0]->get("wobjectId"))." + or relatedWobjectId=".quote($_[0]->get("wobjectId"))); + WebGUI::SQL->write("delete from Product_benefit where wobjectId=".quote($_[0]->get("wobjectId"))); + WebGUI::SQL->write("delete from Product_feature where wobjectId=".quote($_[0]->get("wobjectId"))); + WebGUI::SQL->write("delete from Product_specification where wobjectId=".quote($_[0]->get("wobjectId"))); $_[0]->SUPER::purge(); } @@ -173,10 +173,10 @@ sub www_addAccessory { $f->hidden("wid",$_[0]->get("wobjectId")); $f->hidden("func","addAccessorySave"); @usedAccessories = WebGUI::SQL->quickArray("select accessoryWobjectId from Product_accessory - where wobjectId=".$session{form}{wid}); + where wobjectId=".quote($session{form}{wid})); push(@usedAccessories,$session{form}{wid}); $accessory = WebGUI::SQL->buildHashRef("select wobjectId,title from wobject where namespace='Product' - and wobjectId not in (".join(",",@usedAccessories).")"); + and wobjectId not in (".quoteAndJoin(\@usedAccessories).")"); $f->select("accessoryWobjectId",$accessory,WebGUI::International::get(17,$_[0]->get("namespace"))); $f->yesNo("proceed",WebGUI::International::get(18,$_[0]->get("namespace"))); $f->submit; @@ -191,7 +191,7 @@ sub www_addAccessorySave { $session{page}{useAdminStyle} = 1; my ($seq); ($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_accessory - where wobjectId=".$_[0]->get("wobjectId")); + where wobjectId=".quote($_[0]->get("wobjectId"))); WebGUI::SQL->write("insert into Product_accessory (wobjectId,accessoryWobjectId,sequenceNumber) values (".quote($_[0]->get("wobjectId")).",".quote($session{form}{accessoryWobjectId}).",".($seq+1).")"); if ($session{form}{proceed}) { @@ -211,10 +211,10 @@ sub www_addRelated { $f->hidden("wid",$_[0]->get("wobjectId")); $f->hidden("func","addRelatedSave"); @usedRelated = WebGUI::SQL->quickArray("select relatedWobjectId from Product_related - where wobjectId=".$session{form}{wid}); + where wobjectId=".quote($session{form}{wid})); push(@usedRelated,$session{form}{wid}); $related = WebGUI::SQL->buildHashRef("select wobjectId,title from wobject where namespace='Product' - and wobjectId not in (".join(",",@usedRelated).")"); + and wobjectId not in (".quoteAndJoin(\@usedRelated).")"); $f->select("relatedWobjectId",$related,WebGUI::International::get(20,$_[0]->get("namespace"))); $f->yesNo("proceed",WebGUI::International::get(21,$_[0]->get("namespace"))); $f->submit; @@ -228,7 +228,7 @@ sub www_addRelatedSave { return "" unless ($session{form}{relatedWobjectId}); my ($seq); ($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_related - where wobjectId=".$_[0]->get("wobjectId")); + where wobjectId=".quote($_[0]->get("wobjectId"))); WebGUI::SQL->write("insert into Product_related (wobjectId,relatedWobjectId,sequenceNumber) values (".quote($_[0]->get("wobjectId")).",".quote($session{form}{relatedWobjectId}).",".($seq+1).")"); if ($session{form}{proceed}) { @@ -250,7 +250,7 @@ sub www_deleteAccessory { #------------------------------------------------------------------- sub www_deleteAccessoryConfirm { return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit); - WebGUI::SQL->write("delete from Product_accessory where wobjectId=".