- DibiTranslator: fixed strange security bug! (thanks to Matej Kravjar)

2025-08-04 21:28:02 +02:00 · 2009-06-02 09:05:13 +00:00
parent 43c7e70e90
commit 1e08a91e66
1 changed files with 3 additions and 3 deletions
--- a/dibi/libs/DibiTranslator.php
+++ b/dibi/libs/DibiTranslator.php
@@ -251,7 +251,7 @@ final class DibiTranslator extends DibiObject
 				foreach ($value as $k => $v) {
 					$pair = explode('%', $k, 2); // split into identifier & modifier
 					$vx[] = $this->delimite($pair[0]) . '='
-						. $this->formatValue($v, isset($pair[1]) ? $pair[1] : is_array($v) ? 'ex' : FALSE);
+						. $this->formatValue($v, isset($pair[1]) ? $pair[1] : (is_array($v) ? 'ex' : FALSE));
 				}
 				return implode(', ', $vx);

@@ -259,7 +259,7 @@ final class DibiTranslator extends DibiObject
 			case 'l': // (val, val, ...)
 				foreach ($value as $k => $v) {
 					$pair = explode('%', $k, 2); // split into identifier & modifier
-					$vx[] = $this->formatValue($v, isset($pair[1]) ? $pair[1] : is_array($v) ? 'ex' : FALSE);
+					$vx[] = $this->formatValue($v, isset($pair[1]) ? $pair[1] : (is_array($v) ? 'ex' : FALSE));
 				}
 				return '(' . ($vx ? implode(', ', $vx) : 'NULL') . ')';

@@ -268,7 +268,7 @@ final class DibiTranslator extends DibiObject
 				foreach ($value as $k => $v) {
 					$pair = explode('%', $k, 2); // split into identifier & modifier
 					$kx[] = $this->delimite($pair[0]);
-					$vx[] = $this->formatValue($v, isset($pair[1]) ? $pair[1] : is_array($v) ? 'ex' : FALSE);
+					$vx[] = $this->formatValue($v, isset($pair[1]) ? $pair[1] : (is_array($v) ? 'ex' : FALSE));
 				}
 				return '(' . implode(', ', $kx) . ') VALUES (' . implode(', ', $vx) . ')';