Fixed bug #12220: String literals quoted as identifiers
authorXavier Perseguers <typo3@perseguers.ch>
Sun, 21 Feb 2010 12:32:59 +0000 (12:32 +0000)
committerXavier Perseguers <typo3@perseguers.ch>
Sun, 21 Feb 2010 12:32:59 +0000 (12:32 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@6927 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_loaddbgroup.php

index fd09b9c..34821fd 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-02-21  Xavier Perseguers  <typo3@perseguers.ch>
+
+       * Fixed bug #12220: String literals quoted as identifiers
+
 2010-02-21  Benjamin Mack  <benni@typo3.org>
 
        * Followup to #7501: Remove Static-Templates from standard installation (Update class was declared twice, thanks to Susanne Moog)
index 1ed2245..7305dc4 100644 (file)
@@ -283,9 +283,9 @@ class t3lib_loadDBGroup     {
                        $sorting_field = 'sorting_foreign';
 
                        if ($this->MM_isMultiTableRelationship) {
-                               $additionalWhere .= ' AND ( tablenames="'.$this->currentTable.'"';
+                               $additionalWhere .= ' AND ( tablenames=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($this->currentTable, $tableName);
                                if ($this->currentTable == $this->MM_isMultiTableRelationship)  {       // be backwards compatible! When allowing more than one table after having previously allowed only one table, this case applies.
-                                       $additionalWhere .= ' OR tablenames=""';
+                                       $additionalWhere .= ' OR tablenames=\'\'';
                                }
                                $additionalWhere .= ' ) ';
                        }
@@ -353,7 +353,7 @@ class t3lib_loadDBGroup     {
 
                        $additionalWhere_tablenames = '';
                        if ($this->MM_is_foreign && $prep)      {
-                               $additionalWhere_tablenames = ' AND tablenames="'.$this->currentTable.'"';
+                               $additionalWhere_tablenames = ' AND tablenames=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($this->currentTable, $MM_tableName);
                        }
 
                        $additionalWhere = '';
@@ -411,7 +411,7 @@ class t3lib_loadDBGroup     {
                                        $whereClause = $uidLocal_field.'='.$uid.' AND '.$uidForeign_field.'='.$val['id'].
                                                                        ($this->MM_hasUidField ? ' AND uid='.intval($oldMMs_inclUid[$oldMMs_index][2]) : '');   // In principle, selecting on the UID is all we need to do if a uid field is available since that is unique! But as long as it "doesn't hurt" we just add it to the where clause. It should all match up.
                                        if ($tablename) {
-                                               $whereClause .= ' AND tablenames="'.$tablename.'"';
+                                               $whereClause .= ' AND tablenames=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($tablename, $MM_tableName);
                                        }
                                        $GLOBALS['TYPO3_DB']->exec_UPDATEquery($MM_tableName, $whereClause.$additionalWhere, array($sorting_field => $c));
 
@@ -445,7 +445,7 @@ class t3lib_loadDBGroup     {
                                                $elDelete = $oldMMs_inclUid[$oldMM_key];
                                        } else {
                                                if(is_array($mmItem)) {
-                                                       $removeClauses[] = 'tablenames="'.$mmItem[0].'" AND '.$uidForeign_field.'='.$mmItem[1];
+                                                       $removeClauses[] = 'tablenames=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($mmItem[0], $MM_tableName) . ' AND ' . $uidForeign_field . '=' . $mmItem[1];
                                                } else {
                                                        $removeClauses[] = $uidForeign_field.'='.$mmItem;
                                                }
@@ -498,7 +498,7 @@ class t3lib_loadDBGroup     {
 
                        $additionalWhere_tablenames = '';
                        if ($this->MM_is_foreign && $prep)      {
-                               $additionalWhere_tablenames = ' AND tablenames="'.$this->currentTable.'"';
+                               $additionalWhere_tablenames = ' AND tablenames=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($this->currentTable, $MM_tableName);
                        }
 
                        $additionalWhere = '';