$_[0]->get("wobjectId")." and accessoryWobjectId=".quote($session{form}{aid})); + WebGUI::SQL->write("delete from Product_accessory where wobjectId=".quote($_[0]->get("wobjectId"))." and accessoryWobjectId=".quote($session{form}{aid})); $_[0]->reorderCollateral("Product_accessory","accessoryWobjectId"); return ""; } @@ -301,7 +301,7 @@ sub www_deleteRelated { #------------------------------------------------------------------- sub www_deleteRelatedConfirm { return WebGUI::Privilege::insufficient() unless ($_[0]->canEdit); - WebGUI::SQL->write("delete from Product_related where wobjectId=".$_[0]->get("wobjectId")." and relatedWobjectId=".quote($session{form}{rid})); + WebGUI::SQL->write("delete from Product_related where wobjectId=".quote($_[0]->get("wobjectId"))." and relatedWobjectId=".quote($session{form}{rid})); $_[0]->reorderCollateral("Product_related","relatedWobjectId"); return ""; } @@ -609,7 +609,7 @@ sub www_view { $var{"addFeature.url"} = WebGUI::URL::page('func=editFeature&fid=new&wid='.$_[0]->get("wobjectId")); $var{"addFeature.label"} = WebGUI::International::get(34,$_[0]->get("namespace")); $sth = WebGUI::SQL->read("select feature,Product_featureId from Product_feature where wobjectId=" - .$_[0]->get("wobjectId")." order by sequenceNumber"); + .quote($_[0]->get("wobjectId"))." order by sequenceNumber"); while (%data = $sth->hash) { $segment = deleteIcon('func=deleteFeature&wid='.$_[0]->get("wobjectId").'&fid='.$data{Product_featureId}) .editIcon('func=editFeature&wid='.$_[0]->get("wobjectId").'&fid='.$data{Product_featureId}) @@ -627,7 +627,7 @@ sub www_view { $var{"addBenefit.url"} = WebGUI::URL::page('func=editBenefit&fid=new&wid='.$_[0]->get("wobjectId")); $var{"addBenefit.label"} = WebGUI::International::get(55,$_[0]->get("namespace")); $sth = WebGUI::SQL->read("select benefit,Product_benefitId from Product_benefit where wobjectId=" - .$_[0]->get("wobjectId")." order by sequenceNumber"); + .quote($_[0]->get("wobjectId"))." order by sequenceNumber"); while (%data = $sth->hash) { $segment = deleteIcon('func=deleteBenefit&wid='.$_[0]->get("wobjectId").'&bid='.$data{Product_benefitId}) .editIcon('func=editBenefit&wid='.$_[0]->get("wobjectId").'&bid='.$data{Product_benefitId}) @@ -645,7 +645,7 @@ sub www_view { $var{"addSpecification.url"} = WebGUI::URL::page('func=editSpecification&sid=new&wid='.$_[0]->get("wobjectId")); $var{"addSpecification.label"} = WebGUI::International::get(35,$_[0]->get("namespace")); $sth = WebGUI::SQL->read("select name,value,units,Product_specificationId from Product_specification - where wobjectId=".$_[0]->get("wobjectId")." order by sequenceNumber"); + where wobjectId=".quote($_[0]->get("wobjectId"))." order by sequenceNumber"); while (%data = $sth->hash) { $segment = deleteIcon('func=deleteSpecification&wid='.$_[0]->get("wobjectId").'&sid='.$data{Product_specificationId}) .editIcon('func=editSpecification&wid='.$_[0]->get("wobjectId").'&sid='.$data{Product_specificationId}) @@ -666,7 +666,7 @@ sub www_view { $var{"addaccessory.label"} = WebGUI::International::get(36,$_[0]->get("namespace")); $sth = WebGUI::SQL->read("select wobject.title,page.urlizedTitle,Product_accessory.accessoryWobjectId from Product_accessory,wobject,page - where Product_accessory.wobjectId=".$_[0]->get("wobjectId")." + where Product_accessory.wobjectId=".quote($_[0]->get("wobjectId"))." and Product_accessory.accessoryWobjectId=wobject.wobjectId and wobject.pageId=page.pageId order by Product_accessory.sequenceNumber"); while (%data = $sth->hash) { @@ -687,7 +687,7 @@ sub www_view { $var{"addrelatedproduct.label"} = WebGUI::International::get(37,$_[0]->get("namespace")); $sth = WebGUI::SQL->read("select wobject.title,page.urlizedTitle,Product_related.relatedWobjectId from Product_related,wobject,page - where Product_related.wobjectId=".