new wrapper for LIKE expressions to streamline the fixes. We actually need to adjust them for different DBMS as well as SQLite2 not supporting escaping characters in LIKE statements (which is a reason why we think about dropping sqlite support completely).

git-svn-id: file:///svn/phpbb/trunk@7788 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-08-16 21:54:00 +02:00 · 2007-06-23 12:16:20 +00:00
parent 1e2db705ca
commit 318418b0f2
18 changed files with 97 additions and 82 deletions
--- a/phpBB/includes/acp/acp_permission_roles.php
+++ b/phpBB/includes/acp/acp_permission_roles.php
@@ -239,7 +239,7 @@ class acp_permission_roles
 				{
 					$sql = 'SELECT auth_option_id, auth_option
 						FROM ' . ACL_OPTIONS_TABLE . "
-						WHERE auth_option LIKE '{$permission_type}%'
+						WHERE auth_option " . $db->sql_like_expression($permission_type . '%') . "
 							AND auth_option <> '{$permission_type}'
 						ORDER BY auth_option_id";
 					$result = $db->sql_query($sql);
@@ -305,7 +305,7 @@ class acp_permission_roles
 				// We need to fill the auth options array with ACL_NO options ;)
 				$sql = 'SELECT auth_option_id, auth_option
 					FROM ' . ACL_OPTIONS_TABLE . "
-					WHERE auth_option LIKE '{$permission_type}%'
+					WHERE auth_option " . $db->sql_like_expression($permission_type . '%') . "
 						AND auth_option <> '{$permission_type}'
 					ORDER BY auth_option_id";
 				$result = $db->sql_query($sql);
@@ -490,7 +490,7 @@ class acp_permission_roles
 		// Get complete auth array
 		$sql = 'SELECT auth_option, auth_option_id
 			FROM ' . ACL_OPTIONS_TABLE . "
-			WHERE auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
+			WHERE auth_option " . $db->sql_like_expression($permission_type . '%');
 		$result = $db->sql_query($sql);

 		$auth_settings = array();
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -1069,8 +1069,8 @@ class acp_permissions
 		global $db, $user;

 		$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');
-		$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
-
+		$sql_permission_option = ' AND o.auth_option ' . $db->sql_like_expression($permission_type . '%');
+		
 		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
 			'SELECT'	=> 'u.username, u.username_clean, u.user_regdate, u.user_id',

--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@@ -393,8 +393,8 @@ class acp_prune
 			$sort_by_types = array('username', 'user_email', 'user_posts', 'user_regdate', 'user_lastvisit');

 			$where_sql = '';
-			$where_sql .= ($username) ? " AND username_clean LIKE '" . $db->sql_escape(str_replace('*', '%', utf8_clean_string($username))) . "'" : '';
-			$where_sql .= ($email) ? " AND user_email LIKE '" . $db->sql_escape(str_replace('*', '%', $email)) . "' " : '';
+			$where_sql .= ($username) ? ' AND username_clean ' . $db->sql_like_expression(str_replace('*', '%', utf8_clean_string($username))) : '';
+			$where_sql .= ($email) ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', '%', $email)) . ' ' : '';
 			$where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : '';
 			$where_sql .= ($count !== '') ? " AND user_posts " . $key_match[$count_select] . ' ' . (int) $count . ' ' : '';
 			$where_sql .= (sizeof($active)) ? " AND user_lastvisit " . $key_match[$active_select] . " " . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) : '';
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -1830,15 +1830,9 @@ class acp_users
 				{
 					// Select auth options
 					$sql = 'SELECT auth_option, is_local, is_global
-						FROM ' . ACL_OPTIONS_TABLE . "
-						WHERE auth_option LIKE '%" . $db->sql_escape('\_') . "'";
-
-					if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc')
-					{
-						$sql .= " ESCAPE '\\' ";
-					}
-
-					$sql .= 'AND is_global = 1
+						FROM ' . ACL_OPTIONS_TABLE . '
+						WHERE auth_option ' . $db->sql_like_expression('%_') . '
+							AND is_global = 1
 						ORDER BY auth_option';
 					$result = $db->sql_query($sql);

@@ -1857,15 +1851,9 @@ class acp_users
 				{
 					$sql = 'SELECT auth_option, is_local, is_global
 						FROM ' . ACL_OPTIONS_TABLE . "
-						WHERE auth_option LIKE '%" . $db->sql_escape('\_') . "'";
-
-					if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc')
-					{
-						$sql .= " ESCAPE '\\' ";
-					}
-
-					$sql .= 'AND is_local = 1
-						ORDER BY is_global DESC, auth_option';
+						WHERE auth_option " . $db->sql_like_expression('%_') . "
+							AND is_local = 1
+						ORDER BY is_global DESC, auth_option";
 					$result = $db->sql_query($sql);

 					while ($row = $db->sql_fetchrow($result))
--- a/phpBB/includes/acp/auth.php
+++ b/phpBB/includes/acp/auth.php
@@ -966,20 +966,9 @@ class auth_admin extends auth
 		if ($permission_type !== false)
 		{
 			// Get permission type
-			if ($db->sql_layer == 'sqlite')
-			{
-				$sql = 'SELECT auth_option, auth_option_id
-					FROM ' . ACL_OPTIONS_TABLE . "
-					WHERE auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
-			}
-			else
-			{
-				$sql = 'SELECT auth_option, auth_option_id
-					FROM ' . ACL_OPTIONS_TABLE . "
-					WHERE auth_option LIKE '" . $db->sql_escape(str_replace('_', "\_", $permission_type)) . "%'";
-				$sql .= ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') ? " ESCAPE '\\'" : '';
-			}
-
+			$sql = 'SELECT auth_option, auth_option_id
+				FROM ' . ACL_OPTIONS_TABLE . "
+				WHERE auth_option " . $db->sql_like_expression($permission_type . '%');
 			$result = $db->sql_query($sql);

 			$auth_id_ary = array();