Homec4science
Diffusion Phabricator 9dc114d1159a

Make formatOrderClause() safer
9dc114d1159a
Actions

Authored by epriestley <git@epriestley.com> on Apr 11 2015, 18:06.

Description

Make formatOrderClause() safer

Summary:
Ref T7803. Instead of trusting subqueries to provide safe values, escape them explicitly.

(We'll probably have a few cases somewhere where this doesn't work, but can make them the exception rather than the rule.)

Test Plan: Issued all "order" queries in Diffusion.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7803

Differential Revision: https://secure.phabricator.com/D12351

Details

Committed
epriestley <git@epriestley.com>Apr 13 2015, 20:58
Pushed
aubortJan 31 2017, 17:16
Parents
rPHe5ff344d0d72: Conpherence - us JX.Scrollbar in main conpherence view
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH9dc114d1159a: Make formatOrderClause() safer (authored by epriestley <git@epriestley.com>).Apr 13 2015, 20:58

Changes (2)

Path
Msrc/applications/repository/query/PhabricatorRepositoryQuery.php
Msrc/infrastructure/query/policy/PhabricatorCursorPagedPolicyAwareQuery.php

rPH9dc114d1159a

View Options

src/applications/repository/query/PhabricatorRepositoryQuery.php

Loading...
View Options

src/infrastructure/query/policy/PhabricatorCursorPagedPolicyAwareQuery.php

Loading...
c4science ยท Help