$_[0]->get("wobjectId")." + where Product_related.wobjectId=".quote($_[0]->get("wobjectId"))." and Product_related.relatedWobjectId=wobject.wobjectId and wobject.pageId=page.pageId order by Product_related.sequenceNumber"); while (%data = $sth->hash) { diff --git a/lib/WebGUI/Wobject/SiteMap.pm b/lib/WebGUI/Wobject/SiteMap.pm index 4ad008f41..fb17f0033 100644 --- a/lib/WebGUI/Wobject/SiteMap.pm +++ b/lib/WebGUI/Wobject/SiteMap.pm @@ -41,7 +41,7 @@ sub _traversePageTree { } else { $orderBy = 'sequenceNumber'; } - $sth = WebGUI::SQL->read("select urlizedTitle, menuTitle, title, pageId, synopsis from page where parentId='$parent' and hideFromNavigation = 0 order by $orderBy"); + $sth = WebGUI::SQL->read("select urlizedTitle, menuTitle, title, pageId, synopsis from page where parentId=".quote($parent)." and hideFromNavigation = 0 order by $orderBy"); while ($data = $sth->hashRef) { if (($data->{pageId}<0 || $data->{pageId}>999 || $data->{pageId}==1) && WebGUI::Page::canView($data->{pageId})) { push(@pages,{ diff --git a/lib/WebGUI/Wobject/Survey.pm b/lib/WebGUI/Wobject/Survey.pm index 8bf9e421a..aa299c0dd 100644 --- a/lib/WebGUI/Wobject/Survey.pm +++ b/lib/WebGUI/Wobject/Survey.pm @@ -184,7 +184,7 @@ sub getMenuVars { #------------------------------------------------------------------- sub getQuestionCount { my $self = shift; - my ($count) = WebGUI::SQL->quickArray("select count(*) from Survey_question where Survey_id=".$self->get("Survey_id")); + my ($count) = WebGUI::SQL->quickArray("select count(*) from Survey_question where Survey_id=".quote($self->get("Survey_id"))); return ($count < $self->getValue("questionsPerResponse")) ? $count : $self->getValue("questionsPerResponse"); } @@ -216,7 +216,7 @@ sub getQuestionsLoop { sub getQuestionResponseCount { my $self = shift; my $responseId = shift; - my ($count) = WebGUI::SQL->quickArray("select count(*) from Survey_questionResponse where Survey_responseId=".$responseId); + my ($count) = WebGUI::SQL->quickArray("select count(*) from Survey_questionResponse where Survey_responseId=".quote($responseId)); return $count; } @@ -234,7 +234,7 @@ sub getQuestionVars { }); $var{'question.comment.label'} = WebGUI::International::get(51,$self->get("namespace")); if ($question->{answerFieldType} eq "text") { - my ($answer) = WebGUI::SQL->quickArray("select Survey_answerId from Survey_answer where Survey_questionId=".$question->{Survey_questionId}); + my ($answer) = WebGUI::SQL->quickArray("select Survey_answerId from Survey_answer where Survey_questionId=".quote($question->{Survey_questionId})); $var{'question.answer.field'} = WebGUI::Form::hidden({ name=>'answerId_'.$questionId, value=>$answer @@ -243,7 +243,7 @@ sub getQuestionVars { name=>'textResponse_'.$questionId }); } else { - my $answer = WebGUI::SQL->buildHashRef("select Survey_answerId,answer from Survey_answer where Survey_questionId=".$question->{Survey_questionId}." order by sequenceNumber"); + my $answer = WebGUI::SQL->buildHashRef("select Survey_answerId,answer from Survey_answer where Survey_questionId=".quote($question->{Survey_questionId})." order by sequenceNumber"); if ($question->{randomizeAnswers}) { $answer = randomizeHash($answer); } @@ -260,10 +260,10 @@ sub getQuestionVars { sub getRandomQuestionIds { my $self = shift; my $responseId = shift; - my @usedQuestionIds = WebGUI::SQL->buildArray("select Survey_questionId from Survey_questionResponse where Survey_responseId=".$responseId); - my $where = " where Survey_id=".$self->get("Survey_id"); + my @usedQuestionIds = WebGUI::SQL->buildArray("select Survey_questionId from Survey_questionResponse where Survey_responseId=".quote($responseId)); + my $where = " where Survey_id=".quote($self->get("Survey_id")); if ($#usedQuestionIds+1 > 0) { - $where .= " and Survey_questionId not in (".join(",",@usedQuestionIds).")"; + $where .= " and Survey_questionId not in (".quoteAndJoin(\@usedQuestionIds).")"; } my @questions = WebGUI::SQL->buildArray("select Survey_questionId from Survey_question".$where); randomizeArray(\@questions); @@ -275,7 +275,7 @@ sub getResponseCount { my $self = shift; my $ipAddress = $self->getIp; my $userId = $self->getUserId; - my ($count) = WebGUI::SQL->quickArray("select count(*) from Survey_response where Survey_id=".$self->get("Survey_id")." and + my ($count) = WebGUI::SQL->quickArray("select count(*) from Survey_response where Survey_id=".quote($self->get("Survey_id"))." and ((userId<>1 and userId=".quote($userId).") or ( userId=1 and ipAddress=".quote($ipAddress)."))"); return $count; } @@ -286,22 +286,22 @@ sub getResponseDrivenQuestionIds { my $self = shift; my $responseId = shift; my $previousResponse = WebGUI::SQL->quickHashRef("select Survey_questionId, Survey_answerId from Survey_questionResponse - where Survey_responseId=$responseId order by dateOfResponse desc"); + where Survey_responseId=".quote($responseId)." order by dateOfResponse desc"); my $questionId; my @questions; if ($previousResponse->{Survey_answerId}) { ($questionId) = WebGUI::SQL->quickArray("select gotoQuestion from Survey_answer where - Survey_answerId=".$previousResponse->{Survey_answerId}); + Survey_answerId=".quote($previousResponse->{Survey_answerId})); unless ($questionId > 0) { ($questionId) = WebGUI::SQL->quickArray("select gotoQuestion from Survey_question where - Survey_questionId=".$previousResponse->{Survey_questionId}); + Survey_questionId=".quote($previousResponse->{Survey_questionId})); } unless ($questionId > 0) { # terminate survey $self->completeResponse($responseId); return (); } } else { - ($questionId) = WebGUI::SQL->quickArray("select Survey_questionId from Survey_question where Survey_id=".$self->getValue("Survey_id")." + ($questionId) = WebGUI::SQL->quickArray("select Survey_questionId from Survey_question where Survey_id=".quote($self->getValue("Survey_id"))." order by sequenceNumber"); } push(@questions,$questionId); @@ -325,10 +325,10 @@ sub getResponseIdString { sub getSequentialQuestionIds { my $self = shift; my $responseId = shift; - my @usedQuestionIds = WebGUI::SQL->buildArray("select Survey_questionId from Survey_questionResponse where Survey_responseId=".$responseId); - my $where = " where Survey_id=".$self->get("Survey_id"); + my @usedQuestionIds = WebGUI::SQL->buildArray("select Survey_questionId from Survey_questionResponse where Survey_responseId=".quote($responseId)); + my $where = " where Survey_id=".quote($self->get("Survey_id")); if ($#usedQuestionIds+1 > 0) { - $where .= " and Survey_questionId not in (".join(",",@usedQuestionIds).")"; + $where .= " and Survey_questionId not in (".quoteAndJoin(\@usedQuestionIds).")"; } my @questions = WebGUI::SQL->buildArray("select Survey_questionId from Survey_question $where order by sequenceNumber"); return @questions; @@ -396,11 +396,11 @@ sub new { #------------------------------------------------------------------- sub purge { - my ($count) = WebGUI::SQL->quickArray("select count(*) from Survey where Survey_id=".$_[0]->get("Survey_id")); + my ($count) = WebGUI::SQL->quickArray("select count(*) from Survey where Survey_id=".quote($_[0]->get("Survey_id"))); if ($count < 2) { ### Check for other wobjects using this survey. - WebGUI::SQL->write("delete from Survey_question where Survey_id=".$_[0]->get("Survey_id")); - WebGUI::SQL->write("delete from Survey_answer where Survey_id=".$_[0]->get("Survey_id")); - WebGUI::SQL->write("delete from Survey_response where Survey_id=".$_[0]->get("Survey_id")); + WebGUI::SQL->write("delete from Survey_question where Survey_id=".quote($_[0]->get("Survey_id"))); + WebGUI::SQL->write("delete from Survey_answer where Survey_id=".quote($_[0]->get("Survey_id"))); + WebGUI::SQL->write("delete from Survey_response where Survey_id=".quote($_[0]->get("Survey_id"))); } $_[0]->SUPER::purge(); } @@ -488,8 +488,8 @@ sub www_deleteAllResponses { #------------------------------------------------------------------- sub www_deleteAllResponsesConfirm { return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports"))); - WebGUI::SQL->write("delete from Survey_response where Survey_id=".$_[0]->get("Survey_id")); - WebGUI::SQL->write("delete from Survey_questionResponse where Survey_id=".$_[0]->get("Survey_id")); + WebGUI::SQL->write("delete from Survey_response where Survey_id=".quote($_[0]->get("Survey_id"))); + WebGUI::SQL->write("delete from Survey_questionResponse where Survey_id=".quote($_[0]->get("Survey_id"))); return ""; } @@ -608,7 +608,7 @@ sub www_editAnswer { } if ($_[0]->get("questionOrder") eq "response") { $question = WebGUI::SQL->buildHashRef("select Survey_questionId,question - from Survey_question where Survey_id=".$_[0]->get("Survey_id")." order by sequenceNumber"); + from Survey_question where Survey_id=".quote($_[0]->get("Survey_id"))." order by sequenceNumber"); $question = { ('-1' => WebGUI::International::get(82,$_[0]->get("namespace")),%$question) }; $f->select( -name=>"gotoQuestion", @@ -689,7 +689,7 @@ sub www_editQuestion { ); if ($_[0]->get("questionOrder") eq "response") { my $ql = WebGUI::SQL->buildHashRef("select Survey_questionId,question - from Survey_question where Survey_id=".$_[0]->get("Survey_id")." order by sequenceNumber"); + from Survey_question where Survey_id=".quote($_[0]->get("Survey_id"))." order by sequenceNumber"); $ql = { ('-1' => WebGUI::International::get(82,$_[0]->get("namespace")),%$ql) }; $f->select( -name=>"gotoQuestion", @@ -721,7 +721,7 @@ sub www_editQuestion { $output .= '{Survey_questionId}).'">'.WebGUI::International::get(23,$_[0]->get("namespace")).'

'; $sth = WebGUI::SQL->read("select Survey_answerId,answer from Survey_answer - where Survey_questionId=".$question->{Survey_questionId}." order by sequenceNumber"); + where Survey_questionId=".quote($question->{Survey_questionId})." order by sequenceNumber"); while (%data = $sth->hash) { $output .= deleteIcon('func=deleteAnswer&wid='.$_[0]->get("wobjectId") .'&qid='.$question->{Survey_questionId}.'&aid='.$data{Survey_answerId}) @@ -784,7 +784,7 @@ sub www_editQuestionSave { sub www_exportAnswers { return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports"))); WebGUI::HTTP::setFilename(WebGUI::URL::escape($_[0]->get("title")."_answers.tab"),"text/tab"); - return WebGUI::SQL->quickTab("select * from Survey_answer where Survey_id=".$_[0]->get("Survey_id")); + return WebGUI::SQL->quickTab("select * from Survey_answer where Survey_id=".quote($_[0]->get("Survey_id"))); } #------------------------------------------------------------------- @@ -794,21 +794,21 @@ sub www_exportComposite { return WebGUI::SQL->quickTab("select b.question, c.response, a.userId, a.username, a.ipAddress, c.comment, c.dateOfResponse from Survey_response a left join Survey_questionResponse c on a.Survey_responseId=c.Survey_responseId left join Survey_question b on c.Survey_questionId=b.Survey_questionId - where a.Survey_id=".$_[0]->get("Survey_id")." order by a.userId, a.ipAddress, b.sequenceNumber"); + where a.Survey_id=".quote($_[0]->get("Survey_id"))." order by a.userId, a.ipAddress, b.sequenceNumber"); } #------------------------------------------------------------------- sub www_exportQuestions { return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports"))); WebGUI::HTTP::setFilename(WebGUI::URL::escape($_[0]->get("title")."_questions.tab"),"text/tab"); - return WebGUI::SQL->quickTab("select * from Survey_question where Survey_id=".$_[0]->get("Survey_id")); + return WebGUI::SQL->quickTab("select * from Survey_question where Survey_id=".quote($_[0]->get("Survey_id"))); } #------------------------------------------------------------------- sub www_exportResponses { return "" unless (WebGUI::Grouping::isInGroup($_[0]->get("groupToViewReports"))); WebGUI::HTTP::setFilename(WebGUI::URL::escape($_[0]->get("title")."_responses.tab"),"text/tab"); - return WebGUI::SQL->quickTab("select * from Survey_response where Survey_id=".$_[0]->get("Survey_id")); + return WebGUI::SQL->quickTab("select * from Survey_response where Survey_id=".quote($_[0]->get("Survey_id"))); } #------------------------------------------------------------------- @@ -850,9 +850,9 @@ sub www_respond { if ($key =~ /answerId_(\d+)/) { my $id = $1; my ($previousResponse) = WebGUI::SQL->quickArray("select count(*) from Survey_questionResponse - where Survey_answerId=".$session{form}{"answerId_".$id}." and Survey_responseId=".$session{scratch}{$varname}); + where Survey_answerId=".quote($session{form}{"answerId_".$id})." and Survey_responseId=".quote($session{scratch}{$varname})); next if ($previousResponse); - my $answer = $self->getCollateral("Survey_answer","Survey_answerId",$session{form}{"answerId_".$id}); + my $answer = $self->getCollateral("Survey_answer","Survey_answerId",quote($session{form}{"answerId_".$id})); my $response = $session{form}{"textResponse_".$id} || $answer->{answer}; WebGUI::SQL->write("insert into Survey_questionResponse (Survey_answerId,Survey_questionId,Survey_responseId,Survey_id,comment,response,dateOfResponse) values ( ".quote($answer->{Survey_answerId}).", ".quote($answer->{Survey_questionId}).", ".quote($session{scratch}{$varname}).", ".quote($answer->{Survey_id}).", @@ -879,7 +879,7 @@ sub www_view { $var->{'question.add.url'} = WebGUI::URL::page('wid='.$self->get("wobjectId").'&func=editQuestion&qid=new'); $var->{'question.add.label'} = WebGUI::International::get(30,$self->get("namespace")); my @edit; - my $sth = WebGUI::SQL->read("select Survey_questionId,question from Survey_question where Survey_id=".$self->get("Survey_id")." order by sequenceNumber"); + my $sth = WebGUI::SQL->read("select Survey_questionId,question from Survey_question where Survey_id=".quote($self->get("Survey_id"))." order by sequenceNumber"); while (my %data = $sth->hash) { push(@edit,{ 'question.edit.controls'=>deleteIcon('func=deleteQuestion&wid='.$self->get("wobjectId").'&qid='.$data{Survey_questionId}) @@ -904,7 +904,7 @@ sub www_view { if ($var->{'response.Id'}) { $var->{'questions.soFar.count'} = $self->getQuestionResponseCount($var->{'response.Id'}); ($var->{'questions.correct.count'}) = WebGUI::SQL->quickArray("select count(*) from Survey_questionResponse a, Survey_answer b where a.Survey_responseId=" - .$var->{'response.Id'}." and a.Survey_answerId=b.Survey_answerId and b.isCorrect=1"); + .quote($var->{'response.Id'})." and a.Survey_answerId=b.Survey_answerId and b.isCorrect=1"); if ($var->{'questions.soFar.count'} > 0) { $var->{'questions.correct.percent'} = round(($var->{'questions.correct.count'}/$var->{'questions.soFar.count'})*100) } @@ -950,7 +950,7 @@ sub www_viewGradebook { $p->setDataByQuery("select userId,username,ipAddress,Survey_responseId,startDate,endDate from Survey_response where isComplete=1 and Survey_id=".$self->get("Survey_id")." order by username,ipAddress,startDate"); my $users = $p->getPageData; - ($var->{'question.count'}) = WebGUI::SQL->quickArray("select count(*) from Survey_question where Survey_id=".$self->get("Survey_id")); + ($var->{'question.count'}) = WebGUI::SQL->quickArray("select count(*) from Survey_question where Survey_id=".quote($self->get("Survey_id"))); if ($var->{'question.count'} > $self->get("questionsPerResponse")) { $var->{'question.count'} = $self->get("questionsPerResponse"); } @@ -960,7 +960,7 @@ sub www_viewGradebook { my @responseloop; foreach my $user (@$users) { my ($correctCount) = WebGUI::SQL->quickArray("select count(*) from Survey_questionResponse a left join - Survey_answer b on a.Survey_answerId=b.Survey_answerId where a.Survey_responseId=".$user->{Survey_responseId} + Survey_answer b on a.Survey_answerId=b.Survey_answerId where a.Survey_responseId=".quote($user->{Survey_responseId}) ." and b.isCorrect=1"); push(@responseloop, { 'response.url'=>WebGUI::URL::page('func=viewIndividualSurvey&wid='.$self->get("wobjectId") @@ -1003,14 +1003,14 @@ sub www_viewIndividualSurvey { $var->{'response.label'} = WebGUI::International::get(66,$self->get("namespace")); $var->{'comment.label'} = WebGUI::International::get(57,$self->get("namespace")); my $a = WebGUI::SQL->read("select Survey_questionId,question,answerFieldType from Survey_question - where Survey_id=".$self->get("Survey_id")." order by sequenceNumber"); + where Survey_id=".quote($self->get("Survey_id"))." order by sequenceNumber"); my @questionloop; while (my $qdata = $a->hashRef) { my @aid; my @answer; if ($qdata->{answerFieldType} eq "radioList") { my $sth = WebGUI::SQL->read("select Survey_answerId,answer from Survey_answer - where Survey_questionId=".$qdata->{Survey_questionId}." and isCorrect=1 order by sequenceNumber"); + where Survey_questionId=".quote($qdata->{Survey_questionId})." and isCorrect=1 order by sequenceNumber"); while (my $adata = $sth->hashRef) { push(@aid,$adata->{Survey_answerId}); push(@answer,$adata->{answer}); @@ -1018,7 +1018,7 @@ sub www_viewIndividualSurvey { $sth->finish; } my $rdata = WebGUI::SQL->quickHashRef("select Survey_answerId,response,comment from Survey_questionResponse - where Survey_questionId=".$qdata->{Survey_questionId}." and Survey_responseId=".$session{form}{responseId}); + where Survey_questionId=".quote($qdata->{Survey_questionId})." and Survey_responseId=".quote($session{form}{responseId})); push(@questionloop,{ question => $qdata->{question}, 'question.id'=>$qdata->{Survey_questionId}, @@ -1053,12 +1053,12 @@ sub www_viewStatisticalOverview { $var->{'show.comments.label'} = WebGUI::International::get(56,$self->get("namespace")); foreach my $question (@$questions) { my @answerloop; - my ($totalResponses) = WebGUI::SQL->quickArray("select count(*) from Survey_questionResponse where Survey_questionId=".$question->{Survey_questionId}); + my ($totalResponses) = WebGUI::SQL->quickArray("select count(*) from Survey_questionResponse where Survey_questionId=".quote($question->{Survey_questionId})); if ($question->{answerFieldType} eq "radioList") { my $sth = WebGUI::SQL->read("select Survey_answerId,answer,isCorrect from Survey_answer where - Survey_questionId=".$question->{Survey_questionId}." order by sequenceNumber"); + Survey_questionId=".quote($question->{Survey_questionId})." order by sequenceNumber"); while (my $answer = $sth->hashRef) { - my ($numResponses) = WebGUI::SQL->quickArray("select count(*) from Survey_questionResponse where Survey_answerId=".$answer->{Survey_answerId}); + my ($numResponses) = WebGUI::SQL->quickArray("select count(*) from Survey_questionResponse where Survey_answerId=".quote($answer->{Survey_answerId})); my $responsePercent; if ($totalResponses) { $responsePercent = round(($numResponses/$totalResponses)*100); @@ -1066,7 +1066,7 @@ sub www_viewStatisticalOverview { $responsePercent = 0; } my @commentloop; - my $sth2 = WebGUI::SQL->read("select comment from Survey_questionResponse where Survey_answerId=".$answer->{Survey_answerId}); + my $sth2 = WebGUI::SQL->read("select comment from Survey_questionResponse where Survey_answerId=".quote($answer->{Survey_answerId})); while (my ($comment) = $sth2->array) { push(@commentloop,{ 'answer.comment'=>$comment @@ -1083,7 +1083,7 @@ sub www_viewStatisticalOverview { } $sth->finish; } else { - my $sth = WebGUI::SQL->read("select response,comment from Survey_questionResponse where Survey_questionId=".$question->{Survey_questionId}); + my $sth = WebGUI::SQL->read("select response,comment from Survey_questionResponse where Survey_questionId=".quote($question->{Survey_questionId})); while (my $response = $sth->hashRef) { push(@answerloop,{ 'answer.response'=>$response->{response}, diff --git a/lib/WebGUI/Wobject/SyndicatedContent.pm b/lib/WebGUI/Wobject/SyndicatedContent.pm index 1f26fdf09..446b2af41 100644 --- a/lib/WebGUI/Wobject/SyndicatedContent.pm +++ b/lib/WebGUI/Wobject/SyndicatedContent.pm @@ -22,7 +22,6 @@ use WebGUI::Icon; use WebGUI::International; use WebGUI::Privilege; use WebGUI::Session; -use WebGUI::SQL; use WebGUI::Wobject; use XML::RSSLite; use LWP::UserAgent; diff --git a/lib/WebGUI/Wobject/WobjectProxy.pm b/lib/WebGUI/Wobject/WobjectProxy.pm index 41e0e3524..d30035097 100644 --- a/lib/WebGUI/Wobject/WobjectProxy.pm +++ b/lib/WebGUI/Wobject/WobjectProxy.pm @@ -119,7 +119,7 @@ sub www_edit { -label=>WebGUI::International::get(10,$_[0]->get("namespace")) ); my @data = WebGUI::SQL->quickArray("select page.urlizedTitle,wobject.title from wobject left join page on wobject.pageId=page.pageId - where wobject.wobjectId=".$_[0]->get("proxiedWobjectId")); + where wobject.wobjectId=".quote($_[0]->get("proxiedWobjectId"))); $properties->readOnly( -label=>WebGUI::International::get(1,$_[0]->get("namespace")), -value=>''.$data[1].' ('.$_[0]->get("proxiedWobjectId").')'